Sign-up

ID

VAR-201802-0642


CVE

CVE-2017-6229


TITLE

Ruckus Networks Unleashed AP and Zone Director In firmware OS Command injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2017-012629

DESCRIPTION

Ruckus Networks Unleashed AP firmware releases before 200.6.10.1.x and Ruckus Networks Zone Director firmware releases 10.1.0.0.x, 9.10.2.0.x, 9.12.3.0.x, 9.13.3.0.x, 10.0.1.0.x or before contain authenticated Root Command Injection in the CLI that could allow authenticated valid users to execute privileged commands on the respective systems. Both Ruckus Networks Unleashed AP and Ruckus Networks Zone Director are wireless access points from Ruckus Wireless. A remote attacker could exploit this vulnerability to execute privileged commands

Trust: 1.71

sources: NVD: CVE-2017-6229 // JVNDB: JVNDB-2017-012629 // VULHUB: VHN-114432

AFFECTED PRODUCTS

vendor:ruckuswirelessmodel:zonedirector 1200scope:eqversion:10.1.0.0.1515

Trust: 1.6

vendor:ruckuswirelessmodel:zonedirector 3000scope:eqversion:10.1.0.0.1515

Trust: 1.6

vendor:ruckuswirelessmodel:zonedirector 3000scope:gteversion:9.12.3.0.28

Trust: 1.0

vendor:ruckuswirelessmodel:t300escope:ltversion:200.6.10.1.0

Trust: 1.0

vendor:ruckuswirelessmodel:zonedirector 1200scope:gteversion:9.13.3.0.22

Trust: 1.0

vendor:ruckuswirelessmodel:t301scope:ltversion:200.6.10.1.0

Trust: 1.0

vendor:ruckuswirelessmodel:r710scope:ltversion:200.6.10.1.0

Trust: 1.0

vendor:ruckuswirelessmodel:r500scope:ltversion:200.6.10.1.0

Trust: 1.0

vendor:ruckuswirelessmodel:t710scope:ltversion:200.6.10.1.0

Trust: 1.0

vendor:ruckuswirelessmodel:r310scope:ltversion:200.6.10.1.0

Trust: 1.0

vendor:ruckuswirelessmodel:h510scope:ltversion:200.6.10.1.0

Trust: 1.0

vendor:ruckuswirelessmodel:r600scope:ltversion:200.6.10.1.0

Trust: 1.0

vendor:ruckuswirelessmodel:zonedirector 1200scope:lteversion:9.13.3.0.145

Trust: 1.0

vendor:ruckuswirelessmodel:zonedirector 3000scope:lteversion:9.10.2.0.53

Trust: 1.0

vendor:ruckuswirelessmodel:zonedirector 1200scope:lteversion:9.12.3.0.83

Trust: 1.0

vendor:ruckuswirelessmodel:zonedirector 3000scope:lteversion:10.0.1.0.44

Trust: 1.0

vendor:ruckuswirelessmodel:t300scope:ltversion:200.6.10.1.0

Trust: 1.0

vendor:ruckuswirelessmodel:zonedirector 1200scope:gteversion:10.0.1.0.17

Trust: 1.0

vendor:ruckuswirelessmodel:zonedirector 1200scope:gteversion:9.10.2.0.11

Trust: 1.0

vendor:ruckuswirelessmodel:t610scope:ltversion:200.6.10.1.0

Trust: 1.0

vendor:ruckuswirelessmodel:zonedirector 3000scope:gteversion:9.13.3.0.22

Trust: 1.0

vendor:ruckuswirelessmodel:r720scope:ltversion:200.6.10.1.0

Trust: 1.0

vendor:ruckuswirelessmodel:r510scope:ltversion:200.6.10.1.0

Trust: 1.0

vendor:ruckuswirelessmodel:zonedirector 3000scope:gteversion:10.0.1.0.17

Trust: 1.0

vendor:ruckuswirelessmodel:zonedirector 3000scope:gteversion:9.10.2.0.11

Trust: 1.0

vendor:ruckuswirelessmodel:zonedirector 1200scope:gteversion:9.12.3.0.28

Trust: 1.0

vendor:ruckuswirelessmodel:h320scope:ltversion:200.6.10.1.0

Trust: 1.0

vendor:ruckuswirelessmodel:zonedirector 1200scope:lteversion:10.0.1.0.44

Trust: 1.0

vendor:ruckuswirelessmodel:zonedirector 1200scope:lteversion:9.10.2.0.53

Trust: 1.0

vendor:ruckuswirelessmodel:zonedirector 3000scope:lteversion:9.13.3.0.145

Trust: 1.0

vendor:ruckuswirelessmodel:zonedirector 3000scope:lteversion:9.12.3.0.83

Trust: 1.0

vendor:ruckusmodel:h320scope: - version: -

Trust: 0.8

vendor:ruckusmodel:h510scope: - version: -

Trust: 0.8

vendor:ruckusmodel:r310scope: - version: -

Trust: 0.8

vendor:ruckusmodel:r500scope: - version: -

