Details of VAR-201304-0571

ID

VAR-201304-0571

TITLE

Ruckus ZoneFlex Access Point 53-Port SSH Tunnel Authentication Bypass Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2013-04052

DESCRIPTION

Ruckus ZoneFlex Access Point is a centralized 802.11g wireless AP. Ruckus ZoneFlex Access Point incorrectly filters port 53 and allows remote attackers to use the vulnerability to create SSH tunnels to bypass authentication and access the Internet without restrictions.

Trust: 0.6

sources: CNVD: CNVD-2013-04052

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2013-04052

AFFECTED PRODUCTS

vendor:

ruckus

model:

zoneflex access point

scope:

version:

Trust: 0.6

sources: CNVD: CNVD-2013-04052

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2013-04052
value:	MEDIUM
Trust: 0.6

CNVD:	CNVD-2013-04052
severity:	MEDIUM
baseScore:	5.4
vectorString:	AV:A/AC:M/AU:N/C:P/I:P/A:P
accessVector:	ADJACENT_NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	5.5
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

sources: CNVD: CNVD-2013-04052

EXTERNAL IDS

db:

CNVD

id:

CNVD-2013-04052

Trust: 0.6

sources: CNVD: CNVD-2013-04052

SOURCES

db:

CNVD

id:

CNVD-2013-04052

LAST UPDATE DATE

2022-05-04T09:52:10.723000+00:00

SOURCES UPDATE DATE

db:

CNVD

id:

CNVD-2013-04052

date:

2013-05-08T00:00:00

SOURCES RELEASE DATE

db:

CNVD

id:

CNVD-2013-04052

date:

2013-04-24T00:00:00