Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
836
Views
0
Helpful
2
Replies

Cisco PnP PKI API vulnerability on 2960s

NGJ
Level 1
Level 1

‎10-16-2018 05:02 AM - edited ‎03-10-2019 01:06 AM

Hi.  I’m working through security vulnerabilities identified on some of our switches. One in particular from the Cisco Sept 2017 advisories has been flagged. Cisco IOS Software Plug-and-Play PKI API Certificate Validation Vulnerability.

The advisory states to check by using ‘show pnp profile’. This command is not recognised. Also if I try under conf t, the commands ‘pnp enable’, ‘pnp profile…..’ are unrecognised.

 

Does this mean the feature isn’t supported/installed on our switches with this IOS version? I’ve read that the pnp agent is embedded in the switches, so not sure why the commands are not recognised.

The switches in question are 2960s with IOS 15.0(2)SE10a universal image. The Cisco bug check tool lists this vulnerability against the IOS version.

 

Could anyone clarify this for me. Many thanks

Labels:
0 Helpful
2 Replies 2

Leo Laohoo
Hall of Fame
Hall of Fame

‎10-16-2018 02:35 PM

Most likely you're not affected.
If you want to be sure, just raise a Cisco TAC Case.
0 Helpful

NGJ
Level 1
Level 1
In response to Leo Laohoo

‎10-22-2018 05:27 AM

Ok Thanks Leo
0 Helpful
Customers Also Viewed These Support Documents