Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1010
Views
0
Helpful
1
Replies

Vulunerability in 1941 Router

Muthukumar P
Level 1
Level 1

‎09-11-2017 05:49 AM - edited ‎03-05-2019 09:06 AM

HI Team,

               One of our customer is getting following vulnerability in Cisco 1941 Router  , please do the needful.

 

The following vulnerability has been identified :

          SSH  Weak  MAC  Algorithms  Enabled  and  SSH  is  configured  to  allow  MD5  and  96-bit  MAC algorithms.

 

VULNERABLE DEVICE :

 

C:\Users\amit>nmap --script ssh2-enum-algos 10.10.1.10 -p 22

 

Starting Nmap 7.01 ( https://nmap.org ) at 2017-09-11 10:33 India Standard Time

Nmap scan report for ro-adh-1941-1010110.indiaideas.com (10.10.1.10)

Host is up (0.0011s latency).

PORT   STATE SERVICE

22/tcp open  ssh

| ssh2-enum-algos:

|   kex_algorithms: (3)

|       diffie-hellman-group-exchange-sha1

|       diffie-hellman-group14-sha1

|       diffie-hellman-group1-sha1

|   server_host_key_algorithms: (1)

|       ssh-rsa

|   encryption_algorithms: (4)

|       aes128-cbc

|       3des-cbc

|       aes192-cbc

|       aes256-cbc

|   mac_algorithms: (4)

|       hmac-sha1

|       hmac-sha1-96

|       hmac-md5

|       hmac-md5-96

|   compression_algorithms: (1)

|_      none

 

Nmap done: 1 IP address (1 host up) scanned in 2.40 seconds

 

Thanks

Muthukumar

 

Labels:
0 Helpful
1 Reply 1

Karsten Iwen
VIP
VIP

‎09-11-2017 07:18 AM

You need to update to at least IOS 15.5(2) where you can disable unwanted ciphers:

https://supportforums.cisco.com/t5/security-documents/guide-to-better-ssh-security/ta-p/3133344

0 Helpful
Customers Also Viewed These Support Documents