Vulnerability name: CVE-1999-0524 Vulnerability scanner IDs: 10114 Description: ICMP information such as (1) netmask and (2) timestamp is allowed from arbitrary hosts. Solution Name: ICMP Timestamp Request Remote Date Disclosure Solution Description: Filter out the ICMP timestamp requests (13), and the outgoing ICMP timestamp replies (14).   This vulnerability is on my IOS and IOS XE switches.     Cisco IOS Software, s72033_rp Software (s72033_rp-IPSERVICESK9-M), Version 15.1(2)SY12, RELEASE SOFTWARE (fc4) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2018 by Cisco Systems, Inc. Compiled Mon 23-Apr-18 10:15 by prod_rel_team ROM: System Bootstrap, Version 12.2(17r)SX7, RELEASE SOFTWARE (fc1) xxxxxx uptime is 1 year, 3 weeks, 2 days, 23 hours, 7 minutes Uptime for this control processor is 1 year, 3 weeks, 2 days, 22 hours, 39 minutes System returned to ROM by reload at 17:00:48 CDT Fri Jul 20 2018 (SP by reload) System restarted at 17:03:49 CDT Fri Jul 20 2018 System image file is "disk0:s72033-ipservicesk9-mz.151-2.SY12.bin" Last reload reason: Reload Command   This product contains cryptographic features and is subject to United States and local country laws governing import, export, transfer and use. Delivery of Cisco cryptographic products does not imply third-party authority to import, export, distribute or use encryption. Importers, exporters, distributors and users are responsible for compliance with U.S. and local country laws. By using this product you agree to comply with applicable laws and regulations. If you are unable to comply with U.S. and local laws, return this product immediately. A summary of U.S. laws governing Cisco cryptographic products may be found at: http://www.cisco.com/wwl/export/crypto/tool/stqrg.html If you require further assistance please contact us by sending email to export@cisco.com. cisco WS-C6509-E (R7000) processor (revision 1.5) with 458720K/65536K bytes of memory. Processor board ID xxxxxxxxx SR71000 CPU at 600Mhz, Implementation 0x504, Rev 1.2, 512KB L2 Cache Last reset from s/w reset 2 Virtual Ethernet interfaces 196 Gigabit Ethernet interfaces 1917K bytes of non-volatile configuration memory. 65536K bytes of Flash internal SIMM (Sector size 512K). Configuration register is 0x2102 ... View more

Tenable says that my switch is vulnerable to  CVE-2008-5161.  What is the fix?   Vulnerability name: CVE-2008-5161 Vulnerability scanner IDs: 70658 Vulnerability port: 22 Description: Error handling in the SSH protocol in (1) SSH Tectia Client and Server and Connector 4.0 through 4.4.11, 5.0 through 5.2.4, and 5.3 through 5.3.8; Client and Server and ConnectSecure 6.0 through 6.0.4; Server for Linux on IBM System z 6.0.4; Server for IBM z/OS 5.5.1 and earlier, 6.0.0, and 6.0.1; and Client 4.0-J through 4.3.3-J and 4.0-K through 4.3.10-K; and (2) OpenSSH 4.7p1 and possibly other versions, when using a block cipher algorithm in Cipher Block Chaining (CBC) mode, makes it easier for remote attackers to recover certain plaintext data from an arbitrary block of ciphertext in an SSH session via unknown vectors. Solution Name: SSH Server CBC Mode Ciphers Enabled Solution Description: Contact the vendor or consult product documentation to disable CBC mode cipher encryption, and enable CTR or GCM cipher mode encryption.     here is my device IOS   sh version Cisco IOS Software, s72033_rp Software (s72033_rp-IPSERVICESK9-M), Version 15.1(2)SY12, RELEASE SOFTWARE (fc4) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2018 by Cisco Systems, Inc. Compiled Mon 23-Apr-18 10:15 by prod_rel_team ROM: System Bootstrap, Version 12.2(17r)SX7, RELEASE SOFTWARE (fc1) xxxxx uptime is 1 year, 3 weeks, 2 days, 23 hours, 7 minutes Uptime for this control processor is 1 year, 3 weeks, 2 days, 22 hours, 39 minutes System returned to ROM by reload at 17:00:48 CDT Fri Jul 20 2018 (SP by reload) System restarted at 17:03:49 CDT Fri Jul 20 2018 System image file is "disk0:s72033-ipservicesk9-mz.151-2.SY12.bin" Last reload reason: Reload Command   This product contains cryptographic features and is subject to United States and local country laws governing import, export, transfer and use. Delivery of Cisco cryptographic products does not imply third-party authority to import, export, distribute or use encryption. Importers, exporters, distributors and users are responsible for compliance with U.S. and local country laws. By using this product you agree to comply with applicable laws and regulations. If you are unable to comply with U.S. and local laws, return this product immediately. A summary of U.S. laws governing Cisco cryptographic products may be found at: http://www.cisco.com/wwl/export/crypto/tool/stqrg.html If you require further assistance please contact us by sending email to export@cisco.com. cisco WS-C6509-E (R7000) processor (revision 1.5) with 458720K/65536K bytes of memory. Processor board ID xxxxxxxxx SR71000 CPU at 600Mhz, Implementation 0x504, Rev 1.2, 512KB L2 Cache Last reset from s/w reset 2 Virtual Ethernet interfaces 196 Gigabit Ethernet interfaces 1917K bytes of non-volatile configuration memory. 65536K bytes of Flash internal SIMM (Sector size 512K). Configuration register is 0x2102 ... View more

What is the correct syntax to identify a default route with an ACL?  FYI, I'm putting together an EIGRP offset list and it seems that only ACLs are permitted to identify routes.   ... View more