Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
532
Views
0
Helpful
1
Replies

Vulnerabilities of a cisco ISR 4351

diego@martinezgroup.net
Level 1
Level 1

‎03-09-2018 07:21 AM - edited ‎03-05-2019 10:04 AM

Hello, a client just had their network checked and received a report of these vulnerabilities

 

Device Cisco ISR 4351 (OS Version 03.13.02.S, IOS Software Version 15.4 (3) S2)

  • Vulnerability of the NTP protocol, the device should not respond to requests or queries of mode 6 or 7 of the NTP protocol
  • Disclosure of information in Cisco IOS IKEv1
  • Vulnerability Internet Key Exchange (IKE) Aggressive mode with pre-shared key

Is there a diferent version of the OS that will help remove these vulnerabilities?

Thank you.

Labels:
0 Helpful
1 Reply 1

Joseph W. Doherty
Hall of Fame
Hall of Fame

‎03-09-2018 10:30 AM

Not 100% certain, but suspect these might be more related to your config. For example, are you using encrypted NTP? Or, rather than using an IKE pre-shared key, use a certificate.(?) (For the IKE key, using a long random key, while also configured to cycle your stream key based on time and/or volume, and using PFS, should mitigate the concern of using a pre-shared key.
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card