Privilege escalation in Cisco Meraki

Published: 2018-11-08 14:06:46
Severity Low
Patch available YES
Number of vulnerabilities 1
CVE ID CVE-2018-0284
Exploitation vector Network
Public exploit N/A
Vulnerable software Meraki Z3
Meraki Z1
Meraki MX
Meraki MS
Meraki MR
Vulnerable software versions Meraki Z3 -
Meraki Z1 -
Meraki MX -
Meraki MS -
Meraki MR -
Vendor URL Cisco Systems, Inc

Security Advisory

1) Privilege escalation


The vulnerability allows a remote authenticated attacker to gain elevated privileges on the target system.

The vulnerability exists in the local status page functionality due to an error when handling requests to the local status page. A remote unauthenticated attacker can establish an interactive session, gain elevated privileges to further compromise the device or obtain additional configuration data from the device that is being exploited.


Update Meraki MR to version 9.37, 24.13, 25.1.
Update Meraki MS to version 9.37, 10.20.
Update Meraki MX to version 14.25, 15.7.
Update Meraki Z1 to version 14.25, 15.7.
Update Meraki Z3 to version 14.25, 15.7.

External links

Back to List