cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3792
Views
0
Helpful
3
Replies

Suggestion of Vulnerability CVE-2008-5161

vinayjaiswal
Level 3
Level 3

We are having the device WS-C3560V2-48PS with 12.2(55)SE12. We are getting the device has vulnerable and the CVE-id is CVE-2008-5161.

 

And we are unable to to disable cbc based ciphers,

 

ip ssh server algorithm encryption aes128-ctr aes192-ctr aes256-ctr

ip ssh client algorithm encryption aes128-ctr aes192-ctr aes256-ctr

Is anybody have same issue and fixed it ?

3 Replies 3

superego
Level 1
Level 1

You're still using old ios in version 12.

 

I have version 15 and it has the command you have, see the image attached.

 

Please mark post that are helpful***

vinayjaiswal
Level 3
Level 3
Is any way to resolve the vulnerability in 12.2 version ?

I suppose not.  From the attachment, I logged in to a switch that has the same version and switch series that you have.  You'll see that the command is not yet supported.

 

You can apply ACL in your VTY lines and just allow certain subnets/IP if you don't have one and not able to upgrade to version 15.x.  This will not solve disabling certain ciphers but will limit SSH access.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco