CVE-2019-1815
📋 TL;DR
CVE-2019-1815 allows unauthenticated attackers to access sensitive logs containing wireless pre-shared keys, VPN keys, and other privileged information on Cisco Meraki MX67/MX68 appliances when the local status page is enabled. This could lead to administrative access compromise. Organizations using these specific Meraki models with the local status page feature enabled are affected.
💻 Affected Systems
- Cisco Meraki MX67
- Cisco Meraki MX68
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Attacker gains administrative access to the device, potentially compromising the entire network segment and exfiltrating sensitive credentials.
Likely Case
Unauthenticated attacker downloads logs containing sensitive information like wireless PSKs and VPN keys, enabling lateral movement or credential theft.
If Mitigated
With local status page disabled or proper access controls, no information disclosure occurs.
🎯 Exploit Status
Exploitation requires network access to the local status page and no authentication is needed.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Firmware updates released by Cisco Meraki
Vendor Advisory: https://documentation.meraki.com/General_Administration/Privacy_and_Security/Cisco_Meraki_MX67_and_MX68_Sensitive_Information_Disclosure_Vulnerability
Restart Required: Yes
Instructions:
1. Log into Meraki dashboard 2. Navigate to Security & SD-WAN > Appliance status 3. Check for available firmware updates 4. Apply firmware update 5. Device will automatically restart
🔧 Temporary Workarounds
Disable Local Status Page
allDisable the local status page functionality to prevent exploitation
Meraki Dashboard: Security & SD-WAN > Configure > Local status page > Disable
🧯 If You Can't Patch
- Disable local status page functionality immediately
- Restrict network access to the local status page using firewall rules
🔍 How to Verify
Check if Vulnerable:
Check if local status page is enabled on MX67/MX68 devices in Meraki dashboard under Security & SD-WAN > Configure > Local status pageCheck Version:
Meraki Dashboard: Security & SD-WAN > Appliance status > Firmware versionVerify Fix Applied:
Verify firmware version is updated and local status page is either disabled or shows no sensitive information in logs📡 Detection & Monitoring
Log Indicators:
- Unauthenticated access to local status page logs
- Unusual download patterns from status page
Network Indicators:
- HTTP requests to local status page from unauthorized IPs
- Traffic patterns indicating log file downloads
SIEM Query:
source="meraki_mx" AND (url="/local_status" OR url="/logs") AND status=200 AND auth="none"