cancel
Showing results for 
Search instead for 
Did you mean: 

CVE-2022-22963 and CVE-2022-22965 (Spring4Shell zero-day RCE vulnerability)

syamantakomer
Community Admin
Community Admin
This post explains about recent security vulnerability CVE-2022-22963 and CVE-2022-22965 (Spring4Shell zero-day RCE vulnerability)

About the vulnerability

There are two vulnerabilities affecting the Spring MVC (CVE-2022-22965) and Spring Cloud (CVE-2022-22963) components of the Spring Framework. These vulnerabilities are rated Critical as a successful exploit leads to remote code execution on the vulnerable system.

Question

What Ruckus products are impacted with recent CVE-2022-22963 and CVE-2022-22965 (Spring4Shell zero-day RCE vulnerability)?

What RUCKUS Networks is doing to fix this vulnerability on impacted products?

RUCKUS Networks security team is aware about the issue and already verified all the products.

Most of RUCKUS Networks products are not impacted with this vulnerability and only one impacted product (Ruckus Cloud) was already patched on 15th April 2022.

At this point, no RUCKUS products are impacted and no attention required from customers.

Is my RUCKUS product impacted?

As of 18th April below is the status of RUCKUS products:
 
Product Vulnerable? Action required
ZoneDirector Not Vulnerable No action required
Unleashed Not Vulnerable No action required
UMM/Flexmaster Not Vulnerable No action required
SmartZone/virtualSmartZone Not Vulnerable No action required
SPoT/vSPoT Not Vulnerable No action required
RuckusAnalytics Not Vulnerable No action required
MobileApps Not Vulnerable No action required
IoT Not Vulnerable No action required
ICX Not Vulnerable No action required
CloudPath Not Vulnerable No action required
Access points Not Vulnerable No action required
IOT Not Vulnerable No action required
Mobile APPs Not Vulnerable No action required
CloudPath Not Vulnerable No action required
SCI Not Vulnerable No action required
RuckusCloud Vulnerable Already patched, no further action required


When impacted products will be patched?

Only one product (RUCKUS Cloud) was vulnerable and same was patched on 15th April 2022.

For any queries, feel free to reach Ruckus Support at https://support.ruckuswireless.com/contact-us

You can also refer our support center page at https://support.ruckuswireless.com/spring4shell-ruckus-technical-support-response-center


Syamantak Omer
Sr.Staff TSE | CWNA | CCNA | RCWA | RASZA | RICXI
RUCKUS Networks, CommScope!
Follow me on LinkedIn
0 REPLIES 0