Vulnerability Description
Cisco-Meraki MS, MR, and MX devices with firmware before 2014-09-24 allow remote attackers to execute arbitrary commands by leveraging knowledge of a cross-device secret and a per-device secret, and sending a request to an unspecified HTTP handler on the local network, aka Cisco-Meraki defect ID 00301991.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Meraki Mr Firmware | <= 2014-09-24 |
| Cisco | Meraki Mr | - |
| Cisco | Meraki Mx Firmware | <= 2014-09-24 |
| Cisco | Meraki Mx | - |
| Cisco | Meraki Ms Firmware | <= 2014-09-24 |
| Cisco | Meraki Ms | - |
Related Weaknesses (CWE)
References
- http://tools.cisco.com/security/center/viewAlert.x?alertId=36798Vendor Advisory
- https://dashboard.meraki.com/firmware_security
- http://tools.cisco.com/security/center/viewAlert.x?alertId=36798Vendor Advisory
- https://dashboard.meraki.com/firmware_security
FAQ
What is CVE-2014-7994?
CVE-2014-7994 is a vulnerability with a CVSS score of 5.4 (MEDIUM). Cisco-Meraki MS, MR, and MX devices with firmware before 2014-09-24 allow remote attackers to execute arbitrary commands by leveraging knowledge of a cross-device secret and a per-device secret, and s...
How severe is CVE-2014-7994?
CVE-2014-7994 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-7994?
Check the references section above for vendor advisories and patch information. Affected products include: Cisco Meraki Mr Firmware, Cisco Meraki Mr, Cisco Meraki Mx Firmware, Cisco Meraki Mx, Cisco Meraki Ms Firmware.