Having some trouble finding any good info on this:
https://threatpost.com/critical-cisco-staros-bug-root-access-debug-mode/177832/
A few other articles all list Meraki MX as being affected, but none of the Cisco documents list Meraki. It's also not clear if this is a bug directly with the MX, or if you must be running FTD in order to gain access to the MX.
Anyone seen or heard anything further? I know its hot off the press....
Strictly speaking, the StarOS bug doesn't affect Meraki or FTD at all. It's "only" the Snort / IPS preprocessor for Modbus. As far as I know, that's not even active on Meraki MX.
Therefore I don't even know why this one is mentioned in this article.
Highly confusing...lol
The discussion about that should go into: https://community.meraki.com/t5/Security-SD-WAN/SNORT-IDS-bypass-vulnerability/m-p/138203
There's no mention of Meraki within the Cisco advisory:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rcm-vuls-7cS3Nuq#fs
There is however another Snort related vulnerability which does affect MX's
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snort-dos-9D3hJLuj
Well, like we all know that InfoSec and IT leadership reads these articles then asks many question 😉
So the questions are:
1) Why are news articles mentioning Meraki when discussing the StarOS issues
2) Is it truly only related to SNORT/IDS?