Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Cisco Prime Infrastucture vulnerability SSL RC4 Cipher Suites Supported

Hi All,

I have a question on how to disable RC4 Cipher Suites Supported on Cisco Prime Infrastructure Platform.

My Client have use Nessus Software to scan on prime. and found on below vulnerability

SSL RC4 Cipher Suites Supported

Cisco prime infrastructure deploy on latest 2.1

we have gain the root access and modifier the ssl.conf and restart the service also unable to solve.

/opt/CSCOlumos/httpd/ssl/backup/ssl.conf

/opt/CSCOlumos/httpd/ssl/ssl.conf

C:\Program Files\Tenable\Nessus>nessuscmd -v -p 443 -i 21643 192.168.1.55
Starting nessuscmd 5.2.7
Scanning '192.168.1.55'...

 

Host 192.168.1.55 is up
Discovered open port https (443/tcp) on 192.168.1.55
[i] Plugin 21643 reported a result on port https (443/tcp) of 192.168.1.55
+ Results found on 192.168.1.55 :
   - Port https (443/tcp) is open
     [i] Plugin ID 21643
      | Here is the list of SSL ciphers supported by the remote server :
      | Each group is reported per SSL Version.
      | SSL Version : TLSv1
      |   Medium Strength Ciphers (>= 56-bit and < 112-bit key)
      |       DES-CBC-SHA                  Kx=RSA         Au=RSA      Enc=DES-C
      | C(56)          Mac=SHA1
      .....
      |       RC4-MD5                      Kx=RSA         Au=RSA      Enc=RC4(1
      | 8)             Mac=MD5
      |       RC4-SHA                      Kx=RSA         Au=RSA      Enc=RC4(1
      | 8)             Mac=SHA1
      |
      | SSL Version : SSLv3
      |   Medium Strength Ciphers (>= 56-bit and < 112-bit key)
      |       DES-CBC-SHA                  Kx=RSA         Au=RSA      Enc=DES-C
      | C(56)          Mac=SHA1
      |       DES-CBC-SHA                  Kx=RSA         Au=RSA      Enc=DES-C
      | C(56)          Mac=SHA1
      |   High Strength Ciphers (>= 112-bit key)
      |       EDH-RSA-DES-CBC3-SHA         Kx=DH          Au=RSA      Enc=3DES(
      | 68)            Mac=SHA1
      ....
      |       RC4-MD5                      Kx=RSA         Au=RSA      Enc=RC4(1
      | 8)             Mac=MD5
      |       RC4-SHA                      Kx=RSA         Au=RSA      Enc=RC4(1
      | 8)             Mac=SHA1
      | The fields above are :

 

Everyone's tags (1)
1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Hi , "SSL RC4 Cipher Suites

Hi ,

 

"SSL RC4 Cipher Suites Supported" has been documented in bug CSCum03709. 

CSCum03709    PI 2.0.0.0.294 with SSH vulnerabilities

Presently, there is no workaround for this vulnerability, however, the fix will be implemented in
Prime Infrastructure 2.2.which is planned to be released around the end of this year ( tentative)

 

Thanks-

Afroz

***Ratings Encourages Contributors ***

Thanks- Afroz [Do rate the useful post] ****Ratings Encourages Contributors ****
3 REPLIES
Cisco Employee

Hi , "SSL RC4 Cipher Suites

Hi ,

 

"SSL RC4 Cipher Suites Supported" has been documented in bug CSCum03709. 

CSCum03709    PI 2.0.0.0.294 with SSH vulnerabilities

Presently, there is no workaround for this vulnerability, however, the fix will be implemented in
Prime Infrastructure 2.2.which is planned to be released around the end of this year ( tentative)

 

Thanks-

Afroz

***Ratings Encourages Contributors ***

Thanks- Afroz [Do rate the useful post] ****Ratings Encourages Contributors ****
New Member

Hi Afroz,5 Star savior:)

Hi Afroz,

5 Star savior:) Thanks for great information.

 

Regards,

Zhan Hua

New Member

We are on 8.1 and an audit

We are on 8.1 and an audit scan found this vulnerability.  What was the fix in 2.2?

They would like us to disable RC4. 

From Auditors:

A Security survey conducted for the use of SNMP, SSL and RC4. 

If your application is currently using RC4 to protect sensitive data (not just PCI), please let me know of your plans to disable RC4

Any other options other than RC4, SNMP or SSL for Cisco Prime?

Thanks!

910
Views
5
Helpful
3
Replies