Vulnerability Details : CVE-2018-0284
A vulnerability in the local status page functionality of the Cisco Meraki MR, MS, MX, Z1, and Z3 product lines could allow an authenticated, remote attacker to modify device configuration files. The vulnerability occurs when handling requests to the local status page. An exploit could allow the attacker to establish an interactive session to the device with elevated privileges. The attacker could then use the elevated privileges to further compromise the device or obtain additional configuration data from the device that is being exploited.
Products affected by CVE-2018-0284
- cpe:2.3:o:cisco:meraki_mr_24_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:meraki_mr_25_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:meraki_ms_10_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:meraki_ms_9_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:meraki_mx_15_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:meraki_mx_14_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:meraki_mx_13_firmware:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2018-0284
0.08%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 35 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2018-0284
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.0
|
MEDIUM | AV:N/AC:L/Au:S/C:N/I:P/A:N |
8.0
|
2.9
|
NIST | |
6.5
|
MEDIUM | CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N |
2.8
|
3.6
|
NIST |
CWE ids for CVE-2018-0284
-
Assigned by: ykramarz@cisco.com (Secondary)
References for CVE-2018-0284
-
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181107-meraki
Cisco Meraki Local Status Page Privilege Escalation VulnerabilityVendor Advisory
-
http://www.securityfocus.com/bid/105878
Cisco Meraki CVE-2018-0284 Privilege Escalation VulnerabilityThird Party Advisory;VDB Entry
Jump to