cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Ask the Expert- SD-WAN

391
Views
0
Helpful
0
Replies
Highlighted
Beginner

CVE-2004-2761 vulnerability found on 3850 switches and 5508 WLC

I got this vulnerability alert from Kenna security tool.  Does anyone know how to reinstall certificate on a 3850 switch or 5508 WLC? 

 

 

CVE-2004-2761

The MD5 Message-Digest Algorithm is not collision resistant, which makes it easier for context-dependent attackers to conduct spoofing attacks, as demonstrated by attacks on the use of MD5 in the signature algorithm of an X.509 certificate.

Due per Kenna: 5/20/2019

Devices:


10.205.x.x
10.254.x.x
172.25.x.x
10.254.x.x

 

Diagnosis: The remote service uses an SSL certificate chain that has been signed using a cryptographically weak hashing algorithm (e.g. MD2, MD4, MD5, or SHA1). These signature algorithms are known to be vulnerable to collision attacks. An attacker can exploit this to generate another certificate with the same digital signature, allowing an attacker to masquerade as the affected service.

Note that this plugin reports all SSL certificate chains signed with SHA-1 that expire after January 1, 2017 as vulnerable. This is in
accordance with Google's gradual sunsetting of the SHA-1 cryptographic hash algorithm.

See Also:
https://tools.ietf.org/html/rfc3279
http://www.nessus.org/u?e120eea1
http://technet.microsoft.com/en-us/security/advisory/961509

Related CVE IDs:
CVE-2004-2761

Related BugTraq IDs:
11849
33065

Other Security Standard Reference IDs:
OSVDB:45127
OSVDB:45108
OSVDB:45106
CWE:310
CERT:836068

Solution per Kenna: Contact the Certificate Authority to have the certificate reissued.

Everyone's tags (3)