02-08-2010 03:14 AM - edited 03-11-2019 10:06 AM
Hi all:
Executing a Vulnerability Assessment in an ASA 5510, it has detected a "SSL / TLS Renegotiation Handshakes MiTM Plaintext Data Injection". As a recommendation, it suggest to contact the supplier to find any patch. As of now, we couldn't find any patch.
Could you please help us?
IOS ver is Cisco Adaptive Security Appliance Software Version 8.0(3)6
asa803-6-k8.bin
Thanks
02-08-2010 04:43 AM
Download the latest ASA code and disable SSH V1 on your ASA.
It should fix it (if there is any issue in the first place)!
Regards
Farrukh
02-08-2010 06:57 AM
This is the one you are talking about: http://www.cisco.com/warp/public/707/cisco-sa-20080604-asa.shtml
fixed in 8.0.3(9) and on.
You can download the code here: http://tools.cisco.com/support/downloads/go/Redirect.x?mdfid=268438162
-KS
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide