04-18-2024 02:15 AM
Hi
I hope your doing well
in our network infrastructure where we have Qualys to scan for vulnerabilities i can't find a solution for this certain vulnerability here are the details :
Weak SSL/TLS Key Exchange
impact an attacker with access to sufficient computational power might be able to recover the session key and decrypt session content
i have tried the suggested solution from both community cisco but when we i scan again the vulnerability remains the same , the solution that i have tried is to disable SSL/TLS on the switches after scanning it still shows the same vulnerability ,also i have tried to configure the cipher suite with AES 256 the vulnerability remains the same .
the switch we have is cisco 9200 version 17.6
best regards
04-18-2024 02:27 AM
@mohammedalrawiib what commands did you configure? Provide the configuration.
Did you use the command - no ip http secure-server to disable https server?
You could also apply an ACL to restrict traffic to trusted sources, that would help mitigate the issue.
04-18-2024 02:29 AM
Yes i tried to use the command no ip http secure-server but the vulnerability remains in the scan report
04-18-2024 02:36 AM
@mohammedalrawiib with that command, https on the switch is disabled and should not respond.
Are you sure a new scan was run after that command was configured?
Provide your configuration
04-18-2024 05:38 AM
tried to scan 2 times and the vulnerability still remains is there anything i can try ?
can't provide configuration right now, will provide on Sunday
regards
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide