Vulnerability Details : CVE-2014-7994
Cisco-Meraki MS, MR, and MX devices with firmware before 2014-09-24 allow remote attackers to execute arbitrary commands by leveraging knowledge of a cross-device secret and a per-device secret, and sending a request to an unspecified HTTP handler on the local network, aka Cisco-Meraki defect ID 00301991.
Vulnerability category: Input validation
Products affected by CVE-2014-7994
- cpe:2.3:h:cisco:meraki_mx:-:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:meraki_mx_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:h:cisco:meraki_mr:-:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:meraki_mr_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:h:cisco:meraki_ms:-:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:meraki_ms_firmware:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2014-7994
0.19%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 56 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2014-7994
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.4
|
MEDIUM | AV:A/AC:M/Au:N/C:P/I:P/A:P |
5.5
|
6.4
|
NIST |
CWE ids for CVE-2014-7994
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2014-7994
-
https://dashboard.meraki.com/firmware_security
Meraki Dashboard Login
-
http://tools.cisco.com/security/center/viewAlert.x?alertId=36798
Cisco Meraki Deprecated HTTP Handler Command Execution VulnerabilityVendor Advisory
Jump to