CVE-2016-2183 detected for new install of 2.4 RC2

[ionTomorrow]

Version

2.4.5

Installation Method

Security Onion ISO image

Description

configuration

Installation Type

Standalone

Location

on-prem with Internet access

Hardware Specs

Meets minimum requirements

Network Traffic Collection

other (please provide detail below)

Network Traffic Speeds

1Gbps to 10Gbps

Status

Yes, all services on all nodes are running OK

Salt Status

No, there are no failures

Logs

No, there are no additional clues

Detail

Hi,

I have a fresh install of 2.4 RC2 and I scanned it with GVM. The scan detected CVE-2016-2183 for port 8220 (Fleet?) is using an outdated cipher.

Am I clear to disable this, or does anyone think its still necessary?

thanks

Guidelines

• I have read the above statement and can confirm my post is relevant to Security Onion 2.4.

[ionTomorrow]

Screen capture for GVM result:

[defensivedepth]

I believe this was something Elastic was fixing.

Created the following issue to track this: #11145