the original cloud security

ZoneDirector User Authentication Bypass

ZoneDirector User Authentication Bypass
Posted May 29, 2013
Authored by Ruckus Product Security Team

A user authentication bypass vulnerability has been discovered in ZoneDirector controllers during standard internal bug reporting procedures. This vulnerability may allow a malicious user to gain unauthorized access to the ZoneDirector administrative web interface.

tags | advisory, web, bypass
MD5 | aa5af0dae5ce625a8492959c673a9f6f

ZoneDirector User Authentication Bypass

Change Mirror Download

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


RUCKUS ADVISORY ID 031813-2

Customer release date: March 25, 2013
Public release date: May 27, 2013

TITLE

User authentication bypass vulnerability in ZoneDirector
administrative web interface


SUMMARY

An user authentication bypass vulnerability has been discovered in
ZoneDirector controllers during standard internal bug reporting
procedures. This vulnerability may allow a malicious user to gain
unauthorized access to the ZoneDirector administrative web interface.



AFFECTED SOFTWARE VERSIONS AND DEVICES


Device Affected software
- ------------------------- ------------------
ZoneDirector Controllers 9.3.x, 9.4.x, 9.5.x


Any products not mentioned in the table above are not affected


DETAILS

A weakness has been discovered in the administrative web interface of
the ZoneDirector controller devices. A malicious user with network
access to the device's web interface may obtain unauthorized access
and perform administrative actions via the web interface.

This issue only applies if ZoneDirector web interface is configured to
authenticate admin user via remote authentication methods - RADIUS,
LDAP or AD. The user does not have to be authenticated to the web
interface for this attack to be successful. This issue does not affect
any other Ruckus devices besides ZoneDirector controllers.


IMPACT

A malicious user with network access to the administrative web
interface of the ZoneDirector controller device may obtain
unauthorized access and perform administrative actions via this
interface.

CVSS v2 BASE METRIC SCORE: 8.8 (AV:N/AC:M/Au:N/C:C/I:C/A:N)


CHECK IF YOU ARE VULNERABLE

This issue is applicable only in certain configuration

- This issue is applicable ONLY if ZoneDirector administrative web
interface is configured to authenticate admin user via remote
authentication methods: RADIUS, LDAP or AD.

- ZoneDirector controller is NOT vulnerable if local authentication
or TACACS is being used for authenticating admin user to the web
interface.

- No other Ruckus devices are vulnerable to this issue besides
ZoneDirector controllers.



WORKAROUNDS

Ruckus recommends that all customers apply the appropriate patch(es)
as soon as practical. However, in the event that a patch cannot
immediately be applied, the following steps will help to mitigate the
risk:

- Do not expose management interfaces of Ruckus devices (including
administrative web interface) to untrusted networks such as the Internet.

- Use a firewall to limit traffic to/from ZoneDirector's
administrative web interface to trusted hosts.

- Switch to using local authentication or TACACS for ZoneDirector
administrative web interface.


SOLUTION

Ruckus recommends that all customers apply the appropriate patch(es)
as soon as practical.

The following patches have the fix (any later patches will also have
the fix):


Branch Software Patch
- ----------- ------------------
9.3.x 9.3.4.0.17
9.4.x 9.4.3.0.16
9.5.x 9.5.1.0.50



OBTAINING FIXED FIRMWARE

Ruckus customers can obtain the fixed firmware from the support website at
https://support.ruckuswireless.com/

Ruckus Support can be contacted as follows:

1-855-RUCKUS1 (1-855-782-5871) (United States)
e-mail: support at ruckuswireless.com

The full contact list is at:
https://support.ruckuswireless.com/contact-us


PUBLIC ANNOUNCEMENTS

This security advisory is strictly confidential and will be made
available for public consumption in approximately 60 days on 27th May
2013 at the following source

Ruckus Website
http://www.ruckuswireless.com/security

SecurityFocus Bugtraq
http://www.securityfocus.com/archive/1


Future updates of this advisory, if any, will be placed on Ruckus's
website, but may or may not be actively announced on mailing lists.

REVISION HISTORY

Revision 1.0 / 25th March 2013 / Initial release


RUCKUS WIRELESS SECURITY PROCEDURES

Complete information on reporting security vulnerabilities in Ruckus
Wireless products, obtaining assistance with security incidents is
available at

http://www.ruckuswireless.com/security


For reporting new security issues, email can be sent to
security(at)ruckuswireless.com
For sensitive information we encourage the use of PGP encryption. Our
public keys can be found at http://www.ruckuswireless.com/security


STATUS OF THIS NOTICE: Final

Although Ruckus cannot guarantee the accuracy of all statements
in this advisory, all of the facts have been checked to the best of our
ability. Ruckus does not anticipate issuing updated versions of
this advisory unless there is some material change in the facts. Should
there be a significant change in the facts, Ruckus may update this
advisory.


(c) Copyright 2013 by Ruckus Wireless
This advisory may be redistributed freely after the public release
date given at
the top of the text, provided that redistributed copies are complete and
unmodified, including all date and version information.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.18 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEcBAEBAgAGBQJRpPkNAAoJEFH6g5RLqzh1hXwIAJ0tvubpZ/px/XgsKQ8LrBEf
FABBAZJ5A2j6UkS/0dcoEl7jMmCa9aczESezZIhqmUphV9guq7oNrnM/xbOZD+LL
Xgx8qUurvTvOikp0pGdx9P6WOcewKkj98tBkl4Jz9LBztAoazoj0bH2Xbe3uhzu8
1maZ3FCGTLKEaYP3QCxPaHjaxf19FO2VqVI88RGyO3lpb3ibGm0DEHb+kyOBJitD
FZX1t8JvIDfoEHKKBSVNWm6dXuNWcsM5eCpEOJactoFKAtwNW0xJUZnLPPG+m/5l
d1lBJIaetNtoly0K/zYZw7X3CfC2U/dgAcDnGehfwcdAAtfGUqU1pR72eOa2EWA=
=Duph
-----END PGP SIGNATURE-----

Comments

RSS Feed Subscribe to this comment feed

No comments yet, be the first!

Login or Register to post a comment

File Archive:

July 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    2 Files
  • 2
    Jul 2nd
    3 Files
  • 3
    Jul 3rd
    15 Files
  • 4
    Jul 4th
    4 Files
  • 5
    Jul 5th
    15 Files
  • 6
    Jul 6th
    15 Files
  • 7
    Jul 7th
    10 Files
  • 8
    Jul 8th
    2 Files
  • 9
    Jul 9th
    10 Files
  • 10
    Jul 10th
    15 Files
  • 11
    Jul 11th
    15 Files
  • 12
    Jul 12th
    19 Files
  • 13
    Jul 13th
    16 Files
  • 14
    Jul 14th
    15 Files
  • 15
    Jul 15th
    3 Files
  • 16
    Jul 16th
    2 Files
  • 17
    Jul 17th
    8 Files
  • 18
    Jul 18th
    11 Files
  • 19
    Jul 19th
    2 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close