https://community.ruckuswireless.com/t5/RUCKUS-Self-Help/CVE-2022-22963-and-CVE-2022-22965-Spring4Shell-zero-day-RCE/m-p/44583#M38 <SECTION>This post explains about recent security vulnerability CVE-2022-22963 and CVE-2022-22965 (Spring4Shell zero-day RCE vulnerability)</SECTION> <SECTION> <H2>About the vulnerability</H2> <P>There are&nbsp;two vulnerabilities affecting the Spring MVC (CVE-2022-22965) and Spring Cloud (CVE-2022-22963) components of the Spring Framework. These vulnerabilities are rated Critical as a successful exploit leads to remote code execution on the vulnerable system.</P> <H3>Question</H3> What Ruckus products are impacted with recent CVE-2022-22963 and CVE-2022-22965 (Spring4Shell zero-day RCE vulnerability)?</SECTION> <SECTION> <H2>What RUCKUS Networks is doing to fix this vulnerability on impacted products?</H2> RUCKUS Networks security team is aware about the issue and already verified all the products.<BR /><BR />Most of RUCKUS Networks products are not impacted with this vulnerability and only one impacted product (Ruckus Cloud) was already patched on 15th April 2022.<BR /><BR />At this point, no RUCKUS products are impacted and no attention required from customers. <H2>Is my RUCKUS product impacted?</H2> As of 18th April below is the status of RUCKUS products:<BR />&nbsp; <TABLE width="451"><COLGROUP><COL width="128" /><COL width="195" /></COLGROUP> <TBODY> <TR> <TD colspan="1" rowspan="1" data-sfdc_class="xl66"><SPAN>Product</SPAN></TD> <TD colspan="1" rowspan="1" data-sfdc_class="xl66"><SPAN>Vulnerable?</SPAN></TD> <TD colspan="1" rowspan="1" data-sfdc_class="xl66"><SPAN>Action required</SPAN></TD> </TR> <TR> <TD colspan="1" rowspan="1" data-sfdc_class="xl66"><SPAN>ZoneDirector</SPAN></TD> <TD colspan="1" rowspan="1" data-sfdc_class="xl66"><SPAN>Not Vulnerable</SPAN></TD> <TD colspan="1" rowspan="1" data-sfdc_class="xl66"><SPAN>No action required</SPAN></TD> </TR> <TR> <TD colspan="1" rowspan="1" data-sfdc_class="xl66"><SPAN>Unleashed</SPAN></TD> <TD colspan="1" rowspan="1" data-sfdc_class="xl66"><SPAN>Not Vulnerable</SPAN></TD> <TD colspan="1" rowspan="1" data-sfdc_class="xl66"><SPAN>No action required</SPAN></TD> </TR> <TR> <TD colspan="1" rowspan="1" data-sfdc_class="xl66"><SPAN>UMM/Flexmaster</SPAN></TD> <TD colspan="1" rowspan="1" data-sfdc_class="xl66"><SPAN>Not Vulnerable</SPAN></TD> <TD colspan="1" rowspan="1" data-sfdc_class="xl66"><SPAN>No action required</SPAN></TD> </TR> <TR> <TD colspan="1" rowspan="1" data-sfdc_class="xl66"><FONT color="#172b4d"><SPAN>SmartZone/virtualSmartZone</SPAN></FONT></TD> <TD colspan="1" rowspan="1" data-sfdc_class="xl66"><SPAN>Not Vulnerable</SPAN></TD> <TD colspan="1" rowspan="1" data-sfdc_class="xl66"><SPAN>No action required</SPAN></TD> </TR> <TR> <TD colspan="1" rowspan="1" data-sfdc_class="xl66"><SPAN>SPoT/vSPoT</SPAN></TD> <TD colspan="1" rowspan="1" data-sfdc_class="xl66"><SPAN>Not Vulnerable</SPAN></TD> <TD colspan="1" rowspan="1" data-sfdc_class="xl66"><SPAN>No action required</SPAN></TD> </TR> <TR> <TD colspan="1" rowspan="1" data-sfdc_class="xl66"><SPAN>RuckusAnalytics</SPAN></TD> <TD colspan="1" rowspan="1" data-sfdc_class="xl66"><SPAN>Not Vulnerable</SPAN></TD> <TD colspan="1" rowspan="1" data-sfdc_class="xl66"><SPAN>No action required</SPAN></TD> </TR> <TR> <TD colspan="1" rowspan="1" data-sfdc_class="xl66"><SPAN>MobileApps</SPAN></TD> <TD colspan="1" rowspan="1" data-sfdc_class="xl66"><SPAN>Not Vulnerable</SPAN></TD> <TD colspan="1" rowspan="1" data-sfdc_class="xl66"><SPAN>No action required</SPAN></TD> </TR> <TR> <TD colspan="1" rowspan="1" data-sfdc_class="xl66"><SPAN>IoT</SPAN></TD> <TD colspan="1" rowspan="1" data-sfdc_class="xl66"><SPAN>Not Vulnerable</SPAN></TD> <TD colspan="1" rowspan="1" data-sfdc_class="xl66"><SPAN>No action required</SPAN></TD> </TR> <TR> <TD colspan="1" rowspan="1" data-sfdc_class="xl66"><SPAN>ICX</SPAN></TD> <TD colspan="1" rowspan="1" data-sfdc_class="xl66"><SPAN>Not Vulnerable</SPAN></TD> <TD colspan="1" rowspan="1" data-sfdc_class="xl66"><SPAN>No action required</SPAN></TD> </TR> <TR> <TD colspan="1" rowspan="1" data-sfdc_class="xl66"><SPAN>CloudPath</SPAN></TD> <TD colspan="1" rowspan="1" data-sfdc_class="xl66"><SPAN>Not Vulnerable</SPAN></TD> <TD colspan="1" rowspan="1" data-sfdc_class="xl66"><SPAN>No action required</SPAN></TD> </TR> <TR> <TD colspan="1" rowspan="1" data-sfdc_class="xl66"><FONT color="#172b4d"><SPAN>Access points</SPAN></FONT></TD> <TD colspan="1" rowspan="1" data-sfdc_class="xl66"><SPAN>Not Vulnerable</SPAN></TD> <TD colspan="1" rowspan="1" data-sfdc_class="xl66"><SPAN>No action required</SPAN></TD> </TR> <TR> <TD colspan="1" rowspan="1" data-sfdc_class="xl66"><SPAN>IOT</SPAN></TD> <TD colspan="1" rowspan="1" data-sfdc_class="xl66"><SPAN>Not Vulnerable</SPAN></TD> <TD colspan="1" rowspan="1" data-sfdc_class="xl66"><SPAN>No action required</SPAN></TD> </TR> <TR> <TD colspan="1" rowspan="1" data-sfdc_class="xl67"><SPAN>Mobile APPs</SPAN></TD> <TD colspan="1" rowspan="1" data-sfdc_class="xl66"><SPAN>Not Vulnerable</SPAN></TD> <TD colspan="1" rowspan="1" data-sfdc_class="xl66"><SPAN>No action required</SPAN></TD> </TR> <TR> <TD colspan="1" rowspan="1" data-sfdc_class="xl66"><SPAN>CloudPath</SPAN></TD> <TD colspan="1" rowspan="1" data-sfdc_class="xl66"><SPAN>Not Vulnerable</SPAN></TD> <TD colspan="1" rowspan="1" data-sfdc_class="xl66"><SPAN>No action required</SPAN></TD> </TR> <TR> <TD colspan="1" rowspan="1" data-sfdc_class="xl66"><SPAN>SCI</SPAN></TD> <TD colspan="1" rowspan="1" data-sfdc_class="xl66"><SPAN>Not Vulnerable</SPAN></TD> <TD colspan="1" rowspan="1" data-sfdc_class="xl65"><SPAN>No action required</SPAN></TD> </TR> <TR> <TD colspan="1" rowspan="1" data-sfdc_class="xl66"><SPAN>RuckusCloud</SPAN></TD> <TD colspan="1" rowspan="1" data-sfdc_class="xl66"><SPAN>Vulnerable</SPAN></TD> <TD colspan="1" rowspan="1" data-sfdc_class="xl65"><SPAN>Already patched, no further action required</SPAN></TD> </TR> </TBODY> </TABLE> <H2><BR />When impacted products will be patched?</H2> Only one product (RUCKUS Cloud) was vulnerable and same was patched on 15th April 2022. <P>For any queries, feel free to reach Ruckus Support at&nbsp;<A href="https://support.ruckuswireless.com/contact-us" target="_blank" rel="noopener">https://support.ruckuswireless.com/contact-us</A><BR /><BR />You can also refer our support center page at&nbsp;<A href="https://support.ruckuswireless.com/spring4shell-ruckus-technical-support-response-center" target="_blank" rel="noopener">https://support.ruckuswireless.com/spring4shell-ruckus-technical-support-response-center</A></P> </SECTION> Fri, 02 Feb 2024 17:01:04 GMT syamantakomer 2024-02-02T17:01:04Z https://community.ruckuswireless.com/t5/RUCKUS-Self-Help/CVE-2022-22963-and-CVE-2022-22965-Spring4Shell-zero-day-RCE/m-p/44583#M38 <SECTION>This post explains about recent security vulnerability CVE-2022-22963 and CVE-2022-22965 (Spring4Shell zero-day RCE vulnerability)</SECTION> <SECTION> <H2>About the vulnerability</H2> <P>There are&nbsp;two vulnerabilities affecting the Spring MVC (CVE-2022-22965) and Spring Cloud (CVE-2022-22963) components of the Spring Framework. These vulnerabilities are rated Critical as a successful exploit leads to remote code execution on the vulnerable system.</P> <H3>Question</H3> What Ruckus products are impacted with recent CVE-2022-22963 and CVE-2022-22965 (Spring4Shell zero-day RCE vulnerability)?</SECTION> <SECTION> <H2>What RUCKUS Networks is doing to fix this vulnerability on impacted products?</H2> RUCKUS Networks security team is aware about the issue and already verified all the products.<BR /><BR />Most of RUCKUS Networks products are not impacted with this vulnerability and only one impacted product (Ruckus Cloud) was already patched on 15th April 2022.<BR /><BR />At this point, no RUCKUS products are impacted and no attention required from customers. <H2>Is my RUCKUS product impacted?</H2> As of 18th April below is the status of RUCKUS products:<BR />&nbsp; <TABLE width="451"><COLGROUP><COL width="128" /><COL width="195" /></COLGROUP> <TBODY> <TR> <TD colspan="1" rowspan="1" data-sfdc_class="xl66"><SPAN>Product</SPAN></TD> <TD colspan="1" rowspan="1" data-sfdc_class="xl66"><SPAN>Vulnerable?</SPAN></TD> <TD colspan="1" rowspan="1" data-sfdc_class="xl66"><SPAN>Action required</SPAN></TD> </TR> <TR> <TD colspan="1" rowspan="1" data-sfdc_class="xl66"><SPAN>ZoneDirector</SPAN></TD> <TD colspan="1" rowspan="1" data-sfdc_class="xl66"><SPAN>Not Vulnerable</SPAN></TD> <TD colspan="1" rowspan="1" data-sfdc_class="xl66"><SPAN>No action required</SPAN></TD> </TR> <TR> <TD colspan="1" rowspan="1" data-sfdc_class="xl66"><SPAN>Unleashed</SPAN></TD> <TD colspan="1" rowspan="1" data-sfdc_class="xl66"><SPAN>Not Vulnerable</SPAN></TD> <TD colspan="1" rowspan="1" data-sfdc_class="xl66"><SPAN>No action required</SPAN></TD> </TR> <TR> <TD colspan="1" rowspan="1" data-sfdc_class="xl66"><SPAN>UMM/Flexmaster</SPAN></TD> <TD colspan="1" rowspan="1" data-sfdc_class="xl66"><SPAN>Not Vulnerable</SPAN></TD> <TD colspan="1" rowspan="1" data-sfdc_class="xl66"><SPAN>No action required</SPAN></TD> </TR> <TR> <TD colspan="1" rowspan="1" data-sfdc_class="xl66"><FONT color="#172b4d"><SPAN>SmartZone/virtualSmartZone</SPAN></FONT></TD> <TD colspan="1" rowspan="1" data-sfdc_class="xl66"><SPAN>Not Vulnerable</SPAN></TD> <TD colspan="1" rowspan="1" data-sfdc_class="xl66"><SPAN>No action required</SPAN></TD> </TR> <TR> <TD colspan="1" rowspan="1" data-sfdc_class="xl66"><SPAN>SPoT/vSPoT</SPAN></TD> <TD colspan="1" rowspan="1" data-sfdc_class="xl66"><SPAN>Not Vulnerable</SPAN></TD> <TD colspan="1" rowspan="1" data-sfdc_class="xl66"><SPAN>No action required</SPAN></TD> </TR> <TR> <TD colspan="1" rowspan="1" data-sfdc_class="xl66"><SPAN>RuckusAnalytics</SPAN></TD> <TD colspan="1" rowspan="1" data-sfdc_class="xl66"><SPAN>Not Vulnerable</SPAN></TD> <TD colspan="1" rowspan="1" data-sfdc_class="xl66"><SPAN>No action required</SPAN></TD> </TR> <TR> <TD colspan="1" rowspan="1" data-sfdc_class="xl66"><SPAN>MobileApps</SPAN></TD> <TD colspan="1" rowspan="1" data-sfdc_class="xl66"><SPAN>Not Vulnerable</SPAN></TD> <TD colspan="1" rowspan="1" data-sfdc_class="xl66"><SPAN>No action required</SPAN></TD> </TR> <TR> <TD colspan="1" rowspan="1" data-sfdc_class="xl66"><SPAN>IoT</SPAN></TD> <TD colspan="1" rowspan="1" data-sfdc_class="xl66"><SPAN>Not Vulnerable</SPAN></TD> <TD colspan="1" rowspan="1" data-sfdc_class="xl66"><SPAN>No action required</SPAN></TD> </TR> <TR> <TD colspan="1" rowspan="1" data-sfdc_class="xl66"><SPAN>ICX</SPAN></TD> <TD colspan="1" rowspan="1" data-sfdc_class="xl66"><SPAN>Not Vulnerable</SPAN></TD> <TD colspan="1" rowspan="1" data-sfdc_class="xl66"><SPAN>No action required</SPAN></TD> </TR> <TR> <TD colspan="1" rowspan="1" data-sfdc_class="xl66"><SPAN>CloudPath</SPAN></TD> <TD colspan="1" rowspan="1" data-sfdc_class="xl66"><SPAN>Not Vulnerable</SPAN></TD> <TD colspan="1" rowspan="1" data-sfdc_class="xl66"><SPAN>No action required</SPAN></TD> </TR> <TR> <TD colspan="1" rowspan="1" data-sfdc_class="xl66"><FONT color="#172b4d"><SPAN>Access points</SPAN></FONT></TD> <TD colspan="1" rowspan="1" data-sfdc_class="xl66"><SPAN>Not Vulnerable</SPAN></TD> <TD colspan="1" rowspan="1" data-sfdc_class="xl66"><SPAN>No action required</SPAN></TD> </TR> <TR> <TD colspan="1" rowspan="1" data-sfdc_class="xl66"><SPAN>IOT</SPAN></TD> <TD colspan="1" rowspan="1" data-sfdc_class="xl66"><SPAN>Not Vulnerable</SPAN></TD> <TD colspan="1" rowspan="1" data-sfdc_class="xl66"><SPAN>No action required</SPAN></TD> </TR> <TR> <TD colspan="1" rowspan="1" data-sfdc_class="xl67"><SPAN>Mobile APPs</SPAN></TD> <TD colspan="1" rowspan="1" data-sfdc_class="xl66"><SPAN>Not Vulnerable</SPAN></TD> <TD colspan="1" rowspan="1" data-sfdc_class="xl66"><SPAN>No action required</SPAN></TD> </TR> <TR> <TD colspan="1" rowspan="1" data-sfdc_class="xl66"><SPAN>CloudPath</SPAN></TD> <TD colspan="1" rowspan="1" data-sfdc_class="xl66"><SPAN>Not Vulnerable</SPAN></TD> <TD colspan="1" rowspan="1" data-sfdc_class="xl66"><SPAN>No action required</SPAN></TD> </TR> <TR> <TD colspan="1" rowspan="1" data-sfdc_class="xl66"><SPAN>SCI</SPAN></TD> <TD colspan="1" rowspan="1" data-sfdc_class="xl66"><SPAN>Not Vulnerable</SPAN></TD> <TD colspan="1" rowspan="1" data-sfdc_class="xl65"><SPAN>No action required</SPAN></TD> </TR> <TR> <TD colspan="1" rowspan="1" data-sfdc_class="xl66"><SPAN>RuckusCloud</SPAN></TD> <TD colspan="1" rowspan="1" data-sfdc_class="xl66"><SPAN>Vulnerable</SPAN></TD> <TD colspan="1" rowspan="1" data-sfdc_class="xl65"><SPAN>Already patched, no further action required</SPAN></TD> </TR> </TBODY> </TABLE> <H2><BR />When impacted products will be patched?</H2> Only one product (RUCKUS Cloud) was vulnerable and same was patched on 15th April 2022. <P>For any queries, feel free to reach Ruckus Support at&nbsp;<A href="https://support.ruckuswireless.com/contact-us" target="_blank" rel="noopener">https://support.ruckuswireless.com/contact-us</A><BR /><BR />You can also refer our support center page at&nbsp;<A href="https://support.ruckuswireless.com/spring4shell-ruckus-technical-support-response-center" target="_blank" rel="noopener">https://support.ruckuswireless.com/spring4shell-ruckus-technical-support-response-center</A></P> </SECTION> Fri, 02 Feb 2024 17:01:04 GMT https://community.ruckuswireless.com/t5/RUCKUS-Self-Help/CVE-2022-22963-and-CVE-2022-22965-Spring4Shell-zero-day-RCE/m-p/44583#M38 syamantakomer 2024-02-02T17:01:04Z