Yes Marvin..I am aware of

tushar_bangia · ‎06-28-2017

Hey Folks,

We have ran a VA scan on TG and there are couple of glaring SSL Vulnerabilities found on TG appliance.

42873 - SSL Medium Strength Cipher Suites Supported

94437 - SSL 64-bit Block Size Cipher Suites Supported (SWEET32)

Can any suggest the folder/path where we can make the changes in TG root to fix them.

Marvin Rhoads · ‎06-29-2017

The only supported way to patch the vulnerabilities is to apply the updates from Cisco that resolves them (when one is available).

Are you running the latest software version (2.2.3)?

tushar_bangia · ‎07-02-2017

Thanks Marvin..wanted to know if we can have root access fix the vulnerabilities such as SSH version 1 or disable weak Ciphers??

I will check the version and would upgrade if it is not running on the latest version.

Marvin Rhoads · ‎07-03-2017

Cisco doesn't provide a documented procedure for customers to access the operating system as a root user. If you managed to do so and apply your chages it may break other system processes and leave your appliance at least partially non-functional.

You can open a TAC case and they can establish a secure support session. If they have any internal patches documented for your specific issues, they may apply them via that method.

tushar_bangia · ‎07-25-2017

Yes Marvin..I am aware of this process. I did the upgrade and we need to run the scan to see if we see any more vulnerabilities.

ThreatGrid SSL Vulnerabilities!!