07-08-2025 01:07 PM - edited 07-09-2025 03:09 PM
A security scan shows this as vulnerable. Why is the status terminated? Is there a fix for this?
Cisco Bug: CSCwc79441 - Remove weak kex algorithms offerred by Netconf SSH
It is not a duplicate of CSCvz22951, which address removal of cbc for "encryption algorithms".
CSCwc79441 is to remove sha1 or weak "kex algorithm".
07-08-2025 02:08 PM - edited 07-08-2025 02:10 PM
Duplicate bug, so terminated, this is probably what you want.
https://bst.cisco.com/bugsearch/bug/CSCvz22951?rfs=qvlogin
Well, I guess your link is that the cyphers were removed, not the keys. But it was found to not be needed since there would really be no cypher to call those keys.
07-09-2025 03:11 PM
Thanks Dustin,
However, it is not a duplicate of CSCvz22951, which address removal of cbc for "encryption algorithms".
CSCwc79441 is to remove sha1 or weak "kex algorithm", there are currently 6 options in kex algorithm Cisco devices can use.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide