Is CVE-2017-6230 actively exploited?

CVE-2017-6230 has no public evidence of in-the-wild exploitation as of 2024-11-21.

What is the CVSS score for CVE-2017-6230?

CVE-2017-6230 has a CVSS score of 8.8 (HIGH severity). Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H.

How do I patch CVE-2017-6230?

Patch guidance is available from ruckuswireless security advisories. CVEDatabase generates AI-assisted remediation guidance on demand for CVE-2017-6230.

Fix CVE-2017-6230 - HIGH | CVEDatabase.com

Q: Which products are affected by CVE-2017-6230?

2 products: ruckuswireless solo access point firmware, ruckuswireless smartzone managed access point firmware.

Description

Ruckus Networks Solo APs firmware releases R110.x or before and Ruckus Networks SZ managed APs firmware releases R5.x or before contain authenticated Root Command Injection in the web-GUI that could allow authenticated valid users to execute privileged commands on the respective systems.

CVSS Metrics

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector: network
Complexity: low
Privileges: low
User Action: none
Scope: unchanged
Confidentiality: high
Integrity: high
Availability: high
Weaknesses: CWE-78 · OS Command Injection

Metadata

Primary Vendor: RUCKUSWIRELESS
Published: 2/14/2018
Last Modified: 11/21/2024
Source: NIST NVD
Note: Verify all details with official vendor sources before applying patches.

Affected Products

ruckuswireless : solo_access_point_firmwareruckuswireless : smartzone_managed_access_point_firmware

Remediation Guidance

Executive Summary

View on NIST NVD