Cisco Bug: CSCun41202 - Weak CBC mode and weak ciphers should be disabled in SSH server
Jun 09, 2020
- Cisco Nexus 7000 Series Switches
Known Affected Releases
5.2(8g)S8 6.2(10)S102 6.2(13)S17 6.2(2)S27
Symptom:SSH servers on Cisco Nexus devices may be flagged by security scanners due to the inclusion of SSH ciphers and HMAC algorithms that are considered to be weak. These may be identified as 'SSH Server CBC Mode Ciphers Enabled' and 'SSH Server weak MAC Algorithms Enabled' or similar. Conditions:This issue applies to Cisco Nexus 7000, Cisco Nexus 5000 and MDS 9000 series switches. SSH functionality is enabled by default in Cisco NX-OS. The current SSH server status is displayed using the show ssh server command.
Related Community Discussions
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases