CVE-2017-6224

Опубликовано: 13 окт. 2017

Источник: nvd

CVSS3: 8.8

CVSS2: 9.3

EPSS Низкий

Описание

Ruckus Wireless Zone Director Controller firmware releases ZD9.x, ZD10.0.0.x, ZD10.0.1.x (less than 10.0.1.0.17 MR1 release) and Ruckus Wireless Unleashed AP Firmware releases 200.0.x, 200.1.x, 200.2.x, 200.3.x, 200.4.x. contain OS Command Injection vulnerabilities that could allow local authenticated users to execute arbitrary privileged commands on the underlying operating system by appending those commands in the Common Name field in the Certificate Generation Request.

Ссылки

https://ruckus-www.s3.amazonaws.com/pdf/security/faq-security-advisory-id-092917.txt
Third Party Advisory
https://ruckus-www.s3.amazonaws.com/pdf/security/faq-security-advisory-id-092917.txt
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

Одно из

cpe:2.3:o:ruckuswireless:zonedirector_firmware:zd9.9.0.0.205:*:*:*:*:*:*:*

cpe:2.3:o:ruckuswireless:zonedirector_firmware:zd9.9.0.0.212:*:*:*:*:*:*:*

cpe:2.3:o:ruckuswireless:zonedirector_firmware:zd9.9.0.0.216:*:*:*:*:*:*:*

cpe:2.3:o:ruckuswireless:zonedirector_firmware:zd9.10.0.0.218:*:*:*:*:*:*:*

cpe:2.3:o:ruckuswireless:zonedirector_firmware:zd9.13.0.0.103:*:*:*:*:*:*:*

cpe:2.3:o:ruckuswireless:zonedirector_firmware:zd9.13.0.0.209:*:*:*:*:*:*:*

cpe:2.3:h:ruckuswireless:zonedirector:-:*:*:*:*:*:*:*

Конфигурация 2

Одновременно

Одно из

cpe:2.3:o:ruckuswireless:unleashed_firmware:200.1:*:*:*:*:*:*:*

cpe:2.3:o:ruckuswireless:unleashed_firmware:200.1.9.12.55:*:*:*:*:*:*:*

cpe:2.3:o:ruckuswireless:unleashed_firmware:200.3:*:*:*:*:*:*:*

cpe:2.3:o:ruckuswireless:unleashed_firmware:200.3.9.13.228:*:*:*:*:*:*:*

cpe:2.3:o:ruckuswireless:unleashed_firmware:200.4.9.13:*:*:*:*:*:*:*

cpe:2.3:o:ruckuswireless:unleashed_firmware:200.4.9.13.47:*:*:*:*:*:*:*

cpe:2.3:h:ruckuswireless:unleashed:-:*:*:*:*:*:*:*

EPSS

Процентиль: 75%

0.00868

Низкий

8.8 High

CVSS3

9.3 Critical

CVSS2

Дефекты

CWE-78

Связанные уязвимости

GHSA-45p5-79vm-8h38