cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
613
Views
0
Helpful
6
Replies

vulnerability

Robo123
Level 1
Level 1

Hi Team,

 

i have cisco WS-C6506-E chassi running with "s3223-ipbasek9-mz.122-33.SXJ10.bin" IOS .Below are the vulnerability hitting on the perticular IOS.

 

Unsupported Cisco Operating System

SSH Server CBC Mode Ciphers Enabled

SSH Weak MAC Algorithms Enabled

 

Kindly letmeknow how we can recover the same.

 

 

6 Replies 6

Hi

I recommend upgrade your IOS, use crypto key size of 1024 as minimal and SSH v2, please check this link:

https://supportforums.cisco.com/t5/other-security-subjects/quot-ssh-server-cbc-mode-ciphers-ssh-weak-mac-algorithms-quot/td-p/2662778

Also you can open a ticket with the Cisco TAC.

:-)




>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<

Hi Julio,

 

Kindly let me know which is the stayable version.

Hi

The following link will show you the latest images, but to be honest you should reach the Cisco TAC to get a proper solution.

https://software.cisco.com/download/release.html?mdfid=280829687&flowid=3350&softwareid=280805680&release=12.2.33-SXI14&relind=AVAILABLE&rellifecycle=MD&reltype=latest

 

:-)




>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<


@vishnupalloormeethal wrote:

Hi Julio,

 

Kindly let me know which is the stayable version.


No one knows the inside of your network more than you.  And this is the reason why no one is going to recommend what version your network should be running on. 

 

However, go to the Cisco download website, pick a version you might be interested on and read the Release Notes carefully.  The Release Notes will determine if the software version is or might-be suitable for your needs or not.

I agree with Julio, anytime you deal with distribution core switch you need to validate code version with Cisco TAC for a recommended version. However, for a quick look you need to identify your sup model then based on that you can find out which code its compatiable with such as for:

Catalyst 6500 Series Virtual Switching Supervisor Engine 720 with 10GE uplinks

suggested code: IOS Software-15.1.2-SY10

https://software.cisco.com/download/release.html?mdfid=281569550&flowid=3353&softwareid=280805680&release=15.1.2-SY10&relind=AVAILABLE&rellifecycle=MD&reltype=latest 

I hope this helps. Good luck!

Leo Laohoo
Hall of Fame
Hall of Fame
The only way to circumvent these bugs is to upgrade the IOS.
Review Cisco Networking for a $25 gift card