cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
4087
Views
0
Helpful
3
Replies
1 Accepted Solution

Accepted Solutions

Seb Rupik
VIP Alumni
VIP Alumni

Hi there,

All of the SSL/TLS vulnerabilities will be resolved by upgrading the system image to mitigate the applicable CVE numbers.

Specific SSH issues can be resolved by setting the ssl cipher, however old versions of software may not have more secure ciphers available, so the image may need to be upgraded.

The telnet issue can be fixed by enforcing ssh on the VTY:

 

!
line vty 0 15
  transport input ssh
!

 

 

 

The HTTP issue can be resolved with

!
no ip http server
!

 

 

cheers,

Seb.

View solution in original post

3 Replies 3

Seb Rupik
VIP Alumni
VIP Alumni

Hi there,

All of the SSL/TLS vulnerabilities will be resolved by upgrading the system image to mitigate the applicable CVE numbers.

Specific SSH issues can be resolved by setting the ssl cipher, however old versions of software may not have more secure ciphers available, so the image may need to be upgraded.

The telnet issue can be fixed by enforcing ssh on the VTY:

 

!
line vty 0 15
  transport input ssh
!

 

 

 

The HTTP issue can be resolved with

!
no ip http server
!

 

 

cheers,

Seb.

For catalyst 3560x models don't you have to have a contract to download or am I click the wrong area?

Typically yes. 

If you don't have a service contract for any vulnerability you can go via:

https://www.cisco.com/c/en/us/support/web/tsd-cisco-worldwide-contacts.html

 

...and request a fixed software release. I have heard reports that this method works, but also some people saying their request was refused. Just don't make a habit of requesting software without contract!

 

cheers,

Seb.