cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
  • About CameronGoS

Re: MX80 reporting jquery XSS vulnerability on internal vulnerability scans

by in Security / SD-WAN
‎07-15-2020 06:32 AM
‎07-15-2020 06:32 AM
No, it isn't showing up publicly, just locally from internal vulnerability scans. ... View more

MX80 reporting jquery XSS vulnerability on internal vulnerability scans

by in Security / SD-WAN
‎07-14-2020 01:56 PM
1 Kudo
‎07-14-2020 01:56 PM
1 Kudo
Our MX80 is reporting a jquery XSS vulnerability on its web interface from our internal vulnerability scans.  This URL displays the jquery info which reports v1.10.1: http://192.168.8.1/third_party/jquery/jquery-1.10.1.min.js   We are currently running firmware v14.40 and I've scheduled an upgrade to v14.42 but am not expecting that to address this issue.   Below is the info from the vulnerability: Synopsis The remote web server is affected by multiple cross site scripting vulnerability.   Description According to the self-reported version in the script, the version of JQuery hosted on the remote web server is greater than or equal to 1.2 and prior to 3.5.0. It is, therefore, affected by multiple cross site scripting vulnerabilities.   See Also https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/   Solution Upgrade to JQuery version 3.5.0 or later. ... View more

Re: Feature Request - Integrations to Zscaler and Microsoft Azure

by in Security / SD-WAN
‎03-08-2019 06:07 AM
2 Kudos
‎03-08-2019 06:07 AM
2 Kudos
I fully agree.  Ther Meraki VPN tunels to 3rd party peers leaves a lot to be desired.  (No backup peer IP, no granularity for configuring different sets of source IPs to different destination IPs, no IKEv2).   I respectfully disagree with @PhilipDAth on the SSL inspection.  Our DLP policy enforced by zScaler allows us to grant users access to read documents shared from sources like Dropbox, Google Drive, Office 365, without allowing them to upload documents/files to those destinations.  That requires SSL inspection and a much more sophisticated policy set than is offered with Meraki.  Not to mention, the tunnel config options I mentioned above are all just standard boiler plate Site to Site VPN tunnel options, which would let a solution like zScaler work just fine. ... View more

Re: Meraki -> ASA VPN with Failover

by in Security / SD-WAN
‎03-06-2019 04:18 AM
1 Kudo
‎03-06-2019 04:18 AM
1 Kudo
This is an old thread, but I'm now running into the same issue.  I disagree with the statement this is an unusual configuration since it has been a standard configuration in other Cisco firewalls for as long as I can remember.  In an ASA as an example, you simply configure your phase 2 with something like the following: crypto map outside-vpn-map 999 set peer 104.129.206.38 165.225.0.42 This really is an important feature for the Meraki if it is going to be a viable replacement for other firewall products.  We use a tunnel like this to route traffic through a DLP vendor and since the Meraki firewall replacement, there is now no fault tolerance in the VPN tunnel on the vendor side.   This kind of thing and lack of support for IKEv2 in the VPN tunnels is really disappointing for anyone trying to move to Meraki from other more traditional firewall and networking gear. ... View more
© 2022 Meraki