fkie_nvd - fkie_cve-2018-0284

fkie_cve-2018-0284

Vulnerability from fkie_nvd

Published

2018-11-08 16:29

Modified

2024-11-21 03:37

Severity ?

6.5 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Summary

A vulnerability in the local status page functionality of the Cisco Meraki MR, MS, MX, Z1, and Z3 product lines could allow an authenticated, remote attacker to modify device configuration files. The vulnerability occurs when handling requests to the local status page. An exploit could allow the attacker to establish an interactive session to the device with elevated privileges. The attacker could then use the elevated privileges to further compromise the device or obtain additional configuration data from the device that is being exploited.

References

URL	Tags
psirt@cisco.com	http://www.securityfocus.com/bid/105878	Third Party Advisory, VDB Entry
psirt@cisco.com	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181107-meraki	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/105878	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181107-meraki	Vendor Advisory

Impacted products

Vendor	Product	Version
cisco	meraki_mr_24_firmware	*
cisco	meraki_mr_25_firmware	*
cisco	meraki_mr	-
cisco	meraki_ms_10_firmware	*
cisco	meraki_ms_9_firmware	*
cisco	meraki_ms	-
cisco	meraki_mx_13_firmware	*
cisco	meraki_mx_14_firmware	*
cisco	meraki_mx_15_firmware	*
cisco	meraki_mx	-
cisco	meraki_mx_13_firmware	*
cisco	meraki_mx_14_firmware	*
cisco	meraki_mx_15_firmware	*
cisco	meraki_z1	-
cisco	meraki_mx_13_firmware	*
cisco	meraki_mx_14_firmware	*
cisco	meraki_mx_15_firmware	*
cisco	meraki_z3	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:meraki_mr_24_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A12F23A6-BD24-4925-A4F6-613B5F82013B",
              "versionEndExcluding": "24.13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:meraki_mr_25_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "DF1FDC62-CB94-4A83-A6EC-D55F92255AE4",
              "versionEndExcluding": "25.11",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:meraki_mr:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "361C9901-DADE-4AA2-90F0-19A510164EB5",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:meraki_ms_10_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "08F136AC-4334-4AE7-9515-1765E5EE8432",
              "versionEndExcluding": "10.20",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:meraki_ms_9_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "621C5956-044A-4BF1-9AD7-FE51D266CAD1",
              "versionEndExcluding": "9.37",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:meraki_ms:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "06E18353-AF89-46C7-BE78-4F80D4992C30",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:meraki_mx_13_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E1797F2C-2D42-46CA-AB3F-B4DFCB62982E",
              "versionEndExcluding": "13.32",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:meraki_mx_14_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "595A2CE7-9367-4007-BAA5-096E378BFA35",
              "versionEndExcluding": "14.25",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:meraki_mx_15_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4808BEE8-9FAC-467A-B086-3ED4627BBAEA",
              "versionEndExcluding": "15.7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:meraki_mx:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "43B23A83-E4ED-486F-8D7B-36A15C30564B",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:meraki_mx_13_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E1797F2C-2D42-46CA-AB3F-B4DFCB62982E",
              "versionEndExcluding": "13.32",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:meraki_mx_14_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "595A2CE7-9367-4007-BAA5-096E378BFA35",
              "versionEndExcluding": "14.25",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:meraki_mx_15_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4808BEE8-9FAC-467A-B086-3ED4627BBAEA",
              "versionEndExcluding": "15.7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:meraki_z1:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "157CD5BA-AB9A-4974-91B7-84D20011E84D",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:meraki_mx_13_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E1797F2C-2D42-46CA-AB3F-B4DFCB62982E",
              "versionEndExcluding": "13.32",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:meraki_mx_14_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "595A2CE7-9367-4007-BAA5-096E378BFA35",
              "versionEndExcluding": "14.25",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:meraki_mx_15_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4808BEE8-9FAC-467A-B086-3ED4627BBAEA",
              "versionEndExcluding": "15.7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:meraki_z3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FB81CFD0-9558-47AB-96E4-CB21C1AA9159",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability in the local status page functionality of the Cisco Meraki MR, MS, MX, Z1, and Z3 product lines could allow an authenticated, remote attacker to modify device configuration files. The vulnerability occurs when handling requests to the local status page. An exploit could allow the attacker to establish an interactive session to the device with elevated privileges. The attacker could then use the elevated privileges to further compromise the device or obtain additional configuration data from the device that is being exploited."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad en la funcionalidad de la p\u00e1gina de estado local de las l\u00edneas de productos MR, MS, MX, Z1 y Z3 de Cisco Meraki podr\u00eda permitir que un atacante remoto autenticado modifique los archivos de configuraci\u00f3n del dispositivo. La vulnerabilidad se produce cuando se gestionan las solicitudes a la p\u00e1gina de estado local. Su explotaci\u00f3n podr\u00eda permitir al atacante establecer una sesi\u00f3n interactiva en el dispositivo con privilegios elevados. El atacante podr\u00eda entonces utilizar los privilegios elevados para comprometer a\u00fan m\u00e1s el dispositivo u obtener datos de configuraci\u00f3n adicionales del dispositivo que se est\u00e1 explotando."
    }
  ],
  "id": "CVE-2018-0284",
  "lastModified": "2024-11-21T03:37:53.637",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 4.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-11-08T16:29:00.227",
  "references": [
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/105878"
    },
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181107-meraki"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/105878"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181107-meraki"
    }
  ],
  "sourceIdentifier": "psirt@cisco.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ],
      "source": "psirt@cisco.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CVE-2018-0284 (GCVE-0-2018-0284)

Vulnerability from cvelistv5

Published

2018-11-08 16:00

Modified

2024-11-26 14:23

Severity ?

CWE

CWE-264

Summary

References

►

URL

Tags

	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181107-meraki	vendor-advisory, x_refsource_CISCO
	http://www.securityfocus.com/bid/105878	vdb-entry, x_refsource_BID

Impacted products

Vendor

Product

Version

►

Cisco

Cisco Meraki MR

Version: <24.13

Cisco	Cisco Meraki M5	Version: <9.37
Cisco	Cisco Meraki MX	Version: <13.32
Cisco	Cisco Meraki Z1	Version: <13.32
Cisco	Cisco Meraki Z3	Version: <13.32

Show details on NVD website