This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
RUCKUS Self Help |   ASK the Pack
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

CVE-2022-22963 and CVE-2022-22965 (Spring4Shell zero-day RCE vulnerability)

syamantakomer
Community Admin
Community Admin

‎04-25-2022 05:58 AM - edited ‎02-02-2024 09:01 AM

This post explains about recent security vulnerability CVE-2022-22963 and CVE-2022-22965 (Spring4Shell zero-day RCE vulnerability)

About the vulnerability

There are two vulnerabilities affecting the Spring MVC (CVE-2022-22965) and Spring Cloud (CVE-2022-22963) components of the Spring Framework. These vulnerabilities are rated Critical as a successful exploit leads to remote code execution on the vulnerable system.

Question

What Ruckus products are impacted with recent CVE-2022-22963 and CVE-2022-22965 (Spring4Shell zero-day RCE vulnerability)?

What RUCKUS Networks is doing to fix this vulnerability on impacted products?

RUCKUS Networks security team is aware about the issue and already verified all the products.

Most of RUCKUS Networks products are not impacted with this vulnerability and only one impacted product (Ruckus Cloud) was already patched on 15th April 2022.

At this point, no RUCKUS products are impacted and no attention required from customers.

Is my RUCKUS product impacted?

As of 18th April below is the status of RUCKUS products:
 
Product Vulnerable? Action required
ZoneDirector Not Vulnerable No action required
Unleashed Not Vulnerable No action required
UMM/Flexmaster Not Vulnerable No action required
SmartZone/virtualSmartZone Not Vulnerable No action required
SPoT/vSPoT Not Vulnerable No action required
RuckusAnalytics Not Vulnerable No action required
MobileApps Not Vulnerable No action required
IoT Not Vulnerable No action required
ICX Not Vulnerable No action required
CloudPath Not Vulnerable No action required
Access points Not Vulnerable No action required
IOT Not Vulnerable No action required
Mobile APPs Not Vulnerable No action required
CloudPath Not Vulnerable No action required
SCI Not Vulnerable No action required
RuckusCloud Vulnerable Already patched, no further action required


When impacted products will be patched?

Only one product (RUCKUS Cloud) was vulnerable and same was patched on 15th April 2022.

For any queries, feel free to reach Ruckus Support at https://support.ruckuswireless.com/contact-us

You can also refer our support center page at https://support.ruckuswireless.com/spring4shell-ruckus-technical-support-response-center


Syamantak Omer
Sr.Staff TSE | CWNA | CCNA | RCWA | RASZA | RICXI
RUCKUS Networks, CommScope!
Follow me on LinkedIn
Labels:
0 Kudos
0 REPLIES 0
Copyright © 2024 Khoros, LLC