Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4328
Views
0
Helpful
3
Replies

Suggestion of Vulnerability CVE-2008-5161

vinayjaiswal
Level 3
Level 3

‎11-21-2018 09:32 AM

We are having the device WS-C3560V2-48PS with 12.2(55)SE12. We are getting the device has vulnerable and the CVE-id is CVE-2008-5161.

 

And we are unable to to disable cbc based ciphers,

 

ip ssh server algorithm encryption aes128-ctr aes192-ctr aes256-ctr

ip ssh client algorithm encryption aes128-ctr aes192-ctr aes256-ctr

Is anybody have same issue and fixed it ?

1 person had this problem
Labels:
0 Helpful
3 Replies 3

superego
Level 1
Level 1

‎11-21-2018 11:18 AM

You're still using old ios in version 12.

 

I have version 15 and it has the command you have, see the image attached.

 

Please mark post that are helpful***

Preview file
28 KB
0 Helpful

vinayjaiswal
Level 3
Level 3

‎11-21-2018 07:53 PM

Is any way to resolve the vulnerability in 12.2 version ?
0 Helpful

superego
Level 1
Level 1
In response to vinayjaiswal

‎11-22-2018 05:47 AM

I suppose not.  From the attachment, I logged in to a switch that has the same version and switch series that you have.  You'll see that the command is not yet supported.

 

You can apply ACL in your VTY lines and just allow certain subnets/IP if you don't have one and not able to upgrade to version 15.x.  This will not solve disabling certain ciphers but will limit SSH access.

Preview file
35 KB
0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card