Lucene search

[email protected]CVE-2017-6223

HistoryOct 13, 2017 - 5:29 p.m.

CVE-2017-6223

2017-10-1317:29:01

CWE-78

[email protected]

web.nvd.nist.gov

ruckus

wireless

zone director

firmware

os command injection

vulnerability

cve-2017-6223

nvd

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

8.8 High

AI Score

Confidence

High

9.3 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.002 Low

EPSS

Percentile

54.3%

JSON

Ruckus Wireless Zone Director Controller firmware releases ZD9.9.x, ZD9.10.x, ZD9.13.0.x less than 9.13.0.0.232 contain OS Command Injection vulnerabilities in the ping functionality that could allow local authenticated users to execute arbitrary privileged commands on the underlying operating system.

Affected configurations

NVD

Node

ruckuszonedirector_firmwareMatchzd9.9.0.0.205

ruckuszonedirector_firmwareMatchzd9.9.0.0.212

ruckuszonedirector_firmwareMatchzd9.9.0.0.216

ruckuszonedirector_firmwareMatchzd9.10.0.0.218

ruckuszonedirector_firmwareMatchzd9.13.0.0.103

ruckuszonedirector_firmwareMatchzd9.13.0.0.209

AND

ruckuszonedirectorMatch-

CPENameOperatorVersion
ruckus:zonedirector_firmwareruckus zonedirector firmwareeqzd9.9.0.0.205
ruckus:zonedirector_firmwareruckus zonedirector firmwareeqzd9.9.0.0.212
ruckus:zonedirector_firmwareruckus zonedirector firmwareeqzd9.9.0.0.216
ruckus:zonedirector_firmwareruckus zonedirector firmwareeqzd9.10.0.0.218
ruckus:zonedirector_firmwareruckus zonedirector firmwareeqzd9.13.0.0.103
ruckus:zonedirector_firmwareruckus zonedirector firmwareeqzd9.13.0.0.209

CPE	Name	Operator	Version
ruckus:zonedirector_firmware	ruckus zonedirector firmware	eq	zd9.9.0.0.205
ruckus:zonedirector_firmware	ruckus zonedirector firmware	eq	zd9.9.0.0.212
ruckus:zonedirector_firmware	ruckus zonedirector firmware	eq	zd9.9.0.0.216
ruckus:zonedirector_firmware	ruckus zonedirector firmware	eq	zd9.10.0.0.218
ruckus:zonedirector_firmware	ruckus zonedirector firmware	eq	zd9.13.0.0.103
ruckus:zonedirector_firmware	ruckus zonedirector firmware	eq	zd9.13.0.0.209

CNA Affected

[
  {
    "product": "Zone Director Controller Firmware",
    "vendor": "Brocade Communications Systems, Inc.",
    "versions": [
      {
        "status": "affected",
        "version": "ZD9.9.x"
      },
      {
        "status": "affected",
        "version": "ZD9.10.x"
      },
      {
        "status": "affected",
        "version": "ZD9.13.0.x"
      }
    ]
  }
]

References

ruckus-www.s3.amazonaws.com/pdf/security/faq-security-advisory-id-092917.txt

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

8.8 High

AI Score

Confidence

High

9.3 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.002 Low

EPSS

Percentile

54.3%

JSON

Related for CVE-2017-6223

cvelist1 prion1 nvd1