CVE-2022-22963 and CVE-2022-22965 (Spring4Shell zero-day RCE vulnerability)
Summary
Article explains about recent security vulnerability CVE-2022-22963 and CVE-2022-22965 (Spring4Shell zero-day RCE vulnerability)Question
What Ruckus products are impacted with recent CVE-2022-22963 and CVE-2022-22965 (Spring4Shell zero-day RCE vulnerability)?Customer Environment
All Ruckus productsResolution
About the vulnerability
There are two vulnerabilities affecting the Spring MVC (CVE-2022-22965) and Spring Cloud (CVE-2022-22963) components of the Spring Framework. These vulnerabilities are rated Critical as a successful exploit leads to remote code execution on the vulnerable system.
What RUCKUS Networks is doing for their products?
RUCKUS Networks security team is aware about the issue and already verified all the products.Most of RUCKUS Networks products are not impacted with this vulnerability and only one impacted product (Ruckus Cloud) was already patched on 15th April 2022.
At this point, no RUCKUS products are impacted and no attention required from customers.
Is my RUCKUS product impacted?
As of 18th April below is the status of RUCKUS products:| Product | Vulnerable? | Action required |
| ZoneDirector | Not Vulnerable | No action required |
| Unleashed | Not Vulnerable | No action required |
| UMM/Flexmaster | Not Vulnerable | No action required |
| SmartZone/virtualSmartZone | Not Vulnerable | No action required |
| SPoT/vSPoT | Not Vulnerable | No action required |
| RuckusAnalytics | Not Vulnerable | No action required |
| MobileApps | Not Vulnerable | No action required |
| IoT | Not Vulnerable | No action required |
| ICX | Not Vulnerable | No action required |
| CloudPath | Not Vulnerable | No action required |
| Access points | Not Vulnerable | No action required |
| IOT | Not Vulnerable | No action required |
| Mobile APPs | Not Vulnerable | No action required |
| CloudPath | Not Vulnerable | No action required |
| SCI | Not Vulnerable | No action required |
| RuckusCloud | Vulnerable | Already patched, no further action required |
When impacted products will be patched?
Only one product (RUCKUS Cloud) was vulnerable and same was patched on 15th April 2022.
For any queries, feel free to reach Ruckus Support at https://support.ruckuswireless.com/contact-us
You can also refer our support center page at https://support.ruckuswireless.com/spring4shell-ruckus-technical-support-response-center
Article Number:
000012204
Updated:
April 21, 2022 12:21 PM (almost 2 years ago)
Tags:
Security, Ruckus Analytics, Ruckus Cloud Switch, Ruckus Cloud WiFi, Cloudpath, Ruckus ICX Switches, Unleashed, ZoneDirector, ZoneFlex Indoor, ZoneFlex Outdoor, FlexMaster UMM, SmartCell Gateway, SmartCell Insight, Smart Wireless Services
Votes:
6
This article is:
helpful
not helpful