netadmin007
asked on
How to Hide Version Disclosures for Cisco Switches ?
Dear Experts,
I am using Cisco switches, and I have found that version disclosures is a vulnerability, I want to hide it. one screenshot is attached for reference.
could you please help how to hide it ?
thanks
I am using Cisco switches, and I have found that version disclosures is a vulnerability, I want to hide it. one screenshot is attached for reference.
could you please help how to hide it ?
thanks
not sure what you mean? sh ver?
ASKER
Dear SIM,
When any user will do any kind of troubleshooting, version of IOS should not display to any user.
When any user will do any kind of troubleshooting, version of IOS should not display to any user.
Knowing an IOS version is helpful during a troubleshooting process... I do understand your security concern but perhaps users shouldn't do switch troubleshooting. It's a task better suited for network engineers.
dont think there is command to disable version showing but maybe can set privilege to the command to restrict to user who can run @ http://www.cisco.com/c/en/us/support/docs/security-vpn/terminal-access-controller-access-control-system-tacacs-/23383-showrun.html#priv
Hi There,
Kindly elaborate on the below:
When any user will do any kind of troubleshooting, version of IOS should not display to any user
Are you referring to you own network team as users?
Ideally, the version know how is important for troubleshooting purposes and raising TAC's with the vendor.
However, to restrict the same you could use the concept of ROLE BASED CLI ACCESS using PARSER views.
Refer the below link for better insights:
http://mitigationlog.com/cisco-router-role-based-cli-access/
Kindly elaborate on the below:
When any user will do any kind of troubleshooting, version of IOS should not display to any user
Are you referring to you own network team as users?
Ideally, the version know how is important for troubleshooting purposes and raising TAC's with the vendor.
However, to restrict the same you could use the concept of ROLE BASED CLI ACCESS using PARSER views.
Refer the below link for better insights:
http://mitigationlog.com/cisco-router-role-based-cli-access/
ASKER
Dear Ian,
Actually this is our VAPT team findings, i think they use KALI software to telnet/ssh and found the version is disclosed ?
I want to hide it from hackers, how could be internal or external hacker.
Actually this is our VAPT team findings, i think they use KALI software to telnet/ssh and found the version is disclosed ?
I want to hide it from hackers, how could be internal or external hacker.
Hi There,
Ideally the description of the Vulnerability and its significance is captured in the vulnerability report.
Kindly update if the VAPT report was shared.
Ideally the description of the Vulnerability and its significance is captured in the vulnerability report.
Kindly update if the VAPT report was shared.
The report will include recommendations and risk level.
ASKER
Dear Ian/btan,
VAPT report is as given below but recommendation for cisco devices is not clear and when I asked to VAPT team how to close it, they don't have idea and will check if they can help.
Version Disclosure
SEVERITY
LOW
EASE OF EXPLOITATION
DIFFICULT
AFFECTED IP
192.168.12.19:22
ANALYSIS
It was observed that the remote host leaked their version in the response.
IMPACT
After obtaining detailed version information, an attacker might use the disclosed information to harvest specific security vulnerabilities for the version identified. Also, this information could prove beneficial to fingerprint other underlying components and aid the attacker to carry out sophisticated targeted attacks related to that product or version.
REFERENCE
Information Leakage
http://projects.webappsec.org/Information-Leakage
Fingerprinting
http://projects.webappsec.org/Fingerprinting
version-disclosure.png
VAPT report is as given below but recommendation for cisco devices is not clear and when I asked to VAPT team how to close it, they don't have idea and will check if they can help.
Version Disclosure
SEVERITY
LOW
EASE OF EXPLOITATION
DIFFICULT
AFFECTED IP
192.168.12.19:22
ANALYSIS
It was observed that the remote host leaked their version in the response.
IMPACT
After obtaining detailed version information, an attacker might use the disclosed information to harvest specific security vulnerabilities for the version identified. Also, this information could prove beneficial to fingerprint other underlying components and aid the attacker to carry out sophisticated targeted attacks related to that product or version.
REFERENCE
Information Leakage
http://projects.webappsec.org/Information-Leakage
Fingerprinting
http://projects.webappsec.org/Fingerprinting
version-disclosure.png
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
thanks