Security Bulletins

Security Bulletin 20231016

Title: Cloudpath® Persistent XSS and CSRF Vulnerability Description: A vulnerability in the web-based interface of the RUCKUS Cloudpath product could allow a remote, unauthenticated attacker to execute persistent XSS and CSRF attacks against a user of the admin management interface. A successful attack, combined with a certain admin activity, could allow the attacker to gain full admin privileges on the exploited system.
Release Date:
October 16, 2023
Edit Date:
November 28, 2023
Version:
1.1

Applicable To The Following Products

Cloudpath Enrollment System (ES)


Cloudpath ES Highlights


  • Automated onboarding for all users, including employees, guests, and contractors

  • Intuitive workflow engine for comprehensive policy-driven access

  • Distributes unique certificate per device based on policies

  • Built-in certificate infrastructure and RADIUS server

  • Automates EAP-TLS, the WPA2-Enterprise gold standard

  • Supports guest use cases, including sponsorship

  • Differentiates between IT-owned and personal devices

  • Provides visibility into users, devices, and policies

  • Integrates with Microsoft Active Directory and Certificate Services

  • Integrates with external LDAP and RADIUS servers

  • Integrates with your existing WLAN

Cloudpath ES is deployable on-premise as a VMware server(s) or is available as a cloud service to make a powerful addition to existing ZoneDirector and SmartZone platforms.

To request a Demo for a CP Trial account, click this Link.

Working...Please wait

This is here to prevent you from accidentally submitting twice.

The page will automatically refresh.

Alert!!

Close