Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
362
Views
0
Helpful
2
Replies

PnP service

tanmoymm91
Level 1
Level 1

‎01-24-2024 12:14 AM

Can any one describe about the function of PnP listener on Cisco IOS-XE device .

I was working on the remediation of one of the vulnerability " Cisco IOS XE Software Plug Play Privilege Escalation "

This vulnerability can cause due to any specific PnP listener is enable on the device .

My question is that is it by default disable or we have to enable it ?

I am not aware about this feature but what i understand is that this is for Plug and play service on edge device .

Any command we have to check on CLI whether PnP service is enable or not on the device ? 

1 person had this problem
Labels:
0 Helpful
2 Replies 2

Sonnah
Level 1
Level 1

‎10-24-2024 12:31 PM

I have this same problem too. Based on Cisco advisory ....The vulnerability is due to insufficient protection of sensitive information. An attacker with low privileges could exploit this vulnerability by issuing the diagnostic CLI show pnp profile when a specific PnP listener is enabled on the device. A successful exploit could allow the attacker to obtain a privileged authentication token. This token can be used to send crafted PnP messages and execute privileged commands on the targeted system... which command can I use to determine if a specific PnP listener is enabled on the device or not.

0 Helpful

Flavio Miranda
VIP
VIP

‎10-24-2024 12:55 PM

@tanmoymm91 

 PNP is enable by default as it is widely used now a days for device onboard in vManage or DNAC.  You can disable it with the commando "no pnp enable". 

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card