-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 TITLE CVE-2021-44228: Apache Log4j Vulnerability Initial Internal Release Date: 12/13/2021 Initial Release to the Public: 12/13/2021 Update Release Date: 12/13/2021 Document Version: 1.0 What is the issue? A vulnerability was found in the Apache Log4j logging library from version 2.0 to 2.14.1. Products utilizing this library are susceptible to remote code execution vulnerability, where a remote attacker can leverage this vulnerability to gain full control of the impacted device. For more details about this vulnerability, please see https://nvd.nist.gov/vuln/detail/CVE-2021-44228. What action should I take? RUCKUS is releasing the fix for these vulnerability through a software update. Since it is a critical issue, all affected customers are strongly encouraged to apply the fix once available. In case of any questions contact RUCKUS TAC through regular means as described at https://support.ruckuswireless.com/contact-us and refer to this document to validate this entitlement. Are there any workarounds available? No What is the impact on Ruckus products? The following table describes the vulnerable products, software versions, and the recommended actions. Product Vulnerable Release Resolution Patch Release Date - - - ----------------------------------------------------------------------------------------------------- SmartZone and Virtual SmartZone 5.1 to 6.0 Install KSP when available TBD - - - ----------------------------------------------------------------------------------------------------- Unleashed Multi- Site Manager (UMM) TBD TBD TBD - - - ----------------------------------------------------------------------------------------------------- FlexMaster TBD TBD TBD - - - ----------------------------------------------------------------------------------------------------- The following products are not vulnerable: All Access Points, ZoneDirector, Unleashed, ICX Switches, SPoT/vSPoT, and RUCKUS Cloud. The following products are under assessment: Cloudpath, IoT, MobileApps, RUCKUS Analytics, and SCI. When will this Ruckus Security Advisory be publicly posted? Ruckus Networks released the initial security advisory to Ruckus field teams on: 12/13/2021 Ruckus Networks released the initial security advisory to customers on: 12/13/2021 Public posting: 12/13/2021 Revision History: Version ID Change Date - - - ------------------------------------------------------------------------------------------- 1.0 20211213 Initial Release Dec 13, 2021 - - - ------------------------------------------------------------------------------------------- Ruckus Support can be contacted as follows: The RUCKUS Customer Services & Support organization can be contacted via phone, chat, and through our web portal. Details at https://support.ruckuswireless.com/contact-us. STATUS OF THIS NOTICE: Initial release Although Ruckus Networks has made all the efforts to make sure that the facts and content stated in this advisory should be best of our ability, however, Ruckus Networks cannot guarantee the accuracy of all statements in this advisory due to complete publication for the CVE is not done yet. Should there be a significant change in the facts, Ruckus may update this advisory. © 2021 CommScope, Inc. All rights reserved. No part of this content may be reproduced in any form or by any means or used to make any derivative work (such as translation, transformation, or adaptation) without written permission from CommScope, Inc. and/or its affiliates ("CommScope"). CommScope reserves the right to revise or change this content from time to time without obligation on the part of CommScope to provide notification of such revision or change. Disclaimer THIS CONTENT AND ASSOCIATED PRODUCTS, SOFTWARE, AND/OR SERVICES ("MATERIALS"), ARE PROVIDED "AS IS" AND WITHOUT WARRANTIES OF ANY KIND, WHETHER EXPRESS OR IMPLIED. TO THE FULLEST EXTENT PERMISSIBLE PURSUANT TO APPLICABLE LAW, COMMSCOPE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE, TITLE, NON-INFRINGEMENT, FREEDOM FROM COMPUTER VIRUS, AND WARRANTIES ARISING FROM COURSE OF DEALING OR COURSE OF PERFORMANCE. CommScope does not represent or warrant that the functions described or contained in the Materials will be uninterrupted or error-free, that defects will be corrected, or are free of viruses or other harmful components. CommScope does not make any warranties or representations regarding the use of the Materials in terms of their completeness, correctness, accuracy, adequacy, usefulness, timeliness, reliability or otherwise. As a condition of your use of the Materials, you warrant to CommScope that you will not make use thereof for any purpose that is unlawful or prohibited by their associated terms of use. Limitation of Liability IN NO EVENT SHALL COMMSCOPE, COMMSCOPE AFFILIATES, OR THEIR OFFICERS, DIRECTORS, EMPLOYEES, AGENTS, SUPPLIERS, LICENSORS AND THIRD PARTY PARTNERS, BE LIABLE FOR ANY DIRECT, INDIRECT, SPECIAL, PUNITIVE, INCIDENTAL, EXEMPLARY OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES WHATSOEVER, EVEN IF COMMSCOPE HAS BEEN PREVIOUSLY ADVISED OF THE POSSIBILITY OF SUCH DAMAGES, WHETHER IN AN ACTION UNDER CONTRACT, TORT, OR ANY OTHER THEORY ARISING FROM YOUR ACCESS TO, OR USE OF, THE MATERIALS. Because some jurisdictions do not allow limitations on how long an implied warranty lasts, or the exclusion or limitation of liability for consequential or incidental damages, some of the above limitations may not apply to you. Trademarks ARRIS, the ARRIS logo, CommScope, RUCKUS, Ruckus Wireless, Ruckus Networks, Ruckus logo, the Big Dog design, BeamFlex, ChannelFly, EdgeIron, FastIron, HyperEdge, ICX, IronPoint, OPENG, SmartCell, Unleashed, Xclaim, and ZoneFlex are trademarks of CommScope, Inc. and/or its affiliates. Wi-Fi Alliance, Wi-Fi, the Wi-Fi logo, Wi-Fi Certified, the Wi-Fi CERTIFIED logo, Wi-Fi Protected Access, the Wi-Fi Protected Setup logo, Wi-Fi Protected Setup, Wi-Fi Multimedia and WPA2 and WMM are trademarks or registered trademarks of Wi-Fi Alliance. All other trademarks are the property of their respective owners. -----BEGIN PGP SIGNATURE----- iQFQBAEBCAA6FiEEqHy6W3Zg+S2j7zfiUfqDlEurOHUFAmG3x/UcHHNlY3VyaXR5 QHJ1Y2t1c3dpcmVsZXNzLmNvbQAKCRBR+oOUS6s4dV97CADHXaiu9tTEm0Lu8b38 qsLuVWCDCVMZ54FmcoEg0r2YgtjOtXVZh8sW7F+LIbqaklR4SRo5IJqQA+6T4Zn1 CD4gFB6SF5Wyo/+UL0wui1mSZM40cbOqOTmLcvYMONneX4P/JgyW3o6LbVNpaY7X gQjTbeMChSGAci/VxilPZ32Ov3m8Q1JHSWu1nqSPJ2nKwSLscrkHouylbcoZeGrZ 0GvCYRGyd73FgO9aqyMOSfsxUUYwvcFHsHTZ8xwBwmQAKuzg9q3j3envuCYLB0Z9 +9n94PjiVEZOc3tp8QxwSveMP6+Nyg2r+PtcR8Cu4Hae+V0BEyBtzV0en62j500w NH1d =e68I -----END PGP SIGNATURE-----