cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2695
Views
5
Helpful
3
Replies

Cisco Prime Infrastucture vulnerability SSL RC4 Cipher Suites Supported

Freemen
Beginner
Beginner

Hi All,

I have a question on how to disable RC4 Cipher Suites Supported on Cisco Prime Infrastructure Platform.

My Client have use Nessus Software to scan on prime. and found on below vulnerability

SSL RC4 Cipher Suites Supported

Cisco prime infrastructure deploy on latest 2.1

we have gain the root access and modifier the ssl.conf and restart the service also unable to solve.

/opt/CSCOlumos/httpd/ssl/backup/ssl.conf

/opt/CSCOlumos/httpd/ssl/ssl.conf

C:\Program Files\Tenable\Nessus>nessuscmd -v -p 443 -i 21643 192.168.1.55
Starting nessuscmd 5.2.7
Scanning '192.168.1.55'...

 

Host 192.168.1.55 is up
Discovered open port https (443/tcp) on 192.168.1.55
[i] Plugin 21643 reported a result on port https (443/tcp) of 192.168.1.55
+ Results found on 192.168.1.55 :
   - Port https (443/tcp) is open
     [i] Plugin ID 21643
      | Here is the list of SSL ciphers supported by the remote server :
      | Each group is reported per SSL Version.
      | SSL Version : TLSv1
      |   Medium Strength Ciphers (>= 56-bit and < 112-bit key)
      |       DES-CBC-SHA                  Kx=RSA         Au=RSA      Enc=DES-C
      | C(56)          Mac=SHA1
      .....
      |       RC4-MD5                      Kx=RSA         Au=RSA      Enc=RC4(1
      | 8)             Mac=MD5
      |       RC4-SHA                      Kx=RSA         Au=RSA      Enc=RC4(1
      | 8)             Mac=SHA1
      |
      | SSL Version : SSLv3
      |   Medium Strength Ciphers (>= 56-bit and < 112-bit key)
      |       DES-CBC-SHA                  Kx=RSA         Au=RSA      Enc=DES-C
      | C(56)          Mac=SHA1
      |       DES-CBC-SHA                  Kx=RSA         Au=RSA      Enc=DES-C
      | C(56)          Mac=SHA1
      |   High Strength Ciphers (>= 112-bit key)
      |       EDH-RSA-DES-CBC3-SHA         Kx=DH          Au=RSA      Enc=3DES(
      | 68)            Mac=SHA1
      ....
      |       RC4-MD5                      Kx=RSA         Au=RSA      Enc=RC4(1
      | 8)             Mac=MD5
      |       RC4-SHA                      Kx=RSA         Au=RSA      Enc=RC4(1
      | 8)             Mac=SHA1
      | The fields above are :

 

1 Accepted Solution

Accepted Solutions

AFROJ AHMAD
Cisco Employee
Cisco Employee

Hi ,

 

"SSL RC4 Cipher Suites Supported" has been documented in bug CSCum03709. 

CSCum03709    PI 2.0.0.0.294 with SSH vulnerabilities

Presently, there is no workaround for this vulnerability, however, the fix will be implemented in
Prime Infrastructure 2.2.which is planned to be released around the end of this year ( tentative)

 

Thanks-

Afroz

***Ratings Encourages Contributors ***

Thanks- Afroz [Do rate the useful post] ****Ratings Encourages Contributors ****

View solution in original post

3 Replies 3

AFROJ AHMAD
Cisco Employee
Cisco Employee

Hi ,

 

"SSL RC4 Cipher Suites Supported" has been documented in bug CSCum03709. 

CSCum03709    PI 2.0.0.0.294 with SSH vulnerabilities

Presently, there is no workaround for this vulnerability, however, the fix will be implemented in
Prime Infrastructure 2.2.which is planned to be released around the end of this year ( tentative)

 

Thanks-

Afroz

***Ratings Encourages Contributors ***

Thanks- Afroz [Do rate the useful post] ****Ratings Encourages Contributors ****

Hi Afroz,

5 Star savior:) Thanks for great information.

 

Regards,

Zhan Hua

Jim Mackley
Beginner
Beginner

We are on 8.1 and an audit scan found this vulnerability.  What was the fix in 2.2?

They would like us to disable RC4. 

From Auditors:

A Security survey conducted for the use of SNMP, SSL and RC4. 

If your application is currently using RC4 to protect sensitive data (not just PCI), please let me know of your plans to disable RC4

Any other options other than RC4, SNMP or SSL for Cisco Prime?

Thanks!

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: