CVE-2017-6229

high-risk
Published 2018-02-14

Ruckus Networks Unleashed AP firmware releases before 200.6.10.1.x and Ruckus Networks Zone Director firmware releases 10.1.0.0.x, 9.10.2.0.x, 9.12.3.0.x, 9.13.3.0.x, 10.0.1.0.x or before contain authenticated Root Command Injection in the CLI that could allow authenticated valid users to execute privileged commands on the respective systems.

Do I need to act?

~
5.3% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
8
CVSS 8.8/10 High
NETWORK / LOW complexity

Affected Products (17)

R500 Firmware
R600 Firmware
R310 Firmware
H320 Firmware
H510 Firmware
R710 Firmware
R720 Firmware
T300 Firmware
T301 Firmware
T300E Firmware
T610 Firmware
T710 Firmware
R510 Firmware
Zonedirector 3000 Firmware
Zonedirector 3000 Firmware

Affected Vendors

Ruckuswireless

References (2)

Vendor Advisory https://ruckus-www.s3.amazonaws.com/pdf/security/faq-security-advisory-id-201802...
Vendor Advisory https://ruckus-www.s3.amazonaws.com/pdf/security/faq-security-advisory-id-201802...
57
/ 100
high-risk
Severity 30/34 · Critical
Exploitability 8/34 · Low
Exposure 19/34 · Moderate