cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
224
Views
0
Helpful
6
Replies
Highlighted
Beginner

Cisco 5508 Controllers vulnerabilities

wlc 5508 running version  8.2.170.0 shows the below vulnerabilities, how can these be mitigated? 

 

SSL Certificate Signed Using Weak Hashing Algorithm
SSH Weak Algorithms Supported
SSH Server CBC Mode Ciphers Enabled
SSH Weak MAC Algorithms Enabled
SSL Certificate Chain Contains RSA Keys Less Than 2048 bits

6 REPLIES 6
Rising star

Re: Cisco 5508 Controllers vulnerabilities

How to mitigate them would be an upgrade.

The version to upgrade to would have been advised in the security advisory notice that the vulnerability was announced in or the release notes for the version you are upgrading to.

 

As most of these are SSL and SSH vulnerabilities also recommend ACL/ FW rules to only allow these protocols from known sources.

 

When considering an upgrade here are two good links to review:

https://www.cisco.com/c/en/us/td/docs/wireless/compatibility/matrix/compatibility-matrix.html

https://www.cisco.com/c/en/us/support/docs/wireless/wireless-lan-controller-software/200046-tac-recommended-aireos.html

*****Help out other by using the rating system and marking answered questions as "Answered"*****
*** Please rate helpful posts ***
Beginner

Re: Cisco 5508 Controllers vulnerabilities

 are there any extra commands needed to be done after the upgrade ?

 

Thanks for your concern Haydn 

Beginner

Re: Cisco 5508 Controllers vulnerabilities

 are there any extra commands needed to be done after the upgrade ?

 

Thanks for your concern Haydn 

Everyone's tags (1)
Participant

Re: Cisco 5508 Controllers vulnerabilities

You can run one of the following commands should you want to verify security strength after the upgrade:

 

(Cisco Controller) >show certificate?

all Display all installed certificate details
compatibility Enable compatibility mode for inter-switch ipsec
eap Display EAP cert. details
ipsec Display IPSec cert. details
lsc Display Locally Significant Certificate (LSC)
ssc Display Self Signed Device Certificate (SSC)
summary Display SSL certificates
webadmin Display Web Administration cert. details
webauth Display Web Authentication cert. details

 

 

<<< Please help the community by marking useful posts helpful, or accept as a solution if it resolved your issue >>>

VIP Advocate

Re: Cisco 5508 Controllers vulnerabilities

The option you want is named "Cipher-Option High", which would mitigate most of those points. Not sure which software release has added it though.
For compatibility reasons some old variants will also stay enabled! So not all points will disappear in a scan.
Hall of Fame Community Legend

Re: Cisco 5508 Controllers vulnerabilities

Upgrade the firmware of the controller.
CreatePlease to create content
Content for Community-Ad
August's Community Spotlight Awards