Meraki

cabricharme

A number of our older MX devices (MX64 and MX100) got flagged with "Firmware status: critical". The "critical" part: what is it about?

something specific the firmware updates are addressing (like zero day vulnerabilities)
just the fact that the devices cannot be upgraded to newer version because of support sunsetting? Aka "you are generally vulnerable because you can't update the firmware and we here at Meraki believe it's critical"?

(If it's the latter, is "critical" really the right term? Maybe I am nitpicking - yet doesn't "critical" usually refer to immediate threats? Wouldn't a "warning" or an "end of support" label be more appropriate?)

I don't see anything in the release notes or changelogs for the new firmware upgrades listing CVEs or critical vulnerabilities addressed - did I miss them?

Firmware status: critical: NN networks

Your firmware is out of date and may have security vulnerabilities and/or lack key performance improvements. We highly recommend that you upgrade to the latest stable or latest beta firmware release.

This network contains device(s) which are incompatible with the target version. Their firmware version must remain below MX 18.200 and will use the highest compatible version available.

Thank you!

PhilipDAth

critical = past "End of Firmware Maintenance" date.

Cisco Meraki will no longer be maintaining this version.

View solution in original post

Mloraditch

It is definitely not the best GUI.

As Meraki is not always clear with its bug ids, I'm also not sure it's clear on CVEs. I've definitely seen them mentioned in some release notes but I think critical also can mean end of support, as you mention

Support may be able to tell you more specific to your versions, but I agree it's not evident what the reason(s) for critical is(are) and would suggest submitting feedback.

If you found this post helpful, please give it Kudos. If my answer solves your problem please click Accept as Solution so others can benefit from it.

Ryan_Miles

The status definitions are mentioned here https://documentation.meraki.com/General_Administration/Firmware_Upgrades/Managing_Firmware_Upgrades...

cabricharme

Thanks - you probably mean this part:

Q: What does the date beside “Warning” and “Critical” mean?

A: This date is an End of Firmware Maintenance (EFM) date for that particular firmware version. Six months prior to this date, firmware will go into “Warning” status. Once the EFM has passed, the firmware will go into "Critical" status. We highly recommend updating the firmware before it reaches "Critical" status.

Two issues with this though:

Our devices were all green just a couple of days ago - i.e. what Meraki says is not what Meraki does?
"Critical" generally != "we are no longer supporting you" other than where there's a salesperson yelling "give us all your money!" in the background. May I suggest changing the label from "critical" to "GIVE US ALL YOUR MONEY!!!"? 🤣

Elery

All of my MX68 and MX85 devices went from Good (18.2.1.6) to Critical. We usually have a warning period.

cabricharme

Ours - too. They were all green just a couple of days ago. Strange.

gabtoub

Same here on all our MX devices. 19.1.10 was promoted to stable just couple days ago and it seems that no firmware on 18.x branch is on "good" status...

PhilipDAth

critical = past "End of Firmware Maintenance" date.

Cisco Meraki will no longer be maintaining this version.

cabricharme

Our older devices are still getting upgraded MX 18.211.6 → MX 19.1.10 despite being "critical" and "ineligible". Grace period? Meraki's eternal kindness and generosity? UI and docs not being clear what "critical" or even "ineligible" really are - or perhaps me not understanding them?

Meraki

Community

"critical" firmware updates: what's is "critical" about them, exactly?

"critical" firmware updates: what's is "critical" about them, exactly?