Is Xclaim/Ruckus aware of this?
Looks like the main site for the attack is now up:
Also would like to hear from Xclaim/Ruckus as well, regarding wherever firmware updates are neccessary, or not.
Come on Xclaim aka Ruckus? Why no answer yet about this critical issue??!
I'm needing to roll this out this evening if possible to make sure I'm not in breach of SLA.
We will check with the security team and post an update ASAP.
Since this issue was presumably discovered around the 14. July - and CERT/CC was informed, and sent out general information to all vendors on the 28. August. I am confused as to why its at all necessary to "check with the security team" - Since that would imply that either Ruckus/Xclaim ignored the CERT/CC Announcement - Or that there is NO communication internally - And nothing has been prepared ! (RUCKUS has not been out with a statement either) - I am honestly not impressed at ALL
Seems Aruba Networks where better prepared:
Discussion going on at ruckus forum:
For anyone interested
Wow... it’s getting better... Not! Omg!
Ruckus was notified about this serious issue on the 30th of August 2017. It looks like they haven’t done anything in the meantime.
Notify source: http://www.kb.cert.org/vuls/byvendor?searchview&Query=FIELD+Reference=228519&SearchOrder=4
Hi guys @Xclaim
Is it possible for Xclaim to post an update regarding this issue? Until now, complete sound of silence ..
Although this vulnerability is mainly affected on the "client" site (in my opinion) it's still to important to ignore at short notice.
Please let us know ASAP, because my customers are expecting an update at short notice.
We sincerely apologize for the delay. Ruckus has released an advisory which can be accessed from the below posting
We also encourage to read the blog post which discusses this problem
Xclaim will release a patch in the first week of November.