CVE-2017-6224
8.8
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Exploitability: 2.8 / Impact: 5.9
Source: NVD
Description
Ruckus Wireless Zone Director Controller firmware releases ZD9.x, ZD10.0.0.x, ZD10.0.1.x (less than 10.0.1.0.17 MR1 release) and Ruckus Wireless Unleashed AP Firmware releases 200.0.x, 200.1.x, 200.2.x, 200.3.x, 200.4.x. contain OS Command Injection vulnerabilities that could allow local authenticated users to execute arbitrary privileged commands on the underlying operating system by appending those commands in the Common Name field in the Certificate Generation Request.
Affected (12)
Products: Ruckuswireless: Zonedirector Firmware, Unleashed Firmware
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| Version zd9.10.0.0.218 |
| Running on/with | Platform Versions |
|---|---|
Ruckuswireless Zonedirector | All versions |
Configuration B
| Vulnerable Software | Affected Versions |
|---|---|
| Version 200.1.9.12.55 |
| Running on/with | Platform Versions |
|---|---|
Ruckuswireless Unleashed | All versions |
References (2)
Source: sirt@brocade.com
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Timeline
No history available yet.