This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
RUCKUS Self Help |   ASK the Pack
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

[CVE-2021-44228] Apache Log4j2 RCE

dawoon_lee
New Contributor II

‎12-12-2021 05:51 PM

Hello.

Our customer is running a Ruckus SmartZone (sz-100) controller.
The version of the controller is 5.1.1.0.598.


The customer asked if the SmartZone has the following this security vulnerabilities.

** Vulnerability: [CVE-2021-44228] Apache Log4j2 RCE

Thank you for your valuable answers to the above questions.

91 REPLIES 91

Vineet_nejwala
Moderator
Moderator
In response to grodog-prod

‎12-16-2021 07:25 PM

@JTakaMT

Apologies for the inconvenience. The patch for all codes should be released by today "12/17/2021" EOD. The goal is :

We will have a KBA showing the process for loading the KSP on SZ.
The fixes /KSPs will be open for download for customers with/or without a support.
The aim is to ensure that our customers have the ability to self-help on existing versions as much as possible.

Atlast,Sorry for the delay, but this will be a better outcome for all our customers and us, once completed.

Best Regards

Vineet

 

0 Kudos

sven_siersdorfe
New Contributor II

‎12-15-2021 11:40 PM

I also don't get any information about the patch via chat or support case.

We need a solution here very quickly.

Vineet_nejwala
Moderator
Moderator
In response to sven_siersdorfe

‎12-16-2021 07:24 PM

@sven_siersdorfer

Apologies for the inconvenience. The patch for all codes should be released by today "12/17/2021" EOD. The goal is :

We will have a KBA showing the process for loading the KSP on SZ.
The fixes /KSPs will be open for download for customers with/or without a support.
The aim is to ensure that our customers have the ability to self-help on existing versions as much as possible.

Atlast,Sorry for the delay, but this will be a better outcome for all our customers and us, once completed.

Best Regards

Vineet

 

sven_siersdorfe
New Contributor II
In response to sven_siersdorfe

‎12-16-2021 08:56 PM

Thank you Vineet

0 Kudos

diego_garcia_de
Contributor III

‎12-16-2021 06:18 AM

To anyone wanting to mitigate the impact, the vulnerability has two parts:

1) Information disclosure. This one is hard to contain as it basically means the system is able to leak internal data via DNS requests. But this mechanism will not "infect" the system. Some information such as internal usernames, process permissions, environment variables can be leaked to external parties. But the vSZ will not be infected.

2) Full in "remote code execution". This part of the attack means an external party is able to force the system to DOWNLOAD code and execute it. This one is the most dangerous one.

In my case, I have been able to mitigate the RCE (#2) by blocking all outgoing communication from smartzone. You will have to add certain entries to the allow-list/whitelist such as any LDAP or RADIUS servers, syslog and email servers used for notifications and system logging, FTP/SFTP servers for backups, SPOT servers if you're using location based services,  but pretty much all other outgoing communication can be blocked.

This means that if the system TRIES to download the  malware, it should be blocked by the external firewall. 

In my case, smartzone is deployed in google cloud so I rely on google's cloud firewall to configure the blocks. I have only had communication to two IPs which I believe are either part of the licensing servers or something similar (it was akamai IPs). 

In my case, we have a lets-encrypt certificate on the server so im seeing certain connections to "ocsp.int-x3.letsencrytp.org" 

0 Kudos
Copyright © 2024 Khoros, LLC