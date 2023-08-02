Cerca nel sito
 
menu MENU
newsletter AK Blog gruppo adnkronos
cerca CERCA
Mercoledì 02 Agosto 2023
Aggiornato: 14:51
segui il tuo
oroscopo
0 ultim'ora
breaking news
chiudi

15:08 Forza Italia, lo scouting di Tajani: "Nomi importanti in arrivo"

15:03 Fisco, le novità: dalla tredicesima al superbollo, le misure chiave

14:34 Caro benzina, prezzo medio carburanti di oggi

14:33 Trump: "Mia incriminazione prova la corruzione in cui è precipitata l'America"

13:57 E' morto Marc Gilpin, il ragazzino star di 'Lo squalo 2': aveva 56 anni

13:55 Papa Francesco: "Sogno un'Europa che includa i popoli"

13:40 MotoGp Silverstone, Yamaha ingaggia Alex Rins: lo spagnolo correrà al fianco di Quartararo nel 2024

13:23 Calciomercato Inter, Scamacca nel mirino dell'Atalanta: ultime news

13:03 Dress code alla Camera, sì alla stretta: ma su cravatta e sneakers l'Aula si spacca

13:02 Vitalizi, Fassino: "4718 euro al mese non sono stipendio d'oro"

12:54 Contratto medici, nuova fumata nera: trattativa riparte il 5 settembre

12:47 Golpe in Niger, Russia fa appello al dialogo. Mali e Burkina Faso minacciano escalation

SPORT
FINANZA
CULTURA
IMMEDIAPRESS
MOTORI
FACILITALIA
WINE
MODA
MEDIA & COMUNICAZIONE
TECH&GAMES
MULTIMEDIA
Temi caldi
Speciali

comunicato stampa

New Ruckus Unleashed Product Line Exploit Discovered by SAM Seamless Network

02 agosto 2023 | 13.00
LETTURA: 4 minuti

Vulnerability enables attacker to remotely gain full control over network devices. Ruckus has issued a patch for affected products

TEL-AVIV, Israel, Aug. 2, 2023 /PRNewswire/ -- SAM Seamless Network (SAM), the global leader of cloud-native security and intelligence services for unmanaged networks and IoTs, has discovered a vulnerability affecting 31 networking products from RUCKUS® Networks, part of CommScope (NASDAQ: COMM), a provider of products and solutions for wired and wireless networks. By exploiting this vulnerability an attacker can remotely gain full control over these Ruckus network devices. SAM has reported its findings to Ruckus, and is now disclosing them publicly after Ruckus had taken the necessary steps to rectify the situation.

The authenticated remote command execution vulnerability was found in the "Ruckus Unleashed" product line's firmware (R510_200.14.6.1.179), and 31 products that are using the same web-based management interface version of Ruckus Unleashed are affected.

SAM's cybersecurity researchers discovered the flaw in an internal daemon associated with the web server, which manifests itself while parsing specific messages within one of the web components. The exploit can be triggered relatively quickly, if the attacker has LAN/WAN access to the AP's management interface. Upon successful exploitation, an attacker gains full control over the remote Ruckus Unleashed device, obtaining a fully privileged root shell.

This vulnerability exposes networks based on the affected devices to the risk of an attacker installing malware on the Ruckus AP, or gaining unauthorized access to the Ruckus mesh topology, connected client traffic, and other critical information.

A CVE ID from MITRE is pending (as of July 31, 2023).

SAM had reached out to Ruckus and provided its findings. Ruckus had promptly responded, and had communicated effectively with SAM from the initial vulnerability submission until the resolution of this issue.  Ruckus' disclosure of this vulnerability and additional details on relevant patches related to affected products can be found in Ruckus' Security Bulletin 20230731 at this link.

SAM's cybersecurity solutions, which are protecting home and business networks at some of the world's largest ISPs, secure the network by protecting the router, the network and the devices connected to the network – and require no software installation on any of the end user's devices. SAM's device fingerprinting technology is used to identify the devices on the network and any change in device roster, and enables not only constant awareness to any abnormal device or network behavior, but a truly seamless and automated "no touch" user onboarding and continuous operation.

"SAM has a proactive approach to IoT security, and an ongoing commitment to detect and defend against cybersecurity attacks, invasion of privacy, and personal information theft," said Sivan Rauscher, CEO and Co-founder of SAM Seamless Network. "Having our own dedicated team of cybersecurity researchers enables SAM to not only incorporate updated cybersecurity mitigation practices within our solutions when they are provided by device vendors, but also actively discover new vulnerabilities in network-attached devices, investigate them, alert the relevant vendor, responsibly disclose the vulnerabilities to the cybersecurity community, and collaborate with relevant stakeholders on rectifying the vulnerabilities."

"Known device vulnerabilities that have already been resolved by their vendors are being mitigated by default," explains Nadav Lieberman, SAM's VP Data and Innovation. "However, when a new vulnerability is discovered - either by us or another party - and a patch is not issued by the vendor immediately, we create and apply the appropriate mitigation process, which can be a network policy update, code injection, etc., and use Hot Patching to secure the affected devices until an official patch is deployed by the vendor. SAM's hot patching really shines when it comes to secure IoT devices, known to be very challenging to secure and update, but it is especially critical when dealing with devices that are no longer supported by their vendor ("End of life") but are still at risk due to new vulnerabilities affecting them."

SAM wishes to recognize the outstanding and comprehensive research that has been done by "alephsecurity" in discovering prior exploits in Ruckus' products, which proved to be an important supporting asset to SAM's research efforts during the recent discovery.

About SAMThe leading provider of cloud-native security and intelligence services for unmanaged networks and connected devices, covering upwards of 500 million devices globally. With its intuitive AI technology, SAM addresses the challenges of our hyperconnected world, in which an explosion of IoT devices exposes potential attack surfaces for companies and consumers alike. SAM's device-agnostic software provides deep network visibility to protect against sophisticated cyber-attacks in real-time and prevent the spread of zero-day attacks. By using its unique cloud-based device and threat intelligence, SAM studies and identifies the behavior of every device to create customized protection for all home and SMB users, forming a bulletproof network.  

www.securingsam.com

Press Contacts:Shiri ButnaruHead of Marketingshiri@securingsam.com

Photo - https://mma.prnewswire.com/media/2166836/SAM_Seamless_Network.jpg

View original content:https://www.prnewswire.co.uk/news-releases/new-ruckus-unleashed-product-line-exploit-discovered-by-sam-seamless-network-301891407.html

Riproduzione riservata
© Copyright Adnkronos
Tag
ICT ICT ICT ICT ICT Altro Economia_E_Finanza control over network devices network SAM Seamless over
Vedi anche
News to go
Calciomercato, Inter punta su Scamacca. Si complica la pista Sommer
Caporalato in Toscana, donne sfruttate nei campi per 12 ore al giorno
News to go
Traffico aereo in Italia in forte ripresa
News to go
Padova, truffa con bonus facciate
News to go
Niger, fonti: "Tutti i connazionali via con volo italiano"
News to go
Università, contrasto al disagio per gli studenti
News to go
Maltempo e incendi, prorogati al 21 agosto i versamenti tributari
News to go
Meteo Italia oggi, le previsioni
News to go
Pil Italia, Istat: "Cala dello 0,3% nel secondo trimestre"
News to go
Bollette, 4 milioni di italiani vittime di truffe
News to go
Carburanti, dall'1 agosto gestori esporranno prezzo medio
News to go
Niger, Consiglio Difesa: "Non tollereremo attacchi contro nostri interessi economici"
ora in
Prima pagina
articoli
in Evidenza