An unknown number of devices may contain the Bash flaw, including Web servers, Unix and Mac OS X systems. Security experts have been scrambling to understand the full extent of the vulnerability, and the risks it may pose. The National Institute of Standards and Technology initially assigned the vulnerability the designation CVE-2014-6271, rating the remotely exploitable flaw as a “10” on its 10-point severity scale. Bash, however, has been around since 1989, and may also be present in outdated, unsupported software that’s still used in enterprise environments.”]
Source: https://www.cuinfosecurity.com/bash-bug-bigger-than-heartbleed-a-7359