Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
614
Views
0
Helpful
6
Replies

vulnerability

Robo123
Level 1
Level 1

‎09-11-2017 04:33 AM - edited ‎03-08-2019 11:58 AM

Hi Team,

 

i have cisco WS-C6506-E chassi running with "s3223-ipbasek9-mz.122-33.SXJ10.bin" IOS .Below are the vulnerability hitting on the perticular IOS.

 

Unsupported Cisco Operating System

SSH Server CBC Mode Ciphers Enabled

SSH Weak MAC Algorithms Enabled

 

Kindly letmeknow how we can recover the same.

 

 

Labels:
0 Helpful
6 Replies 6

Julio E. Moisa
VIP
VIP

‎09-11-2017 04:56 AM - edited ‎09-11-2017 05:03 AM

Hi

I recommend upgrade your IOS, use crypto key size of 1024 as minimal and SSH v2, please check this link:

https://supportforums.cisco.com/t5/other-security-subjects/quot-ssh-server-cbc-mode-ciphers-ssh-weak-mac-algorithms-quot/td-p/2662778

Also you can open a ticket with the Cisco TAC.

:-)




>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<
0 Helpful

Robo123
Level 1
Level 1
In response to Julio E. Moisa

‎09-11-2017 05:22 AM

Hi Julio,

 

Kindly let me know which is the stayable version.

0 Helpful

Julio E. Moisa
VIP
VIP
In response to Robo123

‎09-11-2017 05:58 AM

Hi

The following link will show you the latest images, but to be honest you should reach the Cisco TAC to get a proper solution.

https://software.cisco.com/download/release.html?mdfid=280829687&flowid=3350&softwareid=280805680&release=12.2.33-SXI14&relind=AVAILABLE&rellifecycle=MD&reltype=latest

 

:-)




>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<
0 Helpful

Leo Laohoo
Hall of Fame
Hall of Fame
In response to Robo123

‎09-11-2017 02:01 PM

@vishnupalloormeethal wrote:

Hi Julio,

 

Kindly let me know which is the stayable version.

No one knows the inside of your network more than you.  And this is the reason why no one is going to recommend what version your network should be running on. 

 

However, go to the Cisco download website, pick a version you might be interested on and read the Release Notes carefully.  The Release Notes will determine if the software version is or might-be suitable for your needs or not.

0 Helpful

Austin Sabio
Level 4
Level 4
In response to Julio E. Moisa

‎09-11-2017 08:34 AM - edited ‎09-11-2017 08:34 AM

I agree with Julio, anytime you deal with distribution core switch you need to validate code version with Cisco TAC for a recommended version. However, for a quick look you need to identify your sup model then based on that you can find out which code its compatiable with such as for:

Catalyst 6500 Series Virtual Switching Supervisor Engine 720 with 10GE uplinks

suggested code: IOS Software-15.1.2-SY10

https://software.cisco.com/download/release.html?mdfid=281569550&flowid=3353&softwareid=280805680&release=15.1.2-SY10&relind=AVAILABLE&rellifecycle=MD&reltype=latest 

I hope this helps. Good luck!

0 Helpful

Leo Laohoo
Hall of Fame
Hall of Fame

‎09-11-2017 05:05 AM

The only way to circumvent these bugs is to upgrade the IOS.
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card