A vulnerability in a diagnostic command for the Plug-and-Play (PnP) subsystem of Cisco IOS XE Software could allow an authenticated, local attacker to elevate privileges to the level of an Administrator user (level 15) on an affected device. The vulnerability is due to insufficient protection of sensitive information. An attacker with low privileges could exploit this vulnerability by issuing the diagnostic CLI show pnp profile when a specific PnP listener is enabled on the device. A successful exploit could allow the attacker to obtain a privileged authentication token. This token can be used to send crafted PnP messages and execute privileged commands on the targeted system.
Information written to log files can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive user information.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Ios_xe | Cisco | 3.6.3e (including) | 3.6.3e (including) |
| Ios_xe | Cisco | 3.6.4e (including) | 3.6.4e (including) |
| Ios_xe | Cisco | 3.6.5ae (including) | 3.6.5ae (including) |
| Ios_xe | Cisco | 3.6.5be (including) | 3.6.5be (including) |
| Ios_xe | Cisco | 3.6.5e (including) | 3.6.5e (including) |
| Ios_xe | Cisco | 3.6.6e (including) | 3.6.6e (including) |
| Ios_xe | Cisco | 3.6.7ae (including) | 3.6.7ae (including) |
| Ios_xe | Cisco | 3.6.7be (including) | 3.6.7be (including) |
| Ios_xe | Cisco | 3.6.7e (including) | 3.6.7e (including) |
| Ios_xe | Cisco | 3.6.8e (including) | 3.6.8e (including) |
| Ios_xe | Cisco | 3.6.9ae (including) | 3.6.9ae (including) |
| Ios_xe | Cisco | 3.6.9e (including) | 3.6.9e (including) |
| Ios_xe | Cisco | 3.6.10e (including) | 3.6.10e (including) |
| Ios_xe | Cisco | 3.7.3e (including) | 3.7.3e (including) |
| Ios_xe | Cisco | 3.7.4e (including) | 3.7.4e (including) |
| Ios_xe | Cisco | 3.7.5e (including) | 3.7.5e (including) |
| Ios_xe | Cisco | 3.8.0e (including) | 3.8.0e (including) |
| Ios_xe | Cisco | 3.8.1e (including) | 3.8.1e (including) |
| Ios_xe | Cisco | 3.8.2e (including) | 3.8.2e (including) |
| Ios_xe | Cisco | 3.8.3e (including) | 3.8.3e (including) |
| Ios_xe | Cisco | 3.8.4e (including) | 3.8.4e (including) |
| Ios_xe | Cisco | 3.8.5ae (including) | 3.8.5ae (including) |
| Ios_xe | Cisco | 3.8.5e (including) | 3.8.5e (including) |
| Ios_xe | Cisco | 3.8.6e (including) | 3.8.6e (including) |
| Ios_xe | Cisco | 3.8.7e (including) | 3.8.7e (including) |
| Ios_xe | Cisco | 3.8.8e (including) | 3.8.8e (including) |
| Ios_xe | Cisco | 3.8.9e (including) | 3.8.9e (including) |
| Ios_xe | Cisco | 3.8.10e (including) | 3.8.10e (including) |
| Ios_xe | Cisco | 3.9.0e (including) | 3.9.0e (including) |
| Ios_xe | Cisco | 3.9.1e (including) | 3.9.1e (including) |
| Ios_xe | Cisco | 3.9.2be (including) | 3.9.2be (including) |
| Ios_xe | Cisco | 3.9.2e (including) | 3.9.2e (including) |
| Ios_xe | Cisco | 3.10.0ce (including) | 3.10.0ce (including) |
| Ios_xe | Cisco | 3.10.0e (including) | 3.10.0e (including) |
| Ios_xe | Cisco | 3.10.1ae (including) | 3.10.1ae (including) |
| Ios_xe | Cisco | 3.10.1e (including) | 3.10.1e (including) |
