QID 316900
Date Published: 2021-03-30
QID 316900: Cisco IOS XE Software Plug-and-Play Privilege Escalation Vulnerability(cisco-sa-ios-xe-pnp-priv-esc-AmG3kuVL)
A vulnerability in a diagnostic command for the Plug-and-Play (PnP) subsystem
of Cisco IOS XE Software could allow an authenticated, local attacker
to elevate privileges to the level of an Administrator user (level 15) on an affected device.
Affected Products
Cisco devices if they are running a vulnerable release of Cisco IOS XE Software.
NOTE: Potential detection as workaround cannot be checked.
QID Detection Logic (Authenticated):
The check matches Cisco IOS XE version retrieved via Unix Auth using "show version" command.
QID Detection Logic (Unauthenticated):
The check matches Cisco IOS XE version retrieved via SNMP or TCP/IP Fingerprint or NTP or Telnet.
A successful exploit could allow the attacker to obtain a privileged authentication token.
This token can be used to send crafted PnP messages and execute privileged commands on the targeted system.
Customers are advised to refer to cisco-sa-ios-xe-pnp-priv-esc-AmG3kuVL for more information.Workaround:
A workaround exists for devices that have TACACS+ authentication, authorization,
and accounting (AAA) command authorization configured.
Administrators can use this feature to deny access to
the non-privileged users to the show pnp profile command. or
Customers who may not want to apply the preceding workaround
can disable the HTTP Server feature to eliminate the attack vector for this vulnerability.
- cisco-sa-ios-xe-pnp-priv-esc-AmG3kuVL -
tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-xe-pnp-priv-esc-AmG3kuVL
CVEs related to QID 316900
| Advisory ID | Software | Component | Link |
|---|---|---|---|
| cisco-sa-ios-xe-pnp-priv-esc-AmG3kuVL |
tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-xe-pnp-priv-esc-AmG3kuVL |