Report

Scan Report
July 20, 2024
Summary
This document reports on the results of an automatic security scan. All dates are dis-
played using the timezone Coordinated Universal Time, which is abbreviated UTC. The
task was Immediate scan of IP 192.168.16.140. The scan started at Sat Jul 20 17:57:16
2024 UTC and ended at Sat Jul 20 18:09:22 2024 UTC. The report rst summarises the
results found. Then, for each host, the report describes every issue found. Please consider
the advice given in each description, in order to rectify the issue.
Contents
1 Result Overview 2
2 Results per Host 2
2.1 192.168.16.140 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2
2.1.1 Medium 135/tcp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2
2.1.2 Medium 3389/tcp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
2.1.3 Low general/icmp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
1
2 RESULTS PER HOST 2
1 Result Overview
Host High Medium Low Log False Positive

192.168.16.140 0 2 1 0 0
pc1
Total: 1 0 2 1 0 0
Vendor security updates are not trusted.

Overrides are o. Even when a result has an override, this report uses the actual threat of the
result.
Information on overrides is included in the report.
Notes are included in the report.
This report might not show details of all issues that were found.
Issues with the threat level Log are not shown.
Issues with the threat level Debug are not shown.
Issues with the threat level False Positive are not shown.
Only results with a minimum QoD of 70 are shown.
This report contains all 3 results selected by the ltering described above. Before ltering there
were 26 results.
2 Results per Host

2.1 192.168.16.140
Host scan start Sat Jul 20 18:00:06 2024 UTC

Host scan end Sat Jul 20 18:09:18 2024 UTC
Service (Port) Threat Level

135/tcp Medium
3389/tcp Medium
general/icmp Low
2.1.1 Medium 135/tcp
Medium (CVSS: 5.0)

NVT: DCE/RPC and MSRPC Services Enumeration Reporting
Summary
Distributed Computing Environment / Remote Procedure Calls (DCE/RPC) or MSRPC ser-
vices running on the remote host can be enumerated by connecting on port 135 and doing the
appropriate queries.
. . . continues on next page . . .

. . . continued from previous page . . .

Quality of Detection: 80
Vulnerability Detection Result

Here is the list of DCE/RPC or MSRPC services running on this host via the TCP p
,→rotocol:
Port: 49664/tcp
UUID: 12345778-1234-abcd-ef00-0123456789ac, version 1
Endpoint: ncacn_ip_tcp:192.168.16.140[49664]
Named pipe : lsass
Win32 service or process : lsass.exe
Description : SAM access
UUID: 51a227ae-825b-41f2-b4a9-1ac9557a1018, version 1
Annotation: Ngc Pop Key Service
UUID: 8fb74744-b2ff-4c00-be0d-9ef9a191fe1b, version 1
Annotation: Ngc Pop Key Service
UUID: b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 2
Annotation: KeyIso
Port: 49665/tcp
UUID: d95afe70-a6d5-4259-822e-2c84da1ddb0d, version 1
Port: 49666/tcp
UUID: f6beaff7-1e19-4fbb-9f8f-b89e2018337c, version 1
Annotation: Event log TCPIP
Port: 49667/tcp
UUID: 3a9ef155-691d-4449-8d05-09ad57031823, version 1
UUID: 86d35949-83c9-4044-b424-db363231fd0c, version 1
Port: 49668/tcp
UUID: 29770a8f-829b-4158-90a2-78cd488501f7, version 1
Port: 49669/tcp
UUID: 0b6edbfa-4a24-4fc6-8a23-942b1eca65d1, version 1
UUID: 12345678-1234-abcd-ef00-0123456789ab, version 1
Named pipe : spoolss
Win32 service or process : spoolsv.exe
Description : Spooler service
UUID: 4a452661-8290-4b36-8fbe-7f4093a94978, version 1
UUID: 76f03f96-cdfd-44fc-a22c-64950a001209, version 1

UUID: ae33069b-a2a8-46ee-a235-ddfd339be281, version 1
Port: 49671/tcp
UUID: 367abb81-9844-35f1-ad32-98f038001003, version 2
Port: 49679/tcp
UUID: 6b5bdd1e-528c-422c-af8c-a4079be4fe48, version 1
Annotation: Remote Fw APIs
Note: DCE/RPC or MSRPC services running on this host locally were identified. Re
,→porting this list is not enabled by default due to the possible large size of
,→this list. See the script preferences to enable this reporting.
Impact
An attacker may use this fact to gain more knowledge about the remote host.
Solution:
Solution type: Mitigation
Filter incoming trac to this ports.
Vulnerability Detection Method

Details: DCE/RPC and MSRPC Services Enumeration Reporting
OID:1.3.6.1.4.1.25623.1.0.10736
Version used: 2022-06-03T10:17:07Z
[ return to 192.168.16.140 ]
2.1.2 Medium 3389/tcp
Medium (CVSS: 4.3)

NVT: SSL/TLS: Deprecated TLSv1.0 and TLSv1.1 Protocol Detection
Summary
It was possible to detect the usage of the deprecated TLSv1.0 and/or TLSv1.1 protocol on this
system.

In addition to TLSv1.2+ the service is also providing the deprecated TLSv1.0 pro
,→tocol and supports one or more ciphers. Those supported ciphers can be found i
,→n the 'SSL/TLS: Report Supported Cipher Suites' (OID: 1.3.6.1.4.1.25623.1.0.80
,→2067) VT.
Impact

An attacker might be able to use the known cryptographic aws to eavesdrop the connection
between clients and the service to get access to sensitive data transferred within the secured
connection.
Furthermore newly uncovered vulnerabilities in this protocols won't receive security updates
anymore.
Solution:
It is recommended to disable the deprecated TLSv1.0 and/or TLSv1.1 protocols in favor of the
TLSv1.2+ protocols. Please see the references for more information.
Aected Software/OS
All services providing an encrypted communication using the TLSv1.0 and/or TLSv1.1 protocols.
Vulnerability Insight
The TLSv1.0 and TLSv1.1 protocols contain known cryptographic aws like:
- CVE-2011-3389: Browser Exploit Against SSL/TLS (BEAST)
- CVE-2015-0204: Factoring Attack on RSA-EXPORT Keys Padding Oracle On Downgraded
Legacy Encryption (FREAK)

Check the used TLS protocols of the services provided by this system.
Details: SSL/TLS: Deprecated TLSv1.0 and TLSv1.1 Protocol Detection
OID:1.3.6.1.4.1.25623.1.0.117274
Version used: 2023-10-20T16:09:12Z
References
cve: CVE-2011-3389
cve: CVE-2015-0204
url: https://ssl-config.mozilla.org/
url: https://bettercrypto.org/
url: https://datatracker.ietf.org/doc/rfc8996/
url: https://vnhacker.blogspot.com/2011/09/beast.html
url: https://web.archive.org/web/20201108095603/https://censys.io/blog/freak
url: https://www.enisa.europa.eu/publications/algorithms-key-size-and-parameters
,→-report-2014
cert-bund: WID-SEC-2023-1435
cert-bund: CB-K18/0799

dfn-cert: DFN-CERT-2020-0177

[ return to 192.168.16.140 ]
2.1.3 Low general/icmp

Low (CVSS: 2.1)

NVT: ICMP Timestamp Reply Information Disclosure
Summary
The remote host responded to an ICMP timestamp request.

The following response / ICMP packet has been received:
- ICMP Type: 14
- ICMP Code: 0
Impact
This information could theoretically be used to exploit weak time-based random number gener-
ators in other services.
Solution:
Various mitigations are possible:
- Disable the support for ICMP timestamp on the remote host completely
- Protect the remote host by a rewall, and block ICMP packets passing through the rewall in
either direction (either completely or only for untrusted networks)
Vulnerability Insight
The Timestamp Reply is an ICMP message which replies to a Timestamp message. It consists
of the originating timestamp sent by the sender of the Timestamp as well as a receive timestamp
and a transmit timestamp.

Sends an ICMP Timestamp (Type 13) request and checks if a Timestamp Reply (Type 14) is
received.
Details: ICMP Timestamp Reply Information Disclosure
OID:1.3.6.1.4.1.25623.1.0.103190
Version used: 2023-05-11T09:09:33Z
References
cve: CVE-1999-0524
url: https://datatracker.ietf.org/doc/html/rfc792
url: https://datatracker.ietf.org/doc/html/rfc2780
[ return to 192.168.16.140 ]
This le was automatically generated.

Report

Uploaded by

Copyright:

Available Formats

Report

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Report

Uploaded by

Copyright:

Available Formats

Scan Report

July 20, 2024

2.1.1 Medium 135/tcp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2

2.1.2 Medium 3389/tcp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4

2.1.3 Low general/icmp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7

Host High Medium Low Log False Positive

Vendor security updates are not trusted.

2 Results per Host

Host scan start Sat Jul 20 18:00:06 2024 UTC

Service (Port) Threat Level

2.1.1 Medium 135/tcp

Medium (CVSS: 5.0)

. . . continues on next page . . .

. . . continued from previous page . . .

Vulnerability Detection Result

. . . continued from previous page . . .

Vulnerability Detection Method

2.1.2 Medium 3389/tcp

Medium (CVSS: 4.3)

Vulnerability Detection Result

. . . continued from previous page . . .

Vulnerability Detection Method

. . . continued from previous page . . .

. . . continued from previous page . . .

2.1.3 Low general/icmp

Low (CVSS: 2.1)

Vulnerability Detection Result

Vulnerability Detection Method

This le was automatically generated.

You might also like

This le was automatically generated.