Meraki devices are not affected

Google recently disclosed a vulnerability in SSLv3 known as the POODLE bug. SSL is an encryption protocol used to secure data transmitted over the Internet. SSLv3 is a very old version of this protocol, almost 18 years old, and is mainly used in some older web browsers such as Internet Explorer 6 and earlier.

In order to ensure security for users accessing the dashboard from the web, the Cisco Meraki team has disabled support for SSLv3 on the Meraki dashboard and meraki.cisco.com. Those affected will need to upgrade their browser in order to access the dashboard. A list of vulnerable browsers can be found here; anything marked with a red “no” in the TLS 1.0 column is vulnerable. The most recent versions of all major browsers–Chrome, Firefox, Internet Explorer, Safari–all support TLS and will continue to work with the Meraki dashboard and meraki.com.

Meraki servers, infrastructure, and network devices are not affected by this vulnerability. This includes Meraki access points, switches, security appliances, and Systems Manager clients.

For information on other Cisco products, please see the Cisco Security Advisory on the POODLE vulnerability.