Our VOIP enviroment raised some flags on the latest audit scan and I am trying to resolve the items:
A few items have me confused:
The following showed up on 3 of the devices:
remote network time service has denial of service (123/udp)...Upgrade to NTP 4.2.4p8 or later.
1 callmanager had this and it running the latest revision 22.214.171.124900-4 and is supposed to be resolved. (Another CCM running the same version didn't have the vulernability).
Our 2 UCCX servers running Cisco Application Administration - 7.0(1)_Build168 had the same vulerability. From what I can tell Cisco has fixed for most products but not the UCCX platform. I know this is going to a linux based version soon but is there a patch or ugrade that can reslove this?
Also Weak Ciphers appear on almost all of the Linux based servers...is there a way to disable this?