cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1552
Views
0
Helpful
3
Replies

Vulnerability Scanning Mitigation needed

Poo17
Level 1
Level 1

Hello,

 

Can anyone please tell me the solution for mitigating the cisco ASA 5525 vulnerabilities?

FACTOR NAMEISSUE TYPE TITLEISSUE TYPE CODE
Network SecurityCertificate Without Revocation Controltlscert_no_revocation
Network SecurityCertificate Without Revocation Controltlscert_no_revocation
Network SecurityCertificate Lifetime Is Longer Than Best Practicestlscert_excessive_expiration
Network SecurityCertificate Lifetime Is Longer Than Best Practicestlscert_excessive_expiration
Network SecurityCertificate Signed With Weak Algorithmtlscert_weak_signature
Network SecurityCertificate Signed With Weak Algorithmtlscert_weak_signature

 

3 Replies 3

Marvin Rhoads
Hall of Fame
Hall of Fame

If the certificate in question is the identity certificate used by SSL VPN clients, then replace it with a proper certificate issued by a public CA.

Hi Marvin,

 

Thank you for your reply. I am trying to decommission the SSL VPN because that service is not in use anymore. How can I do that?

 

Thank you!

If you want to shut it down, you can just remove the service from the outside interface:

conf t
webvpn
disable outside <assuming that's your public interface name>
end
wr mem

There is more involved to thoroughly clean up the configuration but the first step will remove the certificate from being exposed to the vulnerability scanning.

Review Cisco Networking for a $25 gift card