CVE-2017-6224: OS Command Injection
First published: Wed Sep 27 2017(Updated: )
Ruckus Wireless Zone Director Controller firmware releases ZD9.x, ZD10.0.0.x, ZD10.0.1.x (less than 10.0.1.0.17 MR1 release) and Ruckus Wireless Unleashed AP Firmware releases 200.0.x, 200.1.x, 200.2.x, 200.3.x, 200.4.x. contain OS Command Injection vulnerabilities that could allow local authenticated users to execute arbitrary privileged commands on the underlying operating system by appending those commands in the Common Name field in the Certificate Generation Request.
Credit: sirt@brocade.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Ruckus Wireless ZoneDirector Firmware | =zd9.9.0.0.205 | |
| Ruckus Wireless ZoneDirector Firmware | =zd9.9.0.0.212 | |
| Ruckus Wireless ZoneDirector Firmware | =zd9.9.0.0.216 | |
| Ruckus Wireless ZoneDirector Firmware | =zd9.10.0.0.218 | |
| Ruckus Wireless ZoneDirector Firmware | =zd9.13.0.0.103 | |
| Ruckus Wireless ZoneDirector Firmware | =zd9.13.0.0.209 | |
| Ruckus Zonedirector | ||
| ruckuswireless Unleashed firmware | =200.1 | |
| ruckuswireless Unleashed firmware | =200.1.9.12.55 | |
| ruckuswireless Unleashed firmware | =200.3 | |
| ruckuswireless Unleashed firmware | =200.3.9.13.228 | |
| ruckuswireless Unleashed firmware | =200.4.9.13 | |
| ruckuswireless Unleashed firmware | =200.4.9.13.47 | |
| Ruckus Wireless Unleashed |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2017-6224?
CVE-2017-6224 has a high severity level due to its potential for OS command injection, allowing unauthorized remote access.
How do I fix CVE-2017-6224?
To resolve CVE-2017-6224, upgrade to the recommended firmware versions provided by Ruckus Wireless.
Which versions are affected by CVE-2017-6224?
CVE-2017-6224 affects Ruckus Wireless Zone Director Controller firmware versions ZD9.x, ZD10.0.0.x, ZD10.0.1.x below 10.0.1.0.17, and Unleashed AP Firmware versions 200.0.x to 200.4.x.
What are the risks of CVE-2017-6224?
Exploiting CVE-2017-6224 can allow attackers to execute arbitrary commands on the affected devices, compromising their integrity.
Is there a workaround for CVE-2017-6224?
There is no effective workaround for CVE-2017-6224, and upgrading the firmware is the recommended action.
- agent/weakness
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/last-modified-date
- agent/references
- agent/author
- agent/first-publish-date
- agent/description
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/ruckuswireless
- canonical/ruckus wireless zonedirector firmware
- version/ruckus wireless zonedirector firmware/zd9.9.0.0.205
- version/ruckus wireless zonedirector firmware/zd9.9.0.0.212
- version/ruckus wireless zonedirector firmware/zd9.9.0.0.216
- version/ruckus wireless zonedirector firmware/zd9.10.0.0.218
- version/ruckus wireless zonedirector firmware/zd9.13.0.0.103
- version/ruckus wireless zonedirector firmware/zd9.13.0.0.209
- canonical/ruckus zonedirector
- canonical/ruckuswireless unleashed firmware
- version/ruckuswireless unleashed firmware/200.1
- version/ruckuswireless unleashed firmware/200.1.9.12.55
- version/ruckuswireless unleashed firmware/200.3
- version/ruckuswireless unleashed firmware/200.3.9.13.228
- version/ruckuswireless unleashed firmware/200.4.9.13
- version/ruckuswireless unleashed firmware/200.4.9.13.47
- canonical/ruckus wireless unleashed