cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
810
Views
0
Helpful
3
Replies

Vulnerability Scanning Mitigation needed

Poo17
Beginner
Beginner

Hello,

 

Can anyone please tell me the solution for mitigating the cisco ASA 5525 vulnerabilities?

FACTOR NAMEISSUE TYPE TITLEISSUE TYPE CODE
Network SecurityCertificate Without Revocation Controltlscert_no_revocation
Network SecurityCertificate Without Revocation Controltlscert_no_revocation
Network SecurityCertificate Lifetime Is Longer Than Best Practicestlscert_excessive_expiration
Network SecurityCertificate Lifetime Is Longer Than Best Practicestlscert_excessive_expiration
Network SecurityCertificate Signed With Weak Algorithmtlscert_weak_signature
Network SecurityCertificate Signed With Weak Algorithmtlscert_weak_signature

 

3 Replies 3

Marvin Rhoads
VIP Community Legend VIP Community Legend
VIP Community Legend

If the certificate in question is the identity certificate used by SSL VPN clients, then replace it with a proper certificate issued by a public CA.

Hi Marvin,

 

Thank you for your reply. I am trying to decommission the SSL VPN because that service is not in use anymore. How can I do that?

 

Thank you!

Marvin Rhoads
VIP Community Legend VIP Community Legend
VIP Community Legend

If you want to shut it down, you can just remove the service from the outside interface:

conf t
webvpn
disable outside <assuming that's your public interface name>
end
wr mem

There is more involved to thoroughly clean up the configuration but the first step will remove the certificate from being exposed to the vulnerability scanning.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers