CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
EPSS
Percentile
54.8%
According to its self-reported version, the installed Cisco IOS software is affected by a vulnerability in the Cisco Network Plug-and-Play (PnP) agent. This vulnerability allows an unauthenticated, remote attacker to gain unauthorized access to sensitive data. The vulnerability exists because the affected software insufficiently validates certificates. An attacker can exploit this vulnerability by supplying a specially crafted certificate to an affected device. A successful exploit allows the attacker to conduct man-in-the-middle attacks to decrypt and modify confidential information on user connections to the affected software. (CVE-2019-1748)
Please see the included Cisco BIDs and Cisco Security Advisory for more information.
Note that Nessus has not tested for this issue but has instead relied only on the application’s self-reported version number.
#TRUSTED 2169ed5e834bc63e88dbe2c272dfdb6aa2425e343eff0640f6bc48210233edb6d55505cf8ffa06d44cf6d655dfb3e4f59fb51fe2792b562ba52c28722e733c93df37cfb331e6f6b27006113cbdb29068cc6ef788dd77c2681a411e2417c549b1f0045fe63b8b4c0f0a78e0fc164d29dab3ca3a64b2fc248ada63abca9dcd5e62c722dc930f1b1e7421b0aa10a203393c348330ec9fafeacea5b70a3b7c4c892e0495030e69e60e99a67caa42f95764e3f899d7a58603c247691808dcbad0d0d41675597b25869ad168ed1aa3fb10584636c6defeab136056dc2ab2a8a865c79e2e3fa91fbd29fbd9443bb549b924d05bee7e45cf322955f5a852db5871d4e8ea8faf7f9254af0e1b72444df897faa0d7cc8a56c7167f22ec742e413361bb71b11c3f8e157436b77844c826337f10369d599ac26fa0748170ee4ba3a19f4050fdad5536caed05e05ee508ad0cc18b5a6bc7f524de7ba7ebd0155550cd1039ccc31fd0a3a54f8d13e33ebeb6b3372a65e8f433e75d7348238188575ca0d82dca0d0bdd61b27380aa26e01fab2eab9544631744918ba691985bd56709ffb150f177b9e4d01359de1fa72a1de0b865880c13ec91d88448cf447c40c2767dbd02d5631c8bfcf15f15737a9b4ffff6910af42e3ae7391070fdc2d0d0a21b7c099eb6ef17e562a683c423056e643fe13517b08f20138c93645e7bfce37c7ac00425a301
#
# (C) Tenable Network Security, Inc.
#
include("compat.inc");
if (description)
{
script_id(127049);
script_version("1.11");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/04/12");
script_cve_id("CVE-2019-1748");
script_bugtraq_id(107619);
script_xref(name:"CISCO-BUG-ID", value:"CSCvf36269");
script_xref(name:"CISCO-BUG-ID", value:"CSCvg01089");
script_xref(name:"CISCO-SA", value:"cisco-sa-20190327-pnp-cert");
script_name(english:"Cisco IOS Software Network Plug-and-Play Agent Certificate Validation Vulnerability");
script_summary(english:"Checks the version of Cisco IOS Software");
script_set_attribute(attribute:"synopsis", value:
"The remote device is missing a vendor-supplied security patch");
script_set_attribute(attribute:"description", value:
"According to its self-reported version, the installed Cisco IOS software is affected by a vulnerability in the
Cisco Network Plug-and-Play (PnP) agent. This vulnerability allows an unauthenticated, remote attacker to gain
unauthorized access to sensitive data. The vulnerability exists because the affected software insufficiently validates
certificates. An attacker can exploit this vulnerability by supplying a specially crafted certificate to an affected
device. A successful exploit allows the attacker to conduct man-in-the-middle attacks to decrypt and modify
confidential information on user connections to the affected software. (CVE-2019-1748)
Please see the included Cisco BIDs and Cisco Security Advisory for more information.
