CISCO-SA-IOSXE_INFODIS-6J847UEB

Vulnerable Products:

At the time of publication, this vulnerability affected the following Cisco platforms if they were running a vulnerable release of Cisco IOS XE Software and had Meraki dashboard management enabled:

Catalyst 9200 Series Switches Catalyst 9300 Series Switches Catalyst CW9800H1 Wireless Controllers Meraki MS390

For information about which Cisco software releases are vulnerable, see the Fixed Software ["#fs"] section of this advisory. Determine the Device Configuration To determine whether the device is configured for a Meraki tunnel to the dashboard, use the show meraki connect brief CLI command. If the device is configured for a Meraki tunnel, this command will return output showing that the tunnel is Connected, Up, and Registered, as shown in the following example:

Switch# show meraki connect brief Meraki Cloud: https://n143.meraki.com Status: Connected Tunnel: Up Registration: RegisteredProducts Confirmed Not Vulnerable:

Only products listed in the Vulnerable Products ["#vp"] section of this advisory are known to be affected by this vulnerability.

Cisco has confirmed that this vulnerability does not affect the following Cisco products:

IOS Software IOS XR Software NX-OS SoftwareWorkarounds:

There are no workarounds that address this vulnerability.Fixed Software:

Cisco considers any workarounds and mitigations (if applicable) to be temporary solutions until an upgrade to a fixed software release is available. To fully remediate this vulnerability and avoid future exposure as described in this advisory, Cisco strongly recommends that customers upgrade to the fixed software indicated in this advisory. Cisco IOS and IOS XE Software To help customers determine their exposure to vulnerabilities in Cisco IOS and IOS XE Software, Cisco provides the Cisco Software Checker ["https://sec.cloudapps.cisco.com/security/center/softwarechecker.x"]. This tool identifies any Cisco security advisories that impact a...