Detections
Analytics

Ruckus Wireless ICX Switches Cross-site Scripting and Cross-site Request Forgery (CVE-2023-39905)

medium Tenable OT Security Plugin ID 503336

Synopsis

The remote OT asset is affected by a vulnerability.

Description

A vulnerability in the web-based management interface of the RUCKUS ICX product line could allow a remote attacker to execute XSS and CSRF attacks against the user of the interface. To exploit this vulnerability, an attacker would require the targeted user to click a crafted link that would send a malicious request to the affected device.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

See Also

https://support.ruckuswireless.com/security_bulletins/321

Plugin Details

Severity: Medium

ID: 503336

Version: 1.1

Type: remote

Family: Tenable.ot

Published: 9/29/2025

Updated: 9/29/2025

Supported Sensors: Tenable OT Security

Risk Information

CVSS v2

Risk Factor: Medium

Base Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS Score Source: CVE-2023-39905

CVSS v3

Risk Factor: Medium

Base Score: 4.3

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Vulnerability Information

CPE: cpe:/o:ruckussecurity:icx7150_series_firmware, cpe:/o:ruckussecurity:icx7850_series_firmware, cpe:/o:ruckussecurity:icx6430_series_firmware, cpe:/o:ruckussecurity:icx7750_series_firmware, cpe:/o:ruckussecurity:icx7450_series_firmware, cpe:/o:ruckussecurity:icx6610_series_firmware, cpe:/o:ruckussecurity:icx6450_series_firmware, cpe:/o:ruckussecurity:icx7650_series_firmware, cpe:/o:ruckussecurity:icx7250_series_firmware, cpe:/o:ruckussecurity:icx7550_series_firmware, cpe:/o:ruckussecurity:icx8200_series_firmware

Required KB Items: Tenable.ot/RuckusWireless

Exploit Ease: No known exploits are available

Patch Publication Date: 8/8/2023

Vulnerability Publication Date: 8/8/2023

Reference Information

CVE: CVE-2023-39905

CWE: 79