Security team has identified a below vulnerability
Name:
-----
Birthday attacks against TLS ciphers with 64bit block size vulnerability (Sweet32)
Port No's:
----------
14012
14013
14014
CVE-ID:
-------
CVE-2016-2183
Threat
------
"Legacy block ciphers having block size of 64 bits are vulnerable to a practical collision attack when used in CBC mode.
All versions of SSL/TLS protocol support cipher suites which use DES, 3DES, IDEA or RC2 as the symmetric encryption cipher are affected.
Note: This CVE is patched at following versions
OPENSSL-0.9.8J-0.102.2
LIBOPENSSL0_9_8-0.9.8J-0.102.2
LIBOPENSSL0_9_8-32BIT-0.9.8J-0.102.2
OPENSSL1-1.0.1G-0.52.1
OPENSSL1-DOC-1.0.1G-0.52.1
LIBOPENSSL1_0_0-1.0.1G-0.52.1
LIBOPENSSL1-DEVEL-1.0.1G-0.52.1
JAVA-1_6_0-IBM-1.6.0_SR16.41-81.1"
Impact
-------
Remote attackers can obtain cleartext data via a birthday attack against a long-duration encrypted session.
Recommendation by Tool
----------------------
"Disable and stop using DES, 3DES, IDEA or RC2 ciphers.
More information can be found at Microsoft Windows TLS changes docs (https://docs.microsoft.com/en-us/windows-server/security/tls/tls-schannel-ssp-changes-in-windows-10-and-windows-server) and Microsoft Transport Layer Security (TLS) registry settings (https://docs.microsoft.com/en-us/windows-server/security/tls/tls-registry-settings)"
Release : 10.4
Component : Spectrum Core / SpectroSERVER
This is caused by improperly configured CORBA files or a policy that blocks anonymous ciphers.
Currently, we can't restrict the cipher suites for secure CORBA ports.
This vulnerability will be addressed as part of feature request F83485 (in NetOps 21.2.1)
If the client is not specifically using secure corba they can disable it which will stop the ports from being bound.
https://knowledge.broadcom.com/external/article/112340/how-disable-secure-corba-after-seeing-po.html
How to disable Secure CORBA after seeing ports in a vulnerability scan (broadcom.com)