Showing results for 
Search instead for 
Did you mean: 

ICX XSS and CSRF Vulnerability

RUCKUS Team Member

This is vulnerability in the web-based management interface of the ICX ruckus product.


Need to disable web management access to the switches using below options.

By default, you will see https enabled.

Device#show web

HTTP server status: Disabled

HTTPS server status: Enabled

No web connection.

Use the below command to disable https:

Device(config)#no web-management https

If http is also enabled, then use the below command:

Device(config)#no web-management http

This vulnerability is found on 8095k and lower versions.

Resolution: If major release on switch is 8095 version, then Upgrade to FI 08.0.95m or later

This vulnerability is also resolved on ICX switches on upgrading to 9010a and above.

Reference link for more details on the vulnerability: