10-25-2017 01:31 AM - edited 03-20-2019 09:39 PM
Hello, does anyone know if new version is still using Weak CBC and Ciphers ?
previous version 7.1(4)N1(1) is still using them.
Thank you
02-02-2018 06:20 AM
I am unable to confirm that Cisco is even tracking this as an issue on the Nexus 5K series.
I believe that customers opening support tickets is one of the main methods for these issues to bubble up to the point of getting fixed. So, I would encourage you to open a support case on the issue. I say this because if you look at the bug IDs, they also indicate the number of associated support cases.
All that said, based on review of bugs and release notes, there do not appear to be plans by the vendor to resolve weak SSH algorithms on the Nexus 5500 platform (as of this moment).
Bugs:
7000 series and 9000 series [but not the 5500 series]
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCun41202
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvd88370
Release notes:
7000 series and 9000 series have a fix for bugs 41202 and 88370, respectively, but the issue is not mentioned in the release notes for the 5500 series.
https://www.cisco.com/c/en/us/td/docs/switches/datacenter/sw/7_x/nx-os/release/notes/7x_nx-os_release_note.html
https://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus9000/sw/7-x/release/notes/70361_nxos_rn.html
https://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus5500/sw/release/notes/7x/Nexus5500_Release_Notes_7x.html
Common Vulnerabilities and Exposures:
https://nvd.nist.gov/vuln/detail/CVE-2008-5161
Nessus PlugIns:
https://www.tenable.com/plugins/index.php?view=single&id=70658
https://www.tenable.com/plugins/index.php?view=single&id=71049
08-11-2020 10:55 PM
Hi,
Are this already fixed? Can disable the weak ciphers and CBC on nexus 5k as of today?
Thank you.
Regards,
Michelle
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide