Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

Vulnerabilities on Cisco ASA 5510 and Cisco Router 2811

Hi all,

     I need your help in the next: One customer report to me vulnerabilities in the his Cisco ASA and Cisco 2811 and the vulnerabilities is this.

     1- OS Identification (Router). Synopsis: It is possible to guess the remote operating system. Description: Using a combination of remote probes (TCP/IP, SMB, HTTP, NTP, SNMP, etc...) it is possible to guess the name of the remote operating system use, and sometimes its version

     2- Device Type (Router). Synopsis: It is possible to guess the remote device type. Description: Based on the remote operating system, it is possible to determine what the remote system type is (eg: a printer, router, etc).

     3-Common Platform Enumeration (Router). Synopsis: It is possible to enumerate CPE names that matches on the remote system. Description: By using information obteined from a Nessus scan, this plugin reports CPE (Common Platform Enumeration) matches for various hardware and software products found on a host. See also: http://cpe.mitre.org/

     4- SSL Medium Streght Cipher Suites Supported (Router & ASA). Synopsis: The remote service supports the use of medium strenght SSL ciphers. Description: The remote host supports the use of SSL ciphers that offer medium strength encryption, which we currently regard as those with key lengths at least 56 bits and less than 112 bits.

The Router is connected with isp for internet service only, and the ASA give vpn service, dmz service, policies, and be connected directly with the router by outside interface. The router IOS is c2800nm-advipservicesk9-mz.124-25f.bin, and ASA version 8.2 (5).

So my question is, how I can mitigate this vulnerabilities.? Is possible do it.? What you recommend me.?

Thanks so much for read me,

Everyone's tags (4)
2 REPLIES

Vulnerabilities on Cisco ASA 5510 and Cisco Router 2811

Hi

I do recommend you do nothing.

you dont need to mitigate this vulnerabilities.

even if somebody knows os is  ASA version 8.2 (5) so still can not get inside

provided that is correctly configured

Vulnerabilities on Cisco ASA 5510 and Cisco Router 2811

Hi, thanks for your answer, but how I can mitigate the vulnerabilities of the router.?

1418
Views
0
Helpful
2
Replies
CreatePlease login to create content