Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
90
Views
0
Helpful
0
Replies

CIMC reporting to our Tenable scanner that it is vulnerablity

silviomanziano
Level 1
Level 1

‎05-01-2024 10:30 AM

We have CIMC reporting to our Tenable scanner that it is vulnerablity to Terrapin Vulnerability. see below :

./Terrapin-Scanner Report  Remote Banner: SSH-2.0-OpenSSH_8.8 PKIX[13.2.3]

  • ChaCha20-Poly1305 support:   true
  • CBC-EtM support:             false
  • Strict key exchange support: false
  • The scanned peer is VULNERABLE to Terrapin.

I am trying to understand how to view\change the ciphers we are using so they are not vulnerable any longer. Here is what I am seeing is currently enabled.  

servername /cimc/tls-config # show detail
TLS Configuration:
  TLS Static Cipher Enabled: NA
  Configured TLS Version: TLSv1.2, TLSv1.3
  TLS Version 1.2 Enabled: yes
  TLS Version 1.2 Cipher Mode: High
  TLS Version 1.2 Cipher List:  ALL:!DH:!EDH:!ADH:!EXP:!EXPORT40:!EXPORT56:!LOW:!MEDIUM:!RC4:!3DES:!SSLv2:!eNULL:!aNULL:!PSK:!SRP:!RSA:+HIGH
  TLS Version 1.2 Custom Status: NA
  TLS Version 1.3 Cipher Suite: TLS_AES_256_GCM_SHA384:TLS_AES_128_GCM_SHA256

Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card