Vulnerability Description
Cisco-Meraki MS, MR, and MX devices with firmware before 2014-09-24 allow remote attackers to obtain sensitive credential information by leveraging unspecified HTTP handler access on the local network, aka Cisco-Meraki defect ID 00302012.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Meraki Mx Firmware | <= 2014-09-24 |
| Cisco | Meraki Mx | All versions |
| Cisco | Meraki Mr Firmware | <= 2014-09-24 |
| Cisco | Meraki Mr | All versions |
| Cisco | Meraki Ms Firmware | <= 2014-09-24 |
| Cisco | Meraki Ms | All versions |
Related Weaknesses (CWE)
References
- http://tools.cisco.com/security/center/viewAlert.x?alertId=36797Vendor Advisory
- https://dashboard.meraki.com/firmware_security
- http://tools.cisco.com/security/center/viewAlert.x?alertId=36797Vendor Advisory
- https://dashboard.meraki.com/firmware_security
FAQ
What is CVE-2014-7993?
CVE-2014-7993 is a vulnerability with a CVSS score of 3.3 (LOW). Cisco-Meraki MS, MR, and MX devices with firmware before 2014-09-24 allow remote attackers to obtain sensitive credential information by leveraging unspecified HTTP handler access on the local network...
How severe is CVE-2014-7993?
CVE-2014-7993 has been rated LOW with a CVSS base score of 3.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-7993?
Check the references section above for vendor advisories and patch information. Affected products include: Cisco Meraki Mx Firmware, Cisco Meraki Mx, Cisco Meraki Mr Firmware, Cisco Meraki Mr, Cisco Meraki Ms Firmware.