Detections
Analytics
Ruckus Wireless ICX Switches Improper Validation of Integrity Check Value (CVE-2024-50604)
critical Tenable OT Security Plugin ID 503334
Synopsis
The remote OT asset is affected by a vulnerability.Description
The following vulnerabilities are found in the RUCKUS FastIron firmware that runs on the RUCKUS ICX product line:- CVE-2024-50607: Directory traversal vulnerability
- CVE-2024-50604: Insufficient validation for software component integrity check Collectively, these vulnerabilities can allow an authenticated attacker with physical access to perform a malware injection attack on vulnerable ICX switches.
This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.
Solution
Refer to the vendor advisory.See Also
Plugin Details
Severity: Critical
ID: 503334
Version: 1.1
Type: remote
Family: Tenable.ot
Published: 9/29/2025
Updated: 9/29/2025
Supported Sensors: Tenable OT Security
Risk Information
CVSS v3
Risk Factor: Critical
Base Score: 9.9
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Vulnerability Information
CPE: cpe:/o:ruckussecurity:icx8200_series_firmware:10.0.20b, cpe:/o:ruckussecurity:icx6430_series_firmware:08.0.95r, cpe:/o:ruckussecurity:icx6430_series_firmware:10.0.10f, cpe:/o:ruckussecurity:icx8100_series_firmware:10.0.20b, cpe:/o:ruckussecurity:icx7250_series_firmware:10.0.10f, cpe:/o:ruckussecurity:icx8100_series_firmware:08.0.95r, cpe:/o:ruckussecurity:icx7750_series_firmware:10.0.10f, cpe:/o:ruckussecurity:icx7250_series_firmware:08.0.95r, cpe:/o:ruckussecurity:icx6450_series_firmware:10.0.20b, cpe:/o:ruckussecurity:icx6450_series_firmware:09.0.10j, cpe:/o:ruckussecurity:icx7850_series_firmware:09.0.10j, cpe:/o:ruckussecurity:icx8200_series_firmware:10.0.10f, cpe:/o:ruckussecurity:icx6610_series_firmware:10.0.20b, cpe:/o:ruckussecurity:icx7650_series_firmware:10.0.20b, cpe:/o:ruckussecurity:icx7850_series_firmware:10.0.10f, cpe:/o:ruckussecurity:icx7750_series_firmware:10.0.20b, cpe:/o:ruckussecurity:icx7150_series_firmware:09.0.10j, cpe:/o:ruckussecurity:icx6430_series_firmware:10.0.20b, cpe:/o:ruckussecurity:icx6610_series_firmware:10.0.10f, cpe:/o:ruckussecurity:icx7250_series_firmware:10.0.20b, cpe:/o:ruckussecurity:icx8100_series_firmware:09.0.10j, cpe:/o:ruckussecurity:icx8100_series_firmware:10.0.10f, cpe:/o:ruckussecurity:icx6450_series_firmware:08.0.95r, cpe:/o:ruckussecurity:icx6610_series_firmware:08.0.95r, cpe:/o:ruckussecurity:icx7650_series_firmware:08.0.95r, cpe:/o:ruckussecurity:icx7550_series_firmware:08.0.95r, cpe:/o:ruckussecurity:icx7750_series_firmware:08.0.95r, cpe:/o:ruckussecurity:icx7750_series_firmware:09.0.10j, cpe:/o:ruckussecurity:icx7550_series_firmware:09.0.10j, cpe:/o:ruckussecurity:icx8200_series_firmware:08.0.95r, cpe:/o:ruckussecurity:icx7550_series_firmware:10.0.10f, cpe:/o:ruckussecurity:icx7150_series_firmware:10.0.10f, cpe:/o:ruckussecurity:icx7450_series_firmware:09.0.10j, cpe:/o:ruckussecurity:icx7550_series_firmware:10.0.20b, cpe:/o:ruckussecurity:icx7150_series_firmware:08.0.95r, cpe:/o:ruckussecurity:icx7650_series_firmware:09.0.10j, cpe:/o:ruckussecurity:icx7450_series_firmware:10.0.10f, cpe:/o:ruckussecurity:icx7850_series_firmware:08.0.95r, cpe:/o:ruckussecurity:icx7650_series_firmware:10.0.10f, cpe:/o:ruckussecurity:icx6450_series_firmware:10.0.10f, cpe:/o:ruckussecurity:icx7150_series_firmware:10.0.20b, cpe:/o:ruckussecurity:icx6430_series_firmware:09.0.10j, cpe:/o:ruckussecurity:icx6610_series_firmware:09.0.10j, cpe:/o:ruckussecurity:icx7250_series_firmware:09.0.10j, cpe:/o:ruckussecurity:icx7450_series_firmware:08.0.95r, cpe:/o:ruckussecurity:icx7850_series_firmware:10.0.20b, cpe:/o:ruckussecurity:icx7450_series_firmware:10.0.20b, cpe:/o:ruckussecurity:icx8200_series_firmware:09.0.10j
Required KB Items: Tenable.ot/RuckusWireless
Exploit Ease: No known exploits are available
Patch Publication Date: 2/21/2025
Vulnerability Publication Date: 2/21/2025
Reference Information
CVE: CVE-2024-50604
CWE: 354