CVE-2018-0284

MEDIUM

Cisco Meraki MR, MS, MX, Z1, and Z3 Firmware - Authenticated Configuration File Modification via Local Status Page

Title source: llm
STIX 2.1

Description

A vulnerability in the local status page functionality of the Cisco Meraki MR, MS, MX, Z1, and Z3 product lines could allow an authenticated, remote attacker to modify device configuration files. The vulnerability occurs when handling requests to the local status page. An exploit could allow the attacker to establish an interactive session to the device with elevated privileges. The attacker could then use the elevated privileges to further compromise the device or obtain additional configuration data from the device that is being exploited.

References (2)

Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/105878

Scores

CVSS v3 6.5
EPSS 0.0156
EPSS Percentile 72.5%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-264
Status published
Products (7)
cisco/meraki_mr_24_firmware < 24.13
cisco/meraki_mr_25_firmware < 25.11
cisco/meraki_ms_10_firmware < 10.20
cisco/meraki_ms_9_firmware < 9.37
cisco/meraki_mx_13_firmware < 13.32
cisco/meraki_mx_14_firmware < 14.25
cisco/meraki_mx_15_firmware < 15.7
Published Nov 08, 2018
Tracked Since Feb 18, 2026