Cisco Security Advisory

 

Vulnerability Summary

A vulnerability was discovered on certain Cisco Meraki devices that have our Local Status Page feature. This page is typically used for a few key configuration options needed to get devices connected to the cloud either on initial setup or after moving/changing configurations upstream. The vulnerability allows an attacker to inject configuration options and data into the device. The attacker would require either physical access or local network access and knowledge of the credentials for the local status page.

Impact Assessment

All Meraki MR, MS, and MX models are vulnerable. Meraki has already released firmware to address these vulnerabilities. We strongly urge customers to upgrade the firmware on affected devices to a version that includes this security fix.

Details on this advisory is available below:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181107-meraki