Details of VAR-202503-2629

ID

VAR-202503-2629

CVE

CVE-2019-1815

TITLE

Cisco Meraki MX67 and Cisco Meraki MX68 have access authentication errors vulnerability

Trust: 0.6

sources: CNVD: CNVD-2025-05712

DESCRIPTION

A security vulnerability was discovered in the local status page functionality of Cisco Meraki’s MX67 and MX68 security appliance models that may allow unauthenticated individuals to access and download logs containing sensitive, privileged device information. The vulnerability is due to improper access control to the files holding debugging and maintenance information, and is only exploitable when the local status page is enabled on the device. An attacker exploiting this vulnerability may obtain access to wireless pre-shared keys, Site-to-Site VPN key and other sensitive information. Under certain circumstances, this information may allow an attacker to obtain administrative-level access to the device. ‌Cisco Meraki MX67 and Cisco Meraki MX68 are cloud-managed routers in the Cisco Meraki series. Cisco Meraki MX67 and Cisco Meraki MX68 have an access verification error vulnerability. The vulnerability is caused by improper access control. Attackers can exploit this vulnerability to cause information leakage

Trust: 1.44

sources: NVD: CVE-2019-1815 // CNVD: CNVD-2025-05712

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2025-05712

AFFECTED PRODUCTS

vendor:	cisco	model:	meraki mx67	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	meraki mx68	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2025-05712

CVSS

SEVERITY

CVSSV2

CVSSV3

psirt@cisco.com:	CVE-2019-1815
value:	MEDIUM
Trust: 1.0
CNVD:	CNVD-2025-05712
value:	MEDIUM
Trust: 0.6

CNVD:	CNVD-2025-05712
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

psirt@cisco.com:	CVE-2019-1815
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	1.4
version:	3.0
Trust: 1.0

sources: CNVD: CNVD-2025-05712 // NVD: CVE-2019-1815

PROBLEMTYPE DATA

problemtype:

CWE-200

Trust: 1.0

sources: NVD: CVE-2019-1815

PATCH

title:

Patch for Cisco Meraki MX67 and Cisco Meraki MX68 have access authentication errors vulnerability

url:

https://www.cnvd.org.cn/patchInfo/show/671776

Trust: 0.6

sources: CNVD: CNVD-2025-05712

EXTERNAL IDS

db:	NVD	id:	CVE-2019-1815	Trust: 1.6
db:	CNVD	id:	CNVD-2025-05712	Trust: 0.6

sources: CNVD: CNVD-2025-05712 // NVD: CVE-2019-1815

REFERENCES

url:	https://documentation.meraki.com/general_administration/privacy_and_security/cisco_meraki_mx67_and_mx68_sensitive_information_disclosure_vulnerability	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2019-1815	Trust: 0.6

sources: CNVD: CNVD-2025-05712 // NVD: CVE-2019-1815

SOURCES

db:	CNVD	id:	CNVD-2025-05712
db:	NVD	id:	CVE-2019-1815

LAST UPDATE DATE

2025-03-28T02:53:41.600000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2025-05712	date:	2025-03-25T00:00:00
db:	NVD	id:	CVE-2019-1815	date:	2025-03-04T19:15:36.177

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2025-05712	date:	2025-03-24T00:00:00
db:	NVD	id:	CVE-2019-1815	date:	2025-03-04T19:15:36.177