| Ios_xe | Cisco | 3.10.1se (including) | 3.10.1se (including) |
| Ios_xe | Cisco | 3.10.2e (including) | 3.10.2e (including) |
| Ios_xe | Cisco | 3.10.3e (including) | 3.10.3e (including) |
| Ios_xe | Cisco | 3.11.0e (including) | 3.11.0e (including) |
| Ios_xe | Cisco | 3.11.1ae (including) | 3.11.1ae (including) |
| Ios_xe | Cisco | 3.11.1e (including) | 3.11.1e (including) |
| Ios_xe | Cisco | 3.11.2ae (including) | 3.11.2ae (including) |
| Ios_xe | Cisco | 3.11.2e (including) | 3.11.2e (including) |
| Ios_xe | Cisco | 3.13.8s (including) | 3.13.8s (including) |
| Ios_xe | Cisco | 3.13.9s (including) | 3.13.9s (including) |
| Ios_xe | Cisco | 3.13.10s (including) | 3.13.10s (including) |
| Ios_xe | Cisco | 3.16.0as (including) | 3.16.0as (including) |
| Ios_xe | Cisco | 3.16.0bs (including) | 3.16.0bs (including) |
| Ios_xe | Cisco | 3.16.0cs (including) | 3.16.0cs (including) |
| Ios_xe | Cisco | 3.16.0s (including) | 3.16.0s (including) |
| Ios_xe | Cisco | 3.16.1as (including) | 3.16.1as (including) |
| Ios_xe | Cisco | 3.16.1s (including) | 3.16.1s (including) |
| Ios_xe | Cisco | 3.16.2as (including) | 3.16.2as (including) |
| Ios_xe | Cisco | 3.16.2bs (including) | 3.16.2bs (including) |
| Ios_xe | Cisco | 3.16.2s (including) | 3.16.2s (including) |
| Ios_xe | Cisco | 3.16.3as (including) | 3.16.3as (including) |
| Ios_xe | Cisco | 3.16.3s (including) | 3.16.3s (including) |
| Ios_xe | Cisco | 3.16.4as (including) | 3.16.4as (including) |
| Ios_xe | Cisco | 3.16.4bs (including) | 3.16.4bs (including) |
| Ios_xe | Cisco | 3.16.4cs (including) | 3.16.4cs (including) |
| Ios_xe | Cisco | 3.16.4ds (including) | 3.16.4ds (including) |
| Ios_xe | Cisco | 3.16.4es (including) | 3.16.4es (including) |
| Ios_xe | Cisco | 3.16.4gs (including) | 3.16.4gs (including) |
| Ios_xe | Cisco | 3.16.4s (including) | 3.16.4s (including) |
| Ios_xe | Cisco | 3.16.5as (including) | 3.16.5as (including) |
| Ios_xe | Cisco | 3.16.5bs (including) | 3.16.5bs (including) |
| Ios_xe | Cisco | 3.16.5s (including) | 3.16.5s (including) |
| Ios_xe | Cisco | 3.16.6bs (including) | 3.16.6bs (including) |
| Ios_xe | Cisco | 3.16.6s (including) | 3.16.6s (including) |
| Ios_xe | Cisco | 3.16.7as (including) | 3.16.7as (including) |
| Ios_xe | Cisco | 3.16.7bs (including) | 3.16.7bs (including) |
| Ios_xe | Cisco | 3.16.7s (including) | 3.16.7s (including) |
| Ios_xe | Cisco | 3.16.8s (including) | 3.16.8s (including) |
| Ios_xe | Cisco | 3.16.9s (including) | 3.16.9s (including) |
| Ios_xe | Cisco | 3.16.10as (including) | 3.16.10as (including) |
| Ios_xe | Cisco | 3.16.10s (including) | 3.16.10s (including) |
| Ios_xe | Cisco | 3.17.0s (including) | 3.17.0s (including) |
| Ios_xe | Cisco | 3.17.1as (including) | 3.17.1as (including) |
| Ios_xe | Cisco | 3.17.1s (including) | 3.17.1s (including) |
| Ios_xe | Cisco | 3.17.2s (including) | 3.17.2s (including) |
| Ios_xe | Cisco | 3.17.3s (including) | 3.17.3s (including) |
| Ios_xe | Cisco | 3.17.4s (including) | 3.17.4s (including) |
| Ios_xe | Cisco | 3.18.0as (including) | 3.18.0as (including) |
| Ios_xe | Cisco | 3.18.0s (including) | 3.18.0s (including) |
| Ios_xe | Cisco | 3.18.0sp (including) | 3.18.0sp (including) |
| Ios_xe | Cisco | 3.18.1asp (including) | 3.18.1asp (including) |
| Ios_xe | Cisco | 3.18.1bsp (including) | 3.18.1bsp (including) |
| Ios_xe | Cisco | 3.18.1csp (including) | 3.18.1csp (including) |
| Ios_xe | Cisco | 3.18.1gsp (including) | 3.18.1gsp (including) |
| Ios_xe | Cisco | 3.18.1hsp (including) | 3.18.1hsp (including) |
| Ios_xe | Cisco | 3.18.1isp (including) | 3.18.1isp (including) |
| Ios_xe | Cisco | 3.18.1s (including) | 3.18.1s (including) |
| Ios_xe | Cisco | 3.18.1sp (including) | 3.18.1sp (including) |
| Ios_xe | Cisco | 3.18.2asp (including) | 3.18.2asp (including) |
| Ios_xe | Cisco | 3.18.2s (including) | 3.18.2s (including) |
| Ios_xe | Cisco | 3.18.2sp (including) | 3.18.2sp (including) |
| Ios_xe | Cisco | 3.18.3asp (including) | 3.18.3asp (including) |
| Ios_xe | Cisco | 3.18.3bsp (including) | 3.18.3bsp (including) |
| Ios_xe | Cisco | 3.18.3s (including) | 3.18.3s (including) |
| Ios_xe | Cisco | 3.18.3sp (including) | 3.18.3sp (including) |
| Ios_xe | Cisco | 3.18.4s (including) | 3.18.4s (including) |
| Ios_xe | Cisco | 3.18.4sp (including) | 3.18.4sp (including) |
| Ios_xe | Cisco | 3.18.5sp (including) | 3.18.5sp (including) |
| Ios_xe | Cisco | 3.18.6sp (including) | 3.18.6sp (including) |
| Ios_xe | Cisco | 3.18.7sp (including) | 3.18.7sp (including) |
| Ios_xe | Cisco | 3.18.8asp (including) | 3.18.8asp (including) |
| Ios_xe | Cisco | 3.18.8sp (including) | 3.18.8sp (including) |
| Ios_xe | Cisco | 16.1.1 (including) | 16.1.1 (including) |
| Ios_xe | Cisco | 16.1.2 (including) | 16.1.2 (including) |
| Ios_xe | Cisco | 16.1.3 (including) | 16.1.3 (including) |
| Ios_xe | Cisco | 16.2.1 (including) | 16.2.1 (including) |
| Ios_xe | Cisco | 16.2.2 (including) | 16.2.2 (including) |
| Ios_xe | Cisco | 16.3.1 (including) | 16.3.1 (including) |
| Ios_xe | Cisco | 16.3.1a (including) | 16.3.1a (including) |
| Ios_xe | Cisco | 16.3.2 (including) | 16.3.2 (including) |
| Ios_xe | Cisco | 16.3.3 (including) | 16.3.3 (including) |
| Ios_xe | Cisco | 16.3.4 (including) | 16.3.4 (including) |
| Ios_xe | Cisco | 16.3.5 (including) | 16.3.5 (including) |
| Ios_xe | Cisco | 16.3.5b (including) | 16.3.5b (including) |
| Ios_xe | Cisco | 16.3.6 (including) | 16.3.6 (including) |
| Ios_xe | Cisco | 16.3.7 (including) | 16.3.7 (including) |
| Ios_xe | Cisco | 16.3.8 (including) | 16.3.8 (including) |
| Ios_xe | Cisco | 16.3.9 (including) | 16.3.9 (including) |
| Ios_xe | Cisco | 16.3.10 (including) | 16.3.10 (including) |
| Ios_xe | Cisco | 16.3.11 (including) | 16.3.11 (including) |
| Ios_xe | Cisco | 16.4.1 (including) | 16.4.1 (including) |
| Ios_xe | Cisco | 16.4.2 (including) | 16.4.2 (including) |
| Ios_xe | Cisco | 16.4.3 (including) | 16.4.3 (including) |
| Ios_xe | Cisco | 16.5.1 (including) | 16.5.1 (including) |
| Ios_xe | Cisco | 16.5.1a (including) | 16.5.1a (including) |
| Ios_xe | Cisco | 16.5.1b (including) | 16.5.1b (including) |
| Ios_xe | Cisco | 16.5.2 (including) | 16.5.2 (including) |
| Ios_xe | Cisco | 16.5.3 (including) | 16.5.3 (including) |
| Ios_xe | Cisco | 16.6.1 (including) | 16.6.1 (including) |
| Ios_xe | Cisco | 16.6.2 (including) | 16.6.2 (including) |
| Ios_xe | Cisco | 16.6.3 (including) | 16.6.3 (including) |
| Ios_xe | Cisco | 16.6.4 (including) | 16.6.4 (including) |
| Ios_xe | Cisco | 16.6.4a (including) | 16.6.4a (including) |
| Ios_xe | Cisco | 16.6.4s (including) | 16.6.4s (including) |
| Ios_xe | Cisco | 16.6.5 (including) | 16.6.5 (including) |
| Ios_xe | Cisco | 16.6.5a (including) | 16.6.5a (including) |
| Ios_xe | Cisco | 16.6.5b (including) | 16.6.5b (including) |
| Ios_xe | Cisco | 16.6.6 (including) | 16.6.6 (including) |
| Ios_xe | Cisco | 16.6.7 (including) | 16.6.7 (including) |
| Ios_xe | Cisco | 16.6.7a (including) | 16.6.7a (including) |
| Ios_xe | Cisco | 16.6.8 (including) | 16.6.8 (including) |
| Ios_xe | Cisco | 16.7.1 (including) | 16.7.1 (including) |
| Ios_xe | Cisco | 16.7.1a (including) | 16.7.1a (including) |
| Ios_xe | Cisco | 16.7.1b (including) | 16.7.1b (including) |
| Ios_xe | Cisco | 16.7.2 (including) | 16.7.2 (including) |
| Ios_xe | Cisco | 16.7.3 (including) | 16.7.3 (including) |
| Ios_xe | Cisco | 16.7.4 (including) | 16.7.4 (including) |
| Ios_xe | Cisco | 16.8.1 (including) | 16.8.1 (including) |
| Ios_xe | Cisco | 16.8.1a (including) | 16.8.1a (including) |
| Ios_xe | Cisco | 16.8.1b (including) | 16.8.1b (including) |
| Ios_xe | Cisco | 16.8.1c (including) | 16.8.1c (including) |
| Ios_xe | Cisco | 16.8.1d (including) | 16.8.1d (including) |
| Ios_xe | Cisco | 16.8.1e (including) | 16.8.1e (including) |
| Ios_xe | Cisco | 16.8.1s (including) | 16.8.1s (including) |
| Ios_xe | Cisco | 16.8.2 (including) | 16.8.2 (including) |
| Ios_xe | Cisco | 16.8.3 (including) | 16.8.3 (including) |
| Ios_xe | Cisco | 16.9.1 (including) | 16.9.1 (including) |
| Ios_xe | Cisco | 16.9.1a (including) | 16.9.1a (including) |
| Ios_xe | Cisco | 16.9.1b (including) | 16.9.1b (including) |
| Ios_xe | Cisco | 16.9.1c (including) | 16.9.1c (including) |
| Ios_xe | Cisco | 16.9.1d (including) | 16.9.1d (including) |
| Ios_xe | Cisco | 16.9.1s (including) | 16.9.1s (including) |
| Ios_xe | Cisco | 16.9.2 (including) | 16.9.2 (including) |
| Ios_xe | Cisco | 16.9.2a (including) | 16.9.2a (including) |
| Ios_xe | Cisco | 16.9.2s (including) | 16.9.2s (including) |
| Ios_xe | Cisco | 16.9.3 (including) | 16.9.3 (including) |
| Ios_xe | Cisco | 16.9.3a (including) | 16.9.3a (including) |
| Ios_xe | Cisco | 16.9.3h (including) | 16.9.3h (including) |
| Ios_xe | Cisco | 16.9.3s (including) | 16.9.3s (including) |
| Ios_xe | Cisco | 16.9.4 (including) | 16.9.4 (including) |
| Ios_xe | Cisco | 16.9.4c (including) | 16.9.4c (including) |
| Ios_xe | Cisco | 16.9.5 (including) | 16.9.5 (including) |
| Ios_xe | Cisco | 16.9.5f (including) | 16.9.5f (including) |
| Ios_xe | Cisco | 16.9.6 (including) | 16.9.6 (including) |
| Ios_xe | Cisco | 16.10.1 (including) | 16.10.1 (including) |
| Ios_xe | Cisco | 16.10.1a (including) | 16.10.1a (including) |
| Ios_xe | Cisco | 16.10.1b (including) | 16.10.1b (including) |
| Ios_xe | Cisco | 16.10.1c (including) | 16.10.1c (including) |
| Ios_xe | Cisco | 16.10.1d (including) | 16.10.1d (including) |
| Ios_xe | Cisco | 16.10.1e (including) | 16.10.1e (including) |
| Ios_xe | Cisco | 16.10.1f (including) | 16.10.1f (including) |
| Ios_xe | Cisco | 16.10.1g (including) | 16.10.1g (including) |
| Ios_xe | Cisco | 16.10.1s (including) | 16.10.1s (including) |
| Ios_xe | Cisco | 16.10.2 (including) | 16.10.2 (including) |
| Ios_xe | Cisco | 16.10.3 (including) | 16.10.3 (including) |
| Ios_xe | Cisco | 16.11.1 (including) | 16.11.1 (including) |
| Ios_xe | Cisco | 16.11.1a (including) | 16.11.1a (including) |
| Ios_xe | Cisco | 16.11.1b (including) | 16.11.1b (including) |
| Ios_xe | Cisco | 16.11.1c (including) | 16.11.1c (including) |
| Ios_xe | Cisco | 16.11.1s (including) | 16.11.1s (including) |
| Ios_xe | Cisco | 16.11.2 (including) | 16.11.2 (including) |
| Ios_xe | Cisco | 16.12.1 (including) | 16.12.1 (including) |
| Ios_xe | Cisco | 16.12.1a (including) | 16.12.1a (including) |
| Ios_xe | Cisco | 16.12.1c (including) | 16.12.1c (including) |
| Ios_xe | Cisco | 16.12.1s (including) | 16.12.1s (including) |
| Ios_xe | Cisco | 16.12.1t (including) | 16.12.1t (including) |
| Ios_xe | Cisco | 16.12.1w (including) | 16.12.1w (including) |
| Ios_xe | Cisco | 16.12.1x (including) | 16.12.1x (including) |
| Ios_xe | Cisco | 16.12.1y (including) | 16.12.1y (including) |
| Ios_xe | Cisco | 16.12.1z (including) | 16.12.1z (including) |
| Ios_xe | Cisco | 16.12.2 (including) | 16.12.2 (including) |
| Ios_xe | Cisco | 16.12.2a (including) | 16.12.2a (including) |
| Ios_xe | Cisco | 16.12.2s (including) | 16.12.2s (including) |
| Ios_xe | Cisco | 16.12.2t (including) | 16.12.2t (including) |
| Ios_xe | Cisco | 16.12.3 (including) | 16.12.3 (including) |
| Ios_xe | Cisco | 16.12.3a (including) | 16.12.3a (including) |
| Ios_xe | Cisco | 16.12.3s (including) | 16.12.3s (including) |
| Ios_xe | Cisco | 16.12.4 (including) | 16.12.4 (including) |
| Ios_xe | Cisco | 16.12.4a (including) | 16.12.4a (including) |
| Ios_xe | Cisco | 17.1.1 (including) | 17.1.1 (including) |
| Ios_xe | Cisco | 17.1.1a (including) | 17.1.1a (including) |
| Ios_xe | Cisco | 17.1.1s (including) | 17.1.1s (including) |
| Ios_xe | Cisco | 17.1.1t (including) | 17.1.1t (including) |
| Ios_xe | Cisco | 17.1.2 (including) | 17.1.2 (including) |
| Ios_xe | Cisco | 17.2.1 (including) | 17.2.1 (including) |
| Ios_xe | Cisco | 17.2.1a (including) | 17.2.1a (including) |
| Ios_xe | Cisco | 17.2.1r (including) | 17.2.1r (including) |
| Ios_xe | Cisco | 17.2.1v (including) | 17.2.1v (including) |
While logging all information may be helpful during development stages, it is important that logging levels be set appropriately before a product ships so that sensitive user data and system information are not accidentally exposed to potential attackers. Different log files may be produced and stored for: