Cloudpath Persistent XSS and CSRF Vulnerability

vijaykuniyal — Mon, 16 Oct 2023 17:17:12 GMT

Hello All,

This is an important security announcement for Cloudpath.

What is the issue?

A vulnerability in the web-based interface of the RUCKUS Cloudpath product could allow a remote, unauthenticated attacker to execute persistent XSS and CSRF attacks against an user of the admin management interface. A successful attack, combined with a certain admin activity, could allow the attacker to gain full admin privileges on the exploited system.

What action should I take?

Updating the software to its most recent version, as detailed below, will resolve the vulnerability. Since this is a high severity vulnerability, all customers are strongly encouraged to apply the update at the earliest opportunity.

What is the impact on RUCKUS products?

The following table describes the vulnerable products and software versions and the recommended actions.

Product

Vulnerable Release

Resolution

Release Date

Cloudpath

Version 5.12 build 5538 or earlier

Upgrade to Version 5.12 build 5550 or later

Oct 13th, 2023

New version is available for download on all the on-premises Cloudpath, Hosted Cloudpath are already patched with the fix.

Administrator>>>System Updates>>>Download Update.

When will this RUCKUS Security Advisory be publicly posted?

RUCKUS will release the initial security advisory to customers on 10/16/2023, follow below link for the official Security Advisory.

https://support.ruckuswireless.com/security_bulletins/

topic Cloudpath Persistent XSS and CSRF Vulnerability in RUCKUS Self-Help

Cloudpath Persistent XSS and CSRF Vulnerability

Hello All, This is an important security announcement for Cloudpath.What is the issue?

Hello All,

This is an important security announcement for Cloudpath.

What is the issue?