https://community.cisco.com/t5/security-analytics/weak-ssl-tls-key-exchange-vulnerability/m-p/5081574#M1049 <P>hello</P><P>everybody i hope your doing well&nbsp;</P><P>i have asked this question many time i need your help in our network infrastructure we have cisco catalyst switch 9200 version 17.6</P><P>we have Qualys scan for vulnerability there is a certain vulnerability that wouldn't go away we have tried some of the solutions that the community suggested but with no avail we have tried the commands to disable or limit but nothing changed , after a while we noticed that only this switch have this problem we noticed the path is different so we took an image from the other c9200 that doesn't show the vulnerability in the scan took the image and installed after we scanned the same vulnerability remained anybody that have faced this issue ?&nbsp;</P><P>please don't suggest rebooting as we have tried also we used commands to disable that and we tried limiting it&nbsp;</P><P>Appreciate your support&nbsp;</P><P>&nbsp;</P> Mon, 29 Apr 2024 06:26:15 GMT mohammedalrawiib 2024-04-29T06:26:15Z https://community.cisco.com/t5/security-analytics/weak-ssl-tls-key-exchange-vulnerability/m-p/5081574#M1049 <P>hello</P><P>everybody i hope your doing well&nbsp;</P><P>i have asked this question many time i need your help in our network infrastructure we have cisco catalyst switch 9200 version 17.6</P><P>we have Qualys scan for vulnerability there is a certain vulnerability that wouldn't go away we have tried some of the solutions that the community suggested but with no avail we have tried the commands to disable or limit but nothing changed , after a while we noticed that only this switch have this problem we noticed the path is different so we took an image from the other c9200 that doesn't show the vulnerability in the scan took the image and installed after we scanned the same vulnerability remained anybody that have faced this issue ?&nbsp;</P><P>please don't suggest rebooting as we have tried also we used commands to disable that and we tried limiting it&nbsp;</P><P>Appreciate your support&nbsp;</P><P>&nbsp;</P> Mon, 29 Apr 2024 06:26:15 GMT https://community.cisco.com/t5/security-analytics/weak-ssl-tls-key-exchange-vulnerability/m-p/5081574#M1049 mohammedalrawiib 2024-04-29T06:26:15Z https://community.cisco.com/t5/security-analytics/weak-ssl-tls-key-exchange-vulnerability/m-p/5082236#M1050 <P>Hey <a href="https://community.cisco.com/t5/user/viewprofilepage/user-id/1657352">@mohammedalrawiib</a> -<BR /><BR />Sorry to hear about that problem with your Catalyst 9200 switch.&nbsp; This Security Analytics forum is focused on the Secure Network Analytics and related product lines.&nbsp; You are far more likely to recieve a helpful response if you ask in one of the forum areas specific to Catalyst switches.&nbsp;&nbsp; I might also suggest to include a better description of what Qualys reports the vulnerability as too.</P> <P>--jg</P> <P>&nbsp;</P> Mon, 29 Apr 2024 13:21:57 GMT https://community.cisco.com/t5/security-analytics/weak-ssl-tls-key-exchange-vulnerability/m-p/5082236#M1050 jamegill 2024-04-29T13:21:57Z https://community.cisco.com/t5/security-analytics/weak-ssl-tls-key-exchange-vulnerability/m-p/5118515#M1058 <P>Dears&nbsp;</P><P>after a while we changed the ssh port number (default is 22) to another port also we blocked 22 port then the vulnerability was removed this is the solution that we found if you have any other solution please let us know would be helpful.</P><P>best regards&nbsp;</P> Tue, 28 May 2024 12:54:10 GMT https://community.cisco.com/t5/security-analytics/weak-ssl-tls-key-exchange-vulnerability/m-p/5118515#M1058 mohammedalrawiib 2024-05-28T12:54:10Z