Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

SSH WLC vulnerabilites

Hi there guys,

Software Version:7.4.121.0

Via audit tool we´ve detected two vulnerabilites in WLC:

 

- SSH Server CBC Mode Ciphers Enabled: 

                The following client-to-server Cipher Block Chaining (CBC) algorithms are supported: 
                        3des-cbc
                        aes128-cbc 
                        aes192-cbc 
                        aes256-cbc 
                        blowfish-cbc 
                        cast128-cbc

 

- SSH Weak MAC Algorithms Enabled: 

                The following client-to-server Message Authentication Code (MAC) algorithms are supported : 
                        hmac-md5 
                        hmac-md5-96 
                        hmac-sha1-96 

 

 

Any idea of how to pass those tests?  I´m unable to find any info regarding those algorithms in this devices.

Thanks

Regards

2 REPLIES

I'm afraid we can't configure

I'm afraid we can't configure such parameters, at least I can not find any documentation or configuration (also not on the newer AirOS 8.0 code). Maybe you can work with a CPU ACL on the WLC to limit traffic to the control-plan (if central firewalling is not an option)? You can also disable SSH, but that does not fix the underlaying problem...

If you really want it to be fixed, I advise you to open a TAC case. If they see it as a feature enhancement you will need to contact your Cisco account team. 

This vulnerability may be of

This vulnerability may be of Denial Of service. Please refer to the link for details-

http://www.securityfocus.com/bid/35817

427
Views
0
Helpful
2
Replies
CreatePlease login to create content