| Vuln ID | Severity | Asset | STIG | Title | Status | Doc Status | Assigned To | Actions |
|---|---|---|---|---|---|---|---|---|
| V-215807 | CAT II | MONTPOINTGTWYRTR | Cisco IOS XE Router NDM Security Technic... | The Cisco router must be configured to limit the n... | - | |||
Check TextNote: This requirement is not applicable to file transfer actions such as FTP, SCP, and SFTP. Review the router configuration to determine if concurrent management sessions are limited as shown in the example below: ip http secure-server ip http max-connections 2 … … … For platforms that support the session-limit command: line vty 0 4 session-limit 2 transport input ssh For those platforms that do not support the session-limit command, the sessions can also be limited by reducing the number of active vty lines as shown in the example below. line vty 0 1 transport input ssh line vty 2 4 transport input none If the router is not configured to limit the number of concurrent management sessions, this is a finding. Fix TextConfigure the router to limit the number of concurrent management sessions to an organization-defined number as shown in the example below. R4(config)#ip http max-connections 2 R4(config)#line vty 0 1 R4(config-line)#transport input ssh R4(config-line)#exit R4(config)#line vty 2 4 R4(config-line)# transport input none R4(config-line)#end To configure session limiting, use the example below. R4(config)#line vty 0 4 R4(config-line)#session-limit 2 R4(config-line)#transport input ssh Finding DetailsEvaluate-STIG 1.2507.5 (Scan-CiscoXERouterNDM_Checks) found this to be OPEN on 10/23/2025 ResultHash: B8F2A604E2162488415B37981572E5251E977016 ~~~~~ IP Http Server Settings: http\https servers are disabled, https requirements are not applicable no ip http server no ip http secure-server line vty 0 4 transport input ssh session-limit 3
Source: _Reviewed/MONTPOINTGTWYRTR/Checklist/MONTPOINTGTWYRTR_CiscoXERtrNDM_V3R5_20251023-150045.ckl
Scan Date: 2026-01-14T12:57:25.013310
Technology Area: Internal Network
|
||||||||