0% found this document useful (0 votes)

189 views87 pages

Vulnerabilities in The Main Repo

The document reports on vulnerabilities found across multiple assets in an organization's IT infrastructure. It provides a summary of vulnerabilities by critical asset, ranked by vulnerability severity and asset criticality rating. For each high-risk asset, it lists attributes like IP address and operating system, and vulnerabilities detected with details on plugin ID, name, severity, and description. The most critical asset is server sc5.javaafrica.local with 5 vulnerabilities detected.

Uploaded by

nyakundidianan

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

189 views87 pages

Vulnerabilities in The Main Repo

Uploaded by

nyakundidianan

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

You are on page 1/ 87

Vulnerabilities in the main Repo

March 19, 2024 at 07:54 (UTC)

techmaxkenya.com-3855

Confidential: The following report contains sensitive security information about the organization’s IT infrastructure. Refer to
your company’s policy regarding data classification and handling of sensitive information.
Table of Contents
Host Findings Vulnerability Details by Asset ......................................................................... 3

192.168.3.69 ...................................................................................................................................................................... 4
sc5.javaafrica.local .......................................................................................................................................................... 6
192.168.3.70 .................................................................................................................................................................... 13
192.168.3.115 .................................................................................................................................................................... 21
192.168.3.65 .................................................................................................................................................................... 26
192.168.3.78 .................................................................................................................................................................... 33
gateway ......................................................................................................................................................................... 40
192.168.3.135 .................................................................................................................................................................. 44
desktop-syl-tmx ............................................................................................................................................................. 52
192.168.3.80 .................................................................................................................................................................... 54
192.168.3.116 .................................................................................................................................................................... 61
192.168.3.60 .................................................................................................................................................................... 68
TECHMAX-PC ................................................................................................................................................................. 74
192.168.3.179 ................................................................................................................................................................... 80

Vulnerabilities in the main Repo

Page 2 of 87
Host Findings Vulnerability Details by Asset
The Host Findings Vulnerability Details by Asset Chapter provides a summary of the most vulnerable assets that were selected
for the report from the Explore > Findings > Host tab. This matrix presents vulnerability counts in relation to the Asset Criticality
Rating (ACR) and the CVSSv3 score of the vulnerability record. Tenable automatically assigns ACR values up to 8, based on a
multitude of factors, such as services and installed software. Customers are encouraged to set their own criticality scores. The
values of 9 and 10 are reserved for customer use to indicate the most critical assets in the environment. Following the matrix are
details on all the selected assets sorted by ACR. For each asset, a list of asset attributes are provided along with vulnerability
records (sorted by the CVSSv3 base score). This report can include vulnerability information for up to 10,000 findings.

Asset Based Risk Analysis using CVSS and ACR

Vulnerabilities in the main Repo

Page 3 of 87
192.168.3.69
Asset ID 3995edf3-5155-43f2-8c10-ed112a34f18d
First Value of Asset Name 192.168.3.69
First Value of Asset Acr Score
Count 1
All Values of Severity 0/0/1/0/0

Asset Details

DNS (FQDN) AES ACR First Seen Last Seen

2024-03-19 05:34 2024-03-19 06:11
IPv4 Address:
192.168.3.69
Finding ID:
3995edf3-5155-43f2-8c10-ed112a34f18d
Last Licensed Scan:
2024-03-19 06:09
Source:

- NESSUS_SCAN

Operating System (WAS):

Linux Kernel 2.6
MAC Address:
00:0c:29:e5:dd:9d
Installed Software:

- cpe:/a:openbsd:openssh:8.7

Vulnerabilities Detected

Plugin ID Plugin Name Severity Port VPR

51192 SSL Certificate Cannot Be Trusted Medium 3443
First Seen:
2024-03-19 06:09
Last Seen:
2024-03-19 06:09
Synopsis:
The SSL certificate for this service cannot be trusted.

Vulnerabilities in the main Repo

Page 4 of 87
Plugin Description:
The server's X.509 certificate cannot be trusted. This situation can occur in three different ways, in which the chain of trust can be broken, as stated
below :

- First, the top of the certificate chain sent by the server might not be descended from a known public certificate authority. This can occur either
when the top of the chain is an unrecognized, self-signed certificate, or when intermediate certificates are missing that would connect the top of the
certificate chain to a known public certificate authority.

- Second, the certificate chain may contain a certificate that is not valid at the time of the scan. This can occur either when the scan occurs before
one of the certificate's 'notBefore' dates, or after one of the certificate's 'notAfter' dates.

- Third, the certificate chain may contain a signature that either didn't match the certificate's information or could not be verified. Bad signatures can
be fixed by getting the certificate with the bad signature to be re-signed by its issuer. Signatures that could not be verified are the result of the
certificate's issuer using a signing algorithm that Nessus either does not support or does not recognize.

If the remote host is a public host in production, any break in the chain makes it more difficult for users to verify the authenticity and identity of the
web server. This could make it easier to carry out man-in-the-middle attacks against the remote host.
Solution:
Purchase or generate a proper SSL certificate for this service.
See Also:

- https://www.itu.int/rec/T-REC-X.509/en
- https://en.wikipedia.org/wiki/X.509

Exploited By Malware:
false
CVSSv3 Base Score:
6.5
CVSSv3 Vector:
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
CVSSv2 Base Score:
6.4
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:N
CPE:
[]
Reference Information:
[]
Protocol:
TCP
Plugin Family:
General
Plugin Modification Date:
2020-04-27
Plugin Output:

The following certificate was at the top of the certificate

chain sent by the remote host, but it is signed by an unknown
certificate authority :

|-Subject : O=Acunetix Ltd/OU=Acunetix Web Vulnerability Scanner/CN=192.168.3.69

|-Issuer : O=Acunetix Ltd./OU=Acunetix WVS/CN=Acunetix WVS Root Authority (QMhjG)

Vulnerabilities in the main Repo

Page 5 of 87
sc5.javaafrica.local
Asset ID 49c74630-3e07-4082-bae2-1be82c1918ef
First Value of Asset Name sc5.javaafrica.local
First Value of Asset Acr Score
Count 5
All Values of Severity 1/0/2/2/0

Asset Details

DNS (FQDN) AES ACR First Seen Last Seen

sc5.javaafrica.local 2024-03-19 05:34 2024-03-19 06:11
IPv4 Address:
192.168.3.67
IPv6 Address:
fe80:0:0:0:5b80:bcb6:44fa:e8a7
Finding ID:
49c74630-3e07-4082-bae2-1be82c1918ef
Last Licensed Scan:
2024-03-19 05:41
Last Authenticated Scan:
2024-03-19 05:41
Source:

- NESSUS_SCAN

Operating System (WAS):

Linux Kernel 3.10.0-1160.el7.x86_64 on CentOS Linux release 8.5.2111
MAC Address:
00:0c:29:3c:aa:7f
BIOS ID:
5c944d56-e2e6-dc34-f261-4983ee3caa7f
Installed Software:

- cpe:/a:gnupg:libgcrypt:1.5.3
- cpe:/a:haxx:curl:7.29.0
- cpe:/a:haxx:libcurl:7.29.0
- cpe:/a:openbsd:openssh:7.4
- cpe:/a:openssl:openssl:1.0.2k
- cpe:/a:openssl:openssl:3.0.13
- cpe:/a:sqlite:sqlite:3.7.17
- cpe:/a:tenable:nessus:10.7.1
- cpe:/a:vmware:open_vm_tools:11.0.5

Vulnerabilities Detected

Plugin ID Plugin Name Severity Port VPR

Vulnerabilities in the main Repo

Page 6 of 87
33850 Unix Operating System Unsupported Version Detection Critical 0
First Seen:
2024-03-19 05:41
Last Seen:
2024-03-19 05:41
Synopsis:
The operating system running on the remote host is no longer supported.
Plugin Description:
According to its self-reported version number, the Unix operating system running on the remote host is no longer supported.

Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it is likely to contain security
vulnerabilities.
Solution:
Upgrade to a version of the Unix operating system that is currently supported.
See Also:
[]
Exploited By Malware:
false
CVSSv3 Base Score:
10.0
CVSSv3 Vector:
AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
CVSSv2 Base Score:
10.0
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C
CPE:
[]
Reference Information:
Type Ids
IAVA 0001-A-0502, 0001-A-0648

Protocol:
TCP
Plugin Family:
General
Plugin Modification Date:
2024-03-14
Plugin Output:

CentOS Linux release 8 support ended on 2021-12-31.

Upgrade to CentOS Stream / 7.

For more information, see : http://www.nessus.org/u?b549f616

Plugin ID Plugin Name Severity Port VPR

51192 SSL Certificate Cannot Be Trusted Medium 8834
First Seen:
2024-03-19 05:41
Last Seen:
2024-03-19 05:41
Synopsis:
The SSL certificate for this service cannot be trusted.

Vulnerabilities in the main Repo

Page 7 of 87
Plugin Description:
The server's X.509 certificate cannot be trusted. This situation can occur in three different ways, in which the chain of trust can be broken, as stated
below :

- https://www.itu.int/rec/T-REC-X.509/en
- https://en.wikipedia.org/wiki/X.509

The following certificate was at the top of the certificate

chain sent by the remote host, but it is signed by an unknown
certificate authority :

|-Subject : O=Nessus Users United/OU=Nessus Server/L=New York/C=US/ST=NY/CN=sc5.javaafrica.local

|-Issuer : O=Nessus Users United/OU=Nessus Certification Authority/L=New York/C=US/ST=NY/CN=Nessus Certification Authority

Plugin ID Plugin Name Severity Port VPR

187315 SSH Terrapin Prefix Truncation Weakness (CVE-2023-48795) Medium 22 6.7
First Seen:
2024-03-19 05:41
Last Seen:
2024-03-19 05:41

Vulnerabilities in the main Repo

Page 8 of 87
Synopsis:
The remote SSH server is vulnerable to a mitm prefix truncation attack.
Plugin Description:
The remote SSH server is vulnerable to a man-in-the-middle prefix truncation weakness known as Terrapin. This can allow a remote, man-in-the-
middle attacker to bypass integrity checks and downgrade the connection's security.

Note that this plugin only checks for remote SSH servers that support either ChaCha20-Poly1305 or CBC with Encrypt-then-MAC and do not support
the strict key exchange countermeasures. It does not check for vulnerable software versions.
Solution:
Contact the vendor for an update with the strict key exchange countermeasures or disable the affected algorithms.
See Also:

- https://terrapin-attack.com/

Exploitability Ease:
AVAILABLE
Exploited By Malware:
false
CVSSv3 Base Score:
5.9
CVSSv3 Vector:
AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
CVSSv2 Base Score:
5.4
CVSSv2 Vector:
AV:N/AC:H/Au:N/C:N/I:C/A:N
CVE:

- CVE-2023-48795

CPE:

- cpe:/a:openbsd:openssh

Reference Information:
Type Ids
CVE CVE-2023-48795

Protocol:
TCP
Plugin Family:
Misc.
Patch Published:
2023-12-18
Plugin Modification Date:
2024-01-29

Vulnerabilities in the main Repo

Page 9 of 87
Plugin Output:
Supports following ChaCha20-Poly1305 Client to Server algorithm : [email protected]
Supports following CBC Client to Server algorithm : aes192-cbc
Supports following CBC Client to Server algorithm : aes256-cbc
Supports following CBC Client to Server algorithm : blowfish-cbc
Supports following CBC Client to Server algorithm : cast128-cbc
Supports following CBC Client to Server algorithm : 3des-cbc
Supports following CBC Client to Server algorithm : aes128-cbc
Supports following Encrypt-then-MAC Client to Server algorithm : [email protected]
Supports following Encrypt-then-MAC Client to Server algorithm : [email protected]
Supports following Encrypt-then-MAC Client to Server algorithm : [email protected]
Supports following Encrypt-then-MAC Client to Server algorithm : [email protected]
Supports following Encrypt-then-MAC Client to Server algorithm : [email protected]
Supports following ChaCha20-Poly1305 Server to Client algorithm : [email protected]
Supports following CBC Server to Client algorithm : aes192-cbc
Supports following CBC Server to Client algorithm : aes256-cbc
Supports following CBC Server to Client algorithm : blowfish-cbc
Supports following CBC Server to Client algorithm : cast128-cbc
Supports following CBC Server to Client algorithm : 3des-cbc
Supports following CBC Server to Client algorithm : aes128-cbc
Supports following Encrypt-then-MAC Server to Client algorithm : [email protected]
Supports following Encrypt-then-MAC Server to Client algorithm : [email protected]
Supports following Encrypt-then-MAC Server to Client algorithm : [email protected]
Supports following Encrypt-then-MAC Server to Client algorithm : [email protected]
Supports following Encrypt-then-MAC Server to Client algorithm : [email protected]

Plugin ID Plugin Name Severity Port VPR

153953 SSH Weak Key Exchange Algorithms Enabled Low 22
First Seen:
2024-03-19 05:41
Last Seen:
2024-03-19 05:41
Synopsis:
The remote SSH server is configured to allow weak key exchange algorithms.
Plugin Description:
The remote SSH server is configured to allow key exchange algorithms which are considered weak.

This is based on the IETF draft document Key Exchange (KEX) Method Updates and Recommendations for Secure Shell (SSH) draft-ietf-curdle-ssh-
kex-sha2-20. Section 4 lists guidance on key exchange algorithms that SHOULD NOT and MUST NOT be enabled. This includes:

diffie-hellman-group-exchange-sha1

diffie-hellman-group1-sha1

gss-gex-sha1-*

gss-group1-sha1-*

gss-group14-sha1-*

rsa1024-sha1

Note that this plugin only checks for the options of the SSH server, and it does not check for vulnerable software versions.
Solution:
Contact the vendor or consult product documentation to disable the weak algorithms.
See Also:

- https://datatracker.ietf.org/doc/html/rfc9142

Exploited By Malware:
false
CVSSv3 Base Score:
3.7

Vulnerabilities in the main Repo

Page 10 of 87
CVSSv3 Vector:
AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
CVSSv2 Base Score:
2.6
CVSSv2 Vector:
AV:N/AC:H/Au:N/C:P/I:N/A:N
CPE:
[]
Reference Information:
[]
Protocol:
TCP
Plugin Family:
Misc.
Plugin Modification Date:
2024-03-14
Plugin Output:

The following weak key exchange algorithms are enabled :

diffie-hellman-group-exchange-sha1
diffie-hellman-group1-sha1

Plugin ID Plugin Name Severity Port VPR

70658 SSH Server CBC Mode Ciphers Enabled Low 22 3.6
First Seen:
2024-03-19 05:41
Last Seen:
2024-03-19 05:41
Synopsis:
The SSH server is configured to use Cipher Block Chaining.
Plugin Description:
The SSH server is configured to support Cipher Block Chaining (CBC) encryption. This may allow an attacker to recover the plaintext message from the
ciphertext.

Note that this plugin only checks for the options of the SSH server and does not check for vulnerable software versions.
Solution:
Contact the vendor or consult product documentation to disable CBC mode cipher encryption, and enable CTR or GCM cipher mode encryption.
See Also:
[]
Exploitability Ease:
NOT_AVAILABLE
Exploited By Malware:
false
CVSSv3 Base Score:
3.7
CVSSv3 Vector:
AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
CVSSv2 Base Score:
2.6
CVSSv2 Vector:
AV:N/AC:H/Au:N/C:P/I:N/A:N
CVE:

- CVE-2008-5161

Vulnerabilities in the main Repo

Page 11 of 87
CPE:

- cpe:/a:ssh:ssh

Reference Information:
Type Ids
BUGTRAQ 32319
CERT 958563
CVE CVE-2008-5161
CWE 200

Protocol:
TCP
Plugin Family:
Misc.
Plugin Modification Date:
2023-10-27
Plugin Output:

The following client-to-server Cipher Block Chaining (CBC) algorithms

are supported :

3des-cbc
aes128-cbc
aes192-cbc
aes256-cbc
blowfish-cbc
cast128-cbc

The following server-to-client Cipher Block Chaining (CBC) algorithms

are supported :

3des-cbc
aes128-cbc
aes192-cbc
aes256-cbc
blowfish-cbc
cast128-cbc

Vulnerabilities in the main Repo

Page 12 of 87
192.168.3.70
Asset ID 4da58de7-f23e-40dd-b86a-5ddbd12faff8
First Value of Asset Name 192.168.3.70
First Value of Asset Acr Score
Count 6
All Values of Severity 0/0/4/2/0

Asset Details

DNS (FQDN) AES ACR First Seen Last Seen

2024-03-19 05:34 2024-03-19 06:11
IPv4 Address:
192.168.3.70
Finding ID:
4da58de7-f23e-40dd-b86a-5ddbd12faff8
Last Licensed Scan:
2024-03-19 06:09
Source:

- NESSUS_SCAN

Operating System (WAS):

CentOS Linux 7 Linux Kernel 3.10
MAC Address:
00:0c:29:6f:56:f6
Installed Software:

- cpe:/a:openbsd:openssh:7.4

Vulnerabilities Detected

Plugin ID Plugin Name Severity Port VPR

57582 SSL Self-Signed Certificate Medium 443
First Seen:
2024-03-19 06:09
Last Seen:
2024-03-19 06:09
Synopsis:
The SSL certificate chain for this service ends in an unrecognized self-signed certificate.
Plugin Description:
The X.509 certificate chain for this service is not signed by a recognized certificate authority. If the remote host is a public host in production, this
nullifies the use of SSL as anyone could establish a man-in-the-middle attack against the remote host.

Vulnerabilities in the main Repo

Page 13 of 87
See Also:
[]
Exploited By Malware:
false
CVSSv3 Base Score:
6.5
CVSSv3 Vector:
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
CVSSv2 Base Score:
6.4
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:N
CPE:
[]
Reference Information:
[]
Protocol:
TCP
Plugin Family:
General
Plugin Modification Date:
2022-06-14
Plugin Output:

The following certificate was found at the top of the certificate

chain sent by the remote host, but is self-signed and was not
found in the list of known certificate authorities :

|-Subject : C=US/ST=Maryland/L=Columbia/O=Tenable, Inc./OU=INSECURE Certificate Authority for Tenable, Inc./CN=TenableCA (cb)

Plugin ID Plugin Name Severity Port VPR

51192 SSL Certificate Cannot Be Trusted Medium 8834
First Seen:
2024-03-19 06:09
Last Seen:
2024-03-19 06:09
Synopsis:
The SSL certificate for this service cannot be trusted.
Plugin Description:
The server's X.509 certificate cannot be trusted. This situation can occur in three different ways, in which the chain of trust can be broken, as stated
below :

Vulnerabilities in the main Repo

Page 14 of 87
See Also:

- https://www.itu.int/rec/T-REC-X.509/en
- https://en.wikipedia.org/wiki/X.509

The following certificate was at the top of the certificate

chain sent by the remote host, but it is signed by an unknown
certificate authority :

|-Subject : O=Nessus Users United/OU=Nessus Server/L=New York/C=US/ST=NY/CN=sc5.javaafrica.local

|-Issuer : O=Nessus Users United/OU=Nessus Certification Authority/L=New York/C=US/ST=NY/CN=Nessus Certification Authority

Plugin ID Plugin Name Severity Port VPR

51192 SSL Certificate Cannot Be Trusted Medium 443
First Seen:
2024-03-19 06:09
Last Seen:
2024-03-19 06:09
Synopsis:
The SSL certificate for this service cannot be trusted.
Plugin Description:
The server's X.509 certificate cannot be trusted. This situation can occur in three different ways, in which the chain of trust can be broken, as stated
below :

Vulnerabilities in the main Repo

Page 15 of 87
Solution:
Purchase or generate a proper SSL certificate for this service.
See Also:

- https://www.itu.int/rec/T-REC-X.509/en
- https://en.wikipedia.org/wiki/X.509

The following certificate was at the top of the certificate

chain sent by the remote host, but it is signed by an unknown
certificate authority :

|-Subject : C=US/ST=Maryland/L=Columbia/O=Tenable, Inc./OU=INSECURE Certificate Authority for Tenable, Inc./CN=TenableCA (cb)

|-Issuer : C=US/ST=Maryland/L=Columbia/O=Tenable, Inc./OU=INSECURE Certificate Authority for Tenable, Inc./CN=TenableCA (cb)

Plugin ID Plugin Name Severity Port VPR

187315 SSH Terrapin Prefix Truncation Weakness (CVE-2023-48795) Medium 22 6.7
First Seen:
2024-03-19 06:09
Last Seen:
2024-03-19 06:09
Synopsis:
The remote SSH server is vulnerable to a mitm prefix truncation attack.
Plugin Description:
The remote SSH server is vulnerable to a man-in-the-middle prefix truncation weakness known as Terrapin. This can allow a remote, man-in-the-
middle attacker to bypass integrity checks and downgrade the connection's security.

- https://terrapin-attack.com/

Vulnerabilities in the main Repo

Page 16 of 87
Exploitability Ease:
AVAILABLE
Exploited By Malware:
false
CVSSv3 Base Score:
5.9
CVSSv3 Vector:
AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
CVSSv2 Base Score:
5.4
CVSSv2 Vector:
AV:N/AC:H/Au:N/C:N/I:C/A:N
CVE:

- CVE-2023-48795

CPE:

- cpe:/a:openbsd:openssh

Reference Information:
Type Ids
CVE CVE-2023-48795

Protocol:
TCP
Plugin Family:
Misc.
Patch Published:
2023-12-18
Plugin Modification Date:
2024-01-29
Plugin Output:
Supports following ChaCha20-Poly1305 Client to Server algorithm : [email protected]
Supports following CBC Client to Server algorithm : aes192-cbc
Supports following CBC Client to Server algorithm : aes256-cbc
Supports following CBC Client to Server algorithm : blowfish-cbc
Supports following CBC Client to Server algorithm : cast128-cbc
Supports following CBC Client to Server algorithm : 3des-cbc
Supports following CBC Client to Server algorithm : aes128-cbc
Supports following Encrypt-then-MAC Client to Server algorithm : [email protected]
Supports following Encrypt-then-MAC Client to Server algorithm : [email protected]
Supports following Encrypt-then-MAC Client to Server algorithm : [email protected]
Supports following Encrypt-then-MAC Client to Server algorithm : [email protected]
Supports following Encrypt-then-MAC Client to Server algorithm : [email protected]
Supports following ChaCha20-Poly1305 Server to Client algorithm : [email protected]
Supports following CBC Server to Client algorithm : aes192-cbc
Supports following CBC Server to Client algorithm : aes256-cbc
Supports following CBC Server to Client algorithm : blowfish-cbc
Supports following CBC Server to Client algorithm : cast128-cbc
Supports following CBC Server to Client algorithm : 3des-cbc
Supports following CBC Server to Client algorithm : aes128-cbc
Supports following Encrypt-then-MAC Server to Client algorithm : [email protected]
Supports following Encrypt-then-MAC Server to Client algorithm : [email protected]
Supports following Encrypt-then-MAC Server to Client algorithm : [email protected]
Supports following Encrypt-then-MAC Server to Client algorithm : [email protected]
Supports following Encrypt-then-MAC Server to Client algorithm : [email protected]

Plugin ID Plugin Name Severity Port VPR

153953 SSH Weak Key Exchange Algorithms Enabled Low 22

Vulnerabilities in the main Repo

Page 17 of 87
First Seen:
2024-03-19 06:09
Last Seen:
2024-03-19 06:09
Synopsis:
The remote SSH server is configured to allow weak key exchange algorithms.
Plugin Description:
The remote SSH server is configured to allow key exchange algorithms which are considered weak.

diffie-hellman-group-exchange-sha1

diffie-hellman-group1-sha1

gss-gex-sha1-*

gss-group1-sha1-*

gss-group14-sha1-*

rsa1024-sha1

- https://datatracker.ietf.org/doc/html/rfc9142

Exploited By Malware:
false
CVSSv3 Base Score:
3.7
CVSSv3 Vector:
AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
CVSSv2 Base Score:
2.6
CVSSv2 Vector:
AV:N/AC:H/Au:N/C:P/I:N/A:N
CPE:
[]
Reference Information:
[]
Protocol:
TCP
Plugin Family:
Misc.
Plugin Modification Date:
2024-03-14
Plugin Output:

The following weak key exchange algorithms are enabled :

diffie-hellman-group-exchange-sha1
diffie-hellman-group1-sha1

Plugin ID Plugin Name Severity Port VPR

Vulnerabilities in the main Repo

Page 18 of 87
70658 SSH Server CBC Mode Ciphers Enabled Low 22 3.6
First Seen:
2024-03-19 06:09
Last Seen:
2024-03-19 06:09
Synopsis:
The SSH server is configured to use Cipher Block Chaining.
Plugin Description:
The SSH server is configured to support Cipher Block Chaining (CBC) encryption. This may allow an attacker to recover the plaintext message from the
ciphertext.

- CVE-2008-5161

CPE:

- cpe:/a:ssh:ssh

Reference Information:
Type Ids
BUGTRAQ 32319
CERT 958563
CVE CVE-2008-5161
CWE 200

Protocol:
TCP
Plugin Family:
Misc.
Plugin Modification Date:
2023-10-27

Vulnerabilities in the main Repo

Page 19 of 87
Plugin Output:

The following client-to-server Cipher Block Chaining (CBC) algorithms

are supported :

3des-cbc
aes128-cbc
aes192-cbc
aes256-cbc
blowfish-cbc
cast128-cbc

The following server-to-client Cipher Block Chaining (CBC) algorithms

are supported :

3des-cbc
aes128-cbc
aes192-cbc
aes256-cbc
blowfish-cbc
cast128-cbc

Vulnerabilities in the main Repo

Page 20 of 87
192.168.3.115
Asset ID 5b24962c-bf9b-4d02-b91d-47f26a5ced08
First Value of Asset Name 192.168.3.115
First Value of Asset Acr Score
Count 4
All Values of Severity 0/0/3/1/0

Asset Details

DNS (FQDN) AES ACR First Seen Last Seen

2024-03-19 05:34 2024-03-19 06:11
IPv4 Address:
192.168.3.115
Finding ID:
5b24962c-bf9b-4d02-b91d-47f26a5ced08
Last Licensed Scan:
2024-03-19 06:09
Source:

- NESSUS_SCAN

Operating System (WAS):

Linux Kernel 2.6
MAC Address:
d4:31:27:04:c9:28

Vulnerabilities Detected

Plugin ID Plugin Name Severity Port VPR

Vulnerabilities in the main Repo

Page 21 of 87
Exploited By Malware:
false
CVSSv3 Base Score:
6.5
CVSSv3 Vector:
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
CVSSv2 Base Score:
6.4
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:N
CPE:
[]
Reference Information:
[]
Protocol:
TCP
Plugin Family:
General
Plugin Modification Date:
2022-06-14
Plugin Output:

The following certificate was found at the top of the certificate

chain sent by the remote host, but is self-signed and was not
found in the list of known certificate authorities :

|-Subject : C=AU/ST=Some-State/O=Internet Widgits Pty Ltd

Plugin ID Plugin Name Severity Port VPR

157288 TLS Version 1.1 Protocol Deprecated Medium 443
First Seen:
2024-03-19 06:09
Last Seen:
2024-03-19 06:09
Synopsis:
The remote service encrypts traffic using an older version of TLS.
Plugin Description:
The remote service accepts connections encrypted using TLS 1.1. TLS 1.1 lacks support for current and recommended cipher suites. Ciphers that
support encryption before MAC computation, and authenticated encryption modes such as GCM cannot be used with TLS 1.1

As of March 31, 2020, Endpoints that are not enabled for TLS 1.2 and higher will no longer function properly with major web browsers and major
vendors.
Solution:
Enable support for TLS 1.2 and/or 1.3, and disable support for TLS 1.1.
See Also:

- https://datatracker.ietf.org/doc/html/rfc8996
- http://www.nessus.org/u?c8ae820d

Exploited By Malware:
false
CVSSv3 Base Score:
6.5
CVSSv3 Vector:
AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N
CVSSv2 Base Score:
6.1

Vulnerabilities in the main Repo

Page 22 of 87
CVSSv2 Vector:
AV:N/AC:H/Au:N/C:C/I:P/A:N
CPE:
[]
Reference Information:
Type Ids
CWE 327

Protocol:
TCP
Plugin Family:
Service detection
Plugin Modification Date:
2023-04-19
Plugin Output:
TLSv1.1 is enabled and the server supports at least one cipher.

Plugin ID Plugin Name Severity Port VPR

- https://www.itu.int/rec/T-REC-X.509/en
- https://en.wikipedia.org/wiki/X.509

Exploited By Malware:
false
CVSSv3 Base Score:
6.5
CVSSv3 Vector:
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
CVSSv2 Base Score:
6.4

Vulnerabilities in the main Repo

Page 23 of 87
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:N
CPE:
[]
Reference Information:
[]
Protocol:
TCP
Plugin Family:
General
Plugin Modification Date:
2020-04-27
Plugin Output:

The following certificate was at the top of the certificate

chain sent by the remote host, but it is signed by an unknown
certificate authority :

|-Subject : C=AU/ST=Some-State/O=Internet Widgits Pty Ltd

|-Issuer : C=AU/ST=Some-State/O=Internet Widgits Pty Ltd

Plugin ID Plugin Name Severity Port VPR

11197 Multiple Ethernet Driver Frame Padding Information Disclosure (Etherleak) Low 0 4.2
First Seen:
2024-03-19 06:09
Last Seen:
2024-03-19 06:09
Synopsis:
The remote host appears to leak memory in network packets.
Plugin Description:
The remote host uses a network device driver that pads ethernet frames with data which vary from one packet to another, likely taken from kernel
memory, system memory allocated to the device driver, or a hardware buffer on its network interface card.

Known as 'Etherleak', this information disclosure vulnerability may allow an attacker to collect sensitive information from the affected host provided
he is on the same physical subnet as that host.
Solution:
Contact the network device driver's vendor for a fix.
See Also:

- http://www.nessus.org/u?719c90b4

Exploitability Ease:
AVAILABLE
Exploited By Malware:
false
CVSSv2 Base Score:
3.3
CVSSv2 Vector:
AV:A/AC:L/Au:N/C:P/I:N/A:N
CVE:

- CVE-2003-0001

CPE:
[]

Vulnerabilities in the main Repo

Page 24 of 87
Reference Information:
Type Ids
BUGTRAQ 6535
CVE CVE-2003-0001

Protocol:
ICMP
Plugin Family:
Misc.
Plugin Modification Date:
2019-03-06
Plugin Output:

Padding observed in one frame :

0x00: 00 00 00 00 00 00 00 00 00 00 00 00 00 50 0B 83 .............P..
0x10: CB .

Padding observed in another frame :

0x00: 00 00 00 00 00 00 00 00 00 00 00 00 00 EA A4 4B ...............K
0x10: FE .

Vulnerabilities in the main Repo

Page 25 of 87
192.168.3.65
Asset ID 5e769542-2915-48a6-bf82-86e642f2ae32
First Value of Asset Name 192.168.3.65
First Value of Asset Acr Score
Count 5
All Values of Severity 0/0/3/2/0

Asset Details

DNS (FQDN) AES ACR First Seen Last Seen

2024-03-19 05:34 2024-03-19 06:11
IPv4 Address:
192.168.3.65
Finding ID:
5e769542-2915-48a6-bf82-86e642f2ae32
Last Licensed Scan:
2024-03-19 05:52
Source:

- NESSUS_SCAN

Operating System (WAS):

Ubuntu 16.04 Linux Kernel 4.4
MAC Address:
00:0c:29:0b:1d:d3
Installed Software:

- cpe:/a:openbsd:openssh:7.4

Vulnerabilities Detected

Plugin ID Plugin Name Severity Port VPR

51192 SSL Certificate Cannot Be Trusted Medium 8834
First Seen:
2024-03-19 05:52
Last Seen:
2024-03-19 05:52
Synopsis:
The SSL certificate for this service cannot be trusted.

Vulnerabilities in the main Repo

Page 26 of 87
Plugin Description:
The server's X.509 certificate cannot be trusted. This situation can occur in three different ways, in which the chain of trust can be broken, as stated
below :

- https://www.itu.int/rec/T-REC-X.509/en
- https://en.wikipedia.org/wiki/X.509

The following certificate was at the top of the certificate

chain sent by the remote host, but it is signed by an unknown
certificate authority :

|-Subject : O=Nessus Users United/OU=Nessus Server/L=New York/C=US/ST=NY/CN=SC5.javaafrica.local

|-Issuer : O=Nessus Users United/OU=Nessus Certification Authority/L=New York/C=US/ST=NY/CN=Nessus Certification Authority

Plugin ID Plugin Name Severity Port VPR

51192 SSL Certificate Cannot Be Trusted Medium 8835
First Seen:
2024-03-19 05:52
Last Seen:
2024-03-19 05:52

Vulnerabilities in the main Repo

Page 27 of 87
Synopsis:
The SSL certificate for this service cannot be trusted.
Plugin Description:
The server's X.509 certificate cannot be trusted. This situation can occur in three different ways, in which the chain of trust can be broken, as stated
below :

- https://www.itu.int/rec/T-REC-X.509/en
- https://en.wikipedia.org/wiki/X.509

The following certificate was at the top of the certificate

chain sent by the remote host, but it is signed by an unknown
certificate authority :

|-Subject : O=NNM Users/OU=NNM Server/L=New York/C=US/ST=NY/CN=SC5.javaafrica.local

|-Issuer : O=NNM Users/OU=NNM Certification Authority/L=New York/C=US/ST=NY/CN=NNM Certification Authority

Plugin ID Plugin Name Severity Port VPR

187315 SSH Terrapin Prefix Truncation Weakness (CVE-2023-48795) Medium 22 6.7
First Seen:
2024-03-19 05:52

Vulnerabilities in the main Repo

Page 28 of 87
Last Seen:
2024-03-19 05:52
Synopsis:
The remote SSH server is vulnerable to a mitm prefix truncation attack.
Plugin Description:
The remote SSH server is vulnerable to a man-in-the-middle prefix truncation weakness known as Terrapin. This can allow a remote, man-in-the-
middle attacker to bypass integrity checks and downgrade the connection's security.

- https://terrapin-attack.com/

- CVE-2023-48795

CPE:

- cpe:/a:openbsd:openssh

Reference Information:
Type Ids
CVE CVE-2023-48795

Protocol:
TCP
Plugin Family:
Misc.
Patch Published:
2023-12-18
Plugin Modification Date:
2024-01-29

Vulnerabilities in the main Repo

Page 29 of 87
Plugin Output:
Supports following ChaCha20-Poly1305 Client to Server algorithm : [email protected]
Supports following CBC Client to Server algorithm : aes192-cbc
Supports following CBC Client to Server algorithm : aes256-cbc
Supports following CBC Client to Server algorithm : blowfish-cbc
Supports following CBC Client to Server algorithm : cast128-cbc
Supports following CBC Client to Server algorithm : 3des-cbc
Supports following CBC Client to Server algorithm : aes128-cbc
Supports following Encrypt-then-MAC Client to Server algorithm : [email protected]
Supports following Encrypt-then-MAC Client to Server algorithm : [email protected]
Supports following Encrypt-then-MAC Client to Server algorithm : [email protected]
Supports following Encrypt-then-MAC Client to Server algorithm : [email protected]
Supports following Encrypt-then-MAC Client to Server algorithm : [email protected]
Supports following ChaCha20-Poly1305 Server to Client algorithm : [email protected]
Supports following CBC Server to Client algorithm : aes192-cbc
Supports following CBC Server to Client algorithm : aes256-cbc
Supports following CBC Server to Client algorithm : blowfish-cbc
Supports following CBC Server to Client algorithm : cast128-cbc
Supports following CBC Server to Client algorithm : 3des-cbc
Supports following CBC Server to Client algorithm : aes128-cbc
Supports following Encrypt-then-MAC Server to Client algorithm : [email protected]
Supports following Encrypt-then-MAC Server to Client algorithm : [email protected]
Supports following Encrypt-then-MAC Server to Client algorithm : [email protected]
Supports following Encrypt-then-MAC Server to Client algorithm : [email protected]
Supports following Encrypt-then-MAC Server to Client algorithm : [email protected]

Plugin ID Plugin Name Severity Port VPR

153953 SSH Weak Key Exchange Algorithms Enabled Low 22
First Seen:
2024-03-19 05:52
Last Seen:
2024-03-19 05:52
Synopsis:
The remote SSH server is configured to allow weak key exchange algorithms.
Plugin Description:
The remote SSH server is configured to allow key exchange algorithms which are considered weak.

diffie-hellman-group-exchange-sha1

diffie-hellman-group1-sha1

gss-gex-sha1-*

gss-group1-sha1-*

gss-group14-sha1-*

rsa1024-sha1

- https://datatracker.ietf.org/doc/html/rfc9142

Exploited By Malware:
false
CVSSv3 Base Score:
3.7

Vulnerabilities in the main Repo

Page 30 of 87
CVSSv3 Vector:
AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
CVSSv2 Base Score:
2.6
CVSSv2 Vector:
AV:N/AC:H/Au:N/C:P/I:N/A:N
CPE:
[]
Reference Information:
[]
Protocol:
TCP
Plugin Family:
Misc.
Plugin Modification Date:
2024-03-14
Plugin Output:

The following weak key exchange algorithms are enabled :

diffie-hellman-group-exchange-sha1
diffie-hellman-group1-sha1

Plugin ID Plugin Name Severity Port VPR

70658 SSH Server CBC Mode Ciphers Enabled Low 22 3.6
First Seen:
2024-03-19 05:52
Last Seen:
2024-03-19 05:52
Synopsis:
The SSH server is configured to use Cipher Block Chaining.
Plugin Description:
The SSH server is configured to support Cipher Block Chaining (CBC) encryption. This may allow an attacker to recover the plaintext message from the
ciphertext.

- CVE-2008-5161

Vulnerabilities in the main Repo

Page 31 of 87
CPE:

- cpe:/a:ssh:ssh

Reference Information:
Type Ids
BUGTRAQ 32319
CERT 958563
CVE CVE-2008-5161
CWE 200

Protocol:
TCP
Plugin Family:
Misc.
Plugin Modification Date:
2023-10-27
Plugin Output:

The following client-to-server Cipher Block Chaining (CBC) algorithms

are supported :

3des-cbc
aes128-cbc
aes192-cbc
aes256-cbc
blowfish-cbc
cast128-cbc

The following server-to-client Cipher Block Chaining (CBC) algorithms

are supported :

3des-cbc
aes128-cbc
aes192-cbc
aes256-cbc
blowfish-cbc
cast128-cbc

Vulnerabilities in the main Repo

Page 32 of 87
192.168.3.78
Asset ID 724813f5-9a3a-496b-a9b4-81db30e90402
First Value of Asset Name 192.168.3.78
First Value of Asset Acr Score
Count 5
All Values of Severity 0/0/3/2/0

Asset Details

DNS (FQDN) AES ACR First Seen Last Seen

2024-03-19 05:34 2024-03-19 06:11
IPv4 Address:
192.168.3.78
Finding ID:
724813f5-9a3a-496b-a9b4-81db30e90402
Last Licensed Scan:
2024-03-19 06:09
Source:

- NESSUS_SCAN

Operating System (WAS):

Ubuntu 16.04 Linux Kernel 4.4
MAC Address:
00:0c:29:8f:92:fb
Installed Software:

- cpe:/a:openbsd:openssh:7.4
- cpe:/a:tenable:nessus:10.6.4

Vulnerabilities Detected

Plugin ID Plugin Name Severity Port VPR

190097 Tenable Nessus < 10.7.0 Multiple Vulnerabilities (TNS-2024-01) Medium 8834 3.6
First Seen:
2024-03-19 05:41
Last Seen:
2024-03-19 06:09
Synopsis:
An instance of Nessus installed on the remote system is affected by multiple vulnerabilities.

Vulnerabilities in the main Repo

Page 33 of 87
Plugin Description:
According to its self-reported version, the Tenable Nessus application running on the remote host is prior to 10.7.0. It is, therefore, affected by
multiple vulnerabilities as referenced in the TNS-2024-01 advisory.

- A stored XSS vulnerability exists where an authenticated, remote attacker with administrator privileges on the Nessus application could alter Nessus
proxy settings, which could lead to the execution of remote arbitrary scripts. (CVE-2024-0955)

- A SQL injection vulnerability exists where an authenticated, low-privileged remote attacker could potentially alter scan DB content. (CVE-2024-0971)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
Solution:
Upgrade to Tenable Nessus 10.7.0 or later.
See Also:

- https://www.tenable.com/security/TNS-2024-01

Stig Severity:
I
Exploitability Ease:
NOT_AVAILABLE
Exploited By Malware:
false
CVSSv3 Base Score:
6.5
CVSSv3 Vector:
AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
CVSSv2 Base Score:
6.8
CVSSv2 Vector:
AV:N/AC:L/Au:S/C:N/I:C/A:N
CVE:

- CVE-2024-0955
- CVE-2024-0971

CPE:

- cpe:/a:tenable:nessus

Reference Information:
Type Ids
CVE CVE-2024-0955, CVE-2024-0971
IAVA 2024-A-0072

Protocol:
TCP
Plugin Family:
Misc.
Patch Published:
2024-02-06
Plugin Modification Date:
2024-02-27
Plugin Output:

URL : https://192.168.3.78:8834/
Installed version : 10.6.4
Fixed version : 10.7.0

Vulnerabilities in the main Repo

Page 34 of 87
Plugin ID Plugin Name Severity Port VPR
51192 SSL Certificate Cannot Be Trusted Medium 8834
First Seen:
2024-03-19 05:41
Last Seen:
2024-03-19 06:09
Synopsis:
The SSL certificate for this service cannot be trusted.
Plugin Description:
The server's X.509 certificate cannot be trusted. This situation can occur in three different ways, in which the chain of trust can be broken, as stated
below :

- https://www.itu.int/rec/T-REC-X.509/en
- https://en.wikipedia.org/wiki/X.509

The following certificate was at the top of the certificate

chain sent by the remote host, but it is signed by an unknown
certificate authority :

Vulnerabilities in the main Repo

Page 35 of 87
|-Subject : O=Nessus Users United/OU=Nessus Server/L=New York/C=US/ST=NY/CN=localhost.localdomain
|-Issuer : O=Nessus Users United/OU=Nessus Certification Authority/L=New York/C=US/ST=NY/CN=Nessus Certification Authority

Plugin ID Plugin Name Severity Port VPR

187315 SSH Terrapin Prefix Truncation Weakness (CVE-2023-48795) Medium 22 6.7
First Seen:
2024-03-19 05:41
Last Seen:
2024-03-19 06:09
Synopsis:
The remote SSH server is vulnerable to a mitm prefix truncation attack.
Plugin Description:
The remote SSH server is vulnerable to a man-in-the-middle prefix truncation weakness known as Terrapin. This can allow a remote, man-in-the-
middle attacker to bypass integrity checks and downgrade the connection's security.

- https://terrapin-attack.com/

- CVE-2023-48795

CPE:

- cpe:/a:openbsd:openssh

Reference Information:
Type Ids
CVE CVE-2023-48795

Protocol:
TCP
Plugin Family:
Misc.
Patch Published:
2023-12-18
Plugin Modification Date:
2024-01-29

Vulnerabilities in the main Repo

Page 36 of 87
Plugin Output:
Supports following ChaCha20-Poly1305 Client to Server algorithm : [email protected]
Supports following CBC Client to Server algorithm : aes192-cbc
Supports following CBC Client to Server algorithm : aes256-cbc
Supports following CBC Client to Server algorithm : blowfish-cbc
Supports following CBC Client to Server algorithm : cast128-cbc
Supports following CBC Client to Server algorithm : 3des-cbc
Supports following CBC Client to Server algorithm : aes128-cbc
Supports following Encrypt-then-MAC Client to Server algorithm : [email protected]
Supports following Encrypt-then-MAC Client to Server algorithm : [email protected]
Supports following Encrypt-then-MAC Client to Server algorithm : [email protected]
Supports following Encrypt-then-MAC Client to Server algorithm : [email protected]
Supports following Encrypt-then-MAC Client to Server algorithm : [email protected]
Supports following ChaCha20-Poly1305 Server to Client algorithm : [email protected]
Supports following CBC Server to Client algorithm : aes192-cbc
Supports following CBC Server to Client algorithm : aes256-cbc
Supports following CBC Server to Client algorithm : blowfish-cbc
Supports following CBC Server to Client algorithm : cast128-cbc
Supports following CBC Server to Client algorithm : 3des-cbc
Supports following CBC Server to Client algorithm : aes128-cbc
Supports following Encrypt-then-MAC Server to Client algorithm : [email protected]
Supports following Encrypt-then-MAC Server to Client algorithm : [email protected]
Supports following Encrypt-then-MAC Server to Client algorithm : [email protected]
Supports following Encrypt-then-MAC Server to Client algorithm : [email protected]
Supports following Encrypt-then-MAC Server to Client algorithm : [email protected]

Plugin ID Plugin Name Severity Port VPR

70658 SSH Server CBC Mode Ciphers Enabled Low 22 3.6
First Seen:
2024-03-19 05:41
Last Seen:
2024-03-19 06:09
Synopsis:
The SSH server is configured to use Cipher Block Chaining.
Plugin Description:
The SSH server is configured to support Cipher Block Chaining (CBC) encryption. This may allow an attacker to recover the plaintext message from the
ciphertext.

- CVE-2008-5161

Vulnerabilities in the main Repo

Page 37 of 87
CPE:

- cpe:/a:ssh:ssh

Reference Information:
Type Ids
BUGTRAQ 32319
CERT 958563
CVE CVE-2008-5161
CWE 200

Protocol:
TCP
Plugin Family:
Misc.
Plugin Modification Date:
2023-10-27
Plugin Output:

The following client-to-server Cipher Block Chaining (CBC) algorithms

are supported :

3des-cbc
aes128-cbc
aes192-cbc
aes256-cbc
blowfish-cbc
cast128-cbc

The following server-to-client Cipher Block Chaining (CBC) algorithms

are supported :

3des-cbc
aes128-cbc
aes192-cbc
aes256-cbc
blowfish-cbc
cast128-cbc

Plugin ID Plugin Name Severity Port VPR

153953 SSH Weak Key Exchange Algorithms Enabled Low 22
First Seen:
2024-03-19 05:41
Last Seen:
2024-03-19 06:09
Synopsis:
The remote SSH server is configured to allow weak key exchange algorithms.

Vulnerabilities in the main Repo

Page 38 of 87
Plugin Description:
The remote SSH server is configured to allow key exchange algorithms which are considered weak.

diffie-hellman-group-exchange-sha1

diffie-hellman-group1-sha1

gss-gex-sha1-*

gss-group1-sha1-*

gss-group14-sha1-*

rsa1024-sha1

- https://datatracker.ietf.org/doc/html/rfc9142

The following weak key exchange algorithms are enabled :

diffie-hellman-group-exchange-sha1
diffie-hellman-group1-sha1

Vulnerabilities in the main Repo

Page 39 of 87
gateway
Asset ID 7555cdc2-48b2-4db9-84e1-4bf5665b5a32
First Value of Asset Name gateway
First Value of Asset Acr Score
Count 3
All Values of Severity 0/0/1/2/0

Asset Details

DNS (FQDN) AES ACR First Seen Last Seen

2024-03-19 05:34 2024-03-19 06:11
IPv4 Address:
192.168.3.99
Finding ID:
7555cdc2-48b2-4db9-84e1-4bf5665b5a32
Last Licensed Scan:
2024-03-19 06:09
Source:

- NESSUS_SCAN

Operating System (WAS):

FortiOS on Fortinet FortiGate
MAC Address:
70:4c:a5:80:65:2c

Vulnerabilities Detected

Plugin ID Plugin Name Severity Port VPR

- https://terrapin-attack.com/

Vulnerabilities in the main Repo

Page 40 of 87
Exploitability Ease:
AVAILABLE
Exploited By Malware:
false
CVSSv3 Base Score:
5.9
CVSSv3 Vector:
AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
CVSSv2 Base Score:
5.4
CVSSv2 Vector:
AV:N/AC:H/Au:N/C:N/I:C/A:N
CVE:

- CVE-2023-48795

CPE:

- cpe:/a:openbsd:openssh

Reference Information:
Type Ids
CVE CVE-2023-48795

Plugin ID Plugin Name Severity Port VPR

153953 SSH Weak Key Exchange Algorithms Enabled Low 22
First Seen:
2024-03-19 06:09
Last Seen:
2024-03-19 06:09
Synopsis:
The remote SSH server is configured to allow weak key exchange algorithms.

Vulnerabilities in the main Repo

Page 41 of 87
Plugin Description:
The remote SSH server is configured to allow key exchange algorithms which are considered weak.

diffie-hellman-group-exchange-sha1

diffie-hellman-group1-sha1

gss-gex-sha1-*

gss-group1-sha1-*

gss-group14-sha1-*

rsa1024-sha1

- https://datatracker.ietf.org/doc/html/rfc9142

The following weak key exchange algorithms are enabled :

diffie-hellman-group-exchange-sha1

Plugin ID Plugin Name Severity Port VPR

10663 DHCP Server Detection Low 67
First Seen:
2024-03-19 06:09
Last Seen:
2024-03-19 06:09
Synopsis:
The remote DHCP server may expose information about the associated network.

Vulnerabilities in the main Repo

Page 42 of 87
Plugin Description:
This script contacts the remote DHCP server (if any) and attempts to retrieve information about the network layout.

Some DHCP servers provide sensitive information such as the NIS domain name, or network layout information such as the list of the network web
servers, and so on.

It does not demonstrate any vulnerability, but a local attacker may use DHCP to become intimately familiar with the associated network.
Solution:
Apply filtering to keep this information off the network and remove any options that are not in use.
See Also:
[]
Exploited By Malware:
false
CVSSv2 Base Score:
3.3
CVSSv2 Vector:
AV:A/AC:L/Au:N/C:P/I:N/A:N
CPE:
[]
Reference Information:
[]
Protocol:
UDP
Plugin Family:
Service detection
Plugin Modification Date:
2019-03-06
Plugin Output:

Nessus gathered the following information from the remote DHCP server :

Master DHCP server of this network : 0.0.0.0

IP address the DHCP server would attribute us : 192.168.3.122
DHCP server(s) identifier : 192.168.3.99
Netmask : 255.255.255.0
Router : 192.168.3.99
Domain name server(s) : 9.9.9.9 , 8.8.8.8

Vulnerabilities in the main Repo

Page 43 of 87
192.168.3.135
Asset ID 7955b44f-f88b-428d-aa1d-3724f9267dcf
First Value of Asset Name 192.168.3.135
First Value of Asset Acr Score
Count 6
All Values of Severity 0/0/4/2/0

Asset Details

DNS (FQDN) AES ACR First Seen Last Seen

2024-03-19 05:34 2024-03-19 06:11
IPv4 Address:
192.168.3.135
Finding ID:
7955b44f-f88b-428d-aa1d-3724f9267dcf
Last Licensed Scan:
2024-03-19 05:52
Source:

- NESSUS_SCAN

Operating System (WAS):

CentOS Linux 7 Linux Kernel 3.10
MAC Address:
00:0c:29:07:98:cf
Installed Software:

- cpe:/a:openbsd:openssh:7.4

Vulnerabilities Detected

Plugin ID Plugin Name Severity Port VPR

51192 SSL Certificate Cannot Be Trusted Medium 8834
First Seen:
2024-03-19 05:52
Last Seen:
2024-03-19 05:52
Synopsis:
The SSL certificate for this service cannot be trusted.

Vulnerabilities in the main Repo

Page 44 of 87
Plugin Description:
The server's X.509 certificate cannot be trusted. This situation can occur in three different ways, in which the chain of trust can be broken, as stated
below :

- https://www.itu.int/rec/T-REC-X.509/en
- https://en.wikipedia.org/wiki/X.509

The following certificate was at the top of the certificate

chain sent by the remote host, but it is signed by an unknown
certificate authority :

|-Subject : O=Nessus Users United/OU=Nessus Server/L=New York/C=US/ST=NY/CN=sc5.javaafrica.local

|-Issuer : O=Nessus Users United/OU=Nessus Certification Authority/L=New York/C=US/ST=NY/CN=Nessus Certification Authority

Plugin ID Plugin Name Severity Port VPR

57582 SSL Self-Signed Certificate Medium 443
First Seen:
2024-03-19 05:52
Last Seen:
2024-03-19 05:52

Vulnerabilities in the main Repo

Page 45 of 87
Synopsis:
The SSL certificate chain for this service ends in an unrecognized self-signed certificate.
Plugin Description:
The X.509 certificate chain for this service is not signed by a recognized certificate authority. If the remote host is a public host in production, this
nullifies the use of SSL as anyone could establish a man-in-the-middle attack against the remote host.

Note that this plugin does not check for certificate chains that end in a certificate that is not self-signed, but is signed by an unrecognized certificate
authority.
Solution:
Purchase or generate a proper SSL certificate for this service.
See Also:
[]
Exploited By Malware:
false
CVSSv3 Base Score:
6.5
CVSSv3 Vector:
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
CVSSv2 Base Score:
6.4
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:N
CPE:
[]
Reference Information:
[]
Protocol:
TCP
Plugin Family:
General
Plugin Modification Date:
2022-06-14
Plugin Output:

The following certificate was found at the top of the certificate

chain sent by the remote host, but is self-signed and was not
found in the list of known certificate authorities :

|-Subject : C=US/ST=Maryland/L=Columbia/O=Tenable, Inc./OU=INSECURE Certificate Authority for Tenable, Inc./CN=TenableCA (dd)

Plugin ID Plugin Name Severity Port VPR

51192 SSL Certificate Cannot Be Trusted Medium 443
First Seen:
2024-03-19 05:52
Last Seen:
2024-03-19 05:52
Synopsis:
The SSL certificate for this service cannot be trusted.

Vulnerabilities in the main Repo

Page 46 of 87
Plugin Description:
The server's X.509 certificate cannot be trusted. This situation can occur in three different ways, in which the chain of trust can be broken, as stated
below :

- https://www.itu.int/rec/T-REC-X.509/en
- https://en.wikipedia.org/wiki/X.509

The following certificate was at the top of the certificate

chain sent by the remote host, but it is signed by an unknown
certificate authority :

|-Subject : C=US/ST=Maryland/L=Columbia/O=Tenable, Inc./OU=INSECURE Certificate Authority for Tenable, Inc./CN=TenableCA (dd)

|-Issuer : C=US/ST=Maryland/L=Columbia/O=Tenable, Inc./OU=INSECURE Certificate Authority for Tenable, Inc./CN=TenableCA (dd)

Plugin ID Plugin Name Severity Port VPR

187315 SSH Terrapin Prefix Truncation Weakness (CVE-2023-48795) Medium 22 6.7
First Seen:
2024-03-19 05:52
Last Seen:
2024-03-19 05:52

Vulnerabilities in the main Repo

Page 47 of 87
Synopsis:
The remote SSH server is vulnerable to a mitm prefix truncation attack.
Plugin Description:
The remote SSH server is vulnerable to a man-in-the-middle prefix truncation weakness known as Terrapin. This can allow a remote, man-in-the-
middle attacker to bypass integrity checks and downgrade the connection's security.

- https://terrapin-attack.com/

- CVE-2023-48795

CPE:

- cpe:/a:openbsd:openssh

Reference Information:
Type Ids
CVE CVE-2023-48795

Protocol:
TCP
Plugin Family:
Misc.
Patch Published:
2023-12-18
Plugin Modification Date:
2024-01-29

Vulnerabilities in the main Repo

Page 48 of 87
Plugin Output:
Supports following ChaCha20-Poly1305 Client to Server algorithm : [email protected]
Supports following CBC Client to Server algorithm : aes192-cbc
Supports following CBC Client to Server algorithm : aes256-cbc
Supports following CBC Client to Server algorithm : blowfish-cbc
Supports following CBC Client to Server algorithm : cast128-cbc
Supports following CBC Client to Server algorithm : 3des-cbc
Supports following CBC Client to Server algorithm : aes128-cbc
Supports following Encrypt-then-MAC Client to Server algorithm : [email protected]
Supports following Encrypt-then-MAC Client to Server algorithm : [email protected]
Supports following Encrypt-then-MAC Client to Server algorithm : [email protected]
Supports following Encrypt-then-MAC Client to Server algorithm : [email protected]
Supports following Encrypt-then-MAC Client to Server algorithm : [email protected]
Supports following ChaCha20-Poly1305 Server to Client algorithm : [email protected]
Supports following CBC Server to Client algorithm : aes192-cbc
Supports following CBC Server to Client algorithm : aes256-cbc
Supports following CBC Server to Client algorithm : blowfish-cbc
Supports following CBC Server to Client algorithm : cast128-cbc
Supports following CBC Server to Client algorithm : 3des-cbc
Supports following CBC Server to Client algorithm : aes128-cbc
Supports following Encrypt-then-MAC Server to Client algorithm : [email protected]
Supports following Encrypt-then-MAC Server to Client algorithm : [email protected]
Supports following Encrypt-then-MAC Server to Client algorithm : [email protected]
Supports following Encrypt-then-MAC Server to Client algorithm : [email protected]
Supports following Encrypt-then-MAC Server to Client algorithm : [email protected]

Plugin ID Plugin Name Severity Port VPR

- CVE-2008-5161

Vulnerabilities in the main Repo

Page 49 of 87
CPE:

- cpe:/a:ssh:ssh

Reference Information:
Type Ids
BUGTRAQ 32319
CERT 958563
CVE CVE-2008-5161
CWE 200

Protocol:
TCP
Plugin Family:
Misc.
Plugin Modification Date:
2023-10-27
Plugin Output:

The following client-to-server Cipher Block Chaining (CBC) algorithms

are supported :

3des-cbc
aes128-cbc
aes192-cbc
aes256-cbc
blowfish-cbc
cast128-cbc

The following server-to-client Cipher Block Chaining (CBC) algorithms

are supported :

3des-cbc
aes128-cbc
aes192-cbc
aes256-cbc
blowfish-cbc
cast128-cbc

Plugin ID Plugin Name Severity Port VPR

153953 SSH Weak Key Exchange Algorithms Enabled Low 22
First Seen:
2024-03-19 05:52
Last Seen:
2024-03-19 05:52
Synopsis:
The remote SSH server is configured to allow weak key exchange algorithms.

Vulnerabilities in the main Repo

Page 50 of 87
Plugin Description:
The remote SSH server is configured to allow key exchange algorithms which are considered weak.

diffie-hellman-group-exchange-sha1

diffie-hellman-group1-sha1

gss-gex-sha1-*

gss-group1-sha1-*

gss-group14-sha1-*

rsa1024-sha1

- https://datatracker.ietf.org/doc/html/rfc9142

The following weak key exchange algorithms are enabled :

diffie-hellman-group-exchange-sha1
diffie-hellman-group1-sha1

Vulnerabilities in the main Repo

Page 51 of 87
desktop-syl-tmx
Asset ID 968af0b3-a280-4673-af13-f8a1c8ffc3d4
First Value of Asset Name desktop-syl-tmx
First Value of Asset Acr Score
Count 1
All Values of Severity 0/0/1/0/0

Asset Details

DNS (FQDN) AES ACR First Seen Last Seen

2023-09-08 13:12 2024-03-19 06:11
IPv4 Address:
192.168.3.122
Finding ID:
968af0b3-a280-4673-af13-f8a1c8ffc3d4
Last Licensed Scan:
2024-03-19 06:09
Source:

- NESSUS_AGENT
- NESSUS_SCAN

NetBIOS Name:
DESKTOP-B93PG8B
Operating System (WAS):
Microsoft Windows 10 Pro 10.0.19045
MAC Address:
ac:e2:d3:95:7d:ee

Vulnerabilities Detected

Plugin ID Plugin Name Severity Port VPR

57608 SMB Signing not required Medium 445
First Seen:
2024-03-19 06:09
Last Seen:
2024-03-19 06:09
Synopsis:
Signing is not required on the remote SMB server.
Plugin Description:
Signing is not required on the remote SMB server. An unauthenticated, remote attacker can exploit this to conduct man-in-the-middle attacks against
the SMB server.
Solution:
Enforce message signing in the host's configuration. On Windows, this is found in the policy setting 'Microsoft network server: Digitally sign
communications (always)'. On Samba, the setting is called 'server signing'. See the 'see also' links for further details.

Vulnerabilities in the main Repo

Page 52 of 87
See Also:

- http://www.nessus.org/u?df39b8b3
- http://technet.microsoft.com/en-us/library/cc731957.aspx
- http://www.nessus.org/u?74b80723
- https://www.samba.org/samba/docs/current/man-html/smb.conf.5.html
- http://www.nessus.org/u?a3cac4ea

Exploitability Ease:
AVAILABLE
Exploited By Malware:
false
CVSSv3 Base Score:
5.3
CVSSv3 Vector:
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
CVSSv2 Base Score:
5.0
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:N/I:P/A:N
CPE:
[]
Reference Information:
[]
Protocol:
TCP
Plugin Family:
Misc.
Plugin Modification Date:
2022-10-05
Plugin Output:

Vulnerabilities in the main Repo

Page 53 of 87
192.168.3.80
Asset ID a76d0ec5-24e4-412d-b004-8115ec0341f8
First Value of Asset Name 192.168.3.80
First Value of Asset Acr Score
Count 5
All Values of Severity 0/0/3/2/0

Asset Details

DNS (FQDN) AES ACR First Seen Last Seen

2024-03-19 05:34 2024-03-19 06:11
IPv4 Address:
192.168.3.80
Finding ID:
a76d0ec5-24e4-412d-b004-8115ec0341f8
Last Licensed Scan:
2024-03-19 05:52
Source:

- NESSUS_SCAN

Operating System (WAS):

CentOS Linux 7 Linux Kernel 3.10, Ubuntu 16.04 Linux Kernel 4.4
MAC Address:
00:0c:29:6b:97:74
Installed Software:

- cpe:/a:openbsd:openssh:7.4

Vulnerabilities Detected

Plugin ID Plugin Name Severity Port VPR

51192 SSL Certificate Cannot Be Trusted Medium 8834
First Seen:
2024-03-19 05:52
Last Seen:
2024-03-19 05:52
Synopsis:
The SSL certificate for this service cannot be trusted.

Vulnerabilities in the main Repo

Page 54 of 87
Plugin Description:
The server's X.509 certificate cannot be trusted. This situation can occur in three different ways, in which the chain of trust can be broken, as stated
below :

- https://www.itu.int/rec/T-REC-X.509/en
- https://en.wikipedia.org/wiki/X.509

The following certificate was at the top of the certificate

chain sent by the remote host, but it is signed by an unknown
certificate authority :

|-Subject : O=Nessus Users United/OU=Nessus Server/L=New York/C=US/ST=NY/CN=localhost.localdomain

|-Issuer : O=Nessus Users United/OU=Nessus Certification Authority/L=New York/C=US/ST=NY/CN=Nessus Certification Authority

Plugin ID Plugin Name Severity Port VPR

51192 SSL Certificate Cannot Be Trusted Medium 8835
First Seen:
2024-03-19 05:52
Last Seen:
2024-03-19 05:52

Vulnerabilities in the main Repo

Page 55 of 87
Synopsis:
The SSL certificate for this service cannot be trusted.
Plugin Description:
The server's X.509 certificate cannot be trusted. This situation can occur in three different ways, in which the chain of trust can be broken, as stated
below :

- https://www.itu.int/rec/T-REC-X.509/en
- https://en.wikipedia.org/wiki/X.509

The following certificate was at the top of the certificate

chain sent by the remote host, but it is signed by an unknown
certificate authority :

|-Subject : O=NNM Users/OU=NNM Server/L=New York/C=US/ST=NY/CN=localhost.localdomain

|-Issuer : O=NNM Users/OU=NNM Certification Authority/L=New York/C=US/ST=NY/CN=NNM Certification Authority

Plugin ID Plugin Name Severity Port VPR

187315 SSH Terrapin Prefix Truncation Weakness (CVE-2023-48795) Medium 22 6.7
First Seen:
2024-03-19 05:52

Vulnerabilities in the main Repo

Page 56 of 87
Last Seen:
2024-03-19 05:52
Synopsis:
The remote SSH server is vulnerable to a mitm prefix truncation attack.
Plugin Description:
The remote SSH server is vulnerable to a man-in-the-middle prefix truncation weakness known as Terrapin. This can allow a remote, man-in-the-
middle attacker to bypass integrity checks and downgrade the connection's security.

- https://terrapin-attack.com/

- CVE-2023-48795

CPE:

- cpe:/a:openbsd:openssh

Reference Information:
Type Ids
CVE CVE-2023-48795

Protocol:
TCP
Plugin Family:
Misc.
Patch Published:
2023-12-18
Plugin Modification Date:
2024-01-29

Vulnerabilities in the main Repo

Page 57 of 87
Plugin Output:
Supports following ChaCha20-Poly1305 Client to Server algorithm : [email protected]
Supports following CBC Client to Server algorithm : aes192-cbc
Supports following CBC Client to Server algorithm : aes256-cbc
Supports following CBC Client to Server algorithm : blowfish-cbc
Supports following CBC Client to Server algorithm : cast128-cbc
Supports following CBC Client to Server algorithm : 3des-cbc
Supports following CBC Client to Server algorithm : aes128-cbc
Supports following Encrypt-then-MAC Client to Server algorithm : [email protected]
Supports following Encrypt-then-MAC Client to Server algorithm : [email protected]
Supports following Encrypt-then-MAC Client to Server algorithm : [email protected]
Supports following Encrypt-then-MAC Client to Server algorithm : [email protected]
Supports following Encrypt-then-MAC Client to Server algorithm : [email protected]
Supports following ChaCha20-Poly1305 Server to Client algorithm : [email protected]
Supports following CBC Server to Client algorithm : aes192-cbc
Supports following CBC Server to Client algorithm : aes256-cbc
Supports following CBC Server to Client algorithm : blowfish-cbc
Supports following CBC Server to Client algorithm : cast128-cbc
Supports following CBC Server to Client algorithm : 3des-cbc
Supports following CBC Server to Client algorithm : aes128-cbc
Supports following Encrypt-then-MAC Server to Client algorithm : [email protected]
Supports following Encrypt-then-MAC Server to Client algorithm : [email protected]
Supports following Encrypt-then-MAC Server to Client algorithm : [email protected]
Supports following Encrypt-then-MAC Server to Client algorithm : [email protected]
Supports following Encrypt-then-MAC Server to Client algorithm : [email protected]

Plugin ID Plugin Name Severity Port VPR

diffie-hellman-group-exchange-sha1

diffie-hellman-group1-sha1

gss-gex-sha1-*

gss-group1-sha1-*

gss-group14-sha1-*

rsa1024-sha1

- https://datatracker.ietf.org/doc/html/rfc9142

Exploited By Malware:
false
CVSSv3 Base Score:
3.7

Vulnerabilities in the main Repo

Page 58 of 87
CVSSv3 Vector:
AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
CVSSv2 Base Score:
2.6
CVSSv2 Vector:
AV:N/AC:H/Au:N/C:P/I:N/A:N
CPE:
[]
Reference Information:
[]
Protocol:
TCP
Plugin Family:
Misc.
Plugin Modification Date:
2024-03-14
Plugin Output:

The following weak key exchange algorithms are enabled :

diffie-hellman-group-exchange-sha1
diffie-hellman-group1-sha1

Plugin ID Plugin Name Severity Port VPR

- CVE-2008-5161

Vulnerabilities in the main Repo

Page 59 of 87
CPE:

- cpe:/a:ssh:ssh

Reference Information:
Type Ids
BUGTRAQ 32319
CERT 958563
CVE CVE-2008-5161
CWE 200

Protocol:
TCP
Plugin Family:
Misc.
Plugin Modification Date:
2023-10-27
Plugin Output:

The following client-to-server Cipher Block Chaining (CBC) algorithms

are supported :

3des-cbc
aes128-cbc
aes192-cbc
aes256-cbc
blowfish-cbc
cast128-cbc

The following server-to-client Cipher Block Chaining (CBC) algorithms

are supported :

3des-cbc
aes128-cbc
aes192-cbc
aes256-cbc
blowfish-cbc
cast128-cbc

Vulnerabilities in the main Repo

Page 60 of 87
192.168.3.116
Asset ID bcf086c6-f0e7-4d89-a213-3c645bc00dc7
First Value of Asset Name 192.168.3.116
First Value of Asset Acr Score
Count 6
All Values of Severity 0/0/5/1/0

Asset Details

DNS (FQDN) AES ACR First Seen Last Seen

2024-03-19 05:34 2024-03-19 06:11
IPv4 Address:
192.168.3.116
Finding ID:
bcf086c6-f0e7-4d89-a213-3c645bc00dc7
Last Licensed Scan:
2024-03-19 06:09
Source:

- NESSUS_SCAN

Operating System (WAS):

Linux Kernel 2.6
MAC Address:
d4:31:27:04:c9:b4

Vulnerabilities Detected

Plugin ID Plugin Name Severity Port VPR

57582 SSL Self-Signed Certificate Medium 1883
First Seen:
2024-03-19 06:09
Last Seen:
2024-03-19 06:09
Synopsis:
The SSL certificate chain for this service ends in an unrecognized self-signed certificate.
Plugin Description:
The X.509 certificate chain for this service is not signed by a recognized certificate authority. If the remote host is a public host in production, this
nullifies the use of SSL as anyone could establish a man-in-the-middle attack against the remote host.

Vulnerabilities in the main Repo

Page 61 of 87
Exploited By Malware:
false
CVSSv3 Base Score:
6.5
CVSSv3 Vector:
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
CVSSv2 Base Score:
6.4
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:N
CPE:
[]
Reference Information:
[]
Protocol:
TCP
Plugin Family:
General
Plugin Modification Date:
2022-06-14
Plugin Output:

The following certificate was found at the top of the certificate

chain sent by the remote host, but is self-signed and was not
found in the list of known certificate authorities :

|-Subject : C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/CN=admin

Plugin ID Plugin Name Severity Port VPR

- https://datatracker.ietf.org/doc/html/rfc8996
- http://www.nessus.org/u?c8ae820d

Exploited By Malware:
false
CVSSv3 Base Score:
6.5
CVSSv3 Vector:
AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N
CVSSv2 Base Score:
6.1

Vulnerabilities in the main Repo

Page 62 of 87
CVSSv2 Vector:
AV:N/AC:H/Au:N/C:C/I:P/A:N
CPE:
[]
Reference Information:
Type Ids
CWE 327

Protocol:
TCP
Plugin Family:
Service detection
Plugin Modification Date:
2023-04-19
Plugin Output:
TLSv1.1 is enabled and the server supports at least one cipher.

Plugin ID Plugin Name Severity Port VPR

- https://www.itu.int/rec/T-REC-X.509/en
- https://en.wikipedia.org/wiki/X.509

Exploited By Malware:
false
CVSSv3 Base Score:
6.5
CVSSv3 Vector:
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
CVSSv2 Base Score:
6.4

Vulnerabilities in the main Repo

Page 63 of 87
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:N
CPE:
[]
Reference Information:
[]
Protocol:
TCP
Plugin Family:
General
Plugin Modification Date:
2020-04-27
Plugin Output:

The following certificate was at the top of the certificate

chain sent by the remote host, but it is signed by an unknown
certificate authority :

|-Subject : C=AU/ST=Some-State/O=Internet Widgits Pty Ltd

|-Issuer : C=AU/ST=Some-State/O=Internet Widgits Pty Ltd

Plugin ID Plugin Name Severity Port VPR

51192 SSL Certificate Cannot Be Trusted Medium 1883
First Seen:
2024-03-19 06:09
Last Seen:
2024-03-19 06:09
Synopsis:
The SSL certificate for this service cannot be trusted.
Plugin Description:
The server's X.509 certificate cannot be trusted. This situation can occur in three different ways, in which the chain of trust can be broken, as stated
below :

- https://www.itu.int/rec/T-REC-X.509/en
- https://en.wikipedia.org/wiki/X.509

Exploited By Malware:
false
CVSSv3 Base Score:
6.5
CVSSv3 Vector:
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Vulnerabilities in the main Repo

Page 64 of 87
CVSSv2 Base Score:
6.4
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:N
CPE:
[]
Reference Information:
[]
Protocol:
TCP
Plugin Family:
General
Plugin Modification Date:
2020-04-27
Plugin Output:

The following certificate was at the top of the certificate

chain sent by the remote host, but it is signed by an unknown
certificate authority :

|-Subject : C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/CN=admin

|-Issuer : C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/CN=admin

Plugin ID Plugin Name Severity Port VPR

Vulnerabilities in the main Repo

Page 65 of 87
Plugin Family:
General
Plugin Modification Date:
2022-06-14
Plugin Output:

The following certificate was found at the top of the certificate

chain sent by the remote host, but is self-signed and was not
found in the list of known certificate authorities :

|-Subject : C=AU/ST=Some-State/O=Internet Widgits Pty Ltd

Plugin ID Plugin Name Severity Port VPR

- http://www.nessus.org/u?719c90b4

Exploitability Ease:
AVAILABLE
Exploited By Malware:
false
CVSSv2 Base Score:
3.3
CVSSv2 Vector:
AV:A/AC:L/Au:N/C:P/I:N/A:N
CVE:

- CVE-2003-0001

CPE:
[]
Reference Information:
Type Ids
BUGTRAQ 6535
CVE CVE-2003-0001

Protocol:
ICMP
Plugin Family:
Misc.
Plugin Modification Date:
2019-03-06

Vulnerabilities in the main Repo

Page 66 of 87
Plugin Output:

Padding observed in one frame :

0x00: 00 00 00 00 00 00 00 00 00 00 00 00 00 0E 70 62 ..............pb
0x10: D5 .

Padding observed in another frame :

0x00: 00 00 00 00 00 00 00 00 00 00 00 00 00 C6 D9 1E ................
0x10: 55 U

Vulnerabilities in the main Repo

Page 67 of 87
192.168.3.60
Asset ID e71c7366-67e7-4610-9b7d-62aa83207da7
First Value of Asset Name 192.168.3.60
First Value of Asset Acr Score
Count 4
All Values of Severity 1/0/3/0/0

Asset Details

DNS (FQDN) AES ACR First Seen Last Seen

2024-03-19 05:34 2024-03-19 06:11
IPv4 Address:
192.168.3.60
Finding ID:
e71c7366-67e7-4610-9b7d-62aa83207da7
Last Licensed Scan:
2024-03-19 06:09
Source:

- NESSUS_SCAN

Operating System (WAS):

VMware ESXi 8.0.2 build-22380479
MAC Address:
70:5a:0f:46:52:c9
Installed Software:

- cpe:/a:vmware:esxi:esxi_8.0

Vulnerabilities Detected

Plugin ID Plugin Name Severity Port VPR

191711 VMware ESXi 7.0 / 8.0 Multiple Vulnerabilities (VMSA-2024-0006) Critical 443 9.9
First Seen:
2024-03-19 06:09
Last Seen:
2024-03-19 06:09
Synopsis:
The remote VMware ESXi host is affected by multiple vulnerabilities.

Vulnerabilities in the main Repo

Page 68 of 87
Plugin Description:
The version of VMware ESXi installed on the remote host is prior to 7.0 Update 3p, 8.0 prior to 8.0 Update 1d, or 8.0 prior to 8.0 Update 2b. It is,
therefore, affected by multiple vulnerabilities as referenced in the VMSA-2024-0006 advisory:

- VMware ESXi, Workstation, and Fusion contain a use-after-free vulnerability in the XHCI USB controller. (CVE-2024-22252)

- VMware ESXi, Workstation, and Fusion contain a use-after-free vulnerability in the UHCI USB controller. (CVE-2024-22253)

- VMware ESXi contains an out-of-bounds write vulnerability. (CVE-2024-22254)

- VMware ESXi, Workstation, and Fusion contain an information disclosure vulnerability in the UHCI USB controller.
(CVE-2024-22255)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
Solution:
Upgrade to VMware ESXi 7.0 Update 3p, 8.0 Update 1d, or 8.0 Update 2b or later.
See Also:

- https://www.vmware.com/security/advisories/VMSA-2024-0006.html

Stig Severity:
I
Exploitability Ease:
NOT_AVAILABLE
Exploited By Malware:
false
CVSSv3 Base Score:
9.3
CVSSv3 Vector:
AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
CVSSv2 Base Score:
7.2
CVSSv2 Vector:
AV:L/AC:L/Au:N/C:C/I:C/A:C
CVE:

- CVE-2024-22252
- CVE-2024-22253
- CVE-2024-22254
- CVE-2024-22255

CPE:

- cpe:/o:vmware:esxi

Reference Information:
Type Ids
CVE CVE-2024-22252, CVE-2024-22253, CVE-2024-22254, CVE-2024-22255
IAVA 2024-A-0120
VMSA 2024-0006

Protocol:
TCP
Plugin Family:
Misc.
Patch Published:
2024-03-05

Vulnerabilities in the main Repo

Page 69 of 87
Plugin Modification Date:
2024-03-08
Plugin Output:

ESXi version : VMware ESXi 8.0.2 build-22380479

Installed build : 22380479
Fixed build : 8.0U2 23305545

Plugin ID Plugin Name Severity Port VPR

- https://www.itu.int/rec/T-REC-X.509/en
- https://en.wikipedia.org/wiki/X.509

Vulnerabilities in the main Repo

Page 70 of 87
Plugin Modification Date:
2020-04-27
Plugin Output:

The following certificate was at the top of the certificate

chain sent by the remote host, but it is signed by an unknown
certificate authority :

|-Subject : C=US/ST=California/L=Palo Alto/O=VMware, Inc/OU=VMware ESX Server Default Certificate/[email protected]

/CN=localhost.localdomain/1.2.840.113549.1.9.2=1707924783,564d7761726520496e632e
|-Issuer : O=VMware Installer

Plugin ID Plugin Name Severity Port VPR

51192 SSL Certificate Cannot Be Trusted Medium 9080
First Seen:
2024-03-19 06:09
Last Seen:
2024-03-19 06:09
Synopsis:
The SSL certificate for this service cannot be trusted.
Plugin Description:
The server's X.509 certificate cannot be trusted. This situation can occur in three different ways, in which the chain of trust can be broken, as stated
below :

- https://www.itu.int/rec/T-REC-X.509/en
- https://en.wikipedia.org/wiki/X.509

Vulnerabilities in the main Repo

Page 71 of 87
Protocol:
TCP
Plugin Family:
General
Plugin Modification Date:
2020-04-27
Plugin Output:

The following certificate was at the top of the certificate

chain sent by the remote host, but it is signed by an unknown
certificate authority :

|-Subject : O=VMware Installer

|-Issuer : O=VMware Installer

Plugin ID Plugin Name Severity Port VPR

57582 SSL Self-Signed Certificate Medium 9080
First Seen:
2024-03-19 06:09
Last Seen:
2024-03-19 06:09
Synopsis:
The SSL certificate chain for this service ends in an unrecognized self-signed certificate.
Plugin Description:
The X.509 certificate chain for this service is not signed by a recognized certificate authority. If the remote host is a public host in production, this
nullifies the use of SSL as anyone could establish a man-in-the-middle attack against the remote host.

Vulnerabilities in the main Repo

Page 72 of 87
Plugin Output:

The following certificate was found at the top of the certificate

chain sent by the remote host, but is self-signed and was not
found in the list of known certificate authorities :

|-Subject : O=VMware Installer

Vulnerabilities in the main Repo

Page 73 of 87
TECHMAX-PC
Asset ID f0657c0b-dbd1-4f93-83de-7bf14a39a748
First Value of Asset Name TECHMAX-PC
First Value of Asset Acr Score
Count 4
All Values of Severity 2/1/1/0/0

Asset Details

DNS (FQDN) AES ACR First Seen Last Seen

2024-03-19 05:34 2024-03-19 06:11
IPv4 Address:
192.168.3.124
Finding ID:
f0657c0b-dbd1-4f93-83de-7bf14a39a748
Last Licensed Scan:
2024-03-19 06:09
Source:

- NESSUS_SCAN

NetBIOS Name:
TECHMAX-PC
Operating System (WAS):
Microsoft Windows 7 Professional
MAC Address:
00:0c:29:87:5a:a4

Vulnerabilities Detected

Plugin ID Plugin Name Severity Port VPR

108797 Unsupported Windows OS (remote) Critical 0
First Seen:
2024-03-19 06:09
Last Seen:
2024-03-19 06:09
Synopsis:
The remote OS or service pack is no longer supported.
Plugin Description:
The remote version of Microsoft Windows is either missing a service pack or is no longer supported. As a result, it is likely to contain security
vulnerabilities.
Solution:
Upgrade to a supported service pack or operating system
See Also:

- https://support.microsoft.com/en-us/lifecycle

Vulnerabilities in the main Repo

Page 74 of 87
Exploited By Malware:
false
CVSSv3 Base Score:
10.0
CVSSv3 Vector:
AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
CVSSv2 Base Score:
10.0
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C
CPE:

- cpe:/o:microsoft:windows

Reference Information:
Type Ids
IAVA 0001-A-0501

Protocol:
TCP
Plugin Family:
Windows
Plugin Modification Date:
2023-07-27
Plugin Output:

The following Windows version is installed and not supported:

Microsoft Windows 7 Professional

Plugin Plugin Name Severity Port VPR

ID
97833 MS17-010: Security Update for Microsoft Windows SMB Server (4013389) (ETERNALBLUE) (ETERNALCHAMPION) High 445 9.7
(ETERNALROMANCE) (ETERNALSYNERGY) (WannaCry) (EternalRocks) (Petya) (uncredentialed check)
First Seen:
2024-03-19 06:09
Last Seen:
2024-03-19 06:09
Synopsis:
The remote Windows host is affected by multiple vulnerabilities.
Plugin Description:
The remote Windows host is affected by the following vulnerabilities :

- Multiple remote code execution vulnerabilities exist in Microsoft Server Message Block 1.0 (SMBv1) due to improper handling of certain requests. An
unauthenticated, remote attacker can exploit these vulnerabilities, via a specially crafted packet, to execute arbitrary code. (CVE-2017-0143, CVE-
2017-0144, CVE-2017-0145, CVE-2017-0146, CVE-2017-0148)

- An information disclosure vulnerability exists in Microsoft Server Message Block 1.0 (SMBv1) due to improper handling of certain requests. An
unauthenticated, remote attacker can exploit this, via a specially crafted packet, to disclose sensitive information. (CVE-2017-0147)

ETERNALBLUE, ETERNALCHAMPION, ETERNALROMANCE, and ETERNALSYNERGY are four of multiple Equation Group vulnerabilities and exploits
disclosed on 2017/04/14 by a group known as the Shadow Brokers. WannaCry / WannaCrypt is a ransomware program utilizing the ETERNALBLUE
exploit, and EternalRocks is a worm that utilizes seven Equation Group vulnerabilities. Petya is a ransomware program that first utilizes CVE-2017-
0199, a vulnerability in Microsoft Office, and then spreads via ETERNALBLUE.

Vulnerabilities in the main Repo

Page 75 of 87
Solution:
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 2012, 8.1, RT 8.1, 2012 R2, 10, and 2016. Microsoft has also released
emergency patches for Windows operating systems that are no longer supported, including Windows XP, 2003, and 8.

For unsupported Windows operating systems, e.g. Windows XP, Microsoft recommends that users discontinue the use of SMBv1. SMBv1 lacks security
features that were included in later SMB versions. SMBv1 can be disabled by following the vendor instructions provided in Microsoft KB2696547.
Additionally, US-CERT recommends that users block SMB directly by blocking TCP port 445 on all network boundary devices. For SMB over the
NetBIOS API, block TCP ports 137 / 139 and UDP ports 137 / 138 on all network boundary devices.
See Also:

- http://www.nessus.org/u?68fc8eff
- http://www.nessus.org/u?321523eb
- http://www.nessus.org/u?065561d0
- http://www.nessus.org/u?d9f569cf
- https://blogs.technet.microsoft.com/filecab/2016/09/16/stop-using-smb1/
- http://www.nessus.org/u?b9d9ebf9
- http://www.nessus.org/u?8dcab5e4
- http://www.nessus.org/u?234f8ef8
- http://www.nessus.org/u?4c7e0cf3
- https://github.com/stamparm/EternalRocks/
- http://www.nessus.org/u?59db5b5b

Stig Severity:
I
Exploitability Ease:
AVAILABLE
Exploited By Malware:
true
CVSSv3 Base Score:
8.1
CVSSv3 Vector:
AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSSv2 Base Score:
9.3
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C
CVE:

- CVE-2017-0143
- CVE-2017-0144
- CVE-2017-0145
- CVE-2017-0146
- CVE-2017-0147
- CVE-2017-0148

CPE:

- cpe:/o:microsoft:windows

Vulnerabilities in the main Repo

Page 76 of 87
Reference Information:
Type Ids
BUGTRAQ 96703, 96704, 96705, 96706, 96707, 96709
CISA-KNOWN-EXPLOITED 2022/04/15, 2022/04/27, 2022/05/03, 2022/06/14, 2022/08/10
CVE CVE-2017-0143, CVE-2017-0144, CVE-2017-0145, CVE-2017-0146, CVE-2017-0147, CVE-2017-0148
EDB-ID 41891, 41987
IAVA 2017-A-0065
MSFT MS17-010
MSKB 4012212, 4012213, 4012214, 4012215, 4012216, 4012217, 4012598, 4012606, 4013198, 4013429

Protocol:
TCP
Plugin Family:
Windows
Patch Published:
2017-03-14
Plugin Modification Date:
2022-05-25
Plugin Output:
Sent:
00000054ff534d4225000000001803c800000000000000000000000000089f8e0008000110000000
00ffffffff0000000000000000000000005400000054000200230000001100005c00500049005000
45005c0000000000

Received:
ff534d4225050200c09803c800000000000000000000000000089f8e00080001000000

Plugin ID Plugin Name Severity Port VPR

Exploitability Ease:
AVAILABLE
Exploited By Malware:
false
CVSSv3 Base Score:
5.3

Vulnerabilities in the main Repo

Page 77 of 87
CVSSv3 Vector:
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
CVSSv2 Base Score:
5.0
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:N/I:P/A:N
CPE:
[]
Reference Information:
[]
Protocol:
TCP
Plugin Family:
Misc.
Plugin Modification Date:
2022-10-05
Plugin Output:

Plugin ID Plugin Name Severity Port VPR

53514 MS11-030: Vulnerability in DNS Resolution Could Allow Remote Code Execution (2509553) (remote check) Critical 5355 7.3
First Seen:
2024-03-19 06:09
Last Seen:
2024-03-19 06:09
Synopsis:
Arbitrary code can be executed on the remote host through the installed Windows DNS client.
Plugin Description:
A flaw in the way the installed Windows DNS client processes Link- local Multicast Name Resolution (LLMNR) queries can be exploited to execute
arbitrary code in the context of the NetworkService account.

Note that Windows XP and 2003 do not support LLMNR and successful exploitation on those platforms requires local access and the ability to run a
special application. On Windows Vista, 2008, 7, and 2008 R2, however, the issue can be exploited remotely.
Solution:
Microsoft has released a set of patches for Windows XP, 2003, Vista, 2008, 7, and 2008 R2.
See Also:

- https://www.nessus.org/u?361871b1

Stig Severity:
I
Exploitability Ease:
AVAILABLE
Exploited By Malware:
false
CVSSv2 Base Score:
10.0
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C
CVE:

- CVE-2011-0657

CPE:

- cpe:/o:microsoft:windows

Vulnerabilities in the main Repo

Page 78 of 87
Reference Information:
Type Ids
BUGTRAQ 47242
CVE CVE-2011-0657
IAVA 2011-A-0039-S
MSFT MS11-030
MSKB 2509553

Protocol:
UDP
Plugin Family:
Windows
Patch Published:
2011-04-12
Plugin Modification Date:
2023-10-17
Plugin Output:

Vulnerabilities in the main Repo

Page 79 of 87
192.168.3.179
Asset ID 36bfba0b-44d3-438e-9d20-d5ffa74649ce
First Value of Asset Name 192.168.3.179
First Value of Asset Acr Score
Count 6
All Values of Severity 0/0/4/2/0

Asset Details

DNS (FQDN) AES ACR First Seen Last Seen

2024-03-19 05:34 2024-03-19 06:11
IPv4 Address:
192.168.3.179
Finding ID:
36bfba0b-44d3-438e-9d20-d5ffa74649ce
Last Licensed Scan:
2024-03-19 06:09
Source:

- NESSUS_SCAN

Operating System (WAS):

CentOS Linux 7 Linux Kernel 3.10, Ubuntu 16.04 Linux Kernel 4.4
MAC Address:
00:0c:29:1c:94:f4
Installed Software:

- cpe:/a:openbsd:openssh:7.4

Vulnerabilities Detected

Plugin ID Plugin Name Severity Port VPR

Vulnerabilities in the main Repo

Page 80 of 87
See Also:
[]
Exploited By Malware:
false
CVSSv3 Base Score:
6.5
CVSSv3 Vector:
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
CVSSv2 Base Score:
6.4
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:N
CPE:
[]
Reference Information:
[]
Protocol:
TCP
Plugin Family:
General
Plugin Modification Date:
2022-06-14
Plugin Output:

The following certificate was found at the top of the certificate

chain sent by the remote host, but is self-signed and was not
found in the list of known certificate authorities :

|-Subject : C=US/ST=Maryland/L=Columbia/O=Tenable, Inc./OU=INSECURE Certificate Authority for Tenable, Inc./CN=TenableCA (85)

Plugin ID Plugin Name Severity Port VPR

Vulnerabilities in the main Repo

Page 81 of 87
See Also:

- https://www.itu.int/rec/T-REC-X.509/en
- https://en.wikipedia.org/wiki/X.509

The following certificate was at the top of the certificate

chain sent by the remote host, but it is signed by an unknown
certificate authority :

|-Subject : C=US/ST=Maryland/L=Columbia/O=Tenable, Inc./OU=INSECURE Certificate Authority for Tenable, Inc./CN=TenableCA (85)

|-Issuer : C=US/ST=Maryland/L=Columbia/O=Tenable, Inc./OU=INSECURE Certificate Authority for Tenable, Inc./CN=TenableCA (85)

Plugin ID Plugin Name Severity Port VPR

Vulnerabilities in the main Repo

Page 82 of 87
Solution:
Purchase or generate a proper SSL certificate for this service.
See Also:

- https://www.itu.int/rec/T-REC-X.509/en
- https://en.wikipedia.org/wiki/X.509

The following certificate was at the top of the certificate

chain sent by the remote host, but it is signed by an unknown
certificate authority :

|-Subject : O=Nessus Users United/OU=Nessus Server/L=New York/C=US/ST=NY/CN=sc5.javaafrica.local

|-Issuer : O=Nessus Users United/OU=Nessus Certification Authority/L=New York/C=US/ST=NY/CN=Nessus Certification Authority

Plugin ID Plugin Name Severity Port VPR

- https://terrapin-attack.com/

Vulnerabilities in the main Repo

Page 83 of 87
Exploitability Ease:
AVAILABLE
Exploited By Malware:
false
CVSSv3 Base Score:
5.9
CVSSv3 Vector:
AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
CVSSv2 Base Score:
5.4
CVSSv2 Vector:
AV:N/AC:H/Au:N/C:N/I:C/A:N
CVE:

- CVE-2023-48795

CPE:

- cpe:/a:openbsd:openssh

Reference Information:
Type Ids
CVE CVE-2023-48795

Plugin ID Plugin Name Severity Port VPR

153953 SSH Weak Key Exchange Algorithms Enabled Low 22

Vulnerabilities in the main Repo

Page 84 of 87
First Seen:
2024-03-19 06:09
Last Seen:
2024-03-19 06:09
Synopsis:
The remote SSH server is configured to allow weak key exchange algorithms.
Plugin Description:
The remote SSH server is configured to allow key exchange algorithms which are considered weak.

diffie-hellman-group-exchange-sha1

diffie-hellman-group1-sha1

gss-gex-sha1-*

gss-group1-sha1-*

gss-group14-sha1-*

rsa1024-sha1

- https://datatracker.ietf.org/doc/html/rfc9142

The following weak key exchange algorithms are enabled :

diffie-hellman-group-exchange-sha1
diffie-hellman-group1-sha1

Plugin ID Plugin Name Severity Port VPR

Vulnerabilities in the main Repo

Page 85 of 87
70658 SSH Server CBC Mode Ciphers Enabled Low 22 3.6
First Seen:
2024-03-19 06:09
Last Seen:
2024-03-19 06:09
Synopsis:
The SSH server is configured to use Cipher Block Chaining.
Plugin Description:
The SSH server is configured to support Cipher Block Chaining (CBC) encryption. This may allow an attacker to recover the plaintext message from the
ciphertext.

