PT-2017-16951 · Ruckus Wireless · Ruckus Wireless Zone Director Controller

Published

2017-10-13

Updated

2017-10-27

CVE-2017-6223

CVSS v2.0

9.3

High

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Ruckus Wireless Zone Director Controller firmware releases ZD9.9.x through ZD9.10.x Ruckus Wireless Zone Director Controller firmware releases ZD9.13.0.x less than 9.13.0.0.232

Description The issue concerns OS Command Injection vulnerabilities in the ping functionality. This could allow local authenticated users to execute arbitrary privileged commands on the underlying operating system.

Recommendations For ZD9.9.x through ZD9.10.x, update to a version outside of this range to resolve the issue. For ZD9.13.0.x, update to version 9.13.0.0.232 or later to resolve the issue. As a temporary workaround, consider restricting access to the ping functionality until a patch is available.

Fix

OS Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-78

Related Identifiers

CVE-2017-6223

Affected Products

Ruckus Wireless Zone Director Controller

PT-2017-16951 · Ruckus Wireless · Ruckus Wireless Zone Director Controller

CVE-2017-6223

Weakness Enumeration

Related Identifiers

Affected Products

References · 3