topic ICX XSS and CSRF Vulnerability in RUCKUS Self-Help https://community.ruckuswireless.com/t5/RUCKUS-Self-Help/ICX-XSS-and-CSRF-Vulnerability/m-p/66824#M206 <P>This is vulnerability in the web-based management interface of the ICX ruckus product.</P><P><STRONG>Workaround:</STRONG></P><P>Need to disable web management access to the switches using below options.</P><P>By default, you will see https enabled.</P><P><FONT face="courier new,courier" size="2">Device#show web</FONT></P><P><FONT face="courier new,courier" size="2">HTTP server status: Disabled</FONT></P><P><FONT face="courier new,courier" size="2">HTTPS server status: Enabled</FONT></P><P><FONT face="courier new,courier" size="2">No web connection.</FONT></P><P><STRONG>Use the below command to disable https:</STRONG></P><P><FONT face="courier new,courier" size="2">Device(config)#no web-management https</FONT></P><P><STRONG>If http is also enabled, then use the below command:</STRONG></P><P><FONT face="courier new,courier" size="2">Device(config)#no web-management http</FONT></P><P>This vulnerability is found on 8095k and lower versions.</P><P><STRONG>Resolution:</STRONG> If major release on switch is 8095 version, then Upgrade to FI 08.0.95m or later</P><P>This vulnerability is also resolved on ICX switches on upgrading to 9010a and above.</P><P><STRONG>Reference link for more details on the vulnerability:</STRONG></P><UL><LI><FONT face="courier new,courier" size="2"><A href="https://support.ruckuswireless.com/security_bulletins/321" target="_blank" rel="noopener">https://support.ruckuswireless.com/security_bulletins/321</A></FONT></LI></UL> Tue, 29 Aug 2023 17:49:03 GMT Chandini 2023-08-29T17:49:03Z ICX XSS and CSRF Vulnerability https://community.ruckuswireless.com/t5/RUCKUS-Self-Help/ICX-XSS-and-CSRF-Vulnerability/m-p/66824#M206 <P>This is vulnerability in the web-based management interface of the ICX ruckus product.</P><P><STRONG>Workaround:</STRONG></P><P>Need to disable web management access to the switches using below options.</P><P>By default, you will see https enabled.</P><P><FONT face="courier new,courier" size="2">Device#show web</FONT></P><P><FONT face="courier new,courier" size="2">HTTP server status: Disabled</FONT></P><P><FONT face="courier new,courier" size="2">HTTPS server status: Enabled</FONT></P><P><FONT face="courier new,courier" size="2">No web connection.</FONT></P><P><STRONG>Use the below command to disable https:</STRONG></P><P><FONT face="courier new,courier" size="2">Device(config)#no web-management https</FONT></P><P><STRONG>If http is also enabled, then use the below command:</STRONG></P><P><FONT face="courier new,courier" size="2">Device(config)#no web-management http</FONT></P><P>This vulnerability is found on 8095k and lower versions.</P><P><STRONG>Resolution:</STRONG> If major release on switch is 8095 version, then Upgrade to FI 08.0.95m or later</P><P>This vulnerability is also resolved on ICX switches on upgrading to 9010a and above.</P><P><STRONG>Reference link for more details on the vulnerability:</STRONG></P><UL><LI><FONT face="courier new,courier" size="2"><A href="https://support.ruckuswireless.com/security_bulletins/321" target="_blank" rel="noopener">https://support.ruckuswireless.com/security_bulletins/321</A></FONT></LI></UL> Tue, 29 Aug 2023 17:49:03 GMT https://community.ruckuswireless.com/t5/RUCKUS-Self-Help/ICX-XSS-and-CSRF-Vulnerability/m-p/66824#M206 Chandini 2023-08-29T17:49:03Z