cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
122
Views
0
Helpful
2
Replies

CSCwc79441 - Remove weak kex algorithms offerred by Netconf SSH

Network713
Level 1
Level 1

A security scan shows this as vulnerable.  Why is the status terminated?  Is there a fix for this?

Cisco Bug: CSCwc79441 - Remove weak kex algorithms offerred by Netconf SSH

Network713_0-1752005196720.png

It is not a duplicate of CSCvz22951, which address removal of cbc for "encryption algorithms". 
CSCwc79441 is to remove sha1 or weak "kex algorithm".

Network713_0-1752098533737.png

 

 

2 Replies 2

Dustin Anderson
VIP Alumni
VIP Alumni

Duplicate bug, so terminated, this is probably what you want.

https://bst.cisco.com/bugsearch/bug/CSCvz22951?rfs=qvlogin 

 

Well, I guess your link is that the cyphers were removed, not the keys. But it was found to not be needed since there would really be no cypher to call those keys.

Thanks Dustin,
However, it is not a duplicate of CSCvz22951, which address removal of cbc for "encryption algorithms". 
CSCwc79441 is to remove sha1 or weak "kex algorithm", there are currently 6 options in kex algorithm Cisco devices can use.