Customer is running Openshift on AHV and their Tenable Security Scan reported the following vulnerability on the Nutanix Cloud Controller Manager Deployment. 
https://www.tenable.com/plugins/nessus/42873 on port 10258 SSL Medium Strength Cipher Suites Supported (SWEET32)
The Nutanix Cloud Controller Manager deployment runs two pods and exposes port 10258 to the outside world. 
sh-4.4# netstat -ltnp|grep -w '10258'
tcp6       0      0 :::10258                :::*                    LISTEN      10176/nutanix-cloud
sh-4.4# ps aux|grep 10176
root       10176  0.0  0.2 1297832 59764 ?       Ssl  Feb15   4:40 /bin/nutanix-cloud-controller-manager --v=3 --cloud-provider=nutanix --cloud-config=/etc/cloud/nutanix_config.json --controllers=* --configure-cloud-routes=false --cluster-name=trulabs-8qmx4 --use-service-account-credentials=true --leader-elect=true --leader-elect-lease-duration=137s --leader-elect-renew-deadline=107s --leader-elect-retry-period=26s --leader-elect-resource-namespace=openshift-cloud-controller-manager
root     1403663  0.0  0.0   9216  1100 pts/0    S+   14:17   0:00 grep 10176


[centos@provisioner-trulabs-0-230518-065321 ~]$ oc get pods -A -o wide | grep nutanix
openshift-cloud-controller-manager                 nutanix-cloud-controller-manager-5c4cdbb9c-jnv7c            1/1     Running     0                4d18h   172.17.0.249   trulabs-8qmx4-master-1       <none>           <none>
openshift-cloud-controller-manager                 nutanix-cloud-controller-manager-5c4cdbb9c-vtrz5            1/1     Running     0                4d18h   172.17.0.121   trulabs-8qmx4-master-0       <none>           <none>


[centos@provisioner-trulabs-0-230518-065321 ~]$ oc describe pod -n openshift-cloud-controller-manager                 nutanix-cloud-controller-manager-5c4cdbb9c-jnv7c
Name:                 nutanix-cloud-controller-manager-5c4cdbb9c-jnv7c
Namespace:            openshift-cloud-controller-manager
Priority:             2000000000
Priority Class Name:  system-cluster-critical
Service Account:      cloud-controller-manager
Node:                 trulabs-8qmx4-master-1/172.17.0.249
Start Time:           Thu, 15 Feb 2024 19:24:52 +0000
Labels:               infrastructure.openshift.io/cloud-controller-manager=Nutanix
                      k8s-app=nutanix-cloud-controller-manager
                      pod-template-hash=5c4cdbb9c
Annotations:          operator.openshift.io/config-hash: b3e08acdcd983115fe7a2b94df296362b20c35db781c8eec572fbe24c3a7c6aa
Status:               Running
IP:                   172.17.0.249
IPs:
  IP:           172.17.0.249
Controlled By:  ReplicaSet/nutanix-cloud-controller-manager-5c4cdbb9c
Containers:
  cloud-controller-manager:
    Container ID:  cri-o://f5c0f39e1907093c9359aa2ac364c5bcd591918b06103f7955b30d350c730a8a
    Image:         quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:7f3e7b600d94d1ba0be1edb328ae2e32393acba819742ac3be5e6979a3dcbf4c
    Image ID:      quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:7f3e7b600d94d1ba0be1edb328ae2e32393acba819742ac3be5e6979a3dcbf4c
    Port:          10258/TCP
    Host Port:     10258/TCP
    Command:
      /bin/bash
      -c
      #!/bin/bash
      set -o allexport
      if [[ -f /etc/kubernetes/apiserver-url.env ]]; then
        source /etc/kubernetes/apiserver-url.env
      fi
      exec /bin/nutanix-cloud-controller-manager \
        --v=3 \
        --cloud-provider=nutanix \
        --cloud-config=/etc/cloud/nutanix_config.json \
        --controllers=* \
        --configure-cloud-routes=false \
        --cluster-name=$(OCP_INFRASTRUCTURE_NAME) \
        --use-service-account-credentials=true \
        --leader-elect=true \
        --leader-elect-lease-duration=137s \
        --leader-elect-renew-deadline=107s \
        --leader-elect-retry-period=26s \
        --leader-elect-resource-namespace=openshift-cloud-controller-manager

    State:          Running
      Started:      Thu, 15 Feb 2024 19:24:56 +0000
    Ready:          True
    Restart Count:  0
    Requests:
      cpu:     200m
      memory:  128Mi
    Environment:
      OCP_INFRASTRUCTURE_NAME:   trulabs-8qmx4
      NUTANIX_SECRET_NAMESPACE:  openshift-cloud-controller-manager
      NUTANIX_SECRET_NAME:       nutanix-credentials
      POD_NAMESPACE:             openshift-cloud-controller-manager (v1:metadata.namespace)
    Mounts:
      /etc/cloud from nutanix-config (ro)
      /etc/kubernetes from host-etc-kube (ro)
      /etc/pki/ca-trust/extracted/pem from trusted-ca (ro)
      /var/run/secrets/kubernetes.io/serviceaccount from kube-api-access-4ht28 (ro)
Conditions:
  Type              Status
  Initialized       True
  Ready             True
  ContainersReady   True
  PodScheduled      True
Volumes:
  nutanix-config:
    Type:      ConfigMap (a volume populated by a ConfigMap)
    Name:      cloud-conf
    Optional:  false
  trusted-ca:
    Type:      ConfigMap (a volume populated by a ConfigMap)
    Name:      ccm-trusted-ca
    Optional:  false
  host-etc-kube:
    Type:          HostPath (bare host directory volume)
    Path:          /etc/kubernetes
    HostPathType:  Directory
  kube-api-access-4ht28:
    Type:                    Projected (a volume that contains injected data from multiple sources)
    TokenExpirationSeconds:  3607
    ConfigMapName:           kube-root-ca.crt
    ConfigMapOptional:       <nil>
    DownwardAPI:             true
    ConfigMapName:           openshift-service-ca.crt
    ConfigMapOptional:       <nil>
QoS Class:                   Burstable
Node-Selectors:              node-role.kubernetes.io/master=
Tolerations:                 node-role.kubernetes.io/master:NoSchedule op=Exists
                             node.cloudprovider.kubernetes.io/uninitialized:NoSchedule op=Exists
                             node.kubernetes.io/memory-pressure:NoSchedule op=Exists
                             node.kubernetes.io/not-ready:NoExecute op=Exists for 120s
                             node.kubernetes.io/not-ready:NoSchedule op=Exists
                             node.kubernetes.io/unreachable:NoExecute op=Exists for 120s
Events:                      <none>


Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

    Name                          Code             KEX           Auth     Encryption             MAC
    ----------------------        ----------       ---           ----     ---------------------  ---
    ECDHE-RSA-DES-CBC3-SHA        0xC0, 0x12       ECDH          RSA      3DES-CBC(168)          SHA1
    DES-CBC3-SHA                  0x00, 0x0A       RSA           RSA      3DES-CBC(168)          SHA1

The fields above are :

  {Tenable ciphername}
  {Cipher ID code}
  Kex={key exchange}
  Auth={authentication}
  Encrypt={symmetric encryption method}
  MAC={message authentication code}
  {export flag}


[centos@provisioner-trulabs-0-230518-065321 ~]$ curl -v telnet://172.17.0.2:10258
* About to connect() to 172.17.0.2 port 10258 (#0)
*   Trying 172.17.0.2...
* Connected to 172.17.0.2 (172.17.0.2) port 10258 (#0)

The nutanix CCM manager pod running in the OCP cluster does not set the option "--tls-cipher-suites".

Run the below cli returns nothing.
$ oc describe pod -n openshift-cloud-controller-manager nutanix-cloud-controller-manager-... | grep "\--tls-cipher-suites"

   Expect the nutanix CCM manager deployment set the proper option "--tls-cipher-suites".