Documentation Center
AlienVault® USM Appliance™

Why Can't I Scan My Cisco Catalyst 2960-S, 2960-X/XR Switches?

Version: 5.x
Deployment: All deployments

At the moment, it is not possible to run a vulnerability scan over the Cisco Catalyst 2960 series of switches as they are not compatible with the ciphers used by AlienVault USM Appliance in vulnerability scans.

The Cisco Catalyst 2960 series of switches currently uses a CBC cipher and it seems that a non-CBC cipher is not going to be added to that product, as it has been declared end of life by Cisco. While SSLv3 and all CBC ciphers were disabled in v4.12.1 of USM Appliance to prevent exploitation of the "POODLE” Vulnerability (CVE-2014-3566), these ciphers were completely disabled throughout the product. That makes AlienVault USM Appliance and the Cisco Catalyst 2960 series of switches incompatible for secure communication now.

AlienVault is investigating different options to enable backward compatibility for devices that only support CBC ciphers. However, as we must consider the security and stability of USM Appliance first, we are evaluating all possible scenarios and expect the review to take some time. The final decision and any related timelines will be communicated as soon as possible.

EOL statement and timelines from Cisco: http://www.cisco.com/c/en/us/products/collateral/switches/catalyst-2960-x-series-switches/eos-eol-notice-c51-736509.html