CVE-2017-6224

Ruckus Wireless Zone Director Controller firmware releases ZD9.x, ZD10.0.0.x, ZD10.0.1.x (less than 10.0.1.0.17 MR1 release) and Ruckus Wireless Unleashed AP Firmware releases 200.0.x, 200.1.x, 200.2.x, 200.3.x, 200.4.x. contain OS Command Injection vulnerabilities that could allow local authenticated users to execute arbitrary privileged commands on the underlying operating system by appending those commands in the Common Name field in the Certificate Generation Request.

Published: Oct 13, 2017
Updated: Apr 13, 2023
CVE: CVE-2017-6224
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 8.8
AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS v2:

Severity: High
Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C

CWEs:

CWE-78

OWASP TOP 10:

A1 - Injection

Affected Software
References

Software	From	Fixed in
ruckuswireless / zonedirector_firmware	zd9.9.0.0.205	zd9.9.0.0.205.x
ruckuswireless / zonedirector_firmware	zd9.9.0.0.212	zd9.9.0.0.212.x
ruckuswireless / zonedirector_firmware	zd9.9.0.0.216	zd9.9.0.0.216.x
ruckuswireless / zonedirector_firmware	zd9.10.0.0.218	zd9.10.0.0.218.x
ruckuswireless / zonedirector_firmware	zd9.13.0.0.103	zd9.13.0.0.103.x
ruckuswireless / zonedirector_firmware	zd9.13.0.0.209	zd9.13.0.0.209.x
ruckuswireless / unleashed_firmware	200.1	200.1.x
ruckuswireless / unleashed_firmware	200.1.9.12.55	200.1.9.12.55.x
ruckuswireless / unleashed_firmware	200.3	200.3.x
ruckuswireless / unleashed_firmware	200.3.9.13.228	200.3.9.13.228.x
ruckuswireless / unleashed_firmware	200.4.9.13	200.4.9.13.x
ruckuswireless / unleashed_firmware	200.4.9.13.47	200.4.9.13.47.x

https://ruckus-www.s3.amazonaws.com/pdf/security/faq-security-advisory-id-092917.txt

Vulnerability Database

CVE-2017-6224