Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:30045
HistoryDec 01, 2013 - 12:00 a.m.

RUCKUS ADVISORY ID 111113-1: Authenticated code injection vulnerability in ZoneDirector administrative web interface

2013-12-0100:00:00
vulners.com
16
JSON

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

RUCKUS ADVISORY ID 111113-1

Customer release date: Sep 9, 2013
Public release date: Nov 11, 2013

TITLE

Authenticated code injection vulnerability in ZoneDirector
administrative web interface

SUMMARY

A vulnerability has been discovered in ZoneDirector controllers (ZD)
which may allow an attacker to inject malicious code via controller's
admin web interface. The attacker needs access to an authenticated
admin session with ZD's web interface for carrying out this attack.

AFFECTED SOFTWARE VERSIONS AND DEVICES

Device                        Affected software

ZoneDirector Controllers 9.3.x, 9.4.x, 9.5.x, 9.6.x

Any products not mentioned in the table above are not affected

DETAILS

A weakness has been discovered in the administrative web interface of
the ZoneDirector controller devices. An attacker may abuse an
authenticated admin session with ZD's web interface for injecting
malicious code via controller's admin web interface. The pre-requisite
of this attack is that attacker has access to an authenticated admin
session with ZD's web interface. This issue does not affect any other
Ruckus devices besides ZoneDirector controllers.

IMPACT

An attacker may inject authenticated malicious code via the
administrative web interface of the ZoneDirector controller device.

CVSS v2 BASE METRIC SCORE: 7.9 (AV:N/AC:M/Au:S/C:C/I:C/A:N)

WORKAROUNDS

Ruckus recommends that all customers apply the appropriate patch(es)
as soon as practical for mitigating this attack. However, in the
event that a patch cannot immediately be applied, the following
suggestions might help reduce the risk:

      • Only launch admin web sessions from trusted hosts with no
        connectivity to untrusted networks such as the Internet while the
        session is active.

  • Do not expose management interfaces of Ruckus devices (including
    administrative web interface) to untrusted networks such as the Internet.

  • Use a firewall to limit traffic to/from ZoneDirector's
    administrative web interface to trusted hosts.

SOLUTION

Ruckus recommends that all customers apply the appropriate patch(es)
as soon as practical.

The following patches have the fix (any later patches will also have
the fix):

Branch Software Patch

9.3.x 9.3.4.0.21
9.4.x 9.4.3.0.22
9.5.x 9.5.2.0.15
9.6.x 9.6.1.0.15

CREDITS

This vulnerability was reported by Erik van Eijk of Dutch Forensic
Institute, Netherlands.

OBTAINING FIXED FIRMWARE

Ruckus customers can obtain the fixed firmware from the support website at
https://support.ruckuswireless.com/

Ruckus Support can be contacted as follows:

1-855-RUCKUS1 (1-855-782-5871) (United States)

The full contact list is at:
https://support.ruckuswireless.com/contact-us

PUBLIC ANNOUNCEMENTS

This security advisory is strictly confidential and will be made
available for public consumption in approximately 60 days on Nov 11,
2013 at the following source

Ruckus Website
http://www.ruckuswireless.com/security

SecurityFocus Bugtraq
http://www.securityfocus.com/archive/1

Future updates of this advisory, if any, will be placed on Ruckus's
website, but may or may not be actively announced on mailing lists.

REVISION HISTORY

  Revision 1.0 / 9th Sep 2013 / Initial release

RUCKUS WIRELESS SECURITY PROCEDURES

Complete information on reporting security vulnerabilities in Ruckus
Wireless
products, obtaining assistance with security incidents is available at
http://www.ruckuswireless.com/security

For reporting new security issues, email can be sent to
security(at)ruckuswireless.com
For sensitive information we encourage the use of PGP encryption. Our
public keys can be
found at http://www.ruckuswireless.com/security

STATUS OF THIS NOTICE: Final

Although Ruckus cannot guarantee the accuracy of all statements
in this advisory, all of the facts have been checked to the best of our
ability. Ruckus does not anticipate issuing updated versions of
this advisory unless there is some material change in the facts. Should
there be a significant change in the facts, Ruckus may update this
advisory.

(c) Copyright 2013 by Ruckus Wireless
This advisory may be redistributed freely after the public release
date given at
the top of the text, provided that redistributed copies are complete and
unmodified, including all date and version information.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.18 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEcBAEBAgAGBQJSgXqpAAoJEFH6g5RLqzh1EqMIALNrshLMFkfNmt+3sCsBjwq5
zU0MwP4lM3ce35uKfVvMww6XMt/4HtVHiWonhdRo2uj5XelnZdQYxiV3EpxPc22B
pa1Go/c5toT+6qbbizGfm2SXHb37/JtBR6YogzZXo8uVNQzJg999E1UKJ//AleI7
xUz/rX3hOuyAXYGhZ/XPzepq1KRQf7gk/K4jNPixkqSScyziaE3HRsTC7pn6adxe
6TpEW2Ua1oQ2ATgXHEp3gFG1n9qZf3LPp4A20EgofuQAJ5Q5EgqcotIjl/vJVxPo
hKuL7l6ova2Fp4a4PlZN3cvtz0wF2JRs6WPqlP2oTzXakVLZ2fvv/URbnibp/GM=
=xVxn
-----END PGP SIGNATURE-----

JSON