This vulnerability could allow for arbitrary code execution. Certain services and applications allow remote unauthenticated attackers to provide environment variables, allowing them to exploit this issue.
All supported versions of the AppGate Security Server are not exploitable through BASH code injection. Remotely accessible applications and services running on the AppGate Security Server itself do not use the BASH shell to execute commands.
However, the AppGate does include the vulnerable version of BASH in all releases up to 10.2.3. The only way to attempt to exploit this is with access to the admin role and related terminal access which gives full administrative control anyway so the system is no more or less vulnerable with this version of BASH.
BASH is in fact not used in the AppGate so is likely to be removed completely in the next release after 10.2.3
SEP products are not affected by this vulnerability.