Security Bulletins

Security Bulletin 20231016

Title: Cloudpath® Persistent XSS and CSRF Vulnerability Description: A vulnerability in the web-based interface of the RUCKUS Cloudpath product could allow a remote, unauthenticated attacker to execute persistent XSS and CSRF attacks against a user of the admin management interface. A successful attack, combined with a certain admin activity, could allow the attacker to gain full admin privileges on the exploited system.
Release Date:
October 16, 2023
Edit Date:
November 28, 2023
Version:
1.1

Applicable To The Following Products

Cp_logo_4
Cloudpath Enrollment System (ES)


Cloudpath ES Highlights

  • Automated onboarding for all users, including employees, guests, and contractors
  • Intuitive workflow engine for comprehensive policy-driven access
  • Distributes unique certificate per device based on policies
  • Built-in certificate infrastructure and RADIUS server
  • Automates EAP-TLS, the WPA2-Enterprise gold standard
  • Supports guest use cases, including sponsorship
  • Differentiates between IT-owned and personal devices
  • Provides visibility into users, devices, and policies
  • Integrates with Microsoft Active Directory and Certificate Services
  • Integrates with external LDAP and RADIUS servers
  • Integrates with your existing WLAN

Cloudpath ES is deployable on-premise as a VMware server(s) or is available as a cloud service to make a powerful addition to existing ZoneDirector and SmartZone platforms.

To request a Demo for a CP Trial account, click this Link.

Working...Please wait

This is here to prevent you from accidentally submitting twice.

The page will automatically refresh.