OS Command Injection Vulnerability in Ruckus Wireless Zone Director and Unleashed Products
CVE-2017-6224

8.8HIGH

Key Information:

Vendor: Brocade Communications Systems, Inc.
Status: Zone Director Controller And Unleashed Ap Firmware
Vendor: CVE Published:; 13 October 2017

🔔 Create Brocade Communications Systems, Inc. Vulnerability Alert

What is CVE-2017-6224?

Ruckus Wireless Zone Director and Unleashed products contain vulnerabilities that enable local authenticated users to execute arbitrary commands on the operating system. This occurs through improper handling of the Common Name field in the Certificate Generation Request. By appending malicious commands, attackers can gain elevated privileges, leading to potential exploitation of the affected systems. It is crucial for administrators to update their devices to mitigate this risk.

Affected Version(s)

Zone Director Controller and Unleashed AP Firmware ZD9.x

Zone Director Controller and Unleashed AP Firmware ZD10.0.0.x

Zone Director Controller and Unleashed AP Firmware ZD10.0.1.x

References

https://ruckus-www.s3.amazonaws.com/pdf/security/faq-secu...

x_refsource_CONFIRM

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 13, 2017
Vulnerability Reserved
Feb 23, 2017