Cisco Bug: CSCvh58232 - CVOS: Disable CBC Ciphers in SSHD
Jul 01, 2019
- Cisco Finesse
Known Affected Releases
Symptom: This is a modification on the product to adopt new secure code best practices to enhance the security posture and resiliency of the Cisco SocialMiner. The OpenSSH server is configured to support Cipher Block Chaining (CBC) encryption. These ciphers are considered weak and should be removed or made configurable if possible. The following client-to-server Cipher Block Chaining (CBC) algorithms are supported: 3des-cbc aes128-cbc aes192-cbc aes256-cbc blowfish-cbc cast128-cbc firstname.lastname@example.org The following server-to-client Cipher Block Chaining (CBC) algorithms are supported: 3des-cbc aes128-cbc aes192-cbc aes256-cbc blowfish-cbc cast128-cbc email@example.com Conditions: Device configured with default configuration.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases