CVE-2014-7999

high

Published 2014-12-24 · Modified 2026-05-06

CVSS v3

—

CVSS v2

7.7

VIR risk

7.7

Description

Cisco-Meraki MS, MR, and MX devices with firmware before 2014-09-24 allow remote authenticated users to install arbitrary firmware by leveraging unspecified HTTP handler access on the local network, aka Cisco-Meraki defect ID 00478565.

Predictions

Exploit likelihood

20%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: psirt@cisco.com — http://tools.cisco.com/security/center/viewAlert.x?alertId=36800

Application impact

Vendor	Product	Versions
cisco	meraki_mr_firmware	`{"endIncluding":"2014-09-24"}`
cisco	meraki_ms_firmware	`{"endIncluding":"2014-09-24"}`
cisco	meraki_mx_firmware	`{"endIncluding":"2014-09-24"}`

References

http://tools.cisco.com/security/center/viewAlert.x?alertId=36800
https://dashboard.meraki.com/firmware_security
http://tools.cisco.com/security/center/viewAlert.x?alertId=36800
https://dashboard.meraki.com/firmware_security

CWEs

CWE-264

Verify integrity in audit chain (admin only). AS-IS.