CVE-2014-7999 — HIGH (7.7) — White Hats Nepal

Q: How severe is CVE-2014-7999?

CVE-2014-7999 has been rated HIGH with a CVSS base score of 7.7/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2014-7999?

Check the references section above for vendor advisories and patch information. Affected products include: Cisco Meraki Mr Firmware, Cisco Meraki Mr, Cisco Meraki Ms Firmware, Cisco Meraki Ms, Cisco Meraki Mx Firmware.

Vulnerability Description

Cisco-Meraki MS, MR, and MX devices with firmware before 2014-09-24 allow remote authenticated users to install arbitrary firmware by leveraging unspecified HTTP handler access on the local network, aka Cisco-Meraki defect ID 00478565.

CVSS Score

7.7

HIGH

AV:A/AC:L/Au:S/C:C/I:C/A:C

Confidentiality

COMPLETE

Integrity

COMPLETE

Availability

COMPLETE

Affected Products

Vendor	Product	Versions
Cisco	Meraki Mr Firmware	<= 2014-09-24
Cisco	Meraki Mr	-
Cisco	Meraki Ms Firmware	<= 2014-09-24
Cisco	Meraki Ms	-
Cisco	Meraki Mx Firmware	<= 2014-09-24
Cisco	Meraki Mx	-

Related Weaknesses (CWE)

CWE-264

References

FAQ

What is CVE-2014-7999?

CVE-2014-7999 is a vulnerability with a CVSS score of 7.7 (HIGH). Cisco-Meraki MS, MR, and MX devices with firmware before 2014-09-24 allow remote authenticated users to install arbitrary firmware by leveraging unspecified HTTP handler access on the local network, a...

How severe is CVE-2014-7999?

CVE-2014-7999 has been rated HIGH with a CVSS base score of 7.7/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2014-7999?

Check the references section above for vendor advisories and patch information. Affected products include: Cisco Meraki Mr Firmware, Cisco Meraki Mr, Cisco Meraki Ms Firmware, Cisco Meraki Ms, Cisco Meraki Mx Firmware.