Directory Traversal Vulnerability in Ruckus Wireless Unleashed by Ruckus Wireless
CVE-2019-19834

7.2HIGH

Key Information:

Vendor

Ruckuswireless

Status
Unleashed
Vendor
CVE Published:
22 January 2020

What is CVE-2019-19834?

A directory traversal vulnerability exists in Ruckus Wireless Unleashed, allowing a remote attacker to gain elevated access to the command line interface (CLI). By leveraging the 'enable->debug->script->exec' commands and using '../../../bin/sh' as a parameter, an attacker can bypass security restrictions, potentially leading to unauthorized access and manipulation of the system. This vulnerability emphasizes the need for strict input validation and robust access controls in network applications.

References

https://fahrplan.events.ccc.de/congress/2019/Fahrplan/eve...
x_refsource_MISC
https://www.ruckuswireless.com/security/299/view/txt
x_refsource_MISC
https://alephsecurity.com/2020/01/14/ruckus-wireless
x_refsource_MISC

CVSS V3.1

Score:
7.2
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.