Preview Tool

Cisco Bug: CSCun41202 - Weak CBC mode and weak ciphers should be disabled in SSH server

Last Modified

Jun 09, 2020

Products (1)

  • Cisco Nexus 7000 Series Switches

Known Affected Releases

5.2(8g)S8 6.2(10)S102 6.2(13)S17 6.2(2)S27

Description (partial)

Symptom:SSH servers on Cisco Nexus devices may be flagged by security scanners due to the inclusion of SSH ciphers and HMAC algorithms that are considered to be weak.

These may be identified as 'SSH Server CBC Mode Ciphers Enabled' and 'SSH Server weak MAC Algorithms Enabled' or similar.

Conditions:This issue applies to Cisco Nexus 7000, Cisco Nexus 5000 and MDS 9000 series switches. SSH functionality is enabled by default in Cisco NX-OS. The current SSH server status is displayed using the show ssh server command.

Related Community Discussions

<key>CSCun41202</key> - Weak CBC mode and weak ciphers should be disabled in SSH server -Nexus 5k Version 7.1(5)N1(1)
Hello, does anyone know if new version is still using Weak CBC and Ciphers ? previous version 7.1(4)N1(1) is still using them.   Thank you
Latest activity: Aug 12, 2020
Bug details contain sensitive information and therefore require a account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.