While browsing through the Meraki dashboard i've noticed some vulnerabilities that apply to several of the networks managed by us (MSP). When checking the affected components it appears they already run on a firmware that is no longer affected by the vulnerabilities.
For this reason i've decided to open a case to ask for additional information:
1) Which specific devices have been affected by the vulnerability.
2) For how long have these devices been affected (start/end date)
To my suprise the response was that this information is not accessible for Meraki employees.
This means we now need to inform our customers that they might have been victim to a data breach (GDPR), and have no way providing crucial information that helps determining the impact.
I'm wondering how others are handling these 'events' when critical information is not accessible.
I've also noticed there's no way on accessing vulnerability updates by API or subscribing to a mail alert. There must be a more efficiënt way to be notified about vulnerabilities then opening the dashboard. Any tips here would also be welcome.