cancel
Showing results for 
Search instead for 
Did you mean: 

[CVE-2021-44228] Apache Log4j2 RCE

dawoon_lee
New Contributor II

Hello.

Our customer is running a Ruckus SmartZone (sz-100) controller.
The version of the controller is 5.1.1.0.598.


The customer asked if the SmartZone has the following this security vulnerabilities.

** Vulnerability: [CVE-2021-44228] Apache Log4j2 RCE

Thank you for your valuable answers to the above questions.

91 REPLIES 91

@torge_szczepanek

We will share the ksp details as soon it is available and Yes the fix would include latest recommendation as engineering is constantly checking it and updating on our side too.

Best Regards

Vineet

@vineet_nejawala The last version of the advisory (1.2) says that SZ 6.0 KSP should have be released 12/15/2021 (yesterday).

I tried to find it everywhere but was not able to. It also says to contact Customer Support to install it when available. Will we be contacted by email when it's available or we have to refresh the Downloads section each day to know it's released ?

O.

@ludia_it

I got information that it is not ready and still under testing, so you cannot find it. They expect it to be released by end of 17th. More detailed information you can get only from vineet, allan and colleagues.

Br,

Mark. 

JTakaMT
New Contributor III

Copied from the security bulletin below, I went ahead and put in a support ticket as well just to have it in. 

SmartZone and 					Contact Customer Support to install 	SZ 6.0 KSP
Virtual SmartZone   5.0 to 6.0			KSP when available.			12/15/2021

						Contact Customer Support to install 	SZ 5.2.2 P1 and 
						KSP when available.			5.2.2 KSPs
											12/16/2021

						Contact Customer Support to install 	SZ 5.1 and 
						KSP when available.			5.0 KSPs
											12/17/2021

@ludia_it

Apologies for the inconvenience. The patch for all codes should be released by today "12/17/2021" EOD. The goal is :

We will have a KBA showing the process for loading the KSP on SZ.
The fixes /KSPs will be open for download for customers with/or without a support.
The aim is to ensure that our customers have the ability to self-help on existing versions as much as possible.

Atlast,Sorry for the delay, but this will be a better outcome for all our customers and us, once completed.

Best Regards

Vineet