Sensitive Information Disclosure in Cisco Meraki MX67 and MX68 Security Appliances
CVE-2019-1815
7.5HIGH
Summary
A security vulnerability has been identified in the local status page feature of Cisco Meraki MX67 and MX68 security appliances, which could allow unauthorized users to access and retrieve logs with confidential device information. This issue arises from insufficient access controls on files containing debugging and maintenance data, exploitable when the local status page is activated. Potential attackers can gain access to critical data such as wireless pre-shared keys and Site-to-Site VPN keys, potentially leading to unauthorized administrative access to the devices.
Affected Version(s)
Cisco Meraki MX Firmware
References
CVSS V3.0
Score:
7.5
Severity:
HIGH
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
- 👾
Exploit known to exist
Vulnerability published
Vulnerability Reserved