Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
138
Views
0
Helpful
2
Replies

CSCwc79441 - Remove weak kex algorithms offerred by Netconf SSH

Network713
Level 1
Level 1

‎07-08-2025 01:07 PM - edited ‎07-09-2025 03:09 PM

A security scan shows this as vulnerable.  Why is the status terminated?  Is there a fix for this?

Cisco Bug: CSCwc79441 - Remove weak kex algorithms offerred by Netconf SSH

Network713_0-1752005196720.png

It is not a duplicate of CSCvz22951, which address removal of cbc for "encryption algorithms". 
CSCwc79441 is to remove sha1 or weak "kex algorithm".

Network713_0-1752098533737.png

 

 

Labels:
0 Helpful
2 Replies 2

Dustin Anderson
VIP Alumni
VIP Alumni

‎07-08-2025 02:08 PM - edited ‎07-08-2025 02:10 PM

Duplicate bug, so terminated, this is probably what you want.

https://bst.cisco.com/bugsearch/bug/CSCvz22951?rfs=qvlogin 

 

Well, I guess your link is that the cyphers were removed, not the keys. But it was found to not be needed since there would really be no cypher to call those keys.

0 Helpful

Network713
Level 1
Level 1
In response to Dustin Anderson

‎07-09-2025 03:11 PM

Thanks Dustin,
However, it is not a duplicate of CSCvz22951, which address removal of cbc for "encryption algorithms". 
CSCwc79441 is to remove sha1 or weak "kex algorithm", there are currently 6 options in kex algorithm Cisco devices can use.

0 Helpful
Customers Also Viewed These Support Documents