Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.5
CVSSv3

CVE-2018-0284

Published: 08/11/2018 Updated: 09/10/2019
CVSS v2 Base Score: 4 | Impact Score: 2.9 | Exploitability Score: 8
CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8
VMScore: 356
Vector: AV:N/AC:L/Au:S/C:N/I:P/A:N
Subscribe to Meraki Mr 24 Firmware

Vulnerability Summary

A vulnerability in the local status page functionality of the Cisco Meraki MR, MS, MX, Z1, and Z3 product lines could allow an authenticated, remote malicious user to modify device configuration files. The vulnerability occurs when handling requests to the local status page. An exploit could allow the malicious user to establish an interactive session to the device with elevated privileges. The attacker could then use the elevated privileges to further compromise the device or obtain additional configuration data from the device that is being exploited.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

cisco meraki_mr_24_firmware

cisco meraki_mr_25_firmware

cisco meraki_ms_10_firmware

cisco meraki_ms_9_firmware

cisco meraki_mx_15_firmware

cisco meraki_mx_14_firmware

cisco meraki_mx_13_firmware

Vendor Advisories

Cisco: Cisco Meraki Local Status Page Privilege Escalation Vulnerability
A vulnerability in the local status page functionality of the Cisco Meraki MR, MS, MX, Z1, and Z3 product lines could allow an authenticated, remote attacker to modify device configuration files The vulnerability occurs when handling requests to the local status page An exploit could allow the attacker to establish an interactive session to the d ...

References

NVD-CWE-noinfohttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181107-merakihttp://www.securityfocus.com/bid/105878https://nvd.nist.govhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181107-meraki
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
encryptionCVE-2024-4331CVE-2024-26925arbitrary codeCVE-2006-4304CVE-2024-25458CVE-2024-27077reflected XSSCVE-2024-4059
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook