@jbright just wanted to come back and close the loop on this one regarding kr00k (CVE ID: CVE-2019-15126, CVSSv3 Base Score: 3.1) that hit back in late February. Meraki MR26, MR32, MR34 and MR72 and MX64W, MX65W use the impacted chips and are affected by this vulnerability.
I have not heard any reports of Meraki APs being affected but will double check. All of the recent and current APs do not use Broadcom or Cypress chipsets and are not vulnerable, but some of the older End-of-Sale APs had Broadcom, that's what I'll check on and get back to you.
Meraki is aware of the CVE-2019-15126 vulnerability (also commonly known as Kr00k). At this time, Meraki is evaluating the impact and the affected products (if any). We will provide updates as we make progress to ensure the security of our products.
Still in progress. We are in uncharted territory right now with the global coronavirus pandemic, so we should expect responses to/from other teams that are involved to be delayed. I hope you understand. Thanks.
@jbright just wanted to come back and close the loop on this one regarding kr00k (CVE ID: CVE-2019-15126, CVSSv3 Base Score: 3.1) that hit back in late February. Meraki MR26, MR32, MR34 and MR72 and MX64W, MX65W use the impacted chips and are affected by this vulnerability.
@jbright this thread should be good to close, I believe?
I'm going to go ahead and mark @MerakiDave's response as the solution for better visibility when people happen upon this thread. @jbright do let us know if you need any further info though!
Caroline S | Community Manager, Cisco Meraki New to the community? Get started here
Get notified when there are additional replies to this discussion.
