Meraki

NassFrank · ‎Mar 22 2022

Hi All

Please can you tell me if the planned upgrade we have to MR 28.6 will remediate published vulnerability CVE-2022-20685, which impacts MX84 and MX100 Meraki devices?

Kind Regards

alemabrahao · ‎Mar 22 2022

Hi,

I believe not, check the notes:

Meraki APs use UDP port 7351 for cloud communication and TCP ports 80 and 443 for backup communications when running MR 27 and older firmware. When running MR 28 firmware, Meraki APs will now use TCP port 443 as the primary means for cloud connectivity. In order to maintain connectivity to the Meraki cloud on MR 28+ ensure that TCP port 443 is allowed to communicate with 209.206.48.0/20 on firewalls that are deployed upstream of your Meraki APs. (Wi-Fi 6 MRs)

There is no impact on MX devices.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.

NassFrank · ‎Mar 22 2022

Hi - thanks for your reply. However, the Cisco Security Advisory for the CVE in question states as follows:

Meraki MX Software

Cisco Meraki MX Software Release First Fixed Release

MX14	Migrate to a fixed release.
MX15	Migrate to a fixed release.
MX16	Hotfix planned for mid-February 2022.1 Release planned for March 2022.2

1. The hotfix is planned for the MX67, MX68, MX75, MX84, MX85, MX95, MX100, MX105, MX250, MX400, MX450, and MX600 platforms.

2. The release is planned for the MX64 and MX65 platforms.

This would suggest that 'MX' models are impacted by this vulnerability. Happy to stand corrected if I have misread this in any way at all.

Kind Regards

alemabrahao · ‎Mar 22 2022

Hi,

I understand, but MR 28.6 is about Access points not about MX devices.

Take a look at MX 15.44.1 release notes.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.

NassFrank · ‎Mar 22 2022

Okay, thanks for pointing that out. So, would you happen to know how I can find out if the planned hotfix Cisco had for Feb 2022 for the MX devices is available, or any way to check on the devices themselves to see if the hotfix has been applied?

Kind Regards

alemabrahao · ‎Mar 22 2022

well, I checked the firmware available in Organization > Monitor > Firmware upgrades, and I didn't find any information related to CVE-2022-20685. Maybe you can open a ticket to check with the support team.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.

NassFrank · ‎Mar 22 2022

okay thank you, I have opened a ticket with Cisco TAC, but wanted to check here on the forums too.

Appreciate your replies.

ww · ‎Mar 22 2022

Let us know 🙂

Brash · ‎Apr 26 2022

Just to round out this thread, only Meraki MX devices have been listed as impacted in Cisco's PSIRT.

The fixed release for the MX is 16.16

Multiple Cisco Products Snort Modbus Denial of Service Vulnerability

RaphaelL · ‎Jul 6 2022

Is it confirmed that only MX16.16 contains the fix ? Not 15.44.3 or anything else