Symptom
Cisco Nexus devices running Cisco NX-OS may be flagged by security scanners due to the inclusion of SSH Ciphers and HMAC algorithms that are
considered to be weak.
These may be identified as 'SSH Server CBC Mode Ciphers Enabled' and 'SSH Server weak MAC Algorithms Enabled' or similar. These are valid
findings and are not false positives.
Conditions
Cisco Nexus devices running an affected version of Cisco NX-OS software.
The NX-OS SSH is enabled
Further Problem Description
This defect was filed as an enhancement to have legacy weak Ciphers and MAC algorithms disabled in the product or to be user configurable, but
off by default.
PSIRT Evaluation
The Cisco PSIRT has evaluated this issue and does not meet the criteria for PSIRT ownership or involvement. This issue will be addressed via normal
resolution channels.
If you believe that there is new information that would cause a change in the severity of this issue, please contact psirt@cisco.com for another
evaluation.
Additional information on Cisco's security vulnerability policy can be found at the following URL:
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
