FKIE_CVE-2018-11036

Vulnerability from fkie_nvd - Published: 2018-05-31 12:29 - Updated: 2024-11-21 03:42
Severity ?
9.1 (Critical) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Summary
Ruckus SmartZone (formerly Virtual SmartCell Gateway or vSCG) 3.5.0, 3.5.1, 3.6.0, and 3.6.1 (Essentials and High Scale) on vSZ, SZ-100, SZ-300, and SCG-200 devices allows remote attackers to obtain sensitive information or modify data.
References
cve@mitre.orghttps://www.ruckuswireless.com/security/279/view/txtMailing List, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.ruckuswireless.com/security/279/view/txtMailing List, Vendor Advisory
Impacted products
Vendor Product Version
ruckuswireless vsz_firmware 3.5.0
ruckuswireless vsz_firmware 3.5.1
ruckuswireless vsz_firmware 3.6.0
ruckuswireless vsz_firmware 3.6.1
ruckuswireless vsz -
ruckuswireless scg-200_firmware 3.5.0
ruckuswireless scg-200_firmware 3.5.1
ruckuswireless scg-200_firmware 3.6.0
ruckuswireless scg-200_firmware 3.6.1
ruckuswireless scg-200 -
ruckuswireless sz-300_firmware 3.5.0
ruckuswireless sz-300_firmware 3.5.1
ruckuswireless sz-300_firmware 3.6.0
ruckuswireless sz-300_firmware 3.6.1
ruckuswireless sz-300 -
ruckuswireless sz-100_firmware 3.5.0
ruckuswireless sz-100_firmware 3.5.1
ruckuswireless sz-100_firmware 3.6.0
ruckuswireless sz-100_firmware 3.6.1
ruckuswireless sz-100 -
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:ruckuswireless:vsz_firmware:3.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9998987C-0AD2-4CDB-9511-2BC9462490AE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:ruckuswireless:vsz_firmware:3.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "EF9AF4FE-6115-4F24-B171-62A5DB74A6BC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:ruckuswireless:vsz_firmware:3.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "71FD8B5B-EA1B-4ABA-B0A1-CF675F8765F5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:ruckuswireless:vsz_firmware:3.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "38393B8A-E549-4C07-A73E-BEB6DEB08E6A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:ruckuswireless:vsz:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A1E9A46B-D8E4-489A-8648-28EDDF000E28",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:ruckuswireless:scg-200_firmware:3.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF021C98-2D73-48E3-AB05-F69C9D3AD569",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:ruckuswireless:scg-200_firmware:3.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F95F4D57-D238-47E6-AAF7-8A19B18FC29C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:ruckuswireless:scg-200_firmware:3.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F7F0BA42-FF78-4F7D-AF63-C731B0C32DD2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:ruckuswireless:scg-200_firmware:3.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "CB65F202-22C7-4E57-8EF3-8BA1DE6A3BA3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:ruckuswireless:scg-200:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B1BD8748-6B99-4218-8D76-3A6A5847DB25",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:ruckuswireless:sz-300_firmware:3.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "45CEB61E-3E81-4F2D-B23E-8332E95C6C23",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:ruckuswireless:sz-300_firmware:3.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "FF91774B-2DE9-4478-AD17-D7C4477CE458",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:ruckuswireless:sz-300_firmware:3.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AA61F6F5-591D-45D2-90B2-4096A60BB978",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:ruckuswireless:sz-300_firmware:3.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9945DADB-81D0-407B-A8C1-FFA9B5A6B228",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:ruckuswireless:sz-300:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4087D2FB-0853-40AE-A03F-803B5972A404",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:ruckuswireless:sz-100_firmware:3.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "ECB56AD5-AE22-4497-852B-EDB12E7B68BC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:ruckuswireless:sz-100_firmware:3.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6AF9CED5-087A-475B-8A8D-C05F45ADEF57",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:ruckuswireless:sz-100_firmware:3.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4C5A6C11-3349-448B-99E7-1A5AF17E4872",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:ruckuswireless:sz-100_firmware:3.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0A116EBD-77CD-4F93-A1BB-56DDF64F2EA4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:ruckuswireless:sz-100:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3B9F3E41-79CA-45B7-B799-B0A64E60BA16",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Ruckus SmartZone (formerly Virtual SmartCell Gateway or vSCG) 3.5.0, 3.5.1, 3.6.0, and 3.6.1 (Essentials and High Scale) on vSZ, SZ-100, SZ-300, and SCG-200 devices allows remote attackers to obtain sensitive information or modify data."
    },
    {
      "lang": "es",
      "value": "Ruckus SmartZone (anteriormente Virtual SmartCell Gateway o vSCG) 3.5.0, 3.5.1, 3.6.0 y 3.6.1 (Essentials y High Scale) en dispositivos vSZ, SZ-100, SZ-300 y SCG-200 permite a los atacantes remotos obtener informaci\u00f3n sensible o modificar datos."
    }
  ],
  "id": "CVE-2018-11036",
  "lastModified": "2024-11-21T03:42:32.317",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": true,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 6.4,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 4.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 9.1,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.2,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-05-31T12:29:00.220",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Vendor Advisory"
      ],
      "url": "https://www.ruckuswireless.com/security/279/view/txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Vendor Advisory"
      ],
      "url": "https://www.ruckuswireless.com/security/279/view/txt"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.