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
# https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190327-pnp-cert
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?9f246a7b");
script_set_attribute(attribute:"see_also", value:"http://tools.cisco.com/security/center/viewErp.x?alertId=ERP-71135");
script_set_attribute(attribute:"see_also", value:"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvf36269");
script_set_attribute(attribute:"see_also", value:"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvg01089");
script_set_attribute(attribute:"solution", value:
"Upgrade to the relevant fixed version referenced in Cisco bug IDs CSCvf36269 and CSCvg01089.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-1748");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_cwe_id(295);
script_set_attribute(attribute:"vuln_publication_date", value:"2019/03/27");
script_set_attribute(attribute:"patch_publication_date", value:"2019/03/27");
script_set_attribute(attribute:"plugin_publication_date", value:"2019/07/26");
script_set_attribute(attribute:"plugin_type", value:"combined");
script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:ios");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"CISCO");
script_copyright(english:"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("cisco_ios_version.nasl");
script_require_keys("Host/Cisco/IOS/Version");
exit(0);
}
include('audit.inc');
include('cisco_workarounds.inc');
include('ccf.inc');
product_info = cisco::get_product_info(name:'Cisco IOS');
version_list=make_list(
'12.1(12)',
'12.1(1c)',
'12.1(14)',
'12.1(7)',
'12.1(9)',
'12.1(4a)',
'12.1(3b)',
'12.1(5b)',
'12.1(6)',
'12.1(4b)',
'12.1(12a)',
'12.1(11b)',
'12.1(5)',
'12.1(16)',
'12.1(13)',
'12.1(7b)',
'12.1(13a)',
'12.1(22a)',
'12.1(24)',
'12.1(17)',
'12.1(5e)',
'12.1(8)',
'12.1(18)',
'12.1(1)',
'12.1(5c)',
'12.1(6b)',
'12.1(8a)',
'12.1(8c)',
'12.1(20)',
'12.1(2b)',
'12.1(17a)',
'12.1(19)',
'12.1(2)',
'12.1(6a)',
'12.1(22b)',
'12.1(15)',
'12.1(20a)',
'12.1(26)',
'12.1(10)',
'12.1(4c)',
'12.1(10a)',
'12.1(21)',
'12.1(22)',
'12.1(11)',
'12.1(12b)',
'12.1(22c)',
'12.1(9a)',
'12.1(3)',
'12.1(25)',
'12.1(7c)',
'12.1(4)',
'12.1(3)XI',
'12.0(5)S',
'12.0(11)S6',
'12.0(10)S',
'12.0(11)S5',
'12.0(2)S',
'12.0(4)S',
'12.0(6)S2',
'12.0(7)S',
'12.0(6)S',
'12.0(6)S1',
'12.0(11)S4',
'12.0(10)S1',
'12.0(10)S7',
'12.0(28)S4a',
'12.0(11)S3',
'12.0(10)S3',
'12.0(8)S',
