CVE-2018-0284
Summary
| CVE | CVE-2018-0284 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2018-11-08 16:29:00 UTC |
| Updated | 2019-10-09 23:31:00 UTC |
| Description | A vulnerability in the local status page functionality of the Cisco Meraki MR, MS, MX, Z1, and Z3 product lines could allow an authenticated, remote attacker to modify device configuration files. The vulnerability occurs when handling requests to the local status page. An exploit could allow the attacker to establish an interactive session to the device with elevated privileges. The attacker could then use the elevated privileges to further compromise the device or obtain additional configuration data from the device that is being exploited. |
Risk And Classification
Problem Types: NVD-CWE-noinfo
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Hardware | Cisco | Meraki Mr | - | All | All | All |
| Hardware | Cisco | Meraki Mr | - | All | All | All |
| Operating System | Cisco | Meraki Mr 24 Firmware | All | All | All | All |
| Operating System | Cisco | Meraki Mr 24 Firmware | All | All | All | All |
| Operating System | Cisco | Meraki Mr 25 Firmware | All | All | All | All |
| Operating System | Cisco | Meraki Mr 25 Firmware | All | All | All | All |
| Hardware | Cisco | Meraki Ms | - | All | All | All |
| Hardware | Cisco | Meraki Ms | - | All | All | All |
| Operating System | Cisco | Meraki Ms 10 Firmware | All | All | All | All |
| Operating System | Cisco | Meraki Ms 10 Firmware | All | All | All | All |
| Operating System | Cisco | Meraki Ms 9 Firmware | All | All | All | All |
| Operating System | Cisco | Meraki Ms 9 Firmware | All | All | All | All |
| Hardware | Cisco | Meraki Mx | - | All | All | All |
| Hardware | Cisco | Meraki Mx | - | All | All | All |
| Operating System | Cisco | Meraki Mx 13 Firmware | All | All | All | All |
| Operating System | Cisco | Meraki Mx 13 Firmware | All | All | All | All |
| Operating System | Cisco | Meraki Mx 14 Firmware | All | All | All | All |
| Operating System | Cisco | Meraki Mx 14 Firmware | All | All | All | All |
| Operating System | Cisco | Meraki Mx 15 Firmware | All | All | All | All |
| Operating System | Cisco | Meraki Mx 15 Firmware | All | All | All | All |
| Hardware | Cisco | Meraki Z1 | - | All | All | All |
| Hardware | Cisco | Meraki Z1 | - | All | All | All |
| Hardware | Cisco | Meraki Z3 | - | All | All | All |
| Hardware | Cisco | Meraki Z3 | - | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Cisco Meraki CVE-2018-0284 Privilege Escalation Vulnerability | BID | www.securityfocus.com | Third Party Advisory, VDB Entry |
| Cisco Meraki Local Status Page Privilege Escalation Vulnerability | CISCO | tools.cisco.com | Vendor Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.