Solved: Hi , "SSL RC4 Cipher Suites

Freemen · ‎09-09-2014

Hi All,

I have a question on how to disable RC4 Cipher Suites Supported on Cisco Prime Infrastructure Platform.

My Client have use Nessus Software to scan on prime. and found on below vulnerability

SSL RC4 Cipher Suites Supported

Cisco prime infrastructure deploy on latest 2.1

we have gain the root access and modifier the ssl.conf and restart the service also unable to solve.

/opt/CSCOlumos/httpd/ssl/backup/ssl.conf

/opt/CSCOlumos/httpd/ssl/ssl.conf

C:\Program Files\Tenable\Nessus>nessuscmd -v -p 443 -i 21643 192.168.1.55
Starting nessuscmd 5.2.7
Scanning '192.168.1.55'...

Host 192.168.1.55 is up
Discovered open port https (443/tcp) on 192.168.1.55
[i] Plugin 21643 reported a result on port https (443/tcp) of 192.168.1.55
+ Results found on 192.168.1.55 :
   - Port https (443/tcp) is open
     [i] Plugin ID 21643
      | Here is the list of SSL ciphers supported by the remote server :
      | Each group is reported per SSL Version.
      | SSL Version : TLSv1
      |   Medium Strength Ciphers (>= 56-bit and < 112-bit key)
      |       DES-CBC-SHA                  Kx=RSA         Au=RSA      Enc=DES-C
      | C(56)          Mac=SHA1
.....
      |       RC4-MD5                      Kx=RSA         Au=RSA      Enc=RC4(1
      | 8)             Mac=MD5
      |       RC4-SHA                      Kx=RSA         Au=RSA      Enc=RC4(1
      | 8)             Mac=SHA1
      |
      | SSL Version : SSLv3
      |   Medium Strength Ciphers (>= 56-bit and < 112-bit key)
      |       DES-CBC-SHA                  Kx=RSA         Au=RSA      Enc=DES-C
      | C(56)          Mac=SHA1
      |       DES-CBC-SHA                  Kx=RSA         Au=RSA      Enc=DES-C
      | C(56)          Mac=SHA1
      |   High Strength Ciphers (>= 112-bit key)
      |       EDH-RSA-DES-CBC3-SHA         Kx=DH          Au=RSA      Enc=3DES(
      | 68)            Mac=SHA1
....
      |       RC4-MD5                      Kx=RSA         Au=RSA      Enc=RC4(1
      | 8)             Mac=MD5
      |       RC4-SHA                      Kx=RSA         Au=RSA      Enc=RC4(1
      | 8)             Mac=SHA1
      | The fields above are :

AFROJ AHMAD · ‎09-09-2014

Hi ,

"SSL RC4 Cipher Suites Supported" has been documented in bug CSCum03709.

CSCum03709 PI 2.0.0.0.294 with SSH vulnerabilities

Presently, there is no workaround for this vulnerability, however, the fix will be implemented in
Prime Infrastructure 2.2.which is planned to be released around the end of this year ( tentative)

Thanks-

Afroz

***Ratings Encourages Contributors ***

Thanks- Afroz [Do rate the useful post] ****Ratings Encourages Contributors ****

View solution in original post

AFROJ AHMAD · ‎09-09-2014

Hi ,

"SSL RC4 Cipher Suites Supported" has been documented in bug CSCum03709.

CSCum03709 PI 2.0.0.0.294 with SSH vulnerabilities

Presently, there is no workaround for this vulnerability, however, the fix will be implemented in
Prime Infrastructure 2.2.which is planned to be released around the end of this year ( tentative)

Thanks-

Afroz

***Ratings Encourages Contributors ***

Thanks- Afroz [Do rate the useful post] ****Ratings Encourages Contributors ****

Freemen · ‎09-09-2014

Hi Afroz,

5 Star savior:) Thanks for great information.

Regards,

Zhan Hua

Jim Mackley · ‎07-26-2016

We are on 8.1 and an audit scan found this vulnerability. What was the fix in 2.2?

They would like us to disable RC4.

From Auditors:

A Security survey conducted for the use of SNMP, SSL and RC4.　

If your application is currently using RC4 to protect sensitive data (not just PCI), please let me know of your plans to disable RC4

Any other options other than RC4, SNMP or SSL for Cisco Prime?

Thanks!

Cisco Prime Infrastucture vulnerability SSL RC4 Cipher Suites Supported