09-14-2023 03:13 PM
I have Qualys scan in the environment and it pickups the following with Cisco ISE 3.0 patch-5, 3.1 patch-7, and 3.2 patch 3:
TCP Sequence Number Approximation Based Denial of Service (QID 82054)
https://success.qualys.com/support/s/article/000002879
Anyone know to remediate this or is it just a false positive? I am seeing on both the ISE interface and the CMIC interface.
TIA
09-14-2023 06:08 PM
In your Qualys report, what is the affected TCP port for ISE application, and for the CIMC? TCP/443?
I can't really follow/understand their understanding (have you made sense of it?), and it would have been nice if this was part of a published CVE to get another perspective.
09-15-2023 03:31 AM
@Arne Bier: Yes, only on port 443 in the Qualys report. FWIW, it also flagged my Ubuntu Linux (Welcome to Ubuntu 22.04.3 LTS (GNU/Linux 5.15.0-83-generic x86_64) that is running the latest stable version and stable kernel. My understand is that this might be an issue with BGP routing protocol (mitigate by using md5 authentication) but the connection for https is so short-lived that it should not even matter.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide