CVE-2018-0284 – Cisco Meraki Local Status Page Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2018-0284
A vulnerability in the local status page functionality of the Cisco Meraki MR, MS, MX, Z1, and Z3 product lines could allow an authenticated, remote attacker to modify device configuration files. The vulnerability occurs when handling requests to the local status page. An exploit could allow the attacker to establish an interactive session to the device with elevated privileges. The attacker could then use the elevated privileges to further compromise the device or obtain additional configuration data from the device that is being exploited. Una vulnerabilidad en la funcionalidad de la página de estado local de las líneas de productos MR, MS, MX, Z1 y Z3 de Cisco Meraki podría permitir que un atacante remoto autenticado modifique los archivos de configuración del dispositivo. • http://www.securityfocus.com/bid/105878 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181107-meraki • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2014-7993
https://notcve.org/view.php?id=CVE-2014-7993
Cisco-Meraki MS, MR, and MX devices with firmware before 2014-09-24 allow remote attackers to obtain sensitive credential information by leveraging unspecified HTTP handler access on the local network, aka Cisco-Meraki defect ID 00302012. Los dispositivos Cisco-Meraki MS, MR y MX con firmware anrerior a 2014-09-24 permiten a atacantes remotos obtener información sensible de credenciales aprovechando un manejador de acceso HTTP no especificado em ña red local, también conocido como Cisco-Meraki defect ID 00302012. • http://tools.cisco.com/security/center/viewAlert.x?alertId=36797 https://dashboard.meraki.com/firmware_security • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2014-7994
https://notcve.org/view.php?id=CVE-2014-7994
Cisco-Meraki MS, MR, and MX devices with firmware before 2014-09-24 allow remote attackers to execute arbitrary commands by leveraging knowledge of a cross-device secret and a per-device secret, and sending a request to an unspecified HTTP handler on the local network, aka Cisco-Meraki defect ID 00301991. Los dispositivos Cisco-Meraki MS, MR y MX con firmware anterior a 2014-09-24 permiten a atacantes remotos ejecutar comandos arbitrarios mediante el aprovechamiento del conocimiento de un secreto del tipo entre dispositivos y por dispositivos, mandando una petición hacia un manejador HTTP no especificado en la red local, también conocido como Cisco-Meraki defect ID 00301991. • http://tools.cisco.com/security/center/viewAlert.x?alertId=36798 https://dashboard.meraki.com/firmware_security • CWE-20: Improper Input Validation •
CVE-2014-7995
https://notcve.org/view.php?id=CVE-2014-7995
Cisco-Meraki MS, MR, and MX devices with firmware before 2014-09-24 allow physically proximate attackers to obtain shell access by opening a device's case and connecting a cable to a serial port, aka Cisco-Meraki defect ID 00302077. Los dispositivos Cisco-Meraki MS, MR y MX con firmware anterior a 2014-09-24 permiten a atacantes físicamente cercanos obtener acceso shell mediante la apertura de la caja y conexión a través del puerto serial, también conocido como Cisco-Meraki defect ID 00302077. • http://tools.cisco.com/security/center/viewAlert.x?alertId=36799 https://dashboard.meraki.com/firmware_security • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2014-7999
https://notcve.org/view.php?id=CVE-2014-7999
Cisco-Meraki MS, MR, and MX devices with firmware before 2014-09-24 allow remote authenticated users to install arbitrary firmware by leveraging unspecified HTTP handler access on the local network, aka Cisco-Meraki defect ID 00478565. Los dispositivos Cisco-Meraki MS, MR y MX con firmware anterior a 2014-09-24 permiten a usuarios remotos autenticados instalar firmware arbitrario aprovechando un un manejador HTTP no especificado para accediendo desde la red local, también conocido como aka Cisco-Meraki defect ID 004785 • http://tools.cisco.com/security/center/viewAlert.x?alertId=36800 https://dashboard.meraki.com/firmware_security • CWE-264: Permissions, Privileges, and Access Controls •