🚧 Kappa Data WaaS currently unavailable

As a customer of the Kappa Data WaaS service, we want to inform you about a security incident related to the Ruckus vSZ systems that are used behind this WaaS service. Recently there were a couple of vulnerabilities recognized in the vSZ system, which are referenced as CVE’s by the CERT organization.

Mitigation

First of all we closed all connections towards our vSZ infrastructure. As some APs need connection to get a “heartbeat”, we decided to “whitelist” the public IPs related to the connected APs. The APs still have a connection with the vSZ using the management tunnel, but all other IPs cannot connect to the infrastructure.

Furthermore, we disabled the web management to prevent unauthorized API access to the webserver of the vSZ. As a result we can confirm that nobody can connect to the infrastructure to exploit the relevant CVE’s.

In the meantime, if you need to do an urgent configuration, please contact Kappa Data Support using +32 9 243 42 11 or send an email to support@kappadata.eu