Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
5415
Views
0
Helpful
1
Replies

Vulnerability

Go to solution
leyakhath muhammed
Level 1
Level 1

‎05-31-2017 08:50 PM - edited ‎03-10-2019 12:50 AM

I have NAC3315 Version 4.9.3

Our Vulnerability Assessment Founded .

Untrusted TLS/SSL server X.509 certificate (tls-untrusted-ca)

TLS/SSL Birthday attacks on 64-bit block ciphers (SWEET32) (ssl-cve-2016-2183-sweet32)

TLS/SSL Server Supports SSLv3 (sslv3-supported)

How can i fix ,Please advice me

Thanks

2 people had this problem
Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎06-03-2017 07:45 AM

Your NAC appliance and the software running on it are end of sales now for a long time. 

http://www.cisco.com/c/en/us/products/collateral/routers/7600-series-routers/eos-eol-notice-c51-734104.html

Cisco is no longer updating the software and as such there is no work around for the SWEET32 vulnerability. There is a bug ID confirming this fact:

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvb48635

The SSLv3 issue similarly has no fix on the NAC product.

You can replace the self-signed certificate for that one bit; but overall your organization should move off of this outmoded solution to something like Cisco ISE for network access control  

View solution in original post

0 Helpful
1 Reply 1

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎06-03-2017 07:45 AM

Your NAC appliance and the software running on it are end of sales now for a long time. 

http://www.cisco.com/c/en/us/products/collateral/routers/7600-series-routers/eos-eol-notice-c51-734104.html

Cisco is no longer updating the software and as such there is no work around for the SWEET32 vulnerability. There is a bug ID confirming this fact:

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvb48635

The SSLv3 issue similarly has no fix on the NAC product.

You can replace the self-signed certificate for that one bit; but overall your organization should move off of this outmoded solution to something like Cisco ISE for network access control  

0 Helpful
Customers Also Viewed These Support Documents