CVE-2023-25717

CISA description

Ruckus Wireless Access Point (AP) software contains an unspecified vulnerability in the web services component. If the web services component is enabled on the AP, an attacker can perform cross-site request forgery (CSRF) or remote code execution (RCE). This vulnerability impacts Ruckus ZoneDirector, SmartZone, and Solo APs.

Required action

Apply updates per vendor instructions or disconnect product if it is end-of-life.

Notes & references

• https://support.ruckuswireless.com/security_bulletins/315
• https://nvd.nist.gov/vuln/detail/CVE-2023-25717

Where this lands in 800-53

Vulnerability data triggers these controls during assessment and continuous monitoring.

• RA-5 · Vulnerability Monitoring and Scanning
• SI-2 · Flaw Remediation
• CM-6 · Configuration Settings
• SI-7 · Software, Firmware, and Information Integrity
• CM-8 · System Component Inventory

External lookups

• NVD · CVE-2023-25717
• CVE.org · CVE-2023-25717
• CISA KEV catalog (canonical)