CommScope RUCKUS Community Forums

dawoon_lee · ‎12-12-2021

Hello.

Our customer is running a Ruckus SmartZone (sz-100) controller.
The version of the controller is 5.1.1.0.598.

The customer asked if the SmartZone has the following this security vulnerabilities.

** Vulnerability: [CVE-2021-44228] Apache Log4j2 RCE

Thank you for your valuable answers to the above questions.

sven_siersdorfe · ‎12-20-2021

@vineet_nejawala

with a reload it works fine on 6.0

thank you.

peter_brischett · ‎12-20-2021

Trying the patch on one of the vSZ clusters I manage and it's returning the following error when trying to upload the patch.

Unable to upload the diagnostic/patch script file to the controller. Reason: Unable to process upload, reason : Install script ER10935_fix_log4j_856364.ksp to server failed:failed to decompress the script pack:#[TLV] Decode tlv data
Traceback (most recent call last):
File "/usr/bin/rks-encrypt", line 630, in <module>
main()
File "/usr/bin/rks-encrypt", line 613, in main
opt_decrypt_img(options, headers, env)
File "/usr/bin/rks-encrypt", line 555, in opt_decrypt_img
stdin=_stdin_flag)
File "/usr/bin/rks-encrypt", line 184, in decrypt_image
write_chunk_file(tlv_data, env["rpki_sig"][hash_alg], length_2)
KeyError: 'rpki_sig'

gzip: stdin: unexpected end of file
tar: Child returned status 1
tar: Error is not recoverable: exiting now

Controller Version: 5.2.2.0.1161

The other 20+ clusters I manage have all applied the patch successfully without issue.

Anyone else experienced this issue?

Vineet_nejwala · ‎12-20-2021

@peter_brischetto

Are you still having this issue. Can you please open a Ruckus ticket to isolate and diagnose this issue.

Best Regards

Vineet

Bpeyton · ‎05-27-2022

Hi Peter were you able to find a solution?

Vineet_nejwala · ‎12-20-2021

Hi All,

If the patch has been applied for CVE-2021-44228 then we should not be concerned of CVE-2021-45105, CVE-2021-45046 as we are not impacted.

Best Regards

Vineet