cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1913
Views
5
Helpful
2
Replies

Cisco ISE 2.7 patch 4 and 5 - port 8084 show TLS 1.1

Based on bug CSCvv49403 Cisco ISE 2.7 patch 3 is not vulnerable and port 8084 for BYOD Android is configured only for TLS 1.2. But after installing patch 4 or patch 5 Nessus scanner again show TLS 1.1.

 

I have 2 questions:

1. If will be fixed it in patch 6 for 2.7?

2. Based on bug CSCvv49403 earlier vulnerability of TLS 1.0 and 1.1 occurs only in ISE 2.6 or 2.7. Could someone confirm if 3.0 is really not vulnerable for this?

 

Thanks and Regards

Pawel

2 Replies 2

Arne Bier
VIP
VIP

Hello @Pawel Przybyszewski 

 

did you check if the setting in ISE was changed ? i.e. the Security checkboxes for TLS 1.0 and TLS 1.1 (where they unticked and Nessus found TLS1.1 open?)

Hello,

Integration Cisco Prime Infrastructure with new WLC 9800 (decommission RTOS) was added but I don't know all details (very basic config). It seems that global settings doesn't disable TLS 1.1 on all services. We don't use BYOD and Android but can't disabling it. Port 8084 is not used and blockeded on firewall as workaround.

BTW. Installing patch 6 for 2.7 doesn't resolve this issue.
 

screen.jpg

Regards

Pawel