Log4j - RUCKUS Technical Support Response Center
This page is the primary resource for CommScope RUCKUS customers and partners to address the Log4j java library (aka Log4Shell, Log4j2) security vulnerability. This page acts as a central home for support links and content to provide more information about the vulnerability, and other technical resources to assist you with the response to the Log4j vulnerability.
Security Bulletin, FAQs, and Knowledge Base
- Security
Bulletin CVE-2021-44228: Apache Log4j Vulnerability
- Signed TXT file and PDF formats also available without login on https://www.commscope.com/security-bulletins/ - last updated 15 December 2021
- Applicable CVEs: CVE-2021-44228, CVE-2021-44832, CVE-2021-45046, CVE-2021-45105
- Log4j Vulnerability FAQs- last updated 15 December 2021: While the FAQs contain many answers to support-related questions, and you should absolutely read them all, we've surfaced these for quick visibility:
- Q: What if I don’t have an active Support contract with
RUCKUS – will I be able to upgrade my software?
A: Yes. You will be able to obtain the patches that are available for your platform even if you don’t have a current support contract.
- [CVE-2021-44228] Apache Log4j2 RCE impact on UMM and FM - KBA # 000012031 - last updated 4 January 2022
- SZ and vSZ - Steps to Implement CVE-2021-44228 log4j2 Patch - KBA # 000012025 - last updated 21 December 2021
- Link to a video on adding the KSP onto the vSZ
- SZ and vSZ (including FIPS versions) are not vulnerable to CVE-2021-45046 after patching
- [CVE-2021-44228] Apache Log4j2 RCE impact on SCI - KBA #000012015 - last updated 20 December 2021
Log4j Technical Resources
RUCKUS Resources
- RUCKUS Community Discussion
Industry Technical Response and Communications
- Log4j @ NIST CVE-2021-44228
- Log4j @ NIST CVE-2021-44832
- Log4j @ NIST CVE-2021-45046
- Log4j2 @ NIST CVE-2021-45105
- Log4j blog @ apache.org
Log4j Security Patch Release Schedules - last updated 16 December 2021
| Platform | Software Release |
Target/Delivered Patch Release Date | Product Vulnerable? | Comments |
|---|---|---|---|---|
Please review the Release Notes on the RUCKUS Support Portal for specific release build numbers. |
||||
| SmartZone and Virtual SmartZone | 6.1 | Not Applicable | No | |
| 6.0.0 | 17 December 2021 | Yes |
| |
| 5.2.X Upgrade | 23 December 2021 | Yes |
| |
| 5.2.2 MR1 | 17 December 2021 | Yes |
| |
| 5.2.2 |
17 December 2021 | Yes |
|
|
| 5.2.1 | 17 December 2021 | Yes |
| |
| 5.2.0 | 17 December 2021 | Yes |
| |
| 5.0.X and 5.1.X Upgrade | 23 December 2021 | Yes |
| |
| 5.1.2 | 17 December 2021 | Yes |
| |
| 5.1.1 | 17 December 2021 | Yes |
| |
| 5.1.0 | 17 December 2021 | Yes |
| |
| 5.0.0 | 17 December 2021 | Yes |
| |
| 3.6.2 |
Not Applicable | No | ||
| 3.4.2 |
Not Applicable | No | ||
| ZoneDirector | All versions | Not Applicable | No | |
| Cloudpath | All versions | Not Applicable | No | |
| RUCKUS Network Director (RND) | 3.0 and earlier versions | Not Applicable | No | |
| Unleashed | All versions | Not Applicable | No | Including Unleashed APs |
| SPoT/vSPoT | All versions | Not Applicable | No | |
| SmartZone Data Plane and Virtual SmartZone Data Plane | All versions | Not Applicable | No | |
| RUCKUS Analytics | All versions | 18 December 2021 | Yes |
|
| MobileApps | All versions | Not Applicable | No |
|
| RUCKUS LTE (CBRS) | All versions | TBD | Under Assessment | Including LTE APs |
| ICX Switches | All versions | Not Applicable | No | |
| FlexMaster | 9.13.1 | 29 December 2021 | Yes |
|
| Access Points - Indoor and Outdoor | All versions | Not Applicable | No | |
| IoT | All versions | Not Applicable | No | |
| RUCKUS Cloud | 21.11 | 20 December 2021 | Yes |
|
| SCI | SCI (Cloud) |
16 December 2021 | Yes |
|
| SCI (on-prem), versions: 5.3.1, v5.4.2 and v5.5.x |
20 December 2021 | Yes |
|
|
| Unleashed Multi-Site Manager (UMM) | 2.6 | January 2022 | No |
|
| 2.0 through 2.5 | 29 December 2021 | Yes |
|
|
| RUCKUS
SmartZone (FIPS) and Virtual SmartZone (FIPS) |
5.2.1.3 | 17 December 2021 |
Yes |
|
| 5.1.2.3 |
24 December 2021 |
Yes |
| |