This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
RUCKUS Self Help |   ASK the Pack
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

[CVE-2021-44228] Apache Log4j2 RCE

dawoon_lee
New Contributor II

‎12-12-2021 05:51 PM

Hello.

Our customer is running a Ruckus SmartZone (sz-100) controller.
The version of the controller is 5.1.1.0.598.


The customer asked if the SmartZone has the following this security vulnerabilities.

** Vulnerability: [CVE-2021-44228] Apache Log4j2 RCE

Thank you for your valuable answers to the above questions.

91 REPLIES 91

Vineet_nejwala
Moderator
Moderator
In response to grodog-prod

‎12-16-2021 12:34 AM

@torge_szczepanek

We will share the ksp details as soon it is available and Yes the fix would include latest recommendation as engineering is constantly checking it and updating on our side too.

Best Regards

Vineet

0 Kudos

ludia_it
New Contributor II
In response to grodog-prod

‎12-16-2021 12:04 PM

@vineet_nejawala The last version of the advisory (1.2) says that SZ 6.0 KSP should have be released 12/15/2021 (yesterday).

I tried to find it everywhere but was not able to. It also says to contact Customer Support to install it when available. Will we be contacted by email when it's available or we have to refresh the Downloads section each day to know it's released ?

O.

0 Kudos

mark_pledl
Contributor
In response to grodog-prod

‎12-16-2021 12:08 PM

@ludia_it

I got information that it is not ready and still under testing, so you cannot find it. They expect it to be released by end of 17th. More detailed information you can get only from vineet, allan and colleagues.

Br,

Mark. 

JTakaMT
New Contributor III
In response to grodog-prod

‎12-16-2021 12:31 PM

Copied from the security bulletin below, I went ahead and put in a support ticket as well just to have it in. 

SmartZone and 					Contact Customer Support to install 	SZ 6.0 KSP
Virtual SmartZone   5.0 to 6.0			KSP when available.			12/15/2021

						Contact Customer Support to install 	SZ 5.2.2 P1 and 
						KSP when available.			5.2.2 KSPs
											12/16/2021

						Contact Customer Support to install 	SZ 5.1 and 
						KSP when available.			5.0 KSPs
											12/17/2021
0 Kudos

Vineet_nejwala
Moderator
Moderator
In response to grodog-prod

‎12-16-2021 07:23 PM

@ludia_it

Apologies for the inconvenience. The patch for all codes should be released by today "12/17/2021" EOD. The goal is :

We will have a KBA showing the process for loading the KSP on SZ.
The fixes /KSPs will be open for download for customers with/or without a support.
The aim is to ensure that our customers have the ability to self-help on existing versions as much as possible.

Atlast,Sorry for the delay, but this will be a better outcome for all our customers and us, once completed.

Best Regards

Vineet

0 Kudos
Copyright © 2024 Khoros, LLC