our internal audit-team found a few protocol warnings inside the communication between our NetSight server and a few NAC-enabled switches (The firewall generated alarms).
I think that these warnings are generated, when the identity-management sends out information to the NetSight via the xmlc-configuration.
The threat-id says, that NetSight is using TLS1.0 with CBC which is vulnerable to the Poodle attack.
Now the question: Is there a way to influence, which cipher-suites for TLS-connections are accepted, as well in the EXOS as on the NetSight server?
Are there maybe patches? - EXOS is 220.127.116.11-patch6 on the most devices.