OpenSSL library is used in Ruckus products to implement various security related features. A vulnerability has been discovered in OpenSSL library which may allow an unauthenticated, remote attacker to retrieve memory in chunks of 64 kilobytes from a connected client or server. An exploit could disclose portions of memory containing sensitive security material such as passwords and private keys.
e2389dde2b3d98946abd1657f86b8b235aa6c789773e1225b58757349034d256
A user authentication bypass vulnerability has been discovered in Ruckus Access Point's administrative web interface. This vulnerability may allow a malicious user to gain unauthorized access to the administrative web interface.
3b39b726272397dfd90d0e4136f00557380edbd2ca30b9270c6be93d5bfbe996
A persistent cross site scripting weakness has been discovered in the guest pass provisioning web interface of the ZoneDirector controller devices. An attacker with access to an authenticated user session with privileges for guest pass generation may cause certain malicious javascript code to execute in the user's browser with privileges of the user or the admin. ZoneDirector Controllers versions 9.3.x, 9.4.x, 9.5.x, and 9.6.x are affected.
d9fdcc876fdb2924d1ff1acb39eb8b431d9858e58ba9bb63afddfef5b1a68a58
A vulnerability has been discovered in ZoneDirector controllers (ZD) which may allow an attacker to inject malicious code via controller's admin web interface. The attacker needs access to an authenticated admin session with ZD's web interface for carrying out this attack. Affected software includes versions 9.3.x, 9.4.x, 9.5.x, and 9.6.x.
62b972e7d6dbdf0c5f635f6e3a470a83f15461c4159ea625712a0156763d1448
A user authentication bypass vulnerability has been discovered in ZoneDirector controllers during standard internal bug reporting procedures. This vulnerability may allow a malicious user to gain unauthorized access to the ZoneDirector administrative web interface.
490680f010ed632a71b903374189cc43de53208be861742cff821a065866c2aa
A user authentication bypass vulnerability has been discovered during standard internal bug reporting procedures in some of the Ruckus devices. This vulnerability may permit an unauthenticated malicious user with network access to port 22 to tunnel random TCP traffic to other hosts on the network via Ruckus devices.
3c7292de3b3be1ee12992e0ae63f056545cf432aee257c5c37c07bd209db55b4