RUCKUS Forums - Re: [CVE-2021-44228] Apache Log4j2 RCE - Page 15

dawoon_lee · ‎12-12-2021

Hello.

Our customer is running a Ruckus SmartZone (sz-100) controller.
The version of the controller is 5.1.1.0.598.

The customer asked if the SmartZone has the following this security vulnerabilities.

** Vulnerability: [CVE-2021-44228] Apache Log4j2 RCE

Thank you for your valuable answers to the above questions.

nick_nordberg · ‎12-17-2021

@ludia_it

I had the same issue here.

The message that kept repeating was:

"Wait for (Cassandra,Communicator,Configurer,Core,Courier,ElasticSearch,Mosquitto,NginX,RabbitMQ,ScgUniversalExporter,Switchm,Web) up."

Mine is a 2 node vSZ-H on firmware 6.0.0.0.1213

I took your lead and logged in with another session and did a reload. Came back up after that.

ludia_it · ‎12-17-2021

@vineet_nejawala @allan_grohe

I think you should review your documentation to just do a reboot (reload) after the patch is applied.

Vineet_nejwala · ‎12-17-2021

@nick_nordberg @ludia_it

Strangely we haven't faced this issue in QA test and with customers that we have so far applied patch to. Thank you for sharing you input we will look into this further.

Best Regards

Vineet

Greg_WiGuy · ‎12-17-2021

I had no issues with the "service restart" on a pair of SZ-124 units in a cluster. It took roughly 20mins.

ludia_it · ‎12-17-2021

@vineet_nejawala Might be related only to vSZ version 6.