Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1311
Views
0
Helpful
3
Replies

Nessus plugin result/fix for Unified Communications Manager

Snoogie2563
Level 1
Level 1

‎07-16-2021 11:38 AM

Hi all, I'm not really sure if I should post this here or in Security (or both) but I have a Cisco Unified Communications Manager that is reporting a hit on Nessus Plugin ID 66848. This plugin indicates that the remote service (The CUCM) supports the use of null SSL ciphers. I am trying to find out what Common Vulnerability and Exposure (CVE) number this equates to and/or any patch/fix information that may be available.

 

Thanks for any help,

 

Respectfully,

 

Chuck Reel

0 Helpful
3 Replies 3

Nithin Eluvathingal
VIP
VIP

‎07-16-2021 08:59 PM

If you don't configure the cipher string in the following fields:

  • All TLS or HTTPS TLS field—the HTTPS TLS interface port (8443) takes configuration from the Enterprise parameters (HTTPS ciphers) page.

  • All TLS or SIP TLS field—the SIP interface port (5061) takes configuration from the Enterprise parameters (TLS ciphers) page in encrypted mode and NULL-SHA ciphers in authenticated mode.

Go through the below guide,

 

https://www.cisco.com/c/en/us/td/docs/voice_ip_comm/cucm/security/12_5_1/cucm_b_security-guide-1251/cucm_b_security-guide-1251_chapter_01.html

 

 



Response Signature


0 Helpful

Snoogie2563
Level 1
Level 1
In response to Nithin Eluvathingal

‎07-18-2021 12:27 PM

Thank you Nithin, I am seeing this on Sunday afternoon, so I'm not at work, but I will certainly look into what you have said tomorrow morning

Respectfully,

 

Chuck Reel

0 Helpful

Snoogie2563
Level 1
Level 1

‎08-04-2021 01:32 PM

So, I'm not sure I exactly followed what the intent of the response I received was other than to tell me to go through the CUCM Security Guide, but I thought I would provide an update to this thread for anyone who might find the information useful.

We have Secure and non Secure SIP trunks but that does not appear to have been the issue as none of these configurations were changed but the scan finding has been corrected.

 

Our secure SIP trunk profiles all use secure SIP profiles with TLS as the Inbound and Outgoing Transport Type and Device Security Mode set to Encrypted.

 

The issue appears to have been that we had several endpoints configured with non-secure device profiles. As soon as we changed all of our device profiles to a secure version the problem cleared.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents