Security
The RUCKUS Product Security Team is responsible for researching, analyzing and responding to security incident reports related to RUCKUS products. This team is the first point of contact for all security incident reports and works directly with RUCKUS customers, security researchers, government organizations, consultants, industry security organizations, and other vendors to identify security issues with RUCKUS products. This team is also responsible for publishing security advisories and communicating with outside entities regarding mitigation steps for addressing particular security issues with Ruckus products.
Reporting a Security Issue to Ruckus
RUCKUS encourages individuals and organizations to report all RUCKUS-related product related vulnerabilities and security issues using the form below.
Please see the RUCKUS Security Incident Response Policy for additional information.
Please provide a detailed description of the issue along with sufficient information to reasonably enable RUCKUS to reproduce the issue. Please also include a technical contact, list of RUCKUS products affected and any other helpful information such as logs and console messages etc.
If you are a currently experiencing a network outage or need help configuring a security feature, please contact RUCKUS via any of the contact methods listed on our Contact page.
| ID | Title | Version | Release Date | Edit Date |
|---|---|---|---|---|
| BSA-2017-216 | CVE-2016-7141 | March 31, 2017 | March 31, 2017 | |
| BSA-2017-215 | CVE-2016-6153 | March 31, 2017 | October 13, 2017 | |
| BSA-2017-214 | CVE-2016-7098 | March 31, 2017 | March 31, 2017 | |
| BSA-2017-213 | CVE-2016-6262 | March 31, 2017 | March 31, 2017 | |
| BSA-2017-212 | CVE-2016-6263 | March 31, 2017 | March 31, 2017 | |
| BSA-2017-211 | CVE-2016-6261 | March 31, 2017 | March 31, 2017 | |
| BSA-2017-210 | CVE-2015-8948 | March 31, 2017 | March 31, 2017 | |
| BSA-2017-207 | CVE-2016-7055 | March 31, 2017 | March 31, 2017 | |
| BSA-2017-206 | CVE-2016-7053 | March 31, 2017 | March 31, 2017 | |
| BSA-2017-205 | CVE-2016-7054 | March 31, 2017 | March 31, 2017 | |
| BSA-2017-204 | CVE-2016-3961 | March 31, 2017 | March 31, 2017 | |
| BSA-2017-201 | CVE-2016-8610 | March 31, 2017 | March 31, 2017 | |
| BSA-2015-003 | CVE-2014-3569 - OpenSSL CVE-2014-3570 - OpenSSL CVE-2014-3571 - OpenSSL CVE-2014-3572 - OpenSSL CVE-2014-8275 - OpenSSL CVE-2015-0204 - OpenSSL CVE-2015-0205 - OpenSSL CVE-2015-0206 - OpenSSL | April 24, 2015 | March 23, 2017 | |
| BSA-2015-002 | CVE-2014-9296 - NTP | March 19, 2015 | May 11, 2016 | |
| BSA-2015-001 | GNU C Library “GHOST” Vulnerability (CVE-2015-0235) Assessment for Brocade | February 13, 2015 | May 11, 2016 | |
| BSA-2014-002 | CVE-2014-3566 - OpenSSL | March 10, 2015 | April 07, 2017 | |
| 112717 | Multiple Vulnerabilities in DNSMASQ (CVE-2017-14491, CVE-2017-14492, CVE-2017-14493, CVE-2017-14494, CVE-2017-14495, CVE-2017-14496, CVE-2017-13704, CVE-2015-3294) | 1 | November 27, 2017 | November 27, 2017 |
| 101717 | Multiple Vulnerabilities discovered in RSA key generation within Infineon TPM | 1 | October 17, 2017 | October 17, 2017 |
| 092917 | Authenticated Root Command Injection Vulnerabilities in Web-GUI of Ruckus Zone Director Controller and Unleashed APs (CVE-2017-6223, CVE-2017-6224) | 1 | September 29, 2017 | September 29, 2017 |
| 072817 | Vulnerabilities updates for RC4(CVE-2013-2566, CVE-2015-2808), SWEET32 (CVE-2016-2183) and SSL certificate signed using weak hashing algorithm (CVE-2004-2761) | 1 | July 28, 2017 | July 28, 2017 |
| 062117 | Vulnerabilities in Web GUI Interface on Ruckus Unmanaged-APs – CVE-2016-1000213, CVE-2016-1000214, CVE-2016-1000215, CVE-2016-1000216 | 1 | June 21, 2017 | June 21, 2017 |
| 030117 | Vulnerabilities in Dropbear SSH – CVE-2016-7406, CVE-2016-7407, CVE- 2016-2408, CVE-2016-2409 | 1 | March 01, 2017 | March 01, 2017 |
| 022717 | Vulnerabilities in OpenSSL – CVE-2017-3730, CVE-2017-3731, CVE-2017- 3732, CVE-2016-6304, CVE-2016-6305 | 1 | February 27, 2017 | February 27, 2017 |
| 111116 | Linux Kernel Local Privilege Escalation "Dirty Cow" - CVE-2016-5195 | 1 | November 11, 2016 | November 11, 2016 |
| 081516 | Linux TCP Flaw - CVE-2016-5696 | 1 | August 15, 2016 | August 15, 2016 |
| 080216 | Vulnerabilities in WebGUI Interface on Ruckus Unmanaged-APs | 1 | August 02, 2016 | August 02, 2016 |
| 071216 | Vulnerabilities in OpenSSL and Related Updates - CVE-2016-2108, CVE-2016-2107, CVE-2016-2105, CVE-2016-2106, CVE-2016-2109, CVE-2016-2176 | 1 | July 12, 2016 | July 12, 2016 |
| 051616 | Vulnerabilities in OpenSSL and Related Updates - CVE-2016-0800, CVE-2016-0705, CVE-2016-0798, CVE-2016-0797, CVE-2016-0799, CVE-2016-0702, CVE-2016-0703, CVE-2016-0704 | 1 | May 16, 2016 | May 16, 2016 |
| 022916 | Vulnerabilities in Linux GNU C (libc) Distributions - CVE-2015-7547 | 1 | February 29, 2016 | February 29, 2016 |
| 123015 | Vulnerabilities in OpenSSL Distributions - CVE-2015-3193, CVE-2015-3194, CVE-2015-3195, CVE-2015-3196 | 1 | December 30, 2015 | December 30, 2015 |