01-22-2019 05:56 AM - edited 03-10-2019 01:09 AM
I have scanned my network and I am having a time trying to find the mitigations for these issues:
Mitigating these is would be helpful. Thank you,
Solved! Go to Solution.
01-22-2019 06:04 AM
Hi there,
All of the SSL/TLS vulnerabilities will be resolved by upgrading the system image to mitigate the applicable CVE numbers.
Specific SSH issues can be resolved by setting the ssl cipher, however old versions of software may not have more secure ciphers available, so the image may need to be upgraded.
The telnet issue can be fixed by enforcing ssh on the VTY:
! line vty 0 15 transport input ssh !
The HTTP issue can be resolved with
! no ip http server !
cheers,
Seb.
01-22-2019 06:04 AM
Hi there,
All of the SSL/TLS vulnerabilities will be resolved by upgrading the system image to mitigate the applicable CVE numbers.
Specific SSH issues can be resolved by setting the ssl cipher, however old versions of software may not have more secure ciphers available, so the image may need to be upgraded.
The telnet issue can be fixed by enforcing ssh on the VTY:
! line vty 0 15 transport input ssh !
The HTTP issue can be resolved with
! no ip http server !
cheers,
Seb.
01-22-2019 11:12 AM
For catalyst 3560x models don't you have to have a contract to download or am I click the wrong area?
01-22-2019 01:25 PM
Typically yes.
If you don't have a service contract for any vulnerability you can go via:
https://www.cisco.com/c/en/us/support/web/tsd-cisco-worldwide-contacts.html
...and request a fixed software release. I have heard reports that this method works, but also some people saying their request was refused. Just don't make a habit of requesting software without contract!
cheers,
Seb.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: