Hi Experts,
Good Day!
I would like to seek for your assistance how to mitigate some vulnerabilities in my ASA with CX. I perform vulnerability test using Qualys into my ASA with CX and it hit me with a vulnerability named "TCP Sequence Number Approximation Based on Denial-of-Service". I did some research and I found out that most of the time BGP is prone to this vulnerability but my ASA is not running BGP protocol however, my ASA is just a pass-through for BGP peering of the Catalysts. Is that the reason why my Qualys detected it?
The thing is based on the documentation of this vulnerability, as a workaround I configured MD5 authentication for BGP peering in my switches and I ran again a VA scan and still the vulnerability is still there. I read thoroughly the vulnerability document and besides from the BGP protocol, Window Scaling is also part of this vulnerability which I configured for me to enhanced throughput.
Please help if one of you knows Qualys and how to mitigate this vulnerability.
Thanks,
Cheers,
Niks