Guest

Preview Tool

Cisco Bug: CSCum13116 - Need ISE to Support aes256-ctr, aes256-ctr cipher for ISE as SSH client

Last Modified

Nov 24, 2020

Products (1)

  • Cisco Identity Services Engine

Known Affected Releases

1.3(120.124) 2.2(0.470) 2.2(0.910) 2.3(0.298) 2.3(0.905) 2.4(0.357) 2.4(0.903) 2.5(0.159)

Description (partial)

Symptom:
Need ISE to Support aes256-ctr, aes256-ctr cipher for ISE as SSH client. Right now it only supports these  aes256-cbc, aes128-cbc, and 3des-cbc

Conditions:
Need ISE to Support aes-256-ctr, aes-256-ctr cipher for ISE as SSH client. Right now it only supports these  aes256-cbc, aes128-cbc, and 3des-cbc

Related Community Discussions

Cisco ISE 2.1 - SSH Server CBC Mode Ciphers Enabled
Hi,   After a Nessus scan, the report shows a vulnerability (Low) saying SSH Server CBC Mode Ciphers Enabled.   From other discussions, I can see two solutions, but both are for Cisco ISE 2.4 (and specific patches) and above: 1. service sshd encryption-mode ctr 2. service sshd encryption-algorithm aes128-ctr aes256-ctr   I have a Cisco ISE 2.1 implementation and my question is if there is any possibility to solve this vulnerability, since none of the commands above are acceptable...   Thank you for ...
Latest activity: Apr 15, 2020
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.