Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4585
Views
0
Helpful
2
Replies

CSCun41202 - Weak CBC mode and weak ciphers should be disabled in SSH server -Nexus 5k Version 7.1(5)N1(1)

anibal.bohme
Level 1
Level 1

‎10-25-2017 01:31 AM - edited ‎03-20-2019 09:39 PM

Hello, does anyone know if new version is still using Weak CBC and Ciphers ?
previous version 7.1(4)N1(1) is still using them.

 

Thank you

6 people had this problem
Labels:
0 Helpful
2 Replies 2

lewislampkin
Level 1
Level 1

‎02-02-2018 06:20 AM

I am unable to confirm that Cisco is even tracking this as an issue on the Nexus 5K series.

 

I believe that customers opening support tickets is one of the main methods for these issues to bubble up to the point of getting fixed. So, I would encourage you to open a support case on the issue. I say this because if you look at the bug IDs, they also indicate the number of associated support cases.

 

All that said, based on review of bugs and release notes, there do not appear to be plans by the vendor to resolve weak SSH algorithms on the Nexus 5500 platform (as of this moment).

 

Bugs:
7000 series and 9000 series [but not the 5500 series]
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCun41202
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvd88370

 

Release notes:
7000 series and 9000 series have a fix for bugs 41202 and 88370, respectively, but the issue is not mentioned in the release notes for the 5500 series.
https://www.cisco.com/c/en/us/td/docs/switches/datacenter/sw/7_x/nx-os/release/notes/7x_nx-os_release_note.html
https://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus9000/sw/7-x/release/notes/70361_nxos_rn.html
https://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus5500/sw/release/notes/7x/Nexus5500_Release_Notes_7x.html

 

Common Vulnerabilities and Exposures:
https://nvd.nist.gov/vuln/detail/CVE-2008-5161

 

Nessus PlugIns:
https://www.tenable.com/plugins/index.php?view=single&id=70658
https://www.tenable.com/plugins/index.php?view=single&id=71049

0 Helpful

michelle040414
Level 1
Level 1
In response to lewislampkin

‎08-11-2020 10:55 PM

Hi,

 

Are this already fixed? Can disable the weak ciphers and CBC on nexus 5k as of today? 

Thank you.

 

Regards,

Michelle

0 Helpful
Customers Also Viewed These Support Documents