The RuckusNetworks Support Portal Security
page has been updated with Security Notice 20191224 ZoneDirector and Unleashed Unauthenticated Remote Code Execution and Other Vulnerabilities
. Security Notice 20191224 is located at https://support.ruckuswireless.com/security_bulletins/299
and can be downloaded in PDF and TXT formats.
What is the issue?
A number of security vulnerabilities are found on the ZoneDirector and Unleashed product lines. Collectively, these vulnerabilities allow an attacker to perform the following actions:
What action should I take?
- Unauthenticated, remote code executions and unauthorized command line interface (CLI) and shell access
- Command injections
- Unauthenticated stack overflow
- Unauthenticated arbitrary file writing
- Server-Side Request Forgery (SSRF)
Ruckus Networks is releasing the fix for these vulnerabilities through a software update. Because these are CRITICAL issues, all customers are strongly encouraged to apply the fix once available.
Further details including are available in the full text of Security Notice 20191224 at https://support.ruckuswireless.com/security_bulletins/299