cancel
Showing results for 
Search instead for 
Did you mean: 

[CVE-2021-44228] Apache Log4j2 RCE

dawoon_lee
New Contributor II

Hello.

Our customer is running a Ruckus SmartZone (sz-100) controller.
The version of the controller is 5.1.1.0.598.


The customer asked if the SmartZone has the following this security vulnerabilities.

** Vulnerability: [CVE-2021-44228] Apache Log4j2 RCE

Thank you for your valuable answers to the above questions.

91 REPLIES 91

A node (6.0.0.0.1331) that I have patched yesterday and for which I had to do a reload is starting to have problems. SNMP stopped responding and the webgui comes up but doesn't show the username/password input boxes. Wifi still seems to be working. Anybody else seeing this behavior? 

Quite possible @ludia_it 

The SZ-124s I'm running are v5.2.2

pmonardo
New Contributor III

After applying the patch, how do we know it has been successfully applied? Are there any validation steps we can take? 

@Papa_WiFI

You would need to open a ruckus case for this as this could be validated only from vSZ shell mode.

Best Regards

Vineet 

Vineet_nejwala
Moderator
Moderator

@ludia_it @nick_nordberg @michiel_timmers @mark_pledl 
We have updated out KBA and for 6.0 users, we recommended customer to "reload" vSZ instead of "service restart" after KSP is applied which would work correctly. 

Best Regards

vineet