Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

SSH Server CBC Mode Ciphers & SSH Weak MAC Vulnerabilities | Supported IOS version

Hi All,

We have WS-C3560X-24T-L with IOS version 15.2(1)E1. This device was subjected to vulnerability assessment.

Findings:

1.) SSH Server CBC Mode Ciphers & SSH Weak MAC Algorithms Enabled

Recommendations:

1.1.) Disable CBC mode cipher encryption, and enable CTR or GCM cipher mode encryption

1.2.)Disable MD5 and 96-bit MAC algorithms.

I looked into some documentations/forums and found the commands for the recommendations

1.1) ip ssh server algorithm encryption aes256-ctr

1.2.)ip ssh server algorithm mac hmac-sha1

The problem is the commands are  not supported on the IOS version (15.2(1)E1) of the 3560X.

Can you help me out if this 15.2.4E2 version can fix the issue. We are going to upgrade the FW of the box but just to be sure (because the box is in production) we want to it test on the lab environment, unfortunately we don't have a spare 3560X to be used.

1 REPLY
New Member

Hi all,

Hi all,

I confirmed that the commands are supported on the latest version 15.2.4E2

566
Views
0
Helpful
1
Replies
CreatePlease login to create content