CVE-2019-1815

Name of the Vulnerable Software and Affected Versions Cisco Meraki MX67 and MX68 security appliance models (affected versions not specified)

Description A security issue was discovered in the local status page functionality that may allow unauthenticated individuals to access and download logs containing sensitive device information. This is due to improper access control to files holding debugging and maintenance information. The issue is only exploitable when the local status page is enabled on the device. An attacker may obtain access to wireless pre-shared keys, Site-to-Site VPN key, and other sensitive information, potentially allowing administrative-level access to the device.

Recommendations For Cisco Meraki MX67 and MX68 security appliance models, consider disabling the local status page functionality until a fix is available. Restrict access to the device when the local status page is enabled to minimize the risk of exploitation.