CVE-2022-22963 and CVE-2022-22965 (Spring4Shell zero-day RCE vulnerability)

Summary

Article explains about recent security vulnerability CVE-2022-22963 and CVE-2022-22965 (Spring4Shell zero-day RCE vulnerability)

Question

What Ruckus products are impacted with recent CVE-2022-22963 and CVE-2022-22965 (Spring4Shell zero-day RCE vulnerability)?

Customer Environment

All Ruckus products

Resolution

About the vulnerability

There are two vulnerabilities affecting the Spring MVC (CVE-2022-22965) and Spring Cloud (CVE-2022-22963) components of the Spring Framework. These vulnerabilities are rated Critical as a successful exploit leads to remote code execution on the vulnerable system.

What RUCKUS Networks is doing for their products?

RUCKUS Networks security team is aware about the issue and already verified all the products.

Most of RUCKUS Networks products are not impacted with this vulnerability and only one impacted product (Ruckus Cloud) was already patched on 15th April 2022.

At this point, no RUCKUS products are impacted and no attention required from customers.

Is my RUCKUS product impacted?

As of 18th April below is the status of RUCKUS products:
 
ProductVulnerable?Action required
ZoneDirectorNot VulnerableNo action required
UnleashedNot VulnerableNo action required
UMM/FlexmasterNot VulnerableNo action required
SmartZone/virtualSmartZoneNot VulnerableNo action required
SPoT/vSPoTNot VulnerableNo action required
RuckusAnalyticsNot VulnerableNo action required
MobileAppsNot VulnerableNo action required
IoTNot VulnerableNo action required
ICXNot VulnerableNo action required
CloudPathNot VulnerableNo action required
Access pointsNot VulnerableNo action required
IOTNot VulnerableNo action required
Mobile APPsNot VulnerableNo action required
CloudPathNot VulnerableNo action required
SCINot VulnerableNo action required
RuckusCloudVulnerableAlready patched, no further action required


When impacted products will be patched?

Only one product (RUCKUS Cloud) was vulnerable and same was patched on 15th April 2022.

For any queries, feel free to reach Ruckus Support at https://support.ruckuswireless.com/contact-us

You can also refer our support center page at https://support.ruckuswireless.com/spring4shell-ruckus-technical-support-response-center

Article Number:
000012204

Updated:
April 21, 2022 12:21 PM (over 2 years ago)

Tags:
Security, Ruckus Analytics, Ruckus Cloud Switch, Ruckus Cloud WiFi, Cloudpath, Ruckus ICX Switches, Unleashed, ZoneDirector, ZoneFlex Indoor, ZoneFlex Outdoor, FlexMaster UMM, SmartCell Gateway, SmartCell Insight, Smart Wireless Services

Votes:
6

This article is:
helpful
not helpful

Working...Please wait

This is here to prevent you from accidentally submitting twice.

The page will automatically refresh.

Alert!!

Close