Vulnerability-Lookup - Search a vulnerability

Search criteria

Vendor

Product

Assigner

Sources

Sort by

Order

FKIE_CVE-2017-6223

Vulnerability from fkie_nvd - Published: 2017-10-13 17:29 - Updated: 2025-04-20 01:37

Severity ?

8.8 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Summary

Ruckus Wireless Zone Director Controller firmware releases ZD9.9.x, ZD9.10.x, ZD9.13.0.x less than 9.13.0.0.232 contain OS Command Injection vulnerabilities in the ping functionality that could allow local authenticated users to execute arbitrary privileged commands on the underlying operating system.

References

	URL	Tags
	sirt@brocade.com	https://ruckus-www.s3.amazonaws.com/pdf/security/faq-security-advisory-id-092917.txt	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://ruckus-www.s3.amazonaws.com/pdf/security/faq-security-advisory-id-092917.txt	Vendor Advisory

Impacted products

Vendor	Product	Version
ruckus	zonedirector_firmware	zd9.9.0.0.205
ruckus	zonedirector_firmware	zd9.9.0.0.212
ruckus	zonedirector_firmware	zd9.9.0.0.216
ruckus	zonedirector_firmware	zd9.10.0.0.218
ruckus	zonedirector_firmware	zd9.13.0.0.103
ruckus	zonedirector_firmware	zd9.13.0.0.209
ruckus	zonedirector	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:ruckus:zonedirector_firmware:zd9.9.0.0.205:*:*:*:*:*:*:*",
              "matchCriteriaId": "E471ED42-71CE-49C0-8527-13945905E42D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:ruckus:zonedirector_firmware:zd9.9.0.0.212:*:*:*:*:*:*:*",
              "matchCriteriaId": "4F8272A4-16A5-4F56-BAEF-69EFD491F947",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:ruckus:zonedirector_firmware:zd9.9.0.0.216:*:*:*:*:*:*:*",
              "matchCriteriaId": "B6706B16-A872-45BC-8B72-606E1F0E5846",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:ruckus:zonedirector_firmware:zd9.10.0.0.218:*:*:*:*:*:*:*",
              "matchCriteriaId": "24BADE4E-C7EA-4502-803F-89AB583B5FC2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:ruckus:zonedirector_firmware:zd9.13.0.0.103:*:*:*:*:*:*:*",
              "matchCriteriaId": "722C7407-5914-4F37-A40F-E3F0125A5A52",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:ruckus:zonedirector_firmware:zd9.13.0.0.209:*:*:*:*:*:*:*",
              "matchCriteriaId": "6173E7EB-D93C-43EA-B4CD-7F9D74B22924",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:ruckus:zonedirector:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A01BE442-3DF1-44F1-BEBD-A96E511DBDE4",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Ruckus Wireless Zone Director Controller firmware releases ZD9.9.x, ZD9.10.x, ZD9.13.0.x less than 9.13.0.0.232 contain OS Command Injection vulnerabilities in the ping functionality that could allow local authenticated users to execute arbitrary privileged commands on the underlying operating system."
    },
    {
      "lang": "es",
      "value": "Ruckus Wireless Zone Director Controller en distribuciones de firmware ZD9.9.x, ZD9.10.x y ZD9.13.0.x anteriores a 9.13.0.0.232 contiene vulnerabilidades de inyecci\u00f3n de comandos del sistema operativo en la caracter\u00edstica ping que podr\u00edan permitir que usuarios locales autenticados ejecuten comandos arbitrarios con privilegios en el sistema operativo subyacente."
    }
  ],
  "id": "CVE-2017-6223",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-10-13T17:29:01.113",
  "references": [
    {
      "source": "sirt@brocade.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://ruckus-www.s3.amazonaws.com/pdf/security/faq-security-advisory-id-092917.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://ruckus-www.s3.amazonaws.com/pdf/security/faq-security-advisory-id-092917.txt"
    }
  ],
  "sourceIdentifier": "sirt@brocade.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-78"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CVE-2017-6223 (GCVE-0-2017-6223)

Vulnerability from cvelistv5 – Published: 2017-10-13 17:00 – Updated: 2024-09-16 21:04

Summary

Ruckus Wireless Zone Director Controller firmware releases ZD9.9.x, ZD9.10.x, ZD9.13.0.x less than 9.13.0.0.232 contain OS Command Injection vulnerabilities in the ping functionality that could allow local authenticated users to execute arbitrary privileged commands on the underlying operating system.

Severity ?

No CVSS data available.

CWE

Authenticated Root Command Injection

Assigner

brocade

References

URL

Tags

https://ruckus-www.s3.amazonaws.com/pdf/security/…

x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	Brocade Communications Systems, Inc.	Zone Director Controller Firmware	Affected: ZD9.9.x Affected: ZD9.10.x Affected: ZD9.13.0.x

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T15:25:48.451Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://ruckus-www.s3.amazonaws.com/pdf/security/faq-security-advisory-id-092917.txt"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Zone Director Controller Firmware",
          "vendor": "Brocade Communications Systems, Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "ZD9.9.x"
            },
            {
              "status": "affected",
              "version": "ZD9.10.x"
            },
            {
              "status": "affected",
              "version": "ZD9.13.0.x"
            }
          ]
        }
      ],
      "datePublic": "2017-09-27T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Ruckus Wireless Zone Director Controller firmware releases ZD9.9.x, ZD9.10.x, ZD9.13.0.x less than 9.13.0.0.232 contain OS Command Injection vulnerabilities in the ping functionality that could allow local authenticated users to execute arbitrary privileged commands on the underlying operating system."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Authenticated Root Command Injection",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-10-13T16:57:01",
        "orgId": "87b297d7-335e-4844-9551-11b97995a791",
        "shortName": "brocade"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://ruckus-www.s3.amazonaws.com/pdf/security/faq-security-advisory-id-092917.txt"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "sirt@brocade.com",
          "DATE_PUBLIC": "2017-09-27T00:00:00",
          "ID": "CVE-2017-6223",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Zone Director Controller Firmware",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "ZD9.9.x"
                          },
                          {
                            "version_value": "ZD9.10.x"
                          },
                          {
                            "version_value": "ZD9.13.0.x"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Brocade Communications Systems, Inc."
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Ruckus Wireless Zone Director Controller firmware releases ZD9.9.x, ZD9.10.x, ZD9.13.0.x less than 9.13.0.0.232 contain OS Command Injection vulnerabilities in the ping functionality that could allow local authenticated users to execute arbitrary privileged commands on the underlying operating system."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Authenticated Root Command Injection"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://ruckus-www.s3.amazonaws.com/pdf/security/faq-security-advisory-id-092917.txt",
              "refsource": "CONFIRM",
              "url": "https://ruckus-www.s3.amazonaws.com/pdf/security/faq-security-advisory-id-092917.txt"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "87b297d7-335e-4844-9551-11b97995a791",
    "assignerShortName": "brocade",
    "cveId": "CVE-2017-6223",
    "datePublished": "2017-10-13T17:00:00Z",
    "dateReserved": "2017-02-23T00:00:00",
    "dateUpdated": "2024-09-16T21:04:13.663Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2017-6223 (GCVE-0-2017-6223)

Vulnerability from nvd – Published: 2017-10-13 17:00 – Updated: 2024-09-16 21:04

Summary

Ruckus Wireless Zone Director Controller firmware releases ZD9.9.x, ZD9.10.x, ZD9.13.0.x less than 9.13.0.0.232 contain OS Command Injection vulnerabilities in the ping functionality that could allow local authenticated users to execute arbitrary privileged commands on the underlying operating system.

Severity ?

No CVSS data available.

CWE

Authenticated Root Command Injection

Assigner

brocade

References

URL

Tags

https://ruckus-www.s3.amazonaws.com/pdf/security/…

x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	Brocade Communications Systems, Inc.	Zone Director Controller Firmware	Affected: ZD9.9.x Affected: ZD9.10.x Affected: ZD9.13.0.x

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T15:25:48.451Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://ruckus-www.s3.amazonaws.com/pdf/security/faq-security-advisory-id-092917.txt"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Zone Director Controller Firmware",
          "vendor": "Brocade Communications Systems, Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "ZD9.9.x"
            },
            {
              "status": "affected",
              "version": "ZD9.10.x"
            },
            {
              "status": "affected",
              "version": "ZD9.13.0.x"
            }
          ]
        }
      ],
      "datePublic": "2017-09-27T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Ruckus Wireless Zone Director Controller firmware releases ZD9.9.x, ZD9.10.x, ZD9.13.0.x less than 9.13.0.0.232 contain OS Command Injection vulnerabilities in the ping functionality that could allow local authenticated users to execute arbitrary privileged commands on the underlying operating system."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Authenticated Root Command Injection",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-10-13T16:57:01",
        "orgId": "87b297d7-335e-4844-9551-11b97995a791",
        "shortName": "brocade"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://ruckus-www.s3.amazonaws.com/pdf/security/faq-security-advisory-id-092917.txt"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "sirt@brocade.com",
          "DATE_PUBLIC": "2017-09-27T00:00:00",
          "ID": "CVE-2017-6223",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Zone Director Controller Firmware",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "ZD9.9.x"
                          },
                          {
                            "version_value": "ZD9.10.x"
                          },
                          {
                            "version_value": "ZD9.13.0.x"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Brocade Communications Systems, Inc."
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Ruckus Wireless Zone Director Controller firmware releases ZD9.9.x, ZD9.10.x, ZD9.13.0.x less than 9.13.0.0.232 contain OS Command Injection vulnerabilities in the ping functionality that could allow local authenticated users to execute arbitrary privileged commands on the underlying operating system."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Authenticated Root Command Injection"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://ruckus-www.s3.amazonaws.com/pdf/security/faq-security-advisory-id-092917.txt",
              "refsource": "CONFIRM",
              "url": "https://ruckus-www.s3.amazonaws.com/pdf/security/faq-security-advisory-id-092917.txt"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "87b297d7-335e-4844-9551-11b97995a791",
    "assignerShortName": "brocade",
    "cveId": "CVE-2017-6223",
    "datePublished": "2017-10-13T17:00:00Z",
    "dateReserved": "2017-02-23T00:00:00",
    "dateUpdated": "2024-09-16T21:04:13.663Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Search criteria

3 vulnerabilities found for zonedirector_firmware by ruckus

FKIE_CVE-2017-6223

CVE-2017-6223 (GCVE-0-2017-6223)

CVE-2017-6223 (GCVE-0-2017-6223)