cancel
Showing results for 
Search instead for 
Did you mean: 

Security Notice 20191224 ZoneDirector and Unleashed Unauthenticated Remote Code Execution and Other Vulnerabilities

grodog-prod
Contributor II
The RuckusNetworks Support Portal Security page has been updated with Security Notice 20191224 ZoneDirector and Unleashed Unauthenticated Remote Code Execution and Other Vulnerabilities. Security Notice 20191224 is located at https://support.ruckuswireless.com/security_bulletins/299 and can be downloaded in PDF and TXT formats.  


What is the issue?

A number of security vulnerabilities are found on the ZoneDirector and Unleashed product lines. Collectively, these vulnerabilities allow an attacker to perform the following actions:
  • Unauthenticated, remote code executions and unauthorized command line interface (CLI) and shell access
  • Command injections
  • Unauthenticated stack overflow
  • Unauthenticated arbitrary file writing
  • Server-Side Request Forgery (SSRF)
What action should I take?

Ruckus Networks is releasing the fix for these vulnerabilities through a software update. Because these are CRITICAL issues, all customers are strongly encouraged to apply the fix once available.

Further details including are available in the full text of Security Notice 20191224 at https://support.ruckuswireless.com/security_bulletins/299.  
Allan T. Grohe Jr.
==
Knowledge Management Program Director
for RUCKUS Customer Services & Support
8 REPLIES 8

david_black_594
Contributor III
Can the updated version be installed if the end user has controllers with expired support?

Which versions of ZD code will be patched?

john_d
Valued Contributor II
I second this request -- this seems arguably more severe than KRACK and we got temporary entitlements to patch KRACK back then.

Hi David & John,
Yes, Ruckus will provide temporary entitlement to allow you to upgrade ZD. Below are the versions has the fix 

ZD Code base
9.10.2.0.84
9.12.3.0.136  
10.0.1.0.90
10.1.2.0.275
10.2.1.0.147
10.3.1.0.21

Unleashed 
200.7.10.202.94

Regards,
Pradeep

No patch for 9.13?