Trust: 0.8

vendor:ruckusmodel:r510scope: - version: -

Trust: 0.8

vendor:ruckusmodel:r600scope: - version: -

Trust: 0.8

vendor:ruckusmodel:r710scope: - version: -

Trust: 0.8

vendor:ruckusmodel:r720scope: - version: -

Trust: 0.8

vendor:ruckusmodel:t300scope: - version: -

Trust: 0.8

vendor:ruckusmodel:t300escope: - version: -

Trust: 0.8

vendor:ruckusmodel:t301scope: - version: -

Trust: 0.8

vendor:ruckusmodel:t610scope: - version: -

Trust: 0.8

vendor:ruckusmodel:t710scope: - version: -

Trust: 0.8

vendor:ruckusmodel:zonedirector 1200scope: - version: -

Trust: 0.8

vendor:ruckusmodel:zonedirector 3000scope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2017-012629 // CNNVD: CNNVD-201802-916 // NVD: CVE-2017-6229

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-6229
value: HIGH

Trust: 1.0

NVD: CVE-2017-6229
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201802-916
value: CRITICAL

Trust: 0.6

VULHUB: VHN-114432
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2017-6229
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-114432
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-6229
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-114432 // JVNDB: JVNDB-2017-012629 // CNNVD: CNNVD-201802-916 // NVD: CVE-2017-6229

PROBLEMTYPE DATA

problemtype:CWE-78

Trust: 1.9

sources: VULHUB: VHN-114432 // JVNDB: JVNDB-2017-012629 // NVD: CVE-2017-6229

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201802-916

TYPE

operating system commend injection

Trust: 0.6

sources: CNNVD: CNNVD-201802-916

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-012629

PATCH
title:Authenticated Root Command Injection Vulnerabilities in CLI of ZD/Unleashed APs and Web-GUI of Solo/SZ Managed APs (CVE-2017-6229, CVE2017-6230)url:https://ruckus-www.s3.amazonaws.com/pdf/security/faq-security-advisory-id-20180202-v1.0.txt
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2017-012629

EXTERNAL IDS
db:NVDid:CVE-2017-6229
Trust: 2.5
db:JVNDBid:JVNDB-2017-012629
Trust: 0.8
db:CNNVDid:CNNVD-201802-916
Trust: 0.7
db:VULHUBid:VHN-114432
Trust: 0.1
sources:
            
            
            VULHUB: VHN-114432 // 
            
            
            
            JVNDB: JVNDB-2017-012629 // 
            
            
            
            CNNVD: CNNVD-201802-916 // 
            
            
            
            NVD: CVE-2017-6229

REFERENCES
url:https://ruckus-www.s3.amazonaws.com/pdf/security/faq-security-advisory-id-20180202-v1.0.txt
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6229
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-6229
Trust: 0.8
sources:
            
            
            VULHUB: VHN-114432 // 
            
            
            
            JVNDB: JVNDB-2017-012629 // 
            
            
            
            CNNVD: CNNVD-201802-916 // 
            
            
            
            NVD: CVE-2017-6229

SOURCES
db:VULHUBid:VHN-114432
db:JVNDBid:JVNDB-2017-012629
db:CNNVDid:CNNVD-201802-916
db:NVDid:CVE-2017-6229

LAST UPDATE DATE
2024-11-23T23:08:46.893000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-114432date:2018-03-12T00:00:00
db:JVNDBid:JVNDB-2017-012629date:2018-03-28T00:00:00
db:CNNVDid:CNNVD-201802-916date:2018-08-21T00:00:00
db:NVDid:CVE-2017-6229date:2024-11-21T03:29:18.477

SOURCES RELEASE DATE
db:VULHUBid:VHN-114432date:2018-02-14T00:00:00
db:JVNDBid:JVNDB-2017-012629date:2018-03-28T00:00:00
db:CNNVDid:CNNVD-201802-916date:2018-02-14T00:00:00
db:NVDid:CVE-2017-6229date:2018-02-14T19:29:00.213