CVE-2014-7993

low

Published 2014-12-24 · Modified 2026-05-06

CVSS v3

—

CVSS v2

3.3

VIR risk

3.3

Description

Cisco-Meraki MS, MR, and MX devices with firmware before 2014-09-24 allow remote attackers to obtain sensitive credential information by leveraging unspecified HTTP handler access on the local network, aka Cisco-Meraki defect ID 00302012.

Predictions

Exploit likelihood

20%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: psirt@cisco.com — http://tools.cisco.com/security/center/viewAlert.x?alertId=36797

Application impact

Vendor	Product	Versions
cisco	meraki_mx_firmware	`{"endIncluding":"2014-09-24"}`
cisco	meraki_mr_firmware	`{"endIncluding":"2014-09-24"}`
cisco	meraki_ms_firmware	`{"endIncluding":"2014-09-24"}`

References

http://tools.cisco.com/security/center/viewAlert.x?alertId=36797
https://dashboard.meraki.com/firmware_security
http://tools.cisco.com/security/center/viewAlert.x?alertId=36797
https://dashboard.meraki.com/firmware_security

CWEs

CWE-200

Verify integrity in audit chain (admin only). AS-IS.