06-10-2019 03:51 AM
Dear All ,
As result of PCI , I have to address vulnerabilities related to cucm , cuc and ccx as listed below
1- OpenSSH < 7.0 Multiple Vulnerabilities :-
OpenSSH contains a vulnerability which can allow a remote attacker to bypass the XSECURITY restrictions when forwarding X11 connections by making use of an ineffective
timeout check.
need to upgrade to ssh >7
2- Triple DES Birthday Attack Vulnerability (Sweet32) :-
The Triple-DES cipher algorithm contains a vulnerability which can allow an attacker to recover secure HTTP cookies when performing a man-in-the-middle attack.
need to Disable Triple-DES Ciphers on the system
please let me know how to fix those two vulnerabilities
cucm ver 12.0.1
thanks
06-10-2019 07:01 AM
06-10-2019 11:20 PM
Thanks Jonathan for your reply.
The CVE of the first vulnerability is CVE-2015-5352 and recorded in non-Cisco product
https://tools.cisco.com/security/center/viewAlert.x?alertId=41120
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5352
However in PCI scan report it shows in cisco unity and as attached.
06-10-2019 11:20 PM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide