cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
configure & troubleshoot anyconnect
1281
Views
0
Helpful
1
Replies
Highlighted
Beginner

CVE-2008-5161 Found.

Dear All we found during VA Testing on below cisco devices which says SSH Server CBC Mode Ciphers Enabled &  SSH Weak MAC Algorithms Enabled(CVE-2008-5161 ) 

Sr.Name

Model NO

IOS ver

1

4500 E

cat4500e-entservicesk9-mz.150-2.SG8.bin

2

WS-C3750G

c3750-ipbasek9-mz.122-58.SE2.bin

3

WS-C3750E

c3750e-universalk9-mz.122-58.SE2.bin"

4

WS-C3560G

c3560-ipbasek9-mz.122-58.SE2.bin"

5

WS-C2960G

c2960-lanbasek9-mz.122-44.SE6.bin"

6

Cisco 3845

c3845-advipservicesk9-mz.124-15.T9.bin"

7

CISCO3945

c3900-universalk9-mz.SPA.150-1.M4.bin"


Can anyone suggest on this!!!! How to resolve these vulnerabilities??

1 REPLY 1
Beginner

Re: CVE-2008-5161 Found.

Do a "show ip ssh" and you will see all the SSH ciphers that are currently available.  

Use the following commands to resist it to only SSH CTR and SHA-1

 

ip ssh server algorithm encryption aes-265-ctr

ip ssh server algorithm encryption mac hmac-sha1

 

After you apply, check the "show ip ssh" again.

 

Hope this helps.