CSCun41202 - Weak CBC mode and weak ciphers should be disabled in SSH server -Nexus 5k Version 7.1(5...

anibal.bohme · ‎10-25-2017

Hello, does anyone know if new version is still using Weak CBC and Ciphers ?
previous version 7.1(4)N1(1) is still using them.

Thank you

lewislampkin · ‎02-02-2018

I am unable to confirm that Cisco is even tracking this as an issue on the Nexus 5K series.

I believe that customers opening support tickets is one of the main methods for these issues to bubble up to the point of getting fixed. So, I would encourage you to open a support case on the issue. I say this because if you look at the bug IDs, they also indicate the number of associated support cases.

All that said, based on review of bugs and release notes, there do not appear to be plans by the vendor to resolve weak SSH algorithms on the Nexus 5500 platform (as of this moment).

Bugs:
7000 series and 9000 series [but not the 5500 series]
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCun41202
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvd88370

Release notes:
7000 series and 9000 series have a fix for bugs 41202 and 88370, respectively, but the issue is not mentioned in the release notes for the 5500 series.
https://www.cisco.com/c/en/us/td/docs/switches/datacenter/sw/7_x/nx-os/release/notes/7x_nx-os_release_note.html
https://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus9000/sw/7-x/release/notes/70361_nxos_rn.html
https://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus5500/sw/release/notes/7x/Nexus5500_Release_Notes_7x.html

Common Vulnerabilities and Exposures:
https://nvd.nist.gov/vuln/detail/CVE-2008-5161

Nessus PlugIns:
https://www.tenable.com/plugins/index.php?view=single&id=70658
https://www.tenable.com/plugins/index.php?view=single&id=71049