08-20-2024 10:52 PM
Hi All,
we have run tenable scan and we have Vulnerability in Cisco switch Catalyst 3850 48 Port PoE and we find the some vulnerability given below.
1.Cisco IOS XE Software Command Authorization Bypass (cisco-sa-aaascp-Tyj4fEJm)
2.Telnet Vulnerability Affecting Cisco Products: June 2020 (cisco-sa-telnetd-EFJrEzPx)
3.Ci9.sco IOS XE Software Plug Play Privilege Escalation (cisco-sa-ios-xe-pnp-priv-esc-AmG3kuVL)
4.Cisco IOS XE Software Web UI Cross-Site Request Forgery (cisco-sa-20200108-ios-csrf)
5.Cisco IOS XE Software SSH DoS (cisco-sa-ssh-excpt-dos-FzOBQTnk)
6.Cisco IOS XE Internet Key Exchange Version 2 DoS (cisco-sa-ikev2-9p23Jj2a)
7.Cisco IOS XE Software Command Injection Vulnerability (cisco-sa-20190327-iosxe-cmdinj)
8.Cisco IOS XE Software Consent Token Bypass Vulnerability (cisco-sa-20190925-iosxe-ctbypass)
9.Cisco IOS XE Software Change of Authorization DoS (cisco-sa-20190925-tsec)
10.Cisco IOS XE Software Internet Key Exchange Version 1 Fragmentation DoS (cisco-sa-ikev1-NO2ccFWz)
11.Cisco IOS, IOS XE, and NX-OS Software Security Group Tag Exchange Protocol Denial of Service Vulnerability (cisco-sa-sxp-68TEVzR)
12.Cisco IOS XE Software TrustSec CLI Parser DoS (cisco-sa-trustsec-dos-7fuXDR2)
can anyone help me to fix this issue?
08-20-2024 10:59 PM
@Minato ensure you are running the latest software version for your switch to ensure any vulnerabilities have been resolved - https://software.cisco.com/download/home/284850605/type/282046477/release/Gibraltar-16.12.11
Disable telnet and just use SSH, reconfigure SSH to use only the strongest ciphers. Example https://integratingit.wordpress.com/2023/01/01/securing-ios-xe-ssh/
Refer to the IOS-XE hardening guide to further secure the switch - https://www.cisco.com/c/en/us/support/docs/ios-nx-os-software/ios-xe-16/220270-use-cisco-ios-xe-hardening-guide.html
08-21-2024 02:05 AM
@Minato wrote:
can anyone help me to fix this issue?
Read the Security Bulletin:
1. Either upgrade the firmware of the switch/stack; or
2. Implement the workaround.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide