Skip to main content

1 Message

 • 

70 Points

Fri, Jan 11, 2019 3:07 PM

Answered

Dropbear SSH Server vulnerability

Is the dropbear SSH Server vulnerability patch included in ZD1100 9.10.2.0.63 Software Release?

I am currently on version 9.7.2.0 build 20

Thanks

Responses

301 Messages

 • 

4.8K Points

2 years ago

Hi Andy,

You can check the https://www.ruckuswireless.com/security page for any info regarding dropbear.

Kind regards
Martin

Brand User

2.6K Messages

 • 

44.8K Points

2 years ago

Hello Andy,

   We've had other tickets/requests like yours too. The CVE-2017-9079 dropbear issue is fixed in ZD 10.0+, but unfortunately ZD1100 last supported release is 9.10.x, and changes will not be back-ported.

   Other customers had to upgrade to ZD1200 model controllers if this is your concern. The security team reports this is concidered a minor vulnerability, with a CVSS score of 4.7, and exploitability score of 1.0.