CVE-2017-6224

Name of the Vulnerable Software and Affected Versions Ruckus Wireless Zone Director Controller firmware versions ZD9.x through ZD10.0.1.x (less than 10.0.1.0.17 MR1 release) Ruckus Wireless Unleashed AP Firmware versions 200.0.x through 200.4.x

Description The issue allows local authenticated users to execute arbitrary privileged commands on the underlying operating system. This is achieved by appending commands in the Common Name field in the Certificate Generation Request.

Recommendations For Ruckus Wireless Zone Director Controller firmware versions ZD9.x through ZD10.0.1.x (less than 10.0.1.0.17 MR1 release), update to version 10.0.1.0.17 MR1 release or later. For Ruckus Wireless Unleashed AP Firmware versions 200.0.x through 200.4.x, update to a version later than 200.4.x. As a temporary workaround, consider restricting access to the Certificate Generation Request feature until a patch is available.