CVE-2020-22655

CVE

High

In Ruckus R310 10.5.1.0.199, Ruckus R500 10.5.1.0.199, Ruckus R600 10.5.1.0.199, Ruckus T300 10.5.1.0.199, Ruckus T301n 10.5.1.0.199, Rucku…

CVSS

7.5

High

EPSS

0.00

p36

Published

2020-01-01

Updated

2020-01-01

Description

In Ruckus R310 10.5.1.0.199, Ruckus R500 10.5.1.0.199, Ruckus R600 10.5.1.0.199, Ruckus T300 10.5.1.0.199, Ruckus T301n 10.5.1.0.199, Ruckus T301s 10.5.1.0.199, SmartCell Gateway 200 (SCG200) before 3.6.2.0.795, SmartZone 100 (SZ-100) before 3.6.2.0.795, SmartZone 300 (SZ300) before 3.6.2.0.795, Virtual SmartZone (vSZ) before 3.6.2.0.795, ZoneDirector 1100 9.10.2.0.130, ZoneDirector 1200 10.2.1.0.218, ZoneDirector 3000 10.2.1.0.218, ZoneDirector 5000 10.0.1.0.151, a vulnerability allows attackers to persistently to writing unauthorized image.

Tags · CWE

Pre-auth

CWE-284

CAPEC-19

CAPEC-441

CAPEC-478

CAPEC-479

CAPEC-502

CAPEC-503

CAPEC-536

CAPEC-546

CAPEC-550

CAPEC-551

CAPEC-552

CAPEC-556

CAPEC-558

CAPEC-562

CAPEC-563

CAPEC-564

CAPEC-578

Affected products

R310_firmwareR500_firmwareR600_firmwareScg200_firmwareSz-100_firmwareSz-300_firmwareT300_firmwareT301n_firmwareT301s_firmwareVsz_firmwareZonedirector_1100_firmwareZonedirector_1200_firmwareZonedirector_3000_firmwareZonedirector_5000_firmware

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Timeline

2020-01-01

Published

2020-01-01

Updated

CVSS 3.1 breakdown

Attack Vector

AV: N

Network (N)

Attack Complexity

AC: L

Low (L)

Privileges Required

PR: N

None (N)

User Interaction

UI: N

None (N)

Scope

S: U

Unchanged (U)

Confidentiality Impact

C: N

None (N)

Integrity Impact

I: H

High (H)

Availability Impact

A: N

None (N)

Exploit indicators

EPSS

0.005 · p36

Known exploited (KEV)

MITRE ATT&CK

Inferred via CAPEC

T1014Rootkit

└ via CAPEC-552 · CWE-284

T1027.009Embedded Payloads

└ via CAPEC-19 · CWE-284

T1037Boot or Logon Initialization Scripts

└ via CAPEC-564 · CWE-284

T1080Taint Shared Content

└ via CAPEC-562 · CWE-284

T1505.005Terminal Services DLL

└ via CAPEC-558 · CWE-284

T1542.003Bootkit

└ via CAPEC-552 · CWE-284

T1543Create or Modify System Process

└ via CAPEC-550 · CWE-284

T1543.001Launch Agent

└ via CAPEC-564 · CWE-284

T1543.003Windows Service

└ via CAPEC-478 · CWE-284

T1543.004Launch Daemon

└ via CAPEC-564 · CWE-284

T1546.001Change Default File Association

└ via CAPEC-556 · CWE-284

T1546.004Unix Shell Configuration Modification

└ via CAPEC-19 · CWE-284

T1546.008Accessibility Features

└ via CAPEC-558 · CWE-284

T1546.016Installer Packages

└ via CAPEC-19 · CWE-284

T1547Boot or Logon Autostart Execution

└ via CAPEC-564 · CWE-284

T1547.006Kernel Modules and Extensions

└ via CAPEC-552 · CWE-284

T1553.004Install Root Certificate

└ via CAPEC-479 · CWE-284

T1556.006Multi-Factor Authentication

└ via CAPEC-578 · CWE-284

T1574.011Services Registry Permissions Weakness

└ via CAPEC-478 · CWE-284

Known exploits — Сканер-ВС

No Сканер-ВС checks registered for this vulnerability yet.

Affected products

Ruckuswireless

R310 Zonedirector 1200 Zonedirector 1200 Firmware R500 R600 T300 T301n T301s R310 Firmware Sz-100+18

Product	Vendor	Status
r310_firmware	*	Tracked
r500_firmware	*	Tracked
r600_firmware	*	Tracked
scg200_firmware	*	Tracked
sz-100_firmware	*	Tracked
sz-300_firmware	*	Tracked
t300_firmware	*	Tracked
t301n_firmware	*	Tracked
t301s_firmware	*	Tracked
vsz_firmware	*	Tracked
zonedirector_1100_firmware	*	Tracked
zonedirector_1200_firmware	*	Tracked
zonedirector_3000_firmware	*	Tracked
zonedirector_5000_firmware	*	Tracked

Source databases

CVE

External references

https://hdhrmi.blogspot.com/2020/03/multiple-vulnerabilities-in-ruckus.html?m=1@https://support.ruckuswireless.com/security_bulletins/302@https://support.ruckuswireless.com/security_bulletins/302