CVE-2018-0284

Name of the Vulnerable Software and Affected Versions Cisco Meraki MR, MS, MX, Z1, and Z3 product lines (affected versions not specified)

Description The issue is related to the local status page functionality, where an authenticated, remote attacker could modify device configuration files by exploiting a vulnerability in handling requests to the local status page. This could allow the attacker to establish an interactive session to the device with elevated privileges, potentially leading to further compromise of the device or obtaining additional configuration data. The vulnerability is also associated with inadequate access control in the software of Cisco Meraki network devices.

Recommendations For Cisco Meraki MR, MS, MX, Z1, and Z3 product lines, consider restricting access to the local status page functionality until a fix is available. As a temporary workaround, limit the privileges of authenticated users to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.