Weak SSL/TLS Key Exchange

mohammedalrawiib · ‎04-18-2024

Hi

I hope your doing well

in our network infrastructure where we have Qualys to scan for vulnerabilities i can't find a solution for this certain vulnerability here are the details :

impact an attacker with access to sufficient computational power might be able to recover the session key and decrypt session content

i have tried the suggested solution from both community cisco but when we i scan again the vulnerability remains the same , the solution that i have tried is to disable SSL/TLS on the switches after scanning it still shows the same vulnerability ,also i have tried to configure the cipher suite with AES 256 the vulnerability remains the same .

the switch we have is cisco 9200 version 17.6

best regards

Rob Ingram · ‎04-18-2024

@mohammedalrawiib what commands did you configure? Provide the configuration.

Did you use the command - no ip http secure-server to disable https server?

You could also apply an ACL to restrict traffic to trusted sources, that would help mitigate the issue.

mohammedalrawiib · ‎04-18-2024

Yes i tried to use the command no ip http secure-server but the vulnerability remains in the scan report

Rob Ingram · ‎04-18-2024

@mohammedalrawiib with that command, https on the switch is disabled and should not respond.

Are you sure a new scan was run after that command was configured?

Provide your configuration

mohammedalrawiib · ‎04-18-2024

tried to scan 2 times and the vulnerability still remains is there anything i can try ?

can't provide configuration right now, will provide on Sunday

regards