CVE-2017-6229

EPSS 5.29%
Veröffentlicht 14.02.2018 19:29:00
Zuletzt bearbeitet 21.11.2024 03:29:18
Quelle sirt@brocade.com
Teams Watchlist Login
Unerledigt Login

Ruckus Networks Unleashed AP firmware releases before 200.6.10.1.x and Ruckus Networks Zone Director firmware releases 10.1.0.0.x, 9.10.2.0.x, 9.12.3.0.x, 9.13.3.0.x, 10.0.1.0.x or before contain authenticated Root Command Injection in the CLI that could allow authenticated valid users to execute privileged commands on the respective systems.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Ruckuswireless ≫ R500 Firmware Version < 200.6.10.1.0

Ruckuswireless ≫ R500 Version-

Ruckuswireless ≫ R600 Firmware Version < 200.6.10.1.0

Ruckuswireless ≫ R600 Version-

Ruckuswireless ≫ R310 Firmware Version < 200.6.10.1.0

Ruckuswireless ≫ R310 Version-

Ruckuswireless ≫ H320 Firmware Version < 200.6.10.1.0

Ruckuswireless ≫ H320 Version-

Ruckuswireless ≫ H510 Firmware Version < 200.6.10.1.0

Ruckuswireless ≫ H510 Version-

Ruckuswireless ≫ R710 Firmware Version < 200.6.10.1.0

Ruckuswireless ≫ R710 Version-

Ruckuswireless ≫ R720 Firmware Version < 200.6.10.1.0

Ruckuswireless ≫ R720 Version-

Ruckuswireless ≫ T300 Firmware Version < 200.6.10.1.0

Ruckuswireless ≫ T300 Version-

Ruckuswireless ≫ T301 Firmware Version < 200.6.10.1.0

Ruckuswireless ≫ T301 Version-

Ruckuswireless ≫ T300e Firmware Version < 200.6.10.1.0

Ruckuswireless ≫ T300e Version-

Ruckuswireless ≫ T610 Firmware Version < 200.6.10.1.0

Ruckuswireless ≫ T610 Version-

Ruckuswireless ≫ T710 Firmware Version < 200.6.10.1.0

Ruckuswireless ≫ T710 Version-

Ruckuswireless ≫ R510 Firmware Version < 200.6.10.1.0

Ruckuswireless ≫ R510 Version-

Ruckuswireless ≫ Zonedirector 1200 Firmware Version >= 9.10.2.0.11 <= 9.10.2.0.53

Ruckuswireless ≫ Zonedirector 1200 Version-

Ruckuswireless ≫ Zonedirector 1200 Firmware Version >= 9.12.3.0.28 <= 9.12.3.0.83

Ruckuswireless ≫ Zonedirector 1200 Version-

Ruckuswireless ≫ Zonedirector 1200 Firmware Version >= 9.13.3.0.22 <= 9.13.3.0.145

Ruckuswireless ≫ Zonedirector 1200 Version-

Ruckuswireless ≫ Zonedirector 1200 Firmware Version >= 10.0.1.0.17 <= 10.0.1.0.44

Ruckuswireless ≫ Zonedirector 1200 Version-

Ruckuswireless ≫ Zonedirector 1200 Firmware Version10.1.0.0.1515

Ruckuswireless ≫ Zonedirector 1200 Version-

Ruckuswireless ≫ Zonedirector 3000 Firmware Version >= 9.10.2.0.11 <= 9.10.2.0.53

Ruckuswireless ≫ Zonedirector 3000 Version-

Ruckuswireless ≫ Zonedirector 3000 Firmware Version >= 9.12.3.0.28 <= 9.12.3.0.83

Ruckuswireless ≫ Zonedirector 3000 Version-

Ruckuswireless ≫ Zonedirector 3000 Firmware Version >= 9.13.3.0.22 <= 9.13.3.0.145

Ruckuswireless ≫ Zonedirector 3000 Version-

Ruckuswireless ≫ Zonedirector 3000 Firmware Version >= 10.0.1.0.17 <= 10.0.1.0.44

Ruckuswireless ≫ Zonedirector 3000 Version-

Ruckuswireless ≫ Zonedirector 3000 Firmware Version10.1.0.0.1515

Ruckuswireless ≫ Zonedirector 3000 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	5.29%	0.896

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	9	8	10	AV:N/AC:L/Au:S/C:C/I:C/A:C

CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

https://ruckus-www.s3.amazonaws.com/pdf/security/faq-security-advisory-id-20180202-v1.0.txt

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2017-6229

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2017-6229

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2017-6229

EUVD