Sign-up

ID

VAR-201710-1310


CVE

CVE-2017-6223


TITLE

Ruckus Wireless Zone Director In controller firmware OS Command injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2017-009206

DESCRIPTION

Ruckus Wireless Zone Director Controller firmware releases ZD9.9.x, ZD9.10.x, ZD9.13.0.x less than 9.13.0.0.232 contain OS Command Injection vulnerabilities in the ping functionality that could allow local authenticated users to execute arbitrary privileged commands on the underlying operating system. Ruckus Wireless Zone Director Controller is an enterprise-level intelligent wireless local area network (WLAN) controller from Ruckus Wireless. It can centrally manage all intelligent access points in the WLAN and provide hotspot identity authentication, Entry point detection and other functions. A local attacker could exploit this vulnerability to execute arbitrary commands on the underlying operating system

Trust: 1.71

sources: NVD: CVE-2017-6223 // JVNDB: JVNDB-2017-009206 // VULHUB: VHN-114426

AFFECTED PRODUCTS

vendor:ruckusmodel:zonedirectorscope:eqversion:zd9.10.0.0.218

Trust: 1.6

vendor:ruckusmodel:zonedirectorscope:eqversion:zd9.9.0.0.205

Trust: 1.6

vendor:ruckusmodel:zonedirectorscope:eqversion:zd9.9.0.0.216

Trust: 1.6

vendor:ruckusmodel:zonedirectorscope:eqversion:zd9.13.0.0.209

Trust: 1.6

vendor:ruckusmodel:zonedirectorscope:eqversion:zd9.13.0.0.103

Trust: 1.6

vendor:ruckusmodel:zonedirectorscope:eqversion:zd9.9.0.0.212

Trust: 1.6

vendor:ruckusmodel:zonedirectorscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2017-009206 // CNNVD: CNNVD-201702-813 // NVD: CVE-2017-6223

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-6223
value: HIGH

Trust: 1.0

NVD: CVE-2017-6223
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201702-813
value: CRITICAL

Trust: 0.6

VULHUB: VHN-114426
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2017-6223
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-114426
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-6223
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-114426 // JVNDB: JVNDB-2017-009206 // CNNVD: CNNVD-201702-813 // NVD: CVE-2017-6223

PROBLEMTYPE DATA

problemtype:CWE-78

Trust: 1.9

sources: VULHUB: VHN-114426 // JVNDB: JVNDB-2017-009206 // NVD: CVE-2017-6223

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201702-813

TYPE

operating system commend injection

Trust: 0.6

sources: CNNVD: CNNVD-201702-813

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-009206

PATCH
title:ZoneDirectorurl:https://www.ruckuswireless.com/ja/products/system-management-control/zonedirector-controllers
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2017-009206

EXTERNAL IDS
db:NVDid:CVE-2017-6223
Trust: 2.5
db:JVNDBid:JVNDB-2017-009206
Trust: 0.8
db:CNNVDid:CNNVD-201702-813
Trust: 0.7
db:VULHUBid:VHN-114426
Trust: 0.1
sources:
            
            
            VULHUB: VHN-114426 // 
            
            
            
            JVNDB: JVNDB-2017-009206 // 
            
            
            
            CNNVD: CNNVD-201702-813 // 
            
            
            
            NVD: CVE-2017-6223

REFERENCES
url:https://ruckus-www.s3.amazonaws.com/pdf/security/faq-security-advisory-id-092917.txt
Trust: 2.5
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6223
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-6223
Trust: 0.8
sources:
            
            
            VULHUB: VHN-114426 // 
            
            
            
            JVNDB: JVNDB-2017-009206 // 
            
            
            
            CNNVD: CNNVD-201702-813 // 
            
            
            
            NVD: CVE-2017-6223

SOURCES
db:VULHUBid:VHN-114426
db:JVNDBid:JVNDB-2017-009206
db:CNNVDid:CNNVD-201702-813
db:NVDid:CVE-2017-6223

LAST UPDATE DATE
2025-04-20T23:32:03.131000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-114426date:2017-10-27T00:00:00
db:JVNDBid:JVNDB-2017-009206date:2017-11-06T00:00:00
db:CNNVDid:CNNVD-201702-813date:2017-10-18T00:00:00
db:NVDid:CVE-2017-6223date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:VULHUBid:VHN-114426date:2017-10-13T00:00:00
db:JVNDBid:JVNDB-2017-009206date:2017-11-06T00:00:00
db:CNNVDid:CNNVD-201702-813date:2017-02-24T00:00:00
db:NVDid:CVE-2017-6223date:2017-10-13T17:29:01.113