Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1713
Views
5
Helpful
2
Replies

Cisco ISE 2.7 patch 4 and 5 - port 8084 show TLS 1.1

Pawel Przybyszewski
Level 1
Level 1

‎09-28-2021 10:40 PM

Based on bug CSCvv49403 Cisco ISE 2.7 patch 3 is not vulnerable and port 8084 for BYOD Android is configured only for TLS 1.2. But after installing patch 4 or patch 5 Nessus scanner again show TLS 1.1.

 

I have 2 questions:

1. If will be fixed it in patch 6 for 2.7?

2. Based on bug CSCvv49403 earlier vulnerability of TLS 1.0 and 1.1 occurs only in ISE 2.6 or 2.7. Could someone confirm if 3.0 is really not vulnerable for this?

 

Thanks and Regards

Pawel

2 Replies 2

Arne Bier
VIP
VIP

‎12-16-2021 02:09 PM

Hello @Pawel Przybyszewski 

 

did you check if the setting in ISE was changed ? i.e. the Security checkboxes for TLS 1.0 and TLS 1.1 (where they unticked and Nessus found TLS1.1 open?)

0 Helpful

Pawel Przybyszewski
Level 1
Level 1
In response to Arne Bier

‎12-17-2021 04:40 AM - edited ‎12-17-2021 04:43 AM

Hello,

Integration Cisco Prime Infrastructure with new WLC 9800 (decommission RTOS) was added but I don't know all details (very basic config). It seems that global settings doesn't disable TLS 1.1 on all services. We don't use BYOD and Android but can't disabling it. Port 8084 is not used and blockeded on firewall as workaround.

BTW. Installing patch 6 for 2.7 doesn't resolve this issue.
 

screen.jpg

Regards

Pawel

0 Helpful
Customers Also Viewed These Support Documents