wlc 5508 running version 22.214.171.124 shows the below vulnerabilities, how can these be mitigated?
SSL Certificate Signed Using Weak Hashing Algorithm
SSH Weak Algorithms Supported
SSH Server CBC Mode Ciphers Enabled
SSH Weak MAC Algorithms Enabled
SSL Certificate Chain Contains RSA Keys Less Than 2048 bits
How to mitigate them would be an upgrade.
The version to upgrade to would have been advised in the security advisory notice that the vulnerability was announced in or the release notes for the version you are upgrading to.
As most of these are SSL and SSH vulnerabilities also recommend ACL/ FW rules to only allow these protocols from known sources.
When considering an upgrade here are two good links to review:
are there any extra commands needed to be done after the upgrade ?
Thanks for your concern Haydn
You can run one of the following commands should you want to verify security strength after the upgrade:
(Cisco Controller) >show certificate?
all Display all installed certificate details
compatibility Enable compatibility mode for inter-switch ipsec
eap Display EAP cert. details
ipsec Display IPSec cert. details
lsc Display Locally Significant Certificate (LSC)
ssc Display Self Signed Device Certificate (SSC)
summary Display SSL certificates
webadmin Display Web Administration cert. details
webauth Display Web Authentication cert. details
<<< Please help the community by marking useful posts helpful, or accept as a solution if it resolved your issue >>>