CVE-2017-6224
Severity Score
8.8
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Ruckus Wireless Zone Director Controller firmware releases ZD9.x, ZD10.0.0.x, ZD10.0.1.x (less than 10.0.1.0.17 MR1 release) and Ruckus Wireless Unleashed AP Firmware releases 200.0.x, 200.1.x, 200.2.x, 200.3.x, 200.4.x. contain OS Command Injection vulnerabilities that could allow local authenticated users to execute arbitrary privileged commands on the underlying operating system by appending those commands in the Common Name field in the Certificate Generation Request.
Ruckus Wireless Zone Director Controller en distribuciones de firmware ZD10.0.0.x, ZD10.0.1.x (anteriores a la distribución 10.0.1.0.17 MR1) y Ruckus Wireless Unleashed AP Firmware, distribuciones 200.0.x, 200.1.x, 200.2.x, 200.3.x, 200.4.x., contienen vulnerabilidades de inyección de comandos del sistema operativo que podrían permitir que usuarios locales autenticados ejecuten comandos arbitrarios con privilegios en el sistema operativo subyacente anexando esos comandos en el campo Common Name en Certificate Generation Request.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2017-02-23 CVE Reserved
- 2017-10-13 CVE Published
- 2024-06-09 EPSS Updated
- 2024-09-16 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CAPEC
References (1)
| URL | Tag | Source |
|---|---|---|
| https://ruckus-www.s3.amazonaws.com/pdf/security/faq-security-advisory-id-092917.txt | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Ruckuswireless Search vendor "Ruckuswireless" | Zonedirector Firmware Search vendor "Ruckuswireless" for product "Zonedirector Firmware" | zd9.9.0.0.205 Search vendor "Ruckuswireless" for product "Zonedirector Firmware" and version "zd9.9.0.0.205" | - |
Affected
| in | Ruckuswireless Search vendor "Ruckuswireless" | Zonedirector Search vendor "Ruckuswireless" for product "Zonedirector" | - | - |
Safe
|
| Ruckuswireless Search vendor "Ruckuswireless" | Zonedirector Firmware Search vendor "Ruckuswireless" for product "Zonedirector Firmware" | zd9.9.0.0.212 Search vendor "Ruckuswireless" for product "Zonedirector Firmware" and version "zd9.9.0.0.212" | - |
Affected
| in | Ruckuswireless Search vendor "Ruckuswireless" | Zonedirector Search vendor "Ruckuswireless" for product "Zonedirector" | - | - |
Safe
|
| Ruckuswireless Search vendor "Ruckuswireless" | Zonedirector Firmware Search vendor "Ruckuswireless" for product "Zonedirector Firmware" | zd9.9.0.0.216 Search vendor "Ruckuswireless" for product "Zonedirector Firmware" and version "zd9.9.0.0.216" | - |
Affected
| in | Ruckuswireless Search vendor "Ruckuswireless" | Zonedirector Search vendor "Ruckuswireless" for product "Zonedirector" | - | - |
Safe
|
| Ruckuswireless Search vendor "Ruckuswireless" | Zonedirector Firmware Search vendor "Ruckuswireless" for product "Zonedirector Firmware" | zd9.10.0.0.218 Search vendor "Ruckuswireless" for product "Zonedirector Firmware" and version "zd9.10.0.0.218" | - |
Affected
| in | Ruckuswireless Search vendor "Ruckuswireless" | Zonedirector Search vendor "Ruckuswireless" for product "Zonedirector" | - | - |
Safe
|
| Ruckuswireless Search vendor "Ruckuswireless" | Zonedirector Firmware Search vendor "Ruckuswireless" for product "Zonedirector Firmware" | zd9.13.0.0.103 Search vendor "Ruckuswireless" for product "Zonedirector Firmware" and version "zd9.13.0.0.103" | - |
Affected
| in | Ruckuswireless Search vendor "Ruckuswireless" | Zonedirector Search vendor "Ruckuswireless" for product "Zonedirector" | - | - |
Safe
|
| Ruckuswireless Search vendor "Ruckuswireless" | Zonedirector Firmware Search vendor "Ruckuswireless" for product "Zonedirector Firmware" | zd9.13.0.0.209 Search vendor "Ruckuswireless" for product "Zonedirector Firmware" and version "zd9.13.0.0.209" | - |
Affected
| in | Ruckuswireless Search vendor "Ruckuswireless" | Zonedirector Search vendor "Ruckuswireless" for product "Zonedirector" | - | - |
Safe
|
| Ruckuswireless Search vendor "Ruckuswireless" | Unleashed Firmware Search vendor "Ruckuswireless" for product "Unleashed Firmware" | 200.1 Search vendor "Ruckuswireless" for product "Unleashed Firmware" and version "200.1" | - |
Affected
| in | Ruckuswireless Search vendor "Ruckuswireless" | Unleashed Search vendor "Ruckuswireless" for product "Unleashed" | - | - |
Safe
|
| Ruckuswireless Search vendor "Ruckuswireless" | Unleashed Firmware Search vendor "Ruckuswireless" for product "Unleashed Firmware" | 200.1.9.12.55 Search vendor "Ruckuswireless" for product "Unleashed Firmware" and version "200.1.9.12.55" | - |
Affected
| in | Ruckuswireless Search vendor "Ruckuswireless" | Unleashed Search vendor "Ruckuswireless" for product "Unleashed" | - | - |
Safe
|
| Ruckuswireless Search vendor "Ruckuswireless" | Unleashed Firmware Search vendor "Ruckuswireless" for product "Unleashed Firmware" | 200.3 Search vendor "Ruckuswireless" for product "Unleashed Firmware" and version "200.3" | - |
Affected
| in | Ruckuswireless Search vendor "Ruckuswireless" | Unleashed Search vendor "Ruckuswireless" for product "Unleashed" | - | - |
Safe
|
| Ruckuswireless Search vendor "Ruckuswireless" | Unleashed Firmware Search vendor "Ruckuswireless" for product "Unleashed Firmware" | 200.3.9.13.228 Search vendor "Ruckuswireless" for product "Unleashed Firmware" and version "200.3.9.13.228" | - |
Affected
| in | Ruckuswireless Search vendor "Ruckuswireless" | Unleashed Search vendor "Ruckuswireless" for product "Unleashed" | - | - |
Safe
|
| Ruckuswireless Search vendor "Ruckuswireless" | Unleashed Firmware Search vendor "Ruckuswireless" for product "Unleashed Firmware" | 200.4.9.13 Search vendor "Ruckuswireless" for product "Unleashed Firmware" and version "200.4.9.13" | - |
Affected
| in | Ruckuswireless Search vendor "Ruckuswireless" | Unleashed Search vendor "Ruckuswireless" for product "Unleashed" | - | - |
Safe
|
| Ruckuswireless Search vendor "Ruckuswireless" | Unleashed Firmware Search vendor "Ruckuswireless" for product "Unleashed Firmware" | 200.4.9.13.47 Search vendor "Ruckuswireless" for product "Unleashed Firmware" and version "200.4.9.13.47" | - |
Affected
| in | Ruckuswireless Search vendor "Ruckuswireless" | Unleashed Search vendor "Ruckuswireless" for product "Unleashed" | - | - |
Safe
|