CVE-2017-6223

HIGH

Ruckus Zone Director Firmware < 9.13.0.0.232 - Authenticated OS Command Injection via Ping Functionality

Title source: llm
STIX 2.1

Description

Ruckus Wireless Zone Director Controller firmware releases ZD9.9.x, ZD9.10.x, ZD9.13.0.x less than 9.13.0.0.232 contain OS Command Injection vulnerabilities in the ping functionality that could allow local authenticated users to execute arbitrary privileged commands on the underlying operating system.

References (1)

Core 1

Scores

CVSS v3 8.8
EPSS 0.0172
EPSS Percentile 74.7%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE
CWE-78
Status published
Products (9)
Brocade Communications Systems, Inc./Zone Director Controller Firmware ZD9.10.x
Brocade Communications Systems, Inc./Zone Director Controller Firmware ZD9.13.0.x
Brocade Communications Systems, Inc./Zone Director Controller Firmware ZD9.9.x
ruckus/zonedirector_firmware zd9.9.0.0.205
ruckus/zonedirector_firmware zd9.9.0.0.212
ruckus/zonedirector_firmware zd9.9.0.0.216
ruckus/zonedirector_firmware zd9.10.0.0.218
ruckus/zonedirector_firmware zd9.13.0.0.103
ruckus/zonedirector_firmware zd9.13.0.0.209
Published Oct 13, 2017
Tracked Since Feb 18, 2026