topic CIMC reporting to our Tenable scanner that it is vulnerablity in Network Security https://community.cisco.com/t5/network-security/cimc-reporting-to-our-tenable-scanner-that-it-is-vulnerablity/m-p/5086310#M1111982 <P>We have CIMC reporting to our Tenable scanner that it is vulnerablity to Terrapin Vulnerability. see below :</P> <P>./Terrapin-Scanner&nbsp;Report&nbsp;&nbsp;Remote Banner: SSH-2.0-OpenSSH_8.8 PKIX[13.2.3]</P> <UL> <LI>ChaCha20-Poly1305 support:&nbsp;&nbsp; true</LI> <LI>CBC-EtM support:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; false</LI> <LI>Strict key exchange support: false</LI> <LI>The scanned peer is VULNERABLE to Terrapin.</LI> </UL> <P>I am trying to understand how to view\change the ciphers we are using so they are not vulnerable any longer. Here is what I am seeing is currently enabled.&nbsp;&nbsp;</P> <P><EM><STRONG>servername /cimc/tls-config # show detail</STRONG></EM><BR />TLS Configuration:<BR />&nbsp; TLS Static Cipher Enabled: NA<BR />&nbsp; Configured TLS Version: TLSv1.2, TLSv1.3<BR />&nbsp; TLS Version 1.2 Enabled: yes<BR />&nbsp; TLS Version 1.2 Cipher Mode: High<BR />&nbsp; TLS Version 1.2 Cipher List:&nbsp; ALL:!DH:!EDH:!ADH:!EXP:!EXPORT40:!EXPORT56:!LOW:!MEDIUM:!RC4:!3DES:!SSLv2:!eNULL:!aNULL:!PSK:!SRP:!RSA:+HIGH<BR />&nbsp; TLS Version 1.2 Custom Status: NA<BR />&nbsp; TLS Version 1.3 Cipher Suite: TLS_AES_256_GCM_SHA384:TLS_AES_128_GCM_SHA256</P> Wed, 01 May 2024 17:30:59 GMT silviomanziano 2024-05-01T17:30:59Z CIMC reporting to our Tenable scanner that it is vulnerablity https://community.cisco.com/t5/network-security/cimc-reporting-to-our-tenable-scanner-that-it-is-vulnerablity/m-p/5086310#M1111982 <P>We have CIMC reporting to our Tenable scanner that it is vulnerablity to Terrapin Vulnerability. see below :</P> <P>./Terrapin-Scanner&nbsp;Report&nbsp;&nbsp;Remote Banner: SSH-2.0-OpenSSH_8.8 PKIX[13.2.3]</P> <UL> <LI>ChaCha20-Poly1305 support:&nbsp;&nbsp; true</LI> <LI>CBC-EtM support:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; false</LI> <LI>Strict key exchange support: false</LI> <LI>The scanned peer is VULNERABLE to Terrapin.</LI> </UL> <P>I am trying to understand how to view\change the ciphers we are using so they are not vulnerable any longer. Here is what I am seeing is currently enabled.&nbsp;&nbsp;</P> <P><EM><STRONG>servername /cimc/tls-config # show detail</STRONG></EM><BR />TLS Configuration:<BR />&nbsp; TLS Static Cipher Enabled: NA<BR />&nbsp; Configured TLS Version: TLSv1.2, TLSv1.3<BR />&nbsp; TLS Version 1.2 Enabled: yes<BR />&nbsp; TLS Version 1.2 Cipher Mode: High<BR />&nbsp; TLS Version 1.2 Cipher List:&nbsp; ALL:!DH:!EDH:!ADH:!EXP:!EXPORT40:!EXPORT56:!LOW:!MEDIUM:!RC4:!3DES:!SSLv2:!eNULL:!aNULL:!PSK:!SRP:!RSA:+HIGH<BR />&nbsp; TLS Version 1.2 Custom Status: NA<BR />&nbsp; TLS Version 1.3 Cipher Suite: TLS_AES_256_GCM_SHA384:TLS_AES_128_GCM_SHA256</P> Wed, 01 May 2024 17:30:59 GMT https://community.cisco.com/t5/network-security/cimc-reporting-to-our-tenable-scanner-that-it-is-vulnerablity/m-p/5086310#M1111982 silviomanziano 2024-05-01T17:30:59Z