cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
471
Views
1
Helpful
2
Replies

Cisco switch Catalyst 3850 48 Port PoE - Vulnerability

Minato
Level 1
Level 1

Hi All,

we have run tenable scan and we have Vulnerability in Cisco switch Catalyst 3850 48 Port PoE and we find the some vulnerability given below.

1.Cisco IOS XE Software Command Authorization Bypass (cisco-sa-aaascp-Tyj4fEJm)

2.Telnet Vulnerability Affecting Cisco Products: June 2020 (cisco-sa-telnetd-EFJrEzPx)

3.Ci9.sco IOS XE Software Plug Play Privilege Escalation (cisco-sa-ios-xe-pnp-priv-esc-AmG3kuVL)

4.Cisco IOS XE Software Web UI Cross-Site Request Forgery (cisco-sa-20200108-ios-csrf)

5.Cisco IOS XE Software SSH DoS (cisco-sa-ssh-excpt-dos-FzOBQTnk)

6.Cisco IOS XE Internet Key Exchange Version 2 DoS (cisco-sa-ikev2-9p23Jj2a)

7.Cisco IOS XE Software Command Injection Vulnerability (cisco-sa-20190327-iosxe-cmdinj)

8.Cisco IOS XE Software Consent Token Bypass Vulnerability (cisco-sa-20190925-iosxe-ctbypass)

9.Cisco IOS XE Software Change of Authorization DoS (cisco-sa-20190925-tsec)

10.Cisco IOS XE Software Internet Key Exchange Version 1 Fragmentation DoS (cisco-sa-ikev1-NO2ccFWz)

11.Cisco IOS, IOS XE, and NX-OS Software Security Group Tag Exchange Protocol Denial of Service Vulnerability (cisco-sa-sxp-68TEVzR)

12.Cisco IOS XE Software TrustSec CLI Parser DoS (cisco-sa-trustsec-dos-7fuXDR2)

 

can anyone help me to fix this issue?

 

 

 

2 Replies 2

@Minato ensure you are running the latest software version for your switch to ensure any vulnerabilities have been resolved - https://software.cisco.com/download/home/284850605/type/282046477/release/Gibraltar-16.12.11

Disable telnet and just use SSH, reconfigure SSH to use only the strongest ciphers. Example https://integratingit.wordpress.com/2023/01/01/securing-ios-xe-ssh/

Refer to the IOS-XE hardening guide to further secure the switch - https://www.cisco.com/c/en/us/support/docs/ios-nx-os-software/ios-xe-16/220270-use-cisco-ios-xe-hardening-guide.html

 

Leo Laohoo
Hall of Fame
Hall of Fame

@Minato wrote:
can anyone help me to fix this issue?

Read the Security Bulletin: 

1.  Either upgrade the firmware of the switch/stack; or

2.  Implement the workaround.

Review Cisco Networking for a $25 gift card