cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
562
Views
0
Helpful
1
Replies

Vulnerabilities of a cisco ISR 4351

Hello, a client just had their network checked and received a report of these vulnerabilities

 

Device Cisco ISR 4351 (OS Version 03.13.02.S, IOS Software Version 15.4 (3) S2)

  • Vulnerability of the NTP protocol, the device should not respond to requests or queries of mode 6 or 7 of the NTP protocol
  • Disclosure of information in Cisco IOS IKEv1
  • Vulnerability Internet Key Exchange (IKE) Aggressive mode with pre-shared key

Is there a diferent version of the OS that will help remove these vulnerabilities?

Thank you.

1 Reply 1

Joseph W. Doherty
Hall of Fame
Hall of Fame
Not 100% certain, but suspect these might be more related to your config. For example, are you using encrypted NTP? Or, rather than using an IKE pre-shared key, use a certificate.(?) (For the IKE key, using a long random key, while also configured to cycle your stream key based on time and/or volume, and using PFS, should mitigate the concern of using a pre-shared key.
Review Cisco Networking for a $25 gift card