This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
RUCKUS Self Help |   ASK the Pack
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

[CVE-2021-44228] Apache Log4j2 RCE

dawoon_lee
New Contributor II

‎12-12-2021 05:51 PM

Hello.

Our customer is running a Ruckus SmartZone (sz-100) controller.
The version of the controller is 5.1.1.0.598.


The customer asked if the SmartZone has the following this security vulnerabilities.

** Vulnerability: [CVE-2021-44228] Apache Log4j2 RCE

Thank you for your valuable answers to the above questions.

91 REPLIES 91

mark_pledl
Contributor
In response to grodog-prod

‎12-14-2021 01:26 AM

@vineet_nejawala 

Dear Vineet,

it would be cool, if you can clarify for which versions we will get the ksp? From my expiriance it will be only latest version of the development patch.

My guess is that it will be only (5.1.2.0.302 and former might be skipped as Fragattack unsafe) 5.2.1.0.515 and 5.2.2.0.1161 and 6.0.0.0.1331 - as 5.2.1.0.515 has a security leak too it might be only 5.2.2.0.1161 and 6.0.0.0.1331. And of course all active FIPS versions.

Thanks in advance,

Br,

Mark.

0 Kudos

Vineet_nejwala
Moderator
Moderator
In response to grodog-prod

‎12-14-2021 01:32 AM

@mark_pledl

Mark so far we are testing on code 5.x and all above including FIPS version too, ksp testing has started and we are expecting the resolution (ksp) out soon for our customers though we are yet to hear from engineering on what codes we are releasing the official patch.

Best Regards

Vineet 

mark_pledl
Contributor
In response to grodog-prod

‎12-14-2021 01:37 AM

@vineet_nejawala 

Thanks for quick response Vineet. Sounds good! So no additional upgrade hassle needed in that case. :-). Thanks for your hard work.

Br,

Mark.

diego_garcia_de
Contributor III
In response to grodog-prod

‎12-14-2021 04:56 AM

@torge_szczepanek

Fully agreee. My comment was more directed at ruckus given the brevity of the disclosure and whether there is _ANYTHING_  (short of shutting down the controller) we can do to prevent exploitation.

To be honest, I would be _slightly_ less worried if I can contain the possible exploit paths to only through the AP (lets call it in-band) as, while these are public, in my case, they dont have the full internet open towards it.

thanks!

 

0 Kudos

grodog-prod
Contributor II
In response to grodog-prod

‎12-14-2021 09:02 AM

@diego_garcia_del_rio

Also, given the criticality of the incident it would be good for the advisory to be available without a support account.

In addition to publishing our Security Bulletins on the Support Portal, we do replicate them on the CommScope Security Page at

https://www.commscope.com/security-bulletins which is public and does not require a login to access.

Allan.

Allan T. Grohe Jr.
==
Knowledge Management Program Director
for RUCKUS Customer Services & Support
Copyright © 2024 Khoros, LLC