CVE-2017-6223
HIGHRuckus Zone Director Firmware < 9.13.0.0.232 - Authenticated OS Command Injection via Ping Functionality
Title source: llmDescription
Ruckus Wireless Zone Director Controller firmware releases ZD9.9.x, ZD9.10.x, ZD9.13.0.x less than 9.13.0.0.232 contain OS Command Injection vulnerabilities in the ping functionality that could allow local authenticated users to execute arbitrary privileged commands on the underlying operating system.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
https://ruckus-www.s3.amazonaws.com/pdf/security/faq-security-advisory-id-092917.txt
Scores
CVSS v3
8.8
EPSS
0.0172
EPSS Percentile
74.7%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-78
Status
published
Products (9)
Brocade Communications Systems, Inc./Zone Director Controller Firmware
ZD9.10.x
Brocade Communications Systems, Inc./Zone Director Controller Firmware
ZD9.13.0.x
Brocade Communications Systems, Inc./Zone Director Controller Firmware
ZD9.9.x
ruckus/zonedirector_firmware
zd9.9.0.0.205
ruckus/zonedirector_firmware
zd9.9.0.0.212
ruckus/zonedirector_firmware
zd9.9.0.0.216
ruckus/zonedirector_firmware
zd9.10.0.0.218
ruckus/zonedirector_firmware
zd9.13.0.0.103
ruckus/zonedirector_firmware
zd9.13.0.0.209
Published
Oct 13, 2017
Tracked Since
Feb 18, 2026