Vulnerability Description
Ruckus Wireless Zone Director Controller firmware releases ZD9.x, ZD10.0.0.x, ZD10.0.1.x (less than 10.0.1.0.17 MR1 release) and Ruckus Wireless Unleashed AP Firmware releases 200.0.x, 200.1.x, 200.2.x, 200.3.x, 200.4.x. contain OS Command Injection vulnerabilities that could allow local authenticated users to execute arbitrary privileged commands on the underlying operating system by appending those commands in the Common Name field in the Certificate Generation Request.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ruckuswireless | Zonedirector Firmware | zd9.9.0.0.205 |
| Ruckuswireless | Zonedirector | - |
| Ruckuswireless | Unleashed Firmware | 200.1 |
| Ruckuswireless | Unleashed | - |
Related Weaknesses (CWE)
References
- https://ruckus-www.s3.amazonaws.com/pdf/security/faq-security-advisory-id-092917Third Party Advisory
- https://ruckus-www.s3.amazonaws.com/pdf/security/faq-security-advisory-id-092917Third Party Advisory
FAQ
What is CVE-2017-6224?
CVE-2017-6224 is a vulnerability with a CVSS score of 8.8 (HIGH). Ruckus Wireless Zone Director Controller firmware releases ZD9.x, ZD10.0.0.x, ZD10.0.1.x (less than 10.0.1.0.17 MR1 release) and Ruckus Wireless Unleashed AP Firmware releases 200.0.x, 200.1.x, 200.2....
How severe is CVE-2017-6224?
CVE-2017-6224 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-6224?
Check the references section above for vendor advisories and patch information. Affected products include: Ruckuswireless Zonedirector Firmware, Ruckuswireless Zonedirector, Ruckuswireless Unleashed Firmware, Ruckuswireless Unleashed.