Dropbear SSH Server vulnerability

  • 1
  • Question
  • Updated 2 years ago
  • Answered
Is the dropbear SSH Server vulnerability patch included in ZD1100 Software Release?

I am currently on version build 20

Photo of Andy Styring

Andy Styring

  • 1 Post
  • 0 Reply Likes

Posted 2 years ago

  • 1
Photo of Martin

Martin, Official Rep

  • 315 Posts
  • 80 Reply Likes
Hi Andy,

You can check the https://www.ruckuswireless.com/security page for any info regarding dropbear.

Kind regards

Photo of Michael Brado

Michael Brado, Official Rep

  • 3298 Posts
  • 523 Reply Likes
Hello Andy,

   We've had other tickets/requests like yours too. The CVE-2017-9079 dropbear issue is fixed in ZD 10.0+, but unfortunately ZD1100 last supported release is 9.10.x, and changes will not be back-ported.

   Other customers had to upgrade to ZD1200 model controllers if this is your concern. The security team reports this is concidered a minor vulnerability, with a CVSS score of 4.7, and exploitability score of 1.0.