rkscli jailbreak

Aleph Research Advisory

Identifier

CVE-2020-13917

Severity

High

Product

ZoneDirector
Unleashed

Vulnerable Version

ZoneDirector: 9.9 and before
ZoneDirector: 9.10.x
ZoneDirector: 9.12.x
ZoneDirector: 9.13.x
ZoneDirector: 10.0.x
ZoneDirector: 10.1.x
ZoneDirector: 10.2.x
ZoneDirector: 10.3.x
Unleashed: 200.6 and before
Unleashed: 200.7

Technical Details

rkscli in Ruckus Wireless Unleashed through 200.7.10.62 allows a remote attacker to achieve command injection and jailbreak the CLI via a crafted CLI command.

Information about the exploitation of this vulnerability can be found in our 36C3 talk.

Timeline

05-Aug-20
: Public disclosure.
15-Jun-20
: Patch available.
07-Jun-20
: CVE-2020-13917 assigned.
05-Feb-20
: Reported (Ruckus Product Security Team).

Posts

Don't Ruck Us Again - The Exploit Returns
By Gal Zror,
14-Oct 2020

Credit

Gal Zror (@waveburst) of Aleph Research, HCL Technologies

External References

Ruckus Networks - Security Advisory ID 20200615 - txt
Ruckus Networks - Security Advisory ID 20200615 - PDF