Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2396
Views
0
Helpful
2
Replies

Vulnerabilities on Cisco ASA 5510 and Cisco Router 2811

Rigel Daykel Silva Arguinzones
Level 1
Level 1

‎05-24-2012 08:08 AM - edited ‎03-11-2019 04:11 PM

Hi all,

     I need your help in the next: One customer report to me vulnerabilities in the his Cisco ASA and Cisco 2811 and the vulnerabilities is this.

     1- OS Identification (Router). Synopsis: It is possible to guess the remote operating system. Description: Using a combination of remote probes (TCP/IP, SMB, HTTP, NTP, SNMP, etc...) it is possible to guess the name of the remote operating system use, and sometimes its version

     2- Device Type (Router). Synopsis: It is possible to guess the remote device type. Description: Based on the remote operating system, it is possible to determine what the remote system type is (eg: a printer, router, etc).

     3-Common Platform Enumeration (Router). Synopsis: It is possible to enumerate CPE names that matches on the remote system. Description: By using information obteined from a Nessus scan, this plugin reports CPE (Common Platform Enumeration) matches for various hardware and software products found on a host. See also: http://cpe.mitre.org/

     4- SSL Medium Streght Cipher Suites Supported (Router & ASA). Synopsis: The remote service supports the use of medium strenght SSL ciphers. Description: The remote host supports the use of SSL ciphers that offer medium strength encryption, which we currently regard as those with key lengths at least 56 bits and less than 112 bits.

The Router is connected with isp for internet service only, and the ASA give vpn service, dmz service, policies, and be connected directly with the router by outside interface. The router IOS is c2800nm-advipservicesk9-mz.124-25f.bin, and ASA version 8.2 (5).

So my question is, how I can mitigate this vulnerabilities.? Is possible do it.? What you recommend me.?

Thanks so much for read me,

Labels:
0 Helpful
2 Replies 2

Tagir Temirgaliyev
Spotlight
Spotlight

‎05-31-2012 10:15 PM

Hi

I do recommend you do nothing.

you dont need to mitigate this vulnerabilities.

even if somebody knows os is  ASA version 8.2 (5) so still can not get inside

provided that is correctly configured

0 Helpful

Rigel Daykel Silva Arguinzones
Level 1
Level 1
In response to Tagir Temirgaliyev

‎06-01-2012 01:00 PM

Hi, thanks for your answer, but how I can mitigate the vulnerabilities of the router.?

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card