- CVE-2008-5161

CPE:

- cpe:/a:ssh:ssh

Reference Information:
Type Ids
BUGTRAQ 32319
CERT 958563
CVE CVE-2008-5161
CWE 200

Protocol:
TCP
Plugin Family:
Misc.
Plugin Modification Date:
2023-10-27

Vulnerabilities in the main Repo

Page 86 of 87
Plugin Output:

The following client-to-server Cipher Block Chaining (CBC) algorithms

are supported :

3des-cbc
aes128-cbc
aes192-cbc
aes256-cbc
blowfish-cbc
cast128-cbc

The following server-to-client Cipher Block Chaining (CBC) algorithms

are supported :

3des-cbc
aes128-cbc
aes192-cbc
aes256-cbc
blowfish-cbc
cast128-cbc

Vulnerabilities in the main Repo

Page 87 of 87

Tenable Vulnerability Management-User Guide
No ratings yet
Tenable Vulnerability Management-User Guide
1,335 pages
Music Streaming App Project Report
100% (8)
Music Streaming App Project Report
50 pages
Log4Shell MXZTKC
No ratings yet
Log4Shell MXZTKC
477 pages
InsightVM Slide Deck
No ratings yet
InsightVM Slide Deck
169 pages
CAO Notes
No ratings yet
CAO Notes
50 pages
Tenable Vulnerability Management-User Guide
No ratings yet
Tenable Vulnerability Management-User Guide
1,478 pages
Sample Vulnerability Assessment Report PurpleSec
100% (2)
Sample Vulnerability Assessment Report PurpleSec
16 pages
Lab 1
No ratings yet
Lab 1
10 pages
FortiADC AWS Deployment Guide
No ratings yet
FortiADC AWS Deployment Guide
87 pages
BCSL 013
No ratings yet
BCSL 013
3 pages
Pondicherry University Curriculum and Syllabi For: B.Tech. (Computer Science and Engineering)
No ratings yet
Pondicherry University Curriculum and Syllabi For: B.Tech. (Computer Science and Engineering)
24 pages
App 4 - Drawings
No ratings yet
App 4 - Drawings
11 pages
Class X PGM 11 To PGM 15
0% (1)
Class X PGM 11 To PGM 15
7 pages
NLB Network Internal VA Final Report v1.4 - Unlocked
No ratings yet
NLB Network Internal VA Final Report v1.4 - Unlocked
1,409 pages
Vulnerability Assessment
100% (2)
Vulnerability Assessment
22 pages
Design and Analysis of IoT-Based Intelligent Robot For Real-Time Monitoring and Control
No ratings yet
Design and Analysis of IoT-Based Intelligent Robot For Real-Time Monitoring and Control
13 pages
4801 D5e7
0% (1)
4801 D5e7
2 pages
Tech Report
No ratings yet
Tech Report
841 pages
Nexpose Audit Report
No ratings yet
Nexpose Audit Report
376 pages
Blocks Programming Manual
No ratings yet
Blocks Programming Manual
107 pages
WS2012
No ratings yet
WS2012
350 pages
Penetration Testing
No ratings yet
Penetration Testing
20 pages
Linux Report
No ratings yet
Linux Report
168 pages
IP Address Host Severity
No ratings yet
IP Address Host Severity
191 pages
Dell Unity - Hardware Documents-Hardware Information Guide
No ratings yet
Dell Unity - Hardware Documents-Hardware Information Guide
106 pages
Is-03 q1 Pci Asv DNS-ip-was Reports - DB
No ratings yet
Is-03 q1 Pci Asv DNS-ip-was Reports - DB
130 pages
Blackview BV7000 Stock Rom Firmware
No ratings yet
Blackview BV7000 Stock Rom Firmware
3 pages
Metasploitable - Advanced Scan - Us5pc1
No ratings yet
Metasploitable - Advanced Scan - Us5pc1
240 pages
Tenable
No ratings yet
Tenable
239 pages
Scan Metasploitable - 9gful2
No ratings yet
Scan Metasploitable - 9gful2
209 pages
Fbiscan
No ratings yet
Fbiscan
78 pages
Is-03 q1 Pci Asv DNS-ip-was Reports - DB
No ratings yet
Is-03 q1 Pci Asv DNS-ip-was Reports - DB
114 pages
Awa-Scan Qfctiv
No ratings yet
Awa-Scan Qfctiv
71 pages
Report Generated by Nessus™ Mon, 09 Sep 2019 12:21:40 - 03
No ratings yet
Report Generated by Nessus™ Mon, 09 Sep 2019 12:21:40 - 03
79 pages
Analisis VIRTUALIZACION
No ratings yet
Analisis VIRTUALIZACION
74 pages
Analisis WEB
No ratings yet
Analisis WEB
88 pages
3 Embedded Flash Memory Interface
No ratings yet
3 Embedded Flash Memory Interface
40 pages
Oodp Project Report Ra2111028010068
No ratings yet
Oodp Project Report Ra2111028010068
26 pages
F. 38 64 80 6 38 64 80 7 38 64 80 8 38 64 80 5 38 64 80 9 q67w92
No ratings yet
F. 38 64 80 6 38 64 80 7 38 64 80 8 38 64 80 5 38 64 80 9 q67w92
68 pages
Test1 RX Dwv709
No ratings yet
Test1 RX Dwv709
244 pages
Robert Arias 20163930 Ubuntu Test 2 - Znhxab
No ratings yet
Robert Arias 20163930 Ubuntu Test 2 - Znhxab
38 pages
ATC 2023 PEC4 ANEXO-nessus Report Linux Local and Remote Vunls
No ratings yet
ATC 2023 PEC4 ANEXO-nessus Report Linux Local and Remote Vunls
82 pages
UBPS Web Service Message Interface Updated 1.3.6
No ratings yet
UBPS Web Service Message Interface Updated 1.3.6
58 pages
Scanprojet Semq4x
No ratings yet
Scanprojet Semq4x
180 pages
Scan Report
No ratings yet
Scan Report
35 pages
Vaprogram Example
No ratings yet
Vaprogram Example
37 pages
MIS513 Advanced Datavbases Course Outline
No ratings yet
MIS513 Advanced Datavbases Course Outline
8 pages
Scan Nexpose Gestor de BD Postgresql y Ubuntu Server
No ratings yet
Scan Nexpose Gestor de BD Postgresql y Ubuntu Server
32 pages
CVE Analysis Report
No ratings yet
CVE Analysis Report
5 pages
CTFL Aut 2018 Engl Sample Paper
No ratings yet
CTFL Aut 2018 Engl Sample Paper
28 pages
External Penetration Testing and Social Engineering Digital Shadowing
No ratings yet
External Penetration Testing and Social Engineering Digital Shadowing
14 pages
SCA Scan Vulnerabilities On Nutanix Ilos
No ratings yet
SCA Scan Vulnerabilities On Nutanix Ilos
24 pages
Red Hat Open Approach Vulnerability Management 1 - 2
No ratings yet
Red Hat Open Approach Vulnerability Management 1 - 2
23 pages
Scalable Neural Network
No ratings yet
Scalable Neural Network
31 pages
ENO Emp - NM Salary DEP
No ratings yet
ENO Emp - NM Salary DEP
65 pages
OpenLNS Server License Guide
No ratings yet
OpenLNS Server License Guide
24 pages
13.) Threats and Vulnerability Analysis of Linux
No ratings yet
13.) Threats and Vulnerability Analysis of Linux
29 pages
COS1511 Oct-Nov 2023 Exam
No ratings yet
COS1511 Oct-Nov 2023 Exam
11 pages
Solicitud Vulnerabilidades SW ICP 2 - RF627828
No ratings yet
Solicitud Vulnerabilidades SW ICP 2 - RF627828
16 pages
IntruderReport - 04 Oct 2021
No ratings yet
IntruderReport - 04 Oct 2021
13 pages
Presentation Pivot
No ratings yet
Presentation Pivot
11 pages
Software Refactoring Prediction Using SVM and Optimization Algorithms
No ratings yet
Software Refactoring Prediction Using SVM and Optimization Algorithms
10 pages
Vulnerabilities Ehip
No ratings yet
Vulnerabilities Ehip
11 pages
Administrative Report
No ratings yet
Administrative Report
26 pages
Server Security Audit Report FOR: Baramati Agro
No ratings yet
Server Security Audit Report FOR: Baramati Agro
9 pages
Week 6: Author Affiliation Course Instructor Due Date
No ratings yet
Week 6: Author Affiliation Course Instructor Due Date
13 pages
EE105 - Fall 2007 Microelectronic Devices and Circuits: Prof. Tsu-Jae King Liu Tking@eecs - Berkeley.edu 567 Cory Hall
No ratings yet
EE105 - Fall 2007 Microelectronic Devices and Circuits: Prof. Tsu-Jae King Liu Tking@eecs - Berkeley.edu 567 Cory Hall
19 pages
Sample VM Writeup
No ratings yet
Sample VM Writeup
13 pages
Server Security Audit Report FOR: Baramati Agro
No ratings yet
Server Security Audit Report FOR: Baramati Agro
10 pages
Nessus Short
No ratings yet
Nessus Short
9 pages
Tenable - Nessus Essential Vulnerability Scan-5
No ratings yet
Tenable - Nessus Essential Vulnerability Scan-5
13 pages
HONOR 10 Lite: Basic Product Parameters
No ratings yet
HONOR 10 Lite: Basic Product Parameters
4 pages
19bcs2848 Exp 5 SWL
No ratings yet
19bcs2848 Exp 5 SWL
6 pages
Srihitha Reddy - X Capital One
No ratings yet
Srihitha Reddy - X Capital One
6 pages
AWS Vulnerability Top Ten Executive Report
No ratings yet
AWS Vulnerability Top Ten Executive Report
7 pages
Lab 1 PDF
No ratings yet
Lab 1 PDF
6 pages
Server Security Audit Report FOR: Baramati Agro
No ratings yet
Server Security Audit Report FOR: Baramati Agro
8 pages
Cybersecurity
No ratings yet
Cybersecurity
7 pages
Network - Scanner-109 74 196 90-20250228-0622
No ratings yet
Network - Scanner-109 74 196 90-20250228-0622
4 pages
Using Nessus
No ratings yet
Using Nessus
6 pages
Bad Scanning Web Application Only - Fid1s4
No ratings yet
Bad Scanning Web Application Only - Fid1s4
6 pages
Vulnerabilities+Groups+-+06 10 2025,+11 36 03+GMT-3
No ratings yet
Vulnerabilities+Groups+-+06 10 2025,+11 36 03+GMT-3
9 pages
57 Observations Arbor Tms
No ratings yet
57 Observations Arbor Tms
4 pages
Unit 1 Project
No ratings yet
Unit 1 Project
5 pages
Escaner Maquina Linux
No ratings yet
Escaner Maquina Linux
3 pages
2023 Kubernetes Vulnerabilities and CVEs
No ratings yet
2023 Kubernetes Vulnerabilities and CVEs
3 pages
Swarf
No ratings yet
Swarf
1 page
Syllabus
No ratings yet
Syllabus
3 pages
Microsoft Windows Security Essentials
From Everand
Microsoft Windows Security Essentials
Darril Gibson
5/5 (1)
Network Security All-in-one: ASA Firepower WSA Umbrella VPN ISE Layer 2 Security
From Everand
Network Security All-in-one: ASA Firepower WSA Umbrella VPN ISE Layer 2 Security
Redouane MEDDANE
No ratings yet