CVE-2020-22660

EPSS 0.08%
Published 20.01.2023 19:15:12
Last modified 03.04.2025 18:15:40
Source cve@mitre.org
Teams watchlist Login
Open Login

In Ruckus R310 10.5.1.0.199, Ruckus R500 10.5.1.0.199, Ruckus R600 10.5.1.0.199, Ruckus T300 10.5.1.0.199, Ruckus T301n 10.5.1.0.199, Ruckus T301s 10.5.1.0.199, SmartCell Gateway 200 (SCG200) before 3.6.2.0.795, SmartZone 100 (SZ-100) before 3.6.2.0.795, SmartZone 300 (SZ300) before 3.6.2.0.795, Virtual SmartZone (vSZ) before 3.6.2.0.795, ZoneDirector 1100 9.10.2.0.130, ZoneDirector 1200 10.2.1.0.218, ZoneDirector 3000 10.2.1.0.218, ZoneDirector 5000 10.0.1.0.151, a vulnerability allows attackers to force bypass Secure Boot failed attempts and run temporarily the previous Backup image.

Affected products Warnungen 0 Metrics 3 CWE 1 References 5

Data is provided by the National Vulnerability Database (NVD)

Ruckuswireless ≫ R310 Firmware Version10.5.1.0.199

Ruckuswireless ≫ R310 Version-

Ruckuswireless ≫ R500 Firmware Version10.5.1.0.199

Ruckuswireless ≫ R500 Version-

Ruckuswireless ≫ R600 Firmware Version10.5.1.0.199

Ruckuswireless ≫ R600 Version-

Ruckuswireless ≫ T300 Firmware Version10.5.1.0.199

Ruckuswireless ≫ T300 Version-

Ruckuswireless ≫ T301n Firmware Version10.5.1.0.199

Ruckuswireless ≫ T301n Version-

Ruckuswireless ≫ T301s Firmware Version10.5.1.0.199

Ruckuswireless ≫ T301s Version-

Ruckuswireless ≫ Scg200 Firmware Version < 3.6.2.0.795

Ruckuswireless ≫ Scg200 Version-

Ruckuswireless ≫ Sz-100 Firmware Version < 3.6.2.0.795

Ruckuswireless ≫ Sz-100 Version-

Ruckuswireless ≫ Sz-300 Firmware Version < 3.6.2.0.795

Ruckuswireless ≫ Sz-300 Version-

Ruckuswireless ≫ Vsz Firmware Version < 3.6.2.0.795

Ruckuswireless ≫ Vsz Version-

Ruckuswireless ≫ Zonedirector 1100 Firmware Version9.10.2.0.130

Ruckuswireless ≫ Zonedirector 1100 Version-

Ruckuswireless ≫ Zonedirector 1200 Firmware Version10.2.1.0.218

Ruckuswireless ≫ Zonedirector 1200 Version-

Ruckuswireless ≫ Zonedirector 3000 Firmware Version10.2.1.0.218

Ruckuswireless ≫ Zonedirector 3000 Version-

Ruckuswireless ≫ Zonedirector 5000 Firmware Version10.0.1.0.151

Ruckuswireless ≫ Zonedirector 5000 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.08%	0.248

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
134c704f-9b21-4f2e-91b3-4a467353bcc0	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CWE-290 Authentication Bypass by Spoofing

This attack-focused weakness is caused by incorrectly implemented authentication schemes that are subject to spoofing attacks.

https://hdhrmi.blogspot.com/2020/03/multiple-vulnerabilities-in-ruckus.html?m=1

https://support.ruckuswireless.com/security_bulletins/302

Patch

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2020-22660

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-22660

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-22660

EUVD