RUCKUS Forums - Re: [CVE-2021-44228] Apache Log4j2 RCE - Page 14

dawoon_lee · ‎12-12-2021

Hello.

Our customer is running a Ruckus SmartZone (sz-100) controller.
The version of the controller is 5.1.1.0.598.

The customer asked if the SmartZone has the following this security vulnerabilities.

** Vulnerability: [CVE-2021-44228] Apache Log4j2 RCE

Thank you for your valuable answers to the above questions.

Vineet_nejwala · ‎12-17-2021

@JTakaMT Yes the patch that needs to be uploaded is only .ksp file. Thank you for sharing your inputs that would help others.

Best Regards

vineet

kristphr · ‎12-18-2021

@JTakaMT thank you for this!

grodog-prod · ‎12-18-2021

@JTakaMT: thank you, I should have mentioned that as well, since our TAC director runs on a Mac and did see that too.

@vineet_nejawala : can you or Sameer please update the KBA with the MAC-specific guidance re: the decompression process?

Allan.

Allan T. Grohe Jr.
==
Knowledge Management Program Director
for RUCKUS Customer Services & Support

Vineet_nejwala · ‎12-18-2021

@allan_grohe

This has been updated on article.

Best Regards

Vineet

ludia_it · ‎12-17-2021

Just finished patching. (vSZ 6)

I tried to restart the services after the patch as documented (service restart) on the first node but after 1 hour it was still waiting on the same services to get up.

I had to reboot the node (reload).

On the second one, I just used the (reload) command.