Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4465
Views
0
Helpful
1
Replies

CVE-2008-5161 Found.

shrinad146
Level 1
Level 1

‎02-11-2016 12:52 AM - edited ‎03-10-2019 12:35 AM

Dear All we found during VA Testing on below cisco devices which says SSH Server CBC Mode Ciphers Enabled &  SSH Weak MAC Algorithms Enabled(CVE-2008-5161 ) 

Sr.Name

Model NO

IOS ver

1

4500 E

cat4500e-entservicesk9-mz.150-2.SG8.bin

2

WS-C3750G

c3750-ipbasek9-mz.122-58.SE2.bin

3

WS-C3750E

c3750e-universalk9-mz.122-58.SE2.bin"

4

WS-C3560G

c3560-ipbasek9-mz.122-58.SE2.bin"

5

WS-C2960G

c2960-lanbasek9-mz.122-44.SE6.bin"

6

Cisco 3845

c3845-advipservicesk9-mz.124-15.T9.bin"

7

CISCO3945

c3900-universalk9-mz.SPA.150-1.M4.bin"


Can anyone suggest on this!!!! How to resolve these vulnerabilities??

14 people had this problem
Labels:
0 Helpful
1 Reply 1

brian1377
Level 1
Level 1

‎06-03-2019 11:10 AM - edited ‎06-03-2019 11:12 AM

Do a "show ip ssh" and you will see all the SSH ciphers that are currently available.  

Use the following commands to resist it to only SSH CTR and SHA-1

 

ip ssh server algorithm encryption aes-265-ctr

ip ssh server algorithm encryption mac hmac-sha1

 

After you apply, check the "show ip ssh" again.

 

Hope this helps.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents