This is an important security announcement for Cloudpath.
What is the issue?
A vulnerability in the web-based interface of the RUCKUS Cloudpath product could allow a remote, unauthenticated attacker to execute persistent XSS and CSRF attacks against an user of the admin management interface. A successful attack, combined with a certain admin activity, could allow the attacker to gain full admin privileges on the exploited system.
What action should I take?
Updating the software to its most recent version, as detailed below, will resolve the vulnerability. Since this is a high severity vulnerability, all customers are strongly encouraged to apply the update at the earliest opportunity.
What is the impact on RUCKUS products?
The following table describes the vulnerable products and software versions and the recommended actions.
Version 5.12 build 5538 or earlier
Upgrade to Version 5.12 build 5550 or later
Oct 13th, 2023
New version is available for download on all the on-premises Cloudpath, Hosted Cloudpath are already patched with the fix.
Administrator>>>System Updates>>>Download Update.
When will this RUCKUS Security Advisory be publicly posted?
RUCKUS will release the initial security advisory to customers on 10/16/2023, follow below link for the official Security Advisory.