CSCuy01067
Disabling weak DES ciphers
Symptom:
Cisco Unified Communications Manager includes a version of Security Socket Layer (SSL) protocol
and/or the Transport Layer Security (TLS) protocol which could use the 3DES/CBC ciphers that are
affected by the vulnerability identified ollowing Common
Vulnerability and Exposures (CVE) IDs:
CVE-2011-3389
The potentially vulnerable ciphers identified are:
TLS_RSA_WITH_3DES_EDE_CBC_SHA
TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
TLS_RSA_WITH_AES_128_CBC_SHA *** On by default only till tls 1.2
TLS_DHE_RSA_WITH_AES_128_CBC_SHA *** On by default only till tls 1.2
TLS_RSA_WITH_AES_256_CBC_SHA *** On by default only till tls 1.2
Conditions:
Device with default configuration.
Workaround:
Not currently available.
Further Problem Description:
Additional details about the vulnerabilities listed above can be found at
http://cve.mitre.org/cve/cve.html and https://nvd.nist.gov/vuln/detail/CVE-2011-3389.
Cisco Unified Communications Manager includes a version of Security Socket Layer (SSL) protocol
and/or the Transport Layer Security (TLS) protocol which could use the 3DES/CBC ciphers that are
affected by the vulnerability identified ollowing Common
Vulnerability and Exposures (CVE) IDs:
CVE-2011-3389
The potentially vulnerable ciphers identified are:
TLS_RSA_WITH_3DES_EDE_CBC_SHA
TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
TLS_RSA_WITH_AES_128_CBC_SHA *** On by default only till tls 1.2
TLS_DHE_RSA_WITH_AES_128_CBC_SHA *** On by default only till tls 1.2
TLS_RSA_WITH_AES_256_CBC_SHA *** On by default only till tls 1.2
Conditions:
Device with default configuration.
Workaround:
Not currently available.
Further Problem Description:
Additional details about the vulnerabilities listed above can be found at
http://cve.mitre.org/cve/cve.html and https://nvd.nist.gov/vuln/detail/CVE-2011-3389.
