Meraki

Community

MX Firmware / Zero Day / CVE coverage patching and notification ??

Thygesen
Building a reputation
‎Jan 22 2024 2:48 AM
‎Jan 22 2024 2:48 AM

MX Firmware / Zero Day / CVE coverage patching and notification ??

Hi fellow MX'ers 😀

 

I got a question that left me somewhat puzzled ..

 

Maybe You can enlighten me ?

 

A lot of "other" firewall vendors boast about quick Zero Day patching and CVE mitigation ..

Question: How do I ensure management that Meraki MX devices are as "up to date" as other vendors ?
Some notification of security updates (like for Firepower) ? New version update notification mail ?
Update method/CVE mitigation procedure for Meraki MX ?

When I go through the MX firmware sections of the dashboard, I can't seem to find any good answers for the above ..

 

Please assist 😁 Kudos' will rain upon You ..

 

With Highest Regards

Thyge

 

Labels:
0 Kudos
8 Replies 8
cmr
Kind of a big deal
Kind of a big deal
‎Jan 22 2024 3:03 AM
‎Jan 22 2024 3:03 AM

These are covered off with firmware upgrades.  They are announced here: Firmware Upgrades Feed - The Meraki Community

 

You will not see the same level of detail that you might be expecting regarding security fixes (except occasionally) so if you need it for a particular bug, you are best off raising a support ticket and should get a quick response.

In response to cmr
Thygesen
Building a reputation
‎Jan 22 2024 3:10 AM
‎Jan 22 2024 3:10 AM

Hi Cmr 😀 Got that ..

The concern I got was that the update rate of the MX firmware is not impressive, if the CVE resolution is done this way, if You compare to ie Firepower and other firewalls Hot-Fix services..

 

Seen with management eyes, they see the MX left "un-safe" longer than other firewalls ..

 

Where do we have docu that shows that MX's are updated as quickly as all the other Cisco firewalls ?

 

0 Kudos
DarrenOC
Kind of a big deal
Kind of a big deal
‎Jan 22 2024 3:08 AM
‎Jan 22 2024 3:08 AM

these devices are built using the largest threat engines - Talos, Snort etc so if something is zero day then I’m often comforted that if Talos has seen it this intelligence is acted upon.

Darren OConnor | doconnor@resalire.co.uk
https://www.linkedin.com/in/darrenoconnor/

I'm not an employee of Cisco/Meraki. My posts are based on Meraki best practice and what has worked for me in the field.
0 Kudos
In response to DarrenOC
Thygesen
Building a reputation
‎Jan 22 2024 3:11 AM
‎Jan 22 2024 3:11 AM

Hi Darren ! ..
These are more directed towards other devices than the MX firewall itself ??

0 Kudos
In response to Thygesen
DarrenOC
Kind of a big deal
Kind of a big deal
‎Jan 22 2024 3:23 AM
‎Jan 22 2024 3:23 AM

Hi @Thygesen , on the contrary I would say they’re directed at the MX.  They’re the heart of the MX security.

Darren OConnor | doconnor@resalire.co.uk
https://www.linkedin.com/in/darrenoconnor/

I'm not an employee of Cisco/Meraki. My posts are based on Meraki best practice and what has worked for me in the field.
0 Kudos
GreenMan
Meraki Employee
Meraki Employee
‎Jan 22 2024 3:52 AM
‎Jan 22 2024 3:52 AM

Check the Network-wide > Event log for your MX and filter for 'intrusion' - you'll see the periodic Snort engine updates.   These updates are, incidentally, matched per-link to the List update interval under SD-WAN & traffic shaping:   https://documentation.meraki.com/MX/Firewall_and_Traffic_Shaping/SD-WAN_and_Traffic_Shaping#

 

Screenshot 2024-01-22 114931.png

Thygesen
Building a reputation
‎Jan 25 2024 4:57 AM
‎Jan 25 2024 4:57 AM

So .. Basically we have nothing to show our compliance board in terms of CVE coverage and MX software/Meraki software ?

0 Kudos
Rekun
Here to help
‎Jan 25 2024 12:02 PM
‎Jan 25 2024 12:02 PM

If a critical CVE is found, then firmware is pushed to all devices, as we have seen in the past.

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.