Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
887
Views
0
Helpful
2
Replies

Cisco IPS sensor weak cipher

vivekdodkade1
Level 1
Level 1

‎08-01-2017 10:40 PM - edited ‎03-10-2019 06:53 AM

Hi Team,

        My question is how to disable weak ciphers in Cisco IPS sensor model IPS-4260-K9 version 7.1(8)E4.

        Vulnerability ID is CVE-2013-2566.

        I tried  many search options but not able to get any solution on this.

        Help me to resolve the same.

Regards,

Vivek

Labels:
0 Helpful
2 Replies 2

Marvin Rhoads
Hall of Fame
Hall of Fame

‎08-02-2017 12:02 AM

A 30 second google search for "cve-2013-2566 cisco ips" shows this bugID as the first hit:

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCuh53612/

Per the bugID, the workaround is as follows:

Workaround:
Disable RC4 ciphers or upgrade to 7.2.1. Delete following lines from tls.conf file under cd
/usr/cids/idsRoot/etc

TLS_RSA_WITH_RC4_128_SHA=3
TLS_RSA_WITH_RC4_128_MD5=4

0 Helpful

Karsten Iwen
VIP
VIP

‎08-02-2017 12:12 AM

You are running a software from October 2013and RC4 was still quite common that time. I don't expect that it will help, but at least you could update to 7.1(11) software from December 2015.

But your platform is completely outdated and has reached the end of it's practical life some time ago. You should just move on and replace the device with a Firepower IPS.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card