'12.0(10)S3b',
'12.0(8)S1',
'12.0(10)S4',
'12.0(3)S',
'12.0(10)S2',
'12.0(11)S1',
'12.0(10)S8',
'12.0(9)S',
'12.0(9)S8',
'12.0(10)S5',
'12.0(10)S6',
'12.0(7)S1',
'12.0(11)S',
'12.0(11)S2',
'12.0(10)ST',
'12.0(11)ST',
'12.0(9)ST',
'12.0(11)ST3',
'12.0(10)ST1',
'12.0(10)ST2',
'12.0(11)ST2',
'12.0(11)ST1',
'12.0(11)ST4',
'12.2(22)S',
'12.2(20)S',
'12.2(18)S',
'12.2(25)S',
'12.2(20)S2a',
'12.2(20)S4a',
'12.2(20)S5',
'12.2(18)S1',
'12.2(20)S4',
'12.2(18)S2',
'12.2(18)S4',
'12.2(25)S2',
'12.2(20)S2',
'12.2(18)S3',
'12.2(20)S6',
'12.2(20)S3',
'12.2(25)S1',
'12.2(20)S1',
'12.2(2)XB9',
'12.2(4)XL2',
'12.2(10a)',
'12.2(1)',
'12.2(21b)',
'12.2(10)',
'12.2(1a)',
'12.2(1b)',
'12.2(1d)',
'12.2(10b)',
'12.2(10d)',
'12.2(10g)',
'12.2(3d)',
'12.2(3g)',
'12.2(3)',
'12.2(5)',
'12.2(5a)',
'12.2(5d)',
'12.2(6g)',
'12.2(6h)',
'12.2(6i)',
'12.2(6j)',
'12.2(6)',
'12.2(6a)',
'12.2(6b)',
'12.2(6c)',
'12.2(6d)',
'12.2(6e)',
'12.2(6f)',
'12.2(7a)',
'12.2(7b)',
'12.2(7c)',
'12.2(7g)',
'12.2(7)',
'12.2(37)',
'12.2(19b)',
'12.2(24b)',
'12.2(12e)',
'12.2(28)',
'12.2(12b)',
'12.2(26b)',
'12.2(28a)',
'12.2(12i)',
'12.2(19)',
'12.2(24)',
'12.2(12g)',
'12.2(13c)',
'12.2(12f)',
'12.2(12c)',
'12.2(32)',
'12.2(31)',
'12.2(26a)',
'12.2(27)',
'12.2(12d)',
'12.2(17e)',
'12.2(28d)',
'12.2(17a)',
'12.2(12k)',
'12.2(13e)',
'12.2(12a)',
'12.2(19c)',
'12.2(27b)',
'12.2(17b)',
'12.2(23)',
'12.2(27a)',
'12.2(16)',
'12.2(12m)',
'12.2(40)',
'12.2(28c)',
'12.2(24a)',
'12.2(21a)',
'12.2(13b)',
'12.2(23a)',
'12.2(17d)',
'12.2(26)',
'12.2(23c)',
'12.2(16b)',
'12.2(13)',
'12.2(19a)',
'12.2(17f)',
'12.2(28b)',
'12.2(23d)',
'12.2(12)',
'12.2(12j)',
'12.2(23f)',
'12.2(17)',
'12.2(16c)',
'12.2(16a)',
'12.2(12l)',
'12.2(12h)',
'12.2(16f)',
'12.2(29a)',
'12.2(13a)',
'12.2(40a)',
'12.2(23e)',
'12.2(21)',
'12.2(46)',
'12.2(29)',
'12.0(19)',
'12.0(2a)',
'12.0(6)',
'12.0(13)',
'12.0(1)',
'12.0(9)',
'12.0(16)',
'12.0(2)',
'12.0(28c)',
'12.0(17)',
'12.0(19a)',
'12.0(3a)',
'12.0(8a)',
'12.0(16a)',
'12.0(18)',
'12.0(6b)',
'12.0(13a)',
'12.0(20)',
'12.0(28b)',
'12.0(7)',
'12.0(25)',
'12.0(15b)',
'12.0(28d)',
'12.0(26)',
'12.0(3)',
'12.0(15)',
'12.0(11a)',
'12.0(4)',
'12.0(15a)',
'12.0(4b)',
'12.0(8)',
'12.0(8b)',
'12.0(21a)',
'12.0(22)',
'12.0(19b)',
'12.0(18b)',
'12.0(17a)',
'12.0(1a)',
'12.0(4a)',
'12.0(10)',
'12.0(24)',
'12.0(12)',
'12.0(11)',
'12.0(23)',
'12.0(14)',
'12.0(5a)',
'12.0(20a)',
'12.0(14a)',
'12.0(2b)',
'12.0(12a)',
'12.0(6a)',
'12.0(7a)',
'12.0(3d)',
'12.0(28a)',
'12.0(9a)',
'12.0(3b)',
'12.0(28)',
'12.0(10a)',
'12.0(16b)',
'12.0(21)',
'12.0(5)',
'12.0(27)',
'12.0(3c)',
'12.0(5)XE5',
'12.0(5)XE',
'12.0(2)XE4',
'12.0(5)XE8',
'12.0(2)XE3',
'12.0(4)XE2',
'12.0(2)XE1',
'12.0(5)XE4',
'12.0(5)XE2',
'12.0(5)XE1',
'12.0(4)XE',
'12.0(2)XE',
'12.0(1)XE',
'12.0(5)XE3',
'12.0(7)XK1',
'12.0(7)XK',
'12.1(8b)E15',
'12.1(8b)E12',
'12.1(6)E',
'12.1(8a)E',
'12.1(5a)E6',
'12.1(5c)E11',
'12.1(8b)E20',
'12.1(7a)E5',
'12.1(6)E8',
'12.1(8b)E9',
'12.1(6)E12',
'12.1(8b)E13',
'12.1(5a)E5',
'12.1(8b)E19',
'12.1(5)YB2',
'12.1(5)YB',
'12.0(1)T',
'12.0(2a)T1',
'12.0(7)T1',
'12.0(2)T',
'12.0(4)T',
'12.0(3)T3',
'12.0(7)T3',
'12.0(1)T1',
'12.0(7)T2',
'12.0(7)T',
'12.0(5)T',
'12.0(3)T',
'12.0(5)T1',
'12.0(3)T2',
'12.0(2)T1',
'12.1(1)T',
'12.1(5)T10',
'12.1(5)T9',
'12.1(3)T',
'12.1(5)T17',
'12.1(5)T15',
'12.1(5)T4',
'12.1(5)T13',
'12.1(5)T8c',
'12.1(2)T',
'12.1(5)T12',
'12.1(5)T7',
'12.1(5)T',
'12.1(5)T8',
'12.1(5)T19',
'12.1(5)T18',
'12.1(5)T5',
'12.1(5c)EX',
'12.1(9)EX',
'12.1(6)EX',
'12.1(5c)EX1',
'12.1(8b)EX4',
'12.1(20)EA1b',
'12.1(22)EA6',
'12.1(9)EA1d',
'12.1(19)EA1b',
'12.1(20)EA2',
'12.1(22)EA4a',
'12.1(8)EA1b',
'12.1(22)EA1a',
'12.1(6)EA2a',
'12.1(20)EA1a',
'12.1(6)EA2',
'12.1(9)EA1a',
'12.1(20)EA1',
'12.1(9)EA1c',
'12.1(6)EA1a',
'12.1(6)EA2b',
'12.1(6)EA2c',
'12.1(19)EA1c',
'12.1(22)EA4',
'12.0(31)SZ2',
'12.2(14)SZ',
'12.2(14)SZ5',
'12.2(14)SZ6',
'12.2(14)SZ3',
'12.2(14)SZ4',
'12.2(14)SZ1',
'12.2(14)SZ2',
'12.2(9)YO',
'12.2(9)YO3',
'12.2(9)YO2',
'12.2(9)YO1',
'12.2(9)YO4',
'12.2(11)YZ',
'12.2(11)YZ1',
'12.2(11)YZ3',
'12.2(11)YZ2',
'12.2(8)ZB',
'12.0(5)XT1',
'12.3(7)XI3a',
'12.2(25)SE',
'12.3(11)YF2',
'12.2(12b)M1',
'12.2(13b)M1',
'12.2(12h)M1',
'12.2(13b)M2',
'12.3(2)JA3',
'12.3(2)JA4',
'12.3(11)JA2',
'12.2(60)EZ16',
'12.3(8)JK',
'12.3(11)JX',
'12.3(7)JX9',
'12.3(11)JX1',
'12.4(11)MD2',
'12.4(23c)JY',
'15.0(1)EY',
'15.0(1)EY2',
'12.3(9)M0',
'12.3(9)M1',
'12.2(27)SBK9',
'15.1(2)SG8a',
'15.0(2)SG11a',
'15.0(2)EX2',
'15.0(2)EX8',
'15.3(2)S',
'15.3(3)S',
'15.3(2)S2',
'15.3(2)S1',
'15.3(3)S1',
'15.3(3)S2',
'15.3(3)S3',
'15.3(3)S6',
'15.3(3)S4',
'15.3(3)S1a',
'15.3(3)S5',
'15.3(3)S2a',
'15.3(3)S7',
'15.3(3)S8',
'15.3(3)S6a',
'15.3(3)S9',
'15.3(3)S10',
'15.3(3)S8a',
'15.4(1)T',
'15.4(2)T',
'15.4(1)T2',
'15.4(1)T1',
'15.4(1)T3',
'15.4(2)T1',
'15.4(2)T3',
'15.4(2)T2',
'15.4(1)T4',
'15.4(2)T4',
'12.4(25e)JAZ1',
'15.2(1)E',
'15.2(2)E',
'15.2(1)E1',
'15.2(3)E',
'15.2(1)E2',
'15.2(1)E3',
'15.2(2)E1',
'15.2(2b)E',
'15.2(4)E',
'15.2(3)E1',
'15.2(2)E2',
'15.2(2a)E1',
'15.2(2)E3',
'15.2(2a)E2',
'15.2(3)E2',
'15.2(3a)E',
'15.2(3)E3',
'15.2(3m)E2',
'15.2(4)E1',
'15.2(2)E4',
'15.2(2)E5',
'15.2(4)E2',
'15.2(4m)E1',
'15.2(3)E4',
'15.2(5)E',
'15.2(3m)E7',
'15.2(4)E3',
'15.2(2)E6',
'15.2(5a)E',
'15.2(5)E1',
'15.2(5b)E',
'15.2(4m)E3',
'15.2(3m)E8',
'15.2(2)E5a',
'15.2(5c)E',
'15.2(3)E5',
'15.2(2)E5b',
'15.2(4n)E2',
'15.2(4o)E2',
'15.2(5a)E1',
'15.2(4)E4',
'15.2(2)E7',
'15.2(5)E2',
'15.2(4p)E1',
'15.2(6)E',
'15.2(5)E2b',
'15.2(4)E5',
'15.2(5)E2c',
'15.2(2)E8',
'15.2(4m)E2',
'15.2(4o)E3',
'15.2(4q)E1',
'15.2(6)E0a',
'15.2(6)E0b',
'15.2(2)E7b',
'15.2(4)E5a',
'15.2(6)E0c',
'15.2(4)E6',
'15.2(2)E9',
'15.2(4s)E1',
'15.2(2)E9a',
'15.2(4s)E2',
'15.1(3)MRA3',
'15.4(1)S',
'15.4(2)S',
'15.4(3)S',
'15.4(1)S1',
'15.4(1)S2',
'15.4(2)S1',
'15.4(1)S3',
'15.4(3)S1',
'15.4(2)S2',
'15.4(3)S2',
'15.4(3)S3',
'15.4(1)S4',
'15.4(2)S3',
'15.4(2)S4',
'15.4(3)S0d',
'15.4(3)S4',
'15.4(3)S0e',
'15.4(3)S5',
'15.4(3)S0f',
'15.4(3)S6',
'15.4(3)S7',
'15.4(3)S6a',
'15.4(3)S8',
'15.4(3)S9',
'15.2(2)SC1',
'15.2(2)SC3',
'15.2(2)SC4',
'15.2(1)EY',
'15.2(1)SY',
'15.2(1)SY1',
'15.2(1)SY0a',
'15.2(1)SY2',
'15.2(2)SY',
'15.2(1)SY1a',
'15.2(2)SY1',
'15.2(2)SY2',
'15.2(1)SY3',
'15.2(1)SY4',
'15.2(2)SY3',
'15.2(1)SY5',
'15.2(1)SY6',
'15.2(1)SY7',
'15.2(5)EX',
'15.4(3)M',
'15.4(3)M1',
'15.4(3)M2',
'15.4(3)M3',
'15.4(3)M4',
'15.4(3)M5',
'15.4(3)M6',
'15.4(3)M7',
'15.4(3)M6a',
'15.4(3)M7a',
'15.4(3)M8',
'15.4(3)M9',
'15.4(3)M10',
'15.2(4)JAZ1',
'15.4(1)CG',
'15.4(1)CG1',
'15.4(2)CG',
'15.5(1)S',
'15.5(2)S',
'15.5(1)S1',
'15.5(3)S',
'15.5(1)S2',
'15.5(1)S3',
'15.5(2)S1',
'15.5(2)S2',
'15.5(3)S1',
'15.5(3)S1a',
'15.5(2)S3',
'15.5(3)S2',
'15.5(3)S0a',
'15.5(3)S3',
'15.5(1)S4',
'15.5(2)S4',
'15.5(3)S4',
'15.5(3)S5',
'15.5(3)S6',
'15.5(3)S6a',
'15.5(3)S7',
'15.5(3)S6b',
'15.5(3)S7a',
'15.5(3)S7b',
'15.1(3)SVG3d',
'15.2(2)EB',
'15.2(2)EB1',
'15.2(2)EB2',
'15.5(1)T',
'15.5(1)T1',
'15.5(2)T',
'15.5(1)T2',
'15.5(1)T3',
'15.5(2)T1',
'15.5(2)T2',
'15.5(2)T3',
'15.5(2)T4',
'15.5(1)T4',
'15.2(2)EA',
'15.2(2)EA1',
'15.2(2)EA2',
'15.2(3)EA',
'15.2(3)EA1',
'15.2(4)EA',
'15.2(4)EA1',
'15.2(2)EA3',
'15.2(4)EA3',
'15.2(5)EA',
'15.2(4)EA4',
'15.2(4)EA2',
'15.2(4)EA5',
'15.2(4a)EA5',
'15.2(4)EA6',
'15.2(4)EA7',
'15.4(2)SN',
'15.4(2)SN1',
'15.4(3)SN1',
'15.4(3)SN1a',
'15.5(3)M',
'15.5(3)M1',
'15.5(3)M0a',
'15.5(3)M2',
'15.5(3)M2a',
'15.5(3)M3',
'15.5(3)M4',
'15.5(3)M4a',
'15.5(3)M5',
'15.5(3)M4b',
'15.5(3)M4c',
'15.5(3)M6',
'15.5(3)M5a',
'15.5(3)M7',
'15.5(3)M6a',
'15.3(3)JAA1',
'15.5(1)SN',
'15.5(1)SN1',
'15.5(2)SN',
'15.5(3)SN0a',
'15.5(3)SN',
'15.0(2)SQD8',
'15.6(1)S',
'15.6(2)S',
'15.6(2)S1',
'15.6(1)S1',
'15.6(1)S2',
'15.6(2)S0a',
'15.6(2)S2',
'15.6(1)S3',
'15.6(2)S3',
'15.6(1)S4',
'15.6(2)S4',
'15.1(3)SVI1b',
'15.6(1)T',
'15.6(2)T',
'15.6(1)T0a',
'15.6(1)T1',
'15.6(2)T1',
'15.6(1)T2',
'15.6(2)T0a',
'15.6(2)T2',
'15.6(1)T3',
'15.6(2)T3',
'15.3(3)JC',
'15.3(3)JC1',
'15.3(3)JC2',
'15.3(3)JC3',
'15.3(3)JC4',
'15.3(3)JC5',
'15.3(3)JC6',
'15.3(3)JC8',
'15.3(3)JC9',
'15.3(3)JC14',
'15.3(1)SY',
'15.3(0)SY',
'15.3(1)SY1',
'15.3(1)SY2',
'15.3(1)SY3',
'15.5(2)XB',
'15.6(2)SP',
'15.6(2)SP1',
'15.6(2)SP2',
'15.6(2)SP3',
'15.6(2)SP4',
'15.6(2)SP3b',
'15.6(2)SP5',
'15.6(1)SN',
'15.6(1)SN1',
'15.6(2)SN',
'15.6(1)SN2',
'15.6(1)SN3',
'15.6(3)SN',
'15.6(4)SN',
'15.6(5)SN',
'15.6(6)SN',
'15.6(7)SN',
'15.6(7)SN1',
'15.3(3)JD',
'15.3(3)JD2',
'15.3(3)JD3',
'15.3(3)JD4',
'15.3(3)JD5',
'15.3(3)JD6',
'15.3(3)JD7',
'15.3(3)JD8',
'15.3(3)JD9',
'15.3(3)JD11',
'15.3(3)JD12',
'15.3(3)JD13',
'15.3(3)JD14',
'15.3(3)JD15',
'15.3(3)JD16',
'15.6(3)M',
'15.6(3)M1',
'15.6(3)M0a',
'15.6(3)M1a',
'15.6(3)M1b',
'15.6(3)M2',
'15.6(3)M2a',
'15.6(3)M3',
'15.6(3)M3a',
'15.6(3)M4',
'15.2(4)EC1',
'15.2(4)EC2',
'15.4(1)SY',
'15.4(1)SY1',
'15.4(1)SY2',
'15.4(1)SY3',
'15.3(3)JE',
'15.5(1)SY',
'15.3(3)JF',
'15.3(3)JF1',
'15.3(3)JF2',
'15.3(3)JF4',
'15.3(3)JF5',
'15.3(3)JF6',
'15.3(3)JF7',
'15.3(3)JF35',
'15.3(3)JF8',
'15.3(3)JF9',
'15.7(3)M',
'15.7(3)M1',
'15.7(3)M0a',
'15.3(3)JG',
'15.3(3)JG1',
'15.3(3)JH',
'15.3(3)JH1',
'15.1(3)SVK4b',
'15.1(3)SVK4c',
'15.1(3)SVO1',
'15.1(3)SVO2',
'15.3(3)JI',
'15.3(3)JI1',
'15.1(3)SVP1'
);
workarounds = make_list(CISCO_WORKAROUNDS['generic_workaround']);
workaround_params = WORKAROUND_CONFIG['show_pnp_profile'];
reporting = make_array(
'port' , product_info['port'],
'severity' , SECURITY_WARNING,
'version' , product_info['version'],
'bug_id' , 'CSCvf36269, CSCvg01089',
'cmds' , make_list('show pnp profile')
);
cisco::check_and_report(
product_info:product_info,
workarounds:workarounds,
workaround_params:workaround_params,
reporting:reporting,
vuln_versions:version_list
);
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
EPSS
Percentile
54.8%