CVE-2020-22660

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions Ruckus R310 version 10.5.1.0.199 Ruckus R500 version 10.5.1.0.199 Ruckus R600 version 10.5.1.0.199 Ruckus T300 version 10.5.1.0.199 Ruckus T301n version 10.5.1.0.199 Ruckus T301s version 10.5.1.0.199 SmartCell Gateway 200 (SCG200) versions prior to 3.6.2.0.795 SmartZone 100 (SZ-100) versions prior to 3.6.2.0.795 SmartZone 300 (SZ300) versions prior to 3.6.2.0.795 Virtual SmartZone (vSZ) versions prior to 3.6.2.0.795 ZoneDirector 1100 version 9.10.2.0.130 ZoneDirector 1200 version 10.2.1.0.218 ZoneDirector 3000 version 10.2.1.0.218 ZoneDirector 5000 version 10.0.1.0.151

Description A vulnerability allows attackers to force bypass Secure Boot failed attempts and run temporarily the previous Backup image.

Recommendations For Ruckus R310 version 10.5.1.0.199, update to a version later than 10.5.1.0.199. For Ruckus R500 version 10.5.1.0.199, update to a version later than 10.5.1.0.199. For Ruckus R600 version 10.5.1.0.199, update to a version later than 10.5.1.0.199. For Ruckus T300 version 10.5.1.0.199, update to a version later than 10.5.1.0.199. For Ruckus T301n version 10.5.1.0.199, update to a version later than 10.5.1.0.199. For Ruckus T301s version 10.5.1.0.199, update to a version later than 10.5.1.0.199. For SmartCell Gateway 200 (SCG200) versions prior to 3.6.2.0.795, update to version 3.6.2.0.795 or later. For SmartZone 100 (SZ-100) versions prior to 3.6.2.0.795, update to version 3.6.2.0.795 or later. For SmartZone 300 (SZ300) versions prior to 3.6.2.0.795, update to version 3.6.2.0.795 or later. For Virtual SmartZone (vSZ) versions prior to 3.6.2.0.795, update to version 3.6.2.0.795 or later. For ZoneDirector 1100 version 9.10.2.0.130, update to a version later than 9.10.2.0.130. For ZoneDirector 1200 version 10.2.1.0.218, update to a version later than 10.2.1.0.218. For ZoneDirector 3000 version 10.2.1.0.218, update to a version later than 10.2.1.0.218. For ZoneDirector 5000 version 10.0.1.0.151, update to a version later than 10.0.1.0.151.

Fix

Authentication Bypass by Spoofing

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-290

Related Identifiers

CVE-2020-22660

Affected Products

Ruckus R310

Ruckus R500

Ruckus R600

Ruckus T300

Ruckus T301S

Smartcell Gateway 200

Smartzone 100

Smartzone 300

Virtual Smartzone

Zonedirector 1100

Zonedirector 1200

Zonedirector 3000

Zonedirector 5000

CVE-2020-22660

Weakness Enumeration

Related Identifiers

Affected Products

References · 6