Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3279
Views
0
Helpful
2
Replies

SSL Certificate Signed using Weak Hashing Algorithm - Cisco WLC - Port 16113

KarthikVandanapu
Level 1
Level 1

‎09-15-2020 10:23 PM - edited ‎07-05-2021 12:31 PM

Platform family -- Cisco

Platform details -- Cisco WLC

Plugin name -- 1. SSL Certificate Signed using Weak Hashing Algorithm

                         2. SSL Certificate Cannot Be Trusted

Port              -- 16113

Protocol       -- tcp 

Above is the vulnerability finding in internal audit and we have applied "

config network secureweb cipher-option high enable” and rebooted WLC but still audit team says Port 16113 is still open. wanted to know how to block 16113 and is there any impact due to this. 

 

3 people had this problem
Labels:
0 Helpful
2 Replies 2

Scott Fella
Hall of Fame
Hall of Fame

‎09-15-2020 11:28 PM

That port is for CMX NMSP. I ran into that issue also with a pen test. It depends on the security folks if it’s okay or not. They were okay with me enabling the higher ciphers but still didn’t like the 3des but mentioned when TLS1.3 is out that they expect no other to be enabled. Don’t really think that is possible because of backwards compatibility. They know this too.
-Scott
*** Please rate helpful posts ***
0 Helpful

O_H
Level 1
Level 1

‎01-12-2022 12:54 AM

Did you find a solution for this?

 

I think that {config nmsp cipher-option high enable} should solve it. But my confusion is that it says it is already enabled while in the {show nmsp status says it is disabled}. Also Cisco says this command is introduced in 8.8.11.0 but i run 8.5.171.0.

https://www.cisco.com/c/en/us/td/docs/wireless/controller/8-8/cmd-ref/b-cr88/config_commands_j_to_q.html#wp2182172882

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card