cancel
Showing results for 
Search instead for 
Did you mean: 

[CVE-2021-44228] Apache Log4j2 RCE

dawoon_lee
New Contributor II

Hello.

Our customer is running a Ruckus SmartZone (sz-100) controller.
The version of the controller is 5.1.1.0.598.


The customer asked if the SmartZone has the following this security vulnerabilities.

** Vulnerability: [CVE-2021-44228] Apache Log4j2 RCE

Thank you for your valuable answers to the above questions.

91 REPLIES 91

@nick_nordberg @ludia_it 

Strangely we haven't faced this issue in QA test and with customers that we have so far applied patch to. Thank you for sharing you input we will look into this further.

Best Regards

Vineet 

I had no issues with the "service restart" on a pair of SZ-124 units in a cluster.  It took roughly 20mins.

ludia_it
New Contributor II

@vineet_nejawala Might be related only to vSZ version 6.

Justed patched our lab smartzone which is running 6.0.0.0.1331.

After "service restart"  I only get to see "Wait for (Cassandra,Communicator,Configurer,Core,Courier,ElasticSearch,Mosquitto,NginX,RabbitMQ,ScgUniversalExporter,Switchm,Web) up.". After couple of hours I rebooted the smartzone. 

I now shows a date/time at "Applied On" column at the script page

@ludia_it i did exact same thing but as I had only one dev vsz on 6.0.0.0.1331. I thought it was a bug from my dev environment. Was late just a few minutes before midnight yesterday.