can you please advise how to fix the below vulnaberites on ISR4461
IOS latest updated
| vulnerability |
risk |
Vuln Refrence |
synopsis |
| SSL Certificate Expiry |
15901 |
The remote server's SSL certificate has already expired. |
| SSL Weak Cipher Suites Supported |
26928 |
The remote service supports the use of weak SSL ciphers. |
| SSL Certificate Signed Using Weak Hashing Algorithm |
35291 |
An SSL certificate in the certificate chain has been signed using a
weak hash algorithm. |
| Unencrypted Telnet Server |
42263 |
The remote Telnet server transmits traffic in cleartext. |
| SSL Medium Strength Cipher Suites Supported (SWEET32) |
42873 |
The remote service supports the use of medium strength SSL ciphers. |
| SSL Certificate Cannot Be Trusted |
51192 |
The SSL certificate for this service cannot be trusted. |
| SSL Self-Signed Certificate |
57582 |
The SSL certificate chain for this service ends in an unrecognized
self-signed certificate. |
| Internet Key Exchange (IKE) Aggressive Mode with Pre-Shared Key |
62694 |
The remote IKEv1 service supports Aggressive Mode with Pre-Shared key. |
| SSL RC4 Cipher Suites Supported (Bar Mitzvah) |
65821 |
The remote service supports the use of the RC4 cipher. |
| TLS Version 1.0 Protocol Detection |
104743 |
The remote service encrypts traffic using an older version of TLS. |
| TLS Version 1.1 Protocol Deprecated |
157288 |
The remote service encrypts traffic using an older version of TLS. |
| SSL/TLS Diffie-Hellman Modulus <= 1024 Bits (Logjam) |
83875 |
The remote host allows SSL/TLS connections with one or more
Diffie-Hellman moduli less than or equal to 1024 bits. |
