ZD Critical Vulnerability Notice and inability to connect to ZD

  • 1
  • Question
  • Updated 1 month ago
  • Answered
Hi

I received a recent critical vulnerability notice for my ZD1106 from Commscope.  The solution apparently is to upgrade the ZD s/w, but I can't connect to my ZD, probably because of its outdated firmware - when i try, I get messages like the one in quotes below.  I don't have access to old windows IE versions (with presumably lower security requirements) and instead have only macs at home.  What is my solution - how do I solve this critical vulnerability issue?

Many thanks!

"This site can’t provide a secure connection

10.0.1.13 uses an unsupported protocol.

ERR_SSL_VERSION_OR_CIPHER_MISMATCH"
Photo of Atul Khanna

Atul Khanna

  • 10 Posts
  • 0 Reply Likes

Posted 3 months ago

  • 1
Photo of Paul McGuire

Paul McGuire

  • 35 Posts
  • 15 Reply Likes
Depending on which browser you use. In chrome you click advanced and choose continue to the site. This is normal when you use a self signed certificate.
Photo of Atul Khanna

Atul Khanna

  • 10 Posts
  • 0 Reply Likes
No more advanced option in Chrome (V80 Mac).
Photo of Syamantak Omer

Syamantak Omer, Official Rep

  • 345 Posts
  • 123 Reply Likes
Hi Atul,

You are getting this error because your ZD seems running on 9.6 version which only support TLS 1.0.

Modern browsers do not support TLS 1.0 and that is why you are unable to access the ZD.

Please try installing an old browser version which supports TLS 1.0 and then access the ZD from it. Once you are able to access it, upgrade the ZD to 9.7 or later version to fix this issue (TLS 1.0 issue).

Use Chrome Browser before version 48, FireFox Browser before version 44 as it support TLS 1.0 Chipher suite 

This is also documented on one of our KBAs https://support.ruckuswireless.com/articles/000005847

Regards,
Syamantak Omer
Photo of Atul Khanna

Atul Khanna

  • 10 Posts
  • 0 Reply Likes
Thanks - I can't access that article - it say upgrade support level.
Photo of Syamantak Omer

Syamantak Omer, Official Rep

  • 345 Posts
  • 123 Reply Likes
Hi Atul,

It is because that article is a premium content under premium support.

Install the mentioned browsers and you should be able to access the ZD.

Regards,
Syamantak Omer
Photo of Atul Khanna

Atul Khanna

  • 10 Posts
  • 0 Reply Likes
One more question Syamantak - I am using a Mac.  Are these browser versions independent of O/S?
Photo of Syamantak Omer

Syamantak Omer, Official Rep

  • 345 Posts
  • 123 Reply Likes
I think you can easily find the Firefox ver 44 for OS X. Just search it on Google and I am sure you can find it on some of the third party websites.

Regards,
Syamantak Omer
Photo of Atul Khanna

Atul Khanna

  • 10 Posts
  • 0 Reply Likes
I tried both 44 and 43 firefox - still no luck.  This is 43:
With 44 i get the advanced option, but even that just hangs.
Photo of Syamantak Omer

Syamantak Omer, Official Rep

  • 345 Posts
  • 123 Reply Likes
It works most of the time as I have fixed similar issue in past. Not sure why it is not working for you.

You may try another way to fix this issue.

Try to SSH into the ZD, check what is the ZD version and try to upgrade it to 9.7 or above. This issue is fixed on 9.7 and above version as it supports TLS 1.2.

Procedure:

- Download the TFTP server on local system/Computer
- Download the desired firmware from Ruckus Support
https://support.ruckuswireless.com/software/1521-zd1100-9-7-2-0-20-mr2-refresh3-software-release
- Select the root folder in TFTP server where firmware file is located
- Login ZD via using any SSH client (ex. Putty)
- Make sure you are able to ping the TFTP server IP (local system's IP) address from ZD CLI

ruckus> en
ruckus#
ruckus# debug
ruckus(debug)# fw_upgrade -p <protocol>  -s <server ip address>  -n <image file name>

Example:

ruckus(debug)# fw_upgrade -p tftp  -s 192.168.2.1  -n zd3k_9.4.0.0.110.ap_9.4.0.0.110.img
----------
Note: TFTP server application should be installed locally and its IP address must be reachable from the ZD. 
----------

You can also refer our How To Hub video for more information.

https://youtu.be/Sg_fjpaiIbM

Regards,
Syamantak Omer