Guest

Preview Tool

Cisco Bug: CSCvh58232 - CVOS: Disable CBC Ciphers in SSHD

Last Modified

Jul 01, 2019

Products (1)

  • Cisco Finesse

Known Affected Releases

11.6(1)

Description (partial)

Symptom:
This is a modification on the product to adopt new secure code best practices to enhance 
the security posture and resiliency of the Cisco SocialMiner.

The OpenSSH server is configured to support Cipher Block Chaining (CBC) encryption. These
ciphers are considered weak and should be removed or made configurable if possible.

The following client-to-server Cipher Block Chaining (CBC) algorithms are supported:

3des-cbc
aes128-cbc
aes192-cbc
aes256-cbc
blowfish-cbc
cast128-cbc
rijndael-cbc@lysator.liu.se

The following server-to-client Cipher Block Chaining (CBC) algorithms are supported:

3des-cbc
aes128-cbc
aes192-cbc
aes256-cbc
blowfish-cbc
cast128-cbc
rijndael-cbc@lysator.liu.se

Conditions:
Device configured with default configuration.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.