CVE-2020-22658

high-risk
Published 2023-01-20

In Ruckus R310 10.5.1.0.199, Ruckus R500 10.5.1.0.199, Ruckus R600 10.5.1.0.199, Ruckus T300 10.5.1.0.199, Ruckus T301n 10.5.1.0.199, Ruckus T301s 10.5.1.0.199, SmartCell Gateway 200 (SCG200) before 3.6.2.0.795, SmartZone 100 (SZ-100) before 3.6.2.0.795, SmartZone 300 (SZ300) before 3.6.2.0.795, Virtual SmartZone (vSZ) before 3.6.2.0.795, ZoneDirector 1100 9.10.2.0.130, ZoneDirector 1200 10.2.1.0.218, ZoneDirector 3000 10.2.1.0.218, ZoneDirector 5000 10.0.1.0.151, a vulnerability allows attackers to switch completely to unauthorized image to be Boot as primary verified image.

Do I need to act?

-
0.19% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
9
CVSS 9.8/10 Critical
NETWORK / LOW complexity

Affected Products (14)

R310 Firmware
R500 Firmware
R600 Firmware
T300 Firmware
T301N Firmware
T301S Firmware
Scg200 Firmware
Sz-100 Firmware
Sz-300 Firmware
Vsz Firmware
Zonedirector 1100 Firmware
Zonedirector 3000 Firmware
Zonedirector 5000 Firmware

Affected Vendors

Ruckuswireless

References (3)

https://hdhrmi.blogspot.com/2020/03/multiple-vulnerabilities-in-ruckus.html?m=1
Patch https://support.ruckuswireless.com/security_bulletins/302
Patch https://support.ruckuswireless.com/security_bulletins/302
51
/ 100
high-risk
Severity 32/34 · Critical
Exploitability 1/34 · Minimal
Exposure 18/34 · Moderate