CVE-2018-0284
6.5
Vector
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Exploitability: 2.8 / Impact: 3.6
Source: NVD
Description
A vulnerability in the local status page functionality of the Cisco Meraki MR, MS, MX, Z1, and Z3 product lines could allow an authenticated, remote attacker to modify device configuration files. The vulnerability occurs when handling requests to the local status page. An exploit could allow the attacker to establish an interactive session to the device with elevated privileges. The attacker could then use the elevated privileges to further compromise the device or obtain additional configuration data from the device that is being exploited.
Affected (7)
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| Before 24.13 | |
| Before 25.11 |
| Running on/with | Platform Versions |
|---|---|
Cisco Meraki Mr | All versions |
Configuration B
| Vulnerable Software | Affected Versions |
|---|---|
| Before 10.20 | |
| Before 9.37 |
| Running on/with | Platform Versions |
|---|---|
Cisco Meraki Ms | All versions |
Configuration C
| Running on/with | Platform Versions |
|---|---|
Cisco Meraki Mx | All versions |
Configuration D
| Running on/with | Platform Versions |
|---|---|
Cisco Meraki Z1 | All versions |
Configuration E
| Vulnerable Software | Affected Versions |
|---|---|
| Before 13.32 | |
| Before 14.25 | |
| Before 15.7 |
| Running on/with | Platform Versions |
|---|---|
Cisco Meraki Z3 | All versions |
Related CWEs
References (4)
Source: psirt@cisco.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Timeline
No history available yet.