CVSS2
Attack Vector
ADJACENT_NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:A/AC:L/Au:N/C:P/I:N/A:N
EPSS
Percentile
57.3%
A vulnerability in an HTTP handler in Cisco Meraki firmware occurs because the handler does not require requests to come only from the Meraki cloud. This vulnerability could allow a LAN-based attacker to obtain sensitive credential information.
An unauthenticated, remote attacker on an adjacent network could exploit the vulnerability by sending malicious HTTP requests to the unsecured HTTP handler, allowing the attacker to access sensitive information from the affected application.
Cisco Meraki has confirmed the vulnerability and released software updates.
Attackers must have access to networks adjacent to the targeted system to conduct an exploit, reducing the potential for attacks.
Cisco indicates through the CVSS score that functional exploit code exists; however, the code is not known to be publicly available.
Vendor | Product | Version | CPE |
---|---|---|---|
cisco | meraki_ms_firmware | any | cpe:2.3:a:cisco:meraki_ms_firmware:any:*:*:*:*:*:*:* |
cisco | meraki_mr_firmware | any | cpe:2.3:a:cisco:meraki_mr_firmware:any:*:*:*:*:*:*:* |
cisco | meraki_mx | any | cpe:2.3:h:cisco:meraki_mx:any:*:*:*:*:*:*:* |