cancel
Showing results for 
Search instead for 
Did you mean: 

[CVE-2021-44228] Apache Log4j2 RCE

dawoon_lee
New Contributor II

Hello.

Our customer is running a Ruckus SmartZone (sz-100) controller.
The version of the controller is 5.1.1.0.598.


The customer asked if the SmartZone has the following this security vulnerabilities.

** Vulnerability: [CVE-2021-44228] Apache Log4j2 RCE

Thank you for your valuable answers to the above questions.

91 REPLIES 91

@JTakaMT:  thank you, I should have mentioned that as well, since our TAC director runs on a Mac and did see that too.

@vineet_nejawala :  can you or Sameer please update the KBA with the MAC-specific guidance re: the decompression process?

Allan.

Allan T. Grohe Jr.
==
Knowledge Management Program Director
for RUCKUS Customer Services & Support

@allan_grohe 

This has been updated on article.

Best Regards

Vineet

ludia_it
New Contributor II

Just finished patching. (vSZ 6) 

I tried to restart the services after the patch as documented (service restart) on the first node but after 1 hour it was still waiting on the same services to get up. 

I had to reboot the node (reload).

On the second one, I just used the (reload) command. 

@ludia_it 

I had the same issue here.  

The message that kept repeating was:

"Wait for (Cassandra,Communicator,Configurer,Core,Courier,ElasticSearch,Mosquitto,NginX,RabbitMQ,ScgUniversalExporter,Switchm,Web) up."

Mine is a 2 node vSZ-H on firmware 6.0.0.0.1213

I took your lead and logged in with another session and did a reload.  Came back up after that.

ludia_it
New Contributor II

@vineet_nejawala @allan_grohe 

I think you should review your documentation to just do a reboot (reload) after the patch is applied.