Sign-up

ID

VAR-201710-1311


CVE

CVE-2017-6224


TITLE

Ruckus Wireless Zone Director Controller and Unleashed AP Command injection vulnerability in some firmware

Trust: 0.8

sources: JVNDB: JVNDB-2017-009284

DESCRIPTION

Ruckus Wireless Zone Director Controller firmware releases ZD9.x, ZD10.0.0.x, ZD10.0.1.x (less than 10.0.1.0.17 MR1 release) and Ruckus Wireless Unleashed AP Firmware releases 200.0.x, 200.1.x, 200.2.x, 200.3.x, 200.4.x. contain OS Command Injection vulnerabilities that could allow local authenticated users to execute arbitrary privileged commands on the underlying operating system by appending those commands in the Common Name field in the Certificate Generation Request. A local attacker could exploit this vulnerability to execute arbitrary commands

Trust: 1.71

sources: NVD: CVE-2017-6224 // JVNDB: JVNDB-2017-009284 // VULHUB: VHN-114427

AFFECTED PRODUCTS

vendor:ruckuswirelessmodel:unleashedscope:eqversion:200.1

Trust: 1.6

vendor:ruckuswirelessmodel:zonedirectorscope:eqversion:zd9.9.0.0.212

Trust: 1.6

vendor:ruckuswirelessmodel:unleashedscope:eqversion:200.1.9.12.55

Trust: 1.6

vendor:ruckuswirelessmodel:unleashedscope:eqversion:200.3

Trust: 1.6

vendor:ruckuswirelessmodel:zonedirectorscope:eqversion:zd9.10.0.0.218

Trust: 1.6

vendor:ruckuswirelessmodel:zonedirectorscope:eqversion:zd9.9.0.0.216

Trust: 1.6

vendor:ruckuswirelessmodel:unleashedscope:eqversion:200.3.9.13.228

Trust: 1.6

vendor:ruckuswirelessmodel:zonedirectorscope:eqversion:zd9.9.0.0.205

Trust: 1.6

vendor:ruckuswirelessmodel:zonedirectorscope:eqversion:zd9.13.0.0.103

Trust: 1.6

vendor:ruckuswirelessmodel:zonedirectorscope:eqversion:zd9.13.0.0.209

Trust: 1.6

vendor:ruckuswirelessmodel:unleashedscope:eqversion:200.4.9.13

Trust: 1.0

vendor:ruckuswirelessmodel:unleashedscope:eqversion:200.4.9.13.47

Trust: 1.0

vendor:ruckusmodel:unleashedscope: - version: -

Trust: 0.8

vendor:ruckusmodel:zonedirectorscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2017-009284 // CNNVD: CNNVD-201702-812 // NVD: CVE-2017-6224

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-6224
value: HIGH

Trust: 1.0

NVD: CVE-2017-6224
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201702-812
value: HIGH

Trust: 0.6

VULHUB: VHN-114427
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2017-6224
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-114427
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-6224
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-114427 // JVNDB: JVNDB-2017-009284 // CNNVD: CNNVD-201702-812 // NVD: CVE-2017-6224

PROBLEMTYPE DATA

problemtype:CWE-78

Trust: 1.1

problemtype:CWE-77

Trust: 0.9

sources: VULHUB: VHN-114427 // JVNDB: JVNDB-2017-009284 // NVD: CVE-2017-6224

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201702-812

TYPE

operating system commend injection

Trust: 0.6

sources: CNNVD: CNNVD-201702-812

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-009284

PATCH
title:Ruckus Unleashedurl:https://www.ruckuswireless.com/ja/products/system-management-control/unleashed
Trust: 0.8
title:ZoneDirectorurl:https://www.ruckuswireless.com/ja/products/system-management-control/zonedirector-controllers
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2017-009284

EXTERNAL IDS
db:NVDid:CVE-2017-6224
Trust: 2.5
db:JVNDBid:JVNDB-2017-009284
Trust: 0.8
db:CNNVDid:CNNVD-201702-812
Trust: 0.7
db:VULHUBid:VHN-114427
Trust: 0.1
sources:
            
            
            VULHUB: VHN-114427 // 
            
            
            
            JVNDB: JVNDB-2017-009284 // 
            
            
            
            CNNVD: CNNVD-201702-812 // 
            
            
            
            NVD: CVE-2017-6224

REFERENCES
url:https://ruckus-www.s3.amazonaws.com/pdf/security/faq-security-advisory-id-092917.txt
Trust: 2.5
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6224
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-6224
Trust: 0.8
sources:
            
            
            VULHUB: VHN-114427 // 
            
            
            
            JVNDB: JVNDB-2017-009284 // 
            
            
            
            CNNVD: CNNVD-201702-812 // 
            
            
            
            NVD: CVE-2017-6224

SOURCES
db:VULHUBid:VHN-114427
db:JVNDBid:JVNDB-2017-009284
db:CNNVDid:CNNVD-201702-812
db:NVDid:CVE-2017-6224

LAST UPDATE DATE
2025-04-20T23:23:34.256000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-114427date:2019-10-03T00:00:00
db:JVNDBid:JVNDB-2017-009284date:2017-11-08T00:00:00
db:CNNVDid:CNNVD-201702-812date:2019-10-23T00:00:00
db:NVDid:CVE-2017-6224date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:VULHUBid:VHN-114427date:2017-10-13T00:00:00
db:JVNDBid:JVNDB-2017-009284date:2017-11-08T00:00:00
db:CNNVDid:CNNVD-201702-812date:2017-02-24T00:00:00
db:NVDid:CVE-2017-6224date:2017-10-13T17:29:01.160