cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1656
Views
0
Helpful
3
Replies
Highlighted
Participant

Suggestion of Vulnerability CVE-2008-5161

We are having the device WS-C3560V2-48PS with 12.2(55)SE12. We are getting the device has vulnerable and the CVE-id is CVE-2008-5161.

 

And we are unable to to disable cbc based ciphers,

 

ip ssh server algorithm encryption aes128-ctr aes192-ctr aes256-ctr

ip ssh client algorithm encryption aes128-ctr aes192-ctr aes256-ctr

Is anybody have same issue and fixed it ?

3 REPLIES 3
Highlighted
Beginner

You're still using old ios in version 12.

 

I have version 15 and it has the command you have, see the image attached.

 

Please mark post that are helpful***

Highlighted
Participant

Is any way to resolve the vulnerability in 12.2 version ?
Highlighted

I suppose not.  From the attachment, I logged in to a switch that has the same version and switch series that you have.  You'll see that the command is not yet supported.

 

You can apply ACL in your VTY lines and just allow certain subnets/IP if you don't have one and not able to upgrade to version 15.x.  This will not solve disabling certain ciphers but will limit SSH access.

Content for Community-Ad