We’re aware of a vulnerability (CVE-2023-39904, CVE-2023-39905, CVE-2023-39906) in the web-based management interface of the Ruckus ICX switch product line that could allow a remote attacker to execute XSS and CSRF attacks against the user of the interface.

To exploit this vulnerability, an attacker would require the targeted user to click a crafted link that would send a malicious request to the impacted device.

Please note that schools who have had Ruckus equipment installed under Equipment Replacement shouldn’t be impacted.

For any hardware not installed under Equipment Replacement, a patch is available for currently supported models. We recommend upgrading to the latest version and also disabling http and https access to your switch. 

You can find more information on this patch and check devices impacted here.