04-27-2017 02:03 AM - edited 03-17-2019 10:10 AM
Hi Team,
Our client ordered penetration test, and as a feedback they got recommendation on the Cisco UCS BE6K server "The remote SSH server is configured to allow weak encryption algorithms or no algorithm at all".
Please review the below mentioned updates which we got from the penetration test team.
Is there any way by which we can change the algorithms used between SSH server and client ?.
Thanks & Regards
Nithin Louis.
Vulnerability Name | Vulnerability Impact | SOLUTION | Additional Information |
SSH Weak Algorithms Supported | The remote SSH server is configured to allow weak encryption algorithms or no algorithm at all. | Contact the vendor or consult product documentation to remove the weak ciphers. | The following weak server-to-client encryption algorithms are supported : arcfour arcfour128 arcfour256 The following weak client-to-server encryption algorithms are supported : arcfour arcfour128 arcfour256 |
Solved! Go to Solution.
04-27-2017 02:50 AM
Have a look at below bug
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCur26594/?referring_site=bugquickviewredir
04-27-2017 02:24 AM
SSH on Cisco BE6K
You mean ssh to CIMC or ESXi or CUCM ?
04-27-2017 02:39 AM
Hi Haris,
Thanks for your reply.
I mean SSH to CUCM.....
Regards
Nithin Louis.
04-27-2017 02:48 AM
Can you get the CVE Number for this Vulnerability.
04-27-2017 02:50 AM
Have a look at below bug
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCur26594/?referring_site=bugquickviewredir
04-27-2017 02:58 AM
Hi Haris,
Thanks for your quick response.
As per this doc there is no workaround for this issue.
04-27-2017 03:06 AM
As per the Bug only option to fix this vulnerability is to upgrade to fixed Version of CUCM.
Product: |
(3)
|
Known Affected Releases: |
(2)
|
Known Fixed Releases: |
(6)
|
04-27-2017 02:54 AM
Hi Haris,
Please review the below updates which we got from the Vulnerability test for the BE6K server.
Thanks & Regards
Nithin
|
S.No |
Affected IPs |
Vulnerability Name |
Vulnerability Impact |
Affected Port |
CVSS Base Score |
CVSS ID |
Severity |
|
SOLUTION |
Additional Information |
UCM |
4511 |
172.16.175.11 |
SSH Weak Algorithms Supported |
The remote SSH server is configured to allow weak encryption algorithms or no algorithm at all. |
22 |
4.3 |
- |
Medium |
Pending |
Contact the vendor or consult product documentation to remove the weak ciphers. |
|
04-27-2017 03:03 AM
Try to get the Exact CVE Number from the audit team that will help to narrow down the Issue.
Also have a look at below bugs
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCuy51220/?referring_site=bugquickviewredir
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide