Re: CSCur23656

amaresh_22jan · ‎11-22-2017

HI All,

We have router 3925 when scanned with one of tools below are few vulnerabilities we came across for the port 443.

Kindly suggest to fix the below vulnerability.

SSL/TLS use of weak RC4 cipher- port 443

SSLv3 Padding Oracle Attack Information Disclosure Vulnerability (POODLE) -443

SSL Server Has SSLv3 Enabled Vulnerability- 443

SSL/TLS Server supports TLSv1.0- Port 443

SSLv3.0/TLSv1.0 Protocol Weak CBC Mode Server Side Vulnerability (BEAST) – port 443

Leo Laohoo · ‎11-22-2017

All of this you've listed is CSCur23656. The fix is to upgrade the IOS or disable SSLv3.

amaresh_22jan · ‎11-23-2017

Thanks for the update.

Current IOS is Version 15.1(4)M3. So could you suggest us the IOS .

Another thing I wanted to know is if I disable 443 port on the router thus it fix the some vulnerabilities.

Leo Laohoo · ‎11-23-2017

@amaresh_22jan wrote:

Another thing I wanted to know is if I disable 443 port on the router thus it fix the some vulnerabilities.

No it won't. If SSLv3 is not used, then TURN IT OFF.

amaresh_22jan · ‎11-23-2017

So best option is to Upgrade the IOS.

Could you provide me the config to disable the SSLv3 on the router

Router vulnerability