Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1552
Views
0
Helpful
3
Replies

Vulnerability Scanning Mitigation needed

Poo17
Level 1
Level 1

‎05-10-2021 08:04 PM

Hello,

 

Can anyone please tell me the solution for mitigating the cisco ASA 5525 vulnerabilities?

FACTOR NAMEISSUE TYPE TITLEISSUE TYPE CODE
Network SecurityCertificate Without Revocation Controltlscert_no_revocation
Network SecurityCertificate Without Revocation Controltlscert_no_revocation
Network SecurityCertificate Lifetime Is Longer Than Best Practicestlscert_excessive_expiration
Network SecurityCertificate Lifetime Is Longer Than Best Practicestlscert_excessive_expiration
Network SecurityCertificate Signed With Weak Algorithmtlscert_weak_signature
Network SecurityCertificate Signed With Weak Algorithmtlscert_weak_signature

 

0 Helpful
3 Replies 3

Marvin Rhoads
Hall of Fame
Hall of Fame

‎05-10-2021 09:12 PM

If the certificate in question is the identity certificate used by SSL VPN clients, then replace it with a proper certificate issued by a public CA.

0 Helpful

Poo17
Level 1
Level 1
In response to Marvin Rhoads

‎05-10-2021 09:22 PM

Hi Marvin,

 

Thank you for your reply. I am trying to decommission the SSL VPN because that service is not in use anymore. How can I do that?

 

Thank you!

0 Helpful

Marvin Rhoads
Hall of Fame
Hall of Fame
In response to Poo17

‎05-11-2021 01:36 AM

If you want to shut it down, you can just remove the service from the outside interface:

conf t
webvpn
disable outside <assuming that's your public interface name>
end
wr mem

There is more involved to thoroughly clean up the configuration but the first step will remove the certificate from being exposed to the vulnerability scanning.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card