Solved: Weak SSL/TLS Key Exchange Vulnerability

mohammedalrawiib · ‎04-28-2024

hello

everybody i hope your doing well

i have asked this question many time i need your help in our network infrastructure we have cisco catalyst switch 9200 version 17.6

we have Qualys scan for vulnerability there is a certain vulnerability that wouldn't go away we have tried some of the solutions that the community suggested but with no avail we have tried the commands to disable or limit but nothing changed , after a while we noticed that only this switch have this problem we noticed the path is different so we took an image from the other c9200 that doesn't show the vulnerability in the scan took the image and installed after we scanned the same vulnerability remained anybody that have faced this issue ?

please don't suggest rebooting as we have tried also we used commands to disable that and we tried limiting it

Appreciate your support

mohammedalrawiib · ‎05-28-2024

Dears

after a while we changed the ssh port number (default is 22) to another port also we blocked 22 port then the vulnerability was removed this is the solution that we found if you have any other solution please let us know would be helpful.

best regards

View solution in original post

jamegill · ‎04-29-2024

Hey @mohammedalrawiib -

Sorry to hear about that problem with your Catalyst 9200 switch. This Security Analytics forum is focused on the Secure Network Analytics and related product lines. You are far more likely to recieve a helpful response if you ask in one of the forum areas specific to Catalyst switches. I might also suggest to include a better description of what Qualys reports the vulnerability as too.

--jg

mohammedalrawiib · ‎05-28-2024

Dears

after a while we changed the ssh port number (default is 22) to another port also we blocked 22 port then the vulnerability was removed this is the solution that we found if you have any other solution please let us know would be helpful.

best regards