Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
I have three c1000 switches in my environment that are returning the following finding on our internal vulnerability scans: Name:Diffie-Hellman Ephemeral Key Exchange DoS Vulnerability (SSH, D(HE)ater) Severity:High CVE:CVE-2002-20001 Descri...
I have searched for an answer to this one for quite some time. Unfortunately, the below configuration isn't taking care of the issue for me. Anyone have a "silver bullet" I can use on this CVE?What I have tried (most recently):ip ssh serv alg kex dif...
Can anyone tell me how they have remediated this issue? I cant seem to find ANYthing on it after numerous searches. We have the VPN portal on our FTD, and our most recent vuln. scan returned the above finding.
Rob,I am on the latest revision available for these devices. ip ssh server algorithm kex ?diffie-hellman-group-exchange-sha1 DH_GRPX_SHA1 diffie-hellman key exchange algorithmdiffie-hellman-group14-sha1 DH_GRP14_SHA1 diffie-hellman key exchange algor...
Rob,Thanks for reaching out. The first command gives me an error:ip ssh server algorithm kex ecdh-sha2-nistp384 ecdh-sha2-nistp256 ^% Invalid input detected at '^' marker.I was planning to disable http, just h...
I have tried creating this flexconfig item, but each time I deploy, I get the following error:error :@httpOnly^ERROR: % Invalid input detected at '^' marker.Config Error -- @httpOnlyAny idea what I am doing wrong?
