Published: 24/12/2014 Updated: 24/12/2014

CVSS v2 Base Score: 7.7 | Impact Score: 10 | Exploitability Score: 5.1

VMScore: 685

Vector: AV:A/AC:L/Au:S/C:C/I:C/A:C

Cisco-Meraki MS, MR, and MX devices with firmware prior to 2014-09-24 allow remote authenticated users to install arbitrary firmware by leveraging unspecified HTTP handler access on the local network, aka Cisco-Meraki defect ID 00478565.

Vulnerable Product	Search on Vulmon	Subscribe to Product
cisco meraki_mr_firmware
cisco meraki_mr -
cisco meraki_ms_firmware
cisco meraki_ms -
cisco meraki_mx_firmware
cisco meraki_mx -

A vulnerability in the local management interface of devices running Cisco Meraki firmware could allow an authenticated, remote attacker on an adjacent network to access a deprecated HTTP handler to install firmware An authenticated, remote attacker could exploit this vulnerability by authenticating to the local management interface and installin ...

CWE-264 https://dashboard.meraki.com/firmware_security http://tools.cisco.com/security/center/viewAlert.x?alertId=36800 https://nvd.nist.gov http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/Cisco-SA-20141223-CVE-2014-7999

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2014-7999

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect