Dropbear SSH Server vulnerability

  • 1
  • Question
  • Updated 5 months ago
  • Answered
Is the dropbear SSH Server vulnerability patch included in ZD1100 9.10.2.0.63 Software Release?

I am currently on version 9.7.2.0 build 20

Thanks
Photo of Andy Styring

Andy Styring

  • 1 Post
  • 0 Reply Likes

Posted 5 months ago

  • 1
Photo of Martin

Martin, Official Rep

  • 309 Posts
  • 79 Reply Likes
Hi Andy,

You can check the https://www.ruckuswireless.com/security page for any info regarding dropbear.

Kind regards
Martin

Photo of Michael Brado

Michael Brado, Official Rep

  • 2860 Posts
  • 399 Reply Likes
Hello Andy,

   We've had other tickets/requests like yours too. The CVE-2017-9079 dropbear issue is fixed in ZD 10.0+, but unfortunately ZD1100 last supported release is 9.10.x, and changes will not be back-ported.

   Other customers had to upgrade to ZD1200 model controllers if this is your concern. The security team reports this is concidered a minor vulnerability, with a CVSS score of 4.7, and exploitability score of 1.0.
(Edited)