All the vulnerabilites related to cisco - meraki_mx
Vulnerability from fkie_nvd
Published
2014-12-24 00:59
Modified
2024-11-21 02:18
Severity ?
Summary
Cisco-Meraki MS, MR, and MX devices with firmware before 2014-09-24 allow physically proximate attackers to obtain shell access by opening a device's case and connecting a cable to a serial port, aka Cisco-Meraki defect ID 00302077.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | meraki_mx_firmware | * | |
| cisco | meraki_mx | - | |
| cisco | meraki_ms_firmware | * | |
| cisco | meraki_ms | - | |
| cisco | meraki_mr_firmware | * | |
| cisco | meraki_mr | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:meraki_mx_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "79D2AAC3-76F0-435D-9AE4-0F46775C46BF",
"versionEndIncluding": "2014-09-24",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:meraki_mx:-:*:*:*:*:*:*:*",
"matchCriteriaId": "43B23A83-E4ED-486F-8D7B-36A15C30564B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:meraki_ms_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F8A040DC-DDDD-4408-A7E3-2D2E2EA140EE",
"versionEndIncluding": "2014-09-24",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:meraki_ms:-:*:*:*:*:*:*:*",
"matchCriteriaId": "06E18353-AF89-46C7-BE78-4F80D4992C30",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:meraki_mr_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6576CBB7-4493-42CA-B2F1-1B3CC752454F",
"versionEndIncluding": "2014-09-24",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:meraki_mr:-:*:*:*:*:*:*:*",
"matchCriteriaId": "361C9901-DADE-4AA2-90F0-19A510164EB5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cisco-Meraki MS, MR, and MX devices with firmware before 2014-09-24 allow physically proximate attackers to obtain shell access by opening a device\u0027s case and connecting a cable to a serial port, aka Cisco-Meraki defect ID 00302077."
},
{
"lang": "es",
"value": "Los dispositivos Cisco-Meraki MS, MR y MX con firmware anterior a 2014-09-24 permiten a atacantes f\u00edsicamente cercanos obtener acceso shell mediante la apertura de la caja y conexi\u00f3n a trav\u00e9s del puerto serial, tambi\u00e9n conocido como Cisco-Meraki defect ID 00302077."
}
],
"id": "CVE-2014-7995",
"lastModified": "2024-11-21T02:18:23.833",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-12-24T00:59:02.423",
"references": [
{
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=36799"
},
{
"source": "ykramarz@cisco.com",
"url": "https://dashboard.meraki.com/firmware_security"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=36799"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://dashboard.meraki.com/firmware_security"
}
],
"sourceIdentifier": "ykramarz@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-11-08 16:29
Modified
2024-11-21 03:37
Severity ?
Summary
A vulnerability in the local status page functionality of the Cisco Meraki MR, MS, MX, Z1, and Z3 product lines could allow an authenticated, remote attacker to modify device configuration files. The vulnerability occurs when handling requests to the local status page. An exploit could allow the attacker to establish an interactive session to the device with elevated privileges. The attacker could then use the elevated privileges to further compromise the device or obtain additional configuration data from the device that is being exploited.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| ykramarz@cisco.com | http://www.securityfocus.com/bid/105878 | Third Party Advisory, VDB Entry | |
| ykramarz@cisco.com | https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181107-meraki | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/105878 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181107-meraki | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:meraki_mr_24_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A12F23A6-BD24-4925-A4F6-613B5F82013B",
"versionEndExcluding": "24.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:meraki_mr_25_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DF1FDC62-CB94-4A83-A6EC-D55F92255AE4",
"versionEndExcluding": "25.11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:meraki_mr:-:*:*:*:*:*:*:*",
"matchCriteriaId": "361C9901-DADE-4AA2-90F0-19A510164EB5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:meraki_ms_10_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "08F136AC-4334-4AE7-9515-1765E5EE8432",
"versionEndExcluding": "10.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:meraki_ms_9_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "621C5956-044A-4BF1-9AD7-FE51D266CAD1",
"versionEndExcluding": "9.37",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:meraki_ms:-:*:*:*:*:*:*:*",
"matchCriteriaId": "06E18353-AF89-46C7-BE78-4F80D4992C30",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:meraki_mx_13_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E1797F2C-2D42-46CA-AB3F-B4DFCB62982E",
"versionEndExcluding": "13.32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:meraki_mx_14_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "595A2CE7-9367-4007-BAA5-096E378BFA35",
"versionEndExcluding": "14.25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:meraki_mx_15_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4808BEE8-9FAC-467A-B086-3ED4627BBAEA",
"versionEndExcluding": "15.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:meraki_mx:-:*:*:*:*:*:*:*",
"matchCriteriaId": "43B23A83-E4ED-486F-8D7B-36A15C30564B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:meraki_mx_13_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E1797F2C-2D42-46CA-AB3F-B4DFCB62982E",
"versionEndExcluding": "13.32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:meraki_mx_14_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "595A2CE7-9367-4007-BAA5-096E378BFA35",
"versionEndExcluding": "14.25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:meraki_mx_15_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4808BEE8-9FAC-467A-B086-3ED4627BBAEA",
"versionEndExcluding": "15.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:meraki_z1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "157CD5BA-AB9A-4974-91B7-84D20011E84D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:meraki_mx_13_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E1797F2C-2D42-46CA-AB3F-B4DFCB62982E",
"versionEndExcluding": "13.32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:meraki_mx_14_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "595A2CE7-9367-4007-BAA5-096E378BFA35",
"versionEndExcluding": "14.25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:meraki_mx_15_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4808BEE8-9FAC-467A-B086-3ED4627BBAEA",
"versionEndExcluding": "15.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:meraki_z3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FB81CFD0-9558-47AB-96E4-CB21C1AA9159",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the local status page functionality of the Cisco Meraki MR, MS, MX, Z1, and Z3 product lines could allow an authenticated, remote attacker to modify device configuration files. The vulnerability occurs when handling requests to the local status page. An exploit could allow the attacker to establish an interactive session to the device with elevated privileges. The attacker could then use the elevated privileges to further compromise the device or obtain additional configuration data from the device that is being exploited."
},
{
"lang": "es",
"value": "Una vulnerabilidad en la funcionalidad de la p\u00e1gina de estado local de las l\u00edneas de productos MR, MS, MX, Z1 y Z3 de Cisco Meraki podr\u00eda permitir que un atacante remoto autenticado modifique los archivos de configuraci\u00f3n del dispositivo. La vulnerabilidad se produce cuando se gestionan las solicitudes a la p\u00e1gina de estado local. Su explotaci\u00f3n podr\u00eda permitir al atacante establecer una sesi\u00f3n interactiva en el dispositivo con privilegios elevados. El atacante podr\u00eda entonces utilizar los privilegios elevados para comprometer a\u00fan m\u00e1s el dispositivo u obtener datos de configuraci\u00f3n adicionales del dispositivo que se est\u00e1 explotando."
}
],
"id": "CVE-2018-0284",
"lastModified": "2024-11-21T03:37:53.637",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-11-08T16:29:00.227",
"references": [
{
"source": "ykramarz@cisco.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/105878"
},
{
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181107-meraki"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/105878"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181107-meraki"
}
],
"sourceIdentifier": "ykramarz@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "ykramarz@cisco.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-12-24 00:59
Modified
2024-11-21 02:18
Severity ?
Summary
Cisco-Meraki MS, MR, and MX devices with firmware before 2014-09-24 allow remote attackers to obtain sensitive credential information by leveraging unspecified HTTP handler access on the local network, aka Cisco-Meraki defect ID 00302012.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | meraki_mx_firmware | * | |
| cisco | meraki_mx | * | |
| cisco | meraki_mr_firmware | * | |
| cisco | meraki_mr | * | |
| cisco | meraki_ms_firmware | * | |
| cisco | meraki_ms | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:meraki_mx_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "79D2AAC3-76F0-435D-9AE4-0F46775C46BF",
"versionEndIncluding": "2014-09-24",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:meraki_mx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6FE0ADF6-6416-4672-A360-70E616322C62",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:meraki_mr_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6576CBB7-4493-42CA-B2F1-1B3CC752454F",
"versionEndIncluding": "2014-09-24",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:meraki_mr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E31861FE-504A-4E7F-B2E4-3482E1E9387E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:meraki_ms_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F8A040DC-DDDD-4408-A7E3-2D2E2EA140EE",
"versionEndIncluding": "2014-09-24",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:meraki_ms:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9D4F6B8E-DD9F-433F-9A94-286E5E5361AF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cisco-Meraki MS, MR, and MX devices with firmware before 2014-09-24 allow remote attackers to obtain sensitive credential information by leveraging unspecified HTTP handler access on the local network, aka Cisco-Meraki defect ID 00302012."
},
{
"lang": "es",
"value": "Los dispositivos Cisco-Meraki MS, MR y MX con firmware anrerior a 2014-09-24 permiten a atacantes remotos obtener informaci\u00f3n sensible de credenciales aprovechando un manejador de acceso HTTP no especificado em \u00f1a red local, tambi\u00e9n conocido como Cisco-Meraki defect ID 00302012."
}
],
"id": "CVE-2014-7993",
"lastModified": "2024-11-21T02:18:23.620",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.5,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-12-24T00:59:00.063",
"references": [
{
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=36797"
},
{
"source": "ykramarz@cisco.com",
"url": "https://dashboard.meraki.com/firmware_security"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=36797"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://dashboard.meraki.com/firmware_security"
}
],
"sourceIdentifier": "ykramarz@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-12-24 00:59
Modified
2024-11-21 02:18
Severity ?
Summary
Cisco-Meraki MS, MR, and MX devices with firmware before 2014-09-24 allow remote attackers to execute arbitrary commands by leveraging knowledge of a cross-device secret and a per-device secret, and sending a request to an unspecified HTTP handler on the local network, aka Cisco-Meraki defect ID 00301991.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | meraki_mr_firmware | * | |
| cisco | meraki_mr | - | |
| cisco | meraki_mx_firmware | * | |
| cisco | meraki_mx | - | |
| cisco | meraki_ms_firmware | * | |
| cisco | meraki_ms | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:meraki_mr_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6576CBB7-4493-42CA-B2F1-1B3CC752454F",
"versionEndIncluding": "2014-09-24",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:meraki_mr:-:*:*:*:*:*:*:*",
"matchCriteriaId": "361C9901-DADE-4AA2-90F0-19A510164EB5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:meraki_mx_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "79D2AAC3-76F0-435D-9AE4-0F46775C46BF",
"versionEndIncluding": "2014-09-24",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:meraki_mx:-:*:*:*:*:*:*:*",
"matchCriteriaId": "43B23A83-E4ED-486F-8D7B-36A15C30564B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:meraki_ms_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F8A040DC-DDDD-4408-A7E3-2D2E2EA140EE",
"versionEndIncluding": "2014-09-24",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:meraki_ms:-:*:*:*:*:*:*:*",
"matchCriteriaId": "06E18353-AF89-46C7-BE78-4F80D4992C30",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cisco-Meraki MS, MR, and MX devices with firmware before 2014-09-24 allow remote attackers to execute arbitrary commands by leveraging knowledge of a cross-device secret and a per-device secret, and sending a request to an unspecified HTTP handler on the local network, aka Cisco-Meraki defect ID 00301991."
},
{
"lang": "es",
"value": "Los dispositivos Cisco-Meraki MS, MR y MX con firmware anterior a 2014-09-24 permiten a atacantes remotos ejecutar comandos arbitrarios mediante el aprovechamiento del conocimiento de un secreto del tipo entre dispositivos y por dispositivos, mandando una petici\u00f3n hacia un manejador HTTP no especificado en la red local, tambi\u00e9n conocido como Cisco-Meraki defect ID 00301991."
}
],
"id": "CVE-2014-7994",
"lastModified": "2024-11-21T02:18:23.730",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:A/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 5.5,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-12-24T00:59:01.547",
"references": [
{
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=36798"
},
{
"source": "ykramarz@cisco.com",
"url": "https://dashboard.meraki.com/firmware_security"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=36798"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://dashboard.meraki.com/firmware_security"
}
],
"sourceIdentifier": "ykramarz@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-12-24 00:59
Modified
2024-11-21 02:18
Severity ?
Summary
Cisco-Meraki MS, MR, and MX devices with firmware before 2014-09-24 allow remote authenticated users to install arbitrary firmware by leveraging unspecified HTTP handler access on the local network, aka Cisco-Meraki defect ID 00478565.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | meraki_mr_firmware | * | |
| cisco | meraki_mr | - | |
| cisco | meraki_ms_firmware | * | |
| cisco | meraki_ms | - | |
| cisco | meraki_mx_firmware | * | |
| cisco | meraki_mx | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:meraki_mr_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6576CBB7-4493-42CA-B2F1-1B3CC752454F",
"versionEndIncluding": "2014-09-24",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:meraki_mr:-:*:*:*:*:*:*:*",
"matchCriteriaId": "361C9901-DADE-4AA2-90F0-19A510164EB5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:meraki_ms_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F8A040DC-DDDD-4408-A7E3-2D2E2EA140EE",
"versionEndIncluding": "2014-09-24",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:meraki_ms:-:*:*:*:*:*:*:*",
"matchCriteriaId": "06E18353-AF89-46C7-BE78-4F80D4992C30",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:meraki_mx_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "79D2AAC3-76F0-435D-9AE4-0F46775C46BF",
"versionEndIncluding": "2014-09-24",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:meraki_mx:-:*:*:*:*:*:*:*",
"matchCriteriaId": "43B23A83-E4ED-486F-8D7B-36A15C30564B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cisco-Meraki MS, MR, and MX devices with firmware before 2014-09-24 allow remote authenticated users to install arbitrary firmware by leveraging unspecified HTTP handler access on the local network, aka Cisco-Meraki defect ID 00478565."
},
{
"lang": "es",
"value": "Los dispositivos Cisco-Meraki MS, MR y MX con firmware anterior a 2014-09-24 permiten a usuarios remotos autenticados instalar firmware arbitrario aprovechando un un manejador HTTP no especificado para accediendo desde la red local, tambi\u00e9n conocido como aka Cisco-Meraki defect ID 004785"
}
],
"id": "CVE-2014-7999",
"lastModified": "2024-11-21T02:18:24.277",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.7,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:A/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 5.1,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-12-24T00:59:03.343",
"references": [
{
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=36800"
},
{
"source": "ykramarz@cisco.com",
"url": "https://dashboard.meraki.com/firmware_security"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=36800"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://dashboard.meraki.com/firmware_security"
}
],
"sourceIdentifier": "ykramarz@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-10-21 19:15
Modified
2024-11-21 05:30
Severity ?
Summary
Multiple Cisco products are affected by a vulnerability in the Snort detection engine that could allow an unauthenticated, remote attacker to bypass a configured File Policy for HTTP. The vulnerability is due to incorrect detection of modified HTTP packets used in chunked responses. An attacker could exploit this vulnerability by sending crafted HTTP packets through an affected device. A successful exploit could allow the attacker to bypass a configured File Policy for HTTP packets and deliver a malicious payload.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | firepower_threat_defense | * | |
| cisco | cloud_services_router_1000v | - | |
| cisco | isrv | - | |
| cisco | 1100-4p | - | |
| cisco | 1100-8p | - | |
| cisco | 1101-4p | - | |
| cisco | 1109-2p | - | |
| cisco | 1109-4p | - | |
| cisco | 1111x-8p | - | |
| cisco | 4221_integrated_services_router | - | |
| cisco | 4331_integrated_services_router | - | |
| cisco | 4431_integrated_services_router | - | |
| cisco | 4461_integrated_services_router | - | |
| cisco | isa_3000 | - | |
| cisco | meraki_mx | - | |
| snort | snort | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6F7D9238-1584-434D-979A-3232DF02DF7C",
"versionEndExcluding": "6.3.0.1",
"versionStartIncluding": "6.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:cloud_services_router_1000v:-:*:*:*:*:*:*:*",
"matchCriteriaId": "237136F5-5A1B-4033-8B7C-CDAD66AF25DF",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:cisco:isrv:-:*:*:*:*:*:*:*",
"matchCriteriaId": "61BAD503-1B99-4489-BA0D-DF8F4E7398A1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:1100-4p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AA8D5057-138A-42C4-BA35-8077A0A60068",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:1100-8p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ED555B12-41F4-4D62-B519-22601FB7AF8D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:1101-4p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "21B10158-5235-483E-BACD-C407609EA6BE",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:1109-2p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8964F9BA-6E6C-44BF-9A8C-93D081B6678C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:1109-4p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "51251FE1-67D2-4903-B7D3-E0C727B9A93C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:1111x-8p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "784E4562-FE26-4049-9D23-4CA46432EE14",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:4221_integrated_services_router:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6C8AED7C-DDA3-4C29-BB95-6518C02C551A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:4331_integrated_services_router:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5419CB9F-241F-4431-914F-2659BE27BEA5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:4431_integrated_services_router:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5720462A-BE6B-4E84-A1A1-01E80BBA86AD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:4461_integrated_services_router:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E8B60888-6E2B-494E-AC65-83337661EE7D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:isa_3000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9510E97A-FD78-43C6-85BC-223001ACA264",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:meraki_mx:-:*:*:*:*:*:*:*",
"matchCriteriaId": "43B23A83-E4ED-486F-8D7B-36A15C30564B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:snort:snort:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E80D88BC-34B2-4D1D-92D8-F51D50F46B5D",
"versionEndExcluding": "2.9.13.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple Cisco products are affected by a vulnerability in the Snort detection engine that could allow an unauthenticated, remote attacker to bypass a configured File Policy for HTTP. The vulnerability is due to incorrect detection of modified HTTP packets used in chunked responses. An attacker could exploit this vulnerability by sending crafted HTTP packets through an affected device. A successful exploit could allow the attacker to bypass a configured File Policy for HTTP packets and deliver a malicious payload."
},
{
"lang": "es",
"value": "M\u00faltiples productos de Cisco est\u00e1n afectados por una vulnerabilidad en el motor de detecci\u00f3n de Snort que podr\u00eda permitir a un atacante remoto no autenticado omitir una Pol\u00edtica de Archivos configurada para HTTP.\u0026#xa0;La vulnerabilidad es debido a una detecci\u00f3n incorrecta de paquetes HTTP modificados utilizados en respuestas fragmentadas.\u0026#xa0;Un atacante podr\u00eda explotar esta vulnerabilidad mediante el env\u00edo de paquetes HTTP dise\u00f1ados a trav\u00e9s de un dispositivo afectado.\u0026#xa0;Una explotaci\u00f3n con \u00e9xito podr\u00eda permitir a un atacante omitir una Pol\u00edtica de Archivos configurada para paquetes HTTP y entregar una carga \u00fatil maliciosa"
}
],
"id": "CVE-2020-3299",
"lastModified": "2024-11-21T05:30:45.790",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "ykramarz@cisco.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-10-21T19:15:15.513",
"references": [
{
"source": "ykramarz@cisco.com",
"url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00011.html"
},
{
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-bypass-3eCfd24j"
},
{
"source": "ykramarz@cisco.com",
"url": "https://www.debian.org/security/2023/dsa-5354"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00011.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-bypass-3eCfd24j"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.debian.org/security/2023/dsa-5354"
}
],
"sourceIdentifier": "ykramarz@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-693"
}
],
"source": "ykramarz@cisco.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
cve-2014-7999
Vulnerability from cvelistv5
Published
2014-12-24 00:00
Modified
2024-08-06 13:10
Severity ?
EPSS score ?
Summary
Cisco-Meraki MS, MR, and MX devices with firmware before 2014-09-24 allow remote authenticated users to install arbitrary firmware by leveraging unspecified HTTP handler access on the local network, aka Cisco-Meraki defect ID 00478565.
References
| ▼ | URL | Tags |
|---|---|---|
| https://dashboard.meraki.com/firmware_security | x_refsource_CONFIRM | |
| http://tools.cisco.com/security/center/viewAlert.x?alertId=36800 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:10:49.477Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://dashboard.meraki.com/firmware_security"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=36800"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-12-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cisco-Meraki MS, MR, and MX devices with firmware before 2014-09-24 allow remote authenticated users to install arbitrary firmware by leveraging unspecified HTTP handler access on the local network, aka Cisco-Meraki defect ID 00478565."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-12-24T00:57:00",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://dashboard.meraki.com/firmware_security"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=36800"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2014-7999",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cisco-Meraki MS, MR, and MX devices with firmware before 2014-09-24 allow remote authenticated users to install arbitrary firmware by leveraging unspecified HTTP handler access on the local network, aka Cisco-Meraki defect ID 00478565."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://dashboard.meraki.com/firmware_security",
"refsource": "CONFIRM",
"url": "https://dashboard.meraki.com/firmware_security"
},
{
"name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=36800",
"refsource": "CONFIRM",
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=36800"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2014-7999",
"datePublished": "2014-12-24T00:00:00",
"dateReserved": "2014-10-08T00:00:00",
"dateUpdated": "2024-08-06T13:10:49.477Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-3299
Vulnerability from cvelistv5
Published
2020-10-21 18:25
Modified
2024-11-13 17:50
Severity ?
EPSS score ?
Summary
Multiple Cisco products are affected by a vulnerability in the Snort detection engine that could allow an unauthenticated, remote attacker to bypass a configured File Policy for HTTP. The vulnerability is due to incorrect detection of modified HTTP packets used in chunked responses. An attacker could exploit this vulnerability by sending crafted HTTP packets through an affected device. A successful exploit could allow the attacker to bypass a configured File Policy for HTTP packets and deliver a malicious payload.
References
| ▼ | URL | Tags |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-bypass-3eCfd24j | vendor-advisory | |
| https://lists.debian.org/debian-lts-announce/2023/02/msg00011.html | mailing-list | |
| https://www.debian.org/security/2023/dsa-5354 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Cisco | Cisco Firepower Threat Defense Software |
Version: n/a |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T07:30:57.923Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20201021 Multiple Cisco Products SNORT HTTP Detection Engine File Policy Bypass Vulnerability",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-bypass-3eCfd24j"
},
{
"name": "[debian-lts-announce] 20230210 [SECURITY] [DLA 3317-1] snort security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00011.html"
},
{
"name": "DSA-5354",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2023/dsa-5354"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2020-3299",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-13T17:12:30.607418Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-13T17:50:59.312Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco Firepower Threat Defense Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2020-10-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple Cisco products are affected by a vulnerability in the Snort detection engine that could allow an unauthenticated, remote attacker to bypass a configured File Policy for HTTP. The vulnerability is due to incorrect detection of modified HTTP packets used in chunked responses. An attacker could exploit this vulnerability by sending crafted HTTP packets through an affected device. A successful exploit could allow the attacker to bypass a configured File Policy for HTTP packets and deliver a malicious payload."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-693",
"description": "CWE-693",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-02-19T00:00:00",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20201021 Multiple Cisco Products SNORT HTTP Detection Engine File Policy Bypass Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-bypass-3eCfd24j"
},
{
"name": "[debian-lts-announce] 20230210 [SECURITY] [DLA 3317-1] snort security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00011.html"
},
{
"name": "DSA-5354",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2023/dsa-5354"
}
],
"source": {
"advisory": "cisco-sa-ftd-bypass-3eCfd24j",
"defect": [
[
"CSCvm69545",
"CSCvq96573"
]
],
"discovery": "INTERNAL"
},
"title": "Multiple Cisco Products SNORT HTTP Detection Engine File Policy Bypass Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2020-3299",
"datePublished": "2020-10-21T18:25:13.223171Z",
"dateReserved": "2019-12-12T00:00:00",
"dateUpdated": "2024-11-13T17:50:59.312Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-7995
Vulnerability from cvelistv5
Published
2014-12-24 00:00
Modified
2024-08-06 13:03
Severity ?
EPSS score ?
Summary
Cisco-Meraki MS, MR, and MX devices with firmware before 2014-09-24 allow physically proximate attackers to obtain shell access by opening a device's case and connecting a cable to a serial port, aka Cisco-Meraki defect ID 00302077.
References
| ▼ | URL | Tags |
|---|---|---|
| http://tools.cisco.com/security/center/viewAlert.x?alertId=36799 | x_refsource_CONFIRM | |
| https://dashboard.meraki.com/firmware_security | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:03:27.969Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=36799"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://dashboard.meraki.com/firmware_security"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-12-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cisco-Meraki MS, MR, and MX devices with firmware before 2014-09-24 allow physically proximate attackers to obtain shell access by opening a device\u0027s case and connecting a cable to a serial port, aka Cisco-Meraki defect ID 00302077."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-12-24T00:57:00",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=36799"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://dashboard.meraki.com/firmware_security"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2014-7995",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cisco-Meraki MS, MR, and MX devices with firmware before 2014-09-24 allow physically proximate attackers to obtain shell access by opening a device\u0027s case and connecting a cable to a serial port, aka Cisco-Meraki defect ID 00302077."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=36799",
"refsource": "CONFIRM",
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=36799"
},
{
"name": "https://dashboard.meraki.com/firmware_security",
"refsource": "CONFIRM",
"url": "https://dashboard.meraki.com/firmware_security"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2014-7995",
"datePublished": "2014-12-24T00:00:00",
"dateReserved": "2014-10-08T00:00:00",
"dateUpdated": "2024-08-06T13:03:27.969Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-7993
Vulnerability from cvelistv5
Published
2014-12-24 00:00
Modified
2024-08-06 13:03
Severity ?
EPSS score ?
Summary
Cisco-Meraki MS, MR, and MX devices with firmware before 2014-09-24 allow remote attackers to obtain sensitive credential information by leveraging unspecified HTTP handler access on the local network, aka Cisco-Meraki defect ID 00302012.
References
| ▼ | URL | Tags |
|---|---|---|
| http://tools.cisco.com/security/center/viewAlert.x?alertId=36797 | x_refsource_CONFIRM | |
| https://dashboard.meraki.com/firmware_security | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:03:27.707Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=36797"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://dashboard.meraki.com/firmware_security"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-12-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cisco-Meraki MS, MR, and MX devices with firmware before 2014-09-24 allow remote attackers to obtain sensitive credential information by leveraging unspecified HTTP handler access on the local network, aka Cisco-Meraki defect ID 00302012."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-12-24T00:57:00",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=36797"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://dashboard.meraki.com/firmware_security"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2014-7993",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cisco-Meraki MS, MR, and MX devices with firmware before 2014-09-24 allow remote attackers to obtain sensitive credential information by leveraging unspecified HTTP handler access on the local network, aka Cisco-Meraki defect ID 00302012."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=36797",
"refsource": "CONFIRM",
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=36797"
},
{
"name": "https://dashboard.meraki.com/firmware_security",
"refsource": "CONFIRM",
"url": "https://dashboard.meraki.com/firmware_security"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2014-7993",
"datePublished": "2014-12-24T00:00:00",
"dateReserved": "2014-10-08T00:00:00",
"dateUpdated": "2024-08-06T13:03:27.707Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-7994
Vulnerability from cvelistv5
Published
2014-12-24 00:00
Modified
2024-08-06 13:03
Severity ?
EPSS score ?
Summary
Cisco-Meraki MS, MR, and MX devices with firmware before 2014-09-24 allow remote attackers to execute arbitrary commands by leveraging knowledge of a cross-device secret and a per-device secret, and sending a request to an unspecified HTTP handler on the local network, aka Cisco-Meraki defect ID 00301991.
References
| ▼ | URL | Tags |
|---|---|---|
| http://tools.cisco.com/security/center/viewAlert.x?alertId=36798 | x_refsource_CONFIRM | |
| https://dashboard.meraki.com/firmware_security | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:03:27.650Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=36798"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://dashboard.meraki.com/firmware_security"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-12-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cisco-Meraki MS, MR, and MX devices with firmware before 2014-09-24 allow remote attackers to execute arbitrary commands by leveraging knowledge of a cross-device secret and a per-device secret, and sending a request to an unspecified HTTP handler on the local network, aka Cisco-Meraki defect ID 00301991."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-12-24T00:57:00",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=36798"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://dashboard.meraki.com/firmware_security"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2014-7994",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cisco-Meraki MS, MR, and MX devices with firmware before 2014-09-24 allow remote attackers to execute arbitrary commands by leveraging knowledge of a cross-device secret and a per-device secret, and sending a request to an unspecified HTTP handler on the local network, aka Cisco-Meraki defect ID 00301991."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=36798",
"refsource": "CONFIRM",
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=36798"
},
{
"name": "https://dashboard.meraki.com/firmware_security",
"refsource": "CONFIRM",
"url": "https://dashboard.meraki.com/firmware_security"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2014-7994",
"datePublished": "2014-12-24T00:00:00",
"dateReserved": "2014-10-08T00:00:00",
"dateUpdated": "2024-08-06T13:03:27.650Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-0284
Vulnerability from cvelistv5
Published
2018-11-08 16:00
Modified
2024-11-26 14:23
Severity ?
EPSS score ?
Summary
A vulnerability in the local status page functionality of the Cisco Meraki MR, MS, MX, Z1, and Z3 product lines could allow an authenticated, remote attacker to modify device configuration files. The vulnerability occurs when handling requests to the local status page. An exploit could allow the attacker to establish an interactive session to the device with elevated privileges. The attacker could then use the elevated privileges to further compromise the device or obtain additional configuration data from the device that is being exploited.
References
| ▼ | URL | Tags |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181107-meraki | vendor-advisory, x_refsource_CISCO | |
| http://www.securityfocus.com/bid/105878 | vdb-entry, x_refsource_BID |
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Cisco | Cisco Meraki MR |
Version: <24.13 |
||||||||||||||||
|
|||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:21:15.285Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20181107 Cisco Meraki Local Status Page Privilege Escalation Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181107-meraki"
},
{
"name": "105878",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/105878"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2018-0284",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-25T18:47:25.872508Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-26T14:23:01.925Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco Meraki MR",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "\u003c24.13"
}
]
},
{
"product": "Cisco Meraki M5",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "\u003c9.37"
}
]
},
{
"product": "Cisco Meraki MX",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "\u003c13.32"
}
]
},
{
"product": "Cisco Meraki Z1",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "\u003c13.32"
}
]
},
{
"product": "Cisco Meraki Z3",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "\u003c13.32"
}
]
}
],
"datePublic": "2018-11-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the local status page functionality of the Cisco Meraki MR, MS, MX, Z1, and Z3 product lines could allow an authenticated, remote attacker to modify device configuration files. The vulnerability occurs when handling requests to the local status page. An exploit could allow the attacker to establish an interactive session to the device with elevated privileges. The attacker could then use the elevated privileges to further compromise the device or obtain additional configuration data from the device that is being exploited."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-264",
"description": "CWE-264",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-11-13T10:57:01",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20181107 Cisco Meraki Local Status Page Privilege Escalation Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181107-meraki"
},
{
"name": "105878",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/105878"
}
],
"source": {
"advisory": "cisco-sa-20181107-meraki",
"defect": [
[
"NA"
]
],
"discovery": "INTERNAL"
},
"title": "Cisco Meraki Local Status Page Privilege Escalation Vulnerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"DATE_PUBLIC": "2018-11-07T16:00:00-0600",
"ID": "CVE-2018-0284",
"STATE": "PUBLIC",
"TITLE": "Cisco Meraki Local Status Page Privilege Escalation Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco Meraki MR",
"version": {
"version_data": [
{
"version_value": "\u003c24.13"
}
]
}
},
{
"product_name": "Cisco Meraki M5",
"version": {
"version_data": [
{
"version_value": "\u003c9.37"
}
]
}
},
{
"product_name": "Cisco Meraki MX",
"version": {
"version_data": [
{
"version_value": "\u003c13.32"
}
]
}
},
{
"product_name": "Cisco Meraki Z1",
"version": {
"version_data": [
{
"version_value": "\u003c13.32"
}
]
}
},
{
"product_name": "Cisco Meraki Z3",
"version": {
"version_data": [
{
"version_value": "\u003c13.32"
}
]
}
}
]
},
"vendor_name": "Cisco"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the local status page functionality of the Cisco Meraki MR, MS, MX, Z1, and Z3 product lines could allow an authenticated, remote attacker to modify device configuration files. The vulnerability occurs when handling requests to the local status page. An exploit could allow the attacker to establish an interactive session to the device with elevated privileges. The attacker could then use the elevated privileges to further compromise the device or obtain additional configuration data from the device that is being exploited."
}
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"impact": {
"cvss": {
"baseScore": "8.8",
"vectorString": "",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-264"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20181107 Cisco Meraki Local Status Page Privilege Escalation Vulnerability",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181107-meraki"
},
{
"name": "105878",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105878"
}
]
},
"source": {
"advisory": "cisco-sa-20181107-meraki",
"defect": [
[
"NA"
]
],
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2018-0284",
"datePublished": "2018-11-08T16:00:00Z",
"dateReserved": "2017-11-27T00:00:00",
"dateUpdated": "2024-11-26T14:23:01.925Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}