Thursday, November 1, 2018

Meraki Vulnerability Notification

Opps.....

Email i got this morning!

Dear D, A security vulnerability was discovered within the local status page of the MR, MS, and MX product lines. The vulnerability allows an attacker to inject configuration options and data into the device. The attacker would require either physical access or local network access and knowledge of the credentials for the local status page to exploit this vulnerability. Meraki has released firmware for all affected products. We strongly recommend that affected customers promptly upgrade their devices’ firmware to our latest Stable builds which contains patches for this issue. You are receiving this message in advance of public disclosure because your organization includes at least one affected product. Meraki will be disclosing the vulnerability publicly on November 7th. <!-- .meraki-email table {border-collapse:collapse; border-spacing:0; text-align:left} .meraki-email td, .meraki-email th {border:1px solid black; padding:10px} --> Fixed Firmware DetailsProduct Line Fixed Releases MR24.13 or later 25.11 or later All future major releasesMS9.37 or later 10.20 or later All future major releasesMX13.32 or later 14.25 or later 15.7 or later All future major releases If you are unable to upgrade immediately, we urge you to disable the local status page for affected products as a mitigation until you can upgrade your devices. This will allow a layer of protection until you perform the upgrade at your convenience. We’ve posted this document detailing the page, its functions, and how to disable it for each affected product line. We have also built API endpoints for enabling/disabling the local status page and the information can be found under Help > API Docs. With Meraki’s unique ability to monitor our devices through the cloud, we were able to identify the vulnerability and build a firmware patch update as we surveilled the issue. Meraki devices were not compromised due to this vulnerability. Nonetheless, we apologize for the inconvenience this causes you. List of your affected networks:

If you have any questions or require assistance, please reach out to Cisco Meraki Support. Their contact information can be found under Help > Get Help in Dashboard. Meraki



No comments:

Post a Comment