CVE-2017-6223

Ruckus Wireless Zone Director Controller firmware releases ZD9.9.x, ZD9.10.x, ZD9.13.0.x less than 9.13.0.0.232 contain OS Command Injection vulnerabilities in the ping functionality that could allow local authenticated users to execute arbitrary privileged commands on the underlying operating system.

Published: Oct 13, 2017
Updated: Apr 13, 2023
CVE: CVE-2017-6223
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 8.8
AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS v2:

Severity: High
Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C

CWEs:

CWE-78

OWASP TOP 10:

A1 - Injection

Affected Software
References

Software	From	Fixed in
ruckus / zonedirector_firmware	zd9.9.0.0.205	zd9.9.0.0.205.x
ruckus / zonedirector_firmware	zd9.9.0.0.212	zd9.9.0.0.212.x
ruckus / zonedirector_firmware	zd9.9.0.0.216	zd9.9.0.0.216.x
ruckus / zonedirector_firmware	zd9.10.0.0.218	zd9.10.0.0.218.x
ruckus / zonedirector_firmware	zd9.13.0.0.103	zd9.13.0.0.103.x
ruckus / zonedirector_firmware	zd9.13.0.0.209	zd9.13.0.0.209.x

https://ruckus-www.s3.amazonaws.com/pdf/security/faq-security-advisory-id-092917.txt

Vulnerability Database

290,206

CVE-2017-6223