CVE-2020-22659

In Ruckus R310 10.5.1.0.199, Ruckus R500 10.5.1.0.199, Ruckus R600 10.5.1.0.199, Ruckus T300 10.5.1.0.199, Ruckus T301n 10.5.1.0.199, Ruckus T301s 10.5.1.0.199, SmartCell Gateway 200 (SCG200) before 3.6.2.0.795, SmartZone 100 (SZ-100) before 3.6.2.0.795, SmartZone 300 (SZ300) before 3.6.2.0.795, Virtual SmartZone (vSZ) before 3.6.2.0.795, ZoneDirector 1100 9.10.2.0.130, ZoneDirector 1200 10.2.1.0.218, ZoneDirector 3000 10.2.1.0.218, ZoneDirector 5000 10.0.1.0.151, a vulnerability allows attackers to exploit the official image signature to force injection unauthorized image signature.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
mitreCNA
---
---
CVEADP
---
---
CISA-ADPADP
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 18%
VendorProductVersion
ruckuswirelessr310_firmware
10.5.1.0.199
ruckuswirelessr500_firmware
10.5.1.0.199
ruckuswirelessr600_firmware
10.5.1.0.199
ruckuswirelesst300_firmware
10.5.1.0.199
ruckuswirelesst301n_firmware
10.5.1.0.199
ruckuswirelesst301s_firmware
10.5.1.0.199
ruckuswirelessscg200_firmware
𝑥
< 3.6.2.0.795
ruckuswirelesssz-100_firmware
𝑥
< 3.6.2.0.795
ruckuswirelesssz-300_firmware
𝑥
< 3.6.2.0.795
ruckuswirelessvsz_firmware
𝑥
< 3.6.2.0.795
ruckuswirelesszonedirector_1100_firmware
9.10.2.0.130
ruckuswirelesszonedirector_1200_firmware
10.2.1.0.218
ruckuswirelesszonedirector_3000_firmware
10.2.1.0.218
ruckuswirelesszonedirector_5000_firmware
10.0.1.0.151
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://hdhrmi.blogspot.com/2020/03/multiple-vulnerabilities-in-ruckus.html?m=1
https://support.ruckuswireless.com/security_bulletins/302
https://support.ruckuswireless.com/security_bulletins/302