Hello, I have a Cisco CBS350-48T-4X switch stack running software version Version: 3.2.1.1.  A vulnerability scan was recently run on our network and identified the below vulnerabilities.  Does anyone know how to remediate them?

* SSL Self-Signed Certificate

* SSL/TLS Recommended Cipher Suites - The remote host has open SSL/TLS ports which advertise discouraged cipher suites. It is recommended to only enable support for the following cipher suites:

TLSv1.3:

• 0x13,0x01 TLS13_AES_128_GCM_SHA256
• 0x13,0x02 TLS13_AES_256_GCM_SHA384
• 0x13,0x03 TLS13_CHACHA20_POLY1305_SHA256

TLSv1.2:

• 0xC0,0x2B ECDHE-ECDSA-AES128-GCM-SHA256
• 0xC0,0x2F ECDHE-RSA-AES128-GCM-SHA256
• 0xC0,0x2C ECDHE-ECDSA-AES256-GCM-SHA384
• 0xC0,0x30 ECDHE-RSA-AES256-GCM-SHA384
• 0xCC,0xA9 ECDHE-ECDSA-CHACHA20-POLY1305
• 0xCC,0xA8 ECDHE-RSA-CHACHA20-POLY1305

This is the recommended configuration for the vast majority of services, as it is highly secure and compatible with nearly every client released in the last five (or more) years.

* Missing Referer-Policy Header - "Referer header is a request header that indicates the site which the traffic originated from. If there is no adequate prevention in place, the  URL itself, and even sensitive information contained in the URL will be leaked to the cross-site.  The lack of Referrer-Policy header might affect privacy of the users and site's itself.  For this vulnerability, only the response and request of the first instance found on each asset is reported. All additional findings only contain the additional paths affected.  Purported solution: "Ensure that user input is URL-encoded before it is embedded in a URL."

* Unencrypted communications -The application allows users to connect to it over unencrypted connections.  An attacker suitably positioned to view a legitimate user's network traffic could record and monitor their interactions with the application and obtain any information the user supplies. Furthermore, an attacker able to modify traffic could use the application as a platform for attacks against its users and third-party websites. Unencrypted connections have been exploited by ISPs and governments to track users, and to inject adverts and malicious JavaScript. Due to these concerns, web browser vendors are planning to visually flag unencrypted connections as hazardous.

To exploit this vulnerability, an attacker must be suitably positioned to eavesdrop on the victim's network traffic. This scenario typically occurs when a client communicates with the server over an insecure connection such as public Wi-Fi, or a corporate or home network that is shared with a compromised computer. Common defenses such as switched networks are not sufficient to prevent this. An attacker situated in the user's ISP or the application's hosting infrastructure could also perform this attack. Note that an advanced adversary could potentially target any connection made over the Internet's core infrastructure.

Please note that using a mixture of encrypted and unencrypted communications is an ineffective defense against active attackers, because they can easily remove references to encrypted resources when these references are transmitted over an unencrypted connection.

Purported resolution: Applications should use transport-level encryption (SSL/TLS) to protect all communications passing between the client and the server. The Strict-Transport-Security HTTP header should be used to ensure that clients refuse to access the server over an insecure connection.

* Link manipulation (DOM-based) - DOM-based vulnerabilities arise when a client-side script reads data from a controllable part of the DOM (for example, the URL) and processes this data in an unsafe way.

DOM-based link manipulation  arises when a script writes controllable data to a navigation target within the current page, such as a clickable link or the submission URL of a form. An attacker may be able to use the vulnerability to construct a URL that, if visited by another application user, will modify the target of links within the response. An attacker may be able to leverage this to perform various attacks, including:

• Causing the user to redirect to an arbitrary external URL, to facilitate a phishing attack.
• Causing the user to submit sensitive form data to a server controlled by the attacker.
• Causing the user to perform an unintended action within the application, by changing the file or query string associated with a link.
• Bypassing browser anti-XSS defenses by injecting on-site links containing XSS exploits, since browser anti-XSS defenses typically do not operate on on-site links.

Burp Suite automatically identifies this issue using dynamic and static code analysis. Static analysis can lead to false positives that are not actually exploitable. If Burp Scanner has not provided any evidence resulting from dynamic analysis, you should review the relevant code and execution paths  to determine whether this vulnerability is indeed present, or whether mitigations are in place that would prevent exploitation.

* Vulnerable JavaScript dependency - The use of third-party JavaScript libraries can introduce a range of DOM-based vulnerabilities, including some that can be used to hijack user accounts like DOM-XSS.

Common JavaScript libraries typically enjoy the benefit of being heavily audited. This may mean that bugs are quickly identified and patched upstream, resulting in a steady stream of security updates that need to be applied. Although it may be tempting to ignore updates, using a library with missing security patches can make your website exceptionally easy to exploit. Therefore, it's important to ensure that any available security updates are applied promptly.

Some library vulnerabilities expose every application that imports the library, but others only affect applications that use certain library features. Accurately identifying which library vulnerabilities apply to your website can be difficult, so we recommend applying all available security updates regardless.