05-10-2021 08:04 PM
Hello,
Can anyone please tell me the solution for mitigating the cisco ASA 5525 vulnerabilities?
FACTOR NAME | ISSUE TYPE TITLE | ISSUE TYPE CODE |
Network Security | Certificate Without Revocation Control | tlscert_no_revocation |
Network Security | Certificate Without Revocation Control | tlscert_no_revocation |
Network Security | Certificate Lifetime Is Longer Than Best Practices | tlscert_excessive_expiration |
Network Security | Certificate Lifetime Is Longer Than Best Practices | tlscert_excessive_expiration |
Network Security | Certificate Signed With Weak Algorithm | tlscert_weak_signature |
Network Security | Certificate Signed With Weak Algorithm | tlscert_weak_signature |
05-10-2021 09:12 PM
If the certificate in question is the identity certificate used by SSL VPN clients, then replace it with a proper certificate issued by a public CA.
05-10-2021 09:22 PM
Hi Marvin,
Thank you for your reply. I am trying to decommission the SSL VPN because that service is not in use anymore. How can I do that?
Thank you!
05-11-2021 01:36 AM
If you want to shut it down, you can just remove the service from the outside interface:
conf t webvpn disable outside <assuming that's your public interface name> end wr mem
There is more involved to thoroughly clean up the configuration but the first step will remove the certificate from being exposed to the vulnerability scanning.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide