Audit Report
cps site 1
Audited on November 20, 2021
Reported on November 20, 2021
Audit Report
1. Executive Summary
This report represents a security audit performed by Nexpose from Rapid7 LLC. It contains confidential information about the state of
your network. Access to this information by unauthorized personnel may allow them to compromise your network.
Site Name
Start Time
End Time
Total Time
Status
CPS site
November 20, 2021
00:49, PKT
November 20, 2021
01:16, PKT
26 minutes
Success
There is not enough historical data to display overall asset trend.
The audit was performed on 102 systems, 102 of which were found to be active and were scanned.
There were 324 vulnerabilities found during this scan. Of these, 37 were critical vulnerabilities. Critical vulnerabilities require immediate
attention. They are relatively easy for attackers to exploit and may provide them with full control of the affected systems. 126
vulnerabilities were severe. Severe vulnerabilities are often harder to exploit and may not provide the same access to affected systems.
There were 161 moderate vulnerabilities discovered. These often provide information to attackers that may assist them in mounting
subsequent attacks on your network. These should also be fixed in a timely manner, but are not as urgent as the other vulnerabilities.
Critical vulnerabilities were found to exist on 3 of the systems, making them most susceptible to attack. 31 systems were found to have
severe vulnerabilities. Moderate vulnerabilities were found on 101 systems. No vulnerabilities were found on the remaining 1 systems.
There were 87 occurrences of the generic-icmp-timestamp vulnerability, making it the most common vulnerability. There were 235
vulnerability instances in the Network category, making it the most common vulnerability category.
Page 1
Audit Report
The certificate-common-name-mismatch vulnerability poses the highest risk to the organization with a risk score of 12,415. Risk scores
are based on the types and numbers of vulnerabilities on affected assets.
There were 4 operating systems identified during this scan.
The Linux operating system was found on 97 systems, making it the most common operating system.
There were 25 services found to be running during this scan.
The SSH service was found on 98 systems, making it the most common service. The HTTPS service was found to have the most
vulnerabilities during this scan with 91 vulnerabilities.
Page 2
Audit Report
2. Discovered Systems
Node
Operating System
Risk
10.220.251.116
Unknown
25,643
10.220.251.46
Microsoft Windows
9,267
Aliases
•mfs-lhr-backup.mobilink.net.pk
•MFS-LHR-BACKUP
10.220.251.119
Microsoft Windows Server 2008
R2, Standard Edition
7,425
10.220.251.64
Linux LINUX 2.6.32
4,516
10.220.251.65
Linux LINUX 2.6.32
4,516
10.220.251.28
Linux LINUX 2.6.32
3,480
10.220.251.24
Linux LINUX 2.6.32
3,480
10.220.251.30
Linux LINUX 2.6.32
3,480
10.220.251.31
Linux LINUX 2.6.32
3,480
10.220.251.26
Linux LINUX 2.6.32
3,480
10.220.251.25
Linux LINUX 2.6.32
3,480
10.220.251.29
Linux LINUX 2.6.32
3,480
10.220.251.27
Linux LINUX 2.6.32
3,480
10.220.251.32
Linux LINUX 2.6.32
3,480
10.220.251.47
Cisco PIX 8.2
3,448
10.220.251.83
Linux LINUX 2.6.32
3,079
10.220.251.84
Linux LINUX 2.6.32
3,079
10.220.251.82
Linux LINUX 2.6.32
3,079
10.220.251.36
Linux 4.4.21-69-default
1,734
10.220.251.59
Linux LINUX 2.6.32
1,087
10.220.251.72
Linux LINUX 2.6.32
1,087
10.220.251.58
Linux LINUX 2.6.32
1,087
10.220.251.60
Linux LINUX 2.6.32
1,087
10.220.251.57
Linux LINUX 2.6.32
1,087
10.220.251.54
Linux LINUX 2.6.11 - 2.6.18
2.6.11
1,044
10.220.251.49
Linux LINUX 2.6.32
1,044
10.220.251.48
Linux LINUX 2.6.32
1,044
10.220.251.52
Linux LINUX 2.6.32
1,044
•WIN-MDJKT3PE7IL
Page 3
Audit Report
Node
Operating System
Risk
10.220.251.51
Linux LINUX 2.6.32
1,044
10.220.251.53
Linux LINUX 2.6.32
581
10.220.251.56
Linux LINUX 2.6.32
581
10.220.251.50
Linux LINUX 2.6.32
581
10.220.251.23
Linux LINUX 2.6.32
506
10.220.251.21
Linux LINUX 2.6.32
506
10.220.251.45
Linux LINUX 2.6.32
506
10.220.251.67
Linux LINUX 2.6.32
506
10.220.251.34
Linux LINUX 2.6.32
506
10.220.251.41
Linux LINUX 2.6.32
506
10.220.251.22
Linux LINUX 2.6.32
506
10.220.251.38
Linux LINUX 2.6.32
506
10.220.251.33
Linux LINUX 2.6.32
506
10.220.251.35
Linux LINUX 2.6.32
506
10.220.251.37
Linux LINUX 2.6.32
506
10.220.251.118
Linux LINUX 2.6.32
506
10.220.251.91
Linux LINUX 2.6.32
0.0
10.220.251.87
Linux LINUX 2.6.11 - 2.6.18
2.6.11
0.0
10.220.251.106
Linux LINUX 2.6.32
0.0
10.220.251.63
Linux LINUX 2.6.32
0.0
10.220.251.92
Linux LINUX 2.6.32
0.0
10.220.251.103
Linux LINUX 2.6.32
0.0
10.220.251.100
Linux LINUX 2.6.32
0.0
10.220.251.121
Linux LINUX 2.6.32
0.0
10.220.251.108
Linux LINUX 2.6.32
0.0
10.220.251.94
Linux LINUX 2.6.32
0.0
10.220.251.105
Linux LINUX 2.6.11 - 2.6.18
2.6.11
0.0
10.220.251.101
Linux LINUX 2.6.11 - 2.6.18
2.6.11
0.0
10.220.251.107
Linux LINUX 2.6.11 - 2.6.18
2.6.11
0.0
10.220.251.102
Linux LINUX 2.6.32
0.0
Aliases
Page 4
Audit Report
Node
Operating System
Risk
10.220.251.112
Linux LINUX 2.6.32
0.0
10.220.251.109
Linux LINUX 2.6.32
0.0
10.220.251.104
Linux LINUX 2.6.32
0.0
10.220.251.11
Linux LINUX 2.6.32
0.0
10.220.251.110
Linux LINUX 2.6.32
0.0
10.220.251.62
Linux LINUX 2.6.32
0.0
10.220.251.13
Linux LINUX 2.6.32
0.0
10.220.251.7
Linux LINUX 2.6.32
0.0
10.220.251.16
Linux LINUX 2.6.32
0.0
10.220.251.99
Linux LINUX 2.6.32
0.0
10.220.251.98
Linux LINUX 2.6.32
0.0
10.220.251.97
Linux LINUX 2.6.32
0.0
10.220.251.96
Linux LINUX 2.6.11 - 2.6.18
2.6.11
0.0
10.220.251.77
Linux LINUX 2.6.32
0.0
10.220.251.79
Linux LINUX 2.6.32
0.0
10.220.251.78
Linux LINUX 2.6.32
0.0
10.220.251.39
Linux LINUX 2.6.11 - 2.6.18
2.6.11
0.0
10.220.251.81
Linux LINUX 2.6.32
0.0
10.220.251.76
Linux LINUX 2.6.32
0.0
10.220.251.68
Linux LINUX 2.6.32
0.0
10.220.251.69
Linux LINUX 2.6.32
0.0
10.220.251.90
Linux LINUX 2.6.11 - 2.6.18
2.6.11
0.0
10.220.251.93
Linux LINUX 2.6.32
0.0
10.220.251.20
Linux LINUX 2.6.32
0.0
10.220.251.66
Linux LINUX 2.6.32
0.0
10.220.251.113
Linux LINUX 2.6.32
0.0
10.220.251.117
Linux LINUX 2.6.32
0.0
10.220.251.115
Linux LINUX 2.6.32
0.0
10.220.251.61
Linux LINUX 2.6.32
0.0
10.220.251.111
Linux LINUX 2.6.32
0.0
10.220.251.122
Linux LINUX 2.6.11 - 2.6.18
0.0
Aliases
Page 5
Audit Report
Node
Operating System
Risk
Aliases
2.6.11
10.220.251.114
Unknown
0.0
10.220.251.88
Linux LINUX 2.6.32
0.0
10.220.251.89
Linux LINUX 2.6.32
0.0
10.220.251.12
Linux LINUX 2.6.32
0.0
10.220.251.14
Linux LINUX 2.6.32
0.0
10.220.251.8
Linux LINUX 2.6.32
0.0
10.220.251.10
Linux LINUX 2.6.32
0.0
10.220.251.17
Linux LINUX 2.6.32
0.0
10.220.251.18
Linux LINUX 2.6.32
0.0
10.220.251.80
Linux LINUX 2.6.32
0.0
10.220.251.9
Linux LINUX 2.6.11 - 2.6.18
2.6.11
0.0
10.220.251.15
Linux LINUX 2.6.11 - 2.6.18
2.6.11
0.0
10.220.251.95
Linux LINUX 2.6.32
0.0
Page 6
Audit Report
3. Discovered and Potential Vulnerabilities
3.1. Critical Vulnerabilities
3.1.1. Default or Guessable SNMP community names: public (snmp-read-0001)
Description:
The Simple Network Management Protocol (SNMP) is a commonly used network service. Its primary function is to provide network
administrators with information about all kinds of network connected devices. SNMP can be used to get and change system settings on
a wide variety of devices, from network servers, to routers and printers. The drawback to this service is the authentication is an
unencrypted "community string". In addition many SNMP servers provide very simple default community strings. The community string
"public" is a default on a number of SNMP servers.
This community string can allow attackers to gain a large amount of information about the SNMP server and the network it monitors.
Attackers may even reconfigure or shut down devices remotely.
Affected Nodes:
Affected Nodes:
Additional Information:
10.220.251.116:161
Running SNMP serviceSuccessfully authenticated to the SNMP service with
credentials: uid[] pw[public] realm[]
10.220.251.46:161
Running SNMP serviceSuccessfully authenticated to the SNMP service with
credentials: uid[] pw[public] realm[]
References:
Source
Reference
BID
2896
BID
3795
BID
3797
CVE
CVE-1999-0186
CVE
CVE-1999-0254
CVE
CVE-1999-0472
CVE
CVE-1999-0516
CVE
CVE-1999-0517
CVE
CVE-2001-0514
CVE
CVE-2002-0109
CVE
CVE-2010-1574
Page 7
Audit Report
Source
Reference
XF
6576
XF
7827
Vulnerability Solution:
•Secure the SNMP installation
1. If you do not absolutely need SNMP, disable it. SNMP versions 1 and 2c are inherently insecure. SNMP version 3 provides more
complex authentication and encryption.
2. If you must use SNMP be sure to use complex and difficult to guess community names. Use the same policy for community names
as you use for passwords.
3. Try to make all your MIB's read only. This will limit the damage an attacker can do to your network.
•Secure the SNMP installation on Cisco IOS
1. For SNMP Servers running on Cisco IOS, a Cisco IOS Software upgrade should be performed as a permanent fix for this
vulnerability.
2. Alternatively, create an Embedded Event Manager policy to remove the hard-coded SNMP community names using the following
steps:
3. event manager applet cisco-sa-20100707-snmp
4.
event timer countdown time 30
5.
action 10 cli command "enable"
6.
action 20 cli command "configure terminal"
7.
action 30 cli command "no snmp-server community public RO"
8.
action 40 cli command "no snmp-server community private RW"
9.
action 50 cli command "end"
10. action 60 cli command "disable"
11. action 70 syslog msg "Hard-coded SNMP community names as per Cisco Security Advisory cisco-sa-20100707-snmp removed"
https://www.cisco.com/c/en/us/support/docs/csa/cisco-sa-20100707-snmp.html
3.1.2. Default or Guessable SNMP community names: private (snmp-read-0002)
Description:
The Simple Network Management Protocol (SNMP) is a commonly used network service. Its primary function is to provide network
administrators with information about all kinds of network connected devices. SNMP can be used to get and change system settings on
a wide variety of devices, from network servers, to routers and printers. The drawback to this service is the authentication is an
unencrypted "community string". In addition many SNMP servers provide very simple default community strings. The community string
"private" is a default on a number of SNMP servers.
This community string can allow attackers to gain a large amount of information about the SNMP server and the network it monitors.
Attackers may even reconfigure or shut down devices remotely.
This string is a known default community string on SCO Open Server 5.0.5. If you use this system, please see the specific solution
below.
Page 8
Audit Report
Affected Nodes:
Affected Nodes:
Additional Information:
10.220.251.116:161
Running SNMP serviceSuccessfully authenticated to the SNMP service with
credentials: uid[] pw[private] realm[]
References:
Source
Reference
BID
973
CVE
CVE-1999-0516
CVE
CVE-1999-0517
CVE
CVE-2000-0147
CVE
CVE-2010-1574
URL
ftp://ftp.sco.com/SSE/security_bulletins/SB-00.04a
URL
http://archives.neohapsis.com/archives/bugtraq/2000-02/0045.html
Vulnerability Solution:
•Fix Default or Guessable SNMP community names: private
The following steps are recommended for dealing with this vulnerability:
1. If you do not absolutely need SNMP, disable it. SNMP version 1 is inherently insecure. SNMP version 3 provides more complex
authentication and encryption.
2. If you must use SNMP be sure to use complex and difficult to guess community names. Use the same policy for community names
as you use for passwords.
3. Try to make all your MIB's read only. This will limit the damage an attacker can do to your network.
To remove this vulnerability on SCO Open Server 5.0.5:
1. Edit /etc/snmpd.comm
2. Remove the 'private' string from the list of communities
3. Restart the snmpd process
•Secure the SNMP installation on Cisco IOS
1. For SNMP Servers running on Cisco IOS, a Cisco IOS Software upgrade should be performed as a permanent fix for this
vulnerability.
2. Alternatively, create an Embedded Event Manager policy to remove the hard-coded SNMP community names using the following
steps:
3. event manager applet cisco-sa-20100707-snmp
4.
event timer countdown time 30
5.
action 10 cli command "enable"
6.
action 20 cli command "configure terminal"
Page 9
Audit Report
7.
action 30 cli command "no snmp-server community public RO"
8.
action 40 cli command "no snmp-server community private RW"
9.
action 50 cli command "end"
10. action 60 cli command "disable"
11. action 70 syslog msg "Hard-coded SNMP community names as per Cisco Security Advisory cisco-sa-20100707-snmp removed"
https://www.cisco.com/c/en/us/support/docs/csa/cisco-sa-20100707-snmp.html
3.1.3. Default or Guessable SNMP community names: snmpd (snmp-read-0018)
Description:
The Simple Network Management Protocol (SNMP) is a commonly used network service. Its primary function is to provide network
administrators with information about all kinds of network connected devices. SNMP can be used to get and change system settings on
a wide variety of devices, from network servers, to routers and printers. The drawback to this service is the authentication is an
unencrypted "community string". In addition many SNMP servers provide very simple default community strings. The community string
"snmpd" is a default on a number of SNMP servers.
This community string can allow attackers to gain a large amount of information about the SNMP server and the network it monitors.
Attackers may even reconfigure or shut down devices remotely.
The community string "snmpd" may also imply a more serious vulnerability on HP OpenView SNMP servers. This may be a hidden
community string. This community allows unauthorized access to certain SNMP variables. Attackers can use this community to
discover network topology and modify MIB variables. HP OpenView Version 5.02 is vulnerable. Earlier versions are thought to be
vulnerable as well. HP-UX 9.X and HP-UX 10.X SNMP agents are vulnerable if OpenView is installed. OpenView for Solaris 2.X is also
vulnerable. OpenView for Windows NT is not vulnerable.
Affected Nodes:
Affected Nodes:
Additional Information:
10.220.251.116:161
Running SNMP serviceSuccessfully authenticated to the SNMP service with
credentials: uid[] pw[snmpd] realm[]
References:
Source
Reference
CVE
CVE-1999-0254
CVE
CVE-1999-0516
CVE
CVE-1999-0517
URL
http://xforce.iss.net/alerts/vol-3_num-2.phpHPOV-hidden-SNMP-comm
Vulnerability Solution:
The following steps are recommended for dealing with this vulnerability:
Page 10
Audit Report
1. If you do not absolutely need SNMP, disable it. SNMP version 1 is inherently insecure. SNMP version 3 provides more complex
authentication and encryption.
2. If you must use SNMP be sure to use complex and difficult to guess community names. Use the same policy for community names
as you use for passwords.
3. Try to make all your MIB's read only. This will limit the damage an attacker can do to your network.
HP has made the following patches available for OpenView:
PHSS_16800:HP-UX Version 10.X
PHSS_16799:HP-UX Version 9.X
PHOV_02190:Solaris Version 2.X
3.1.4. Default or Guessable SNMP community names: all private (snmp-read-0021)
Description:
The Simple Network Management Protocol (SNMP) is a commonly used network service. Its primary function is to provide network
administrators with information about all kinds of network connected devices. SNMP can be used to get and change system settings on
a wide variety of devices, from network servers, to routers and printers. The drawback to this service is the authentication is an
unencrypted "community string". In addition many SNMP servers provide very simple default community strings. The community string
"all private" is a default on a number of SNMP servers.
This community string can allow attackers to gain a large amount of information about the SNMP server and the network it monitors.
Attackers may even reconfigure or shut down devices remotely.
The community name "all private" may also indicate a more serious vulnerability if you are running Solstice Enterprise Agents(SEA) on
Solaris.
From bugtraq: The Solstice Enterprise Agents (SEA) enables the creation of custom, extensible agents for device and system
management for Solaris. SEA supports both the Simple Network Management Protocol (SNMP) and DMI protocols.
A default community string is present in the Sun SNMP subagent that may be remotely exploited by an unauthorized user to modify
system parameters or execute arbitrary commands with root privileges.
SEA was initially available as an unbundled product and later bundled with Solaris 2.6 at version 1.0.1.
Affected Nodes:
Affected Nodes:
Additional Information:
10.220.251.116:161
Running SNMP serviceSuccessfully authenticated to the SNMP service with
credentials: uid[] pw[all private] realm[]
References:
Source
Reference
Page 11
Audit Report
Source
Reference
CVE
CVE-1999-0186
CVE
CVE-1999-0516
CVE
CVE-1999-0517
Vulnerability Solution:
Download and apply the upgrade from: http://www.sun.com/solstice/products/ent.agents/
If you are running SEA on the vulnerable machine these are the recommended steps:
Sites running Solaris 2.6 and SEA on Solaris 2.5.1 should upgrade the SEA software to SEA 1.03. SEA 1.0.3 is bundled with Solaris 7.
SEA 1.0.3 is available for Solaris 2.6, 2.6_x86, 2.5.1, and 2.5.1_x86 and may be downloaded from:
http://www.sun.com/solstice/products/ent.agents/ ( http://www.sun.com/solstice/products/ent.agents/ )
Sites running SEA 1.0 on Solaris 2.4 and 2.5 should either disable SEA or upgrade the operating system to Solaris 7 if possible. Sites
upgrading to Solaris 2.5.1 or 2.6 may obtain SEA 1.0.3 from the URL listed above.
Workaround:
To determine if your system is using SEA, use pkginfo on one of the following SEA packages: SUNWmibii, SUNWsacom, SUNWsadmi,
SUNWsasnm.
On SEA 1.0 and 1.0.1, a pkginfo on SUNWmibii will display as follows:
% pkginfo SUNWmibii
system SUNWmibii Solstice Enterprise Agent SNMP daemon
On SEA 1.0.2:
% pkginfo SUNWmibii
system SUNWmibii Solstice Enterprise Agents 1.0.2 SNMP daemon
To disable SEA, perform the following steps:
% su
Password:
# /etc/init.d/init.snmpdx stop
# mv /etc/rc3.d/S76snmpdx /etc/rc3.d/DISABLED_S76snmpdx
Sun Solaris 2.4_x86:
Sun Solaris 2.4:
Sun Solaris 2.5_x86:
Sun Solaris 2.5.1_x86:
Sun Solaris 2.5.1:
Sun Solaris 2.6_x86:
Sun Patch 106600-02
Sun Solaris 2.6:
Sun Patch 106037-05
Page 12
Audit Report
In adition, the following steps are recommended for dealing with this vulnerability:
1. If you do not absolutely need SNMP, disable it. SNMP version 1 is inherently insecure. SNMP version 3 provides more complex
authentication and encryption.
2. If you must use SNMP be sure to use complex and difficult to guess community names. Use the same policy for community names
as you use for passwords.
3. Try to make all your MIB's read only. This will limit the damage an attacker can do to your network.
3.1.5. Microsoft CVE-2017-0146: Windows SMB Remote Code Execution Vulnerability (msft-cve-2017-0146)
Description:
A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 1.0 (SMBv1) server handles certain
requests. An attacker who successfully exploited the vulnerability could gain the ability to execute code on the target server. To exploit
the vulnerability, in most situations, an authenticated attacker could send a specially crafted packet to a targeted SMBv1 server. The
security update addresses the vulnerability by correcting how SMBv1 handles these specially crafted requests.
Affected Nodes:
Affected Nodes:
Additional Information:
10.220.251.119
Host returned expected exception that indicates vulnerability
(INSUFF_SERVER_RESOURCES).
References:
Source
Reference
CVE
CVE-2017-0146
MSKB
4012212
MSKB
4012213
MSKB
4012214
MSKB
4012215
MSKB
4012216
MSKB
4012217
MSKB
4012598
MSKB
4012606
MSKB
4013198
MSKB
4013429
MS
MS17-006
MS
MS17-008
MS
MS17-010
Page 13
Audit Report
Vulnerability Solution:
•Microsoft Windows Embedded Standard 7 SP1 (x86)
March, 2017 Security Only Quality Update for Windows Embedded Standard 7 (KB4012212)
Download and apply the patch from: http://support.microsoft.com/kb/4012212
•Microsoft Windows Server 2008 R2 SP1 (ia64), Microsoft Windows Server 2008 R2, Enterprise Edition SP1 (ia64), Microsoft Windows
Server 2008 R2, Standard Edition SP1 (ia64), Microsoft Windows Server 2008 R2, Datacenter Edition SP1 (ia64), Microsoft Windows
Server 2008 R2, Web Edition SP1 (ia64)
March, 2017 Security Only Quality Update for Windows Server 2008 R2 for Itanium-based Systems (KB4012212)
Download and apply the patch from: http://support.microsoft.com/kb/4012212
•Microsoft Windows 7 SP1 (x86_64), Microsoft Windows 7 Home, Basic Edition SP1 (x86_64), Microsoft Windows 7 Home, Basic N
Edition SP1 (x86_64), Microsoft Windows 7 Home, Premium Edition SP1 (x86_64), Microsoft Windows 7 Home, Premium N Edition
SP1 (x86_64), Microsoft Windows 7 Ultimate Edition SP1 (x86_64), Microsoft Windows 7 Ultimate N Edition SP1 (x86_64), Microsoft
Windows 7 Enterprise Edition SP1 (x86_64), Microsoft Windows 7 Enterprise N Edition SP1 (x86_64), Microsoft Windows 7
Professional Edition SP1 (x86_64), Microsoft Windows 7 Starter Edition SP1 (x86_64), Microsoft Windows 7 Starter N Edition SP1
(x86_64)
March, 2017 Security Only Quality Update for Windows 7 for x64-based Systems (KB4012212)
Download and apply the patch from: http://support.microsoft.com/kb/4012212
•Microsoft Windows Server 2008 R2 SP1 (x86_64), Microsoft Windows Server 2008 R2, Enterprise Edition SP1 (x86_64), Microsoft
Windows Server 2008 R2, Standard Edition SP1 (x86_64), Microsoft Windows Server 2008 R2, Datacenter Edition SP1 (x86_64),
Microsoft Windows Server 2008 R2, Web Edition SP1 (x86_64)
March, 2017 Security Only Quality Update for Windows Server 2008 R2 for x64-based Systems (KB4012212)
Download and apply the patch from: http://support.microsoft.com/kb/4012212
•Microsoft Windows Embedded Standard 7 SP1 (x86_64)
March, 2017 Security Only Quality Update for Windows Embedded Standard 7 for x64-based Systems (KB4012212)
Download and apply the patch from: http://support.microsoft.com/kb/4012212
•Microsoft Windows 7 SP1 (x86), Microsoft Windows 7 Home, Basic Edition SP1 (x86), Microsoft Windows 7 Home, Basic N Edition
SP1 (x86), Microsoft Windows 7 Home, Premium Edition SP1 (x86), Microsoft Windows 7 Home, Premium N Edition SP1 (x86),
Microsoft Windows 7 Ultimate Edition SP1 (x86), Microsoft Windows 7 Ultimate N Edition SP1 (x86), Microsoft Windows 7 Enterprise
Edition SP1 (x86), Microsoft Windows 7 Enterprise N Edition SP1 (x86), Microsoft Windows 7 Professional Edition SP1 (x86),
Microsoft Windows 7 Starter Edition SP1 (x86), Microsoft Windows 7 Starter N Edition SP1 (x86)
March, 2017 Security Only Quality Update for Windows 7 (KB4012212)
Download and apply the patch from: http://support.microsoft.com/kb/4012212
•Microsoft Windows 8.1 (x86_64), Microsoft Windows 8.1 Enterprise Edition (x86_64), Microsoft Windows 8.1 Professional Edition
(x86_64)
March, 2017 Security Only Quality Update for Windows 8.1 for x64-based Systems (KB4012213)
Download and apply the patch from: http://support.microsoft.com/kb/4012213
•Microsoft Windows 8.1 (x86), Microsoft Windows 8.1 Enterprise Edition (x86), Microsoft Windows 8.1 Professional Edition (x86)
March, 2017 Security Only Quality Update for Windows 8.1 (KB4012213)
Download and apply the patch from: http://support.microsoft.com/kb/4012213
•Microsoft Windows Server 2012 R2 (x86_64), Microsoft Windows Server 2012 R2 Essentials Edition (x86_64), Microsoft Windows
Server 2012 R2 Standard Edition (x86_64), Microsoft Windows Server 2012 R2 Datacenter Edition (x86_64), Microsoft Windows
Page 14
Audit Report
Server 2012 R2 Foundation Edition (x86_64), Microsoft Windows Storage Server 2012 R2 (x86_64)
March, 2017 Security Only Quality Update for Windows Server 2012 R2 (KB4012213)
Download and apply the patch from: http://support.microsoft.com/kb/4012213
•Microsoft Windows 8 Embedded (x86_64)
March, 2017 Security Only Quality Update for Windows Embedded 8 Standard for x64-based Systems (KB4012214)
Download and apply the patch from: http://support.microsoft.com/kb/4012214
•Microsoft Windows Server 2012 (x86_64), Microsoft Windows Server 2012 Essentials Edition (x86_64), Microsoft Windows Server
2012 Standard Edition (x86_64), Microsoft Windows Server 2012 Datacenter Edition (x86_64), Microsoft Windows Server 2012
Foundation Edition (x86_64), Microsoft Windows Storage Server 2012 (x86_64)
March, 2017 Security Only Quality Update for Windows Server 2012 (KB4012214)
Download and apply the patch from: http://support.microsoft.com/kb/4012214
•Microsoft Windows 8 Embedded (x86)
March, 2017 Security Only Quality Update for Windows Embedded 8 Standard (KB4012214)
Download and apply the patch from: http://support.microsoft.com/kb/4012214
•Microsoft Windows 8 (x86_64), Microsoft Windows 8 Enterprise Edition (x86_64), Microsoft Windows 8 Professional Edition (x86_64),
Microsoft Windows RT (x86_64)
Security Update for Windows 8 for x64-based Systems (KB4012598)
Download and apply the patch from: http://support.microsoft.com/kb/4012598
•Microsoft Windows Vista Home, Basic Edition SP2 (x86_64), Microsoft Windows Vista Home, Basic N Edition SP2 (x86_64), Microsoft
Windows Vista Home, Premium Edition SP2 (x86_64), Microsoft Windows Vista Ultimate Edition SP2 (x86_64), Microsoft Windows
Vista Enterprise Edition SP2 (x86_64), Microsoft Windows Vista Business Edition SP2 (x86_64), Microsoft Windows Vista Business N
Edition SP2 (x86_64), Microsoft Windows Vista Starter Edition SP2 (x86_64)
Security Update for Windows Vista for x64-based Systems (KB4012598)
Download and apply the patch from: http://support.microsoft.com/kb/4012598
•Microsoft Windows XP Professional SP3 (x86)
Security Update for WES09 and POSReady 2009 (KB4012598)
Download and apply the patch from: http://support.microsoft.com/kb/4012598
•Microsoft Windows Server 2008 SP2 (ia64), Microsoft Windows Server 2008 Enterprise Edition SP2 (ia64), Microsoft Windows Server
2008 Standard Edition SP2 (ia64), Microsoft Windows Server 2008 Datacenter Edition SP2 (ia64), Microsoft Windows Server 2008
HPC Edition SP2 (ia64), Microsoft Windows Server 2008 Web Edition SP2 (ia64), Microsoft Windows Server 2008 Storage Edition
SP2 (ia64), Microsoft Windows Small Business Server 2008 SP2 (ia64), Microsoft Windows Essential Business Server 2008 SP2
(ia64)
Security Update for Windows Server 2008 for Itanium-based Systems (KB4012598)
Download and apply the patch from: http://support.microsoft.com/kb/4012598
•Microsoft Windows Server 2008 SP2 (x86_64), Microsoft Windows Server 2008 Enterprise Edition SP2 (x86_64), Microsoft Windows
Server 2008 Standard Edition SP2 (x86_64), Microsoft Windows Server 2008 Datacenter Edition SP2 (x86_64), Microsoft Windows
Server 2008 HPC Edition SP2 (x86_64), Microsoft Windows Server 2008 Web Edition SP2 (x86_64), Microsoft Windows Server 2008
Storage Edition SP2 (x86_64), Microsoft Windows Small Business Server 2008 SP2 (x86_64), Microsoft Windows Essential Business
Server 2008 SP2 (x86_64)
Security Update for Windows Server 2008 for x64-based Systems (KB4012598)
Download and apply the patch from: http://support.microsoft.com/kb/4012598
Page 15
Audit Report
•Microsoft Windows Vista Home, Basic Edition SP2 (x86), Microsoft Windows Vista Home, Basic N Edition SP2 (x86), Microsoft
Windows Vista Home, Premium Edition SP2 (x86), Microsoft Windows Vista Ultimate Edition SP2 (x86), Microsoft Windows Vista
Enterprise Edition SP2 (x86), Microsoft Windows Vista Business Edition SP2 (x86), Microsoft Windows Vista Business N Edition SP2
(x86), Microsoft Windows Vista Starter Edition SP2 (x86)
Security Update for Windows Vista (KB4012598)
Download and apply the patch from: http://support.microsoft.com/kb/4012598
•Microsoft Windows Server 2003 SP2 (x86_64), Microsoft Windows Server 2003, Standard Edition SP2 (x86_64), Microsoft Windows
Server 2003, Enterprise Edition SP2 (x86_64), Microsoft Windows Server 2003, Datacenter Edition SP2 (x86_64), Microsoft Windows
Server 2003, Web Edition SP2 (x86_64), Microsoft Windows Small Business Server 2003 SP2 (x86_64)
Security Update for Windows Server 2003 for x64-based Systems (KB4012598)
Download and apply the patch from: http://support.microsoft.com/kb/4012598
•Microsoft Windows Server 2008 SP2 (x86), Microsoft Windows Server 2008 Enterprise Edition SP2 (x86), Microsoft Windows Server
2008 Standard Edition SP2 (x86), Microsoft Windows Server 2008 Datacenter Edition SP2 (x86), Microsoft Windows Server 2008 HPC
Edition SP2 (x86), Microsoft Windows Server 2008 Web Edition SP2 (x86), Microsoft Windows Server 2008 Storage Edition SP2 (x86),
Microsoft Windows Small Business Server 2008 SP2 (x86), Microsoft Windows Essential Business Server 2008 SP2 (x86)
Security Update for Windows Server 2008 (KB4012598)
Download and apply the patch from: http://support.microsoft.com/kb/4012598
•Microsoft Windows XP Professional SP3 (x86), Microsoft Windows XP Home SP3 (x86), Microsoft Windows XP Media Center Edition
2005 SP3 (x86), Microsoft Windows XP Tablet PC Edition 2005 SP3 (x86)
Security Update for Windows XP SP3 (KB4012598)
Download and apply the patch from: http://support.microsoft.com/kb/4012598
•Microsoft Windows XP Professional SP2 (x86_64), Microsoft Windows XP Home SP2 (x86_64), Microsoft Windows XP Media Center
Edition SP2 (x86_64), Microsoft Windows XP Tablet PC Edition SP2 (x86_64)
Security Update for Windows XP SP2 for x64-based Systems (KB4012598)
Download and apply the patch from: http://support.microsoft.com/kb/4012598
•Microsoft Windows XP Professional SP3 (x86), Microsoft Windows XP Home SP3 (x86), Microsoft Windows XP Media Center Edition
2005 SP3 (x86), Microsoft Windows XP Tablet PC Edition 2005 SP3 (x86)
Security Update for Windows XP SP3 for XPe (KB4012598)
Download and apply the patch from: http://support.microsoft.com/kb/4012598
•Microsoft Windows 8 (x86), Microsoft Windows 8 Enterprise Edition (x86), Microsoft Windows 8 Professional Edition (x86), Microsoft
Windows RT (x86)
Security Update for Windows 8 (KB4012598)
Download and apply the patch from: http://support.microsoft.com/kb/4012598
•Microsoft Windows Server 2003 SP2 (x86), Microsoft Windows Server 2003, Standard Edition SP2 (x86), Microsoft Windows Server
2003, Enterprise Edition SP2 (x86), Microsoft Windows Server 2003, Datacenter Edition SP2 (x86), Microsoft Windows Server 2003,
Web Edition SP2 (x86), Microsoft Windows Small Business Server 2003 SP2 (x86)
Security Update for Windows Server 2003 (KB4012598)
Download and apply the patch from: http://support.microsoft.com/kb/4012598
•Microsoft Windows 10 (x86_64), Microsoft Windows 10 Education Edition (x86_64), Microsoft Windows 10 Enterprise Edition (x86_64),
Microsoft Windows 10 Home Edition (x86_64), Microsoft Windows 10 Mobile Enterprise Edition (x86_64), Microsoft Windows 10
Mobile Edition (x86_64), Microsoft Windows 10 Professional Edition (x86_64)
Page 16
Audit Report
Cumulative Update for Windows 10 for x64-based Systems (KB4012606)
Download and apply the patch from: http://support.microsoft.com/kb/4012606
•Microsoft Windows 10 (x86), Microsoft Windows 10 Education Edition (x86), Microsoft Windows 10 Enterprise Edition (x86), Microsoft
Windows 10 Home Edition (x86), Microsoft Windows 10 Mobile Enterprise Edition (x86), Microsoft Windows 10 Mobile Edition (x86),
Microsoft Windows 10 Professional Edition (x86)
Cumulative Update for Windows 10 (KB4012606)
Download and apply the patch from: http://support.microsoft.com/kb/4012606
•Microsoft Windows 10 1511 (x86_64), Microsoft Windows 10 Education Edition 1511 (x86_64), Microsoft Windows 10 Enterprise
Edition 1511 (x86_64), Microsoft Windows 10 Home Edition 1511 (x86_64), Microsoft Windows 10 Mobile Enterprise Edition 1511
(x86_64), Microsoft Windows 10 Mobile Edition 1511 (x86_64), Microsoft Windows 10 Professional Edition 1511 (x86_64)
Cumulative Update for Windows 10 Version 1511 for x64-based Systems (KB4013198)
Download and apply the patch from: http://support.microsoft.com/kb/4013198
•Microsoft Windows 10 1511 (x86), Microsoft Windows 10 Education Edition 1511 (x86), Microsoft Windows 10 Enterprise Edition 1511
(x86), Microsoft Windows 10 Home Edition 1511 (x86), Microsoft Windows 10 Mobile Enterprise Edition 1511 (x86), Microsoft
Windows 10 Mobile Edition 1511 (x86), Microsoft Windows 10 Professional Edition 1511 (x86)
Cumulative Update for Windows 10 Version 1511 (KB4013198)
Download and apply the patch from: http://support.microsoft.com/kb/4013198
•Microsoft Windows 10 1607 (x86), Microsoft Windows 10 Education Edition 1607 (x86), Microsoft Windows 10 Enterprise Edition 1607
(x86), Microsoft Windows 10 Home Edition 1607 (x86), Microsoft Windows 10 Mobile Enterprise Edition 1607 (x86), Microsoft
Windows 10 Mobile Edition 1607 (x86), Microsoft Windows 10 Professional Edition 1607 (x86)
Cumulative Update for Windows 10 Version 1607 (KB4013429)
Download and apply the patch from: http://support.microsoft.com/kb/4013429
•Microsoft Windows Server 2016 (x86_64), Microsoft Windows Server 2016 Essentials Edition (x86_64), Microsoft Windows Server
2016 Standard Edition (x86_64), Microsoft Windows Server 2016 Datacenter Edition (x86_64), Microsoft Windows Server 2016
MultiPoint Premium Edition (x86_64), Microsoft Windows Storage Server 2016 (x86_64)
Cumulative Update for Windows Server 2016 for x64-based Systems (KB4013429)
Download and apply the patch from: http://support.microsoft.com/kb/4013429
•Microsoft Windows 10 1607 (x86_64), Microsoft Windows 10 Education Edition 1607 (x86_64), Microsoft Windows 10 Enterprise
Edition 1607 (x86_64), Microsoft Windows 10 Home Edition 1607 (x86_64), Microsoft Windows 10 Mobile Enterprise Edition 1607
(x86_64), Microsoft Windows 10 Mobile Edition 1607 (x86_64), Microsoft Windows 10 Professional Edition 1607 (x86_64)
Cumulative Update for Windows 10 Version 1607 for x64-based Systems (KB4013429)
Download and apply the patch from: http://support.microsoft.com/kb/4013429
3.1.6. MS12-020: Vulnerabilities in Remote Desktop Could Allow Remote Code Execution (2671387) (windows-hotfixms12-020)
Description:
This security update resolves two privately reported vulnerabilities in the Remote Desktop Protocol. The more severe of these
vulnerabilities could allow remote code execution if an attacker sends a sequence of specially crafted RDP packets to an affected
system. By default, the Remote Desktop Protocol (RDP) is not enabled on any Windows operating system. Systems that do not have
RDP enabled are not at risk.
Page 17
Audit Report
Affected Nodes:
Affected Nodes:
Additional Information:
10.220.251.119:22
Running RDP serviceUser 1 was able to connect to the channel assigned to
User 2. Endpoint is vulnerable to MS12-020.
References:
Source
Reference
CERT
TA12-073A
CVE
CVE-2012-0002
CVE
CVE-2012-0152
DISA_SEVERITY
Category I
DISA_VMSKEY
V0031885
IAVM
2012-A-0039
MS
MS12-020
MSKB
2671387
OVAL
14623
OVAL
14626
Vulnerability Solution:
•Microsoft Windows Embedded Standard 7 SP1 (x86)
MS12-020: Security Update for Windows Embedded Standard 7 (KB2621440)
Download and apply the patch from: http://go.microsoft.com/fwlink/?LinkId=232664
•Microsoft Windows Vista SP2 (x86), Microsoft Windows Vista Home, Basic Edition SP2 (x86), Microsoft Windows Vista Home, Basic N
Edition SP2 (x86), Microsoft Windows Vista Home, Premium Edition SP2 (x86), Microsoft Windows Vista Ultimate Edition SP2 (x86),
Microsoft Windows Vista Enterprise Edition SP2 (x86), Microsoft Windows Vista Business Edition SP2 (x86), Microsoft Windows Vista
Business N Edition SP2 (x86), Microsoft Windows Vista Starter Edition SP2 (x86)
MS12-020: Security Update for Windows Vista (KB2621440)
Download and apply the patch from: http://go.microsoft.com/fwlink/?LinkId=232664
•Microsoft Windows 7 SP1 (x86), Microsoft Windows 7 Home, Basic Edition SP1 (x86), Microsoft Windows 7 Home, Basic N Edition
SP1 (x86), Microsoft Windows 7 Home, Premium Edition SP1 (x86), Microsoft Windows 7 Home, Premium N Edition SP1 (x86),
Microsoft Windows 7 Ultimate Edition SP1 (x86), Microsoft Windows 7 Ultimate N Edition SP1 (x86), Microsoft Windows 7 Enterprise
Edition SP1 (x86), Microsoft Windows 7 Enterprise N Edition SP1 (x86), Microsoft Windows 7 Professional Edition SP1 (x86),
Microsoft Windows 7 Starter Edition SP1 (x86), Microsoft Windows 7 Starter N Edition SP1 (x86)
MS12-020: Security Update for Windows 7 (KB2667402)
Download and apply the patch from: http://go.microsoft.com/fwlink/?LinkId=232664
•Microsoft Windows Server 2008 SP2 (ia64), Microsoft Windows Server 2008 Enterprise Edition SP2 (ia64), Microsoft Windows Server
2008 Standard Edition SP2 (ia64), Microsoft Windows Server 2008 Datacenter Edition SP2 (ia64), Microsoft Windows Server 2008
Page 18
Audit Report
HPC Edition SP2 (ia64), Microsoft Windows Server 2008 Web Edition SP2 (ia64), Microsoft Windows Server 2008 Storage Edition
SP2 (ia64), Microsoft Windows Small Business Server 2008 SP2 (ia64), Microsoft Windows Essential Business Server 2008 SP2
(ia64)
MS12-020: Security Update for Windows Server 2008 for Itanium-based Systems (KB2621440)
Download and apply the patch from: http://go.microsoft.com/fwlink/?LinkId=232664
•Microsoft Windows Embedded Standard 7 SP1 (x86_64)
MS12-020: Security Update for Windows Embedded Standard 7 for x64-based Systems (KB2667402)
Download and apply the patch from: http://go.microsoft.com/fwlink/?LinkId=232664
•Microsoft Windows Server 2008 R2 SP1 OR < SP1 (x86_64), Microsoft Windows Server 2008 R2, Enterprise Edition SP1 OR < SP1
(x86_64), Microsoft Windows Server 2008 R2, Standard Edition SP1 OR < SP1 (x86_64), Microsoft Windows Server 2008 R2,
Datacenter Edition SP1 OR < SP1 (x86_64), Microsoft Windows Server 2008 R2, Web Edition SP1 OR < SP1 (x86_64)
MS12-020: Security Update for Windows Server 2008 R2 x64 Edition (KB2667402)
Download and apply the patch from: http://go.microsoft.com/fwlink/?LinkId=232664
•Microsoft Windows 7 < SP1 (x86_64), Microsoft Windows 7 Home, Basic Edition < SP1 (x86_64), Microsoft Windows 7 Home, Basic N
Edition < SP1 (x86_64), Microsoft Windows 7 Home, Premium Edition < SP1 (x86_64), Microsoft Windows 7 Home, Premium N
Edition < SP1 (x86_64), Microsoft Windows 7 Ultimate Edition < SP1 (x86_64), Microsoft Windows 7 Ultimate N Edition < SP1
(x86_64), Microsoft Windows 7 Enterprise Edition < SP1 (x86_64), Microsoft Windows 7 Enterprise N Edition < SP1 (x86_64),
Microsoft Windows 7 Professional Edition < SP1 (x86_64), Microsoft Windows 7 Starter Edition < SP1 (x86_64), Microsoft Windows 7
Starter N Edition < SP1 (x86_64)
MS12-020: Security Update for Windows 7 SP0 for x64-based Systems (KB2621440)
Download and apply the patch from: http://go.microsoft.com/fwlink/?LinkId=232664
•Microsoft Windows 7 < SP1 (x86), Microsoft Windows 7 Home, Basic Edition < SP1 (x86), Microsoft Windows 7 Home, Basic N Edition
< SP1 (x86), Microsoft Windows 7 Home, Premium Edition < SP1 (x86), Microsoft Windows 7 Home, Premium N Edition < SP1 (x86),
Microsoft Windows 7 Ultimate Edition < SP1 (x86), Microsoft Windows 7 Ultimate N Edition < SP1 (x86), Microsoft Windows 7
Enterprise Edition < SP1 (x86), Microsoft Windows 7 Enterprise N Edition < SP1 (x86), Microsoft Windows 7 Professional Edition <
SP1 (x86), Microsoft Windows 7 Starter Edition < SP1 (x86), Microsoft Windows 7 Starter N Edition < SP1 (x86)
MS12-020: Security Update for Windows 7 SP0 (KB2621440)
Download and apply the patch from: http://go.microsoft.com/fwlink/?LinkId=232664
•Microsoft Windows 7 SP1 (x86_64), Microsoft Windows 7 Home, Basic Edition SP1 (x86_64), Microsoft Windows 7 Home, Basic N
Edition SP1 (x86_64), Microsoft Windows 7 Home, Premium Edition SP1 (x86_64), Microsoft Windows 7 Home, Premium N Edition
SP1 (x86_64), Microsoft Windows 7 Ultimate Edition SP1 (x86_64), Microsoft Windows 7 Ultimate N Edition SP1 (x86_64), Microsoft
Windows 7 Enterprise Edition SP1 (x86_64), Microsoft Windows 7 Enterprise N Edition SP1 (x86_64), Microsoft Windows 7
Professional Edition SP1 (x86_64), Microsoft Windows 7 Starter Edition SP1 (x86_64), Microsoft Windows 7 Starter N Edition SP1
(x86_64)
MS12-020: Security Update for Windows 7 for x64-based Systems (KB2667402)
Download and apply the patch from: http://go.microsoft.com/fwlink/?LinkId=232664
•Microsoft Windows 7 < SP1 (x86_64), Microsoft Windows 7 Home, Basic Edition < SP1 (x86_64), Microsoft Windows 7 Home, Basic N
Edition < SP1 (x86_64), Microsoft Windows 7 Home, Premium Edition < SP1 (x86_64), Microsoft Windows 7 Home, Premium N
Edition < SP1 (x86_64), Microsoft Windows 7 Ultimate Edition < SP1 (x86_64), Microsoft Windows 7 Ultimate N Edition < SP1
(x86_64), Microsoft Windows 7 Enterprise Edition < SP1 (x86_64), Microsoft Windows 7 Enterprise N Edition < SP1 (x86_64),
Microsoft Windows 7 Professional Edition < SP1 (x86_64), Microsoft Windows 7 Starter Edition < SP1 (x86_64), Microsoft Windows 7
Page 19
Audit Report
Starter N Edition < SP1 (x86_64)
MS12-020: Security Update for Windows 7 SP0 for x64-based Systems (KB2667402)
Download and apply the patch from: http://go.microsoft.com/fwlink/?LinkId=232664
•Microsoft Windows 7 < SP1 (x86), Microsoft Windows 7 Home, Basic Edition < SP1 (x86), Microsoft Windows 7 Home, Basic N Edition
< SP1 (x86), Microsoft Windows 7 Home, Premium Edition < SP1 (x86), Microsoft Windows 7 Home, Premium N Edition < SP1 (x86),
Microsoft Windows 7 Ultimate Edition < SP1 (x86), Microsoft Windows 7 Ultimate N Edition < SP1 (x86), Microsoft Windows 7
Enterprise Edition < SP1 (x86), Microsoft Windows 7 Enterprise N Edition < SP1 (x86), Microsoft Windows 7 Professional Edition <
SP1 (x86), Microsoft Windows 7 Starter Edition < SP1 (x86), Microsoft Windows 7 Starter N Edition < SP1 (x86)
MS12-020: Security Update for Windows 7 SP0 (KB2667402)
Download and apply the patch from: http://go.microsoft.com/fwlink/?LinkId=232664
•Microsoft Windows XP Professional SP2 (x86_64)
MS12-020: Security Update for Windows XP x64 Edition (KB2621440)
Download and apply the patch from: http://go.microsoft.com/fwlink/?LinkId=232664
•Microsoft Windows XP Professional SP3 (x86), Microsoft Windows XP Home SP3 (x86), Microsoft Windows XP Media Center Edition
2005 SP3 (x86), Microsoft Windows XP Tablet PC Edition 2005 SP3 (x86)
MS12-020: Security Update for Windows XP (KB2621440)
Download and apply the patch from: http://go.microsoft.com/fwlink/?LinkId=232664
•Microsoft Windows Server 2008 SP2 (x86_64), Microsoft Windows Server 2008 Enterprise Edition SP2 (x86_64), Microsoft Windows
Server 2008 Standard Edition SP2 (x86_64), Microsoft Windows Server 2008 Datacenter Edition SP2 (x86_64), Microsoft Windows
Server 2008 HPC Edition SP2 (x86_64), Microsoft Windows Server 2008 Web Edition SP2 (x86_64), Microsoft Windows Server 2008
Storage Edition SP2 (x86_64), Microsoft Windows Small Business Server 2008 SP2 (x86_64), Microsoft Windows Essential Business
Server 2008 SP2 (x86_64)
MS12-020: Security Update for Windows Server 2008 x64 Edition (KB2621440)
Download and apply the patch from: http://go.microsoft.com/fwlink/?LinkId=232664
•Microsoft Windows Server 2008 R2 SP1 OR < SP1 (ia64), Microsoft Windows Server 2008 R2, Enterprise Edition SP1 OR < SP1
(ia64), Microsoft Windows Server 2008 R2, Standard Edition SP1 OR < SP1 (ia64), Microsoft Windows Server 2008 R2, Datacenter
Edition SP1 OR < SP1 (ia64), Microsoft Windows Server 2008 R2, Web Edition SP1 OR < SP1 (ia64)
MS12-020: Security Update for Windows Server 2008 R2 for Itanium-based Systems (KB2667402)
Download and apply the patch from: http://go.microsoft.com/fwlink/?LinkId=232664
•Microsoft Windows 7 SP1 (x86), Microsoft Windows 7 Home, Basic Edition SP1 (x86), Microsoft Windows 7 Home, Basic N Edition
SP1 (x86), Microsoft Windows 7 Home, Premium Edition SP1 (x86), Microsoft Windows 7 Home, Premium N Edition SP1 (x86),
Microsoft Windows 7 Ultimate Edition SP1 (x86), Microsoft Windows 7 Ultimate N Edition SP1 (x86), Microsoft Windows 7 Enterprise
Edition SP1 (x86), Microsoft Windows 7 Enterprise N Edition SP1 (x86), Microsoft Windows 7 Professional Edition SP1 (x86),
Microsoft Windows 7 Starter Edition SP1 (x86), Microsoft Windows 7 Starter N Edition SP1 (x86)
MS12-020: Security Update for Windows 7 (KB2621440)
Download and apply the patch from: http://go.microsoft.com/fwlink/?LinkId=232664
•Microsoft Windows Vista SP2 (x86_64), Microsoft Windows Vista Home, Basic Edition SP2 (x86_64), Microsoft Windows Vista Home,
Basic N Edition SP2 (x86_64), Microsoft Windows Vista Home, Premium Edition SP2 (x86_64), Microsoft Windows Vista Ultimate
Edition SP2 (x86_64), Microsoft Windows Vista Enterprise Edition SP2 (x86_64), Microsoft Windows Vista Business Edition SP2
(x86_64), Microsoft Windows Vista Business N Edition SP2 (x86_64), Microsoft Windows Vista Starter Edition SP2 (x86_64)
MS12-020: Security Update for Windows Vista for x64-based Systems (KB2621440)
Page 20
Audit Report
Download and apply the patch from: http://go.microsoft.com/fwlink/?LinkId=232664
•Microsoft Windows Server 2003, Datacenter Edition SP2 (x86), Microsoft Windows Server 2003 SP2 (x86), Microsoft Windows Server
2003, Standard Edition SP2 (x86), Microsoft Windows Server 2003, Enterprise Edition SP2 (x86), Microsoft Windows Server 2003,
Web Edition SP2 (x86), Microsoft Windows Small Business Server 2003 SP2 (x86)
MS12-020: Security Update for Windows Server 2003 (KB2621440)
Download and apply the patch from: http://go.microsoft.com/fwlink/?LinkId=232664
•Microsoft Windows Embedded Standard 7 SP1 (x86)
MS12-020: Security Update for Windows Embedded Standard 7 (KB2667402)
Download and apply the patch from: http://go.microsoft.com/fwlink/?LinkId=232664
•Microsoft Windows Server 2003, Datacenter Edition SP2 (x86_64), Microsoft Windows Server 2003 SP2 (x86_64), Microsoft Windows
Server 2003, Standard Edition SP2 (x86_64), Microsoft Windows Server 2003, Enterprise Edition SP2 (x86_64), Microsoft Windows
Server 2003, Web Edition SP2 (x86_64), Microsoft Windows Small Business Server 2003 SP2 (x86_64)
MS12-020: Security Update for Windows Server 2003 x64 Edition (KB2621440)
Download and apply the patch from: http://go.microsoft.com/fwlink/?LinkId=232664
•Microsoft Windows Embedded Standard 7 SP1 (x86_64)
MS12-020: Security Update for Windows Embedded Standard 7 for x64-based Systems (KB2621440)
Download and apply the patch from: http://go.microsoft.com/fwlink/?LinkId=232664
•Microsoft Windows 7 SP1 (x86_64), Microsoft Windows 7 Home, Basic Edition SP1 (x86_64), Microsoft Windows 7 Home, Basic N
Edition SP1 (x86_64), Microsoft Windows 7 Home, Premium Edition SP1 (x86_64), Microsoft Windows 7 Home, Premium N Edition
SP1 (x86_64), Microsoft Windows 7 Ultimate Edition SP1 (x86_64), Microsoft Windows 7 Ultimate N Edition SP1 (x86_64), Microsoft
Windows 7 Enterprise Edition SP1 (x86_64), Microsoft Windows 7 Enterprise N Edition SP1 (x86_64), Microsoft Windows 7
Professional Edition SP1 (x86_64), Microsoft Windows 7 Starter Edition SP1 (x86_64), Microsoft Windows 7 Starter N Edition SP1
(x86_64)
MS12-020: Security Update for Windows 7 for x64-based Systems (KB2621440)
Download and apply the patch from: http://go.microsoft.com/fwlink/?LinkId=232664
•Microsoft Windows Server 2003, Datacenter Edition SP2 (ia64), Microsoft Windows Server 2003 SP2 (ia64), Microsoft Windows
Server 2003, Standard Edition SP2 (ia64), Microsoft Windows Server 2003, Enterprise Edition SP2 (ia64), Microsoft Windows Server
2003, Web Edition SP2 (ia64), Microsoft Windows Small Business Server 2003 SP2 (ia64)
MS12-020: Security Update for Windows Server 2003 for Itanium-based Systems (KB2621440)
Download and apply the patch from: http://go.microsoft.com/fwlink/?LinkId=232664
•Microsoft Windows Server 2008 R2 SP1 OR < SP1 (ia64), Microsoft Windows Server 2008 R2, Enterprise Edition SP1 OR < SP1
(ia64), Microsoft Windows Server 2008 R2, Standard Edition SP1 OR < SP1 (ia64), Microsoft Windows Server 2008 R2, Datacenter
Edition SP1 OR < SP1 (ia64), Microsoft Windows Server 2008 R2, Web Edition SP1 OR < SP1 (ia64)
MS12-020: Security Update for Windows Server 2008 R2 for Itanium-based Systems (KB2621440)
Download and apply the patch from: http://go.microsoft.com/fwlink/?LinkId=232664
•Microsoft Windows Server 2008 R2 SP1 OR < SP1 (x86_64), Microsoft Windows Server 2008 R2, Enterprise Edition SP1 OR < SP1
(x86_64), Microsoft Windows Server 2008 R2, Standard Edition SP1 OR < SP1 (x86_64), Microsoft Windows Server 2008 R2,
Datacenter Edition SP1 OR < SP1 (x86_64), Microsoft Windows Server 2008 R2, Web Edition SP1 OR < SP1 (x86_64)
MS12-020: Security Update for Windows Server 2008 R2 x64 Edition (KB2621440)
Download and apply the patch from: http://go.microsoft.com/fwlink/?LinkId=232664
Page 21
Audit Report
•Microsoft Windows Server 2008 SP2 (x86), Microsoft Windows Server 2008 Enterprise Edition SP2 (x86), Microsoft Windows Server
2008 Standard Edition SP2 (x86), Microsoft Windows Server 2008 Datacenter Edition SP2 (x86), Microsoft Windows Server 2008 HPC
Edition SP2 (x86), Microsoft Windows Server 2008 Web Edition SP2 (x86), Microsoft Windows Server 2008 Storage Edition SP2 (x86),
Microsoft Windows Small Business Server 2008 SP2 (x86), Microsoft Windows Essential Business Server 2008 SP2 (x86)
MS12-020: Security Update for Windows Server 2008 (KB2621440)
Download and apply the patch from: http://go.microsoft.com/fwlink/?LinkId=232664
3.1.7. SNMP credentials transmitted in cleartext (snmp-cleartext-credential)
Description:
The Simple Network Management Protocol (SNMP) is a commonly used network service. Its primary function is to provide network
administrators with information about all kinds of network connected devices. SNMP can be used to get and change system settings on
a wide variety of devices, from network servers, to routers and printers. The drawback to this service is the authentication is an
unencrypted "community string". In addition many SNMP servers provide very simple default community strings.
Affected Nodes:
Affected Nodes:
Additional Information:
10.220.251.116:161
Successfully authenticated to the SNMP v1/v2c service.
10.220.251.46:161
Successfully authenticated to the SNMP v1/v2c service.
References:
Source
Reference
CERT
CA-2002-03
Vulnerability Solution:
1. If you do not absolutely need SNMP, disable it. SNMP versions 1 and 2c are inherently insecure. SNMP version 3 provides more
complex authentication and encryption.
2. If you must use SNMP be sure to use complex and difficult to guess community names. Use the same policy for community names
as you use for passwords.
3. Try to make all your MIB's read only. This will limit the damage an attacker can do to your network.
3.1.8. Default or Guessable SNMP community names: ilmi (snmp-read-0003)
Description:
The Simple Network Management Protocol (SNMP) is a commonly used network service. Its primary function is to provide network
administrators with information about all kinds of network connected devices. SNMP can be used to get and change system settings on
a wide variety of devices, from network servers, to routers and printers. The drawback to this service is the authentication is an
unencrypted "community string". In addition many SNMP servers provide very simple default community strings. The community string
"ilmi" is a default on a number of SNMP servers.
Page 22
Audit Report
This community string can allow attackers to gain a large amount of information about the SNMP server and the network it monitors.
Attackers may even reconfigure or shut down devices remotely.
The community string "ilmi" may indicate a Cisco IOS specific vulnerability. If you are running a version of Cisco IOS please see the
specific solution below.
Affected Nodes:
Affected Nodes:
Additional Information:
10.220.251.116:161
Running SNMP serviceSuccessfully authenticated to the SNMP service with
credentials: uid[] pw[ilmi] realm[]
References:
Source
Reference
CVE
CVE-1999-0516
CVE
CVE-1999-0517
Vulnerability Solution:
The following steps are recommended for dealing with this vulnerability:
1. If you do not absolutely need SNMP, disable it. SNMP version 1 is inherently insecure. SNMP version 3 provides more complex
authentication and encryption.
2. If you must use SNMP be sure to use complex and difficult to guess community names. Use the same policy for community names
as you use for passwords.
3. Try to make all your MIB's read only. This will limit the damage an attacker can do to your network.
For Cisco IOS, the following updates are available:
Cisco IOS 11.0:
Cisco Upgrade IOS 11.0(22a)
http://www.cisco.com
Cisco IOS 11.1IA:
Cisco Upgrade IOS 11.1(28)IA1
http://www.cisco.com/
Cisco IOS 11.1CT:
Cisco Upgrade IOS 12.0(11)ST2
http://www.cisco.com/
Page 23
Audit Report
Cisco IOS 11.1CC:
Cisco Upgrade IOS 11.1(36)CC1
http://www.cisco.com/
Cisco IOS 11.1CA:
Cisco Upgrade IOS 11.1(36)CA1
http://www.cisco.com/
Cisco IOS 11.1AA:
Cisco Upgrade IOS 12.1(7)
http://www.cisco.com/
Cisco IOS 11.1:
Cisco Upgrade IOS 11.1(24a)
http://www.cisco.com/
Cisco IOS 11.2WA3:
Cisco Upgrade IOS 12.0(10)W(18b)
http://www.cisco.com/
Cisco Upgrade IOS 12.0(13)W5(19b)
http://www.cisco.com/
Cisco IOS 11.2SA:
Cisco Upgrade IOS 12.0(5)WC
http://www.cisco.com/
Cisco IOS 11.2P:
Cisco Upgrade IOS 11.2(25a)P
http://www.cisco.com/
Cisco IOS 11.2GS:
Cisco Upgrade IOS 12.0(15)S1
Page 24
Audit Report
http://www.cisco.com/
Cisco IOS 11.2BC:
Cisco Upgrade IOS 12.1(7)
http://www.cisco.com/
Cisco IOS 11.2(9)XA:
Cisco Upgrade IOS 11.2(9)XA1
http://www.cisco.com/
Cisco IOS 11.2(4)XA:
Cisco Upgrade IOS 11.2(25a)P
http://www.cisco.com/
Cisco IOS 11.3WA4:
Cisco Upgrade IOS 12.0(10)W(18b)
http://www.cisco.com/
Cisco Upgrade IOS 12.0(13)W5(19b)
http://www.cisco.com/
Cisco IOS 11.3T:
Cisco Upgrade IOS 11.3(11b)T1
http://www.cisco.com/
Cisco IOS 11.3NA:
Cisco Upgrade IOS 12.1(7)
http://www.cisco.com/
Cisco IOS 11.3MA:
Cisco Upgrade IOS 11.3(1)MA8
http://www.cisco.com/
Cisco IOS 11.3DB:
Page 25
Audit Report
Cisco Upgrade IOS 12.1(4)DB1
http://www.cisco.com/
Cisco IOS 11.3DA:
Cisco Upgrade IOS 12.1(5)DA1
http://www.cisco.com/
Cisco IOS 11.3AA:
Cisco Upgrade IOS 11.3(11a)AA
http://www.cisco.com/
Cisco IOS 11.3(2)XA:
Cisco Upgrade IOS 11.3(11b)T1
http://www.cisco.com/
Cisco IOS 11.3:
Cisco Upgrade IOS 11.3(11b)
http://www.cisco.com/
Cisco IOS 12.0XV:
Cisco Upgrade IOS 12.1(5)T5
http://www.cisco.com
Cisco IOS 12.0XS:
Cisco Upgrade IOS 12.1(5c)E8
http://www.cisco.com/
Cisco IOS 12.0XR:
Cisco Upgrade IOS 12.1(5)T5
http://www.cisco.com
Cisco IOS 12.0XQ:
Page 26
Audit Report
Cisco Upgrade IOS 12.1(7)
http://www.cisco.com/
Cisco IOS 12.0XM:
Cisco Upgrade IOS 12.1(7)
http://www.cisco.com/
Cisco IOS 12.0XL:
Cisco Upgrade IOS 12.1(5)T5
http://www.cisco.com
Cisco IOS 12.0XK:
Cisco Upgrade IOS 12.0(7)XK4
http://www.cisco.com
Cisco IOS 12.0XJ:
Cisco Upgrade IOS 12.1(7)
http://www.cisco.com/
Cisco IOS 12.0XI:
Cisco Upgrade IOS 12.1(7)
http://www.cisco.com/
Cisco IOS 12.0XH:
Cisco Upgrade IOS 12.0(4)XH5
http://www.cisco.com
Cisco IOS 12.0XG:
Cisco Upgrade IOS 12.1(7)
http://www.cisco.com/
Cisco IOS 12.0XF:
Cisco Upgrade IOS 12.1(7)
Page 27
Audit Report
http://www.cisco.com/
Cisco IOS 12.0XE:
Cisco Upgrade IOS 12.0(4)XH5
http://www.cisco.com
Cisco Upgrade IOS 12.1(5c)E8
http://www.cisco.com/
Cisco IOS 12.0XD:
Cisco Upgrade IOS 12.1(7)
http://www.cisco.com/
Cisco IOS 12.0XC:
Cisco Upgrade IOS 12.1(7)
http://www.cisco.com/
Cisco IOS 12.0XB:
Cisco Upgrade IOS 12.1(7)
http://www.cisco.com/
Cisco IOS 12.0XA:
Cisco Upgrade IOS 12.1(7)
http://www.cisco.com/
Cisco IOS 12.0WT:
Cisco Upgrade IOS 12.0(13)WT6(1)
http://www.cisco.com
Cisco IOS 12.0W5:
Cisco Upgrade IOS 12.0(10)W5(18f)
http://www.cisco.com
Cisco Upgrade IOS 12.0(10)W5(18)
Page 28
Audit Report
http://www.cisco.com
Cisco Upgrade IOS 12.0(13)W5(19)
http://www.cisco.com
Cisco Upgrade IOS 12.0(13)W5(19c)
http://www.cisco.com
Cisco Upgrade IOS 12.0(10)W5(18e)
http://www.cisco.com
Cisco IOS 12.0T:
Cisco Upgrade IOS 12.1(7)
http://www.cisco.com/
Cisco IOS 12.0SX:
Cisco Upgrade IOS 12.1(5c)E8
http://www.cisco.com/
Cisco IOS 12.0ST:
Cisco IOS 12.0SL:
Cisco Upgrade IOS 12.0(14)SL1
http://www.cisco.com/
Cisco Upgrade IOS 12.1(5c)E8
http://www.cisco.com/
Cisco IOS 12.0SC:
Cisco Upgrade IOS 12.0(15)SC1
http://www.cisco.com/
Cisco IOS 12.0S:
Cisco Upgrade IOS 12.0(15)SC1
http://www.cisco.com/
Cisco IOS 12.0DC:
Page 29
Audit Report
Cisco Upgrade IOS 12.1(4)DC2
http://www.cisco.com/
Cisco IOS 12.0DB:
Cisco Upgrade IOS 12.1(4)DC2
http://www.cisco.com/
Cisco IOS 12.0DA:
Cisco IOS 12.0:
Cisco Upgrade IOS 12.0(8)
http://www.cisco.com
Cisco Upgrade IOS 12.0(16)
http://www.cisco.com/
3.1.9. Default or Guessable SNMP community names: ILMI (snmp-read-0004)
Description:
The Simple Network Management Protocol (SNMP) is a commonly used network service. Its primary function is to provide network
administrators with information about all kinds of network connected devices. SNMP can be used to get and change system settings on
a wide variety of devices, from network servers, to routers and printers. The drawback to this service is the authentication is an
unencrypted "community string". In addition many SNMP servers provide very simple default community strings. The community string
"ILMI" is a default on a number of SNMP servers.
This community string can allow attackers to gain a large amount of information about the SNMP server and the network it monitors.
Attackers may even reconfigure or shut down devices remotely.
The community string "ILMI" may indicate a Cisco IOS specific vulnerability. If you are running a version of Cisco IOS please see the
specific solution below.
Affected Nodes:
Affected Nodes:
Additional Information:
10.220.251.116:161
Running SNMP serviceSuccessfully authenticated to the SNMP service with
credentials: uid[] pw[ILMI] realm[]
References:
Page 30
Audit Report
Source
Reference
CVE
CVE-1999-0516
CVE
CVE-1999-0517
Vulnerability Solution:
The following steps are recommended for dealing with this vulnerability:
1. If you do not absolutely need SNMP, disable it. SNMP version 1 is inherently insecure. SNMP version 3 provides more complex
authentication and encryption.
2. If you must use SNMP be sure to use complex and difficult to guess community names. Use the same policy for community names
as you use for passwords.
3. Try to make all your MIB's read only. This will limit the damage an attacker can do to your network.
For Cisco IOS, the following updates are available:
Cisco IOS 11.0:
Cisco Upgrade IOS 11.0(22a)
http://www.cisco.com
Cisco IOS 11.1IA:
Cisco Upgrade IOS 11.1(28)IA1
http://www.cisco.com/
Cisco IOS 11.1CT:
Cisco Upgrade IOS 12.0(11)ST2
http://www.cisco.com/
Cisco IOS 11.1CC:
Cisco Upgrade IOS 11.1(36)CC1
http://www.cisco.com/
Cisco IOS 11.1CA:
Cisco Upgrade IOS 11.1(36)CA1
http://www.cisco.com/
Cisco IOS 11.1AA:
Cisco Upgrade IOS 12.1(7)
Page 31
Audit Report
http://www.cisco.com/
Cisco IOS 11.1:
Cisco Upgrade IOS 11.1(24a)
http://www.cisco.com/
Cisco IOS 11.2WA3:
Cisco Upgrade IOS 12.0(10)W(18b)
http://www.cisco.com/
Cisco Upgrade IOS 12.0(13)W5(19b)
http://www.cisco.com/
Cisco IOS 11.2SA:
Cisco Upgrade IOS 12.0(5)WC
http://www.cisco.com/
Cisco IOS 11.2P:
Cisco Upgrade IOS 11.2(25a)P
http://www.cisco.com/
Cisco IOS 11.2GS:
Cisco Upgrade IOS 12.0(15)S1
http://www.cisco.com/
Cisco IOS 11.2BC:
Cisco Upgrade IOS 12.1(7)
http://www.cisco.com/
Cisco IOS 11.2(9)XA:
Cisco Upgrade IOS 11.2(9)XA1
http://www.cisco.com/
Cisco IOS 11.2(4)XA:
Page 32
Audit Report
Cisco Upgrade IOS 11.2(25a)P
http://www.cisco.com/
Cisco IOS 11.3WA4:
Cisco Upgrade IOS 12.0(10)W(18b)
http://www.cisco.com/
Cisco Upgrade IOS 12.0(13)W5(19b)
http://www.cisco.com/
Cisco IOS 11.3T:
Cisco Upgrade IOS 11.3(11b)T1
http://www.cisco.com/
Cisco IOS 11.3NA:
Cisco Upgrade IOS 12.1(7)
http://www.cisco.com/
Cisco IOS 11.3MA:
Cisco Upgrade IOS 11.3(1)MA8
http://www.cisco.com/
Cisco IOS 11.3DB:
Cisco Upgrade IOS 12.1(4)DB1
http://www.cisco.com/
Cisco IOS 11.3DA:
Cisco Upgrade IOS 12.1(5)DA1
http://www.cisco.com/
Cisco IOS 11.3AA:
Cisco Upgrade IOS 11.3(11a)AA
http://www.cisco.com/
Page 33
Audit Report
Cisco IOS 11.3(2)XA:
Cisco Upgrade IOS 11.3(11b)T1
http://www.cisco.com/
Cisco IOS 11.3:
Cisco Upgrade IOS 11.3(11b)
http://www.cisco.com/
Cisco IOS 12.0XV:
Cisco Upgrade IOS 12.1(5)T5
http://www.cisco.com
Cisco IOS 12.0XS:
Cisco Upgrade IOS 12.1(5c)E8
http://www.cisco.com/
Cisco IOS 12.0XR:
Cisco Upgrade IOS 12.1(5)T5
http://www.cisco.com
Cisco IOS 12.0XQ:
Cisco Upgrade IOS 12.1(7)
http://www.cisco.com/
Cisco IOS 12.0XM:
Cisco Upgrade IOS 12.1(7)
http://www.cisco.com/
Cisco IOS 12.0XL:
Cisco Upgrade IOS 12.1(5)T5
http://www.cisco.com
Page 34
Audit Report
Cisco IOS 12.0XK:
Cisco Upgrade IOS 12.0(7)XK4
http://www.cisco.com
Cisco IOS 12.0XJ:
Cisco Upgrade IOS 12.1(7)
http://www.cisco.com/
Cisco IOS 12.0XI:
Cisco Upgrade IOS 12.1(7)
http://www.cisco.com/
Cisco IOS 12.0XH:
Cisco Upgrade IOS 12.0(4)XH5
http://www.cisco.com
Cisco IOS 12.0XG:
Cisco Upgrade IOS 12.1(7)
http://www.cisco.com/
Cisco IOS 12.0XF:
Cisco Upgrade IOS 12.1(7)
http://www.cisco.com/
Cisco IOS 12.0XE:
Cisco Upgrade IOS 12.0(4)XH5
http://www.cisco.com
Cisco Upgrade IOS 12.1(5c)E8
http://www.cisco.com/
Cisco IOS 12.0XD:
Cisco Upgrade IOS 12.1(7)
Page 35
Audit Report
http://www.cisco.com/
Cisco IOS 12.0XC:
Cisco Upgrade IOS 12.1(7)
http://www.cisco.com/
Cisco IOS 12.0XB:
Cisco Upgrade IOS 12.1(7)
http://www.cisco.com/
Cisco IOS 12.0XA:
Cisco Upgrade IOS 12.1(7)
http://www.cisco.com/
Cisco IOS 12.0WT:
Cisco Upgrade IOS 12.0(13)WT6(1)
http://www.cisco.com
Cisco IOS 12.0W5:
Cisco Upgrade IOS 12.0(10)W5(18f)
http://www.cisco.com
Cisco Upgrade IOS 12.0(10)W5(18)
http://www.cisco.com
Cisco Upgrade IOS 12.0(13)W5(19)
http://www.cisco.com
Cisco Upgrade IOS 12.0(13)W5(19c)
http://www.cisco.com
Cisco Upgrade IOS 12.0(10)W5(18e)
http://www.cisco.com
Cisco IOS 12.0T:
Page 36
Audit Report
Cisco Upgrade IOS 12.1(7)
http://www.cisco.com/
Cisco IOS 12.0SX:
Cisco Upgrade IOS 12.1(5c)E8
http://www.cisco.com/
Cisco IOS 12.0ST:
Cisco IOS 12.0SL:
Cisco Upgrade IOS 12.0(14)SL1
http://www.cisco.com/
Cisco Upgrade IOS 12.1(5c)E8
http://www.cisco.com/
Cisco IOS 12.0SC:
Cisco Upgrade IOS 12.0(15)SC1
http://www.cisco.com/
Cisco IOS 12.0S:
Cisco Upgrade IOS 12.0(15)SC1
http://www.cisco.com/
Cisco IOS 12.0DC:
Cisco Upgrade IOS 12.1(4)DC2
http://www.cisco.com/
Cisco IOS 12.0DB:
Cisco Upgrade IOS 12.1(4)DC2
http://www.cisco.com/
Cisco IOS 12.0DA:
Cisco IOS 12.0:
Cisco Upgrade IOS 12.0(8)
Page 37
Audit Report
http://www.cisco.com
Cisco Upgrade IOS 12.0(16)
http://www.cisco.com/
3.1.10. Default or Guessable SNMP community names: system (snmp-read-0005)
Description:
The Simple Network Management Protocol (SNMP) is a commonly used network service. Its primary function is to provide network
administrators with information about all kinds of network connected devices. SNMP can be used to get and change system settings on
a wide variety of devices, from network servers, to routers and printers. The drawback to this service is the authentication is an
unencrypted "community string". In addition many SNMP servers provide very simple default community strings. The community string
"system" is a default on a number of SNMP servers.
This community string can allow attackers to gain a large amount of information about the SNMP server and the network it monitors.
Attackers may even reconfigure or shut down devices remotely.
Affected Nodes:
Affected Nodes:
Additional Information:
10.220.251.116:161
Running SNMP serviceSuccessfully authenticated to the SNMP service with
credentials: uid[] pw[system] realm[]
References:
Source
Reference
CVE
CVE-1999-0516
CVE
CVE-1999-0517
Vulnerability Solution:
1. If you do not absolutely need SNMP, disable it. SNMP versions 1 and 2c are inherently insecure. SNMP version 3 provides more
complex authentication and encryption.
2. If you must use SNMP be sure to use complex and difficult to guess community names. Use the same policy for community names
as you use for passwords.
3. Try to make all your MIB's read only. This will limit the damage an attacker can do to your network.
3.1.11. Default or Guessable SNMP community names: all (snmp-read-0006)
Description:
The Simple Network Management Protocol (SNMP) is a commonly used network service. Its primary function is to provide network
administrators with information about all kinds of network connected devices. SNMP can be used to get and change system settings on
Page 38
Audit Report
a wide variety of devices, from network servers, to routers and printers. The drawback to this service is the authentication is an
unencrypted "community string". In addition many SNMP servers provide very simple default community strings. The community string
"all" is a default on a number of SNMP servers.
This community string can allow attackers to gain a large amount of information about the SNMP server and the network it monitors.
Attackers may even reconfigure or shut down devices remotely.
Affected Nodes:
Affected Nodes:
Additional Information:
10.220.251.116:161
Running SNMP serviceSuccessfully authenticated to the SNMP service with
credentials: uid[] pw[all] realm[]
References:
Source
Reference
CVE
CVE-1999-0516
CVE
CVE-1999-0517
Vulnerability Solution:
1. If you do not absolutely need SNMP, disable it. SNMP versions 1 and 2c are inherently insecure. SNMP version 3 provides more
complex authentication and encryption.
2. If you must use SNMP be sure to use complex and difficult to guess community names. Use the same policy for community names
as you use for passwords.
3. Try to make all your MIB's read only. This will limit the damage an attacker can do to your network.
3.1.12. Default or Guessable SNMP community names: monitor (snmp-read-0007)
Description:
The Simple Network Management Protocol (SNMP) is a commonly used network service. Its primary function is to provide network
administrators with information about all kinds of network connected devices. SNMP can be used to get and change system settings on
a wide variety of devices, from network servers, to routers and printers. The drawback to this service is the authentication is an
unencrypted "community string". In addition many SNMP servers provide very simple default community strings. The community string
"monitor" is a default on a number of SNMP servers.
This community string can allow attackers to gain a large amount of information about the SNMP server and the network it monitors.
Attackers may even reconfigure or shut down devices remotely.
Affected Nodes:
Affected Nodes:
Additional Information:
10.220.251.116:161
Running SNMP serviceSuccessfully authenticated to the SNMP service with
credentials: uid[] pw[monitor] realm[]
Page 39
Audit Report
References:
Source
Reference
CVE
CVE-1999-0516
CVE
CVE-1999-0517
Vulnerability Solution:
1. If you do not absolutely need SNMP, disable it. SNMP versions 1 and 2c are inherently insecure. SNMP version 3 provides more
complex authentication and encryption.
2. If you must use SNMP be sure to use complex and difficult to guess community names. Use the same policy for community names
as you use for passwords.
3. Try to make all your MIB's read only. This will limit the damage an attacker can do to your network.
3.1.13. Default or Guessable SNMP community names: agent (snmp-read-0008)
Description:
The Simple Network Management Protocol (SNMP) is a commonly used network service. Its primary function is to provide network
administrators with information about all kinds of network connected devices. SNMP can be used to get and change system settings on
a wide variety of devices, from network servers, to routers and printers. The drawback to this service is the authentication is an
unencrypted "community string". In addition many SNMP servers provide very simple default community strings. The community string
"agent" is a default on a number of SNMP servers.
This community string can allow attackers to gain a large amount of information about the SNMP server and the network it monitors.
Attackers may even reconfigure or shut down devices remotely.
Affected Nodes:
Affected Nodes:
Additional Information:
10.220.251.116:161
Running SNMP serviceSuccessfully authenticated to the SNMP service with
credentials: uid[] pw[agent] realm[]
References:
Source
Reference
CVE
CVE-1999-0516
CVE
CVE-1999-0517
Vulnerability Solution:
1. If you do not absolutely need SNMP, disable it. SNMP versions 1 and 2c are inherently insecure. SNMP version 3 provides more
complex authentication and encryption.
2. If you must use SNMP be sure to use complex and difficult to guess community names. Use the same policy for community names
as you use for passwords.
Page 40
Audit Report
3. Try to make all your MIB's read only. This will limit the damage an attacker can do to your network.
3.1.14. Default or Guessable SNMP community names: manager (snmp-read-0009)
Description:
The Simple Network Management Protocol (SNMP) is a commonly used network service. Its primary function is to provide network
administrators with information about all kinds of network connected devices. SNMP can be used to get and change system settings on
a wide variety of devices, from network servers, to routers and printers. The drawback to this service is the authentication is an
unencrypted "community string". In addition many SNMP servers provide very simple default community strings. The community string
"manager" is a default on a number of SNMP servers.
This community string can allow attackers to gain a large amount of information about the SNMP server and the network it monitors.
Attackers may even reconfigure or shut down devices remotely.
Affected Nodes:
Affected Nodes:
Additional Information:
10.220.251.116:161
Running SNMP serviceSuccessfully authenticated to the SNMP service with
credentials: uid[] pw[manager] realm[]
References:
Source
Reference
CVE
CVE-1999-0516
CVE
CVE-1999-0517
Vulnerability Solution:
1. If you do not absolutely need SNMP, disable it. SNMP versions 1 and 2c are inherently insecure. SNMP version 3 provides more
complex authentication and encryption.
2. If you must use SNMP be sure to use complex and difficult to guess community names. Use the same policy for community names
as you use for passwords.
3. Try to make all your MIB's read only. This will limit the damage an attacker can do to your network.
3.1.15. Default or Guessable SNMP community names: OrigEquipMfr (snmp-read-0010)
Description:
The Simple Network Management Protocol (SNMP) is a commonly used network service. Its primary function is to provide network
administrators with information about all kinds of network connected devices. SNMP can be used to get and change system settings on
a wide variety of devices, from network servers, to routers and printers. The drawback to this service is the authentication is an
unencrypted "community string". In addition many SNMP servers provide very simple default community strings. The community string
"OrigEquipMfr" is a default on a number of SNMP servers.
Page 41
Audit Report
This community string can allow attackers to gain a large amount of information about the SNMP server and the network it monitors.
Attackers may even reconfigure or shut down devices remotely.
Affected Nodes:
Affected Nodes:
Additional Information:
10.220.251.116:161
Running SNMP serviceSuccessfully authenticated to the SNMP service with
credentials: uid[] pw[OrigEquipMfr] realm[]
References:
Source
Reference
CVE
CVE-1999-0516
CVE
CVE-1999-0517
Vulnerability Solution:
1. If you do not absolutely need SNMP, disable it. SNMP versions 1 and 2c are inherently insecure. SNMP version 3 provides more
complex authentication and encryption.
2. If you must use SNMP be sure to use complex and difficult to guess community names. Use the same policy for community names
as you use for passwords.
3. Try to make all your MIB's read only. This will limit the damage an attacker can do to your network.
3.1.16. Default or Guessable SNMP community names: admin (snmp-read-0011)
Description:
The Simple Network Management Protocol (SNMP) is a commonly used network service. Its primary function is to provide network
administrators with information about all kinds of network connected devices. SNMP can be used to get and change system settings on
a wide variety of devices, from network servers, to routers and printers. The drawback to this service is the authentication is an
unencrypted "community string". In addition many SNMP servers provide very simple default community strings. The community string
"admin" is a default on a number of SNMP servers.
This community string can allow attackers to gain a large amount of information about the SNMP server and the network it monitors.
Attackers may even reconfigure or shut down devices remotely.
Affected Nodes:
Affected Nodes:
Additional Information:
10.220.251.116:161
Running SNMP serviceSuccessfully authenticated to the SNMP service with
credentials: uid[] pw[admin] realm[]
References:
Source
Reference
Page 42
Audit Report
Source
Reference
CVE
CVE-1999-0516
CVE
CVE-1999-0517
Vulnerability Solution:
1. If you do not absolutely need SNMP, disable it. SNMP versions 1 and 2c are inherently insecure. SNMP version 3 provides more
complex authentication and encryption.
2. If you must use SNMP be sure to use complex and difficult to guess community names. Use the same policy for community names
as you use for passwords.
3. Try to make all your MIB's read only. This will limit the damage an attacker can do to your network.
3.1.17. Default or Guessable SNMP community names: default (snmp-read-0012)
Description:
The Simple Network Management Protocol (SNMP) is a commonly used network service. Its primary function is to provide network
administrators with information about all kinds of network connected devices. SNMP can be used to get and change system settings on
a wide variety of devices, from network servers, to routers and printers. The drawback to this service is the authentication is an
unencrypted "community string". In addition many SNMP servers provide very simple default community strings. The community string
"default" is a default on a number of SNMP servers.
This community string can allow attackers to gain a large amount of information about the SNMP server and the network it monitors.
Attackers may even reconfigure or shut down devices remotely.
Affected Nodes:
Affected Nodes:
Additional Information:
10.220.251.116:161
Running SNMP serviceSuccessfully authenticated to the SNMP service with
credentials: uid[] pw[default] realm[]
References:
Source
Reference
CVE
CVE-1999-0516
CVE
CVE-1999-0517
Vulnerability Solution:
1. If you do not absolutely need SNMP, disable it. SNMP versions 1 and 2c are inherently insecure. SNMP version 3 provides more
complex authentication and encryption.
2. If you must use SNMP be sure to use complex and difficult to guess community names. Use the same policy for community names
as you use for passwords.
3. Try to make all your MIB's read only. This will limit the damage an attacker can do to your network.
Page 43
Audit Report
3.1.18. Default or Guessable SNMP community names: password (snmp-read-0013)
Description:
The Simple Network Management Protocol (SNMP) is a commonly used network service. Its primary function is to provide network
administrators with information about all kinds of network connected devices. SNMP can be used to get and change system settings on
a wide variety of devices, from network servers, to routers and printers. The drawback to this service is the authentication is an
unencrypted "community string". In addition many SNMP servers provide very simple default community strings. The community string
"password" is a default on a number of SNMP servers.
This community string can allow attackers to gain a large amount of information about the SNMP server and the network it monitors.
Attackers may even reconfigure or shut down devices remotely.
Affected Nodes:
Affected Nodes:
Additional Information:
10.220.251.116:161
Running SNMP serviceSuccessfully authenticated to the SNMP service with
credentials: uid[] pw[password] realm[]
References:
Source
Reference
CVE
CVE-1999-0516
CVE
CVE-1999-0517
Vulnerability Solution:
1. If you do not absolutely need SNMP, disable it. SNMP versions 1 and 2c are inherently insecure. SNMP version 3 provides more
complex authentication and encryption.
2. If you must use SNMP be sure to use complex and difficult to guess community names. Use the same policy for community names
as you use for passwords.
3. Try to make all your MIB's read only. This will limit the damage an attacker can do to your network.
3.1.19. Default or Guessable SNMP community names: tivoli (snmp-read-0014)
Description:
The Simple Network Management Protocol (SNMP) is a commonly used network service. Its primary function is to provide network
administrators with information about all kinds of network connected devices. SNMP can be used to get and change system settings on
a wide variety of devices, from network servers, to routers and printers. The drawback to this service is the authentication is an
unencrypted "community string". In addition many SNMP servers provide very simple default community strings. The community string
"tivoli" is a default on a number of SNMP servers.
This community string can allow attackers to gain a large amount of information about the SNMP server and the network it monitors.
Attackers may even reconfigure or shut down devices remotely.
Page 44
Audit Report
Affected Nodes:
Affected Nodes:
Additional Information:
10.220.251.116:161
Running SNMP serviceSuccessfully authenticated to the SNMP service with
credentials: uid[] pw[tivoli] realm[]
References:
Source
Reference
CVE
CVE-1999-0516
CVE
CVE-1999-0517
Vulnerability Solution:
1. If you do not absolutely need SNMP, disable it. SNMP versions 1 and 2c are inherently insecure. SNMP version 3 provides more
complex authentication and encryption.
2. If you must use SNMP be sure to use complex and difficult to guess community names. Use the same policy for community names
as you use for passwords.
3. Try to make all your MIB's read only. This will limit the damage an attacker can do to your network.
3.1.20. Default or Guessable SNMP community names: openview (snmp-read-0015)
Description:
The Simple Network Management Protocol (SNMP) is a commonly used network service. Its primary function is to provide network
administrators with information about all kinds of network connected devices. SNMP can be used to get and change system settings on
a wide variety of devices, from network servers, to routers and printers. The drawback to this service is the authentication is an
unencrypted "community string". In addition many SNMP servers provide very simple default community strings. The community string
"openview" is a default on a number of SNMP servers.
This community string can allow attackers to gain a large amount of information about the SNMP server and the network it monitors.
Attackers may even reconfigure or shut down devices remotely.
Affected Nodes:
Affected Nodes:
Additional Information:
10.220.251.116:161
Running SNMP serviceSuccessfully authenticated to the SNMP service with
credentials: uid[] pw[openview] realm[]
References:
Source
Reference
CVE
CVE-1999-0516
Page 45
Audit Report
Source
Reference
CVE
CVE-1999-0517
Vulnerability Solution:
1. If you do not absolutely need SNMP, disable it. SNMP versions 1 and 2c are inherently insecure. SNMP version 3 provides more
complex authentication and encryption.
2. If you must use SNMP be sure to use complex and difficult to guess community names. Use the same policy for community names
as you use for passwords.
3. Try to make all your MIB's read only. This will limit the damage an attacker can do to your network.
3.1.21. Default or Guessable SNMP community names: community (snmp-read-0016)
Description:
The Simple Network Management Protocol (SNMP) is a commonly used network service. Its primary function is to provide network
administrators with information about all kinds of network connected devices. SNMP can be used to get and change system settings on
a wide variety of devices, from network servers, to routers and printers. The drawback to this service is the authentication is an
unencrypted "community string". In addition many SNMP servers provide very simple default community strings. The community string
"community" is a default on a number of SNMP servers.
This community string can allow attackers to gain a large amount of information about the SNMP server and the network it monitors.
Attackers may even reconfigure or shut down devices remotely.
Affected Nodes:
Affected Nodes:
Additional Information:
10.220.251.116:161
Running SNMP serviceSuccessfully authenticated to the SNMP service with
credentials: uid[] pw[community] realm[]
References:
Source
Reference
CVE
CVE-1999-0516
CVE
CVE-1999-0517
Vulnerability Solution:
1. If you do not absolutely need SNMP, disable it. SNMP versions 1 and 2c are inherently insecure. SNMP version 3 provides more
complex authentication and encryption.
2. If you must use SNMP be sure to use complex and difficult to guess community names. Use the same policy for community names
as you use for passwords.
3. Try to make all your MIB's read only. This will limit the damage an attacker can do to your network.
3.1.22. Default or Guessable SNMP community names: snmp (snmp-read-0017)
Page 46
Audit Report
Description:
The Simple Network Management Protocol (SNMP) is a commonly used network service. Its primary function is to provide network
administrators with information about all kinds of network connected devices. SNMP can be used to get and change system settings on
a wide variety of devices, from network servers, to routers and printers. The drawback to this service is the authentication is an
unencrypted "community string". In addition many SNMP servers provide very simple default community strings. The community string
"snmp" is a default on a number of SNMP servers.
This community string can allow attackers to gain a large amount of information about the SNMP server and the network it monitors.
Attackers may even reconfigure or shut down devices remotely.
Affected Nodes:
Affected Nodes:
Additional Information:
10.220.251.116:161
Running SNMP serviceSuccessfully authenticated to the SNMP service with
credentials: uid[] pw[snmp] realm[]
References:
Source
Reference
CVE
CVE-1999-0516
CVE
CVE-1999-0517
Vulnerability Solution:
1. If you do not absolutely need SNMP, disable it. SNMP versions 1 and 2c are inherently insecure. SNMP version 3 provides more
complex authentication and encryption.
2. If you must use SNMP be sure to use complex and difficult to guess community names. Use the same policy for community names
as you use for passwords.
3. Try to make all your MIB's read only. This will limit the damage an attacker can do to your network.
3.1.23. Default or Guessable SNMP community names: Secret C0de (snmp-read-0019)
Description:
The Simple Network Management Protocol (SNMP) is a commonly used network service. Its primary function is to provide network
administrators with information about all kinds of network connected devices. SNMP can be used to get and change system settings on
a wide variety of devices, from network servers, to routers and printers. The drawback to this service is the authentication is an
unencrypted "community string". In addition many SNMP servers provide very simple default community strings. The community string
"Secret C0de" is a default on a number of SNMP servers.
This community string can allow attackers to gain a large amount of information about the SNMP server and the network it monitors.
Attackers may even reconfigure or shut down devices remotely.
Page 47
Audit Report
Affected Nodes:
Affected Nodes:
Additional Information:
10.220.251.116:161
Running SNMP serviceSuccessfully authenticated to the SNMP service with
credentials: uid[] pw[Secret C0de] realm[]
References:
Source
Reference
CVE
CVE-1999-0516
CVE
CVE-1999-0517
Vulnerability Solution:
1. If you do not absolutely need SNMP, disable it. SNMP versions 1 and 2c are inherently insecure. SNMP version 3 provides more
complex authentication and encryption.
2. If you must use SNMP be sure to use complex and difficult to guess community names. Use the same policy for community names
as you use for passwords.
3. Try to make all your MIB's read only. This will limit the damage an attacker can do to your network.
3.1.24. Default or Guessable SNMP community names: security (snmp-read-0020)
Description:
The Simple Network Management Protocol (SNMP) is a commonly used network service. Its primary function is to provide network
administrators with information about all kinds of network connected devices. SNMP can be used to get and change system settings on
a wide variety of devices, from network servers, to routers and printers. The drawback to this service is the authentication is an
unencrypted "community string". In addition many SNMP servers provide very simple default community strings. The community string
"security" is a default on a number of SNMP servers.
This community string can allow attackers to gain a large amount of information about the SNMP server and the network it monitors.
Attackers may even reconfigure or shut down devices remotely.
Affected Nodes:
Affected Nodes:
Additional Information:
10.220.251.116:161
Running SNMP serviceSuccessfully authenticated to the SNMP service with
credentials: uid[] pw[security] realm[]
References:
Source
Reference
CVE
CVE-1999-0516
CVE
CVE-1999-0517
Page 48
Audit Report
Vulnerability Solution:
1. If you do not absolutely need SNMP, disable it. SNMP versions 1 and 2c are inherently insecure. SNMP version 3 provides more
complex authentication and encryption.
2. If you must use SNMP be sure to use complex and difficult to guess community names. Use the same policy for community names
as you use for passwords.
3. Try to make all your MIB's read only. This will limit the damage an attacker can do to your network.
3.1.25. Default or Guessable SNMP community names: rmon (snmp-read-0022)
Description:
The Simple Network Management Protocol (SNMP) is a commonly used network service. Its primary function is to provide network
administrators with information about all kinds of network connected devices. SNMP can be used to get and change system settings on
a wide variety of devices, from network servers, to routers and printers. The drawback to this service is the authentication is an
unencrypted "community string". In addition many SNMP servers provide very simple default community strings. The community string
"rmon" is a default on a number of SNMP servers.
This community string can allow attackers to gain a large amount of information about the SNMP server and the network it monitors.
Attackers may even reconfigure or shut down devices remotely.
Affected Nodes:
Affected Nodes:
Additional Information:
10.220.251.116:161
Running SNMP serviceSuccessfully authenticated to the SNMP service with
credentials: uid[] pw[rmon] realm[]
References:
Source
Reference
CVE
CVE-1999-0516
CVE
CVE-1999-0517
Vulnerability Solution:
1. If you do not absolutely need SNMP, disable it. SNMP versions 1 and 2c are inherently insecure. SNMP version 3 provides more
complex authentication and encryption.
2. If you must use SNMP be sure to use complex and difficult to guess community names. Use the same policy for community names
as you use for passwords.
3. Try to make all your MIB's read only. This will limit the damage an attacker can do to your network.
3.1.26. Default or Guessable SNMP community names: rmon_admin (snmp-read-0023)
Description:
Page 49
Audit Report
The Simple Network Management Protocol (SNMP) is a commonly used network service. Its primary function is to provide network
administrators with information about all kinds of network connected devices. SNMP can be used to get and change system settings on
a wide variety of devices, from network servers, to routers and printers. The drawback to this service is the authentication is an
unencrypted "community string". In addition many SNMP servers provide very simple default community strings. The community string
"rmon_admin" is a default on a number of SNMP servers.
This community string can allow attackers to gain a large amount of information about the SNMP server and the network it monitors.
Attackers may even reconfigure or shut down devices remotely.
Affected Nodes:
Affected Nodes:
Additional Information:
10.220.251.116:161
Running SNMP serviceSuccessfully authenticated to the SNMP service with
credentials: uid[] pw[rmon_admin] realm[]
References:
Source
Reference
CVE
CVE-1999-0516
CVE
CVE-1999-0517
Vulnerability Solution:
1. If you do not absolutely need SNMP, disable it. SNMP versions 1 and 2c are inherently insecure. SNMP version 3 provides more
complex authentication and encryption.
2. If you must use SNMP be sure to use complex and difficult to guess community names. Use the same policy for community names
as you use for passwords.
3. Try to make all your MIB's read only. This will limit the damage an attacker can do to your network.
3.1.27. Default or Guessable SNMP community names: hp_admin (snmp-read-0024)
Description:
The Simple Network Management Protocol (SNMP) is a commonly used network service. Its primary function is to provide network
administrators with information about all kinds of network connected devices. SNMP can be used to get and change system settings on
a wide variety of devices, from network servers, to routers and printers. The drawback to this service is the authentication is an
unencrypted "community string". In addition many SNMP servers provide very simple default community strings. The community string
"hp_admin" is a default on a number of SNMP servers.
This community string can allow attackers to gain a large amount of information about the SNMP server and the network it monitors.
Attackers may even reconfigure or shut down devices remotely.
Affected Nodes:
Affected Nodes:
Additional Information:
Page 50
Audit Report
Affected Nodes:
Additional Information:
10.220.251.116:161
Running SNMP serviceSuccessfully authenticated to the SNMP service with
credentials: uid[] pw[hp_admin] realm[]
References:
Source
Reference
CVE
CVE-1999-0516
CVE
CVE-1999-0517
Vulnerability Solution:
1. If you do not absolutely need SNMP, disable it. SNMP versions 1 and 2c are inherently insecure. SNMP version 3 provides more
complex authentication and encryption.
2. If you must use SNMP be sure to use complex and difficult to guess community names. Use the same policy for community names
as you use for passwords.
3. Try to make all your MIB's read only. This will limit the damage an attacker can do to your network.
3.1.28. Default or Guessable SNMP community names: read (snmp-read-0025)
Description:
The Simple Network Management Protocol (SNMP) is a commonly used network service. Its primary function is to provide network
administrators with information about all kinds of network connected devices. SNMP can be used to get and change system settings on
a wide variety of devices, from network servers, to routers and printers. The drawback to this service is the authentication is an
unencrypted "community string". In addition many SNMP servers provide very simple default community strings. The community string
"read" is a default on a number of SNMP servers.
This community string can allow attackers to gain a large amount of information about the SNMP server and the network it monitors.
Attackers may even reconfigure or shut down devices remotely.
Affected Nodes:
Affected Nodes:
Additional Information:
10.220.251.116:161
Running SNMP serviceSuccessfully authenticated to the SNMP service with
credentials: uid[] pw[read] realm[]
References:
Source
Reference
CVE
CVE-1999-0516
CVE
CVE-1999-0517
Vulnerability Solution:
1. If you do not absolutely need SNMP, disable it. SNMP versions 1 and 2c are inherently insecure. SNMP version 3 provides more
complex authentication and encryption.
Page 51
Audit Report
2. If you must use SNMP be sure to use complex and difficult to guess community names. Use the same policy for community names
as you use for passwords.
3. Try to make all your MIB's read only. This will limit the damage an attacker can do to your network.
3.1.29. Default or Guessable SNMP community names: write (snmp-read-0026)
Description:
The Simple Network Management Protocol (SNMP) is a commonly used network service. Its primary function is to provide network
administrators with information about all kinds of network connected devices. SNMP can be used to get and change system settings on
a wide variety of devices, from network servers, to routers and printers. The drawback to this service is the authentication is an
unencrypted "community string". In addition many SNMP servers provide very simple default community strings. The community string
"write" is a default on a number of SNMP servers.
This community string can allow attackers to gain a large amount of information about the SNMP server and the network it monitors.
Attackers may even reconfigure or shut down devices remotely.
Affected Nodes:
Affected Nodes:
Additional Information:
10.220.251.116:161
Running SNMP serviceSuccessfully authenticated to the SNMP service with
credentials: uid[] pw[write] realm[]
References:
Source
Reference
CVE
CVE-1999-0516
CVE
CVE-1999-0517
Vulnerability Solution:
1. If you do not absolutely need SNMP, disable it. SNMP versions 1 and 2c are inherently insecure. SNMP version 3 provides more
complex authentication and encryption.
2. If you must use SNMP be sure to use complex and difficult to guess community names. Use the same policy for community names
as you use for passwords.
3. Try to make all your MIB's read only. This will limit the damage an attacker can do to your network.
3.1.30. Default or Guessable SNMP community names: secret (snmp-read-0027)
Description:
The Simple Network Management Protocol (SNMP) is a commonly used network service. Its primary function is to provide network
administrators with information about all kinds of network connected devices. SNMP can be used to get and change system settings on
a wide variety of devices, from network servers, to routers and printers. The drawback to this service is the authentication is an
unencrypted "community string". In addition many SNMP servers provide very simple default community strings. The community string
"secret" is a default on a number of SNMP servers.
Page 52
Audit Report
This community string can allow attackers to gain a large amount of information about the SNMP server and the network it monitors.
Attackers may even reconfigure or shut down devices remotely.
Affected Nodes:
Affected Nodes:
Additional Information:
10.220.251.116:161
Running SNMP serviceSuccessfully authenticated to the SNMP service with
credentials: uid[] pw[secret] realm[]
References:
Source
Reference
CVE
CVE-1999-0516
CVE
CVE-1999-0517
Vulnerability Solution:
1. If you do not absolutely need SNMP, disable it. SNMP versions 1 and 2c are inherently insecure. SNMP version 3 provides more
complex authentication and encryption.
2. If you must use SNMP be sure to use complex and difficult to guess community names. Use the same policy for community names
as you use for passwords.
3. Try to make all your MIB's read only. This will limit the damage an attacker can do to your network.
3.1.31. Default or Guessable SNMP community names: cable-docsis (snmp-read-0028)
Description:
The Simple Network Management Protocol (SNMP) is a commonly used network service. Its primary function is to provide network
administrators with information about all kinds of network connected devices. SNMP can be used to get and change system settings on
a wide variety of devices, from network servers, to routers and printers. The drawback to this service is the authentication is an
unencrypted "community string". In addition many SNMP servers provide very simple default community strings. The community string
"cable-docsis" is a default on a number of SNMP servers.
This community string can allow attackers to gain a large amount of information about the SNMP server and the network it monitors.
Attackers may even reconfigure or shut down devices remotely.
Affected Nodes:
Affected Nodes:
Additional Information:
10.220.251.116:161
Running SNMP serviceSuccessfully authenticated to the SNMP service with
credentials: uid[] pw[cable-docsis] realm[]
References:
Page 53
Audit Report
Source
Reference
CVE
CVE-1999-0516
CVE
CVE-1999-0517
Vulnerability Solution:
1. If you do not absolutely need SNMP, disable it. SNMP versions 1 and 2c are inherently insecure. SNMP version 3 provides more
complex authentication and encryption.
2. If you must use SNMP be sure to use complex and difficult to guess community names. Use the same policy for community names
as you use for passwords.
3. Try to make all your MIB's read only. This will limit the damage an attacker can do to your network.
3.1.32. Default or Guessable SNMP community names: cascade (snmp-read-0029)
Description:
The Simple Network Management Protocol (SNMP) is a commonly used network service. Its primary function is to provide network
administrators with information about all kinds of network connected devices. SNMP can be used to get and change system settings on
a wide variety of devices, from network servers, to routers and printers. The drawback to this service is the authentication is an
unencrypted "community string". In addition many SNMP servers provide very simple default community strings. The community string
"cascade" is a default on a number of SNMP servers.
This community string can allow attackers to gain a large amount of information about the SNMP server and the network it monitors.
Attackers may even reconfigure or shut down devices remotely.
Affected Nodes:
Affected Nodes:
Additional Information:
10.220.251.116:161
Running SNMP serviceSuccessfully authenticated to the SNMP service with
credentials: uid[] pw[cascade] realm[]
References:
Source
Reference
CVE
CVE-1999-0516
CVE
CVE-1999-0517
Vulnerability Solution:
1. If you do not absolutely need SNMP, disable it. SNMP versions 1 and 2c are inherently insecure. SNMP version 3 provides more
complex authentication and encryption.
2. If you must use SNMP be sure to use complex and difficult to guess community names. Use the same policy for community names
as you use for passwords.
3. Try to make all your MIB's read only. This will limit the damage an attacker can do to your network.
Page 54
Audit Report
3.1.33. Default or Guessable SNMP community names: ANYCOM (snmp-read-0030)
Description:
The Simple Network Management Protocol (SNMP) is a commonly used network service. Its primary function is to provide network
administrators with information about all kinds of network connected devices. SNMP can be used to get and change system settings on
a wide variety of devices, from network servers, to routers and printers. The drawback to this service is the authentication is an
unencrypted "community string". In addition many SNMP servers provide very simple default community strings. The community string
"ANYCOM" is a default on a number of SNMP servers.
This community string can allow attackers to gain a large amount of information about the SNMP server and the network it monitors.
Attackers may even reconfigure or shut down devices remotely.
Affected Nodes:
Affected Nodes:
Additional Information:
10.220.251.116:161
Running SNMP serviceSuccessfully authenticated to the SNMP service with
credentials: uid[] pw[ANYCOM] realm[]
References:
Source
Reference
CVE
CVE-1999-0516
CVE
CVE-1999-0517
Vulnerability Solution:
1. If you do not absolutely need SNMP, disable it. SNMP versions 1 and 2c are inherently insecure. SNMP version 3 provides more
complex authentication and encryption.
2. If you must use SNMP be sure to use complex and difficult to guess community names. Use the same policy for community names
as you use for passwords.
3. Try to make all your MIB's read only. This will limit the damage an attacker can do to your network.
3.1.34. Default or Guessable SNMP community names: proxy (snmp-read-0031)
Description:
The Simple Network Management Protocol (SNMP) is a commonly used network service. Its primary function is to provide network
administrators with information about all kinds of network connected devices. SNMP can be used to get and change system settings on
a wide variety of devices, from network servers, to routers and printers. The drawback to this service is the authentication is an
unencrypted "community string". In addition many SNMP servers provide very simple default community strings. The community string
"proxy" is a default on a number of SNMP servers, including Intel Shiva® dialup and access devices.
This community string can allow attackers to gain a large amount of information about the SNMP server and the network it monitors.
Attackers may even reconfigure or shut down devices remotely.
Page 55
Audit Report
Affected Nodes:
Affected Nodes:
Additional Information:
10.220.251.116:161
Running SNMP serviceSuccessfully authenticated to the SNMP service with
credentials: uid[] pw[proxy] realm[]
References:
Source
Reference
CVE
CVE-1999-0516
CVE
CVE-1999-0517
Vulnerability Solution:
1. If you do not absolutely need SNMP, disable it. SNMP versions 1 and 2c are inherently insecure. SNMP version 3 provides more
complex authentication and encryption.
2. If you must use SNMP be sure to use complex and difficult to guess community names. Use the same policy for community names
as you use for passwords.
3. Try to make all your MIB's read only. This will limit the damage an attacker can do to your network.
3.1.35. Default or Guessable SNMP community names: NoGaH$@! (snmp-read-0032)
Description:
The Simple Network Management Protocol (SNMP) is a commonly used network service. Its primary function is to provide network
administrators with information about all kinds of network connected devices. SNMP can be used to get and change system settings on
a wide variety of devices, from network servers, to routers and printers. The drawback to this service is the authentication is an
unencrypted "community string". In addition many SNMP servers provide very simple default community strings. The community string
"NoGaH$@!" is a default on Avaya Cajun devices.
This community string can allow attackers to gain a large amount of information about the SNMP server and the network it monitors.
Attackers may even reconfigure or shut down devices remotely.
Affected Nodes:
Affected Nodes:
Additional Information:
10.220.251.116:161
Running SNMP serviceSuccessfully authenticated to the SNMP service with
credentials: uid[] pw[NoGaH$@!] realm[]
References:
Source
Reference
CVE
CVE-1999-0516
Page 56
Audit Report
Source
Reference
CVE
CVE-1999-0517
Vulnerability Solution:
1. If you do not absolutely need SNMP, disable it. SNMP versions 1 and 2c are inherently insecure. SNMP version 3 provides more
complex authentication and encryption.
2. If you must use SNMP be sure to use complex and difficult to guess community names. Use the same policy for community names
as you use for passwords.
3. Try to make all your MIB's read only. This will limit the damage an attacker can do to your network.
3.2. Severe Vulnerabilities
3.2.1. X.509 Certificate Subject CN Does Not Match the Entity Name (certificate-common-name-mismatch)
Description:
The subject common name (CN) field in the X.509 certificate does not match the name of the entity presenting the certificate.
Before issuing a certificate, a Certification Authority (CA) must check the identity of the entity requesting the certificate, as specified in
the CA's Certification Practice Statement (CPS). Thus, standard certificate validation procedures require the subject CN field of a
certificate to match the actual name of the entity presenting the certificate. For example, in a certificate presented by
"https://www.example.com/", the CN should be "www.example.com".
In order to detect and prevent active eavesdropping attacks, the validity of a certificate must be verified, or else an attacker could then
launch a man-in-the-middle attack and gain full control of the data stream. Of particular importance is the validity of the subject's CN,
that should match the name of the entity (hostname).
A CN mismatch most often occurs due to a configuration error, though it can also indicate that a man-in-the-middle attack is being
conducted.
Please note that this check may flag a false positive against servers that are properly configured using SNI.
Affected Nodes:
Affected Nodes:
Additional Information:
10.220.251.24:443
The subject common name found in the X.509 certificate does not seem to
match the scan target:Subject CN Huawei does not match target name specified
in the site.Subject CN Huawei could not be resolved to an IP address via DNS
lookup
10.220.251.25:443
The subject common name found in the X.509 certificate does not seem to
match the scan target:Subject CN Huawei does not match target name specified
in the site.Subject CN Huawei could not be resolved to an IP address via DNS
lookup
10.220.251.26:443
The subject common name found in the X.509 certificate does not seem to
Page 57
Audit Report
Affected Nodes:
Additional Information:
match the scan target:Subject CN Huawei does not match target name specified
in the site.Subject CN Huawei could not be resolved to an IP address via DNS
lookup
10.220.251.27:443
The subject common name found in the X.509 certificate does not seem to
match the scan target:Subject CN Huawei does not match target name specified
in the site.Subject CN Huawei could not be resolved to an IP address via DNS
lookup
10.220.251.28:443
The subject common name found in the X.509 certificate does not seem to
match the scan target:Subject CN Huawei does not match target name specified
in the site.Subject CN Huawei could not be resolved to an IP address via DNS
lookup
10.220.251.29:443
The subject common name found in the X.509 certificate does not seem to
match the scan target:Subject CN Huawei does not match target name specified
in the site.Subject CN Huawei could not be resolved to an IP address via DNS
lookup
10.220.251.30:443
The subject common name found in the X.509 certificate does not seem to
match the scan target:Subject CN Huawei does not match target name specified
in the site.Subject CN Huawei could not be resolved to an IP address via DNS
lookup
10.220.251.31:443
The subject common name found in the X.509 certificate does not seem to
match the scan target:Subject CN Huawei does not match target name specified
in the site.Subject CN Huawei could not be resolved to an IP address via DNS
lookup
10.220.251.32:443
The subject common name found in the X.509 certificate does not seem to
match the scan target:Subject CN Huawei does not match target name specified
in the site.Subject CN Huawei could not be resolved to an IP address via DNS
lookup
10.220.251.46:443
The subject common name found in the X.509 certificate does not seem to
match the scan target:Subject CN COMMVAULT does not match target name
specified in the site.Subject CN COMMVAULT could not be resolved to an IP
address via DNS lookup
10.220.251.64:443
The subject common name found in the X.509 certificate does not seem to
match the scan target:Subject CN huawei does not match target name specified
in the site.Subject CN huawei could not be resolved to an IP address via DNS
lookup
10.220.251.65:443
The subject common name found in the X.509 certificate does not seem to
match the scan target:Subject CN huawei does not match target name specified
in the site.Subject CN huawei could not be resolved to an IP address via DNS
lookup
10.220.251.82:443
The subject common name found in the X.509 certificate does not seem to
match the scan target:Subject CN Huawei does not match target name specified
in the site.Subject CN Huawei could not be resolved to an IP address via DNS
lookup
Page 58
Audit Report
Affected Nodes:
Additional Information:
10.220.251.83:443
The subject common name found in the X.509 certificate does not seem to
match the scan target:Subject CN Huawei does not match target name specified
in the site.Subject CN Huawei could not be resolved to an IP address via DNS
lookup
10.220.251.84:443
The subject common name found in the X.509 certificate does not seem to
match the scan target:Subject CN Huawei does not match target name specified
in the site.Subject CN Huawei could not be resolved to an IP address via DNS
lookup
References:
None
Vulnerability Solution:
The subject's common name (CN) field in the X.509 certificate should be fixed to reflect the name of the entity presenting the certificate
(e.g., the hostname). This is done by generating a new certificate usually signed by a Certification Authority (CA) trusted by both the
client and server.
3.2.2. SMB signing disabled (cifs-smb-signing-disabled)
Description:
This system does not allow SMB signing. SMB signing allows the recipient of SMB packets to confirm their authenticity and helps
prevent man in the middle attacks against SMB. SMB signing can be configured in one of three ways: disabled entirely (least secure),
enabled, and required (most secure).
Affected Nodes:
Affected Nodes:
Additional Information:
10.220.251.119:139
SMB signing is disabled
10.220.251.119:445
SMB signing is disabled
References:
Source
Reference
URL
http://blogs.technet.com/b/josebda/archive/2010/12/01/the-basics-of-smb-signing-covering-both-smb1-andsmb2.aspx
Vulnerability Solution:
•Microsoft Windows
Configure SMB signing for Windows
Configure the system to enable or require SMB signing as appropriate. The method and effect of doing this is system specific so
please see this TechNet article for details. Note: ensure that SMB signing configuration is done for incoming connections (Server).
Page 59
Audit Report
•Samba
Configure SMB signing for Samba
Configure Samba to enable or require SMB signing as appropriate. To enable SMB signing, put the following in the Samba
configuration file, typically smb.conf, in the global section:
server signing = auto
To require SMB signing, put the following in the Samba configuration file, typically smb.conf, in the global section:
server signing = mandatory
3.2.3. IPMI 2.0 RAKP RMCP+ Authentication HMAC Password Hash Exposure (ipmi2-rmcp-rakp-hmac-password-hashexposure)
Description:
The IPMI 2.0 specification supports HMAC-SHA1 and HMAC-MD5 authentication, both of which send a computed hash to the client
that can be used to mount an offline bruteforce attack of the configured password.
Affected Nodes:
Affected Nodes:
Additional Information:
10.220.251.64:623
Successfully negotiated IPMI RMCP+ open session request with cipher type 1
10.220.251.65:623
Successfully negotiated IPMI RMCP+ open session request with cipher type 1
References:
Source
Reference
URL
https://community.rapid7.com/community/metasploit/blog/2013/07/02/a-penetration-testers-guide-to-ipmi
Vulnerability Solution:
•Disable IPMI
Disable IPMI entirely using the links below or by consulting your vendor's documentation:
•Dell iDRAC IPMI Configuration
•SuperMicro IPMI User Guide
•IBM IPMI device Configuration
•IPMI on linux documentation
•Cisco IPMI device Configuration
•ipmiutil User Guide
Page 60
Audit Report
•Restrict access to IPMI service(s)
Restrict access the affected IPMI service(s) using a firewall or other appropriate technology
3.2.4. X.509 Server Certificate Is Invalid/Expired (tls-server-cert-expired)
Description:
The TLS/SSL server's X.509 certificate either contains a start date in the future or is expired. Please refer to the proof for more details.
Affected Nodes:
Affected Nodes:
Additional Information:
10.220.251.46:443
The certificate is not valid after Sun, 21 Jun 2020 07:50:45 PKT
References:
None
Vulnerability Solution:
Obtain a new certificate and install it on the server. The exact instructions for obtaining a new certificate depend on your organization's
requirements. Generally, you will need to generate a certificate request and save the request as a file. This file is then sent to a
Certificate Authority (CA) for processing. Please ensure that the start date and the end date on the new certificate are valid.
Your organization may have its own internal Certificate Authority. If not, you may have to pay for a certificate from a trusted external
Certificate Authority.
After you have received a new certificate file from the Certificate Authority, you will have to install it on the TLS/SSL server. The exact
instructions for installing a certificate differ for each product. Please follow their documentation.
3.2.5. SMB signing not required (cifs-smb-signing-not-required)
Description:
This system enables, but does not require SMB signing. SMB signing allows the recipient of SMB packets to confirm their authenticity
and helps prevent man in the middle attacks against SMB. SMB signing can be configured in one of three ways: disabled entirely (least
secure), enabled, and required (most secure).
Affected Nodes:
Affected Nodes:
Additional Information:
10.220.251.119:139
Smb signing is: disabled
10.220.251.119:445
Smb signing is: disabled
References:
Source
Reference
Page 61
Audit Report
Source
Reference
URL
http://blogs.technet.com/b/josebda/archive/2010/12/01/the-basics-of-smb-signing-covering-both-smb1-andsmb2.aspx
Vulnerability Solution:
•Microsoft Windows
Configure SMB signing for Windows
Configure the system to enable or require SMB signing as appropriate. The method and effect of doing this is system specific so
please see this TechNet article for details. Note: ensure that SMB signing configuration is done for incoming connections (Server).
•Samba
Configure SMB signing for Samba
Configure Samba to enable or require SMB signing as appropriate. To enable SMB signing, put the following in the Samba
configuration file, typically smb.conf, in the global section:
server signing = auto
To require SMB signing, put the following in the Samba configuration file, typically smb.conf, in the global section:
server signing = mandatory
3.2.6. SMB: Service supports deprecated SMBv1 protocol (cifs-smb1-deprecated)
Description:
The SMB1 protocol has been deprecated since 2014 and is considered obsolete and insecure.
Affected Nodes:
Affected Nodes:
Additional Information:
10.220.251.119:139
SMB1 is deprecated and should not be used
10.220.251.119:445
SMB1 is deprecated and should not be used
References:
Source
Reference
URL
https://blogs.technet.microsoft.com/filecab/2016/09/16/stop-using-smb1/
Vulnerability Solution:
•Samba
Remove/disable SMB1
For Samba systems on Linux, disabling SMB1 is quite straightforward:
Page 62
Audit Report
How to configure Samba to use SMBv2 and disable SMBv1 on Linux or Unix
•Microsoft Windows
Remove/disable SMB1
For Windows 8.1 and Windows Server 2012 R2, removing SMB1 is trivial. On older OS'es it can't be removed but should be disabled.
This article contains system-specific details:
How to detect, enable and disable SMBv1, SMBv2, and SMBv3 in Windows and Windows Server
3.2.7. SMBv2 signing not required (cifs-smb2-signing-not-required)
Description:
This system enables, but does not require SMB signing. SMB signing allows the recipient of SMB packets to confirm their authenticity
and helps prevent man in the middle attacks against SMB. SMB 2.x signing can be configured in one of two ways: not required (least
secure) and required (most secure).
Affected Nodes:
Affected Nodes:
Additional Information:
10.220.251.119:445
Running CIFS serviceConfiguration item smb2-enabled set to 'true' matched
Configuration item smb2-signing set to 'enabled' matched
References:
Source
Reference
URL
https://blogs.technet.com/b/josebda/archive/2010/12/01/the-basics-of-smb-signing-covering-both-smb1and-smb2.aspx
Vulnerability Solution:
•Microsoft Windows
Configure SMB signing for Windows
Configure the system to enable or require SMB signing as appropriate. The method and effect of doing this is system specific so
please see this TechNet article for details. Note: ensure that SMB signing configuration is done for incoming connections (Server).
•Samba
Configure SMB signing for Samba
Configure Samba to enable or require SMB signing as appropriate. To enable SMB signing, put the following in the Samba
configuration file, typically smb.conf, in the global section:
server signing = auto
To require SMB signing, put the following in the Samba configuration file, typically smb.conf, in the global section:
Page 63
Audit Report
server signing = mandatory
3.2.8. Untrusted TLS/SSL server X.509 certificate (tls-untrusted-ca)
Description:
The server's TLS/SSL certificate is signed by a Certification Authority (CA) that is not well-known or trusted. This could happen if: the
chain/intermediate certificate is missing, expired or has been revoked; the server hostname does not match that configured in the
certificate; the time/date is incorrect; or a self-signed certificate is being used. The use of a self-signed certificate is not recommended
since it could indicate that a TLS/SSL man-in-the-middle attack is taking place
Affected Nodes:
Affected Nodes:
Additional Information:
10.220.251.24:443
TLS/SSL certificate signed by unknown, untrusted CA:
EMAILADDRESS=support_e@huawei.com, CN=Huawei, OU=IT, O=Huawei,
ST=Guangdong, C=CN -- [Path does not chain with any of the trust anchors].
10.220.251.25:443
TLS/SSL certificate signed by unknown, untrusted CA:
EMAILADDRESS=support_e@huawei.com, CN=Huawei, OU=IT, O=Huawei,
ST=Guangdong, C=CN -- [Path does not chain with any of the trust anchors].
10.220.251.26:443
TLS/SSL certificate signed by unknown, untrusted CA:
EMAILADDRESS=support_e@huawei.com, CN=Huawei, OU=IT, O=Huawei,
ST=Guangdong, C=CN -- [Path does not chain with any of the trust anchors].
10.220.251.27:443
TLS/SSL certificate signed by unknown, untrusted CA:
EMAILADDRESS=support_e@huawei.com, CN=Huawei, OU=IT, O=Huawei,
ST=Guangdong, C=CN -- [Path does not chain with any of the trust anchors].
10.220.251.28:443
TLS/SSL certificate signed by unknown, untrusted CA:
EMAILADDRESS=support_e@huawei.com, CN=Huawei, OU=IT, O=Huawei,
ST=Guangdong, C=CN -- [Path does not chain with any of the trust anchors].
10.220.251.29:443
TLS/SSL certificate signed by unknown, untrusted CA:
EMAILADDRESS=support_e@huawei.com, CN=Huawei, OU=IT, O=Huawei,
ST=Guangdong, C=CN -- [Path does not chain with any of the trust anchors].
10.220.251.30:443
TLS/SSL certificate signed by unknown, untrusted CA:
EMAILADDRESS=support_e@huawei.com, CN=Huawei, OU=IT, O=Huawei,
ST=Guangdong, C=CN -- [Path does not chain with any of the trust anchors].
10.220.251.31:443
TLS/SSL certificate signed by unknown, untrusted CA:
EMAILADDRESS=support_e@huawei.com, CN=Huawei, OU=IT, O=Huawei,
ST=Guangdong, C=CN -- [Path does not chain with any of the trust anchors].
10.220.251.32:443
TLS/SSL certificate signed by unknown, untrusted CA:
Page 64
Audit Report
Affected Nodes:
Additional Information:
EMAILADDRESS=support_e@huawei.com, CN=Huawei, OU=IT, O=Huawei,
ST=Guangdong, C=CN -- [Path does not chain with any of the trust anchors].
10.220.251.46:443
TLS/SSL certificate signed by unknown, untrusted CA: CN=COMMVAULT -[Path does not chain with any of the trust anchors].
10.220.251.46:3389
TLS/SSL certificate signed by unknown, untrusted CA: CN=mfs-lhrbackup.mobilink.net.pk -- [Path does not chain with any of the trust anchors].
10.220.251.47:3389
TLS/SSL certificate signed by unknown, untrusted CA: CN=MFS-LHRCV2.mobilink.net.pk -- [Path does not chain with any of the trust anchors].
10.220.251.64:443
TLS/SSL certificate signed by unknown, untrusted CA: CN=Huawei IT Product
CA, O=Huawei, C=CN -- [Path does not chain with any of the trust anchors].
10.220.251.65:443
TLS/SSL certificate signed by unknown, untrusted CA: CN=Huawei IT Product
CA, O=Huawei, C=CN -- [Path does not chain with any of the trust anchors].
10.220.251.82:443
TLS/SSL certificate signed by unknown, untrusted CA:
EMAILADDRESS=support_e@huawei.com, CN=Huawei, OU=IT, O=Huawei,
ST=Guangdong, C=CN -- [Path does not chain with any of the trust anchors].
10.220.251.83:443
TLS/SSL certificate signed by unknown, untrusted CA:
EMAILADDRESS=support_e@huawei.com, CN=Huawei, OU=IT, O=Huawei,
ST=Guangdong, C=CN -- [Path does not chain with any of the trust anchors].
10.220.251.84:443
TLS/SSL certificate signed by unknown, untrusted CA:
EMAILADDRESS=support_e@huawei.com, CN=Huawei, OU=IT, O=Huawei,
ST=Guangdong, C=CN -- [Path does not chain with any of the trust anchors].
References:
Source
Reference
URL
http://httpd.apache.org/docs/2.2/mod/mod_ssl.html
URL
http://nginx.org/en/docs/http/configuring_https_servers.html
URL
https://support.microsoft.com/en-us/kb/954755
Vulnerability Solution:
Ensure the common name (CN) reflects the name of the entity presenting the certificate (e.g., the hostname). If the certificate(s) or any
of the chain certificate(s) have expired or been revoked, obtain a new certificate from your Certificate Authority (CA) by following their
documentation. If a self-signed certificate is being used, consider obtaining a signed certificate from a CA.
References: Mozilla: Connection Untrusted ErrorSSLShopper: SSL Certificate Not Trusted ErrorWindows/IIS certificate chain config
Apache SSL configNginx SSL configCertificateChain.io
3.2.9. Database Open Access (database-open-access)
Description:
The database allows any remote system the ability to connect to it. It is recommended to limit direct access to trusted systems because
databases may contain sensitive data, and new vulnerabilities and exploits are discovered routinely for them. For this reason, it is a
violation of PCI DSS section 1.3.6 to have databases listening on ports accessible from the Internet, even when protected with secure
Page 65
Audit Report
authentication mechanisms.
Affected Nodes:
Affected Nodes:
Additional Information:
10.220.251.36:1521
Running Oracle TNS Listener service
10.220.251.46:1434
Running Microsoft SQL Monitor service
10.220.251.48:1521
Running Oracle TNS Listener service
10.220.251.49:1521
Running Oracle TNS Listener service
10.220.251.50:1524
Running Oracle TNS Listener service
10.220.251.51:1521
Running Oracle TNS Listener service
10.220.251.52:1521
Running Oracle TNS Listener service
10.220.251.53:1524
Running Oracle TNS Listener service
10.220.251.54:1521
Running Oracle TNS Listener service
10.220.251.56:1524
Running Oracle TNS Listener service
10.220.251.57:1521
Running Oracle TNS Listener service
10.220.251.58:1521
Running Oracle TNS Listener service
10.220.251.59:1524
Running Oracle TNS Listener service
10.220.251.60:1521
Running Oracle TNS Listener service
10.220.251.60:1524
Running Oracle TNS Listener service
10.220.251.72:1521
Running Oracle TNS Listener service
10.220.251.72:1524
Running Oracle TNS Listener service
References:
Source
Reference
URL
https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-1.pdf
Vulnerability Solution:
Configure the database server to only allow access to trusted systems. For example, the PCI DSS standard requires you to place the
database in an internal network zone, segregated from the DMZ
3.2.10. Missing HttpOnly Flag From Cookie (http-cookie-http-only-flag)
Description:
HttpOnly is an additional flag included in a Set-Cookie HTTP response header. If supported by the browser, using the HttpOnly flag
when generating a cookie helps mitigate the risk of client side script accessing the protected cookie. If a browser that supports HttpOnly
detects a cookie containing the HttpOnly flag, and client side script code attempts to read the cookie, the browser returns an empty
string as the result. This causes the attack to fail by preventing the malicious (usually XSS) code from sending the data to an attacker's
Page 66
Audit Report
website.
Affected Nodes:
Affected Nodes:
Additional Information:
10.220.251.46:80
Cookie is not marked as HttpOnly: 'csrf=jl55zt6paog5; path=/adminconsole;
domain=10.220.251.46'
URL: http://10.220.251.46/adminconsole/wcSSO.do
10.220.251.46:443
Cookie is not marked as HttpOnly: 'csrf=-1feke8f4jl9wn; path=/; secure;
domain=10.220.251.46'
URL: https://10.220.251.46/webconsole/
References:
Source
Reference
OWASP-2010
A3
OWASP-2013
A2
URL
http://msdn.microsoft.com/en-us/library/ms533046.aspx
URL
https://www.owasp.org/index.php/HttpOnly
Vulnerability Solution:
For each cookie generated by your web-site, add the "HttpOnly" flag to the cookie. For example:
Set-Cookie: <name>=<value>[; <Max-Age>=<age>]
[; expires=<date>][; domain=<domain_name>]
[; path=<some_path>][; secure][; HttpOnly]
3.2.11. Microsoft IIS default installation/welcome page installed (http-iis-default-install-page)
Description:
The IIS default installation or "Welcome" page is installed on this server. This usually indicates a newly installed server which has not
yet been configured properly and which may not be known about.
In many cases, IIS is installed by default and the user may not be aware that the web server is running. These servers are rarely
patched and rarely monitored, providing hackers with a convenient target that is not likely to trip any alarms.
Affected Nodes:
Affected Nodes:
Additional Information:
10.220.251.46:81
Running HTTP serviceProduct IIS exists -- Microsoft IISHTTP GET request to
Page 67
Audit Report
Affected Nodes:
Additional Information:
http://10.220.251.46:81/
HTTP response code was an expected 200
HTTP header 'Content-Location' not present
HTTP response code was an expected 200HTTP response code was an
expected 200HTTP response code was an expected 200HTTP response code
was an expected 200HTTP response code was an expected 200HTTP
response code was an expected 200HTTP response code was an expected
200HTTP response code was an expected 200
1: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://ww...
2: <html xmlns="http://www.w3.org/1999/xhtml">
3: <head>
4: <meta http-equiv="Content-Type" content="text/html; charset=iso-885...
5: <title>IIS Windows Server</title>
10.220.251.46:82
Running HTTP serviceProduct IIS exists -- Microsoft IISHTTP GET request to
http://10.220.251.46:82/
HTTP response code was an expected 200
HTTP header 'Content-Location' not present
HTTP response code was an expected 200HTTP response code was an
expected 200HTTP response code was an expected 200HTTP response code
was an expected 200HTTP response code was an expected 200HTTP
response code was an expected 200HTTP response code was an expected
200HTTP response code was an expected 200
1: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://ww...
2: <html xmlns="http://www.w3.org/1999/xhtml">
3: <head>
4: <meta http-equiv="Content-Type" content="text/html; charset=iso-885...
5: <title>IIS Windows Server</title>
References:
Source
Reference
OSVDB
2117
Vulnerability Solution:
If this server is required to provide necessary functionality, then the default page should be replaced with relevant content. Otherwise,
this server should be removed from the network, following the security principle of minimum complexity.
If the server is not needed, it can be disabled in the following way: in the Services window of the Control Panel's Administrative Tools
section, right-click on the 'World Wide Web Server' entry and select 'Stop'. Set its startup type to 'Manual' so that it does not restart if
the machine is rebooted (this is done by selecting 'Properties' in the right-click menu).
3.2.12. IPMI 1.5 GetChannelAuth Response Information Disclosure (ipmi15-getchannelauth-disclosure)
Description:
Page 68
Audit Report
The IPMI 1.5 specification requires that a response to a "Get Channel Authentication Capabilities" request will indicate if a null
username or null password is configured for any account.
Affected Nodes:
Affected Nodes:
Additional Information:
10.220.251.64:623
Running ASF-RMCP serviceConfiguration item ipmi_user_null set to '0'
matchedConfiguration item ipmi_user_anonymous set to '0' matched
10.220.251.65:623
Running ASF-RMCP serviceConfiguration item ipmi_user_null set to '0'
matchedConfiguration item ipmi_user_anonymous set to '0' matched
References:
Source
Reference
URL
https://community.rapid7.com/community/metasploit/blog/2013/07/02/a-penetration-testers-guide-to-ipmi
Vulnerability Solution:
•Disable IPMI
Disable IPMI entirely using the links below or by consulting your vendor's documentation:
•Dell iDRAC IPMI Configuration
•SuperMicro IPMI User Guide
•IBM IPMI device Configuration
•IPMI on linux documentation
•Cisco IPMI device Configuration
•ipmiutil User Guide
•Restrict access to IPMI service(s)
Restrict access the affected IPMI service(s) using a firewall or other appropriate technology
3.2.13. NTP: Traffic Amplification in CTL_OP_REQ_NONCE feature of ntpd (ntp-r7-2014-12-reqnonce-drdos)
Description:
An NTP control (mode 6) message with the CTL_OP_REQ_NONCE (12) opcode will generate a single reply that is larger (44 bytes)
than the request (12 bytes). This traffic amplification vulnerability can be used to conduct DRDoS attacks.
Affected Nodes:
Affected Nodes:
Additional Information:
10.220.251.36:123
Running NTP serviceOne 12-byte NTP version 2 mode 6 opcode 12 request
with 0-byte payload resulted in no packet amplification and a 32-byte bandwidth
Page 69
Audit Report
Affected Nodes:
Additional Information:
amplification:44-byte NTP version 2 mode 6 opcode 12 response with 32-byte
payload
One 12-byte NTP version 3 mode 6 opcode 12 request with 0-byte payload
resulted in no packet amplification and a 32-byte bandwidth amplification:44byte NTP version 3 mode 6 opcode 12 response with 32-byte payload
One 12-byte NTP version 4 mode 6 opcode 12 request with 0-byte payload
resulted in no packet amplification and a 32-byte bandwidth amplification:44byte NTP version 4 mode 6 opcode 12 response with 32-byte payload
References:
Source
Reference
URL
https://community.rapid7.com/community/metasploit/blog/2014/08/25/r7-2014-12-more-amplificationvulnerabilities-in-ntp-allow-even-more-drdos-attacks
Vulnerability Solution:
Apply a restrict option to all hosts that are not authorized to perform NTP queries. For example, to deny query requests from all clients,
put the following in the NTP configuration file, typically /etc/ntp.conf, and restart the NTP service:
restrict default nomodify nopeer noquery notrap
3.2.14. TLS/SSL Birthday attacks on 64-bit block ciphers (SWEET32) (ssl-cve-2016-2183-sweet32)
Description:
Legacy block ciphers having a block size of 64 bits are vulnerable to a practical collision attack when used in CBC mode. All versions
of the SSL/TLS protocols that support cipher suites which use 3DES as the symmetric encryption cipher are affected. The security of a
block cipher is often reduced to the key size k: the best attack should be the exhaustive search of the key, with complexity 2 to the
power of k. However, the block size n is also an important security parameter, defining the amount of data that can be encrypted under
the same key. This is particularly important when using common modes of operation: we require block ciphers to be secure with up to 2
to the power of n queries, but most modes of operation (e.g. CBC, CTR, GCM, OCB, etc.) are unsafe with more than 2 to the power of
half n blocks of message (the birthday bound). With a modern block cipher with 128-bit blocks such as AES, the birthday bound
corresponds to 256 exabytes. However, for a block cipher with 64-bit blocks, the birthday bound corresponds to only 32 GB, which is
easily reached in practice. Once a collision between two cipher blocks occurs it is possible to use the collision to extract the plain text
data.
Affected Nodes:
Affected Nodes:
Additional Information:
10.220.251.119:22
Negotiated with the following insecure cipher suites: TLS 1.0 ciphers:
TLS_RSA_WITH_3DES_EDE_CBC_SHA
10.220.251.46:3389
Negotiated with the following insecure cipher suites: TLS 1.0 ciphers:
TLS_RSA_WITH_3DES_EDE_CBC_SHATLS 1.1 ciphers:
Page 70
Audit Report
Affected Nodes:
Additional Information:
TLS_RSA_WITH_3DES_EDE_CBC_SHATLS 1.2 ciphers:
TLS_RSA_WITH_3DES_EDE_CBC_SHA
10.220.251.47:3389
Negotiated with the following insecure cipher suites: TLS 1.0 ciphers:
TLS_RSA_WITH_3DES_EDE_CBC_SHATLS 1.1 ciphers:
TLS_RSA_WITH_3DES_EDE_CBC_SHATLS 1.2 ciphers:
TLS_RSA_WITH_3DES_EDE_CBC_SHA
References:
Source
Reference
CVE
CVE-2016-2183
URL
https://sweet32.info/
URL
https://www.openssl.org/blog/blog/2016/08/24/sweet32
URL
https://access.redhat.com/articles/2548661
Vulnerability Solution:
Configure the server to disable support for 3DES suite.
For Microsoft IIS web servers, see Microsoft Knowledgebase article 245030 for instructions on disabling 3DES cipher suite.
The following recommended configuration provides a higher level of security. This configuration is compatible with Firefox 27, Chrome
22, IE 11, Opera 14 and Safari 7. SSLv2, SSLv3, and TLSv1 protocols are not recommended in this configuration. Instead, use
TLSv1.1 and TLSv1.2 protocols.
Refer to your server vendor documentation to apply the recommended cipher configuration:
ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSAAES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSAAES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK
3.2.15. Click Jacking (http-generic-click-jacking)
Description:
Clickjacking, also known as a UI redress attack, is a method in which an attacker uses multiple transparent or opaque layers to trick a
user into clicking a button or link on a page other than the one they believe they are clicking. Thus, the attacker is "hijacking" clicks
meant for one page and routing the user to an illegitimate page.
Affected Nodes:
Affected Nodes:
Additional Information:
10.220.251.46:81
Running HTTP serviceHTTP request to http://10.220.251.46:81/
HTTP response code was an expected 200
1: text/html
HTTP header 'Content-Type' was present and matched expectation
Page 71
Audit Report
Affected Nodes:
Additional Information:
HTTP header 'Content-Security-Policy' not present
HTTP header 'X-Frame-Options' not present
10.220.251.46:82
Running HTTP serviceHTTP request to http://10.220.251.46:82/
HTTP response code was an expected 200
1: text/html
HTTP header 'Content-Type' was present and matched expectation
HTTP header 'Content-Security-Policy' not present
HTTP header 'X-Frame-Options' not present
References:
Source
Reference
URL
https://www.owasp.org/index.php/Clickjacking
Vulnerability Solution:
Send the HTTP response headers with X-Frame-Options that instruct the browser to restrict framing where it is not allowed.
3.2.16. IPMI 2.0 RAKP RMCP+ Authentication Username Disclosure (ipmi2-rmcp-rakp-username-disclosure)
Description:
The IPMI 2.0 specification supports RMCP+ authentication, which allows a pre-authenticated client to confirm the existence of a
configured username
Affected Nodes:
Affected Nodes:
Additional Information:
10.220.251.64:623
Successfully negotiated IPMI RMCP+ open session request with cipher type 1
10.220.251.65:623
Successfully negotiated IPMI RMCP+ open session request with cipher type 1
References:
Source
Reference
URL
https://community.rapid7.com/community/metasploit/blog/2013/07/02/a-penetration-testers-guide-to-ipmi
Vulnerability Solution:
•Disable IPMI
Disable IPMI entirely using the links below or by consulting your vendor's documentation:
•Dell iDRAC IPMI Configuration
•SuperMicro IPMI User Guide
•IBM IPMI device Configuration
Page 72
Audit Report
•IPMI on linux documentation
•Cisco IPMI device Configuration
•ipmiutil User Guide
•Restrict access to IPMI service(s)
Restrict access the affected IPMI service(s) using a firewall or other appropriate technology
3.2.17. jQuery Vulnerability: CVE-2019-11358 (jquery-cve-2019-11358)
Description:
jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of
Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native
Object.prototype.
Affected Nodes:
Affected Nodes:
Additional Information:
10.220.251.24:443
Running HTTPS serviceVulnerable version of component jQuery found -- jQuery
3.2.1
10.220.251.25:443
Running HTTPS serviceVulnerable version of component jQuery found -- jQuery
3.2.1
10.220.251.26:443
Running HTTPS serviceVulnerable version of component jQuery found -- jQuery
3.2.1
10.220.251.27:443
Running HTTPS serviceVulnerable version of component jQuery found -- jQuery
3.2.1
10.220.251.28:443
Running HTTPS serviceVulnerable version of component jQuery found -- jQuery
3.2.1
10.220.251.29:443
Running HTTPS serviceVulnerable version of component jQuery found -- jQuery
3.2.1
10.220.251.30:443
Running HTTPS serviceVulnerable version of component jQuery found -- jQuery
3.2.1
10.220.251.31:443
Running HTTPS serviceVulnerable version of component jQuery found -- jQuery
3.2.1
10.220.251.32:443
Running HTTPS serviceVulnerable version of component jQuery found -- jQuery
3.2.1
References:
Source
Reference
Page 73
Audit Report
Source
Reference
BID
108023
CVE
CVE-2019-11358
DEBIAN
DSA-4434
DEBIAN
DSA-4460
REDHAT
RHBA-2019:1570
REDHAT
RHSA-2019:1456
REDHAT
RHSA-2019:2587
REDHAT
RHSA-2019:3023
REDHAT
RHSA-2019:3024
URL
https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/
Vulnerability Solution:
< 3.4.0
Download and apply the upgrade from: https://jquery.com/download/
3.2.18. jQuery Vulnerability: CVE-2020-11022 (jquery-cve-2020-11022)
Description:
In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one
of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in
jQuery 3.5.0.
Affected Nodes:
Affected Nodes:
Additional Information:
10.220.251.24:443
Running HTTPS serviceVulnerable version of component jQuery found -- jQuery
3.2.1
10.220.251.25:443
Running HTTPS serviceVulnerable version of component jQuery found -- jQuery
3.2.1
10.220.251.26:443
Running HTTPS serviceVulnerable version of component jQuery found -- jQuery
3.2.1
10.220.251.27:443
Running HTTPS serviceVulnerable version of component jQuery found -- jQuery
3.2.1
10.220.251.28:443
Running HTTPS serviceVulnerable version of component jQuery found -- jQuery
3.2.1
10.220.251.29:443
Running HTTPS serviceVulnerable version of component jQuery found -- jQuery
3.2.1
10.220.251.30:443
Running HTTPS serviceVulnerable version of component jQuery found -- jQuery
Page 74
Audit Report
Affected Nodes:
Additional Information:
3.2.1
10.220.251.31:443
Running HTTPS serviceVulnerable version of component jQuery found -- jQuery
3.2.1
10.220.251.32:443
Running HTTPS serviceVulnerable version of component jQuery found -- jQuery
3.2.1
References:
Source
Reference
CVE
CVE-2020-11022
DEBIAN
DSA-4693
URL
https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/
URL
https://jquery.com/upgrade-guide/3.5/
Vulnerability Solution:
< 3.5.0
Download and apply the upgrade from: https://jquery.com/download/
3.2.19. jQuery Vulnerability: CVE-2020-11023 (jquery-cve-2020-11023)
Description:
In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources
- even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted
code. This problem is patched in jQuery 3.5.0.
Affected Nodes:
Affected Nodes:
Additional Information:
10.220.251.24:443
Running HTTPS serviceVulnerable version of component jQuery found -- jQuery
3.2.1
10.220.251.25:443
Running HTTPS serviceVulnerable version of component jQuery found -- jQuery
3.2.1
10.220.251.26:443
Running HTTPS serviceVulnerable version of component jQuery found -- jQuery
3.2.1
10.220.251.27:443
Running HTTPS serviceVulnerable version of component jQuery found -- jQuery
3.2.1
10.220.251.28:443
Running HTTPS serviceVulnerable version of component jQuery found -- jQuery
3.2.1
10.220.251.29:443
Running HTTPS serviceVulnerable version of component jQuery found -- jQuery
3.2.1
Page 75
Audit Report
Affected Nodes:
Additional Information:
10.220.251.30:443
Running HTTPS serviceVulnerable version of component jQuery found -- jQuery
3.2.1
10.220.251.31:443
Running HTTPS serviceVulnerable version of component jQuery found -- jQuery
3.2.1
10.220.251.32:443
Running HTTPS serviceVulnerable version of component jQuery found -- jQuery
3.2.1
References:
Source
Reference
CVE
CVE-2020-11023
DEBIAN
DSA-4693
URL
https://blog.jquery.com/2020/04/10/jquery-3-5-0-released
URL
https://jquery.com/upgrade-guide/3.5/
Vulnerability Solution:
< 3.5.0
Download and apply the upgrade from: https://jquery.com/download/
3.2.20. TLS/SSL Server Supports RC4 Cipher Algorithms (CVE-2013-2566) (rc4-cve-2013-2566)
Description:
Recent cryptanalysis results exploit biases in the RC4 keystream to recover repeatedly encrypted plaintexts. As a result, RC4 can no
longer be seen as providing a sufficient level of security for SSL/TLS sessions. It has many single-byte biases, which makes it easier for
remote attackers to conduct plaintext-recovery attacks via statistical analysis of ciphertext in a large number of sessions that use the
same plaintext.
Affected Nodes:
Affected Nodes:
Additional Information:
10.220.251.119:22
Negotiated with the following insecure cipher suites: TLS 1.0 ciphers:
TLS_RSA_WITH_RC4_128_MD5TLS_RSA_WITH_RC4_128_SHA
References:
Source
Reference
CVE
CVE-2013-2566
URL
http://www.isg.rhul.ac.uk/tls/
URL
https://tools.ietf.org/html/rfc7465
URL
http://www.nist.gov/manuscript-publication-search.cfm?pub_id=915295
Page 76
Audit Report
Source
Reference
URL
https://wiki.mozilla.org/Security/Server_Side_TLS
URL
https://www.owasp.org/index.php/Transport_Layer_Protection_Cheat_Sheet#Rule__Only_Support_Strong_Cryptographic_Ciphers
URL
http://support.microsoft.com/kb/245030/
Vulnerability Solution:
Configure the server to disable support for RC4 ciphers.
For Microsoft IIS web servers, see Microsoft Knowledgebase article 245030 for instructions on disabling rc4 ciphers.
The following recommended configuration provides a higher level of security. This configuration is compatible with Firefox 27, Chrome
22, IE 11, Opera 14 and Safari 7. SSLv2, SSLv3, and TLSv1 protocols are not recommended in this configuration. Instead, use
TLSv1.1 and TLSv1.2 protocols.
Refer to your server vendor documentation to apply the recommended cipher configuration:
ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSAAES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSAAES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK
3.2.21. SSH Server Supports diffie-hellman-group1-sha1 (ssh-cve-2015-4000)
Description:
The prime modulus offered when diffie-hellman-group1-sha1 is used only has a size of 1024 bits. This size is considered weak and
within theoretical range of the so-called Logjam attack.
Affected Nodes:
Affected Nodes:
Additional Information:
10.220.251.24:22
Running SSH serviceInsecure key exchange in use: diffie-hellman-group1-sha1
10.220.251.25:22
Running SSH serviceInsecure key exchange in use: diffie-hellman-group1-sha1
10.220.251.26:22
Running SSH serviceInsecure key exchange in use: diffie-hellman-group1-sha1
10.220.251.27:22
Running SSH serviceInsecure key exchange in use: diffie-hellman-group1-sha1
10.220.251.28:22
Running SSH serviceInsecure key exchange in use: diffie-hellman-group1-sha1
10.220.251.29:22
Running SSH serviceInsecure key exchange in use: diffie-hellman-group1-sha1
10.220.251.30:22
Running SSH serviceInsecure key exchange in use: diffie-hellman-group1-sha1
10.220.251.31:22
Running SSH serviceInsecure key exchange in use: diffie-hellman-group1-sha1
10.220.251.32:22
Running SSH serviceInsecure key exchange in use: diffie-hellman-group1-sha1
10.220.251.82:22
Running SSH serviceInsecure key exchange in use: diffie-hellman-group1-sha1
10.220.251.83:22
Running SSH serviceInsecure key exchange in use: diffie-hellman-group1-sha1
Page 77
Audit Report
Affected Nodes:
Additional Information:
10.220.251.84:22
Running SSH serviceInsecure key exchange in use: diffie-hellman-group1-sha1
References:
Source
Reference
CVE
CVE-2015-4000
URL
https://weakdh.org/
Vulnerability Solution:
Remove ssh-diffie-hellman-group1-sha1 from the KexAlgorithms list specified in sshd_config.
3.2.22. SSH Server Supports Weak Key Exchange Algorithms (ssh-weak-kex-algorithms)
Description:
The server supports one or more weak key exchange algorithms. It is highly adviseable to remove weak key exchange algorithm
support from SSH configuration files on hosts to prevent them from being used to establish connections.
Affected Nodes:
Affected Nodes:
Additional Information:
10.220.251.24:22
Running SSH serviceInsecure key exchange algorithms in use: diffie-hellmangroup1-sha1,diffie-hellman-group-exchange-sha1
10.220.251.25:22
Running SSH serviceInsecure key exchange algorithms in use: diffie-hellmangroup1-sha1,diffie-hellman-group-exchange-sha1
10.220.251.26:22
Running SSH serviceInsecure key exchange algorithms in use: diffie-hellmangroup1-sha1,diffie-hellman-group-exchange-sha1
10.220.251.27:22
Running SSH serviceInsecure key exchange algorithms in use: diffie-hellmangroup1-sha1,diffie-hellman-group-exchange-sha1
10.220.251.28:22
Running SSH serviceInsecure key exchange algorithms in use: diffie-hellmangroup1-sha1,diffie-hellman-group-exchange-sha1
10.220.251.29:22
Running SSH serviceInsecure key exchange algorithms in use: diffie-hellmangroup1-sha1,diffie-hellman-group-exchange-sha1
10.220.251.30:22
Running SSH serviceInsecure key exchange algorithms in use: diffie-hellmangroup1-sha1,diffie-hellman-group-exchange-sha1
10.220.251.31:22
Running SSH serviceInsecure key exchange algorithms in use: diffie-hellmangroup1-sha1,diffie-hellman-group-exchange-sha1
10.220.251.32:22
Running SSH serviceInsecure key exchange algorithms in use: diffie-hellmangroup1-sha1,diffie-hellman-group-exchange-sha1
10.220.251.64:22
Running SSH serviceInsecure key exchange algorithms in use: diffie-hellmangroup-exchange-sha1
Page 78
Audit Report
Affected Nodes:
Additional Information:
10.220.251.65:22
Running SSH serviceInsecure key exchange algorithms in use: diffie-hellmangroup-exchange-sha1
10.220.251.82:22
Running SSH serviceInsecure key exchange algorithms in use: diffie-hellmangroup1-sha1,diffie-hellman-group-exchange-sha1
10.220.251.83:22
Running SSH serviceInsecure key exchange algorithms in use: diffie-hellmangroup1-sha1,diffie-hellman-group-exchange-sha1
10.220.251.84:22
Running SSH serviceInsecure key exchange algorithms in use: diffie-hellmangroup1-sha1,diffie-hellman-group-exchange-sha1
References:
Source
Reference
URL
https://wiki.mozilla.org/Security/Guidelines/OpenSSH
Vulnerability Solution:
Refer to this guide on what KEX algorithms to permit in your SSH configuration.
3.2.23. TLS/SSL Server is enabling the BEAST attack (ssl-cve-2011-3389-beast)
Description:
The SSL protocol, as used in certain configurations of Microsoft Windows and browsers such as Microsoft Internet Explorer, Mozilla
Firefox, Google Chrome, Opera (and other products negotiating SSL connections) encrypts data by using CBC mode with chained
initialization vectors. This potentially allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosenboundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the
Java URLConnection API, or (3) the Silverlight WebClient API, aka a "BEAST" attack. By supporting the affected protocols and ciphers,
the server is enabling the clients in to being exploited.
Affected Nodes:
Affected Nodes:
Additional Information:
10.220.251.119:22
Negotiated with the following insecure cipher suites: TLS 1.0 ciphers:
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_3DES_EDE_CBC_SHA
TLS_RSA_WITH_AES_128_CBC_SHATLS_RSA_WITH_AES_256_CBC_SHA
10.220.251.46:443
Negotiated with the following insecure cipher suites: TLS 1.0 ciphers:
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
10.220.251.46:3389
Negotiated with the following insecure cipher suites: TLS 1.0 ciphers:
TLS_DHE_RSA_WITH_AES_128_CBC_SHA
TLS_DHE_RSA_WITH_AES_256_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
Page 79
Audit Report
Affected Nodes:
Additional Information:
TLS_RSA_WITH_3DES_EDE_CBC_SHA
TLS_RSA_WITH_AES_128_CBC_SHATLS_RSA_WITH_AES_256_CBC_SHA
10.220.251.47:3389
Negotiated with the following insecure cipher suites: TLS 1.0 ciphers:
TLS_DHE_RSA_WITH_AES_128_CBC_SHA
TLS_DHE_RSA_WITH_AES_256_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_3DES_EDE_CBC_SHA
TLS_RSA_WITH_AES_128_CBC_SHATLS_RSA_WITH_AES_256_CBC_SHA
References:
Source
Reference
CVE
CVE-2011-3389
URL
http://vnhacker.blogspot.co.uk/2011/09/beast.html
Vulnerability Solution:
There is no server-side mitigation available against the BEAST attack. The only option is to disable the affected protocols (SSLv3 and
TLS 1.0). The only fully safe configuration is to use Authenticated Encryption with Associated Data (AEAD), e.g. AES-GCM, AES-CCM
in TLS 1.2.
3.2.24. Self-signed TLS/SSL certificate (ssl-self-signed-certificate)
Description:
The server's TLS/SSL certificate is self-signed. Self-signed certificates cannot be trusted by default, especially because TLS/SSL manin-the-middle attacks typically use self-signed certificates to eavesdrop on TLS/SSL connections.
Affected Nodes:
Affected Nodes:
Additional Information:
10.220.251.46:443
TLS/SSL certificate is self-signed.
10.220.251.46:3389
TLS/SSL certificate is self-signed.
10.220.251.47:3389
TLS/SSL certificate is self-signed.
References:
None
Vulnerability Solution:
Obtain a new TLS/SSL server certificate that is NOT self-signed and install it on the server. The exact instructions for obtaining a new
certificate depend on your organization's requirements. Generally, you will need to generate a certificate request and save the request
as a file. This file is then sent to a Certificate Authority (CA) for processing. Your organization may have its own internal Certificate
Authority. If not, you may have to pay for a certificate from a trusted external Certificate Authority, such as Thawte or Verisign.
Page 80
Audit Report
3.2.25. TLS Server Supports TLS version 1.0 (tlsv1_0-enabled)
Description:
The PCI (Payment Card Industry) Data Security Standard requires a minimum of TLS v1.1 and recommends TLS v1.2. In addition,
FIPS 140-2 standard requires a minimum of TLS v1.1 and recommends TLS v1.2.
Affected Nodes:
Affected Nodes:
Additional Information:
10.220.251.119:22
Successfully connected over TLSv1.0
10.220.251.46:443
Successfully connected over TLSv1.0
10.220.251.46:3389
Successfully connected over TLSv1.0
10.220.251.47:3389
Successfully connected over TLSv1.0
References:
Source
Reference
URL
https://www.pcisecuritystandards.org/documents/Migrating_from_SSL_Early_TLS_Information%20Supple
ment_v1.pdf
URL
http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-52r1.pdf
Vulnerability Solution:
Configure the server to require clients to use TLS version 1.2 using Authenticated Encryption with Associated Data (AEAD) capable
ciphers.
3.3. Moderate Vulnerabilities
3.3.1. HTTP OPTIONS Method Enabled (http-options-method-enabled)
Description:
Web servers that respond to the OPTIONS HTTP method expose what other methods are supported by the web server, allowing
attackers to narrow and intensify their efforts.
Affected Nodes:
Affected Nodes:
Additional Information:
10.220.251.46:81
OPTIONS method returned values including itself
10.220.251.46:82
OPTIONS method returned values including itself
References:
Page 81
Audit Report
Source
Reference
URL
https://www.owasp.org/index.php/Test_HTTP_Methods_(OTG-CONFIG-006)
Vulnerability Solution:
•Disable HTTP OPTIONS method
Disable HTTP OPTIONS method on your web server. Refer to your web server's instruction manual on how to do this.
Web servers that respond to the OPTIONS HTTP method expose what other methods are supported by the web server, allowing
attackers to narrow and intensify their efforts.
•Apache HTTPD
Disable HTTP OPTIONS Method for Apache
Disable the OPTIONS method by including the following in the Apache configuration:
<Limit OPTIONS>
Order deny,allow
Deny from all
</Limit>
•Microsoft IIS
Disable HTTP OPTIONS Method for IIS
Disable the OPTIONS method by doing the following in the IIS manager
1. Select relevent site
2. Select Request filtering and change to HTTP verb tab
3. Select Deny Verb from the actions pane
4. Type OPTIONS into the provided text box and press OK
•nginx nginx
Disable HTTP OPTIONS Method for nginx
Disable the OPTIONS method by adding the following line to your server block, you can add other HTTP methods to be allowed to run
after POST
limit_except GET POST { deny all; }
3.3.2. SSH CBC vulnerability (ssh-cbc-ciphers)
Description:
SSH contains a vulnerability in the way certain types of errors are handled. Attacks leveraging this vulnerabilty would lead to the loss of
the SSH session. According to CPNI Vulnerability Advisory SSH:
Page 82
Audit Report
If exploited, this attack can potentially allow an attacker to recover up to 32 bits of plaintext from an arbitrary block of ciphertext from a
connection secured using the SSH protocol in the standard configuration. If OpenSSH is used in the standard configuration, then the
attacker's success probability for recovering 32 bits of plaintext is 2^{-18}. A variant of the attack against OpenSSH in the standard
configuration can verifiably recover 14 bits of plaintext with probability 2^{-14}. The success probability of the attack for other
implementations of SSH is not known.
Affected Nodes:
Affected Nodes:
Additional Information:
10.220.251.118:22
Running SSH serviceInsecure CBC ciphers in use: aes256-cbc
10.220.251.21:22
Running SSH serviceInsecure CBC ciphers in use: aes256-cbc
10.220.251.22:22
Running SSH serviceInsecure CBC ciphers in use: aes256-cbc
10.220.251.23:22
Running SSH serviceInsecure CBC ciphers in use: aes256-cbc
10.220.251.33:22
Running SSH serviceInsecure CBC ciphers in use: aes256-cbc
10.220.251.34:22
Running SSH serviceInsecure CBC ciphers in use: aes256-cbc
10.220.251.35:22
Running SSH serviceInsecure CBC ciphers in use: aes256-cbc
10.220.251.36:22
Running SSH serviceInsecure CBC ciphers in use: aes256-cbc
10.220.251.37:22
Running SSH serviceInsecure CBC ciphers in use: aes256-cbc
10.220.251.38:22
Running SSH serviceInsecure CBC ciphers in use: aes256-cbc
10.220.251.41:22
Running SSH serviceInsecure CBC ciphers in use: aes256-cbc
10.220.251.45:22
Running SSH serviceInsecure CBC ciphers in use: aes256-cbc
10.220.251.57:22
Running SSH serviceInsecure CBC ciphers in use: aes256-cbc
10.220.251.58:22
Running SSH serviceInsecure CBC ciphers in use: aes256-cbc
10.220.251.59:22
Running SSH serviceInsecure CBC ciphers in use: aes256-cbc
10.220.251.60:22
Running SSH serviceInsecure CBC ciphers in use: aes256-cbc
10.220.251.67:22
Running SSH serviceInsecure CBC ciphers in use: aes256-cbc
10.220.251.72:22
Running SSH serviceInsecure CBC ciphers in use: aes256-cbc
References:
Source
Reference
URL
https://www.kb.cert.org/vuls/id/958563
Vulnerability Solution:
SSH can be done using Counter (CTR) mode encryption. This mode generates the keystream by encrypting successive values of a
"counter" function. In order to mitigate this vulnerabilty SSH can be setup to use CTR mode rather CBC mode.
3.3.3. TLS/SSL Server Supports The Use of Static Key Ciphers (ssl-static-key-ciphers)
Page 83
Audit Report
Description:
The server is configured to support ciphers known as static key ciphers. These ciphers don't support "Forward Secrecy". In the new
specification for HTTP/2, these ciphers have been blacklisted.
Affected Nodes:
Affected Nodes:
Additional Information:
10.220.251.119:22
Negotiated with the following insecure cipher suites: TLS 1.0 ciphers:
TLS_RSA_WITH_3DES_EDE_CBC_SHA
TLS_RSA_WITH_AES_128_CBC_SHATLS_RSA_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_RC4_128_MD5TLS_RSA_WITH_RC4_128_SHA
10.220.251.24:443
Negotiated with the following insecure cipher suites: TLS 1.1 ciphers:
TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHATLS 1.2 ciphers:
TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
10.220.251.25:443
Negotiated with the following insecure cipher suites: TLS 1.1 ciphers:
TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHATLS 1.2 ciphers:
TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
10.220.251.26:443
Negotiated with the following insecure cipher suites: TLS 1.1 ciphers:
TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHATLS 1.2 ciphers:
TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
10.220.251.27:443
Negotiated with the following insecure cipher suites: TLS 1.1 ciphers:
TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHATLS 1.2 ciphers:
TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
Page 84
Audit Report
Affected Nodes:
Additional Information:
TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
10.220.251.28:443
Negotiated with the following insecure cipher suites: TLS 1.1 ciphers:
TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHATLS 1.2 ciphers:
TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
10.220.251.29:443
Negotiated with the following insecure cipher suites: TLS 1.1 ciphers:
TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHATLS 1.2 ciphers:
TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
10.220.251.30:443
Negotiated with the following insecure cipher suites: TLS 1.1 ciphers:
TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHATLS 1.2 ciphers:
TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
10.220.251.31:443
Negotiated with the following insecure cipher suites: TLS 1.1 ciphers:
TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHATLS 1.2 ciphers:
TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
10.220.251.32:443
Negotiated with the following insecure cipher suites: TLS 1.1 ciphers:
TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHATLS 1.2 ciphers:
TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
Page 85
Audit Report
Affected Nodes:
Additional Information:
TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
10.220.251.36:5000
Negotiated with the following insecure cipher suites: TLS 1.2 ciphers:
TLS_RSA_WITH_AES_128_CBC_SHA256
10.220.251.46:3389
Negotiated with the following insecure cipher suites: TLS 1.0 ciphers:
TLS_RSA_WITH_3DES_EDE_CBC_SHA
TLS_RSA_WITH_AES_128_CBC_SHATLS_RSA_WITH_AES_256_CBC_SHA
TLS 1.1 ciphers: TLS_RSA_WITH_3DES_EDE_CBC_SHA
TLS_RSA_WITH_AES_128_CBC_SHATLS_RSA_WITH_AES_256_CBC_SHA
TLS 1.2 ciphers: TLS_RSA_WITH_3DES_EDE_CBC_SHA
TLS_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_AES_128_CBC_SHA256
TLS_RSA_WITH_AES_128_GCM_SHA256
TLS_RSA_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_AES_256_CBC_SHA256
TLS_RSA_WITH_AES_256_GCM_SHA384
10.220.251.47:3389
Negotiated with the following insecure cipher suites: TLS 1.0 ciphers:
TLS_RSA_WITH_3DES_EDE_CBC_SHA
TLS_RSA_WITH_AES_128_CBC_SHATLS_RSA_WITH_AES_256_CBC_SHA
TLS 1.1 ciphers: TLS_RSA_WITH_3DES_EDE_CBC_SHA
TLS_RSA_WITH_AES_128_CBC_SHATLS_RSA_WITH_AES_256_CBC_SHA
TLS 1.2 ciphers: TLS_RSA_WITH_3DES_EDE_CBC_SHA
TLS_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_AES_128_CBC_SHA256
TLS_RSA_WITH_AES_128_GCM_SHA256
TLS_RSA_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_AES_256_CBC_SHA256
TLS_RSA_WITH_AES_256_GCM_SHA384
10.220.251.48:5000
Negotiated with the following insecure cipher suites: TLS 1.2 ciphers:
TLS_RSA_WITH_AES_128_CBC_SHA256
10.220.251.49:5000
Negotiated with the following insecure cipher suites: TLS 1.2 ciphers:
TLS_RSA_WITH_AES_128_CBC_SHA256
10.220.251.51:5000
Negotiated with the following insecure cipher suites: TLS 1.2 ciphers:
TLS_RSA_WITH_AES_128_CBC_SHA256
10.220.251.52:5000
Negotiated with the following insecure cipher suites: TLS 1.2 ciphers:
TLS_RSA_WITH_AES_128_CBC_SHA256
10.220.251.54:5000
Negotiated with the following insecure cipher suites: TLS 1.2 ciphers:
TLS_RSA_WITH_AES_128_CBC_SHA256
10.220.251.82:443
Negotiated with the following insecure cipher suites: TLS 1.1 ciphers:
TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHATLS 1.2 ciphers:
TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
Page 86
Audit Report
Affected Nodes:
Additional Information:
TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
10.220.251.83:443
Negotiated with the following insecure cipher suites: TLS 1.1 ciphers:
TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHATLS 1.2 ciphers:
TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
10.220.251.84:443
Negotiated with the following insecure cipher suites: TLS 1.1 ciphers:
TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHATLS 1.2 ciphers:
TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
References:
Source
Reference
URL
http://www.nist.gov/manuscript-publication-search.cfm?pub_id=915295
URL
https://wiki.mozilla.org/Security/Server_Side_TLS
URL
https://www.owasp.org/index.php/Transport_Layer_Protection_Cheat_Sheet#Rule__Only_Support_Strong_Cryptographic_Ciphers
URL
http://support.microsoft.com/kb/245030/
URL
https://tools.ietf.org/html/rfc7540/
Vulnerability Solution:
Configure the server to disable support for static key cipher suites.
For Microsoft IIS web servers, see Microsoft Knowledgebase article 245030 for instructions on disabling static key cipher suites.
The following recommended configuration provides a higher level of security. This configuration is compatible with Firefox 27, Chrome
22, IE 11, Opera 14 and Safari 7. SSLv2, SSLv3, and TLSv1 protocols are not recommended in this configuration. Instead, use
TLSv1.1 and TLSv1.2 protocols.
Refer to your server vendor documentation to apply the recommended cipher configuration:
ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSAAES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-
Page 87
Audit Report
SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSAAES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK
3.3.4. TLS/SSL Server Is Using Commonly Used Prime Numbers (tls-dh-primes)
Description:
The server is using a common or default prime number as a parameter during the Diffie-Hellman key exchange. This makes the secure
session vulnerable to a precomputation attack. An attacker can spend a significant amount of time to generate a lookup/rainbow table
for a particular prime number. This lookup table can then be used to obtain the shared secret for the handshake and decrypt the
session.
Affected Nodes:
Affected Nodes:
Additional Information:
10.220.251.64:443
The server is using the following commonly used Diffie-Hellman primes:
ffffffffffffffffc90fdaa22168c234c4c6628b80dc1cd129024e088a67cc74020bbea63
b139b22514a08798e3404ddef9519b3cd3a431b302b0a6df25f14374fe1356d6d5
1c245e485b576625e7ec6f44c42e9a637ed6b0bff5cb6f406b7edee386bfb5a899f
a5ae9f24117c4b1fe649286651ece45b3dc2007cb8a163bf0598da48361c55d39
a69163fa8fd24cf5f83655d23dca3ad961c62f356208552bb9ed529077096966d6
70c354e4abc9804f1746c08ca18217c32905e462e36ce3be39e772c180e86039b
2783a2ec07a28fb5c55df06f4c52c9de2bcbf6955817183995497cea956ae515d2
261898fa051015728e5a8aacaa68ffffffffffffffff
10.220.251.65:443
The server is using the following commonly used Diffie-Hellman primes:
ffffffffffffffffc90fdaa22168c234c4c6628b80dc1cd129024e088a67cc74020bbea63
b139b22514a08798e3404ddef9519b3cd3a431b302b0a6df25f14374fe1356d6d5
1c245e485b576625e7ec6f44c42e9a637ed6b0bff5cb6f406b7edee386bfb5a899f
a5ae9f24117c4b1fe649286651ece45b3dc2007cb8a163bf0598da48361c55d39
a69163fa8fd24cf5f83655d23dca3ad961c62f356208552bb9ed529077096966d6
70c354e4abc9804f1746c08ca18217c32905e462e36ce3be39e772c180e86039b
2783a2ec07a28fb5c55df06f4c52c9de2bcbf6955817183995497cea956ae515d2
261898fa051015728e5a8aacaa68ffffffffffffffff
References:
Source
Reference
URL
https://weakdh.org/
URL
https://www.openssl.org/docs/man1.1.0/apps/dhparam.html
Vulnerability Solution:
Configure the server to use a randomly generated Diffie-Hellman group. It's recommend that you generate a 2048-bit group. The
simplest way of generating a new group is to use OpenSSL:
openssl dhparam -out dhparams.pem 2048
To use the DH parameters in newer versions of Apache (2.4.8 and newer) and OpenSSL 1.0.2 or later, you can directly specify your
DH params file as follows:
Page 88
Audit Report
SSLOpenSSLConfCmd DHParameters "{path to dhparams.pem}"
If you are using Apache with LibreSSL, or Apache 2.4.7 and OpenSSL 0.9.8a or later, you can append the DHparams you generated
earlier to the end of your certificate file and reload the configuration.
For other products see the remediation steps suggested by the original researchers.
3.3.5. TLS Server Supports TLS version 1.1 (tlsv1_1-enabled)
Description:
The PCI (Payment Card Industry) Data Security Standard requires a minimum of TLS v1.1 and recommends TLS v1.2. In addition,
FIPS 140-2 standard requires a minimum of TLS v1.1 and recommends TLS v1.2.
Affected Nodes:
Affected Nodes:
Additional Information:
10.220.251.24:443
Successfully connected over TLSv1.1
10.220.251.25:443
Successfully connected over TLSv1.1
10.220.251.26:443
Successfully connected over TLSv1.1
10.220.251.27:443
Successfully connected over TLSv1.1
10.220.251.28:443
Successfully connected over TLSv1.1
10.220.251.29:443
Successfully connected over TLSv1.1
10.220.251.30:443
Successfully connected over TLSv1.1
10.220.251.31:443
Successfully connected over TLSv1.1
10.220.251.32:443
Successfully connected over TLSv1.1
10.220.251.46:443
Successfully connected over TLSv1.1
10.220.251.46:3389
Successfully connected over TLSv1.1
10.220.251.47:3389
Successfully connected over TLSv1.1
10.220.251.64:443
Successfully connected over TLSv1.1
10.220.251.65:443
Successfully connected over TLSv1.1
10.220.251.82:443
Successfully connected over TLSv1.1
10.220.251.83:443
Successfully connected over TLSv1.1
10.220.251.84:443
Successfully connected over TLSv1.1
References:
Source
Reference
URL
https://www.pcisecuritystandards.org/documents/Migrating_from_SSL_Early_TLS_Information%20Supple
ment_v1.pdf
URL
http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-52r1.pdf
Page 89
Audit Report
Vulnerability Solution:
Configure the server to require clients to use TLS version 1.2 using Authenticated Encryption with Associated Data (AEAD) capable
ciphers.
3.3.6. ICMP timestamp response (generic-icmp-timestamp)
Description:
The remote host responded to an ICMP timestamp request. The ICMP timestamp response contains the remote host's date and time.
This information could theoretically be used against some systems to exploit weak time-based random number generators in other
services.
In addition, the versions of some operating systems can be accurately fingerprinted by analyzing their responses to invalid ICMP
timestamp requests.
Affected Nodes:
Affected Nodes:
Additional Information:
10.220.251.10
Able to determine remote system time.
10.220.251.100
Able to determine remote system time.
10.220.251.101
Able to determine remote system time.
10.220.251.102
Able to determine remote system time.
10.220.251.103
Able to determine remote system time.
10.220.251.104
Able to determine remote system time.
10.220.251.105
Able to determine remote system time.
10.220.251.106
Able to determine remote system time.
10.220.251.107
Able to determine remote system time.
10.220.251.108
Able to determine remote system time.
10.220.251.109
Able to determine remote system time.
10.220.251.11
Able to determine remote system time.
10.220.251.110
Able to determine remote system time.
10.220.251.111
Able to determine remote system time.
10.220.251.112
Able to determine remote system time.
10.220.251.113
Able to determine remote system time.
10.220.251.114
Able to determine remote system time.
10.220.251.115
Able to determine remote system time.
10.220.251.116
Able to determine remote system time.
10.220.251.117
Able to determine remote system time.
Page 90
Audit Report
Affected Nodes:
Additional Information:
10.220.251.118
Able to determine remote system time.
10.220.251.119
Able to determine remote system time.
10.220.251.12
Able to determine remote system time.
10.220.251.121
Able to determine remote system time.
10.220.251.122
Able to determine remote system time.
10.220.251.13
Able to determine remote system time.
10.220.251.14
Able to determine remote system time.
10.220.251.15
Able to determine remote system time.
10.220.251.16
Able to determine remote system time.
10.220.251.17
Able to determine remote system time.
10.220.251.18
Able to determine remote system time.
10.220.251.20
Able to determine remote system time.
10.220.251.21
Able to determine remote system time.
10.220.251.22
Able to determine remote system time.
10.220.251.23
Able to determine remote system time.
10.220.251.33
Able to determine remote system time.
10.220.251.34
Able to determine remote system time.
10.220.251.35
Able to determine remote system time.
10.220.251.36
Able to determine remote system time.
10.220.251.37
Able to determine remote system time.
10.220.251.38
Able to determine remote system time.
10.220.251.39
Able to determine remote system time.
10.220.251.41
Able to determine remote system time.
10.220.251.45
Able to determine remote system time.
10.220.251.46
Able to determine remote system time.
10.220.251.48
Able to determine remote system time.
10.220.251.49
Able to determine remote system time.
10.220.251.50
Able to determine remote system time.
10.220.251.51
Able to determine remote system time.
10.220.251.52
Able to determine remote system time.
10.220.251.53
Able to determine remote system time.
10.220.251.54
Able to determine remote system time.
10.220.251.56
Able to determine remote system time.
Page 91
Audit Report
Affected Nodes:
Additional Information:
10.220.251.57
Able to determine remote system time.
10.220.251.58
Able to determine remote system time.
10.220.251.59
Able to determine remote system time.
10.220.251.60
Able to determine remote system time.
10.220.251.61
Able to determine remote system time.
10.220.251.62
Able to determine remote system time.
10.220.251.63
Able to determine remote system time.
10.220.251.64
Able to determine remote system time.
10.220.251.65
Able to determine remote system time.
10.220.251.68
Able to determine remote system time.
10.220.251.69
Able to determine remote system time.
10.220.251.7
Able to determine remote system time.
10.220.251.72
Able to determine remote system time.
10.220.251.76
Able to determine remote system time.
10.220.251.77
Able to determine remote system time.
10.220.251.78
Able to determine remote system time.
10.220.251.79
Able to determine remote system time.
10.220.251.8
Able to determine remote system time.
10.220.251.80
Able to determine remote system time.
10.220.251.81
Able to determine remote system time.
10.220.251.87
Able to determine remote system time.
10.220.251.88
Able to determine remote system time.
10.220.251.89
Able to determine remote system time.
10.220.251.9
Able to determine remote system time.
10.220.251.90
Able to determine remote system time.
10.220.251.91
Able to determine remote system time.
10.220.251.92
Able to determine remote system time.
10.220.251.93
Able to determine remote system time.
10.220.251.94
Able to determine remote system time.
10.220.251.95
Able to determine remote system time.
10.220.251.96
Able to determine remote system time.
10.220.251.97
Able to determine remote system time.
10.220.251.98
Able to determine remote system time.
Page 92
Audit Report
Affected Nodes:
Additional Information:
10.220.251.99
Able to determine remote system time.
References:
Source
Reference
CVE
CVE-1999-0524
OSVDB
95
XF
306
XF
322
Vulnerability Solution:
•HP-UX
Disable ICMP timestamp responses on HP/UX
Execute the following command:
ndd -set /dev/ip ip_respond_to_timestamp_broadcast 0
The easiest and most effective solution is to configure your firewall to block incoming and outgoing ICMP packets with ICMP types 13
(timestamp request) and 14 (timestamp response).
•Cisco IOS
Disable ICMP timestamp responses on Cisco IOS
Use ACLs to block ICMP types 13 and 14. For example:
deny icmp any any 13
deny icmp any any 14
Note that it is generally preferable to use ACLs that block everything by default and then selectively allow certain types of traffic in. For
example, block everything and then only allow ICMP unreachable, ICMP echo reply, ICMP time exceeded, and ICMP source quench:
permit icmp any any unreachable
permit icmp any any echo-reply
permit icmp any any time-exceeded
permit icmp any any source-quench
The easiest and most effective solution is to configure your firewall to block incoming and outgoing ICMP packets with ICMP types 13
(timestamp request) and 14 (timestamp response).
•SGI Irix
Disable ICMP timestamp responses on SGI Irix
IRIX does not offer a way to disable ICMP timestamp responses. Therefore, you should block ICMP on the affected host using ipfilterd,
and/or block it at any external firewalls.
The easiest and most effective solution is to configure your firewall to block incoming and outgoing ICMP packets with ICMP types 13
(timestamp request) and 14 (timestamp response).
•Linux
Disable ICMP timestamp responses on Linux
Page 93
Audit Report
Linux offers neither a sysctl nor a /proc/sys/net/ipv4 interface to disable ICMP timestamp responses. Therefore, you should block ICMP
on the affected host using iptables, and/or block it at the firewall. For example:
ipchains -A input -p icmp --icmp-type timestamp-request -j DROP
ipchains -A output -p icmp --icmp-type timestamp-reply -j DROP
The easiest and most effective solution is to configure your firewall to block incoming and outgoing ICMP packets with ICMP types 13
(timestamp request) and 14 (timestamp response).
•Microsoft Windows NT, Microsoft Windows NT Workstation, Microsoft Windows NT Server, Microsoft Windows NT Advanced Server,
Microsoft Windows NT Server, Enterprise Edition, Microsoft Windows NT Server, Terminal Server Edition
Disable ICMP timestamp responses on Windows NT 4
Windows NT 4 does not provide a way to block ICMP packets. Therefore, you should block them at the firewall.
The easiest and most effective solution is to configure your firewall to block incoming and outgoing ICMP packets with ICMP types 13
(timestamp request) and 14 (timestamp response).
•OpenBSD
Disable ICMP timestamp responses on OpenBSD
Set the "net.inet.icmp.tstamprepl" sysctl variable to 0.
sysctl -w net.inet.icmp.tstamprepl=0
The easiest and most effective solution is to configure your firewall to block incoming and outgoing ICMP packets with ICMP types 13
(timestamp request) and 14 (timestamp response).
•Cisco PIX
Disable ICMP timestamp responses on Cisco PIX
A properly configured PIX firewall should never respond to ICMP packets on its external interface. In PIX Software versions 4.1(6) until
5.2.1, ICMP traffic to the PIX's internal interface is permitted; the PIX cannot be configured to NOT respond. Beginning in PIX Software
version 5.2.1, ICMP is still permitted on the internal interface by default, but ICMP responses from its internal interfaces can be
disabled with the icmp command, as follows, where <inside> is the name of the internal interface:
icmp deny any 13 <inside>
icmp deny any 14 <inside>
Don't forget to save the configuration when you are finished.
See Cisco's support document Handling ICMP Pings with the PIX Firewall for more information.
The easiest and most effective solution is to configure your firewall to block incoming and outgoing ICMP packets with ICMP types 13
(timestamp request) and 14 (timestamp response).
•Sun Solaris
Disable ICMP timestamp responses on Solaris
Execute the following commands:
/usr/sbin/ndd -set /dev/ip ip_respond_to_timestamp 0
/usr/sbin/ndd -set /dev/ip ip_respond_to_timestamp_broadcast 0
The easiest and most effective solution is to configure your firewall to block incoming and outgoing ICMP packets with ICMP types 13
(timestamp request) and 14 (timestamp response).
Page 94
Audit Report
•Microsoft Windows 2000, Microsoft Windows 2000 Professional, Microsoft Windows 2000 Server, Microsoft Windows 2000 Advanced
Server, Microsoft Windows 2000 Datacenter Server
Disable ICMP timestamp responses on Windows 2000
Use the IPSec filter feature to define and apply an IP filter list that blocks ICMP types 13 and 14. Note that the standard TCP/IP
blocking capability under the "Networking and Dialup Connections" control panel is NOT capable of blocking ICMP (only TCP and
UDP). The IPSec filter features, while they may seem strictly related to the IPSec standards, will allow you to selectively block these
ICMP packets. See http://support.microsoft.com/kb/313190 for more information.
The easiest and most effective solution is to configure your firewall to block incoming and outgoing ICMP packets with ICMP types 13
(timestamp request) and 14 (timestamp response).
•Microsoft Windows XP, Microsoft Windows XP Home, Microsoft Windows XP Professional, Microsoft Windows Server 2003, Microsoft
Windows Server 2003, Standard Edition, Microsoft Windows Server 2003, Enterprise Edition, Microsoft Windows Server 2003,
Datacenter Edition, Microsoft Windows Server 2003, Web Edition, Microsoft Windows Small Business Server 2003
Disable ICMP timestamp responses on Windows XP/2K3
ICMP timestamp responses can be disabled by deselecting the "allow incoming timestamp request" option in the ICMP configuration
panel of Windows Firewall.
1. Go to the Network Connections control panel.
2. Right click on the network adapter and select "properties", or select the internet adapter and select File->Properties.
3. Select the "Advanced" tab.
4. In the Windows Firewall box, select "Settings".
5. Select the "General" tab.
6. Enable the firewall by selecting the "on (recommended)" option.
7. Select the "Advanced" tab.
8. In the ICMP box, select "Settings".
9. Deselect (uncheck) the "Allow incoming timestamp request" option.
10. Select "OK" to exit the ICMP Settings dialog and save the settings.
11. Select "OK" to exit the Windows Firewall dialog and save the settings.
12. Select "OK" to exit the internet adapter dialog.
For more information, see: http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/enus/hnw_understanding_firewall.mspx?mfr=true
•Microsoft Windows Vista, Microsoft Windows Vista Home, Basic Edition, Microsoft Windows Vista Home, Basic N Edition, Microsoft
Windows Vista Home, Premium Edition, Microsoft Windows Vista Ultimate Edition, Microsoft Windows Vista Enterprise Edition,
Microsoft Windows Vista Business Edition, Microsoft Windows Vista Business N Edition, Microsoft Windows Vista Starter Edition,
Microsoft Windows Server 2008, Microsoft Windows Server 2008 Standard Edition, Microsoft Windows Server 2008 Enterprise Edition,
Microsoft Windows Server 2008 Datacenter Edition, Microsoft Windows Server 2008 HPC Edition, Microsoft Windows Server 2008
Web Edition, Microsoft Windows Server 2008 Storage Edition, Microsoft Windows Small Business Server 2008, Microsoft Windows
Essential Business Server 2008
Disable ICMP timestamp responses on Windows Vista/2008
ICMP timestamp responses can be disabled via the netsh command line utility.
1. Go to the Windows Control Panel.
Page 95
Audit Report
2. Select "Windows Firewall".
3. In the Windows Firewall box, select "Change Settings".
4. Enable the firewall by selecting the "on (recommended)" option.
5. Open a Command Prompt.
6. Enter "netsh firewall set icmpsetting 13 disable"
For more information, see: http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/enus/hnw_understanding_firewall.mspx?mfr=true
•Disable ICMP timestamp responses
Disable ICMP timestamp replies for the device. If the device does not support this level of configuration, the easiest and most effective
solution is to configure your firewall to block incoming and outgoing ICMP packets with ICMP types 13 (timestamp request) and 14
(timestamp response).
3.3.7. TCP timestamp response (generic-tcp-timestamp)
Description:
The remote host responded with a TCP timestamp. The TCP timestamp response can be used to approximate the remote host's
uptime, potentially aiding in further attacks. Additionally, some operating systems can be fingerprinted based on the behavior of their
TCP timestamps.
Affected Nodes:
Affected Nodes:
Additional Information:
10.220.251.119
Able to determine system boot time.
10.220.251.46
Able to determine system boot time.
References:
Source
Reference
URL
http://uptime.netcraft.com
URL
http://www.forensicswiki.org/wiki/TCP_timestamps
URL
http://www.ietf.org/rfc/rfc1323.txt
Vulnerability Solution:
•Cisco
Disable TCP timestamp responses on Cisco
Run the following command to disable TCP timestamps:
no ip tcp timestamp
Page 96
Audit Report
•FreeBSD
Disable TCP timestamp responses on FreeBSD
Set the value of net.inet.tcp.rfc1323 to 0 by running the following command:
sysctl -w net.inet.tcp.rfc1323=0
Additionally, put the following value in the default sysctl configuration file, generally sysctl.conf:
net.inet.tcp.rfc1323=0
•Linux
Disable TCP timestamp responses on Linux
Set the value of net.ipv4.tcp_timestamps to 0 by running the following command:
sysctl -w net.ipv4.tcp_timestamps=0
Additionally, put the following value in the default sysctl configuration file, generally sysctl.conf:
net.ipv4.tcp_timestamps=0
•OpenBSD
Disable TCP timestamp responses on OpenBSD
Set the value of net.inet.tcp.rfc1323 to 0 by running the following command:
sysctl -w net.inet.tcp.rfc1323=0
Additionally, put the following value in the default sysctl configuration file, generally sysctl.conf:
net.inet.tcp.rfc1323=0
•Microsoft Windows NT, Microsoft Windows NT Workstation, Microsoft Windows NT Server, Microsoft Windows NT Advanced Server,
Microsoft Windows NT Server, Enterprise Edition, Microsoft Windows NT Server, Terminal Server Edition, Microsoft Windows 95,
Microsoft Windows 98, Microsoft Windows 98SE, Microsoft Windows ME, Microsoft Windows 2000, Microsoft Windows 2000
Professional, Microsoft Windows 2000 Server, Microsoft Windows 2000 Advanced Server, Microsoft Windows 2000 Datacenter
Server, Microsoft Windows XP, Microsoft Windows XP Home, Microsoft Windows XP Professional, Microsoft Windows XP Tablet PC
Edition, Microsoft Windows CE, Microsoft Windows Server 2003, Microsoft Windows Server 2003, Standard Edition, Microsoft
Windows Server 2003, Enterprise Edition, Microsoft Windows Server 2003, Datacenter Edition, Microsoft Windows Server 2003, Web
Page 97
Audit Report
Edition, Microsoft Windows Small Business Server 2003, Microsoft Windows Server 2003 R2, Microsoft Windows Server 2003 R2,
Standard Edition, Microsoft Windows Server 2003 R2, Enterprise Edition, Microsoft Windows Server 2003 R2, Datacenter Edition,
Microsoft Windows Server 2003 R2, Web Edition, Microsoft Windows Small Business Server 2003 R2, Microsoft Windows Server 2003
R2, Express Edition, Microsoft Windows Server 2003 R2, Workgroup Edition
Disable TCP timestamp responses on Windows versions before Vista
Set the Tcp1323Opts value in the following key to 1:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters
•Microsoft Windows Server 2008, Microsoft Windows Server 2008 Standard Edition, Microsoft Windows Server 2008 Enterprise Edition,
Microsoft Windows Server 2008 Datacenter Edition, Microsoft Windows Server 2008 HPC Edition, Microsoft Windows Server 2008
Web Edition, Microsoft Windows Server 2008 Storage Edition, Microsoft Windows Small Business Server 2008, Microsoft Windows
Essential Business Server 2008, Microsoft Windows Server 2008 R2, Microsoft Windows Server 2008 R2, Standard Edition, Microsoft
Windows Server 2008 R2, Enterprise Edition, Microsoft Windows Server 2008 R2, Datacenter Edition, Microsoft Windows Server 2008
R2, Web Edition, Microsoft Windows Server 2012, Microsoft Windows Server 2012 Standard Edition, Microsoft Windows Server 2012
Foundation Edition, Microsoft Windows Server 2012 Essentials Edition, Microsoft Windows Server 2012 Datacenter Edition, Microsoft
Windows Storage Server 2012, Microsoft Windows Vista, Microsoft Windows Vista Home, Basic Edition, Microsoft Windows Vista
Home, Basic N Edition, Microsoft Windows Vista Home, Premium Edition, Microsoft Windows Vista Ultimate Edition, Microsoft
Windows Vista Enterprise Edition, Microsoft Windows Vista Business Edition, Microsoft Windows Vista Business N Edition, Microsoft
Windows Vista Starter Edition, Microsoft Windows 7, Microsoft Windows 7 Home, Basic Edition, Microsoft Windows 7 Home, Basic N
Edition, Microsoft Windows 7 Home, Premium Edition, Microsoft Windows 7 Home, Premium N Edition, Microsoft Windows 7 Ultimate
Edition, Microsoft Windows 7 Ultimate N Edition, Microsoft Windows 7 Enterprise Edition, Microsoft Windows 7 Enterprise N Edition,
Microsoft Windows 7 Professional Edition, Microsoft Windows 7 Starter Edition, Microsoft Windows 7 Starter N Edition, Microsoft
Windows 8, Microsoft Windows 8 Enterprise Edition, Microsoft Windows 8 Professional Edition, Microsoft Windows 8 RT, Microsoft
Windows Longhorn Server Beta
Disable TCP timestamp responses on Windows versions since Vista
TCP timestamps cannot be reliably disabled on this OS. If TCP timestamps present enough of a risk, put a firewall capable of blocking
TCP timestamp packets in front of the affected assets.
3.3.8. NetBIOS NBSTAT Traffic Amplification (netbios-nbstat-amplification)
Description:
A NetBIOS NBSTAT query will obtain the status from a NetBIOS-speaking endpoint, which will include any names that the endpoint is
known to respond to as well as the device's MAC address for that endpoint. A NBSTAT response is roughly 3x the size of the request,
and because NetBIOS utilizes UDP, this can be used to conduct traffic amplification attacks against other assets, typically in the form of
distributed reflected denial of service (DRDoS) attacks.
Affected Nodes:
Page 98
Audit Report
Affected Nodes:
Additional Information:
10.220.251.119:137
Running CIFS Name Service serviceConfiguration item advertised-name-count
set to '3' matched
10.220.251.46:137
Running CIFS Name Service serviceConfiguration item advertised-name-count
set to '3' matched
References:
Source
Reference
CERT
TA14-017A
Vulnerability Solution:
NetBIOS can be important to the proper functioning of a Windows network depending on the design. Restrict access to the NetBIOS
service to only trusted assets.
3.3.9. NTP clock variables information disclosure (ntp-clock-variables-disclosure)
Description:
This sytem allows the internal NTP variables to be queried. These variables contain potentially sensitive information, such as the NTP
software version, operating system version, peers, and more.
Affected Nodes:
Affected Nodes:
Additional Information:
10.220.251.36:123
The following NTP variables were found from a readvar request: clk_jitter,
clk_wander, clock, frequency, leap, mintc, offset, peer, precision, processor,
refid, reftime, rootdelay, rootdisp, stratum, sys_jitter, system, tc, version
References:
None
Vulnerability Solution:
•Disable NTP queries
Apply a restrict option to all hosts that are not authorized to perform NTP queries. For example, to deny query requests from all
clients, put the following in the NTP configuration file, typically /etc/ntp.conf, and restart the NTP service:
restrict default nomodify nopeer noquery notrap
•Cisco
Restrict NTP readvar queries
Apply an ACL that restricts NTP readvar queries from unauthorized clients, as described in the
'Configuring an NTP Access Group' section of the Cisco IOS documentation.
Page 99
Audit Report
Alternatively, if NTP is not required, disable it entirely by running the following command:
ntp disable
3.3.10. TLS/SSL Server Supports 3DES Cipher Suite (ssl-3des-ciphers)
Description:
Transport Layer Security (TLS) versions 1.0 (RFC 2246) and 1.1 (RFC 4346) include cipher suites based on the 3DES (Triple Data
Encryption Standard) algorithm. Since 3DES only provides an effective security of 112 bits, it is considered close to end of life by some
agencies. Consequently, the 3DES algorithm is not included in the specifications for TLS version 1.3. ECRYPT II (from 2012)
recommends for generic application independent long-term protection at least 128 bits security. The same recommendation has also
been reported by BSI Germany (from 2015) and ANSSI France (from 2014), 128 bit is the recommended symmetric size and should be
mandatory after 2020. While NIST (from 2012) still considers 3DES being appropriate to use until the end of 2030.
Affected Nodes:
Affected Nodes:
Additional Information:
10.220.251.119:22
Negotiated with the following insecure cipher suites: TLS 1.0 ciphers:
TLS_RSA_WITH_3DES_EDE_CBC_SHA
10.220.251.46:3389
Negotiated with the following insecure cipher suites: TLS 1.0 ciphers:
TLS_RSA_WITH_3DES_EDE_CBC_SHATLS 1.1 ciphers:
TLS_RSA_WITH_3DES_EDE_CBC_SHATLS 1.2 ciphers:
TLS_RSA_WITH_3DES_EDE_CBC_SHA
10.220.251.47:3389
Negotiated with the following insecure cipher suites: TLS 1.0 ciphers:
TLS_RSA_WITH_3DES_EDE_CBC_SHATLS 1.1 ciphers:
TLS_RSA_WITH_3DES_EDE_CBC_SHATLS 1.2 ciphers:
TLS_RSA_WITH_3DES_EDE_CBC_SHA
References:
Source
Reference
URL
http://www.nist.gov/manuscript-publication-search.cfm?pub_id=915295
URL
http://www.ecrypt.eu.org/ecrypt2/documents/D.SPA.20.pdf
URL
http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-52r1.pdf
URL
https://wiki.mozilla.org/Security/Server_Side_TLS
URL
https://www.owasp.org/index.php/Transport_Layer_Protection_Cheat_Sheet#Rule__Only_Support_Strong_Cryptographic_Ciphers
URL
http://support.microsoft.com/kb/245030/
Vulnerability Solution:
Page 100
Audit Report
Configure the server to disable support for 3DES suite.
For Microsoft IIS web servers, see Microsoft Knowledgebase article 245030 for instructions on disabling 3DES cipher suite.
The following recommended configuration provides a higher level of security. This configuration is compatible with Firefox 27, Chrome
22, IE 11, Opera 14 and Safari 7. SSLv2, SSLv3, and TLSv1 protocols are not recommended in this configuration. Instead, use
TLSv1.1 and TLSv1.2 protocols.
Refer to your server vendor documentation to apply the recommended cipher configuration:
ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSAAES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSAAES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK
3.3.11. TLS/SSL Server Does Not Support Any Strong Cipher Algorithms (ssl-only-weak-ciphers)
Description:
The server is not configured with support for any modern, secure ciphers and only supports ciphers known to be weak against attack.
Affected Nodes:
Affected Nodes:
Additional Information:
10.220.251.36:5000
Negotiated with the following insecure cipher suites: TLS 1.2 ciphers:
TLS_RSA_WITH_AES_128_CBC_SHA256
10.220.251.48:5000
Negotiated with the following insecure cipher suites: TLS 1.2 ciphers:
TLS_RSA_WITH_AES_128_CBC_SHA256
10.220.251.49:5000
Negotiated with the following insecure cipher suites: TLS 1.2 ciphers:
TLS_RSA_WITH_AES_128_CBC_SHA256
10.220.251.51:5000
Negotiated with the following insecure cipher suites: TLS 1.2 ciphers:
TLS_RSA_WITH_AES_128_CBC_SHA256
10.220.251.52:5000
Negotiated with the following insecure cipher suites: TLS 1.2 ciphers:
TLS_RSA_WITH_AES_128_CBC_SHA256
10.220.251.54:5000
Negotiated with the following insecure cipher suites: TLS 1.2 ciphers:
TLS_RSA_WITH_AES_128_CBC_SHA256
References:
Source
Reference
URL
http://www.nist.gov/manuscript-publication-search.cfm?pub_id=915295
URL
https://wiki.mozilla.org/Security/Server_Side_TLS
URL
https://www.owasp.org/index.php/Transport_Layer_Protection_Cheat_Sheet#Rule__Only_Support_Strong_Cryptographic_Ciphers
URL
http://support.microsoft.com/kb/245030/
Page 101
Audit Report
Vulnerability Solution:
Enable support for at least one of the ciphers listed below:
•TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
•TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
•TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
•TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
•TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
•TLS_DHE_DSS_WITH_AES_128_GCM_SHA256
•TLS_DHE_DSS_WITH_AES_256_GCM_SHA384
•TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
3.3.12. UPnP SSDP Traffic Amplification (upnp-ssdp-amplification)
Description:
A UPnP SSDP M-SEARCH request can be used to search a network for UPNP devices. An M-SEARCH response is roughly 30x the
size of the request and can be distributed across multiple responses from multiple hosts, and because it utilizes UDP, this can be used
to conduct traffic amplification attacks against other assets, typically in the form of distributed reflected denial of service (DRDoS)
attacks.
Affected Nodes:
Affected Nodes:
Additional Information:
10.220.251.64:1900
Running UPnP-HTTPU service
10.220.251.65:1900
Running UPnP-HTTPU service
References:
Source
Reference
CERT
TA14-017A
Vulnerability Solution:
Restrict access to the UPnP service to only trusted assets.
Page 102
Audit Report
4. Discovered Services
4.1. <unknown>
4.1.1. Discovered Instances of this Service
Device
Protocol
Port
Vulnerabilities
Additional Information
10.220.251.25
tcp
2200
0
•sslv3: false
•tlsv1_0: false
•tlsv1_1: false
•tlsv1_2: false
10.220.251.26
tcp
2200
0
•sslv3: false
•tlsv1_0: false
•tlsv1_1: false
•tlsv1_2: false
10.220.251.28
tcp
2200
0
•sslv3: false
•tlsv1_0: false
•tlsv1_1: false
•tlsv1_2: false
10.220.251.29
tcp
2200
0
•sslv3: false
•tlsv1_0: false
•tlsv1_1: false
•tlsv1_2: false
10.220.251.31
tcp
2200
0
•sslv3: false
•tlsv1_0: false
•tlsv1_1: false
•tlsv1_2: false
10.220.251.32
tcp
2200
0
•sslv3: false
•tlsv1_0: false
•tlsv1_1: false
•tlsv1_2: false
10.220.251.46
tcp
9101
0
•sslv3: false
•tlsv1_0: false
•tlsv1_1: false
•tlsv1_2: false
10.220.251.47
tcp
9101
0
•sslv3: false
•tlsv1_0: false
Page 103
Audit Report
Device
Protocol
Port
Vulnerabilities
Additional Information
•tlsv1_1: false
•tlsv1_2: false
10.220.251.82
tcp
2200
0
•sslv3: false
•tlsv1_0: false
•tlsv1_1: false
•tlsv1_2: false
10.220.251.84
tcp
2200
0
•sslv3: false
•tlsv1_0: false
•tlsv1_1: false
•tlsv1_2: false
4.2. ASF-RMCP
4.2.1. Discovered Instances of this Service
Device
Protocol
Port
Vulnerabilities
Additional Information
10.220.251.64
udp
623
3
•ipmi_channel: 1
•ipmi_channel_reserved: 0
•ipmi_checksum: 32
•ipmi_command: 56
•ipmi_compat_20: 1
•ipmi_compat_md2: 0
•ipmi_compat_md5: 0
•ipmi_compat_none: 0
•ipmi_compat_oem_auth: 0
•ipmi_compat_password: 0
•ipmi_compat_reserved1: 0
•ipmi_compat_reserved2: 0
•ipmi_completion_code: 0
•ipmi_conn_15: 1
•ipmi_conn_20: 1
•ipmi_conn_reserved1: 0
•ipmi_header_checksum: 99
•ipmi_netfn: 7
•ipmi_oem_data: 0
•ipmi_oem_id: 0
•ipmi_sequence: 0
•ipmi_src_address: 32
•ipmi_src_lun: 0
Page 104
Audit Report
Device
Protocol
Port
Vulnerabilities
Additional Information
•ipmi_tgt_address: 129
•ipmi_tgt_lun: 0
•ipmi_user_anonymous: 0
•ipmi_user_disable_message_auth: 0
•ipmi_user_disable_user_auth: 0
•ipmi_user_kg: 0
•ipmi_user_non_null: 1
•ipmi_user_null: 0
•ipmi_user_reserved1: 0
10.220.251.65
udp
623
3
•ipmi_channel: 1
•ipmi_channel_reserved: 0
•ipmi_checksum: 32
•ipmi_command: 56
•ipmi_compat_20: 1
•ipmi_compat_md2: 0
•ipmi_compat_md5: 0
•ipmi_compat_none: 0
•ipmi_compat_oem_auth: 0
•ipmi_compat_password: 0
•ipmi_compat_reserved1: 0
•ipmi_compat_reserved2: 0
•ipmi_completion_code: 0
•ipmi_conn_15: 1
•ipmi_conn_20: 1
•ipmi_conn_reserved1: 0
•ipmi_header_checksum: 99
•ipmi_netfn: 7
•ipmi_oem_data: 0
•ipmi_oem_id: 0
•ipmi_sequence: 0
•ipmi_src_address: 32
•ipmi_src_lun: 0
•ipmi_tgt_address: 129
•ipmi_tgt_lun: 0
•ipmi_user_anonymous: 0
•ipmi_user_disable_message_auth: 0
•ipmi_user_disable_user_auth: 0
•ipmi_user_kg: 0
•ipmi_user_non_null: 1
Page 105
Audit Report
Device
Protocol
Port
Vulnerabilities
Additional Information
•ipmi_user_null: 0
•ipmi_user_reserved1: 0
4.3. CIFS
CIFS, the Common Internet File System, was defined by Microsoft to provide file sharing services over the Internet. CIFS extends the
Server Message Block (SMB) protocol designed by IBM and enhanced by Intel and Microsoft. CIFS provides mechanisms for sharing
resources (files, printers, etc.) and executing remote procedure calls over named pipes.
4.3.1. Discovered Instances of this Service
Device
Protocol
Port
Vulnerabilities
Additional Information
10.220.251.119
tcp
139
2
•Windows Server 2008 R2 Standard
6.1
•domain: WIN-MDJKT3PE7IL
•password-mode: encrypt
•security-mode: user
•smb-signing: disabled
•smb1-enabled: true
10.220.251.119
tcp
445
2
•Windows Server 2008 R2 Standard
6.1
•domain: WIN-MDJKT3PE7IL
•password-mode: encrypt
•security-mode: user
•smb-signing: disabled
•smb1-enabled: true
•smb2-enabled: true
•smb2-signing: enabled
10.220.251.46
tcp
139
0
10.220.251.46
tcp
445
0
•smb2-enabled: true
•smb2-signing: required
4.4. CIFS Name Service
CIFS, the Common Internet File System, was defined by Microsoft to provide file sharing services over the Internet. CIFS extends the
Server Message Block (SMB) protocol designed by IBM and enhanced by Intel and Microsoft. CIFS provides mechanisms for sharing
resources (files, printers, etc.) and executing remote procedure calls over named pipes. This service is used to handle CIFS browsing
(name) requests. Responses contain the names and types of services that can be accessed via CIFS named pipes.
4.4.1. Discovered Instances of this Service
Device
Protocol
Port
Vulnerabilities
Additional Information
10.220.251.119
udp
137
1
•advertised-name-1: WIN-
Page 106
Audit Report
Device
Protocol
Port
Vulnerabilities
Additional Information
MDJKT3PE7IL (Computer Name)
•advertised-name-2: WORKGROUP
(Domain Name)
•advertised-name-3: WINMDJKT3PE7IL (File Server Service)
•advertised-name-count: 3
•mac-address: FA163E547913
10.220.251.46
udp
137
1
•advertised-name-1: MFS-LHRBACKUP (Computer Name)
•advertised-name-2: MOBILINK
(Domain Name)
•advertised-name-3: MFS-LHRBACKUP (File Server Service)
•advertised-name-count: 3
•mac-address: E0CC7A81A6B7
4.5. DCE Endpoint Resolution
The DCE Endpoint Resolution service, aka Endpoint Mapper, is used on Microsoft Windows systems by Remote Procedure Call (RPC)
clients to determine the appropriate port number to connect to for a particular RPC service. This is similar to the portmapper service
used on Unix systems.
4.5.1. Discovered Instances of this Service
Device
Protocol
Port
Vulnerabilities
Additional Information
10.220.251.119
tcp
135
0
10.220.251.46
tcp
135
0
Device
Protocol
Port
Vulnerabilities
Additional Information
10.220.251.119
tcp
1025
0
•interface-uuid: D95AFE70-A6D5-
4.6. DCE RPC
4.6.1. Discovered Instances of this Service
4259-822E-2C84DA1DDB0D
•interface-version: 1
•name: D95AFE70-A6D5-4259-822E2C84DA1DDB0D
•object-interface-uuid: 765294BA60BC-48B8-92E9-89FD77769D91
•port.discovered.from: tcp/135
•protocol-sequence:
Page 107
Audit Report
Device
Protocol
Port
Vulnerabilities
Additional Information
ncacn_ip_tcp:10.220.251.119[1025]
10.220.251.119
tcp
1026
0
•interface-uuid: 3C4728C5-F0AB448B-BDA1-6CE01EB0A6D5
•interface-version: 1
•name: DHCP Client LRPC Endpoint
•port.discovered.from: tcp/135
•protocol-sequence:
ncacn_ip_tcp:10.220.251.119[1026]
10.220.251.119
tcp
1027
0
•interface-uuid: 8C7DAF44-B6DC11D1-9A4C-0020AF6E7C57
•interface-version: 1
•name: 8C7DAF44-B6DC-11D1-9A4C0020AF6E7C57
•object-interface-uuid: 8C7DAF44B6DC-11D1-9A4C-0020AF6E7C57
•port.discovered.from: tcp/135
•protocol-sequence:
ncacn_ip_tcp:10.220.251.119[1027]
10.220.251.119
tcp
1028
0
•interface-uuid: 367ABB81-9844-35F1AD32-98F038001003
•interface-version: 2
•name: 367ABB81-9844-35F1-AD3298F038001003
•port.discovered.from: tcp/135
•protocol-sequence:
ncacn_ip_tcp:10.220.251.119[1028]
10.220.251.119
tcp
1029
0
•interface-uuid: 12345678-1234-ABCDEF00-0123456789AB
•interface-version: 1
•name: IPSec Policy agent endpoint
•port.discovered.from: tcp/135
•protocol-sequence:
ncacn_ip_tcp:10.220.251.119[1029]
10.220.251.119
tcp
1030
0
•interface-uuid: 12345778-1234-ABCDEF00-0123456789AC
•interface-version: 1
•name: 12345778-1234-ABCD-EF000123456789AC
Page 108
Audit Report
Device
Protocol
Port
Vulnerabilities
Additional Information
•port.discovered.from: tcp/135
•protocol-sequence:
ncacn_ip_tcp:10.220.251.119[1030]
10.220.251.46
tcp
49664
0
•interface-uuid: D95AFE70-A6D54259-822E-2C84DA1DDB0D
•interface-version: 1
•name: D95AFE70-A6D5-4259-822E2C84DA1DDB0D
•object-interface-uuid: 765294BA60BC-48B8-92E9-89FD77769D91
•port.discovered.from: tcp/135
•protocol-sequence:
ncacn_ip_tcp:10.220.251.46[49664]
10.220.251.46
tcp
49665
0
•interface-uuid: 30ADC50C-5CBC46CE-9A0E-91914789E23C
•interface-version: 1
•name: NRP server endpoint
•port.discovered.from: tcp/135
•protocol-sequence:
ncacn_ip_tcp:10.220.251.46[49665]
10.220.251.46
tcp
49666
0
•interface-uuid: D09BDEB5-61714A34-BFE2-06FA82652568
•interface-version: 1
•name: D09BDEB5-6171-4A34-BFE206FA82652568
•object-interface-uuid: 582A47B2BCD8-4D3C-8ACB-FE09D5BD6EEC
•port.discovered.from: tcp/135
•protocol-sequence:
ncacn_ip_tcp:10.220.251.46[49666]
10.220.251.46
tcp
49667
0
•interface-uuid: 12345778-1234-ABCDEF00-0123456789AC
•interface-version: 1
•name: 12345778-1234-ABCD-EF000123456789AC
•port.discovered.from: tcp/135
•protocol-sequence:
ncacn_ip_tcp:10.220.251.46[49667]
Page 109
Audit Report
Device
Protocol
Port
Vulnerabilities
Additional Information
10.220.251.46
tcp
49668
0
•interface-uuid: 76F03F96-CDFD44FC-A22C-64950A001209
•interface-version: 1
•name: 76F03F96-CDFD-44FC-A22C64950A001209
•port.discovered.from: tcp/135
•protocol-sequence:
ncacn_ip_tcp:10.220.251.46[49668]
10.220.251.46
tcp
49686
0
•interface-uuid: 6B5BDD1E-528C422C-AF8C-A4079BE4FE48
•interface-version: 1
•name: Remote Fw APIs
•port.discovered.from: tcp/135
•protocol-sequence:
ncacn_ip_tcp:10.220.251.46[49686]
10.220.251.46
tcp
49724
0
•interface-uuid: 367ABB81-9844-35F1AD32-98F038001003
•interface-version: 2
•name: 367ABB81-9844-35F1-AD3298F038001003
•port.discovered.from: tcp/135
•protocol-sequence:
ncacn_ip_tcp:10.220.251.46[49724]
10.220.251.46
tcp
49751
0
•interface-uuid: 12345778-1234-ABCDEF00-0123456789AC
•interface-version: 1
•name: 12345778-1234-ABCD-EF000123456789AC
•port.discovered.from: tcp/135
•protocol-sequence:
ncacn_ip_tcp:10.220.251.46[49751]
4.7. HTTP
HTTP, the HyperText Transfer Protocol, is used to exchange multimedia content on the World Wide Web. The multimedia files
commonly used with HTTP include text, sound, images and video.
4.7.1. General Security Issues
Simple authentication scheme
Page 110
Audit Report
Many HTTP servers use BASIC as their primary mechanism for user authentication. This is a very simple scheme that uses base 64 to
encode the cleartext user id and password. If a malicious user is in a position to monitor HTTP traffic, user ids and passwords can be
stolen by decoding the base 64 authentication data. To secure the authentication process, use HTTPS (HTTP over TLS/SSL)
connections to transmit the authentication data.
4.7.2. Discovered Instances of this Service
Device
Protocol
Port
Vulnerabilities
10.220.251.24
tcp
80
0
10.220.251.25
tcp
80
0
10.220.251.26
tcp
80
0
10.220.251.27
tcp
80
0
10.220.251.28
tcp
80
0
10.220.251.29
tcp
80
0
10.220.251.30
tcp
80
0
10.220.251.31
tcp
80
0
10.220.251.32
tcp
80
0
10.220.251.46
tcp
80
1
Additional Information
•Commvault WebServer
•http.banner: Commvault WebServer
•http.banner.server: Commvault
WebServer
10.220.251.46
tcp
81
3
•Microsoft IIS 10.0
•.NET CLR:
•ASP.NET:
•http.banner: Microsoft-IIS/10.0
•http.banner.server: Microsoft-IIS/10.0
•http.banner.x-powered-by: ASP.NET
•verbs-1: GET
•verbs-2: HEAD
•verbs-3: OPTIONS
•verbs-4: POST
•verbs-5: TRACE
•verbs-count: 5
10.220.251.46
tcp
82
3
•Microsoft IIS 10.0
•.NET CLR:
•ASP.NET:
•http.banner: Microsoft-IIS/10.0
•http.banner.server: Microsoft-IIS/10.0
•http.banner.x-powered-by: ASP.NET
Page 111
Audit Report
Device
Protocol
Port
Vulnerabilities
Additional Information
•verbs-1: GET
•verbs-2: HEAD
•verbs-3: OPTIONS
•verbs-4: POST
•verbs-5: TRACE
•verbs-count: 5
10.220.251.64
tcp
80
0
10.220.251.65
tcp
80
0
10.220.251.82
tcp
80
0
10.220.251.83
tcp
80
0
10.220.251.84
tcp
80
0
4.8. HTTPS
HTTPS, the HyperText Transfer Protocol over TLS/SSL, is used to exchange multimedia content on the World Wide Web using
encrypted (TLS/SSL) connections. Once the TLS/SSL connection is established, the standard HTTP protocol is used. The multimedia
files commonly used with HTTP include text, sound, images and video.
4.8.1. Discovered Instances of this Service
Device
Protocol
Port
Vulnerabilities
Additional Information
10.220.251.24
tcp
443
4
•jQuery: 3.2.1
•ssl: true
•ssl.cert.chainerror: [Path does not
chain with any of the trust anchors]
•ssl.cert.issuer.dn:
EMAILADDRESS=support_e@huawei
.com, CN=Huawei, OU=IT, O=Huawei,
ST=Guangdong, C=CN
•ssl.cert.key.alg.name: EC
•ssl.cert.not.valid.after: Mon, 22 May
2028 06:41:18 PKT
•ssl.cert.not.valid.before: Fri, 25 May
2018 06:41:18 PKT
•ssl.cert.selfsigned: false
•ssl.cert.serial.number:
13542711516911359001
•ssl.cert.sha1.fingerprint:
5ba1dceda72608eccca41b1f421f400e
46d595c3
•ssl.cert.sig.alg.name:
Page 112
Audit Report
Device
Protocol
Port
Vulnerabilities
Additional Information
SHA256withECDSA
•ssl.cert.subject.dn:
EMAILADDRESS=support_e@huawei
.com, CN=Huawei, OU=IT, O=Huawei,
L=Shenzhen, ST=Guangdong, C=CN
•ssl.cert.validchain: false
•ssl.cert.version: 1
•ssl.protocols: tlsv1_1,tlsv1_2
•sslv2: false
•sslv3: false
•tlsv1_0: false
•tlsv1_1: true
•tlsv1_1.ciphers:
TLS_ECDHE_ECDSA_WITH_AES_2
56_CBC_SHA,TLS_ECDH_ECDSA_
WITH_AES_256_CBC_SHA,TLS_EC
DHE_ECDSA_WITH_AES_128_CBC
_SHA,TLS_ECDH_ECDSA_WITH_AE
S_128_CBC_SHA
•tlsv1_1.extensions:
RENEGOTIATION_INFO,EC_POINT_
FORMATS
•tlsv1_2: true
•tlsv1_2.ciphers:
TLS_ECDHE_ECDSA_WITH_AES_2
56_GCM_SHA384,TLS_ECDHE_ECD
SA_WITH_AES_256_CBC_SHA384,T
LS_ECDHE_ECDSA_WITH_AES_256
_CBC_SHA,TLS_ECDH_ECDSA_WIT
H_AES_256_GCM_SHA384,TLS_EC
DH_ECDSA_WITH_AES_256_CBC_
SHA384,TLS_ECDH_ECDSA_WITH_
AES_256_CBC_SHA,TLS_ECDHE_E
CDSA_WITH_AES_128_GCM_SHA2
56,TLS_ECDHE_ECDSA_WITH_AES
_128_CBC_SHA256,TLS_ECDHE_E
CDSA_WITH_AES_128_CBC_SHA,T
LS_ECDH_ECDSA_WITH_AES_128_
GCM_SHA256,TLS_ECDH_ECDSA_
WITH_AES_128_CBC_SHA256,TLS_
Page 113
Audit Report
Device
Protocol
Port
Vulnerabilities
Additional Information
ECDH_ECDSA_WITH_AES_128_CB
C_SHA
•tlsv1_2.extensions:
RENEGOTIATION_INFO,EC_POINT_
FORMATS
10.220.251.25
tcp
443
4
•jQuery: 3.2.1
•ssl: true
•ssl.cert.chainerror: [Path does not
chain with any of the trust anchors]
•ssl.cert.issuer.dn:
EMAILADDRESS=support_e@huawei
.com, CN=Huawei, OU=IT, O=Huawei,
ST=Guangdong, C=CN
•ssl.cert.key.alg.name: EC
•ssl.cert.not.valid.after: Mon, 22 May
2028 06:41:18 PKT
•ssl.cert.not.valid.before: Fri, 25 May
2018 06:41:18 PKT
•ssl.cert.selfsigned: false
•ssl.cert.serial.number:
13542711516911359001
•ssl.cert.sha1.fingerprint:
5ba1dceda72608eccca41b1f421f400e
46d595c3
•ssl.cert.sig.alg.name:
SHA256withECDSA
•ssl.cert.subject.dn:
EMAILADDRESS=support_e@huawei
.com, CN=Huawei, OU=IT, O=Huawei,
L=Shenzhen, ST=Guangdong, C=CN
•ssl.cert.validchain: false
•ssl.cert.version: 1
•ssl.protocols: tlsv1_1,tlsv1_2
•sslv2: false
•sslv3: false
•tlsv1_0: false
•tlsv1_1: true
•tlsv1_1.ciphers:
TLS_ECDHE_ECDSA_WITH_AES_2
Page 114
Audit Report
Device
Protocol
Port
Vulnerabilities
Additional Information
56_CBC_SHA,TLS_ECDH_ECDSA_
WITH_AES_256_CBC_SHA,TLS_EC
DHE_ECDSA_WITH_AES_128_CBC
_SHA,TLS_ECDH_ECDSA_WITH_AE
S_128_CBC_SHA
•tlsv1_1.extensions:
RENEGOTIATION_INFO,EC_POINT_
FORMATS
•tlsv1_2: true
•tlsv1_2.ciphers:
TLS_ECDHE_ECDSA_WITH_AES_2
56_GCM_SHA384,TLS_ECDHE_ECD
SA_WITH_AES_256_CBC_SHA384,T
LS_ECDHE_ECDSA_WITH_AES_256
_CBC_SHA,TLS_ECDH_ECDSA_WIT
H_AES_256_GCM_SHA384,TLS_EC
DH_ECDSA_WITH_AES_256_CBC_
SHA384,TLS_ECDH_ECDSA_WITH_
AES_256_CBC_SHA,TLS_ECDHE_E
CDSA_WITH_AES_128_GCM_SHA2
56,TLS_ECDHE_ECDSA_WITH_AES
_128_CBC_SHA256,TLS_ECDHE_E
CDSA_WITH_AES_128_CBC_SHA,T
LS_ECDH_ECDSA_WITH_AES_128_
GCM_SHA256,TLS_ECDH_ECDSA_
WITH_AES_128_CBC_SHA256,TLS_
ECDH_ECDSA_WITH_AES_128_CB
C_SHA
•tlsv1_2.extensions:
RENEGOTIATION_INFO,EC_POINT_
FORMATS
10.220.251.26
tcp
443
4
•jQuery: 3.2.1
•ssl: true
•ssl.cert.chainerror: [Path does not
chain with any of the trust anchors]
•ssl.cert.issuer.dn:
EMAILADDRESS=support_e@huawei
.com, CN=Huawei, OU=IT, O=Huawei,
ST=Guangdong, C=CN
Page 115
Audit Report
Device
Protocol
Port
Vulnerabilities
Additional Information
•ssl.cert.key.alg.name: EC
•ssl.cert.not.valid.after: Mon, 22 May
2028 06:41:18 PKT
•ssl.cert.not.valid.before: Fri, 25 May
2018 06:41:18 PKT
•ssl.cert.selfsigned: false
•ssl.cert.serial.number:
13542711516911359001
•ssl.cert.sha1.fingerprint:
5ba1dceda72608eccca41b1f421f400e
46d595c3
•ssl.cert.sig.alg.name:
SHA256withECDSA
•ssl.cert.subject.dn:
EMAILADDRESS=support_e@huawei
.com, CN=Huawei, OU=IT, O=Huawei,
L=Shenzhen, ST=Guangdong, C=CN
•ssl.cert.validchain: false
•ssl.cert.version: 1
•ssl.protocols: tlsv1_1,tlsv1_2
•sslv2: false
•sslv3: false
•tlsv1_0: false
•tlsv1_1: true
•tlsv1_1.ciphers:
TLS_ECDHE_ECDSA_WITH_AES_2
56_CBC_SHA,TLS_ECDH_ECDSA_
WITH_AES_256_CBC_SHA,TLS_EC
DHE_ECDSA_WITH_AES_128_CBC
_SHA,TLS_ECDH_ECDSA_WITH_AE
S_128_CBC_SHA
•tlsv1_1.extensions:
RENEGOTIATION_INFO,EC_POINT_
FORMATS
•tlsv1_2: true
•tlsv1_2.ciphers:
TLS_ECDHE_ECDSA_WITH_AES_2
56_GCM_SHA384,TLS_ECDHE_ECD
SA_WITH_AES_256_CBC_SHA384,T
LS_ECDHE_ECDSA_WITH_AES_256
Page 116
Audit Report
Device
Protocol
Port
Vulnerabilities
Additional Information
_CBC_SHA,TLS_ECDH_ECDSA_WIT
H_AES_256_GCM_SHA384,TLS_EC
DH_ECDSA_WITH_AES_256_CBC_
SHA384,TLS_ECDH_ECDSA_WITH_
AES_256_CBC_SHA,TLS_ECDHE_E
CDSA_WITH_AES_128_GCM_SHA2
56,TLS_ECDHE_ECDSA_WITH_AES
_128_CBC_SHA256,TLS_ECDHE_E
CDSA_WITH_AES_128_CBC_SHA,T
LS_ECDH_ECDSA_WITH_AES_128_
GCM_SHA256,TLS_ECDH_ECDSA_
WITH_AES_128_CBC_SHA256,TLS_
ECDH_ECDSA_WITH_AES_128_CB
C_SHA
•tlsv1_2.extensions:
RENEGOTIATION_INFO,EC_POINT_
FORMATS
10.220.251.27
tcp
443
4
•jQuery: 3.2.1
•ssl: true
•ssl.cert.chainerror: [Path does not
chain with any of the trust anchors]
•ssl.cert.issuer.dn:
EMAILADDRESS=support_e@huawei
.com, CN=Huawei, OU=IT, O=Huawei,
ST=Guangdong, C=CN
•ssl.cert.key.alg.name: EC
•ssl.cert.not.valid.after: Mon, 22 May
2028 06:41:18 PKT
•ssl.cert.not.valid.before: Fri, 25 May
2018 06:41:18 PKT
•ssl.cert.selfsigned: false
•ssl.cert.serial.number:
13542711516911359001
•ssl.cert.sha1.fingerprint:
5ba1dceda72608eccca41b1f421f400e
46d595c3
•ssl.cert.sig.alg.name:
SHA256withECDSA
•ssl.cert.subject.dn:
Page 117
Audit Report
Device
Protocol
Port
Vulnerabilities
Additional Information
EMAILADDRESS=support_e@huawei
.com, CN=Huawei, OU=IT, O=Huawei,
L=Shenzhen, ST=Guangdong, C=CN
•ssl.cert.validchain: false
•ssl.cert.version: 1
•ssl.protocols: tlsv1_1,tlsv1_2
•sslv2: false
•sslv3: false
•tlsv1_0: false
•tlsv1_1: true
•tlsv1_1.ciphers:
TLS_ECDHE_ECDSA_WITH_AES_2
56_CBC_SHA,TLS_ECDH_ECDSA_
WITH_AES_256_CBC_SHA,TLS_EC
DHE_ECDSA_WITH_AES_128_CBC
_SHA,TLS_ECDH_ECDSA_WITH_AE
S_128_CBC_SHA
•tlsv1_1.extensions:
RENEGOTIATION_INFO,EC_POINT_
FORMATS
•tlsv1_2: true
•tlsv1_2.ciphers:
TLS_ECDHE_ECDSA_WITH_AES_2
56_GCM_SHA384,TLS_ECDHE_ECD
SA_WITH_AES_256_CBC_SHA384,T
LS_ECDHE_ECDSA_WITH_AES_256
_CBC_SHA,TLS_ECDH_ECDSA_WIT
H_AES_256_GCM_SHA384,TLS_EC
DH_ECDSA_WITH_AES_256_CBC_
SHA384,TLS_ECDH_ECDSA_WITH_
AES_256_CBC_SHA,TLS_ECDHE_E
CDSA_WITH_AES_128_GCM_SHA2
56,TLS_ECDHE_ECDSA_WITH_AES
_128_CBC_SHA256,TLS_ECDHE_E
CDSA_WITH_AES_128_CBC_SHA,T
LS_ECDH_ECDSA_WITH_AES_128_
GCM_SHA256,TLS_ECDH_ECDSA_
WITH_AES_128_CBC_SHA256,TLS_
ECDH_ECDSA_WITH_AES_128_CB
C_SHA
Page 118
Audit Report
Device
Protocol
Port
Vulnerabilities
Additional Information
•tlsv1_2.extensions:
RENEGOTIATION_INFO,EC_POINT_
FORMATS
10.220.251.28
tcp
443
4
•jQuery: 3.2.1
•ssl: true
•ssl.cert.chainerror: [Path does not
chain with any of the trust anchors]
•ssl.cert.issuer.dn:
EMAILADDRESS=support_e@huawei
.com, CN=Huawei, OU=IT, O=Huawei,
ST=Guangdong, C=CN
•ssl.cert.key.alg.name: EC
•ssl.cert.not.valid.after: Mon, 22 May
2028 06:41:18 PKT
•ssl.cert.not.valid.before: Fri, 25 May
2018 06:41:18 PKT
•ssl.cert.selfsigned: false
•ssl.cert.serial.number:
13542711516911359001
•ssl.cert.sha1.fingerprint:
5ba1dceda72608eccca41b1f421f400e
46d595c3
•ssl.cert.sig.alg.name:
SHA256withECDSA
•ssl.cert.subject.dn:
EMAILADDRESS=support_e@huawei
.com, CN=Huawei, OU=IT, O=Huawei,
L=Shenzhen, ST=Guangdong, C=CN
•ssl.cert.validchain: false
•ssl.cert.version: 1
•ssl.protocols: tlsv1_1,tlsv1_2
•sslv2: false
•sslv3: false
•tlsv1_0: false
•tlsv1_1: true
•tlsv1_1.ciphers:
TLS_ECDHE_ECDSA_WITH_AES_2
56_CBC_SHA,TLS_ECDH_ECDSA_
WITH_AES_256_CBC_SHA,TLS_EC
Page 119
Audit Report
Device
Protocol
Port
Vulnerabilities
Additional Information
DHE_ECDSA_WITH_AES_128_CBC
_SHA,TLS_ECDH_ECDSA_WITH_AE
S_128_CBC_SHA
•tlsv1_1.extensions:
RENEGOTIATION_INFO,EC_POINT_
FORMATS
•tlsv1_2: true
•tlsv1_2.ciphers:
TLS_ECDHE_ECDSA_WITH_AES_2
56_GCM_SHA384,TLS_ECDHE_ECD
SA_WITH_AES_256_CBC_SHA384,T
LS_ECDHE_ECDSA_WITH_AES_256
_CBC_SHA,TLS_ECDH_ECDSA_WIT
H_AES_256_GCM_SHA384,TLS_EC
DH_ECDSA_WITH_AES_256_CBC_
SHA384,TLS_ECDH_ECDSA_WITH_
AES_256_CBC_SHA,TLS_ECDHE_E
CDSA_WITH_AES_128_GCM_SHA2
56,TLS_ECDHE_ECDSA_WITH_AES
_128_CBC_SHA256,TLS_ECDHE_E
CDSA_WITH_AES_128_CBC_SHA,T
LS_ECDH_ECDSA_WITH_AES_128_
GCM_SHA256,TLS_ECDH_ECDSA_
WITH_AES_128_CBC_SHA256,TLS_
ECDH_ECDSA_WITH_AES_128_CB
C_SHA
•tlsv1_2.extensions:
RENEGOTIATION_INFO,EC_POINT_
FORMATS
10.220.251.29
tcp
443
4
•jQuery: 3.2.1
•ssl: true
•ssl.cert.chainerror: [Path does not
chain with any of the trust anchors]
•ssl.cert.issuer.dn:
EMAILADDRESS=support_e@huawei
.com, CN=Huawei, OU=IT, O=Huawei,
ST=Guangdong, C=CN
•ssl.cert.key.alg.name: EC
•ssl.cert.not.valid.after: Mon, 22 May
Page 120
Audit Report
Device
Protocol
Port
Vulnerabilities
Additional Information
2028 06:41:18 PKT
•ssl.cert.not.valid.before: Fri, 25 May
2018 06:41:18 PKT
•ssl.cert.selfsigned: false
•ssl.cert.serial.number:
13542711516911359001
•ssl.cert.sha1.fingerprint:
5ba1dceda72608eccca41b1f421f400e
46d595c3
•ssl.cert.sig.alg.name:
SHA256withECDSA
•ssl.cert.subject.dn:
EMAILADDRESS=support_e@huawei
.com, CN=Huawei, OU=IT, O=Huawei,
L=Shenzhen, ST=Guangdong, C=CN
•ssl.cert.validchain: false
•ssl.cert.version: 1
•ssl.protocols: tlsv1_1,tlsv1_2
•sslv2: false
•sslv3: false
•tlsv1_0: false
•tlsv1_1: true
•tlsv1_1.ciphers:
TLS_ECDHE_ECDSA_WITH_AES_2
56_CBC_SHA,TLS_ECDH_ECDSA_
WITH_AES_256_CBC_SHA,TLS_EC
DHE_ECDSA_WITH_AES_128_CBC
_SHA,TLS_ECDH_ECDSA_WITH_AE
S_128_CBC_SHA
•tlsv1_1.extensions:
RENEGOTIATION_INFO,EC_POINT_
FORMATS
•tlsv1_2: true
•tlsv1_2.ciphers:
TLS_ECDHE_ECDSA_WITH_AES_2
56_GCM_SHA384,TLS_ECDHE_ECD
SA_WITH_AES_256_CBC_SHA384,T
LS_ECDHE_ECDSA_WITH_AES_256
_CBC_SHA,TLS_ECDH_ECDSA_WIT
H_AES_256_GCM_SHA384,TLS_EC
Page 121
Audit Report
Device
Protocol
Port
Vulnerabilities
Additional Information
DH_ECDSA_WITH_AES_256_CBC_
SHA384,TLS_ECDH_ECDSA_WITH_
AES_256_CBC_SHA,TLS_ECDHE_E
CDSA_WITH_AES_128_GCM_SHA2
56,TLS_ECDHE_ECDSA_WITH_AES
_128_CBC_SHA256,TLS_ECDHE_E
CDSA_WITH_AES_128_CBC_SHA,T
LS_ECDH_ECDSA_WITH_AES_128_
GCM_SHA256,TLS_ECDH_ECDSA_
WITH_AES_128_CBC_SHA256,TLS_
ECDH_ECDSA_WITH_AES_128_CB
C_SHA
•tlsv1_2.extensions:
RENEGOTIATION_INFO,EC_POINT_
FORMATS
10.220.251.30
tcp
443
4
•jQuery: 3.2.1
•ssl: true
•ssl.cert.chainerror: [Path does not
chain with any of the trust anchors]
•ssl.cert.issuer.dn:
EMAILADDRESS=support_e@huawei
.com, CN=Huawei, OU=IT, O=Huawei,
ST=Guangdong, C=CN
•ssl.cert.key.alg.name: EC
•ssl.cert.not.valid.after: Mon, 22 May
2028 06:41:18 PKT
•ssl.cert.not.valid.before: Fri, 25 May
2018 06:41:18 PKT
•ssl.cert.selfsigned: false
•ssl.cert.serial.number:
13542711516911359001
•ssl.cert.sha1.fingerprint:
5ba1dceda72608eccca41b1f421f400e
46d595c3
•ssl.cert.sig.alg.name:
SHA256withECDSA
•ssl.cert.subject.dn:
EMAILADDRESS=support_e@huawei
.com, CN=Huawei, OU=IT, O=Huawei,
Page 122
Audit Report
Device
Protocol
Port
Vulnerabilities
Additional Information
L=Shenzhen, ST=Guangdong, C=CN
•ssl.cert.validchain: false
•ssl.cert.version: 1
•ssl.protocols: tlsv1_1,tlsv1_2
•sslv2: false
•sslv3: false
•tlsv1_0: false
•tlsv1_1: true
•tlsv1_1.ciphers:
TLS_ECDHE_ECDSA_WITH_AES_2
56_CBC_SHA,TLS_ECDH_ECDSA_
WITH_AES_256_CBC_SHA,TLS_EC
DHE_ECDSA_WITH_AES_128_CBC
_SHA,TLS_ECDH_ECDSA_WITH_AE
S_128_CBC_SHA
•tlsv1_1.extensions:
RENEGOTIATION_INFO,EC_POINT_
FORMATS
•tlsv1_2: true
•tlsv1_2.ciphers:
TLS_ECDHE_ECDSA_WITH_AES_2
56_GCM_SHA384,TLS_ECDHE_ECD
SA_WITH_AES_256_CBC_SHA384,T
LS_ECDHE_ECDSA_WITH_AES_256
_CBC_SHA,TLS_ECDH_ECDSA_WIT
H_AES_256_GCM_SHA384,TLS_EC
DH_ECDSA_WITH_AES_256_CBC_
SHA384,TLS_ECDH_ECDSA_WITH_
AES_256_CBC_SHA,TLS_ECDHE_E
CDSA_WITH_AES_128_GCM_SHA2
56,TLS_ECDHE_ECDSA_WITH_AES
_128_CBC_SHA256,TLS_ECDHE_E
CDSA_WITH_AES_128_CBC_SHA,T
LS_ECDH_ECDSA_WITH_AES_128_
GCM_SHA256,TLS_ECDH_ECDSA_
WITH_AES_128_CBC_SHA256,TLS_
ECDH_ECDSA_WITH_AES_128_CB
C_SHA
•tlsv1_2.extensions:
RENEGOTIATION_INFO,EC_POINT_
Page 123
Audit Report
Device
Protocol
Port
Vulnerabilities
Additional Information
FORMATS
10.220.251.31
tcp
443
4
•jQuery: 3.2.1
•ssl: true
•ssl.cert.chainerror: [Path does not
chain with any of the trust anchors]
•ssl.cert.issuer.dn:
EMAILADDRESS=support_e@huawei
.com, CN=Huawei, OU=IT, O=Huawei,
ST=Guangdong, C=CN
•ssl.cert.key.alg.name: EC
•ssl.cert.not.valid.after: Mon, 22 May
2028 06:41:18 PKT
•ssl.cert.not.valid.before: Fri, 25 May
2018 06:41:18 PKT
•ssl.cert.selfsigned: false
•ssl.cert.serial.number:
13542711516911359001
•ssl.cert.sha1.fingerprint:
5ba1dceda72608eccca41b1f421f400e
46d595c3
•ssl.cert.sig.alg.name:
SHA256withECDSA
•ssl.cert.subject.dn:
EMAILADDRESS=support_e@huawei
.com, CN=Huawei, OU=IT, O=Huawei,
L=Shenzhen, ST=Guangdong, C=CN
•ssl.cert.validchain: false
•ssl.cert.version: 1
•ssl.protocols: tlsv1_1,tlsv1_2
•sslv2: false
•sslv3: false
•tlsv1_0: false
•tlsv1_1: true
•tlsv1_1.ciphers:
TLS_ECDHE_ECDSA_WITH_AES_2
56_CBC_SHA,TLS_ECDH_ECDSA_
WITH_AES_256_CBC_SHA,TLS_EC
DHE_ECDSA_WITH_AES_128_CBC
_SHA,TLS_ECDH_ECDSA_WITH_AE
Page 124
Audit Report
Device
Protocol
Port
Vulnerabilities
Additional Information
S_128_CBC_SHA
•tlsv1_1.extensions:
RENEGOTIATION_INFO,EC_POINT_
FORMATS
•tlsv1_2: true
•tlsv1_2.ciphers:
TLS_ECDHE_ECDSA_WITH_AES_2
56_GCM_SHA384,TLS_ECDHE_ECD
SA_WITH_AES_256_CBC_SHA384,T
LS_ECDHE_ECDSA_WITH_AES_256
_CBC_SHA,TLS_ECDH_ECDSA_WIT
H_AES_256_GCM_SHA384,TLS_EC
DH_ECDSA_WITH_AES_256_CBC_
SHA384,TLS_ECDH_ECDSA_WITH_
AES_256_CBC_SHA,TLS_ECDHE_E
CDSA_WITH_AES_128_GCM_SHA2
56,TLS_ECDHE_ECDSA_WITH_AES
_128_CBC_SHA256,TLS_ECDHE_E
CDSA_WITH_AES_128_CBC_SHA,T
LS_ECDH_ECDSA_WITH_AES_128_
GCM_SHA256,TLS_ECDH_ECDSA_
WITH_AES_128_CBC_SHA256,TLS_
ECDH_ECDSA_WITH_AES_128_CB
C_SHA
•tlsv1_2.extensions:
RENEGOTIATION_INFO,EC_POINT_
FORMATS
10.220.251.32
tcp
443
4
•jQuery: 3.2.1
•ssl: true
•ssl.cert.chainerror: [Path does not
chain with any of the trust anchors]
•ssl.cert.issuer.dn:
EMAILADDRESS=support_e@huawei
.com, CN=Huawei, OU=IT, O=Huawei,
ST=Guangdong, C=CN
•ssl.cert.key.alg.name: EC
•ssl.cert.not.valid.after: Mon, 22 May
2028 06:41:18 PKT
•ssl.cert.not.valid.before: Fri, 25 May
Page 125
Audit Report
Device
Protocol
Port
Vulnerabilities
Additional Information
2018 06:41:18 PKT
•ssl.cert.selfsigned: false
•ssl.cert.serial.number:
13542711516911359001
•ssl.cert.sha1.fingerprint:
5ba1dceda72608eccca41b1f421f400e
46d595c3
•ssl.cert.sig.alg.name:
SHA256withECDSA
•ssl.cert.subject.dn:
EMAILADDRESS=support_e@huawei
.com, CN=Huawei, OU=IT, O=Huawei,
L=Shenzhen, ST=Guangdong, C=CN
•ssl.cert.validchain: false
•ssl.cert.version: 1
•ssl.protocols: tlsv1_1,tlsv1_2
•sslv2: false
•sslv3: false
•tlsv1_0: false
•tlsv1_1: true
•tlsv1_1.ciphers:
TLS_ECDHE_ECDSA_WITH_AES_2
56_CBC_SHA,TLS_ECDH_ECDSA_
WITH_AES_256_CBC_SHA,TLS_EC
DHE_ECDSA_WITH_AES_128_CBC
_SHA,TLS_ECDH_ECDSA_WITH_AE
S_128_CBC_SHA
•tlsv1_1.extensions:
RENEGOTIATION_INFO,EC_POINT_
FORMATS
•tlsv1_2: true
•tlsv1_2.ciphers:
TLS_ECDHE_ECDSA_WITH_AES_2
56_GCM_SHA384,TLS_ECDHE_ECD
SA_WITH_AES_256_CBC_SHA384,T
LS_ECDHE_ECDSA_WITH_AES_256
_CBC_SHA,TLS_ECDH_ECDSA_WIT
H_AES_256_GCM_SHA384,TLS_EC
DH_ECDSA_WITH_AES_256_CBC_
SHA384,TLS_ECDH_ECDSA_WITH_
Page 126
Audit Report
Device
Protocol
Port
Vulnerabilities
Additional Information
AES_256_CBC_SHA,TLS_ECDHE_E
CDSA_WITH_AES_128_GCM_SHA2
56,TLS_ECDHE_ECDSA_WITH_AES
_128_CBC_SHA256,TLS_ECDHE_E
CDSA_WITH_AES_128_CBC_SHA,T
LS_ECDH_ECDSA_WITH_AES_128_
GCM_SHA256,TLS_ECDH_ECDSA_
WITH_AES_128_CBC_SHA256,TLS_
ECDH_ECDSA_WITH_AES_128_CB
C_SHA
•tlsv1_2.extensions:
RENEGOTIATION_INFO,EC_POINT_
FORMATS
10.220.251.46
tcp
443
5
•Commvault WebServer
•http.banner: Commvault WebServer
•http.banner.server: Commvault
WebServer
•ssl: true
•ssl.cert.chainerror: [Path does not
chain with any of the trust anchors]
•ssl.cert.issuer.dn: CN=COMMVAULT
•ssl.cert.key.alg.name: RSA
•ssl.cert.key.rsa.modulusBits: 2048
•ssl.cert.not.valid.after: Sun, 21 Jun
2020 07:50:45 PKT
•ssl.cert.not.valid.before: Sat, 22 Jun
2019 07:50:45 PKT
•ssl.cert.selfsigned: true
•ssl.cert.serial.number:
1561171845923
•ssl.cert.sha1.fingerprint:
87bda09e2957a3362c3890cf2101b7d
e0884baf9
•ssl.cert.sig.alg.name:
SHA256withRSA
•ssl.cert.subject.dn: CN=COMMVAULT
•ssl.cert.validchain: false
•ssl.cert.validsignature: true
•ssl.cert.version: 1
Page 127
Audit Report
Device
Protocol
Port
Vulnerabilities
Additional Information
•ssl.protocols: tlsv1_0,tlsv1_1,tlsv1_2
•sslv2: false
•sslv3: false
•tlsv1_0: true
•tlsv1_0.ciphers:
TLS_ECDHE_RSA_WITH_AES_128_
CBC_SHA
•tlsv1_0.extensions:
RENEGOTIATION_INFO
•tlsv1_1: true
•tlsv1_1.ciphers:
TLS_ECDHE_RSA_WITH_AES_128_
CBC_SHA
•tlsv1_1.extensions:
RENEGOTIATION_INFO
•tlsv1_2: true
•tlsv1_2.ciphers:
TLS_ECDHE_RSA_WITH_AES_128_
GCM_SHA256,TLS_DHE_RSA_WITH
_AES_128_GCM_SHA256,TLS_ECD
HE_RSA_WITH_AES_128_CBC_SHA
256,TLS_ECDHE_RSA_WITH_AES_
128_CBC_SHA
•tlsv1_2.extensions:
RENEGOTIATION_INFO
10.220.251.64
tcp
443
3
•ssl: true
•ssl.cert.chainerror: [Path does not
chain with any of the trust anchors]
•ssl.cert.issuer.dn: CN=Huawei IT
Product CA, O=Huawei, C=CN
•ssl.cert.key.alg.name: RSA
•ssl.cert.key.rsa.modulusBits: 2048
•ssl.cert.not.valid.after: Sat, 04 Nov
2028 07:04:51 PKT
•ssl.cert.not.valid.before: Wed, 07 Nov
2018 07:04:51 PKT
•ssl.cert.selfsigned: false
•ssl.cert.serial.number:
6619165602698291111
Page 128
Audit Report
Device
Protocol
Port
Vulnerabilities
Additional Information
•ssl.cert.sha1.fingerprint:
0dcf33359581c46c37c75939c66fde53
b0eb320f
•ssl.cert.sig.alg.name:
SHA256withRSA
•ssl.cert.subject.dn: CN=huawei,
OU=IT, L=ShenZhen,
ST=GuangDong, O=Huawei, C=CN
•ssl.cert.validchain: false
•ssl.cert.version: 3
•ssl.dh.generator.2048: 2
•ssl.dh.prime.2048:
ffffffffffffffffc90fdaa22168c234c4c6628
b80dc1cd129024e088a67cc74020bbe
a63b139b22514a08798e3404ddef951
9b3cd3a431b302b0a6df25f14374fe13
56d6d51c245e485b576625e7ec6f44c
42e9a637ed6b0bff5cb6f406b7edee38
6bfb5a899fa5ae9f24117c4b1fe649286
651ece45b3dc2007cb8a163bf0598da
48361c55d39a69163fa8fd24cf5f83655
d23dca3ad961c62f356208552bb9ed5
29077096966d670c354e4abc9804f17
46c08ca18217c32905e462e36ce3be3
9e772c180e86039b2783a2ec07a28fb
5c55df06f4c52c9de2bcbf6955817183
995497cea956ae515d2261898fa0510
15728e5a8aacaa68ffffffffffffffff
•ssl.protocols: tlsv1_1,tlsv1_2
•sslv2: false
•sslv3: false
•tlsv1_0: false
•tlsv1_1: true
•tlsv1_1.TLS_DHE_RSA_WITH_AES_
128_CBC_SHA.dh.keysize: 2048
•tlsv1_1.TLS_DHE_RSA_WITH_AES_
256_CBC_SHA.dh.keysize: 2048
•tlsv1_1.ciphers:
TLS_ECDHE_RSA_WITH_AES_256_
CBC_SHA,TLS_DHE_RSA_WITH_AE
Page 129
Audit Report
Device
Protocol
Port
Vulnerabilities
Additional Information
S_256_CBC_SHA,TLS_ECDHE_RSA
_WITH_AES_128_CBC_SHA,TLS_D
HE_RSA_WITH_AES_128_CBC_SHA
•tlsv1_1.extensions:
RENEGOTIATION_INFO,EC_POINT_
FORMATS
•tlsv1_2: true
•tlsv1_2.TLS_DHE_RSA_WITH_AES_
128_CBC_SHA.dh.keysize: 2048
•tlsv1_2.TLS_DHE_RSA_WITH_AES_
128_CBC_SHA256.dh.keysize: 2048
•tlsv1_2.TLS_DHE_RSA_WITH_AES_
128_GCM_SHA256.dh.keysize: 2048
•tlsv1_2.TLS_DHE_RSA_WITH_AES_
256_CBC_SHA.dh.keysize: 2048
•tlsv1_2.TLS_DHE_RSA_WITH_AES_
256_CBC_SHA256.dh.keysize: 2048
•tlsv1_2.TLS_DHE_RSA_WITH_AES_
256_GCM_SHA384.dh.keysize: 2048
•tlsv1_2.ciphers:
TLS_ECDHE_RSA_WITH_AES_256_
GCM_SHA384,TLS_ECDHE_RSA_WI
TH_AES_256_CBC_SHA384,TLS_EC
DHE_RSA_WITH_AES_256_CBC_S
HA,TLS_DHE_RSA_WITH_AES_256
_GCM_SHA384,TLS_DHE_RSA_WIT
H_AES_256_CBC_SHA256,TLS_DH
E_RSA_WITH_AES_256_CBC_SHA,
TLS_ECDHE_RSA_WITH_AES_128_
GCM_SHA256,TLS_ECDHE_RSA_WI
TH_AES_128_CBC_SHA256,TLS_EC
DHE_RSA_WITH_AES_128_CBC_S
HA,TLS_DHE_RSA_WITH_AES_128
_GCM_SHA256,TLS_DHE_RSA_WIT
H_AES_128_CBC_SHA256,TLS_DH
E_RSA_WITH_AES_128_CBC_SHA
•tlsv1_2.extensions:
RENEGOTIATION_INFO,EC_POINT_
FORMATS
10.220.251.65
tcp
443
3
Page 130
Audit Report
Device
Protocol
Port
Vulnerabilities
Additional Information
•ssl: true
•ssl.cert.chainerror: [Path does not
chain with any of the trust anchors]
•ssl.cert.issuer.dn: CN=Huawei IT
Product CA, O=Huawei, C=CN
•ssl.cert.key.alg.name: RSA
•ssl.cert.key.rsa.modulusBits: 2048
•ssl.cert.not.valid.after: Sat, 04 Nov
2028 07:04:51 PKT
•ssl.cert.not.valid.before: Wed, 07 Nov
2018 07:04:51 PKT
•ssl.cert.selfsigned: false
•ssl.cert.serial.number:
6619165602698291111
•ssl.cert.sha1.fingerprint:
0dcf33359581c46c37c75939c66fde53
b0eb320f
•ssl.cert.sig.alg.name:
SHA256withRSA
•ssl.cert.subject.dn: CN=huawei,
OU=IT, L=ShenZhen,
ST=GuangDong, O=Huawei, C=CN
•ssl.cert.validchain: false
•ssl.cert.version: 3
•ssl.dh.generator.2048: 2
•ssl.dh.prime.2048:
ffffffffffffffffc90fdaa22168c234c4c6628
b80dc1cd129024e088a67cc74020bbe
a63b139b22514a08798e3404ddef951
9b3cd3a431b302b0a6df25f14374fe13
56d6d51c245e485b576625e7ec6f44c
42e9a637ed6b0bff5cb6f406b7edee38
6bfb5a899fa5ae9f24117c4b1fe649286
651ece45b3dc2007cb8a163bf0598da
48361c55d39a69163fa8fd24cf5f83655
d23dca3ad961c62f356208552bb9ed5
29077096966d670c354e4abc9804f17
46c08ca18217c32905e462e36ce3be3
9e772c180e86039b2783a2ec07a28fb
5c55df06f4c52c9de2bcbf6955817183
Page 131
Audit Report
Device
Protocol
Port
Vulnerabilities
Additional Information
995497cea956ae515d2261898fa0510
15728e5a8aacaa68ffffffffffffffff
•ssl.protocols: tlsv1_1,tlsv1_2
•sslv2: false
•sslv3: false
•tlsv1_0: false
•tlsv1_1: true
•tlsv1_1.TLS_DHE_RSA_WITH_AES_
128_CBC_SHA.dh.keysize: 2048
•tlsv1_1.TLS_DHE_RSA_WITH_AES_
256_CBC_SHA.dh.keysize: 2048
•tlsv1_1.ciphers:
TLS_ECDHE_RSA_WITH_AES_256_
CBC_SHA,TLS_DHE_RSA_WITH_AE
S_256_CBC_SHA,TLS_ECDHE_RSA
_WITH_AES_128_CBC_SHA,TLS_D
HE_RSA_WITH_AES_128_CBC_SHA
•tlsv1_1.extensions:
RENEGOTIATION_INFO,EC_POINT_
FORMATS
•tlsv1_2: true
•tlsv1_2.TLS_DHE_RSA_WITH_AES_
128_CBC_SHA.dh.keysize: 2048
•tlsv1_2.TLS_DHE_RSA_WITH_AES_
128_CBC_SHA256.dh.keysize: 2048
•tlsv1_2.TLS_DHE_RSA_WITH_AES_
128_GCM_SHA256.dh.keysize: 2048
•tlsv1_2.TLS_DHE_RSA_WITH_AES_
256_CBC_SHA.dh.keysize: 2048
•tlsv1_2.TLS_DHE_RSA_WITH_AES_
256_CBC_SHA256.dh.keysize: 2048
•tlsv1_2.TLS_DHE_RSA_WITH_AES_
256_GCM_SHA384.dh.keysize: 2048
•tlsv1_2.ciphers:
TLS_ECDHE_RSA_WITH_AES_256_
GCM_SHA384,TLS_ECDHE_RSA_WI
TH_AES_256_CBC_SHA384,TLS_EC
DHE_RSA_WITH_AES_256_CBC_S
HA,TLS_DHE_RSA_WITH_AES_256
_GCM_SHA384,TLS_DHE_RSA_WIT
Page 132
Audit Report
Device
Protocol
Port
Vulnerabilities
Additional Information
H_AES_256_CBC_SHA256,TLS_DH
E_RSA_WITH_AES_256_CBC_SHA,
TLS_ECDHE_RSA_WITH_AES_128_
GCM_SHA256,TLS_ECDHE_RSA_WI
TH_AES_128_CBC_SHA256,TLS_EC
DHE_RSA_WITH_AES_128_CBC_S
HA,TLS_DHE_RSA_WITH_AES_128
_GCM_SHA256,TLS_DHE_RSA_WIT
H_AES_128_CBC_SHA256,TLS_DH
E_RSA_WITH_AES_128_CBC_SHA
•tlsv1_2.extensions:
RENEGOTIATION_INFO,EC_POINT_
FORMATS
10.220.251.82
tcp
443
3
•ssl: true
•ssl.cert.chainerror: [Path does not
chain with any of the trust anchors]
•ssl.cert.issuer.dn:
EMAILADDRESS=support_e@huawei
.com, CN=Huawei, OU=IT, O=Huawei,
ST=Guangdong, C=CN
•ssl.cert.key.alg.name: EC
•ssl.cert.not.valid.after: Mon, 22 May
2028 06:41:18 PKT
•ssl.cert.not.valid.before: Fri, 25 May
2018 06:41:18 PKT
•ssl.cert.selfsigned: false
•ssl.cert.serial.number:
13542711516911359001
•ssl.cert.sha1.fingerprint:
5ba1dceda72608eccca41b1f421f400e
46d595c3
•ssl.cert.sig.alg.name:
SHA256withECDSA
•ssl.cert.subject.dn:
EMAILADDRESS=support_e@huawei
.com, CN=Huawei, OU=IT, O=Huawei,
L=Shenzhen, ST=Guangdong, C=CN
•ssl.cert.validchain: false
•ssl.cert.version: 1
Page 133
Audit Report
Device
Protocol
Port
Vulnerabilities
Additional Information
•ssl.protocols: tlsv1_1,tlsv1_2
•sslv2: false
•sslv3: false
•tlsv1_0: false
•tlsv1_1: true
•tlsv1_1.ciphers:
TLS_ECDHE_ECDSA_WITH_AES_2
56_CBC_SHA,TLS_ECDH_ECDSA_
WITH_AES_256_CBC_SHA,TLS_EC
DHE_ECDSA_WITH_AES_128_CBC
_SHA,TLS_ECDH_ECDSA_WITH_AE
S_128_CBC_SHA
•tlsv1_1.extensions:
RENEGOTIATION_INFO,EC_POINT_
FORMATS
•tlsv1_2: true
•tlsv1_2.ciphers:
TLS_ECDHE_ECDSA_WITH_AES_2
56_GCM_SHA384,TLS_ECDHE_ECD
SA_WITH_AES_256_CBC_SHA384,T
LS_ECDHE_ECDSA_WITH_AES_256
_CBC_SHA,TLS_ECDH_ECDSA_WIT
H_AES_256_GCM_SHA384,TLS_EC
DH_ECDSA_WITH_AES_256_CBC_
SHA384,TLS_ECDH_ECDSA_WITH_
AES_256_CBC_SHA,TLS_ECDHE_E
CDSA_WITH_AES_128_GCM_SHA2
56,TLS_ECDHE_ECDSA_WITH_AES
_128_CBC_SHA256,TLS_ECDHE_E
CDSA_WITH_AES_128_CBC_SHA,T
LS_ECDH_ECDSA_WITH_AES_128_
GCM_SHA256,TLS_ECDH_ECDSA_
WITH_AES_128_CBC_SHA256,TLS_
ECDH_ECDSA_WITH_AES_128_CB
C_SHA
•tlsv1_2.extensions:
RENEGOTIATION_INFO,EC_POINT_
FORMATS
10.220.251.83
tcp
443
3
•ssl: true
Page 134
Audit Report
Device
Protocol
Port
Vulnerabilities
Additional Information
•ssl.cert.chainerror: [Path does not
chain with any of the trust anchors]
•ssl.cert.issuer.dn:
EMAILADDRESS=support_e@huawei
.com, CN=Huawei, OU=IT, O=Huawei,
ST=Guangdong, C=CN
•ssl.cert.key.alg.name: EC
•ssl.cert.not.valid.after: Mon, 22 May
2028 06:41:18 PKT
•ssl.cert.not.valid.before: Fri, 25 May
2018 06:41:18 PKT
•ssl.cert.selfsigned: false
•ssl.cert.serial.number:
13542711516911359001
•ssl.cert.sha1.fingerprint:
5ba1dceda72608eccca41b1f421f400e
46d595c3
•ssl.cert.sig.alg.name:
SHA256withECDSA
•ssl.cert.subject.dn:
EMAILADDRESS=support_e@huawei
.com, CN=Huawei, OU=IT, O=Huawei,
L=Shenzhen, ST=Guangdong, C=CN
•ssl.cert.validchain: false
•ssl.cert.version: 1
•ssl.protocols: tlsv1_1,tlsv1_2
•sslv2: false
•sslv3: false
•tlsv1_0: false
•tlsv1_1: true
•tlsv1_1.ciphers:
TLS_ECDHE_ECDSA_WITH_AES_2
56_CBC_SHA,TLS_ECDH_ECDSA_
WITH_AES_256_CBC_SHA,TLS_EC
DHE_ECDSA_WITH_AES_128_CBC
_SHA,TLS_ECDH_ECDSA_WITH_AE
S_128_CBC_SHA
•tlsv1_1.extensions:
RENEGOTIATION_INFO,EC_POINT_
FORMATS
Page 135
Audit Report
Device
Protocol
Port
Vulnerabilities
Additional Information
•tlsv1_2: true
•tlsv1_2.ciphers:
TLS_ECDHE_ECDSA_WITH_AES_2
56_GCM_SHA384,TLS_ECDHE_ECD
SA_WITH_AES_256_CBC_SHA384,T
LS_ECDHE_ECDSA_WITH_AES_256
_CBC_SHA,TLS_ECDH_ECDSA_WIT
H_AES_256_GCM_SHA384,TLS_EC
DH_ECDSA_WITH_AES_256_CBC_
SHA384,TLS_ECDH_ECDSA_WITH_
AES_256_CBC_SHA,TLS_ECDHE_E
CDSA_WITH_AES_128_GCM_SHA2
56,TLS_ECDHE_ECDSA_WITH_AES
_128_CBC_SHA256,TLS_ECDHE_E
CDSA_WITH_AES_128_CBC_SHA,T
LS_ECDH_ECDSA_WITH_AES_128_
GCM_SHA256,TLS_ECDH_ECDSA_
WITH_AES_128_CBC_SHA256,TLS_
ECDH_ECDSA_WITH_AES_128_CB
C_SHA
•tlsv1_2.extensions:
RENEGOTIATION_INFO,EC_POINT_
FORMATS
10.220.251.84
tcp
443
3
•ssl: true
•ssl.cert.chainerror: [Path does not
chain with any of the trust anchors]
•ssl.cert.issuer.dn:
EMAILADDRESS=support_e@huawei
.com, CN=Huawei, OU=IT, O=Huawei,
ST=Guangdong, C=CN
•ssl.cert.key.alg.name: EC
•ssl.cert.not.valid.after: Mon, 22 May
2028 06:41:18 PKT
•ssl.cert.not.valid.before: Fri, 25 May
2018 06:41:18 PKT
•ssl.cert.selfsigned: false
•ssl.cert.serial.number:
13542711516911359001
•ssl.cert.sha1.fingerprint:
Page 136
Audit Report
Device
Protocol
Port
Vulnerabilities
Additional Information
5ba1dceda72608eccca41b1f421f400e
46d595c3
•ssl.cert.sig.alg.name:
SHA256withECDSA
•ssl.cert.subject.dn:
EMAILADDRESS=support_e@huawei
.com, CN=Huawei, OU=IT, O=Huawei,
L=Shenzhen, ST=Guangdong, C=CN
•ssl.cert.validchain: false
•ssl.cert.version: 1
•ssl.protocols: tlsv1_1,tlsv1_2
•sslv2: false
•sslv3: false
•tlsv1_0: false
•tlsv1_1: true
•tlsv1_1.ciphers:
TLS_ECDHE_ECDSA_WITH_AES_2
56_CBC_SHA,TLS_ECDH_ECDSA_
WITH_AES_256_CBC_SHA,TLS_EC
DHE_ECDSA_WITH_AES_128_CBC
_SHA,TLS_ECDH_ECDSA_WITH_AE
S_128_CBC_SHA
•tlsv1_1.extensions:
RENEGOTIATION_INFO,EC_POINT_
FORMATS
•tlsv1_2: true
•tlsv1_2.ciphers:
TLS_ECDHE_ECDSA_WITH_AES_2
56_GCM_SHA384,TLS_ECDHE_ECD
SA_WITH_AES_256_CBC_SHA384,T
LS_ECDHE_ECDSA_WITH_AES_256
_CBC_SHA,TLS_ECDH_ECDSA_WIT
H_AES_256_GCM_SHA384,TLS_EC
DH_ECDSA_WITH_AES_256_CBC_
SHA384,TLS_ECDH_ECDSA_WITH_
AES_256_CBC_SHA,TLS_ECDHE_E
CDSA_WITH_AES_128_GCM_SHA2
56,TLS_ECDHE_ECDSA_WITH_AES
_128_CBC_SHA256,TLS_ECDHE_E
CDSA_WITH_AES_128_CBC_SHA,T
Page 137
Audit Report
Device
Protocol
Port
Vulnerabilities
Additional Information
LS_ECDH_ECDSA_WITH_AES_128_
GCM_SHA256,TLS_ECDH_ECDSA_
WITH_AES_128_CBC_SHA256,TLS_
ECDH_ECDSA_WITH_AES_128_CB
C_SHA
•tlsv1_2.extensions:
RENEGOTIATION_INFO,EC_POINT_
FORMATS
4.9. Microsoft SQL Monitor
Microsoft SQL Server provides a monitor service used to discover and monitor Microsoft SQL servers. By broadcasting a request to
UDP port 1434, a client can locate systems on the local network running Microsoft SQL Server.
4.9.1. Discovered Instances of this Service
Device
Protocol
Port
Vulnerabilities
Additional Information
10.220.251.46
udp
1434
1
•Microsoft SQL Server 2014
12.0.5000.0
•InstanceName: COMMVAULT
•IsClustered: No
•ServerName: MFS-LHR-BACKUP
•Version: 12.0.5000.0
•tcp: 50553
4.10. NFS
The Network File System provides remote file access to shared file systems across a network. NFS provides methods to list and
browse directories and to access and alter files. NFS is built on the RPC protocol and is thus independent of machine, operating
systems, or even underlying protocol. The main NFS protocol often operates in tandem with other NFS style protocols. The NFS Mount
protocol deals with attaching the remote file systems to a point on the local machine's file system, and advertising what file systems are
available to be mounted. The NFS Lock manager adds support for file locking to prevent the occurrence of file change conflicts.
4.10.1. Discovered Instances of this Service
Device
Protocol
Port
Vulnerabilities
Additional Information
10.220.251.46
tcp
2049
0
•port.discovered.from: udp/111
•program-number: 100003
•program-version: 3
10.220.251.47
tcp
2049
0
•port.discovered.from: tcp/111
•program-number: 100003
•program-version: 3
Page 138
Audit Report
4.11. NFS lockd
The Network File System provides remote file access to shared file systems across a network. NFS provides methods to list and
browse directories and to access and alter files. NFS is built on the RPC protocol and is thus independent of machine, operating
systems, or even underlying protocol. This service, NFS Lock manager, adds support for file locking to prevent the occurrence of file
change conflicts. Since the NFS protocol is stateless, the NFS Lock Manager takes care of all the stateful aspects of file locking across
a network
4.11.1. Discovered Instances of this Service
Device
Protocol
Port
Vulnerabilities
Additional Information
10.220.251.33
tcp
2052
0
•port.discovered.from: udp/111
•program-number: 100021
•program-version: 4
10.220.251.33
udp
2052
0
•port.discovered.from: udp/111
•program-number: 100021
•program-version: 4
10.220.251.34
tcp
2052
0
•port.discovered.from: tcp/111
•program-number: 100021
•program-version: 4
10.220.251.34
udp
2052
0
•port.discovered.from: tcp/111
•program-number: 100021
•program-version: 4
10.220.251.35
tcp
2052
0
•port.discovered.from: tcp/111
•program-number: 100021
•program-version: 4
10.220.251.35
udp
2052
0
•port.discovered.from: tcp/111
•program-number: 100021
•program-version: 4
10.220.251.36
tcp
45332
0
•port.discovered.from: tcp/111
•program-number: 100021
•program-version: 4
10.220.251.36
udp
55217
0
•port.discovered.from: udp/111
•program-number: 100021
•program-version: 4
4.12. NTP
The Network Time Protocol (NTP) is used to keep the clocks of machines on a network synchronized. Provisions are made in the
protocol to account for network disruption and packet latency.
Page 139
Audit Report
4.12.1. Discovered Instances of this Service
Device
Protocol
Port
Vulnerabilities
10.220.251.10
udp
123
0
10.220.251.100
udp
123
0
10.220.251.101
udp
123
0
10.220.251.102
udp
123
0
10.220.251.103
udp
123
0
10.220.251.104
udp
123
0
10.220.251.105
udp
123
0
10.220.251.106
udp
123
0
10.220.251.107
udp
123
0
10.220.251.108
udp
123
0
10.220.251.109
udp
123
0
10.220.251.11
udp
123
0
10.220.251.110
udp
123
0
10.220.251.111
udp
123
0
10.220.251.112
udp
123
0
10.220.251.113
udp
123
0
10.220.251.114
udp
123
0
10.220.251.115
udp
123
0
10.220.251.116
udp
123
0
10.220.251.117
udp
123
0
10.220.251.118
udp
123
0
10.220.251.12
udp
123
0
10.220.251.121
udp
123
0
10.220.251.122
udp
123
0
10.220.251.13
udp
123
0
10.220.251.14
udp
123
0
10.220.251.15
udp
123
0
10.220.251.16
udp
123
0
10.220.251.17
udp
123
0
10.220.251.18
udp
123
0
10.220.251.21
udp
123
0
Additional Information
Page 140
Audit Report
Device
Protocol
Port
Vulnerabilities
10.220.251.22
udp
123
0
10.220.251.23
udp
123
0
10.220.251.33
udp
123
0
10.220.251.35
udp
123
0
10.220.251.36
udp
123
2
Additional Information
•NTP 4.2.8p12@1.3728-o
•ntp.variables: version="ntpd
4.2.8p12@1.3728-o Wed Oct 17
16:05:35 UTC 2018 (1)",
processor="x86_64",
system="Linux/4.4.21-69-default",
leap=0, stratum=11, precision=-24,
rootdelay=0.000, rootdisp=11.091,
refid=127.127.1.0,
reftime=0xe5427dd0.a6c68bf4,
clock=0xe5427ddc.8af7a060,
peer=28246, tc=6, mintc=3,
offset=0.000000, frequency=0.000,
sys_jitter=0.000000, clk_jitter=0.000,
clk_wander=0.000
10.220.251.37
udp
123
0
10.220.251.38
udp
123
0
10.220.251.39
udp
123
0
10.220.251.41
udp
123
0
10.220.251.48
udp
123
0
10.220.251.49
udp
123
0
10.220.251.50
udp
123
0
10.220.251.51
udp
123
0
10.220.251.52
udp
123
0
10.220.251.53
udp
123
0
10.220.251.54
udp
123
0
10.220.251.56
udp
123
0
10.220.251.57
udp
123
0
10.220.251.59
udp
123
0
10.220.251.60
udp
123
0
10.220.251.61
udp
123
0
Page 141
Audit Report
Device
Protocol
Port
Vulnerabilities
10.220.251.62
udp
123
0
10.220.251.63
udp
123
0
10.220.251.68
udp
123
0
10.220.251.69
udp
123
0
10.220.251.7
udp
123
0
10.220.251.76
udp
123
0
10.220.251.77
udp
123
0
10.220.251.8
udp
123
0
10.220.251.80
udp
123
0
10.220.251.81
udp
123
0
10.220.251.87
udp
123
0
10.220.251.88
udp
123
0
10.220.251.89
udp
123
0
10.220.251.9
udp
123
0
10.220.251.90
udp
123
0
10.220.251.91
udp
123
0
10.220.251.92
udp
123
0
10.220.251.93
udp
123
0
10.220.251.94
udp
123
0
10.220.251.95
udp
123
0
10.220.251.96
udp
123
0
10.220.251.97
udp
123
0
10.220.251.98
udp
123
0
10.220.251.99
udp
123
0
Additional Information
4.13. Oracle TNS Listener
4.13.1. Discovered Instances of this Service
Device
Protocol
Port
Vulnerabilities
Additional Information
10.220.251.36
tcp
1521
1
•Oracle Database 12.1.0.2
10.220.251.48
tcp
1521
1
•Oracle Database 12.1.0.2
10.220.251.49
tcp
1521
1
•Oracle Database 12.1.0.2
10.220.251.50
tcp
1524
1
•Oracle Database 12.1.0.2
Page 142
Audit Report
Device
Protocol
Port
Vulnerabilities
Additional Information
10.220.251.51
tcp
1521
1
•Oracle Database 12.1.0.2
10.220.251.52
tcp
1521
1
•Oracle Database 12.1.0.2
10.220.251.53
tcp
1524
1
•Oracle Database 12.1.0.2
10.220.251.54
tcp
1521
1
•Oracle Database 12.1.0.2
10.220.251.56
tcp
1524
1
•Oracle Database 12.1.0.2
10.220.251.57
tcp
1521
1
•Oracle Database 12.1.0.2
10.220.251.58
tcp
1521
1
•Oracle Database 12.1.0.2
10.220.251.59
tcp
1524
1
•Oracle Database 12.1.0.2
10.220.251.60
tcp
1521
1
•Oracle Database 12.1.0.2
10.220.251.60
tcp
1524
1
•Oracle Database 12.1.0.2
10.220.251.72
tcp
1521
1
•Oracle Database 12.1.0.2
10.220.251.72
tcp
1524
1
•Oracle Database 12.1.0.2
4.14. RDP
4.14.1. Discovered Instances of this Service
Device
Protocol
Port
Vulnerabilities
Additional Information
10.220.251.119
tcp
22
5
•Microsoft Terminal Service
•ssl: true
•ssl.protocols: tlsv1_0
•ssl.supportsInsecureRenegotiation:
true
•sslv3: false
•tlsv1_0: true
•tlsv1_0.ciphers:
TLS_RSA_WITH_AES_128_CBC_SH
A,TLS_RSA_WITH_AES_256_CBC_S
HA,TLS_RSA_WITH_RC4_128_SHA,
TLS_RSA_WITH_3DES_EDE_CBC_
SHA,TLS_ECDHE_RSA_WITH_AES_
128_CBC_SHA,TLS_ECDHE_RSA_
WITH_AES_256_CBC_SHA,TLS_RS
A_WITH_RC4_128_MD5
•tlsv1_0.extensions:
•tlsv1_1: false
Page 143
Audit Report
Device
Protocol
Port
Vulnerabilities
Additional Information
•tlsv1_2: false
10.220.251.46
tcp
3389
5
•ssl: true
•ssl.cert.chainerror: [Path does not
chain with any of the trust anchors]
•ssl.cert.issuer.dn: CN=mfs-lhrbackup.mobilink.net.pk
•ssl.cert.key.alg.name: RSA
•ssl.cert.key.rsa.modulusBits: 2048
•ssl.cert.not.valid.after: Wed, 20 Apr
2022 06:02:48 PKT
•ssl.cert.not.valid.before: Tue, 19 Oct
2021 06:02:48 PKT
•ssl.cert.selfsigned: true
•ssl.cert.serial.number:
124356621105865539790604551043
901712689
•ssl.cert.sha1.fingerprint:
4497cfab57e7b3dad13bf3a667b54892
a89a9605
•ssl.cert.sig.alg.name:
SHA256withRSA
•ssl.cert.subject.dn: CN=mfs-lhrbackup.mobilink.net.pk
•ssl.cert.validchain: false
•ssl.cert.validsignature: true
•ssl.cert.version: 3
•ssl.protocols: tlsv1_0,tlsv1_1,tlsv1_2
•sslv3: false
•tlsv1_0: true
•tlsv1_0.ciphers:
TLS_ECDHE_RSA_WITH_AES_256_
CBC_SHA,TLS_ECDHE_RSA_WITH_
AES_128_CBC_SHA,TLS_DHE_RSA
_WITH_AES_256_CBC_SHA,TLS_D
HE_RSA_WITH_AES_128_CBC_SHA
,TLS_RSA_WITH_AES_256_CBC_S
HA,TLS_RSA_WITH_AES_128_CBC
_SHA,TLS_RSA_WITH_3DES_EDE_
CBC_SHA
Page 144
Audit Report
Device
Protocol
Port
Vulnerabilities
Additional Information
•tlsv1_0.extensions:
RENEGOTIATION_INFO,EXTENDED
_MASTER_SECRET
•tlsv1_1: true
•tlsv1_1.ciphers:
TLS_ECDHE_RSA_WITH_AES_256_
CBC_SHA,TLS_ECDHE_RSA_WITH_
AES_128_CBC_SHA,TLS_DHE_RSA
_WITH_AES_256_CBC_SHA,TLS_D
HE_RSA_WITH_AES_128_CBC_SHA
,TLS_RSA_WITH_AES_256_CBC_S
HA,TLS_RSA_WITH_AES_128_CBC
_SHA,TLS_RSA_WITH_3DES_EDE_
CBC_SHA
•tlsv1_1.extensions:
RENEGOTIATION_INFO,EXTENDED
_MASTER_SECRET
•tlsv1_2: true
•tlsv1_2.ciphers:
TLS_ECDHE_RSA_WITH_AES_256_
GCM_SHA384,TLS_ECDHE_RSA_WI
TH_AES_128_GCM_SHA256,TLS_D
HE_RSA_WITH_AES_256_GCM_SH
A384,TLS_DHE_RSA_WITH_AES_12
8_GCM_SHA256,TLS_ECDHE_RSA_
WITH_AES_256_CBC_SHA384,TLS_
ECDHE_RSA_WITH_AES_128_CBC
_SHA256,TLS_ECDHE_RSA_WITH_
AES_256_CBC_SHA,TLS_ECDHE_R
SA_WITH_AES_128_CBC_SHA,TLS_
DHE_RSA_WITH_AES_256_CBC_S
HA,TLS_DHE_RSA_WITH_AES_128
_CBC_SHA,TLS_RSA_WITH_AES_2
56_GCM_SHA384,TLS_RSA_WITH_
AES_128_GCM_SHA256,TLS_RSA_
WITH_AES_256_CBC_SHA256,TLS_
RSA_WITH_AES_128_CBC_SHA256,
TLS_RSA_WITH_AES_256_CBC_SH
A,TLS_RSA_WITH_AES_128_CBC_S
HA,TLS_RSA_WITH_3DES_EDE_CB
Page 145
Audit Report
Device
Protocol
Port
Vulnerabilities
Additional Information
C_SHA
•tlsv1_2.extensions:
RENEGOTIATION_INFO,EXTENDED
_MASTER_SECRET
10.220.251.47
tcp
3389
5
•ssl: true
•ssl.cert.chainerror: [Path does not
chain with any of the trust anchors]
•ssl.cert.issuer.dn: CN=MFS-LHRCV2.mobilink.net.pk
•ssl.cert.key.alg.name: RSA
•ssl.cert.key.rsa.modulusBits: 2048
•ssl.cert.not.valid.after: Mon, 18 Apr
2022 21:40:30 PKT
•ssl.cert.not.valid.before: Sun, 17 Oct
2021 21:40:30 PKT
•ssl.cert.selfsigned: true
•ssl.cert.serial.number:
733124184050264411035793997474
89296830
•ssl.cert.sha1.fingerprint:
ccabd3c94b07aae3442f08a85a58965f
dee688e7
•ssl.cert.sig.alg.name:
SHA256withRSA
•ssl.cert.subject.dn: CN=MFS-LHRCV2.mobilink.net.pk
•ssl.cert.validchain: false
•ssl.cert.validsignature: true
•ssl.cert.version: 3
•ssl.protocols: tlsv1_0,tlsv1_1,tlsv1_2
•sslv3: false
•tlsv1_0: true
•tlsv1_0.ciphers:
TLS_ECDHE_RSA_WITH_AES_256_
CBC_SHA,TLS_ECDHE_RSA_WITH_
AES_128_CBC_SHA,TLS_DHE_RSA
_WITH_AES_256_CBC_SHA,TLS_D
HE_RSA_WITH_AES_128_CBC_SHA
,TLS_RSA_WITH_AES_256_CBC_S
Page 146
Audit Report
Device
Protocol
Port
Vulnerabilities
Additional Information
HA,TLS_RSA_WITH_AES_128_CBC
_SHA,TLS_RSA_WITH_3DES_EDE_
CBC_SHA
•tlsv1_0.extensions:
RENEGOTIATION_INFO,EXTENDED
_MASTER_SECRET
•tlsv1_1: true
•tlsv1_1.ciphers:
TLS_ECDHE_RSA_WITH_AES_256_
CBC_SHA,TLS_ECDHE_RSA_WITH_
AES_128_CBC_SHA,TLS_DHE_RSA
_WITH_AES_256_CBC_SHA,TLS_D
HE_RSA_WITH_AES_128_CBC_SHA
,TLS_RSA_WITH_AES_256_CBC_S
HA,TLS_RSA_WITH_AES_128_CBC
_SHA,TLS_RSA_WITH_3DES_EDE_
CBC_SHA
•tlsv1_1.extensions:
RENEGOTIATION_INFO,EXTENDED
_MASTER_SECRET
•tlsv1_2: true
•tlsv1_2.ciphers:
TLS_ECDHE_RSA_WITH_AES_256_
GCM_SHA384,TLS_ECDHE_RSA_WI
TH_AES_128_GCM_SHA256,TLS_D
HE_RSA_WITH_AES_256_GCM_SH
A384,TLS_DHE_RSA_WITH_AES_12
8_GCM_SHA256,TLS_ECDHE_RSA_
WITH_AES_256_CBC_SHA384,TLS_
ECDHE_RSA_WITH_AES_128_CBC
_SHA256,TLS_ECDHE_RSA_WITH_
AES_256_CBC_SHA,TLS_ECDHE_R
SA_WITH_AES_128_CBC_SHA,TLS_
DHE_RSA_WITH_AES_256_CBC_S
HA,TLS_DHE_RSA_WITH_AES_128
_CBC_SHA,TLS_RSA_WITH_AES_2
56_GCM_SHA384,TLS_RSA_WITH_
AES_128_GCM_SHA256,TLS_RSA_
WITH_AES_256_CBC_SHA256,TLS_
RSA_WITH_AES_128_CBC_SHA256,
Page 147
Audit Report
Device
Protocol
Port
Vulnerabilities
Additional Information
TLS_RSA_WITH_AES_256_CBC_SH
A,TLS_RSA_WITH_AES_128_CBC_S
HA,TLS_RSA_WITH_3DES_EDE_CB
C_SHA
•tlsv1_2.extensions:
RENEGOTIATION_INFO,EXTENDED
_MASTER_SECRET
4.15. SNMP
Simple Network Management Protocol (SNMP), like the name implies, is a simple protocol used to manage networking appliances by
remote clients. It is primarily UDP-based and uses trivial authentication by means of a secret community name.
4.15.1. Discovered Instances of this Service
Device
Protocol
Port
Vulnerabilities
Additional Information
10.220.251.116
udp
161
2
•assignedNumber: 7682
•sysDescr: Linux MFS-LHR-SR1
4.4.12192.98.1.16729.0.PTF.1120260-default
#1 SMP Fri Jan 4 09:06:23 UTC 2019
(fb8f8c4) x86_64
10.220.251.24
udp
161
0
10.220.251.25
udp
161
0
10.220.251.26
udp
161
0
10.220.251.27
udp
161
0
10.220.251.28
udp
161
0
10.220.251.29
udp
161
0
10.220.251.30
udp
161
0
10.220.251.31
udp
161
0
10.220.251.32
udp
161
0
10.220.251.46
udp
161
2
•assignedNumber: 311
•snmp.banner: Hardware: Intel64
Family 6 Model 85 Stepping 4 AT/AT
COMPATIBLE - Software: Windows
Version 6.3 (Build 14393
Multiprocessor Free)
•snmp.name: mfs-lhrbackup.mobilink.net.pk
Page 148
Audit Report
Device
Protocol
Port
Vulnerabilities
Additional Information
•snmp.sysObjectID:
1.3.6.1.4.1.311.1.1.3.1.2
•snmp.uptime: 360 days, 10:33:42.65
•snmp.version: v1/v2c
•sysDescr: Hardware: Intel64 Family 6
Model 85 Stepping 4 AT/AT
COMPATIBLE - Software: Windows
Version 6.3 (Build 14393
Multiprocessor Free)
10.220.251.64
udp
161
0
10.220.251.65
udp
161
0
10.220.251.82
udp
161
0
10.220.251.83
udp
161
0
10.220.251.84
udp
161
0
4.16. SSH
SSH, or Secure SHell, is designed to be a replacement for the aging Telnet protocol. It primarily adds encryption and data integrity to
Telnet, but can also provide superior authentication mechanisms such as public key authentication.
4.16.1. Discovered Instances of this Service
Device
Protocol
Port
Vulnerabilities
Additional Information
10.220.251.10
tcp
22
0
•OpenBSD OpenSSH 7.2
•ssh.algorithms.compression:
none,zlib@openssh.com
•ssh.algorithms.encryption: aes128ctr,aes192-ctr,aes256-ctr
•ssh.algorithms.hostkey: ssh-rsa,rsasha2-512,rsa-sha2-256,ecdsa-sha2nistp256,ssh-ed25519
•ssh.algorithms.kex: curve25519sha256@libssh.org,ecdh-sha2nistp256,ecdh-sha2-nistp384,ecdhsha2-nistp521,diffie-hellman-groupexchange-sha256,diffie-hellmangroup14-sha1
•ssh.algorithms.mac: hmac-sha1,hmacsha2-256,hmac-sha2-512
•ssh.banner: SSH-2.0-OpenSSH_7.2
•ssh.hostkey.ecdsa.bits: 256
Page 149
Audit Report
Device
Protocol
Port
Vulnerabilities
Additional Information
•ssh.hostkey.ecdsa.fingerprint:
02:9d:59:e2:3a:f8:3d:35:41:d3:ca:13:6
2:cf:86:f2
•ssh.hostkey.ed25519.bits: 256
•ssh.hostkey.ed25519.fingerprint:
80:fa:5f:84:17:16:12:03:83:5a:4d:69:1
e:70:7c:18
•ssh.hostkey.rsa.bits: 2048
•ssh.hostkey.rsa.fingerprint:
90:09:1b:72:9e:ee:4b:b8:40:b6:29:0a:
85:e6:9f:a1
•ssh.hostkey.type:
RSA,ECDSA,ED25519
•ssh.protocol.version: 2.0
10.220.251.100
tcp
22
0
•OpenBSD OpenSSH 7.2
•ssh.algorithms.compression:
none,zlib@openssh.com
•ssh.algorithms.encryption: aes128ctr,aes192-ctr,aes256-ctr
•ssh.algorithms.hostkey: ssh-rsa,rsasha2-512,rsa-sha2-256,ecdsa-sha2nistp256,ssh-ed25519
•ssh.algorithms.kex: curve25519sha256@libssh.org,ecdh-sha2nistp256,ecdh-sha2-nistp384,ecdhsha2-nistp521,diffie-hellman-groupexchange-sha256,diffie-hellmangroup14-sha1
•ssh.algorithms.mac: hmac-sha1,hmacsha2-256,hmac-sha2-512
•ssh.banner: SSH-2.0-OpenSSH_7.2
•ssh.hostkey.ecdsa.bits: 256
•ssh.hostkey.ecdsa.fingerprint:
02:9d:59:e2:3a:f8:3d:35:41:d3:ca:13:6
2:cf:86:f2
•ssh.hostkey.ed25519.bits: 256
•ssh.hostkey.ed25519.fingerprint:
80:fa:5f:84:17:16:12:03:83:5a:4d:69:1
e:70:7c:18
Page 150
Audit Report
Device
Protocol
Port
Vulnerabilities
Additional Information
•ssh.hostkey.rsa.bits: 2048
•ssh.hostkey.rsa.fingerprint:
90:09:1b:72:9e:ee:4b:b8:40:b6:29:0a:
85:e6:9f:a1
•ssh.hostkey.type:
RSA,ECDSA,ED25519
•ssh.protocol.version: 2.0
10.220.251.101
tcp
22
0
•OpenBSD OpenSSH 7.2
•ssh.algorithms.compression:
none,zlib@openssh.com
•ssh.algorithms.encryption: aes128ctr,aes192-ctr,aes256-ctr
•ssh.algorithms.hostkey: ssh-rsa,rsasha2-512,rsa-sha2-256,ecdsa-sha2nistp256,ssh-ed25519
•ssh.algorithms.kex: curve25519sha256@libssh.org,ecdh-sha2nistp256,ecdh-sha2-nistp384,ecdhsha2-nistp521,diffie-hellman-groupexchange-sha256,diffie-hellmangroup14-sha1
•ssh.algorithms.mac: hmac-sha1,hmacsha2-256,hmac-sha2-512
•ssh.banner: SSH-2.0-OpenSSH_7.2
•ssh.hostkey.ecdsa.bits: 256
•ssh.hostkey.ecdsa.fingerprint:
02:9d:59:e2:3a:f8:3d:35:41:d3:ca:13:6
2:cf:86:f2
•ssh.hostkey.ed25519.bits: 256
•ssh.hostkey.ed25519.fingerprint:
80:fa:5f:84:17:16:12:03:83:5a:4d:69:1
e:70:7c:18
•ssh.hostkey.rsa.bits: 2048
•ssh.hostkey.rsa.fingerprint:
90:09:1b:72:9e:ee:4b:b8:40:b6:29:0a:
85:e6:9f:a1
•ssh.hostkey.type:
RSA,ECDSA,ED25519
•ssh.protocol.version: 2.0
Page 151
Audit Report
Device
Protocol
Port
Vulnerabilities
Additional Information
10.220.251.102
tcp
22
0
•OpenBSD OpenSSH 7.2
•ssh.algorithms.compression:
none,zlib@openssh.com
•ssh.algorithms.encryption: aes128ctr,aes192-ctr,aes256-ctr
•ssh.algorithms.hostkey: ssh-rsa,rsasha2-512,rsa-sha2-256,ecdsa-sha2nistp256,ssh-ed25519
•ssh.algorithms.kex: curve25519sha256@libssh.org,ecdh-sha2nistp256,ecdh-sha2-nistp384,ecdhsha2-nistp521,diffie-hellman-groupexchange-sha256,diffie-hellmangroup14-sha1
•ssh.algorithms.mac: hmac-sha1,hmacsha2-256,hmac-sha2-512
•ssh.banner: SSH-2.0-OpenSSH_7.2
•ssh.hostkey.ecdsa.bits: 256
•ssh.hostkey.ecdsa.fingerprint:
02:9d:59:e2:3a:f8:3d:35:41:d3:ca:13:6
2:cf:86:f2
•ssh.hostkey.ed25519.bits: 256
•ssh.hostkey.ed25519.fingerprint:
80:fa:5f:84:17:16:12:03:83:5a:4d:69:1
e:70:7c:18
•ssh.hostkey.rsa.bits: 2048
•ssh.hostkey.rsa.fingerprint:
90:09:1b:72:9e:ee:4b:b8:40:b6:29:0a:
85:e6:9f:a1
•ssh.hostkey.type:
RSA,ECDSA,ED25519
•ssh.protocol.version: 2.0
10.220.251.103
tcp
22
0
•OpenBSD OpenSSH 7.2
•ssh.algorithms.compression:
none,zlib@openssh.com
•ssh.algorithms.encryption: aes128ctr,aes192-ctr,aes256-ctr
•ssh.algorithms.hostkey: ssh-rsa,rsasha2-512,rsa-sha2-256,ecdsa-sha2-
Page 152
Audit Report
Device
Protocol
Port
Vulnerabilities
Additional Information
nistp256,ssh-ed25519
•ssh.algorithms.kex: curve25519sha256@libssh.org,ecdh-sha2nistp256,ecdh-sha2-nistp384,ecdhsha2-nistp521,diffie-hellman-groupexchange-sha256,diffie-hellmangroup14-sha1
•ssh.algorithms.mac: hmac-sha1,hmacsha2-256,hmac-sha2-512
•ssh.banner: SSH-2.0-OpenSSH_7.2
•ssh.hostkey.ecdsa.bits: 256
•ssh.hostkey.ecdsa.fingerprint:
02:9d:59:e2:3a:f8:3d:35:41:d3:ca:13:6
2:cf:86:f2
•ssh.hostkey.ed25519.bits: 256
•ssh.hostkey.ed25519.fingerprint:
80:fa:5f:84:17:16:12:03:83:5a:4d:69:1
e:70:7c:18
•ssh.hostkey.rsa.bits: 2048
•ssh.hostkey.rsa.fingerprint:
90:09:1b:72:9e:ee:4b:b8:40:b6:29:0a:
85:e6:9f:a1
•ssh.hostkey.type:
RSA,ECDSA,ED25519
•ssh.protocol.version: 2.0
10.220.251.104
tcp
22
0
•OpenBSD OpenSSH 7.2
•ssh.algorithms.compression:
none,zlib@openssh.com
•ssh.algorithms.encryption: aes128ctr,aes192-ctr,aes256-ctr
•ssh.algorithms.hostkey: ssh-rsa,rsasha2-512,rsa-sha2-256,ecdsa-sha2nistp256,ssh-ed25519
•ssh.algorithms.kex: curve25519sha256@libssh.org,ecdh-sha2nistp256,ecdh-sha2-nistp384,ecdhsha2-nistp521,diffie-hellman-groupexchange-sha256,diffie-hellmangroup14-sha1
Page 153
Audit Report
Device
Protocol
Port
Vulnerabilities
Additional Information
•ssh.algorithms.mac: hmac-sha1,hmacsha2-256,hmac-sha2-512
•ssh.banner: SSH-2.0-OpenSSH_7.2
•ssh.hostkey.ecdsa.bits: 256
•ssh.hostkey.ecdsa.fingerprint:
02:9d:59:e2:3a:f8:3d:35:41:d3:ca:13:6
2:cf:86:f2
•ssh.hostkey.ed25519.bits: 256
•ssh.hostkey.ed25519.fingerprint:
80:fa:5f:84:17:16:12:03:83:5a:4d:69:1
e:70:7c:18
•ssh.hostkey.rsa.bits: 2048
•ssh.hostkey.rsa.fingerprint:
90:09:1b:72:9e:ee:4b:b8:40:b6:29:0a:
85:e6:9f:a1
•ssh.hostkey.type:
RSA,ECDSA,ED25519
•ssh.protocol.version: 2.0
10.220.251.105
tcp
22
0
•OpenBSD OpenSSH 7.2
•ssh.algorithms.compression:
none,zlib@openssh.com
•ssh.algorithms.encryption: aes128ctr,aes192-ctr,aes256-ctr
•ssh.algorithms.hostkey: ssh-rsa,rsasha2-512,rsa-sha2-256,ecdsa-sha2nistp256,ssh-ed25519
•ssh.algorithms.kex: curve25519sha256@libssh.org,ecdh-sha2nistp256,ecdh-sha2-nistp384,ecdhsha2-nistp521,diffie-hellman-groupexchange-sha256,diffie-hellmangroup14-sha1
•ssh.algorithms.mac: hmac-sha1,hmacsha2-256,hmac-sha2-512
•ssh.banner: SSH-2.0-OpenSSH_7.2
•ssh.hostkey.ecdsa.bits: 256
•ssh.hostkey.ecdsa.fingerprint:
02:9d:59:e2:3a:f8:3d:35:41:d3:ca:13:6
2:cf:86:f2
Page 154
Audit Report
Device
Protocol
Port
Vulnerabilities
Additional Information
•ssh.hostkey.ed25519.bits: 256
•ssh.hostkey.ed25519.fingerprint:
80:fa:5f:84:17:16:12:03:83:5a:4d:69:1
e:70:7c:18
•ssh.hostkey.rsa.bits: 2048
•ssh.hostkey.rsa.fingerprint:
90:09:1b:72:9e:ee:4b:b8:40:b6:29:0a:
85:e6:9f:a1
•ssh.hostkey.type:
RSA,ECDSA,ED25519
•ssh.protocol.version: 2.0
10.220.251.106
tcp
22
0
•OpenBSD OpenSSH 7.2
•ssh.algorithms.compression:
none,zlib@openssh.com
•ssh.algorithms.encryption: aes128ctr,aes192-ctr,aes256-ctr
•ssh.algorithms.hostkey: ssh-rsa,rsasha2-512,rsa-sha2-256,ecdsa-sha2nistp256,ssh-ed25519
•ssh.algorithms.kex: curve25519sha256@libssh.org,ecdh-sha2nistp256,ecdh-sha2-nistp384,ecdhsha2-nistp521,diffie-hellman-groupexchange-sha256,diffie-hellmangroup14-sha1
•ssh.algorithms.mac: hmac-sha1,hmacsha2-256,hmac-sha2-512
•ssh.banner: SSH-2.0-OpenSSH_7.2
•ssh.hostkey.ecdsa.bits: 256
•ssh.hostkey.ecdsa.fingerprint:
02:9d:59:e2:3a:f8:3d:35:41:d3:ca:13:6
2:cf:86:f2
•ssh.hostkey.ed25519.bits: 256
•ssh.hostkey.ed25519.fingerprint:
80:fa:5f:84:17:16:12:03:83:5a:4d:69:1
e:70:7c:18
•ssh.hostkey.rsa.bits: 2048
•ssh.hostkey.rsa.fingerprint:
90:09:1b:72:9e:ee:4b:b8:40:b6:29:0a:
Page 155
Audit Report
Device
Protocol
Port
Vulnerabilities
Additional Information
85:e6:9f:a1
•ssh.hostkey.type:
RSA,ECDSA,ED25519
•ssh.protocol.version: 2.0
10.220.251.107
tcp
22
0
•OpenBSD OpenSSH 7.2
•ssh.algorithms.compression:
none,zlib@openssh.com
•ssh.algorithms.encryption: aes128ctr,aes192-ctr,aes256-ctr
•ssh.algorithms.hostkey: ssh-rsa,rsasha2-512,rsa-sha2-256,ecdsa-sha2nistp256,ssh-ed25519
•ssh.algorithms.kex: curve25519sha256@libssh.org,ecdh-sha2nistp256,ecdh-sha2-nistp384,ecdhsha2-nistp521,diffie-hellman-groupexchange-sha256,diffie-hellmangroup14-sha1
•ssh.algorithms.mac: hmac-sha1,hmacsha2-256,hmac-sha2-512
•ssh.banner: SSH-2.0-OpenSSH_7.2
•ssh.hostkey.ecdsa.bits: 256
•ssh.hostkey.ecdsa.fingerprint:
02:9d:59:e2:3a:f8:3d:35:41:d3:ca:13:6
2:cf:86:f2
•ssh.hostkey.ed25519.bits: 256
•ssh.hostkey.ed25519.fingerprint:
80:fa:5f:84:17:16:12:03:83:5a:4d:69:1
e:70:7c:18
•ssh.hostkey.rsa.bits: 2048
•ssh.hostkey.rsa.fingerprint:
90:09:1b:72:9e:ee:4b:b8:40:b6:29:0a:
85:e6:9f:a1
•ssh.hostkey.type:
RSA,ECDSA,ED25519
•ssh.protocol.version: 2.0
10.220.251.108
tcp
22
0
•OpenBSD OpenSSH 7.2
•ssh.algorithms.compression:
none,zlib@openssh.com
Page 156
Audit Report
Device
Protocol
Port
Vulnerabilities
Additional Information
•ssh.algorithms.encryption: aes128ctr,aes192-ctr,aes256-ctr
•ssh.algorithms.hostkey: ssh-rsa,rsasha2-512,rsa-sha2-256,ecdsa-sha2nistp256,ssh-ed25519
•ssh.algorithms.kex: curve25519sha256@libssh.org,ecdh-sha2nistp256,ecdh-sha2-nistp384,ecdhsha2-nistp521,diffie-hellman-groupexchange-sha256,diffie-hellmangroup14-sha1
•ssh.algorithms.mac: hmac-sha1,hmacsha2-256,hmac-sha2-512
•ssh.banner: SSH-2.0-OpenSSH_7.2
•ssh.hostkey.ecdsa.bits: 256
•ssh.hostkey.ecdsa.fingerprint:
02:9d:59:e2:3a:f8:3d:35:41:d3:ca:13:6
2:cf:86:f2
•ssh.hostkey.ed25519.bits: 256
•ssh.hostkey.ed25519.fingerprint:
80:fa:5f:84:17:16:12:03:83:5a:4d:69:1
e:70:7c:18
•ssh.hostkey.rsa.bits: 2048
•ssh.hostkey.rsa.fingerprint:
90:09:1b:72:9e:ee:4b:b8:40:b6:29:0a:
85:e6:9f:a1
•ssh.hostkey.type:
RSA,ECDSA,ED25519
•ssh.protocol.version: 2.0
10.220.251.109
tcp
22
0
•OpenBSD OpenSSH 7.2
•ssh.algorithms.compression:
none,zlib@openssh.com
•ssh.algorithms.encryption: aes128ctr,aes192-ctr,aes256-ctr
•ssh.algorithms.hostkey: ssh-rsa,rsasha2-512,rsa-sha2-256,ecdsa-sha2nistp256,ssh-ed25519
•ssh.algorithms.kex: curve25519sha256@libssh.org,ecdh-sha2-
Page 157
Audit Report
Device
Protocol
Port
Vulnerabilities
Additional Information
nistp256,ecdh-sha2-nistp384,ecdhsha2-nistp521,diffie-hellman-groupexchange-sha256,diffie-hellmangroup14-sha1
•ssh.algorithms.mac: hmac-sha1,hmacsha2-256,hmac-sha2-512
•ssh.banner: SSH-2.0-OpenSSH_7.2
•ssh.hostkey.ecdsa.bits: 256
•ssh.hostkey.ecdsa.fingerprint:
02:9d:59:e2:3a:f8:3d:35:41:d3:ca:13:6
2:cf:86:f2
•ssh.hostkey.ed25519.bits: 256
•ssh.hostkey.ed25519.fingerprint:
80:fa:5f:84:17:16:12:03:83:5a:4d:69:1
e:70:7c:18
•ssh.hostkey.rsa.bits: 2048
•ssh.hostkey.rsa.fingerprint:
90:09:1b:72:9e:ee:4b:b8:40:b6:29:0a:
85:e6:9f:a1
•ssh.hostkey.type:
RSA,ECDSA,ED25519
•ssh.protocol.version: 2.0
10.220.251.11
tcp
22
0
•OpenBSD OpenSSH 7.2
•ssh.algorithms.compression:
none,zlib@openssh.com
•ssh.algorithms.encryption: aes128ctr,aes192-ctr,aes256-ctr
•ssh.algorithms.hostkey: ssh-rsa,rsasha2-512,rsa-sha2-256,ecdsa-sha2nistp256,ssh-ed25519
•ssh.algorithms.kex: curve25519sha256@libssh.org,ecdh-sha2nistp256,ecdh-sha2-nistp384,ecdhsha2-nistp521,diffie-hellman-groupexchange-sha256,diffie-hellmangroup14-sha1
•ssh.algorithms.mac: hmac-sha1,hmacsha2-256,hmac-sha2-512
•ssh.banner: SSH-2.0-OpenSSH_7.2
Page 158
Audit Report
Device
Protocol
Port
Vulnerabilities
Additional Information
•ssh.hostkey.ecdsa.bits: 256
•ssh.hostkey.ecdsa.fingerprint:
02:9d:59:e2:3a:f8:3d:35:41:d3:ca:13:6
2:cf:86:f2
•ssh.hostkey.ed25519.bits: 256
•ssh.hostkey.ed25519.fingerprint:
80:fa:5f:84:17:16:12:03:83:5a:4d:69:1
e:70:7c:18
•ssh.hostkey.rsa.bits: 2048
•ssh.hostkey.rsa.fingerprint:
90:09:1b:72:9e:ee:4b:b8:40:b6:29:0a:
85:e6:9f:a1
•ssh.hostkey.type:
RSA,ECDSA,ED25519
•ssh.protocol.version: 2.0
10.220.251.110
tcp
22
0
•OpenBSD OpenSSH 7.2
•ssh.algorithms.compression:
none,zlib@openssh.com
•ssh.algorithms.encryption: aes128ctr,aes192-ctr,aes256-ctr
•ssh.algorithms.hostkey: ssh-rsa,rsasha2-512,rsa-sha2-256,ecdsa-sha2nistp256,ssh-ed25519
•ssh.algorithms.kex: curve25519sha256@libssh.org,ecdh-sha2nistp256,ecdh-sha2-nistp384,ecdhsha2-nistp521,diffie-hellman-groupexchange-sha256,diffie-hellmangroup14-sha1
•ssh.algorithms.mac: hmac-sha1,hmacsha2-256,hmac-sha2-512
•ssh.banner: SSH-2.0-OpenSSH_7.2
•ssh.hostkey.ecdsa.bits: 256
•ssh.hostkey.ecdsa.fingerprint:
02:9d:59:e2:3a:f8:3d:35:41:d3:ca:13:6
2:cf:86:f2
•ssh.hostkey.ed25519.bits: 256
•ssh.hostkey.ed25519.fingerprint:
80:fa:5f:84:17:16:12:03:83:5a:4d:69:1
Page 159
Audit Report
Device
Protocol
Port
Vulnerabilities
Additional Information
e:70:7c:18
•ssh.hostkey.rsa.bits: 2048
•ssh.hostkey.rsa.fingerprint:
90:09:1b:72:9e:ee:4b:b8:40:b6:29:0a:
85:e6:9f:a1
•ssh.hostkey.type:
RSA,ECDSA,ED25519
•ssh.protocol.version: 2.0
10.220.251.111
tcp
22
0
•OpenBSD OpenSSH 7.2
•ssh.algorithms.compression:
none,zlib@openssh.com
•ssh.algorithms.encryption: aes128ctr,aes192-ctr,aes256-ctr
•ssh.algorithms.hostkey: ssh-rsa,rsasha2-512,rsa-sha2-256,ecdsa-sha2nistp256,ssh-ed25519
•ssh.algorithms.kex: curve25519sha256@libssh.org,ecdh-sha2nistp256,ecdh-sha2-nistp384,ecdhsha2-nistp521,diffie-hellman-groupexchange-sha256,diffie-hellmangroup14-sha1
•ssh.algorithms.mac: hmac-sha1,hmacsha2-256,hmac-sha2-512
•ssh.banner: SSH-2.0-OpenSSH_7.2
•ssh.hostkey.ecdsa.bits: 256
•ssh.hostkey.ecdsa.fingerprint:
02:9d:59:e2:3a:f8:3d:35:41:d3:ca:13:6
2:cf:86:f2
•ssh.hostkey.ed25519.bits: 256
•ssh.hostkey.ed25519.fingerprint:
80:fa:5f:84:17:16:12:03:83:5a:4d:69:1
e:70:7c:18
•ssh.hostkey.rsa.bits: 2048
•ssh.hostkey.rsa.fingerprint:
90:09:1b:72:9e:ee:4b:b8:40:b6:29:0a:
85:e6:9f:a1
•ssh.hostkey.type:
RSA,ECDSA,ED25519
Page 160
Audit Report
Device
Protocol
Port
Vulnerabilities
Additional Information
•ssh.protocol.version: 2.0
10.220.251.112
tcp
22
0
•OpenBSD OpenSSH 7.2
•ssh.algorithms.compression:
none,zlib@openssh.com
•ssh.algorithms.encryption: aes128ctr,aes192-ctr,aes256-ctr
•ssh.algorithms.hostkey: ssh-rsa,rsasha2-512,rsa-sha2-256,ecdsa-sha2nistp256,ssh-ed25519
•ssh.algorithms.kex: curve25519sha256@libssh.org,ecdh-sha2nistp256,ecdh-sha2-nistp384,ecdhsha2-nistp521,diffie-hellman-groupexchange-sha256,diffie-hellmangroup14-sha1
•ssh.algorithms.mac: hmac-sha1,hmacsha2-256,hmac-sha2-512
•ssh.banner: SSH-2.0-OpenSSH_7.2
•ssh.hostkey.ecdsa.bits: 256
•ssh.hostkey.ecdsa.fingerprint:
02:9d:59:e2:3a:f8:3d:35:41:d3:ca:13:6
2:cf:86:f2
•ssh.hostkey.ed25519.bits: 256
•ssh.hostkey.ed25519.fingerprint:
80:fa:5f:84:17:16:12:03:83:5a:4d:69:1
e:70:7c:18
•ssh.hostkey.rsa.bits: 2048
•ssh.hostkey.rsa.fingerprint:
90:09:1b:72:9e:ee:4b:b8:40:b6:29:0a:
85:e6:9f:a1
•ssh.hostkey.type:
RSA,ECDSA,ED25519
•ssh.protocol.version: 2.0
10.220.251.113
tcp
22
0
•OpenBSD OpenSSH 7.2
•ssh.algorithms.compression:
none,zlib@openssh.com
•ssh.algorithms.encryption: aes128ctr,aes192-ctr,aes256-ctr
•ssh.algorithms.hostkey: ssh-rsa,rsa-
Page 161
Audit Report
Device
Protocol
Port
Vulnerabilities
Additional Information
sha2-512,rsa-sha2-256,ecdsa-sha2nistp256,ssh-ed25519
•ssh.algorithms.kex: curve25519sha256@libssh.org,ecdh-sha2nistp256,ecdh-sha2-nistp384,ecdhsha2-nistp521,diffie-hellman-groupexchange-sha256,diffie-hellmangroup14-sha1
•ssh.algorithms.mac: hmac-sha1,hmacsha2-256,hmac-sha2-512
•ssh.banner: SSH-2.0-OpenSSH_7.2
•ssh.hostkey.ecdsa.bits: 256
•ssh.hostkey.ecdsa.fingerprint:
02:9d:59:e2:3a:f8:3d:35:41:d3:ca:13:6
2:cf:86:f2
•ssh.hostkey.ed25519.bits: 256
•ssh.hostkey.ed25519.fingerprint:
80:fa:5f:84:17:16:12:03:83:5a:4d:69:1
e:70:7c:18
•ssh.hostkey.rsa.bits: 2048
•ssh.hostkey.rsa.fingerprint:
90:09:1b:72:9e:ee:4b:b8:40:b6:29:0a:
85:e6:9f:a1
•ssh.hostkey.type:
RSA,ECDSA,ED25519
•ssh.protocol.version: 2.0
10.220.251.114
tcp
22
0
•OpenBSD OpenSSH 7.2
•ssh.algorithms.compression:
none,zlib@openssh.com
•ssh.algorithms.encryption: aes128ctr,aes192-ctr,aes256-ctr
•ssh.algorithms.hostkey: ssh-rsa,rsasha2-512,rsa-sha2-256,ecdsa-sha2nistp256,ssh-ed25519
•ssh.algorithms.kex: curve25519sha256@libssh.org,ecdh-sha2nistp256,ecdh-sha2-nistp384,ecdhsha2-nistp521,diffie-hellman-groupexchange-sha256,diffie-hellman-
Page 162
Audit Report
Device
Protocol
Port
Vulnerabilities
Additional Information
group14-sha1
•ssh.algorithms.mac: hmac-sha1,hmacsha2-256,hmac-sha2-512
•ssh.banner: SSH-2.0-OpenSSH_7.2
•ssh.hostkey.ecdsa.bits: 256
•ssh.hostkey.ecdsa.fingerprint:
02:9d:59:e2:3a:f8:3d:35:41:d3:ca:13:6
2:cf:86:f2
•ssh.hostkey.ed25519.bits: 256
•ssh.hostkey.ed25519.fingerprint:
80:fa:5f:84:17:16:12:03:83:5a:4d:69:1
e:70:7c:18
•ssh.hostkey.rsa.bits: 2048
•ssh.hostkey.rsa.fingerprint:
90:09:1b:72:9e:ee:4b:b8:40:b6:29:0a:
85:e6:9f:a1
•ssh.hostkey.type:
RSA,ECDSA,ED25519
•ssh.protocol.version: 2.0
10.220.251.115
tcp
22
0
•OpenBSD OpenSSH 7.2
•ssh.algorithms.compression:
none,zlib@openssh.com
•ssh.algorithms.encryption: aes128ctr,aes192-ctr,aes256-ctr
•ssh.algorithms.hostkey: ssh-rsa,rsasha2-512,rsa-sha2-256,ecdsa-sha2nistp256,ssh-ed25519
•ssh.algorithms.kex: curve25519sha256@libssh.org,ecdh-sha2nistp256,ecdh-sha2-nistp384,ecdhsha2-nistp521,diffie-hellman-groupexchange-sha256,diffie-hellmangroup14-sha1
•ssh.algorithms.mac: hmac-sha1,hmacsha2-256,hmac-sha2-512
•ssh.banner: SSH-2.0-OpenSSH_7.2
•ssh.hostkey.ecdsa.bits: 256
•ssh.hostkey.ecdsa.fingerprint:
02:9d:59:e2:3a:f8:3d:35:41:d3:ca:13:6
Page 163
Audit Report
Device
Protocol
Port
Vulnerabilities
Additional Information
2:cf:86:f2
•ssh.hostkey.ed25519.bits: 256
•ssh.hostkey.ed25519.fingerprint:
80:fa:5f:84:17:16:12:03:83:5a:4d:69:1
e:70:7c:18
•ssh.hostkey.rsa.bits: 2048
•ssh.hostkey.rsa.fingerprint:
90:09:1b:72:9e:ee:4b:b8:40:b6:29:0a:
85:e6:9f:a1
•ssh.hostkey.type:
RSA,ECDSA,ED25519
•ssh.protocol.version: 2.0
10.220.251.116
tcp
22
0
•OpenBSD OpenSSH 7.2
•ssh.algorithms.compression:
none,zlib@openssh.com
•ssh.algorithms.encryption: aes128ctr,aes192-ctr,aes256-ctr
•ssh.algorithms.hostkey: ssh-rsa,rsasha2-512,rsa-sha2-256,ecdsa-sha2nistp256,ssh-ed25519
•ssh.algorithms.kex: curve25519sha256@libssh.org,ecdh-sha2nistp256,ecdh-sha2-nistp384,ecdhsha2-nistp521,diffie-hellman-groupexchange-sha256,diffie-hellmangroup14-sha1
•ssh.algorithms.mac: hmac-sha1,hmacsha2-256,hmac-sha2-512
•ssh.banner: SSH-2.0-OpenSSH_7.2
•ssh.hostkey.ecdsa.bits: 256
•ssh.hostkey.ecdsa.fingerprint:
02:9d:59:e2:3a:f8:3d:35:41:d3:ca:13:6
2:cf:86:f2
•ssh.hostkey.ed25519.bits: 256
•ssh.hostkey.ed25519.fingerprint:
80:fa:5f:84:17:16:12:03:83:5a:4d:69:1
e:70:7c:18
•ssh.hostkey.rsa.bits: 2048
•ssh.hostkey.rsa.fingerprint:
Page 164
Audit Report
Device
Protocol
Port
Vulnerabilities
Additional Information
90:09:1b:72:9e:ee:4b:b8:40:b6:29:0a:
85:e6:9f:a1
•ssh.hostkey.type:
RSA,ECDSA,ED25519
•ssh.protocol.version: 2.0
10.220.251.117
tcp
22
0
•OpenBSD OpenSSH 7.2
•ssh.algorithms.compression:
none,zlib@openssh.com
•ssh.algorithms.encryption: aes128ctr,aes192-ctr,aes256-ctr
•ssh.algorithms.hostkey: ssh-rsa,rsasha2-512,rsa-sha2-256,ecdsa-sha2nistp256,ssh-ed25519
•ssh.algorithms.kex: curve25519sha256@libssh.org,ecdh-sha2nistp256,ecdh-sha2-nistp384,ecdhsha2-nistp521,diffie-hellman-groupexchange-sha256,diffie-hellmangroup14-sha1
•ssh.algorithms.mac: hmac-sha1,hmacsha2-256,hmac-sha2-512
•ssh.banner: SSH-2.0-OpenSSH_7.2
•ssh.hostkey.ecdsa.bits: 256
•ssh.hostkey.ecdsa.fingerprint:
02:9d:59:e2:3a:f8:3d:35:41:d3:ca:13:6
2:cf:86:f2
•ssh.hostkey.ed25519.bits: 256
•ssh.hostkey.ed25519.fingerprint:
80:fa:5f:84:17:16:12:03:83:5a:4d:69:1
e:70:7c:18
•ssh.hostkey.rsa.bits: 2048
•ssh.hostkey.rsa.fingerprint:
90:09:1b:72:9e:ee:4b:b8:40:b6:29:0a:
85:e6:9f:a1
•ssh.hostkey.type:
RSA,ECDSA,ED25519
•ssh.protocol.version: 2.0
10.220.251.118
tcp
22
1
•OpenBSD OpenSSH 7.2
•ssh.algorithms.compression:
Page 165
Audit Report
Device
Protocol
Port
Vulnerabilities
Additional Information
none,zlib@openssh.com
•ssh.algorithms.encryption: aes128ctr,aes192-ctr,aes256-ctr,aes256-cbc
•ssh.algorithms.hostkey: ecdsa-sha2nistp256,ssh-ed25519,ssh-rsa,rsasha2-512,rsa-sha2-256
•ssh.algorithms.kex: curve25519sha256@libssh.org,ecdh-sha2nistp256,ecdh-sha2-nistp384,ecdhsha2-nistp521,diffie-hellman-groupexchange-sha256,diffie-hellmangroup14-sha1
•ssh.algorithms.mac: hmac-sha1,hmacsha2-256,hmac-sha2-512
•ssh.banner: SSH-2.0-OpenSSH_7.2
•ssh.hostkey.ecdsa.bits: 256
•ssh.hostkey.ecdsa.fingerprint:
02:9d:59:e2:3a:f8:3d:35:41:d3:ca:13:6
2:cf:86:f2
•ssh.hostkey.ed25519.bits: 256
•ssh.hostkey.ed25519.fingerprint:
80:fa:5f:84:17:16:12:03:83:5a:4d:69:1
e:70:7c:18
•ssh.hostkey.rsa.bits: 2048
•ssh.hostkey.rsa.fingerprint:
90:09:1b:72:9e:ee:4b:b8:40:b6:29:0a:
85:e6:9f:a1
•ssh.hostkey.type:
RSA,ECDSA,ED25519
•ssh.protocol.version: 2.0
10.220.251.12
tcp
22
0
•OpenBSD OpenSSH 7.2
•ssh.algorithms.compression:
none,zlib@openssh.com
•ssh.algorithms.encryption: aes128ctr,aes192-ctr,aes256-ctr
•ssh.algorithms.hostkey: ssh-rsa,rsasha2-512,rsa-sha2-256,ecdsa-sha2nistp256,ssh-ed25519
•ssh.algorithms.kex: curve25519-
Page 166
Audit Report
Device
Protocol
Port
Vulnerabilities
Additional Information
sha256@libssh.org,ecdh-sha2nistp256,ecdh-sha2-nistp384,ecdhsha2-nistp521,diffie-hellman-groupexchange-sha256,diffie-hellmangroup14-sha1
•ssh.algorithms.mac: hmac-sha1,hmacsha2-256,hmac-sha2-512
•ssh.banner: SSH-2.0-OpenSSH_7.2
•ssh.hostkey.ecdsa.bits: 256
•ssh.hostkey.ecdsa.fingerprint:
02:9d:59:e2:3a:f8:3d:35:41:d3:ca:13:6
2:cf:86:f2
•ssh.hostkey.ed25519.bits: 256
•ssh.hostkey.ed25519.fingerprint:
80:fa:5f:84:17:16:12:03:83:5a:4d:69:1
e:70:7c:18
•ssh.hostkey.rsa.bits: 2048
•ssh.hostkey.rsa.fingerprint:
90:09:1b:72:9e:ee:4b:b8:40:b6:29:0a:
85:e6:9f:a1
•ssh.hostkey.type:
RSA,ECDSA,ED25519
•ssh.protocol.version: 2.0
10.220.251.121
tcp
22
0
•OpenBSD OpenSSH 7.2
•ssh.algorithms.compression:
none,zlib@openssh.com
•ssh.algorithms.encryption: aes128ctr,aes192-ctr,aes256-ctr
•ssh.algorithms.hostkey: ssh-rsa,rsasha2-512,rsa-sha2-256,ecdsa-sha2nistp256,ssh-ed25519
•ssh.algorithms.kex: curve25519sha256@libssh.org,ecdh-sha2nistp256,ecdh-sha2-nistp384,ecdhsha2-nistp521,diffie-hellman-groupexchange-sha256,diffie-hellmangroup14-sha1
•ssh.algorithms.mac: hmac-sha1,hmacsha2-256,hmac-sha2-512
Page 167
Audit Report
Device
Protocol
Port
Vulnerabilities
Additional Information
•ssh.banner: SSH-2.0-OpenSSH_7.2
•ssh.hostkey.ecdsa.bits: 256
•ssh.hostkey.ecdsa.fingerprint:
02:9d:59:e2:3a:f8:3d:35:41:d3:ca:13:6
2:cf:86:f2
•ssh.hostkey.ed25519.bits: 256
•ssh.hostkey.ed25519.fingerprint:
80:fa:5f:84:17:16:12:03:83:5a:4d:69:1
e:70:7c:18
•ssh.hostkey.rsa.bits: 2048
•ssh.hostkey.rsa.fingerprint:
90:09:1b:72:9e:ee:4b:b8:40:b6:29:0a:
85:e6:9f:a1
•ssh.hostkey.type:
RSA,ECDSA,ED25519
•ssh.protocol.version: 2.0
10.220.251.122
tcp
22
0
•OpenBSD OpenSSH 7.2
•ssh.algorithms.compression:
none,zlib@openssh.com
•ssh.algorithms.encryption: aes128ctr,aes192-ctr,aes256-ctr
•ssh.algorithms.hostkey: ssh-rsa,rsasha2-512,rsa-sha2-256,ecdsa-sha2nistp256,ssh-ed25519
•ssh.algorithms.kex: curve25519sha256@libssh.org,ecdh-sha2nistp256,ecdh-sha2-nistp384,ecdhsha2-nistp521,diffie-hellman-groupexchange-sha256,diffie-hellmangroup14-sha1
•ssh.algorithms.mac: hmac-sha1,hmacsha2-256,hmac-sha2-512
•ssh.banner: SSH-2.0-OpenSSH_7.2
•ssh.hostkey.ecdsa.bits: 256
•ssh.hostkey.ecdsa.fingerprint:
02:9d:59:e2:3a:f8:3d:35:41:d3:ca:13:6
2:cf:86:f2
•ssh.hostkey.ed25519.bits: 256
•ssh.hostkey.ed25519.fingerprint:
Page 168
Audit Report
Device
Protocol
Port
Vulnerabilities
Additional Information
80:fa:5f:84:17:16:12:03:83:5a:4d:69:1
e:70:7c:18
•ssh.hostkey.rsa.bits: 2048
•ssh.hostkey.rsa.fingerprint:
90:09:1b:72:9e:ee:4b:b8:40:b6:29:0a:
85:e6:9f:a1
•ssh.hostkey.type:
RSA,ECDSA,ED25519
•ssh.protocol.version: 2.0
10.220.251.13
tcp
22
0
•OpenBSD OpenSSH 7.2
•ssh.algorithms.compression:
none,zlib@openssh.com
•ssh.algorithms.encryption: aes128ctr,aes192-ctr,aes256-ctr
•ssh.algorithms.hostkey: ssh-rsa,rsasha2-512,rsa-sha2-256,ecdsa-sha2nistp256,ssh-ed25519
•ssh.algorithms.kex: curve25519sha256@libssh.org,ecdh-sha2nistp256,ecdh-sha2-nistp384,ecdhsha2-nistp521,diffie-hellman-groupexchange-sha256,diffie-hellmangroup14-sha1
•ssh.algorithms.mac: hmac-sha1,hmacsha2-256,hmac-sha2-512
•ssh.banner: SSH-2.0-OpenSSH_7.2
•ssh.hostkey.ecdsa.bits: 256
•ssh.hostkey.ecdsa.fingerprint:
02:9d:59:e2:3a:f8:3d:35:41:d3:ca:13:6
2:cf:86:f2
•ssh.hostkey.ed25519.bits: 256
•ssh.hostkey.ed25519.fingerprint:
80:fa:5f:84:17:16:12:03:83:5a:4d:69:1
e:70:7c:18
•ssh.hostkey.rsa.bits: 2048
•ssh.hostkey.rsa.fingerprint:
90:09:1b:72:9e:ee:4b:b8:40:b6:29:0a:
85:e6:9f:a1
•ssh.hostkey.type:
Page 169
Audit Report
Device
Protocol
Port
Vulnerabilities
Additional Information
RSA,ECDSA,ED25519
•ssh.protocol.version: 2.0
10.220.251.14
tcp
22
0
•OpenBSD OpenSSH 7.2
•ssh.algorithms.compression:
none,zlib@openssh.com
•ssh.algorithms.encryption: aes128ctr,aes192-ctr,aes256-ctr
•ssh.algorithms.hostkey: ssh-rsa,rsasha2-512,rsa-sha2-256,ecdsa-sha2nistp256,ssh-ed25519
•ssh.algorithms.kex: curve25519sha256@libssh.org,ecdh-sha2nistp256,ecdh-sha2-nistp384,ecdhsha2-nistp521,diffie-hellman-groupexchange-sha256,diffie-hellmangroup14-sha1
•ssh.algorithms.mac: hmac-sha1,hmacsha2-256,hmac-sha2-512
•ssh.banner: SSH-2.0-OpenSSH_7.2
•ssh.hostkey.ecdsa.bits: 256
•ssh.hostkey.ecdsa.fingerprint:
02:9d:59:e2:3a:f8:3d:35:41:d3:ca:13:6
2:cf:86:f2
•ssh.hostkey.ed25519.bits: 256
•ssh.hostkey.ed25519.fingerprint:
80:fa:5f:84:17:16:12:03:83:5a:4d:69:1
e:70:7c:18
•ssh.hostkey.rsa.bits: 2048
•ssh.hostkey.rsa.fingerprint:
90:09:1b:72:9e:ee:4b:b8:40:b6:29:0a:
85:e6:9f:a1
•ssh.hostkey.type:
RSA,ECDSA,ED25519
•ssh.protocol.version: 2.0
10.220.251.15
tcp
22
0
•OpenBSD OpenSSH 7.2
•ssh.algorithms.compression:
none,zlib@openssh.com
•ssh.algorithms.encryption: aes128ctr,aes192-ctr,aes256-ctr
Page 170
Audit Report
Device
Protocol
Port
Vulnerabilities
Additional Information
•ssh.algorithms.hostkey: ssh-rsa,rsasha2-512,rsa-sha2-256,ecdsa-sha2nistp256,ssh-ed25519
•ssh.algorithms.kex: curve25519sha256@libssh.org,ecdh-sha2nistp256,ecdh-sha2-nistp384,ecdhsha2-nistp521,diffie-hellman-groupexchange-sha256,diffie-hellmangroup14-sha1
•ssh.algorithms.mac: hmac-sha1,hmacsha2-256,hmac-sha2-512
•ssh.banner: SSH-2.0-OpenSSH_7.2
•ssh.hostkey.ecdsa.bits: 256
•ssh.hostkey.ecdsa.fingerprint:
02:9d:59:e2:3a:f8:3d:35:41:d3:ca:13:6
2:cf:86:f2
•ssh.hostkey.ed25519.bits: 256
•ssh.hostkey.ed25519.fingerprint:
80:fa:5f:84:17:16:12:03:83:5a:4d:69:1
e:70:7c:18
•ssh.hostkey.rsa.bits: 2048
•ssh.hostkey.rsa.fingerprint:
90:09:1b:72:9e:ee:4b:b8:40:b6:29:0a:
85:e6:9f:a1
•ssh.hostkey.type:
RSA,ECDSA,ED25519
•ssh.protocol.version: 2.0
10.220.251.16
tcp
22
0
•OpenBSD OpenSSH 7.2
•ssh.algorithms.compression:
none,zlib@openssh.com
•ssh.algorithms.encryption: aes128ctr,aes192-ctr,aes256-ctr
•ssh.algorithms.hostkey: ssh-rsa,rsasha2-512,rsa-sha2-256,ecdsa-sha2nistp256,ssh-ed25519
•ssh.algorithms.kex: curve25519sha256@libssh.org,ecdh-sha2nistp256,ecdh-sha2-nistp384,ecdhsha2-nistp521,diffie-hellman-group-
Page 171
Audit Report
Device
Protocol
Port
Vulnerabilities
Additional Information
exchange-sha256,diffie-hellmangroup14-sha1
•ssh.algorithms.mac: hmac-sha1,hmacsha2-256,hmac-sha2-512
•ssh.banner: SSH-2.0-OpenSSH_7.2
•ssh.hostkey.ecdsa.bits: 256
•ssh.hostkey.ecdsa.fingerprint:
02:9d:59:e2:3a:f8:3d:35:41:d3:ca:13:6
2:cf:86:f2
•ssh.hostkey.ed25519.bits: 256
•ssh.hostkey.ed25519.fingerprint:
80:fa:5f:84:17:16:12:03:83:5a:4d:69:1
e:70:7c:18
•ssh.hostkey.rsa.bits: 2048
•ssh.hostkey.rsa.fingerprint:
90:09:1b:72:9e:ee:4b:b8:40:b6:29:0a:
85:e6:9f:a1
•ssh.hostkey.type:
RSA,ECDSA,ED25519
•ssh.protocol.version: 2.0
10.220.251.17
tcp
22
0
•OpenBSD OpenSSH 7.2
•ssh.algorithms.compression:
none,zlib@openssh.com
•ssh.algorithms.encryption: aes128ctr,aes192-ctr,aes256-ctr
•ssh.algorithms.hostkey: ssh-rsa,rsasha2-512,rsa-sha2-256,ecdsa-sha2nistp256,ssh-ed25519
•ssh.algorithms.kex: curve25519sha256@libssh.org,ecdh-sha2nistp256,ecdh-sha2-nistp384,ecdhsha2-nistp521,diffie-hellman-groupexchange-sha256,diffie-hellmangroup14-sha1
•ssh.algorithms.mac: hmac-sha1,hmacsha2-256,hmac-sha2-512
•ssh.banner: SSH-2.0-OpenSSH_7.2
•ssh.hostkey.ecdsa.bits: 256
•ssh.hostkey.ecdsa.fingerprint:
Page 172
Audit Report
Device
Protocol
Port
Vulnerabilities
Additional Information
02:9d:59:e2:3a:f8:3d:35:41:d3:ca:13:6
2:cf:86:f2
•ssh.hostkey.ed25519.bits: 256
•ssh.hostkey.ed25519.fingerprint:
80:fa:5f:84:17:16:12:03:83:5a:4d:69:1
e:70:7c:18
•ssh.hostkey.rsa.bits: 2048
•ssh.hostkey.rsa.fingerprint:
90:09:1b:72:9e:ee:4b:b8:40:b6:29:0a:
85:e6:9f:a1
•ssh.hostkey.type:
RSA,ECDSA,ED25519
•ssh.protocol.version: 2.0
10.220.251.18
tcp
22
0
•OpenBSD OpenSSH 7.2
•ssh.algorithms.compression:
none,zlib@openssh.com
•ssh.algorithms.encryption: aes128ctr,aes192-ctr,aes256-ctr
•ssh.algorithms.hostkey: ssh-rsa,rsasha2-512,rsa-sha2-256,ecdsa-sha2nistp256,ssh-ed25519
•ssh.algorithms.kex: curve25519sha256@libssh.org,ecdh-sha2nistp256,ecdh-sha2-nistp384,ecdhsha2-nistp521,diffie-hellman-groupexchange-sha256,diffie-hellmangroup14-sha1
•ssh.algorithms.mac: hmac-sha1,hmacsha2-256,hmac-sha2-512
•ssh.banner: SSH-2.0-OpenSSH_7.2
•ssh.hostkey.ecdsa.bits: 256
•ssh.hostkey.ecdsa.fingerprint:
02:9d:59:e2:3a:f8:3d:35:41:d3:ca:13:6
2:cf:86:f2
•ssh.hostkey.ed25519.bits: 256
•ssh.hostkey.ed25519.fingerprint:
80:fa:5f:84:17:16:12:03:83:5a:4d:69:1
e:70:7c:18
•ssh.hostkey.rsa.bits: 2048
Page 173
Audit Report
Device
Protocol
Port
Vulnerabilities
Additional Information
•ssh.hostkey.rsa.fingerprint:
90:09:1b:72:9e:ee:4b:b8:40:b6:29:0a:
85:e6:9f:a1
•ssh.hostkey.type:
RSA,ECDSA,ED25519
•ssh.protocol.version: 2.0
10.220.251.20
tcp
22
0
•OpenBSD OpenSSH 7.2
•ssh.algorithms.compression:
none,zlib@openssh.com
•ssh.algorithms.encryption: aes128ctr,aes192-ctr,aes256-ctr
•ssh.algorithms.hostkey: ssh-rsa,rsasha2-512,rsa-sha2-256,ecdsa-sha2nistp256,ssh-ed25519
•ssh.algorithms.kex: curve25519sha256@libssh.org,ecdh-sha2nistp256,ecdh-sha2-nistp384,ecdhsha2-nistp521,diffie-hellman-groupexchange-sha256,diffie-hellmangroup14-sha1
•ssh.algorithms.mac: hmac-sha1,hmacsha2-256,hmac-sha2-512
•ssh.banner: SSH-2.0-OpenSSH_7.2
•ssh.hostkey.ecdsa.bits: 256
•ssh.hostkey.ecdsa.fingerprint:
02:9d:59:e2:3a:f8:3d:35:41:d3:ca:13:6
2:cf:86:f2
•ssh.hostkey.ed25519.bits: 256
•ssh.hostkey.ed25519.fingerprint:
80:fa:5f:84:17:16:12:03:83:5a:4d:69:1
e:70:7c:18
•ssh.hostkey.rsa.bits: 2048
•ssh.hostkey.rsa.fingerprint:
90:09:1b:72:9e:ee:4b:b8:40:b6:29:0a:
85:e6:9f:a1
•ssh.hostkey.type:
RSA,ECDSA,ED25519
•ssh.protocol.version: 2.0
10.220.251.21
tcp
22
1
•OpenBSD OpenSSH 7.2
Page 174
Audit Report
Device
Protocol
Port
Vulnerabilities
Additional Information
•ssh.algorithms.compression:
none,zlib@openssh.com
•ssh.algorithms.encryption: aes128ctr,aes192-ctr,aes256-ctr,aes256-cbc
•ssh.algorithms.hostkey: ssh-rsa,rsasha2-512,rsa-sha2-256,ecdsa-sha2nistp256,ssh-ed25519
•ssh.algorithms.kex: curve25519sha256@libssh.org,ecdh-sha2nistp256,ecdh-sha2-nistp384,ecdhsha2-nistp521,diffie-hellman-groupexchange-sha256,diffie-hellmangroup14-sha1
•ssh.algorithms.mac: hmac-sha1,hmacsha2-256,hmac-sha2-512
•ssh.banner: SSH-2.0-OpenSSH_7.2
•ssh.hostkey.ecdsa.bits: 256
•ssh.hostkey.ecdsa.fingerprint:
02:9d:59:e2:3a:f8:3d:35:41:d3:ca:13:6
2:cf:86:f2
•ssh.hostkey.ed25519.bits: 256
•ssh.hostkey.ed25519.fingerprint:
80:fa:5f:84:17:16:12:03:83:5a:4d:69:1
e:70:7c:18
•ssh.hostkey.rsa.bits: 2048
•ssh.hostkey.rsa.fingerprint:
90:09:1b:72:9e:ee:4b:b8:40:b6:29:0a:
85:e6:9f:a1
•ssh.hostkey.type:
RSA,ECDSA,ED25519
•ssh.protocol.version: 2.0
10.220.251.22
tcp
22
1
•OpenBSD OpenSSH 7.2
•ssh.algorithms.compression:
none,zlib@openssh.com
•ssh.algorithms.encryption: aes128ctr,aes192-ctr,aes256-ctr,aes256-cbc
•ssh.algorithms.hostkey: ssh-rsa,rsasha2-512,rsa-sha2-256,ecdsa-sha2nistp256,ssh-ed25519
Page 175
Audit Report
Device
Protocol
Port
Vulnerabilities
Additional Information
•ssh.algorithms.kex: curve25519sha256@libssh.org,ecdh-sha2nistp256,ecdh-sha2-nistp384,ecdhsha2-nistp521,diffie-hellman-groupexchange-sha256,diffie-hellmangroup14-sha1
•ssh.algorithms.mac: hmac-sha1,hmacsha2-256,hmac-sha2-512
•ssh.banner: SSH-2.0-OpenSSH_7.2
•ssh.hostkey.ecdsa.bits: 256
•ssh.hostkey.ecdsa.fingerprint:
02:9d:59:e2:3a:f8:3d:35:41:d3:ca:13:6
2:cf:86:f2
•ssh.hostkey.ed25519.bits: 256
•ssh.hostkey.ed25519.fingerprint:
80:fa:5f:84:17:16:12:03:83:5a:4d:69:1
e:70:7c:18
•ssh.hostkey.rsa.bits: 2048
•ssh.hostkey.rsa.fingerprint:
90:09:1b:72:9e:ee:4b:b8:40:b6:29:0a:
85:e6:9f:a1
•ssh.hostkey.type:
RSA,ECDSA,ED25519
•ssh.protocol.version: 2.0
10.220.251.23
tcp
22
1
•OpenBSD OpenSSH 7.2
•ssh.algorithms.compression:
none,zlib@openssh.com
•ssh.algorithms.encryption: aes128ctr,aes192-ctr,aes256-ctr,aes256-cbc
•ssh.algorithms.hostkey: ssh-rsa,rsasha2-512,rsa-sha2-256,ecdsa-sha2nistp256,ssh-ed25519
•ssh.algorithms.kex: curve25519sha256@libssh.org,ecdh-sha2nistp256,ecdh-sha2-nistp384,ecdhsha2-nistp521,diffie-hellman-groupexchange-sha256,diffie-hellmangroup14-sha1
•ssh.algorithms.mac: hmac-sha1,hmac-
Page 176
Audit Report
Device
Protocol
Port
Vulnerabilities
Additional Information
sha2-256,hmac-sha2-512
•ssh.banner: SSH-2.0-OpenSSH_7.2
•ssh.hostkey.ecdsa.bits: 256
•ssh.hostkey.ecdsa.fingerprint:
02:9d:59:e2:3a:f8:3d:35:41:d3:ca:13:6
2:cf:86:f2
•ssh.hostkey.ed25519.bits: 256
•ssh.hostkey.ed25519.fingerprint:
80:fa:5f:84:17:16:12:03:83:5a:4d:69:1
e:70:7c:18
•ssh.hostkey.rsa.bits: 2048
•ssh.hostkey.rsa.fingerprint:
90:09:1b:72:9e:ee:4b:b8:40:b6:29:0a:
85:e6:9f:a1
•ssh.hostkey.type:
RSA,ECDSA,ED25519
•ssh.protocol.version: 2.0
10.220.251.24
tcp
22
1
•ssh.algorithms.compression:
none,zlib@openssh.com
•ssh.algorithms.encryption: aes128ctr,aes192-ctr,aes256-ctr,aes128gcm@openssh.com,aes256gcm@openssh.com,chacha20poly1305@openssh.com
•ssh.algorithms.hostkey: ssh-rsa,rsasha2-512,rsa-sha2-256,ecdsa-sha2nistp256,ssh-ed25519
•ssh.algorithms.kex: diffie-hellmangroup1-sha1,diffie-hellman-group14sha1,diffie-hellman-group-exchangesha1,diffie-hellman-group-exchangesha256,ecdh-sha2-nistp256,ecdhsha2-nistp384,ecdh-sha2nistp521,curve25519sha256@libssh.org
•ssh.algorithms.mac: hmac-sha1,hmacsha2-256,hmac-sha2-512
•ssh.banner: SSH-2.0•ssh.hostkey.ecdsa.bits: 256
Page 177
Audit Report
Device
Protocol
Port
Vulnerabilities
Additional Information
•ssh.hostkey.ecdsa.fingerprint:
c2:44:b7:63:ec:23:22:79:5c:e3:a5:f0:a
0:61:f4:4e
•ssh.hostkey.ed25519.bits: 256
•ssh.hostkey.ed25519.fingerprint:
d8:0f:92:23:7d:36:c5:a1:e0:8e:20:af:e9
:3a:9d:18
•ssh.hostkey.rsa.bits: 2048
•ssh.hostkey.rsa.fingerprint:
e8:b8:93:93:28:ea:93:88:04:a1:3f:98:0
e:ae:89:93
•ssh.hostkey.type:
RSA,ECDSA,ED25519
•ssh.protocol.version: 2.0
10.220.251.25
tcp
22
1
•ssh.algorithms.compression:
none,zlib@openssh.com
•ssh.algorithms.encryption: aes128ctr,aes192-ctr,aes256-ctr,aes128gcm@openssh.com,aes256gcm@openssh.com,chacha20poly1305@openssh.com
•ssh.algorithms.hostkey: ssh-rsa,rsasha2-512,rsa-sha2-256,ecdsa-sha2nistp256,ssh-ed25519
•ssh.algorithms.kex: diffie-hellmangroup1-sha1,diffie-hellman-group14sha1,diffie-hellman-group-exchangesha1,diffie-hellman-group-exchangesha256,ecdh-sha2-nistp256,ecdhsha2-nistp384,ecdh-sha2nistp521,curve25519sha256@libssh.org
•ssh.algorithms.mac: hmac-sha1,hmacsha2-256,hmac-sha2-512
•ssh.banner: SSH-2.0•ssh.hostkey.ecdsa.bits: 256
•ssh.hostkey.ecdsa.fingerprint:
c2:44:b7:63:ec:23:22:79:5c:e3:a5:f0:a
0:61:f4:4e
Page 178
Audit Report
Device
Protocol
Port
Vulnerabilities
Additional Information
•ssh.hostkey.ed25519.bits: 256
•ssh.hostkey.ed25519.fingerprint:
d8:0f:92:23:7d:36:c5:a1:e0:8e:20:af:e9
:3a:9d:18
•ssh.hostkey.rsa.bits: 2048
•ssh.hostkey.rsa.fingerprint:
e8:b8:93:93:28:ea:93:88:04:a1:3f:98:0
e:ae:89:93
•ssh.hostkey.type:
RSA,ECDSA,ED25519
•ssh.protocol.version: 2.0
10.220.251.26
tcp
22
1
•ssh.algorithms.compression:
none,zlib@openssh.com
•ssh.algorithms.encryption: aes128ctr,aes192-ctr,aes256-ctr,aes128gcm@openssh.com,aes256gcm@openssh.com,chacha20poly1305@openssh.com
•ssh.algorithms.hostkey: ssh-rsa,rsasha2-512,rsa-sha2-256,ecdsa-sha2nistp256,ssh-ed25519
•ssh.algorithms.kex: diffie-hellmangroup1-sha1,diffie-hellman-group14sha1,diffie-hellman-group-exchangesha1,diffie-hellman-group-exchangesha256,ecdh-sha2-nistp256,ecdhsha2-nistp384,ecdh-sha2nistp521,curve25519sha256@libssh.org
•ssh.algorithms.mac: hmac-sha1,hmacsha2-256,hmac-sha2-512
•ssh.banner: SSH-2.0•ssh.hostkey.ecdsa.bits: 256
•ssh.hostkey.ecdsa.fingerprint:
c2:44:b7:63:ec:23:22:79:5c:e3:a5:f0:a
0:61:f4:4e
•ssh.hostkey.ed25519.bits: 256
•ssh.hostkey.ed25519.fingerprint:
d8:0f:92:23:7d:36:c5:a1:e0:8e:20:af:e9
Page 179
Audit Report
Device
Protocol
Port
Vulnerabilities
Additional Information
:3a:9d:18
•ssh.hostkey.rsa.bits: 2048
•ssh.hostkey.rsa.fingerprint:
e8:b8:93:93:28:ea:93:88:04:a1:3f:98:0
e:ae:89:93
•ssh.hostkey.type:
RSA,ECDSA,ED25519
•ssh.protocol.version: 2.0
10.220.251.27
tcp
22
1
•ssh.algorithms.compression:
none,zlib@openssh.com
•ssh.algorithms.encryption: aes128ctr,aes192-ctr,aes256-ctr,aes128gcm@openssh.com,aes256gcm@openssh.com,chacha20poly1305@openssh.com
•ssh.algorithms.hostkey: ssh-rsa,rsasha2-512,rsa-sha2-256,ecdsa-sha2nistp256,ssh-ed25519
•ssh.algorithms.kex: diffie-hellmangroup1-sha1,diffie-hellman-group14sha1,diffie-hellman-group-exchangesha1,diffie-hellman-group-exchangesha256,ecdh-sha2-nistp256,ecdhsha2-nistp384,ecdh-sha2nistp521,curve25519sha256@libssh.org
•ssh.algorithms.mac: hmac-sha1,hmacsha2-256,hmac-sha2-512
•ssh.banner: SSH-2.0•ssh.hostkey.ecdsa.bits: 256
•ssh.hostkey.ecdsa.fingerprint:
c2:44:b7:63:ec:23:22:79:5c:e3:a5:f0:a
0:61:f4:4e
•ssh.hostkey.ed25519.bits: 256
•ssh.hostkey.ed25519.fingerprint:
d8:0f:92:23:7d:36:c5:a1:e0:8e:20:af:e9
:3a:9d:18
•ssh.hostkey.rsa.bits: 2048
•ssh.hostkey.rsa.fingerprint:
Page 180
Audit Report
Device
Protocol
Port
Vulnerabilities
Additional Information
e8:b8:93:93:28:ea:93:88:04:a1:3f:98:0
e:ae:89:93
•ssh.hostkey.type:
RSA,ECDSA,ED25519
•ssh.protocol.version: 2.0
10.220.251.28
tcp
22
1
•ssh.algorithms.compression:
none,zlib@openssh.com
•ssh.algorithms.encryption: aes128ctr,aes192-ctr,aes256-ctr,aes128gcm@openssh.com,aes256gcm@openssh.com,chacha20poly1305@openssh.com
•ssh.algorithms.hostkey: ssh-rsa,rsasha2-512,rsa-sha2-256,ecdsa-sha2nistp256,ssh-ed25519
•ssh.algorithms.kex: diffie-hellmangroup1-sha1,diffie-hellman-group14sha1,diffie-hellman-group-exchangesha1,diffie-hellman-group-exchangesha256,ecdh-sha2-nistp256,ecdhsha2-nistp384,ecdh-sha2nistp521,curve25519sha256@libssh.org
•ssh.algorithms.mac: hmac-sha1,hmacsha2-256,hmac-sha2-512
•ssh.banner: SSH-2.0•ssh.hostkey.ecdsa.bits: 256
•ssh.hostkey.ecdsa.fingerprint:
c2:44:b7:63:ec:23:22:79:5c:e3:a5:f0:a
0:61:f4:4e
•ssh.hostkey.ed25519.bits: 256
•ssh.hostkey.ed25519.fingerprint:
d8:0f:92:23:7d:36:c5:a1:e0:8e:20:af:e9
:3a:9d:18
•ssh.hostkey.rsa.bits: 2048
•ssh.hostkey.rsa.fingerprint:
e8:b8:93:93:28:ea:93:88:04:a1:3f:98:0
e:ae:89:93
•ssh.hostkey.type:
Page 181
Audit Report
Device
Protocol
Port
Vulnerabilities
Additional Information
RSA,ECDSA,ED25519
•ssh.protocol.version: 2.0
10.220.251.29
tcp
22
1
•ssh.algorithms.compression:
none,zlib@openssh.com
•ssh.algorithms.encryption: aes128ctr,aes192-ctr,aes256-ctr,aes128gcm@openssh.com,aes256gcm@openssh.com,chacha20poly1305@openssh.com
•ssh.algorithms.hostkey: ssh-rsa,rsasha2-512,rsa-sha2-256,ecdsa-sha2nistp256,ssh-ed25519
•ssh.algorithms.kex: diffie-hellmangroup1-sha1,diffie-hellman-group14sha1,diffie-hellman-group-exchangesha1,diffie-hellman-group-exchangesha256,ecdh-sha2-nistp256,ecdhsha2-nistp384,ecdh-sha2nistp521,curve25519sha256@libssh.org
•ssh.algorithms.mac: hmac-sha1,hmacsha2-256,hmac-sha2-512
•ssh.banner: SSH-2.0•ssh.hostkey.ecdsa.bits: 256
•ssh.hostkey.ecdsa.fingerprint:
c2:44:b7:63:ec:23:22:79:5c:e3:a5:f0:a
0:61:f4:4e
•ssh.hostkey.ed25519.bits: 256
•ssh.hostkey.ed25519.fingerprint:
d8:0f:92:23:7d:36:c5:a1:e0:8e:20:af:e9
:3a:9d:18
•ssh.hostkey.rsa.bits: 2048
•ssh.hostkey.rsa.fingerprint:
e8:b8:93:93:28:ea:93:88:04:a1:3f:98:0
e:ae:89:93
•ssh.hostkey.type:
RSA,ECDSA,ED25519
•ssh.protocol.version: 2.0
10.220.251.30
tcp
22
1
•ssh.algorithms.compression:
Page 182
Audit Report
Device
Protocol
Port
Vulnerabilities
Additional Information
none,zlib@openssh.com
•ssh.algorithms.encryption: aes128ctr,aes192-ctr,aes256-ctr,aes128gcm@openssh.com,aes256gcm@openssh.com,chacha20poly1305@openssh.com
•ssh.algorithms.hostkey: ssh-rsa,rsasha2-512,rsa-sha2-256,ecdsa-sha2nistp256,ssh-ed25519
•ssh.algorithms.kex: diffie-hellmangroup1-sha1,diffie-hellman-group14sha1,diffie-hellman-group-exchangesha1,diffie-hellman-group-exchangesha256,ecdh-sha2-nistp256,ecdhsha2-nistp384,ecdh-sha2nistp521,curve25519sha256@libssh.org
•ssh.algorithms.mac: hmac-sha1,hmacsha2-256,hmac-sha2-512
•ssh.banner: SSH-2.0•ssh.hostkey.ecdsa.bits: 256
•ssh.hostkey.ecdsa.fingerprint:
c2:44:b7:63:ec:23:22:79:5c:e3:a5:f0:a
0:61:f4:4e
•ssh.hostkey.ed25519.bits: 256
•ssh.hostkey.ed25519.fingerprint:
d8:0f:92:23:7d:36:c5:a1:e0:8e:20:af:e9
:3a:9d:18
•ssh.hostkey.rsa.bits: 2048
•ssh.hostkey.rsa.fingerprint:
e8:b8:93:93:28:ea:93:88:04:a1:3f:98:0
e:ae:89:93
•ssh.hostkey.type:
RSA,ECDSA,ED25519
•ssh.protocol.version: 2.0
10.220.251.31
tcp
22
1
•ssh.algorithms.compression:
none,zlib@openssh.com
•ssh.algorithms.encryption: aes128ctr,aes192-ctr,aes256-ctr,aes128-
Page 183
Audit Report
Device
Protocol
Port
Vulnerabilities
Additional Information
gcm@openssh.com,aes256gcm@openssh.com,chacha20poly1305@openssh.com
•ssh.algorithms.hostkey: ssh-rsa,rsasha2-512,rsa-sha2-256,ecdsa-sha2nistp256,ssh-ed25519
•ssh.algorithms.kex: diffie-hellmangroup1-sha1,diffie-hellman-group14sha1,diffie-hellman-group-exchangesha1,diffie-hellman-group-exchangesha256,ecdh-sha2-nistp256,ecdhsha2-nistp384,ecdh-sha2nistp521,curve25519sha256@libssh.org
•ssh.algorithms.mac: hmac-sha1,hmacsha2-256,hmac-sha2-512
•ssh.banner: SSH-2.0•ssh.hostkey.ecdsa.bits: 256
•ssh.hostkey.ecdsa.fingerprint:
c2:44:b7:63:ec:23:22:79:5c:e3:a5:f0:a
0:61:f4:4e
•ssh.hostkey.ed25519.bits: 256
•ssh.hostkey.ed25519.fingerprint:
d8:0f:92:23:7d:36:c5:a1:e0:8e:20:af:e9
:3a:9d:18
•ssh.hostkey.rsa.bits: 2048
•ssh.hostkey.rsa.fingerprint:
e8:b8:93:93:28:ea:93:88:04:a1:3f:98:0
e:ae:89:93
•ssh.hostkey.type:
RSA,ECDSA,ED25519
•ssh.protocol.version: 2.0
10.220.251.32
tcp
22
1
•ssh.algorithms.compression:
none,zlib@openssh.com
•ssh.algorithms.encryption: aes128ctr,aes192-ctr,aes256-ctr,aes128gcm@openssh.com,aes256gcm@openssh.com,chacha20poly1305@openssh.com
Page 184
Audit Report
Device
Protocol
Port
Vulnerabilities
Additional Information
•ssh.algorithms.hostkey: ssh-rsa,rsasha2-512,rsa-sha2-256,ecdsa-sha2nistp256,ssh-ed25519
•ssh.algorithms.kex: diffie-hellmangroup1-sha1,diffie-hellman-group14sha1,diffie-hellman-group-exchangesha1,diffie-hellman-group-exchangesha256,ecdh-sha2-nistp256,ecdhsha2-nistp384,ecdh-sha2nistp521,curve25519sha256@libssh.org
•ssh.algorithms.mac: hmac-sha1,hmacsha2-256,hmac-sha2-512
•ssh.banner: SSH-2.0•ssh.hostkey.ecdsa.bits: 256
•ssh.hostkey.ecdsa.fingerprint:
c2:44:b7:63:ec:23:22:79:5c:e3:a5:f0:a
0:61:f4:4e
•ssh.hostkey.ed25519.bits: 256
•ssh.hostkey.ed25519.fingerprint:
d8:0f:92:23:7d:36:c5:a1:e0:8e:20:af:e9
:3a:9d:18
•ssh.hostkey.type: ECDSA,ED25519
•ssh.protocol.version: 2.0
10.220.251.33
tcp
22
1
•OpenBSD OpenSSH 7.2
•ssh.algorithms.compression:
none,zlib@openssh.com
•ssh.algorithms.encryption: aes128ctr,aes192-ctr,aes256-ctr,aes256-cbc
•ssh.algorithms.hostkey: ssh-rsa,rsasha2-512,rsa-sha2-256,ecdsa-sha2nistp256,ssh-ed25519
•ssh.algorithms.kex: curve25519sha256@libssh.org,ecdh-sha2nistp256,ecdh-sha2-nistp384,ecdhsha2-nistp521,diffie-hellman-groupexchange-sha256,diffie-hellmangroup14-sha1
•ssh.algorithms.mac: hmac-sha1,hmac-
Page 185
Audit Report
Device
Protocol
Port
Vulnerabilities
Additional Information
sha2-256,hmac-sha2-512
•ssh.banner: SSH-2.0-OpenSSH_7.2
•ssh.hostkey.ecdsa.bits: 256
•ssh.hostkey.ecdsa.fingerprint:
02:9d:59:e2:3a:f8:3d:35:41:d3:ca:13:6
2:cf:86:f2
•ssh.hostkey.ed25519.bits: 256
•ssh.hostkey.ed25519.fingerprint:
80:fa:5f:84:17:16:12:03:83:5a:4d:69:1
e:70:7c:18
•ssh.hostkey.rsa.bits: 2048
•ssh.hostkey.rsa.fingerprint:
90:09:1b:72:9e:ee:4b:b8:40:b6:29:0a:
85:e6:9f:a1
•ssh.hostkey.type:
RSA,ECDSA,ED25519
•ssh.protocol.version: 2.0
10.220.251.34
tcp
22
1
•OpenBSD OpenSSH 7.2
•ssh.algorithms.compression:
none,zlib@openssh.com
•ssh.algorithms.encryption: aes128ctr,aes192-ctr,aes256-ctr,aes256-cbc
•ssh.algorithms.hostkey: ssh-rsa,rsasha2-512,rsa-sha2-256,ecdsa-sha2nistp256,ssh-ed25519
•ssh.algorithms.kex: curve25519sha256@libssh.org,ecdh-sha2nistp256,ecdh-sha2-nistp384,ecdhsha2-nistp521,diffie-hellman-groupexchange-sha256,diffie-hellmangroup14-sha1
•ssh.algorithms.mac: hmac-sha1,hmacsha2-256,hmac-sha2-512
•ssh.banner: SSH-2.0-OpenSSH_7.2
•ssh.hostkey.ecdsa.bits: 256
•ssh.hostkey.ecdsa.fingerprint:
02:9d:59:e2:3a:f8:3d:35:41:d3:ca:13:6
2:cf:86:f2
•ssh.hostkey.ed25519.bits: 256
Page 186
Audit Report
Device
Protocol
Port
Vulnerabilities
Additional Information
•ssh.hostkey.ed25519.fingerprint:
80:fa:5f:84:17:16:12:03:83:5a:4d:69:1
e:70:7c:18
•ssh.hostkey.rsa.bits: 2048
•ssh.hostkey.rsa.fingerprint:
90:09:1b:72:9e:ee:4b:b8:40:b6:29:0a:
85:e6:9f:a1
•ssh.hostkey.type:
RSA,ECDSA,ED25519
•ssh.protocol.version: 2.0
10.220.251.35
tcp
22
1
•OpenBSD OpenSSH 7.2
•ssh.algorithms.compression:
none,zlib@openssh.com
•ssh.algorithms.encryption: aes128ctr,aes192-ctr,aes256-ctr,aes256-cbc
•ssh.algorithms.hostkey: ssh-rsa,rsasha2-512,rsa-sha2-256,ecdsa-sha2nistp256,ssh-ed25519
•ssh.algorithms.kex: curve25519sha256@libssh.org,ecdh-sha2nistp256,ecdh-sha2-nistp384,ecdhsha2-nistp521,diffie-hellman-groupexchange-sha256,diffie-hellmangroup14-sha1
•ssh.algorithms.mac: hmac-sha1,hmacsha2-256,hmac-sha2-512
•ssh.banner: SSH-2.0-OpenSSH_7.2
•ssh.hostkey.ecdsa.bits: 256
•ssh.hostkey.ecdsa.fingerprint:
02:9d:59:e2:3a:f8:3d:35:41:d3:ca:13:6
2:cf:86:f2
•ssh.hostkey.ed25519.bits: 256
•ssh.hostkey.ed25519.fingerprint:
80:fa:5f:84:17:16:12:03:83:5a:4d:69:1
e:70:7c:18
•ssh.hostkey.rsa.bits: 2048
•ssh.hostkey.rsa.fingerprint:
90:09:1b:72:9e:ee:4b:b8:40:b6:29:0a:
85:e6:9f:a1
Page 187
Audit Report
Device
Protocol
Port
Vulnerabilities
Additional Information
•ssh.hostkey.type:
RSA,ECDSA,ED25519
•ssh.protocol.version: 2.0
10.220.251.36
tcp
22
1
•OpenBSD OpenSSH 7.2
•ssh.algorithms.compression:
none,zlib@openssh.com
•ssh.algorithms.encryption: aes128ctr,aes192-ctr,aes256-ctr,aes256-cbc
•ssh.algorithms.hostkey: ssh-rsa,rsasha2-512,rsa-sha2-256,sshdss,ecdsa-sha2-nistp256,ssh-ed25519
•ssh.algorithms.kex: curve25519sha256@libssh.org,ecdh-sha2nistp256,ecdh-sha2-nistp384,ecdhsha2-nistp521,diffie-hellman-groupexchange-sha256,diffie-hellmangroup14-sha1
•ssh.algorithms.mac: umac-64etm@openssh.com,umac-128etm@openssh.com,hmac-sha2-256etm@openssh.com,hmac-sha2-512etm@openssh.com,hmac-sha1etm@openssh.com,umac64@openssh.com,umac128@openssh.com,hmac-sha2256,hmac-sha2-512,hmac-sha1
•ssh.banner: SSH-2.0-OpenSSH_7.2
•ssh.hostkey.dsa.bits: 1024
•ssh.hostkey.dsa.fingerprint:
96:a9:fa:4d:52:83:15:6a:15:45:74:a0:9
6:25:f2:80
•ssh.hostkey.ecdsa.bits: 256
•ssh.hostkey.ecdsa.fingerprint:
b0:06:8c:4c:07:d1:e2:67:43:87:41:b5:c
a:02:12:39
•ssh.hostkey.ed25519.bits: 256
•ssh.hostkey.ed25519.fingerprint:
48:09:94:36:e8:db:55:18:d2:d5:17:cc:0
d:2d:dd:01
Page 188
Audit Report
Device
Protocol
Port
Vulnerabilities
Additional Information
•ssh.hostkey.rsa.bits: 2048
•ssh.hostkey.rsa.fingerprint:
fd:3d:31:ca:96:10:72:e8:59:c1:b9:5b:e
7:cd:86:5f
•ssh.hostkey.type:
DSA,RSA,ECDSA,ED25519
•ssh.protocol.version: 2.0
10.220.251.37
tcp
22
1
•OpenBSD OpenSSH 7.2
•ssh.algorithms.compression:
none,zlib@openssh.com
•ssh.algorithms.encryption: aes128ctr,aes192-ctr,aes256-ctr,aes256-cbc
•ssh.algorithms.hostkey: ssh-rsa,rsasha2-512,rsa-sha2-256,ecdsa-sha2nistp256,ssh-ed25519
•ssh.algorithms.kex: curve25519sha256@libssh.org,ecdh-sha2nistp256,ecdh-sha2-nistp384,ecdhsha2-nistp521,diffie-hellman-groupexchange-sha256,diffie-hellmangroup14-sha1
•ssh.algorithms.mac: hmac-sha1,hmacsha2-256,hmac-sha2-512
•ssh.banner: SSH-2.0-OpenSSH_7.2
•ssh.hostkey.ecdsa.bits: 256
•ssh.hostkey.ecdsa.fingerprint:
02:9d:59:e2:3a:f8:3d:35:41:d3:ca:13:6
2:cf:86:f2
•ssh.hostkey.ed25519.bits: 256
•ssh.hostkey.ed25519.fingerprint:
80:fa:5f:84:17:16:12:03:83:5a:4d:69:1
e:70:7c:18
•ssh.hostkey.rsa.bits: 2048
•ssh.hostkey.rsa.fingerprint:
90:09:1b:72:9e:ee:4b:b8:40:b6:29:0a:
85:e6:9f:a1
•ssh.hostkey.type:
RSA,ECDSA,ED25519
•ssh.protocol.version: 2.0
Page 189
Audit Report
Device
Protocol
Port
Vulnerabilities
Additional Information
10.220.251.38
tcp
22
1
•OpenBSD OpenSSH 7.2
•ssh.algorithms.compression:
none,zlib@openssh.com
•ssh.algorithms.encryption: aes128ctr,aes192-ctr,aes256-ctr,aes256-cbc
•ssh.algorithms.hostkey: ssh-rsa,rsasha2-512,rsa-sha2-256,ecdsa-sha2nistp256,ssh-ed25519
•ssh.algorithms.kex: curve25519sha256@libssh.org,ecdh-sha2nistp256,ecdh-sha2-nistp384,ecdhsha2-nistp521,diffie-hellman-groupexchange-sha256,diffie-hellmangroup14-sha1
•ssh.algorithms.mac: hmac-sha1,hmacsha2-256,hmac-sha2-512
•ssh.banner: SSH-2.0-OpenSSH_7.2
•ssh.hostkey.ecdsa.bits: 256
•ssh.hostkey.ecdsa.fingerprint:
02:9d:59:e2:3a:f8:3d:35:41:d3:ca:13:6
2:cf:86:f2
•ssh.hostkey.ed25519.bits: 256
•ssh.hostkey.ed25519.fingerprint:
80:fa:5f:84:17:16:12:03:83:5a:4d:69:1
e:70:7c:18
•ssh.hostkey.rsa.bits: 2048
•ssh.hostkey.rsa.fingerprint:
90:09:1b:72:9e:ee:4b:b8:40:b6:29:0a:
85:e6:9f:a1
•ssh.hostkey.type:
RSA,ECDSA,ED25519
•ssh.protocol.version: 2.0
10.220.251.41
tcp
22
1
•OpenBSD OpenSSH 7.2
•ssh.algorithms.compression:
none,zlib@openssh.com
•ssh.algorithms.encryption: aes128ctr,aes192-ctr,aes256-ctr,aes256-cbc
•ssh.algorithms.hostkey: ssh-rsa,rsasha2-512,rsa-sha2-256,ecdsa-sha2-
Page 190
Audit Report
Device
Protocol
Port
Vulnerabilities
Additional Information
nistp256,ssh-ed25519
•ssh.algorithms.kex: curve25519sha256@libssh.org,ecdh-sha2nistp256,ecdh-sha2-nistp384,ecdhsha2-nistp521,diffie-hellman-groupexchange-sha256,diffie-hellmangroup14-sha1
•ssh.algorithms.mac: hmac-sha1,hmacsha2-256,hmac-sha2-512
•ssh.banner: SSH-2.0-OpenSSH_7.2
•ssh.hostkey.ecdsa.bits: 256
•ssh.hostkey.ecdsa.fingerprint:
02:9d:59:e2:3a:f8:3d:35:41:d3:ca:13:6
2:cf:86:f2
•ssh.hostkey.ed25519.bits: 256
•ssh.hostkey.ed25519.fingerprint:
80:fa:5f:84:17:16:12:03:83:5a:4d:69:1
e:70:7c:18
•ssh.hostkey.rsa.bits: 2048
•ssh.hostkey.rsa.fingerprint:
90:09:1b:72:9e:ee:4b:b8:40:b6:29:0a:
85:e6:9f:a1
•ssh.hostkey.type:
RSA,ECDSA,ED25519
•ssh.protocol.version: 2.0
10.220.251.45
tcp
22
1
•OpenBSD OpenSSH 7.2
•ssh.algorithms.compression:
none,zlib@openssh.com
•ssh.algorithms.encryption: aes128ctr,aes192-ctr,aes256-ctr,aes256-cbc
•ssh.algorithms.hostkey: ssh-rsa,rsasha2-512,rsa-sha2-256,ecdsa-sha2nistp256,ssh-ed25519
•ssh.algorithms.kex: curve25519sha256@libssh.org,ecdh-sha2nistp256,ecdh-sha2-nistp384,ecdhsha2-nistp521,diffie-hellman-groupexchange-sha256,diffie-hellmangroup14-sha1
Page 191
Audit Report
Device
Protocol
Port
Vulnerabilities
Additional Information
•ssh.algorithms.mac: hmac-sha1,hmacsha2-256,hmac-sha2-512
•ssh.banner: SSH-2.0-OpenSSH_7.2
•ssh.hostkey.ecdsa.bits: 256
•ssh.hostkey.ecdsa.fingerprint:
02:9d:59:e2:3a:f8:3d:35:41:d3:ca:13:6
2:cf:86:f2
•ssh.hostkey.ed25519.bits: 256
•ssh.hostkey.ed25519.fingerprint:
80:fa:5f:84:17:16:12:03:83:5a:4d:69:1
e:70:7c:18
•ssh.hostkey.rsa.bits: 2048
•ssh.hostkey.rsa.fingerprint:
90:09:1b:72:9e:ee:4b:b8:40:b6:29:0a:
85:e6:9f:a1
•ssh.hostkey.type:
RSA,ECDSA,ED25519
•ssh.protocol.version: 2.0
10.220.251.48
tcp
22
0
•OpenBSD OpenSSH 7.2
•ssh.algorithms.compression:
none,zlib@openssh.com
•ssh.algorithms.encryption: chacha20poly1305@openssh.com,aes128ctr,aes192-ctr,aes256-ctr,aes128gcm@openssh.com,aes256gcm@openssh.com
•ssh.algorithms.hostkey: sshdss,ecdsa-sha2-nistp256,ssh-ed25519
•ssh.algorithms.kex: curve25519sha256@libssh.org,ecdh-sha2nistp256,ecdh-sha2-nistp384,ecdhsha2-nistp521,diffie-hellman-groupexchange-sha256,diffie-hellmangroup14-sha1
•ssh.algorithms.mac: umac-64etm@openssh.com,umac-128etm@openssh.com,hmac-sha2-256etm@openssh.com,hmac-sha2-512etm@openssh.com,hmac-sha1-
Page 192
Audit Report
Device
Protocol
Port
Vulnerabilities
Additional Information
etm@openssh.com,umac64@openssh.com,umac128@openssh.com,hmac-sha2256,hmac-sha2-512,hmac-sha1
•ssh.banner: SSH-2.0-OpenSSH_7.2
•ssh.hostkey.dsa.bits: 1024
•ssh.hostkey.dsa.fingerprint:
cc:ef:50:e6:5d:3e:0b:3b:2f:9e:f4:4d:94:
80:25:7e
•ssh.hostkey.ecdsa.bits: 256
•ssh.hostkey.ecdsa.fingerprint:
02:e4:c4:6d:fe:f4:ff:4a:73:72:88:fc:6f:5
1:60:ea
•ssh.hostkey.ed25519.bits: 256
•ssh.hostkey.ed25519.fingerprint:
a8:36:11:84:96:f5:e4:f3:d6:16:50:55:f5
:d9:de:7a
•ssh.hostkey.type:
DSA,ECDSA,ED25519
•ssh.protocol.version: 2.0
10.220.251.49
tcp
22
0
•OpenBSD OpenSSH 7.2
•ssh.algorithms.compression:
none,zlib@openssh.com
•ssh.algorithms.encryption: chacha20poly1305@openssh.com,aes128ctr,aes192-ctr,aes256-ctr,aes128gcm@openssh.com,aes256gcm@openssh.com
•ssh.algorithms.hostkey: sshdss,ecdsa-sha2-nistp256,ssh-ed25519
•ssh.algorithms.kex: curve25519sha256@libssh.org,ecdh-sha2nistp256,ecdh-sha2-nistp384,ecdhsha2-nistp521,diffie-hellman-groupexchange-sha256,diffie-hellmangroup14-sha1
•ssh.algorithms.mac: umac-64etm@openssh.com,umac-128etm@openssh.com,hmac-sha2-256-
Page 193
Audit Report
Device
Protocol
Port
Vulnerabilities
Additional Information
etm@openssh.com,hmac-sha2-512etm@openssh.com,hmac-sha1etm@openssh.com,umac64@openssh.com,umac128@openssh.com,hmac-sha2256,hmac-sha2-512,hmac-sha1
•ssh.banner: SSH-2.0-OpenSSH_7.2
•ssh.hostkey.dsa.bits: 1024
•ssh.hostkey.dsa.fingerprint:
db:e9:f7:e9:81:da:48:31:4d:22:4b:d7:7
c:97:69:2b
•ssh.hostkey.ecdsa.bits: 256
•ssh.hostkey.ecdsa.fingerprint:
30:c4:df:fe:ac:c5:93:39:c7:1c:74:d9:9d
:86:7f:b6
•ssh.hostkey.ed25519.bits: 256
•ssh.hostkey.ed25519.fingerprint:
ff:c1:01:4b:b1:74:fe:7c:21:b9:fd:df:12:7
d:4e:f1
•ssh.hostkey.type:
DSA,ECDSA,ED25519
•ssh.protocol.version: 2.0
10.220.251.50
tcp
22
0
•OpenBSD OpenSSH 7.2
•ssh.algorithms.compression:
none,zlib@openssh.com
•ssh.algorithms.encryption: chacha20poly1305@openssh.com,aes128ctr,aes192-ctr,aes256-ctr,aes128gcm@openssh.com,aes256gcm@openssh.com
•ssh.algorithms.hostkey: sshdss,ecdsa-sha2-nistp256,ssh-ed25519
•ssh.algorithms.kex: curve25519sha256@libssh.org,ecdh-sha2nistp256,ecdh-sha2-nistp384,ecdhsha2-nistp521,diffie-hellman-groupexchange-sha256,diffie-hellmangroup14-sha1
•ssh.algorithms.mac: umac-64-
Page 194
Audit Report
Device
Protocol
Port
Vulnerabilities
Additional Information
etm@openssh.com,umac-128etm@openssh.com,hmac-sha2-256etm@openssh.com,hmac-sha2-512etm@openssh.com,hmac-sha1etm@openssh.com,umac64@openssh.com,umac128@openssh.com,hmac-sha2256,hmac-sha2-512,hmac-sha1
•ssh.banner: SSH-2.0-OpenSSH_7.2
•ssh.hostkey.dsa.bits: 1024
•ssh.hostkey.dsa.fingerprint:
cc:ef:50:e6:5d:3e:0b:3b:2f:9e:f4:4d:94:
80:25:7e
•ssh.hostkey.ecdsa.bits: 256
•ssh.hostkey.ecdsa.fingerprint:
02:e4:c4:6d:fe:f4:ff:4a:73:72:88:fc:6f:5
1:60:ea
•ssh.hostkey.ed25519.bits: 256
•ssh.hostkey.ed25519.fingerprint:
a8:36:11:84:96:f5:e4:f3:d6:16:50:55:f5
:d9:de:7a
•ssh.hostkey.type:
DSA,ECDSA,ED25519
•ssh.protocol.version: 2.0
10.220.251.51
tcp
22
0
•OpenBSD OpenSSH 7.2
•ssh.algorithms.compression:
none,zlib@openssh.com
•ssh.algorithms.encryption: chacha20poly1305@openssh.com,aes128ctr,aes192-ctr,aes256-ctr,aes128gcm@openssh.com,aes256gcm@openssh.com
•ssh.algorithms.hostkey: ssh-rsa,rsasha2-512,rsa-sha2-256,sshdss,ecdsa-sha2-nistp256,ssh-ed25519
•ssh.algorithms.kex: curve25519sha256@libssh.org,ecdh-sha2nistp256,ecdh-sha2-nistp384,ecdhsha2-nistp521,diffie-hellman-group-
Page 195
Audit Report
Device
Protocol
Port
Vulnerabilities
Additional Information
exchange-sha256,diffie-hellmangroup14-sha1
•ssh.algorithms.mac: umac-64etm@openssh.com,umac-128etm@openssh.com,hmac-sha2-256etm@openssh.com,hmac-sha2-512etm@openssh.com,hmac-sha1etm@openssh.com,umac64@openssh.com,umac128@openssh.com,hmac-sha2256,hmac-sha2-512,hmac-sha1
•ssh.banner: SSH-2.0-OpenSSH_7.2
•ssh.hostkey.dsa.bits: 1024
•ssh.hostkey.dsa.fingerprint:
95:c2:3c:bb:cf:6a:eb:e9:01:0c:75:3b:9
c:9a:41:d2
•ssh.hostkey.ecdsa.bits: 256
•ssh.hostkey.ecdsa.fingerprint:
fc:cf:67:71:0c:89:7a:ec:86:1d:cf:c3:2d:f
8:38:16
•ssh.hostkey.ed25519.bits: 256
•ssh.hostkey.ed25519.fingerprint:
0c:f4:12:25:b8:91:3f:ca:f9:3f:16:91:73:
0b:14:91
•ssh.hostkey.rsa.bits: 2048
•ssh.hostkey.rsa.fingerprint:
8b:61:22:19:3e:06:89:cd:f7:74:b7:fd:f7:
6d:78:e6
•ssh.hostkey.type:
DSA,RSA,ECDSA,ED25519
•ssh.protocol.version: 2.0
10.220.251.52
tcp
22
0
•OpenBSD OpenSSH 7.2
•ssh.algorithms.compression:
none,zlib@openssh.com
•ssh.algorithms.encryption: chacha20poly1305@openssh.com,aes128ctr,aes192-ctr,aes256-ctr,aes128gcm@openssh.com,aes256gcm@openssh.com
Page 196
Audit Report
Device
Protocol
Port
Vulnerabilities
Additional Information
•ssh.algorithms.hostkey: ssh-rsa,rsasha2-512,rsa-sha2-256,sshdss,ecdsa-sha2-nistp256,ssh-ed25519
•ssh.algorithms.kex: curve25519sha256@libssh.org,ecdh-sha2nistp256,ecdh-sha2-nistp384,ecdhsha2-nistp521,diffie-hellman-groupexchange-sha256,diffie-hellmangroup14-sha1
•ssh.algorithms.mac: umac-64etm@openssh.com,umac-128etm@openssh.com,hmac-sha2-256etm@openssh.com,hmac-sha2-512etm@openssh.com,hmac-sha1etm@openssh.com,umac64@openssh.com,umac128@openssh.com,hmac-sha2256,hmac-sha2-512,hmac-sha1
•ssh.banner: SSH-2.0-OpenSSH_7.2
•ssh.hostkey.dsa.bits: 1024
•ssh.hostkey.dsa.fingerprint:
b3:d3:d3:d2:12:16:7d:0b:03:47:6a:7b:f
6:c7:d0:a4
•ssh.hostkey.ecdsa.bits: 256
•ssh.hostkey.ecdsa.fingerprint:
5c:e3:99:77:2a:e3:19:5f:5d:ea:06:b2:e
3:ca:92:57
•ssh.hostkey.ed25519.bits: 256
•ssh.hostkey.ed25519.fingerprint:
76:58:98:0a:28:a3:97:46:0d:f0:01:d6:f
0:23:c8:3f
•ssh.hostkey.rsa.bits: 2048
•ssh.hostkey.rsa.fingerprint:
b9:e2:ff:1b:61:6b:01:4a:d8:a5:ad:f7:6e
:27:0b:12
•ssh.hostkey.type:
DSA,RSA,ECDSA,ED25519
•ssh.protocol.version: 2.0
10.220.251.53
tcp
22
0
•OpenBSD OpenSSH 7.2
Page 197
Audit Report
Device
Protocol
Port
Vulnerabilities
Additional Information
•ssh.algorithms.compression:
none,zlib@openssh.com
•ssh.algorithms.encryption: chacha20poly1305@openssh.com,aes128ctr,aes192-ctr,aes256-ctr,aes128gcm@openssh.com,aes256gcm@openssh.com
•ssh.algorithms.hostkey: ssh-rsa,rsasha2-512,rsa-sha2-256,sshdss,ecdsa-sha2-nistp256,ssh-ed25519
•ssh.algorithms.kex: curve25519sha256@libssh.org,ecdh-sha2nistp256,ecdh-sha2-nistp384,ecdhsha2-nistp521,diffie-hellman-groupexchange-sha256,diffie-hellmangroup14-sha1
•ssh.algorithms.mac: umac-64etm@openssh.com,umac-128etm@openssh.com,hmac-sha2-256etm@openssh.com,hmac-sha2-512etm@openssh.com,hmac-sha1etm@openssh.com,umac64@openssh.com,umac128@openssh.com,hmac-sha2256,hmac-sha2-512,hmac-sha1
•ssh.banner: SSH-2.0-OpenSSH_7.2
•ssh.hostkey.dsa.bits: 1024
•ssh.hostkey.dsa.fingerprint:
b3:d3:d3:d2:12:16:7d:0b:03:47:6a:7b:f
6:c7:d0:a4
•ssh.hostkey.ecdsa.bits: 256
•ssh.hostkey.ecdsa.fingerprint:
5c:e3:99:77:2a:e3:19:5f:5d:ea:06:b2:e
3:ca:92:57
•ssh.hostkey.ed25519.bits: 256
•ssh.hostkey.ed25519.fingerprint:
76:58:98:0a:28:a3:97:46:0d:f0:01:d6:f
0:23:c8:3f
•ssh.hostkey.rsa.bits: 2048
•ssh.hostkey.rsa.fingerprint:
Page 198
Audit Report
Device
Protocol
Port
Vulnerabilities
Additional Information
b9:e2:ff:1b:61:6b:01:4a:d8:a5:ad:f7:6e
:27:0b:12
•ssh.hostkey.type:
DSA,RSA,ECDSA,ED25519
•ssh.protocol.version: 2.0
10.220.251.54
tcp
22
0
•OpenBSD OpenSSH 7.2
•ssh.algorithms.compression:
none,zlib@openssh.com
•ssh.algorithms.encryption: chacha20poly1305@openssh.com,aes128ctr,aes192-ctr,aes256-ctr,aes128gcm@openssh.com,aes256gcm@openssh.com
•ssh.algorithms.hostkey: ssh-rsa,rsasha2-512,rsa-sha2-256,sshdss,ecdsa-sha2-nistp256,ssh-ed25519
•ssh.algorithms.kex: curve25519sha256@libssh.org,ecdh-sha2nistp256,ecdh-sha2-nistp384,ecdhsha2-nistp521,diffie-hellman-groupexchange-sha256,diffie-hellmangroup14-sha1
•ssh.algorithms.mac: umac-64etm@openssh.com,umac-128etm@openssh.com,hmac-sha2-256etm@openssh.com,hmac-sha2-512etm@openssh.com,hmac-sha1etm@openssh.com,umac64@openssh.com,umac128@openssh.com,hmac-sha2256,hmac-sha2-512,hmac-sha1
•ssh.banner: SSH-2.0-OpenSSH_7.2
•ssh.hostkey.dsa.bits: 1024
•ssh.hostkey.dsa.fingerprint:
b5:8e:1b:97:9b:59:5d:ca:d9:cd:0a:15:f
8:d8:56:e5
•ssh.hostkey.ecdsa.bits: 256
•ssh.hostkey.ecdsa.fingerprint:
fc:f7:2d:02:03:eb:04:ce:6d:d4:c3:cc:33
Page 199
Audit Report
Device
Protocol
Port
Vulnerabilities
Additional Information
:bc:8d:34
•ssh.hostkey.ed25519.bits: 256
•ssh.hostkey.ed25519.fingerprint:
2f:ea:4f:84:62:74:5d:24:b3:52:3b:19:f8
:0e:5a:e9
•ssh.hostkey.rsa.bits: 2048
•ssh.hostkey.rsa.fingerprint:
ac:2d:a1:ce:fb:04:26:36:ed:96:a8:db:4
e:a0:fb:9c
•ssh.hostkey.type:
DSA,RSA,ECDSA,ED25519
•ssh.protocol.version: 2.0
10.220.251.56
tcp
22
0
•OpenBSD OpenSSH 7.2
•ssh.algorithms.compression:
none,zlib@openssh.com
•ssh.algorithms.encryption: chacha20poly1305@openssh.com,aes128ctr,aes192-ctr,aes256-ctr,aes128gcm@openssh.com,aes256gcm@openssh.com
•ssh.algorithms.hostkey: ssh-rsa,rsasha2-512,rsa-sha2-256,sshdss,ecdsa-sha2-nistp256,ssh-ed25519
•ssh.algorithms.kex: curve25519sha256@libssh.org,ecdh-sha2nistp256,ecdh-sha2-nistp384,ecdhsha2-nistp521,diffie-hellman-groupexchange-sha256,diffie-hellmangroup14-sha1
•ssh.algorithms.mac: umac-64etm@openssh.com,umac-128etm@openssh.com,hmac-sha2-256etm@openssh.com,hmac-sha2-512etm@openssh.com,hmac-sha1etm@openssh.com,umac64@openssh.com,umac128@openssh.com,hmac-sha2256,hmac-sha2-512,hmac-sha1
•ssh.banner: SSH-2.0-OpenSSH_7.2
Page 200
Audit Report
Device
Protocol
Port
Vulnerabilities
Additional Information
•ssh.hostkey.dsa.bits: 1024
•ssh.hostkey.dsa.fingerprint:
b5:8e:1b:97:9b:59:5d:ca:d9:cd:0a:15:f
8:d8:56:e5
•ssh.hostkey.ecdsa.bits: 256
•ssh.hostkey.ecdsa.fingerprint:
fc:f7:2d:02:03:eb:04:ce:6d:d4:c3:cc:33
:bc:8d:34
•ssh.hostkey.ed25519.bits: 256
•ssh.hostkey.ed25519.fingerprint:
2f:ea:4f:84:62:74:5d:24:b3:52:3b:19:f8
:0e:5a:e9
•ssh.hostkey.rsa.bits: 2048
•ssh.hostkey.rsa.fingerprint:
ac:2d:a1:ce:fb:04:26:36:ed:96:a8:db:4
e:a0:fb:9c
•ssh.hostkey.type:
DSA,RSA,ECDSA,ED25519
•ssh.protocol.version: 2.0
10.220.251.57
tcp
22
1
•OpenBSD OpenSSH 7.2
•ssh.algorithms.compression:
none,zlib@openssh.com
•ssh.algorithms.encryption: aes128ctr,aes192-ctr,aes256-ctr,aes256-cbc
•ssh.algorithms.hostkey: ecdsa-sha2nistp256,ssh-ed25519,ssh-rsa,rsasha2-512,rsa-sha2-256
•ssh.algorithms.kex: curve25519sha256@libssh.org,ecdh-sha2nistp256,ecdh-sha2-nistp384,ecdhsha2-nistp521,diffie-hellman-groupexchange-sha256,diffie-hellmangroup14-sha1
•ssh.algorithms.mac: hmac-sha1,hmacsha2-256,hmac-sha2-512
•ssh.banner: SSH-2.0-OpenSSH_7.2
•ssh.hostkey.ecdsa.bits: 256
•ssh.hostkey.ecdsa.fingerprint:
cf:b4:88:d8:e2:ae:a8:fd:70:1f:06:83:dc:
Page 201
Audit Report
Device
Protocol
Port
Vulnerabilities
Additional Information
12:6e:24
•ssh.hostkey.ed25519.bits: 256
•ssh.hostkey.ed25519.fingerprint:
c7:86:2f:14:01:de:75:80:41:e4:60:d7:6
5:2e:7d:97
•ssh.hostkey.rsa.bits: 2048
•ssh.hostkey.rsa.fingerprint:
e7:55:c4:b8:6d:17:2a:14:e6:f2:bc:3c:fd
:c4:91:47
•ssh.hostkey.type:
RSA,ECDSA,ED25519
•ssh.protocol.version: 2.0
10.220.251.58
tcp
22
1
•OpenBSD OpenSSH 7.2
•ssh.algorithms.compression:
none,zlib@openssh.com
•ssh.algorithms.encryption: aes128ctr,aes192-ctr,aes256-ctr,aes256-cbc
•ssh.algorithms.hostkey: ssh-rsa,rsasha2-512,rsa-sha2-256,sshdss,ecdsa-sha2-nistp256,ssh-ed25519
•ssh.algorithms.kex: curve25519sha256@libssh.org,ecdh-sha2nistp256,ecdh-sha2-nistp384,ecdhsha2-nistp521,diffie-hellman-groupexchange-sha256,diffie-hellmangroup14-sha1
•ssh.algorithms.mac: umac-64etm@openssh.com,umac-128etm@openssh.com,hmac-sha2-256etm@openssh.com,hmac-sha2-512etm@openssh.com,hmac-sha1etm@openssh.com,umac64@openssh.com,umac128@openssh.com,hmac-sha2256,hmac-sha2-512,hmac-sha1
•ssh.banner: SSH-2.0-OpenSSH_7.2
•ssh.hostkey.dsa.bits: 1024
•ssh.hostkey.dsa.fingerprint:
44:6f:3b:5f:0a:55:f5:92:82:6d:50:03:d2
Page 202
Audit Report
Device
Protocol
Port
Vulnerabilities
Additional Information
:00:60:1c
•ssh.hostkey.ecdsa.bits: 256
•ssh.hostkey.ecdsa.fingerprint:
7a:04:c9:74:e0:0d:0a:fa:b2:a1:66:63:3
e:ff:d7:35
•ssh.hostkey.ed25519.bits: 256
•ssh.hostkey.ed25519.fingerprint:
aa:fb:32:0e:fb:ce:0d:22:d4:89:88:27:2c
:48:0d:43
•ssh.hostkey.rsa.bits: 2048
•ssh.hostkey.rsa.fingerprint:
99:00:dc:c4:fd:83:72:01:90:50:0d:cb:a
c:f2:f9:2d
•ssh.hostkey.type:
DSA,RSA,ECDSA,ED25519
•ssh.protocol.version: 2.0
10.220.251.59
tcp
22
1
•OpenBSD OpenSSH 7.2
•ssh.algorithms.compression:
none,zlib@openssh.com
•ssh.algorithms.encryption: aes128ctr,aes192-ctr,aes256-ctr,aes256-cbc
•ssh.algorithms.hostkey: ecdsa-sha2nistp256,ssh-ed25519,ssh-rsa,rsasha2-512,rsa-sha2-256
•ssh.algorithms.kex: curve25519sha256@libssh.org,ecdh-sha2nistp256,ecdh-sha2-nistp384,ecdhsha2-nistp521,diffie-hellman-groupexchange-sha256,diffie-hellmangroup14-sha1
•ssh.algorithms.mac: hmac-sha1,hmacsha2-256,hmac-sha2-512
•ssh.banner: SSH-2.0-OpenSSH_7.2
•ssh.hostkey.ecdsa.bits: 256
•ssh.hostkey.ecdsa.fingerprint:
cf:b4:88:d8:e2:ae:a8:fd:70:1f:06:83:dc:
12:6e:24
•ssh.hostkey.ed25519.bits: 256
•ssh.hostkey.ed25519.fingerprint:
Page 203
Audit Report
Device
Protocol
Port
Vulnerabilities
Additional Information
c7:86:2f:14:01:de:75:80:41:e4:60:d7:6
5:2e:7d:97
•ssh.hostkey.rsa.bits: 2048
•ssh.hostkey.rsa.fingerprint:
e7:55:c4:b8:6d:17:2a:14:e6:f2:bc:3c:fd
:c4:91:47
•ssh.hostkey.type:
RSA,ECDSA,ED25519
•ssh.protocol.version: 2.0
10.220.251.60
tcp
22
1
•OpenBSD OpenSSH 7.2
•ssh.algorithms.compression:
none,zlib@openssh.com
•ssh.algorithms.encryption: aes128ctr,aes192-ctr,aes256-ctr,aes256-cbc
•ssh.algorithms.hostkey: ssh-rsa,rsasha2-512,rsa-sha2-256,sshdss,ecdsa-sha2-nistp256,ssh-ed25519
•ssh.algorithms.kex: curve25519sha256@libssh.org,ecdh-sha2nistp256,ecdh-sha2-nistp384,ecdhsha2-nistp521,diffie-hellman-groupexchange-sha256,diffie-hellmangroup14-sha1
•ssh.algorithms.mac: umac-64etm@openssh.com,umac-128etm@openssh.com,hmac-sha2-256etm@openssh.com,hmac-sha2-512etm@openssh.com,hmac-sha1etm@openssh.com,umac64@openssh.com,umac128@openssh.com,hmac-sha2256,hmac-sha2-512,hmac-sha1
•ssh.banner: SSH-2.0-OpenSSH_7.2
•ssh.hostkey.dsa.bits: 1024
•ssh.hostkey.dsa.fingerprint:
9b:87:7b:f1:59:18:ff:05:38:65:ee:6f:2c:
68:9c:0b
•ssh.hostkey.ecdsa.bits: 256
•ssh.hostkey.ecdsa.fingerprint:
Page 204
Audit Report
Device
Protocol
Port
Vulnerabilities
Additional Information
ca:b4:49:0b:85:f9:b8:d8:63:da:2e:d9:8
4:1e:b5:b1
•ssh.hostkey.ed25519.bits: 256
•ssh.hostkey.ed25519.fingerprint:
c2:0b:87:32:9d:65:1e:1b:92:c5:26:5f:2
1:29:55:dc
•ssh.hostkey.rsa.bits: 2048
•ssh.hostkey.rsa.fingerprint:
c2:8a:ff:1b:15:3e:e8:77:42:a5:c6:3b:22
:37:b6:b0
•ssh.hostkey.type:
DSA,RSA,ECDSA,ED25519
•ssh.protocol.version: 2.0
10.220.251.61
tcp
22
0
•OpenBSD OpenSSH 7.2
•ssh.algorithms.compression:
none,zlib@openssh.com
•ssh.algorithms.encryption: aes128ctr,aes192-ctr,aes256-ctr
•ssh.algorithms.hostkey: ssh-rsa,rsasha2-512,rsa-sha2-256,ecdsa-sha2nistp256,ssh-ed25519
•ssh.algorithms.kex: curve25519sha256@libssh.org,ecdh-sha2nistp256,ecdh-sha2-nistp384,ecdhsha2-nistp521,diffie-hellman-groupexchange-sha256,diffie-hellmangroup14-sha1
•ssh.algorithms.mac: hmac-sha1,hmacsha2-256,hmac-sha2-512
•ssh.banner: SSH-2.0-OpenSSH_7.2
•ssh.hostkey.ecdsa.bits: 256
•ssh.hostkey.ecdsa.fingerprint:
02:9d:59:e2:3a:f8:3d:35:41:d3:ca:13:6
2:cf:86:f2
•ssh.hostkey.ed25519.bits: 256
•ssh.hostkey.ed25519.fingerprint:
80:fa:5f:84:17:16:12:03:83:5a:4d:69:1
e:70:7c:18
•ssh.hostkey.rsa.bits: 2048
Page 205
Audit Report
Device
Protocol
Port
Vulnerabilities
Additional Information
•ssh.hostkey.rsa.fingerprint:
90:09:1b:72:9e:ee:4b:b8:40:b6:29:0a:
85:e6:9f:a1
•ssh.hostkey.type:
RSA,ECDSA,ED25519
•ssh.protocol.version: 2.0
10.220.251.62
tcp
22
0
•OpenBSD OpenSSH 7.2
•ssh.algorithms.compression:
none,zlib@openssh.com
•ssh.algorithms.encryption: aes128ctr,aes192-ctr,aes256-ctr
•ssh.algorithms.hostkey: ssh-rsa,rsasha2-512,rsa-sha2-256,ecdsa-sha2nistp256,ssh-ed25519
•ssh.algorithms.kex: curve25519sha256@libssh.org,ecdh-sha2nistp256,ecdh-sha2-nistp384,ecdhsha2-nistp521,diffie-hellman-groupexchange-sha256,diffie-hellmangroup14-sha1
•ssh.algorithms.mac: hmac-sha1,hmacsha2-256,hmac-sha2-512
•ssh.banner: SSH-2.0-OpenSSH_7.2
•ssh.hostkey.ecdsa.bits: 256
•ssh.hostkey.ecdsa.fingerprint:
02:9d:59:e2:3a:f8:3d:35:41:d3:ca:13:6
2:cf:86:f2
•ssh.hostkey.ed25519.bits: 256
•ssh.hostkey.ed25519.fingerprint:
80:fa:5f:84:17:16:12:03:83:5a:4d:69:1
e:70:7c:18
•ssh.hostkey.rsa.bits: 2048
•ssh.hostkey.rsa.fingerprint:
90:09:1b:72:9e:ee:4b:b8:40:b6:29:0a:
85:e6:9f:a1
•ssh.hostkey.type:
RSA,ECDSA,ED25519
•ssh.protocol.version: 2.0
10.220.251.63
tcp
22
0
•OpenBSD OpenSSH 7.2
Page 206
Audit Report
Device
Protocol
Port
Vulnerabilities
Additional Information
•ssh.algorithms.compression:
none,zlib@openssh.com
•ssh.algorithms.encryption: aes128ctr,aes192-ctr,aes256-ctr
•ssh.algorithms.hostkey: ssh-rsa,rsasha2-512,rsa-sha2-256,ecdsa-sha2nistp256,ssh-ed25519
•ssh.algorithms.kex: curve25519sha256@libssh.org,ecdh-sha2nistp256,ecdh-sha2-nistp384,ecdhsha2-nistp521,diffie-hellman-groupexchange-sha256,diffie-hellmangroup14-sha1
•ssh.algorithms.mac: hmac-sha1,hmacsha2-256,hmac-sha2-512
•ssh.banner: SSH-2.0-OpenSSH_7.2
•ssh.hostkey.ecdsa.bits: 256
•ssh.hostkey.ecdsa.fingerprint:
02:9d:59:e2:3a:f8:3d:35:41:d3:ca:13:6
2:cf:86:f2
•ssh.hostkey.ed25519.bits: 256
•ssh.hostkey.ed25519.fingerprint:
80:fa:5f:84:17:16:12:03:83:5a:4d:69:1
e:70:7c:18
•ssh.hostkey.rsa.bits: 2048
•ssh.hostkey.rsa.fingerprint:
90:09:1b:72:9e:ee:4b:b8:40:b6:29:0a:
85:e6:9f:a1
•ssh.hostkey.type:
RSA,ECDSA,ED25519
•ssh.protocol.version: 2.0
10.220.251.64
tcp
22
1
•ssh.algorithms.compression:
none,zlib@openssh.com
•ssh.algorithms.encryption: aes128ctr,aes192-ctr,aes256-ctr
•ssh.algorithms.hostkey: ssh-rsa,rsasha2-512,rsa-sha2-256,ecdsa-sha2nistp256,ssh-ed25519
•ssh.algorithms.kex: diffie-hellman-
Page 207
Audit Report
Device
Protocol
Port
Vulnerabilities
Additional Information
group-exchange-sha1,diffie-hellmangroup14-sha1
•ssh.algorithms.mac: umac-64etm@openssh.com,umac-128etm@openssh.com,hmac-sha2-256etm@openssh.com,hmac-sha2-512etm@openssh.com,hmac-sha1etm@openssh.com,umac64@openssh.com,umac128@openssh.com,hmac-sha2256,hmac-sha2-512,hmac-sha1
•ssh.banner: SSH-2.0-OpenSSH_x.x
•ssh.hostkey.ecdsa.bits: 256
•ssh.hostkey.ecdsa.fingerprint:
e5:45:fe:d4:ef:b5:20:3d:6b:19:fb:e9:d0
:f8:2f:92
•ssh.hostkey.ed25519.bits: 256
•ssh.hostkey.ed25519.fingerprint:
81:95:5d:4a:80:0b:80:47:a2:0b:cf:e6:3
c:f8:f1:30
•ssh.hostkey.rsa.bits: 2048
•ssh.hostkey.rsa.fingerprint:
56:eb:10:b6:34:62:37:be:ce:ef:04:0b:1
c:fd:ec:f7
•ssh.hostkey.type:
RSA,ECDSA,ED25519
•ssh.protocol.version: 2.0
10.220.251.65
tcp
22
1
•ssh.algorithms.compression:
none,zlib@openssh.com
•ssh.algorithms.encryption: aes128ctr,aes192-ctr,aes256-ctr
•ssh.algorithms.hostkey: ssh-rsa,rsasha2-512,rsa-sha2-256,ecdsa-sha2nistp256,ssh-ed25519
•ssh.algorithms.kex: diffie-hellmangroup-exchange-sha1,diffie-hellmangroup14-sha1
•ssh.algorithms.mac: umac-64etm@openssh.com,umac-128-
Page 208
Audit Report
Device
Protocol
Port
Vulnerabilities
Additional Information
etm@openssh.com,hmac-sha2-256etm@openssh.com,hmac-sha2-512etm@openssh.com,hmac-sha1etm@openssh.com,umac64@openssh.com,umac128@openssh.com,hmac-sha2256,hmac-sha2-512,hmac-sha1
•ssh.banner: SSH-2.0-OpenSSH_x.x
•ssh.hostkey.ecdsa.bits: 256
•ssh.hostkey.ecdsa.fingerprint:
99:13:83:3f:67:3e:c9:1b:09:3a:a2:30:2
4:73:d6:9a
•ssh.hostkey.ed25519.bits: 256
•ssh.hostkey.ed25519.fingerprint:
97:27:0a:8e:38:05:96:6e:dd:f5:62:0a:2
2:40:65:0b
•ssh.hostkey.rsa.bits: 2048
•ssh.hostkey.rsa.fingerprint:
e5:cb:7e:b2:92:3f:89:2f:e7:90:45:16:e8
:f1:a6:3c
•ssh.hostkey.type:
RSA,ECDSA,ED25519
•ssh.protocol.version: 2.0
10.220.251.66
tcp
22
0
•OpenBSD OpenSSH 7.2
•ssh.algorithms.compression:
none,zlib@openssh.com
•ssh.algorithms.encryption: aes128ctr,aes192-ctr,aes256-ctr
•ssh.algorithms.hostkey: ssh-rsa,rsasha2-512,rsa-sha2-256,ecdsa-sha2nistp256,ssh-ed25519
•ssh.algorithms.kex: curve25519sha256@libssh.org,ecdh-sha2nistp256,ecdh-sha2-nistp384,ecdhsha2-nistp521,diffie-hellman-groupexchange-sha256,diffie-hellmangroup14-sha1
•ssh.algorithms.mac: hmac-sha1,hmacsha2-256,hmac-sha2-512
Page 209
Audit Report
Device
Protocol
Port
Vulnerabilities
Additional Information
•ssh.banner: SSH-2.0-OpenSSH_7.2
•ssh.hostkey.ecdsa.bits: 256
•ssh.hostkey.ecdsa.fingerprint:
7a:04:c9:74:e0:0d:0a:fa:b2:a1:66:63:3
e:ff:d7:35
•ssh.hostkey.ed25519.bits: 256
•ssh.hostkey.ed25519.fingerprint:
aa:fb:32:0e:fb:ce:0d:22:d4:89:88:27:2c
:48:0d:43
•ssh.hostkey.rsa.bits: 2048
•ssh.hostkey.rsa.fingerprint:
99:00:dc:c4:fd:83:72:01:90:50:0d:cb:a
c:f2:f9:2d
•ssh.hostkey.type:
RSA,ECDSA,ED25519
•ssh.protocol.version: 2.0
10.220.251.67
tcp
22
1
•OpenBSD OpenSSH 7.2
•ssh.algorithms.compression:
none,zlib@openssh.com
•ssh.algorithms.encryption: aes128ctr,aes192-ctr,aes256-ctr,aes256-cbc
•ssh.algorithms.hostkey: ssh-rsa,rsasha2-512,rsa-sha2-256,ecdsa-sha2nistp256,ssh-ed25519
•ssh.algorithms.kex: curve25519sha256@libssh.org,ecdh-sha2nistp256,ecdh-sha2-nistp384,ecdhsha2-nistp521,diffie-hellman-groupexchange-sha256,diffie-hellmangroup14-sha1
•ssh.algorithms.mac: hmac-sha1,hmacsha2-256,hmac-sha2-512
•ssh.banner: SSH-2.0-OpenSSH_7.2
•ssh.hostkey.ecdsa.bits: 256
•ssh.hostkey.ecdsa.fingerprint:
7a:04:c9:74:e0:0d:0a:fa:b2:a1:66:63:3
e:ff:d7:35
•ssh.hostkey.ed25519.bits: 256
•ssh.hostkey.ed25519.fingerprint:
Page 210
Audit Report
Device
Protocol
Port
Vulnerabilities
Additional Information
aa:fb:32:0e:fb:ce:0d:22:d4:89:88:27:2c
:48:0d:43
•ssh.hostkey.rsa.bits: 2048
•ssh.hostkey.rsa.fingerprint:
99:00:dc:c4:fd:83:72:01:90:50:0d:cb:a
c:f2:f9:2d
•ssh.hostkey.type:
RSA,ECDSA,ED25519
•ssh.protocol.version: 2.0
10.220.251.68
tcp
22
0
•OpenBSD OpenSSH 7.2
•ssh.algorithms.compression:
none,zlib@openssh.com
•ssh.algorithms.encryption: aes128ctr,aes192-ctr,aes256-ctr
•ssh.algorithms.hostkey: ssh-rsa,rsasha2-512,rsa-sha2-256,ecdsa-sha2nistp256,ssh-ed25519
•ssh.algorithms.kex: curve25519sha256@libssh.org,ecdh-sha2nistp256,ecdh-sha2-nistp384,ecdhsha2-nistp521,diffie-hellman-groupexchange-sha256,diffie-hellmangroup14-sha1
•ssh.algorithms.mac: hmac-sha1,hmacsha2-256,hmac-sha2-512
•ssh.banner: SSH-2.0-OpenSSH_7.2
•ssh.hostkey.ecdsa.bits: 256
•ssh.hostkey.ecdsa.fingerprint:
02:9d:59:e2:3a:f8:3d:35:41:d3:ca:13:6
2:cf:86:f2
•ssh.hostkey.ed25519.bits: 256
•ssh.hostkey.ed25519.fingerprint:
80:fa:5f:84:17:16:12:03:83:5a:4d:69:1
e:70:7c:18
•ssh.hostkey.rsa.bits: 2048
•ssh.hostkey.rsa.fingerprint:
90:09:1b:72:9e:ee:4b:b8:40:b6:29:0a:
85:e6:9f:a1
•ssh.hostkey.type:
Page 211
Audit Report
Device
Protocol
Port
Vulnerabilities
Additional Information
RSA,ECDSA,ED25519
•ssh.protocol.version: 2.0
10.220.251.69
tcp
22
0
•OpenBSD OpenSSH 7.2
•ssh.algorithms.compression:
none,zlib@openssh.com
•ssh.algorithms.encryption: aes128ctr,aes192-ctr,aes256-ctr
•ssh.algorithms.hostkey: ssh-rsa,rsasha2-512,rsa-sha2-256,ecdsa-sha2nistp256,ssh-ed25519
•ssh.algorithms.kex: curve25519sha256@libssh.org,ecdh-sha2nistp256,ecdh-sha2-nistp384,ecdhsha2-nistp521,diffie-hellman-groupexchange-sha256,diffie-hellmangroup14-sha1
•ssh.algorithms.mac: hmac-sha1,hmacsha2-256,hmac-sha2-512
•ssh.banner: SSH-2.0-OpenSSH_7.2
•ssh.hostkey.ecdsa.bits: 256
•ssh.hostkey.ecdsa.fingerprint:
02:9d:59:e2:3a:f8:3d:35:41:d3:ca:13:6
2:cf:86:f2
•ssh.hostkey.ed25519.bits: 256
•ssh.hostkey.ed25519.fingerprint:
80:fa:5f:84:17:16:12:03:83:5a:4d:69:1
e:70:7c:18
•ssh.hostkey.rsa.bits: 2048
•ssh.hostkey.rsa.fingerprint:
90:09:1b:72:9e:ee:4b:b8:40:b6:29:0a:
85:e6:9f:a1
•ssh.hostkey.type:
RSA,ECDSA,ED25519
•ssh.protocol.version: 2.0
10.220.251.7
tcp
22
0
•OpenBSD OpenSSH 7.2
•ssh.algorithms.compression:
none,zlib@openssh.com
•ssh.algorithms.encryption: aes128ctr,aes192-ctr,aes256-ctr
Page 212
Audit Report
Device
Protocol
Port
Vulnerabilities
Additional Information
•ssh.algorithms.hostkey: ssh-rsa,rsasha2-512,rsa-sha2-256,ecdsa-sha2nistp256,ssh-ed25519
•ssh.algorithms.kex: curve25519sha256@libssh.org,ecdh-sha2nistp256,ecdh-sha2-nistp384,ecdhsha2-nistp521,diffie-hellman-groupexchange-sha256,diffie-hellmangroup14-sha1
•ssh.algorithms.mac: hmac-sha1,hmacsha2-256,hmac-sha2-512
•ssh.banner: SSH-2.0-OpenSSH_7.2
•ssh.hostkey.ecdsa.bits: 256
•ssh.hostkey.ecdsa.fingerprint:
02:9d:59:e2:3a:f8:3d:35:41:d3:ca:13:6
2:cf:86:f2
•ssh.hostkey.ed25519.bits: 256
•ssh.hostkey.ed25519.fingerprint:
80:fa:5f:84:17:16:12:03:83:5a:4d:69:1
e:70:7c:18
•ssh.hostkey.rsa.bits: 2048
•ssh.hostkey.rsa.fingerprint:
90:09:1b:72:9e:ee:4b:b8:40:b6:29:0a:
85:e6:9f:a1
•ssh.hostkey.type:
RSA,ECDSA,ED25519
•ssh.protocol.version: 2.0
10.220.251.72
tcp
22
1
•OpenBSD OpenSSH 7.2
•ssh.algorithms.compression:
none,zlib@openssh.com
•ssh.algorithms.encryption: aes128ctr,aes192-ctr,aes256-ctr,aes256-cbc
•ssh.algorithms.hostkey: ssh-rsa,rsasha2-512,rsa-sha2-256,sshdss,ecdsa-sha2-nistp256,ssh-ed25519
•ssh.algorithms.kex: curve25519sha256@libssh.org,ecdh-sha2nistp256,ecdh-sha2-nistp384,ecdhsha2-nistp521,diffie-hellman-group-
Page 213
Audit Report
Device
Protocol
Port
Vulnerabilities
Additional Information
exchange-sha256,diffie-hellmangroup14-sha1
•ssh.algorithms.mac: umac-64etm@openssh.com,umac-128etm@openssh.com,hmac-sha2-256etm@openssh.com,hmac-sha2-512etm@openssh.com,hmac-sha1etm@openssh.com,umac64@openssh.com,umac128@openssh.com,hmac-sha2256,hmac-sha2-512,hmac-sha1
•ssh.banner: SSH-2.0-OpenSSH_7.2
•ssh.hostkey.dsa.bits: 1024
•ssh.hostkey.dsa.fingerprint:
9b:87:7b:f1:59:18:ff:05:38:65:ee:6f:2c:
68:9c:0b
•ssh.hostkey.ecdsa.bits: 256
•ssh.hostkey.ecdsa.fingerprint:
ca:b4:49:0b:85:f9:b8:d8:63:da:2e:d9:8
4:1e:b5:b1
•ssh.hostkey.ed25519.bits: 256
•ssh.hostkey.ed25519.fingerprint:
c2:0b:87:32:9d:65:1e:1b:92:c5:26:5f:2
1:29:55:dc
•ssh.hostkey.rsa.bits: 2048
•ssh.hostkey.rsa.fingerprint:
c2:8a:ff:1b:15:3e:e8:77:42:a5:c6:3b:22
:37:b6:b0
•ssh.hostkey.type:
DSA,RSA,ECDSA,ED25519
•ssh.protocol.version: 2.0
10.220.251.76
tcp
22
0
•OpenBSD OpenSSH 7.2
•ssh.algorithms.compression:
none,zlib@openssh.com
•ssh.algorithms.encryption: aes128ctr,aes192-ctr,aes256-ctr
•ssh.algorithms.hostkey: ssh-rsa,rsasha2-512,rsa-sha2-256,ecdsa-sha2nistp256,ssh-ed25519
Page 214
Audit Report
Device
Protocol
Port
Vulnerabilities
Additional Information
•ssh.algorithms.kex: curve25519sha256@libssh.org,ecdh-sha2nistp256,ecdh-sha2-nistp384,ecdhsha2-nistp521,diffie-hellman-groupexchange-sha256,diffie-hellmangroup14-sha1
•ssh.algorithms.mac: hmac-sha1,hmacsha2-256,hmac-sha2-512
•ssh.banner: SSH-2.0-OpenSSH_7.2
•ssh.hostkey.ecdsa.bits: 256
•ssh.hostkey.ecdsa.fingerprint:
02:9d:59:e2:3a:f8:3d:35:41:d3:ca:13:6
2:cf:86:f2
•ssh.hostkey.ed25519.bits: 256
•ssh.hostkey.ed25519.fingerprint:
80:fa:5f:84:17:16:12:03:83:5a:4d:69:1
e:70:7c:18
•ssh.hostkey.rsa.bits: 2048
•ssh.hostkey.rsa.fingerprint:
90:09:1b:72:9e:ee:4b:b8:40:b6:29:0a:
85:e6:9f:a1
•ssh.hostkey.type:
RSA,ECDSA,ED25519
•ssh.protocol.version: 2.0
10.220.251.77
tcp
22
0
•OpenBSD OpenSSH 7.2
•ssh.algorithms.compression:
none,zlib@openssh.com
•ssh.algorithms.encryption: aes128ctr,aes192-ctr,aes256-ctr
•ssh.algorithms.hostkey: ssh-rsa,rsasha2-512,rsa-sha2-256,ecdsa-sha2nistp256,ssh-ed25519
•ssh.algorithms.kex: curve25519sha256@libssh.org,ecdh-sha2nistp256,ecdh-sha2-nistp384,ecdhsha2-nistp521,diffie-hellman-groupexchange-sha256,diffie-hellmangroup14-sha1
•ssh.algorithms.mac: hmac-sha1,hmac-
Page 215
Audit Report
Device
Protocol
Port
Vulnerabilities
Additional Information
sha2-256,hmac-sha2-512
•ssh.banner: SSH-2.0-OpenSSH_7.2
•ssh.hostkey.ecdsa.bits: 256
•ssh.hostkey.ecdsa.fingerprint:
02:9d:59:e2:3a:f8:3d:35:41:d3:ca:13:6
2:cf:86:f2
•ssh.hostkey.ed25519.bits: 256
•ssh.hostkey.ed25519.fingerprint:
80:fa:5f:84:17:16:12:03:83:5a:4d:69:1
e:70:7c:18
•ssh.hostkey.rsa.bits: 2048
•ssh.hostkey.rsa.fingerprint:
90:09:1b:72:9e:ee:4b:b8:40:b6:29:0a:
85:e6:9f:a1
•ssh.hostkey.type:
RSA,ECDSA,ED25519
•ssh.protocol.version: 2.0
10.220.251.78
tcp
22
0
•OpenBSD OpenSSH 7.2
•ssh.algorithms.compression:
none,zlib@openssh.com
•ssh.algorithms.encryption: aes128ctr,aes192-ctr,aes256-ctr
•ssh.algorithms.hostkey: ssh-rsa,rsasha2-512,rsa-sha2-256,ecdsa-sha2nistp256,ssh-ed25519
•ssh.algorithms.kex: curve25519sha256@libssh.org,ecdh-sha2nistp256,ecdh-sha2-nistp384,ecdhsha2-nistp521,diffie-hellman-groupexchange-sha256,diffie-hellmangroup14-sha1
•ssh.algorithms.mac: hmac-sha1,hmacsha2-256,hmac-sha2-512
•ssh.banner: SSH-2.0-OpenSSH_7.2
•ssh.hostkey.ecdsa.bits: 256
•ssh.hostkey.ecdsa.fingerprint:
02:9d:59:e2:3a:f8:3d:35:41:d3:ca:13:6
2:cf:86:f2
•ssh.hostkey.ed25519.bits: 256
Page 216
Audit Report
Device
Protocol
Port
Vulnerabilities
Additional Information
•ssh.hostkey.ed25519.fingerprint:
80:fa:5f:84:17:16:12:03:83:5a:4d:69:1
e:70:7c:18
•ssh.hostkey.rsa.bits: 2048
•ssh.hostkey.rsa.fingerprint:
90:09:1b:72:9e:ee:4b:b8:40:b6:29:0a:
85:e6:9f:a1
•ssh.hostkey.type:
RSA,ECDSA,ED25519
•ssh.protocol.version: 2.0
10.220.251.79
tcp
22
0
•OpenBSD OpenSSH 7.2
•ssh.algorithms.compression:
none,zlib@openssh.com
•ssh.algorithms.encryption: aes128ctr,aes192-ctr,aes256-ctr
•ssh.algorithms.hostkey: ssh-rsa,rsasha2-512,rsa-sha2-256,ecdsa-sha2nistp256,ssh-ed25519
•ssh.algorithms.kex: curve25519sha256@libssh.org,ecdh-sha2nistp256,ecdh-sha2-nistp384,ecdhsha2-nistp521,diffie-hellman-groupexchange-sha256,diffie-hellmangroup14-sha1
•ssh.algorithms.mac: hmac-sha1,hmacsha2-256,hmac-sha2-512
•ssh.banner: SSH-2.0-OpenSSH_7.2
•ssh.hostkey.ecdsa.bits: 256
•ssh.hostkey.ecdsa.fingerprint:
02:9d:59:e2:3a:f8:3d:35:41:d3:ca:13:6
2:cf:86:f2
•ssh.hostkey.ed25519.bits: 256
•ssh.hostkey.ed25519.fingerprint:
80:fa:5f:84:17:16:12:03:83:5a:4d:69:1
e:70:7c:18
•ssh.hostkey.rsa.bits: 2048
•ssh.hostkey.rsa.fingerprint:
90:09:1b:72:9e:ee:4b:b8:40:b6:29:0a:
85:e6:9f:a1
Page 217
Audit Report
Device
Protocol
Port
Vulnerabilities
Additional Information
•ssh.hostkey.type:
RSA,ECDSA,ED25519
•ssh.protocol.version: 2.0
10.220.251.8
tcp
22
0
•OpenBSD OpenSSH 7.2
•ssh.algorithms.compression:
none,zlib@openssh.com
•ssh.algorithms.encryption: aes128ctr,aes192-ctr,aes256-ctr
•ssh.algorithms.hostkey: ssh-rsa,rsasha2-512,rsa-sha2-256,ecdsa-sha2nistp256,ssh-ed25519
•ssh.algorithms.kex: curve25519sha256@libssh.org,ecdh-sha2nistp256,ecdh-sha2-nistp384,ecdhsha2-nistp521,diffie-hellman-groupexchange-sha256,diffie-hellmangroup14-sha1
•ssh.algorithms.mac: hmac-sha1,hmacsha2-256,hmac-sha2-512
•ssh.banner: SSH-2.0-OpenSSH_7.2
•ssh.hostkey.ecdsa.bits: 256
•ssh.hostkey.ecdsa.fingerprint:
02:9d:59:e2:3a:f8:3d:35:41:d3:ca:13:6
2:cf:86:f2
•ssh.hostkey.ed25519.bits: 256
•ssh.hostkey.ed25519.fingerprint:
80:fa:5f:84:17:16:12:03:83:5a:4d:69:1
e:70:7c:18
•ssh.hostkey.rsa.bits: 2048
•ssh.hostkey.rsa.fingerprint:
90:09:1b:72:9e:ee:4b:b8:40:b6:29:0a:
85:e6:9f:a1
•ssh.hostkey.type:
RSA,ECDSA,ED25519
•ssh.protocol.version: 2.0
10.220.251.80
tcp
22
0
•OpenBSD OpenSSH 7.2
•ssh.algorithms.compression:
none,zlib@openssh.com
•ssh.algorithms.encryption: aes128-
Page 218
Audit Report
Device
Protocol
Port
Vulnerabilities
Additional Information
ctr,aes192-ctr,aes256-ctr
•ssh.algorithms.hostkey: ssh-rsa,rsasha2-512,rsa-sha2-256,ecdsa-sha2nistp256,ssh-ed25519
•ssh.algorithms.kex: curve25519sha256@libssh.org,ecdh-sha2nistp256,ecdh-sha2-nistp384,ecdhsha2-nistp521,diffie-hellman-groupexchange-sha256,diffie-hellmangroup14-sha1
•ssh.algorithms.mac: hmac-sha1,hmacsha2-256,hmac-sha2-512
•ssh.banner: SSH-2.0-OpenSSH_7.2
•ssh.hostkey.ecdsa.bits: 256
•ssh.hostkey.ecdsa.fingerprint:
02:9d:59:e2:3a:f8:3d:35:41:d3:ca:13:6
2:cf:86:f2
•ssh.hostkey.ed25519.bits: 256
•ssh.hostkey.ed25519.fingerprint:
80:fa:5f:84:17:16:12:03:83:5a:4d:69:1
e:70:7c:18
•ssh.hostkey.rsa.bits: 2048
•ssh.hostkey.rsa.fingerprint:
90:09:1b:72:9e:ee:4b:b8:40:b6:29:0a:
85:e6:9f:a1
•ssh.hostkey.type:
RSA,ECDSA,ED25519
•ssh.protocol.version: 2.0
10.220.251.81
tcp
22
0
•OpenBSD OpenSSH 7.2
•ssh.algorithms.compression:
none,zlib@openssh.com
•ssh.algorithms.encryption: aes128ctr,aes192-ctr,aes256-ctr
•ssh.algorithms.hostkey: ssh-rsa,rsasha2-512,rsa-sha2-256,ecdsa-sha2nistp256,ssh-ed25519
•ssh.algorithms.kex: curve25519sha256@libssh.org,ecdh-sha2nistp256,ecdh-sha2-nistp384,ecdh-
Page 219
Audit Report
Device
Protocol
Port
Vulnerabilities
Additional Information
sha2-nistp521,diffie-hellman-groupexchange-sha256,diffie-hellmangroup14-sha1
•ssh.algorithms.mac: hmac-sha1,hmacsha2-256,hmac-sha2-512
•ssh.banner: SSH-2.0-OpenSSH_7.2
•ssh.hostkey.ecdsa.bits: 256
•ssh.hostkey.ecdsa.fingerprint:
02:9d:59:e2:3a:f8:3d:35:41:d3:ca:13:6
2:cf:86:f2
•ssh.hostkey.ed25519.bits: 256
•ssh.hostkey.ed25519.fingerprint:
80:fa:5f:84:17:16:12:03:83:5a:4d:69:1
e:70:7c:18
•ssh.hostkey.rsa.bits: 2048
•ssh.hostkey.rsa.fingerprint:
90:09:1b:72:9e:ee:4b:b8:40:b6:29:0a:
85:e6:9f:a1
•ssh.hostkey.type:
RSA,ECDSA,ED25519
•ssh.protocol.version: 2.0
10.220.251.82
tcp
22
1
•ssh.algorithms.compression:
none,zlib@openssh.com
•ssh.algorithms.encryption: aes128ctr,aes192-ctr,aes256-ctr,aes128gcm@openssh.com,aes256gcm@openssh.com,chacha20poly1305@openssh.com
•ssh.algorithms.hostkey: ssh-rsa,rsasha2-512,rsa-sha2-256,ecdsa-sha2nistp256,ssh-ed25519
•ssh.algorithms.kex: diffie-hellmangroup1-sha1,diffie-hellman-group14sha1,diffie-hellman-group-exchangesha1,diffie-hellman-group-exchangesha256,ecdh-sha2-nistp256,ecdhsha2-nistp384,ecdh-sha2nistp521,curve25519sha256@libssh.org
Page 220
Audit Report
Device
Protocol
Port
Vulnerabilities
Additional Information
•ssh.algorithms.mac: hmac-sha1,hmacsha2-256,hmac-sha2-512
•ssh.banner: SSH-2.0•ssh.hostkey.ecdsa.bits: 256
•ssh.hostkey.ecdsa.fingerprint:
c2:44:b7:63:ec:23:22:79:5c:e3:a5:f0:a
0:61:f4:4e
•ssh.hostkey.ed25519.bits: 256
•ssh.hostkey.ed25519.fingerprint:
d8:0f:92:23:7d:36:c5:a1:e0:8e:20:af:e9
:3a:9d:18
•ssh.hostkey.rsa.bits: 2048
•ssh.hostkey.rsa.fingerprint:
e8:b8:93:93:28:ea:93:88:04:a1:3f:98:0
e:ae:89:93
•ssh.hostkey.type:
RSA,ECDSA,ED25519
•ssh.protocol.version: 2.0
10.220.251.83
tcp
22
1
•ssh.algorithms.compression:
none,zlib@openssh.com
•ssh.algorithms.encryption: aes128ctr,aes192-ctr,aes256-ctr,aes128gcm@openssh.com,aes256gcm@openssh.com,chacha20poly1305@openssh.com
•ssh.algorithms.hostkey: ssh-rsa,rsasha2-512,rsa-sha2-256,ecdsa-sha2nistp256,ssh-ed25519
•ssh.algorithms.kex: diffie-hellmangroup1-sha1,diffie-hellman-group14sha1,diffie-hellman-group-exchangesha1,diffie-hellman-group-exchangesha256,ecdh-sha2-nistp256,ecdhsha2-nistp384,ecdh-sha2nistp521,curve25519sha256@libssh.org
•ssh.algorithms.mac: hmac-sha1,hmacsha2-256,hmac-sha2-512
•ssh.banner: SSH-2.0-
Page 221
Audit Report
Device
Protocol
Port
Vulnerabilities
Additional Information
•ssh.hostkey.ecdsa.bits: 256
•ssh.hostkey.ecdsa.fingerprint:
c2:44:b7:63:ec:23:22:79:5c:e3:a5:f0:a
0:61:f4:4e
•ssh.hostkey.ed25519.bits: 256
•ssh.hostkey.ed25519.fingerprint:
d8:0f:92:23:7d:36:c5:a1:e0:8e:20:af:e9
:3a:9d:18
•ssh.hostkey.rsa.bits: 2048
•ssh.hostkey.rsa.fingerprint:
e8:b8:93:93:28:ea:93:88:04:a1:3f:98:0
e:ae:89:93
•ssh.hostkey.type:
RSA,ECDSA,ED25519
•ssh.protocol.version: 2.0
10.220.251.84
tcp
22
1
•ssh.algorithms.compression:
none,zlib@openssh.com
•ssh.algorithms.encryption: aes128ctr,aes192-ctr,aes256-ctr,aes128gcm@openssh.com,aes256gcm@openssh.com,chacha20poly1305@openssh.com
•ssh.algorithms.hostkey: ssh-rsa,rsasha2-512,rsa-sha2-256,ecdsa-sha2nistp256,ssh-ed25519
•ssh.algorithms.kex: diffie-hellmangroup1-sha1,diffie-hellman-group14sha1,diffie-hellman-group-exchangesha1,diffie-hellman-group-exchangesha256,ecdh-sha2-nistp256,ecdhsha2-nistp384,ecdh-sha2nistp521,curve25519sha256@libssh.org
•ssh.algorithms.mac: hmac-sha1,hmacsha2-256,hmac-sha2-512
•ssh.banner: SSH-2.0•ssh.hostkey.ecdsa.bits: 256
•ssh.hostkey.ecdsa.fingerprint:
c2:44:b7:63:ec:23:22:79:5c:e3:a5:f0:a
Page 222
Audit Report
Device
Protocol
Port
Vulnerabilities
Additional Information
0:61:f4:4e
•ssh.hostkey.ed25519.bits: 256
•ssh.hostkey.ed25519.fingerprint:
d8:0f:92:23:7d:36:c5:a1:e0:8e:20:af:e9
:3a:9d:18
•ssh.hostkey.rsa.bits: 2048
•ssh.hostkey.rsa.fingerprint:
e8:b8:93:93:28:ea:93:88:04:a1:3f:98:0
e:ae:89:93
•ssh.hostkey.type:
RSA,ECDSA,ED25519
•ssh.protocol.version: 2.0
10.220.251.87
tcp
22
0
•OpenBSD OpenSSH 7.2
•ssh.algorithms.compression:
none,zlib@openssh.com
•ssh.algorithms.encryption: aes128ctr,aes192-ctr,aes256-ctr
•ssh.algorithms.hostkey: ecdsa-sha2nistp256,ssh-ed25519,ssh-rsa,rsasha2-512,rsa-sha2-256
•ssh.algorithms.kex: curve25519sha256@libssh.org,ecdh-sha2nistp256,ecdh-sha2-nistp384,ecdhsha2-nistp521,diffie-hellman-groupexchange-sha256,diffie-hellmangroup14-sha1
•ssh.algorithms.mac: hmac-sha1,hmacsha2-256,hmac-sha2-512
•ssh.banner: SSH-2.0-OpenSSH_7.2
•ssh.hostkey.ecdsa.bits: 256
•ssh.hostkey.ecdsa.fingerprint:
02:9d:59:e2:3a:f8:3d:35:41:d3:ca:13:6
2:cf:86:f2
•ssh.hostkey.ed25519.bits: 256
•ssh.hostkey.ed25519.fingerprint:
80:fa:5f:84:17:16:12:03:83:5a:4d:69:1
e:70:7c:18
•ssh.hostkey.rsa.bits: 2048
•ssh.hostkey.rsa.fingerprint:
Page 223
Audit Report
Device
Protocol
Port
Vulnerabilities
Additional Information
90:09:1b:72:9e:ee:4b:b8:40:b6:29:0a:
85:e6:9f:a1
•ssh.hostkey.type:
RSA,ECDSA,ED25519
•ssh.protocol.version: 2.0
10.220.251.88
tcp
22
0
•OpenBSD OpenSSH 7.2
•ssh.algorithms.compression:
none,zlib@openssh.com
•ssh.algorithms.encryption: aes128ctr,aes192-ctr,aes256-ctr
•ssh.algorithms.hostkey: ssh-rsa,rsasha2-512,rsa-sha2-256,ecdsa-sha2nistp256,ssh-ed25519
•ssh.algorithms.kex: curve25519sha256@libssh.org,ecdh-sha2nistp256,ecdh-sha2-nistp384,ecdhsha2-nistp521,diffie-hellman-groupexchange-sha256,diffie-hellmangroup14-sha1
•ssh.algorithms.mac: hmac-sha1,hmacsha2-256,hmac-sha2-512
•ssh.banner: SSH-2.0-OpenSSH_7.2
•ssh.hostkey.ecdsa.bits: 256
•ssh.hostkey.ecdsa.fingerprint:
02:9d:59:e2:3a:f8:3d:35:41:d3:ca:13:6
2:cf:86:f2
•ssh.hostkey.ed25519.bits: 256
•ssh.hostkey.ed25519.fingerprint:
80:fa:5f:84:17:16:12:03:83:5a:4d:69:1
e:70:7c:18
•ssh.hostkey.rsa.bits: 2048
•ssh.hostkey.rsa.fingerprint:
90:09:1b:72:9e:ee:4b:b8:40:b6:29:0a:
85:e6:9f:a1
•ssh.hostkey.type:
RSA,ECDSA,ED25519
•ssh.protocol.version: 2.0
10.220.251.89
tcp
22
0
•OpenBSD OpenSSH 7.2
•ssh.algorithms.compression:
Page 224
Audit Report
Device
Protocol
Port
Vulnerabilities
Additional Information
none,zlib@openssh.com
•ssh.algorithms.encryption: aes128ctr,aes192-ctr,aes256-ctr
•ssh.algorithms.hostkey: ssh-rsa,rsasha2-512,rsa-sha2-256,ecdsa-sha2nistp256,ssh-ed25519
•ssh.algorithms.kex: curve25519sha256@libssh.org,ecdh-sha2nistp256,ecdh-sha2-nistp384,ecdhsha2-nistp521,diffie-hellman-groupexchange-sha256,diffie-hellmangroup14-sha1
•ssh.algorithms.mac: hmac-sha1,hmacsha2-256,hmac-sha2-512
•ssh.banner: SSH-2.0-OpenSSH_7.2
•ssh.hostkey.ecdsa.bits: 256
•ssh.hostkey.ecdsa.fingerprint:
02:9d:59:e2:3a:f8:3d:35:41:d3:ca:13:6
2:cf:86:f2
•ssh.hostkey.ed25519.bits: 256
•ssh.hostkey.ed25519.fingerprint:
80:fa:5f:84:17:16:12:03:83:5a:4d:69:1
e:70:7c:18
•ssh.hostkey.rsa.bits: 2048
•ssh.hostkey.rsa.fingerprint:
90:09:1b:72:9e:ee:4b:b8:40:b6:29:0a:
85:e6:9f:a1
•ssh.hostkey.type:
RSA,ECDSA,ED25519
•ssh.protocol.version: 2.0
10.220.251.9
tcp
22
0
•OpenBSD OpenSSH 7.2
•ssh.algorithms.compression:
none,zlib@openssh.com
•ssh.algorithms.encryption: aes128ctr,aes192-ctr,aes256-ctr
•ssh.algorithms.hostkey: ssh-rsa,rsasha2-512,rsa-sha2-256,ecdsa-sha2nistp256,ssh-ed25519
•ssh.algorithms.kex: curve25519-
Page 225
Audit Report
Device
Protocol
Port
Vulnerabilities
Additional Information
sha256@libssh.org,ecdh-sha2nistp256,ecdh-sha2-nistp384,ecdhsha2-nistp521,diffie-hellman-groupexchange-sha256,diffie-hellmangroup14-sha1
•ssh.algorithms.mac: hmac-sha1,hmacsha2-256,hmac-sha2-512
•ssh.banner: SSH-2.0-OpenSSH_7.2
•ssh.hostkey.ecdsa.bits: 256
•ssh.hostkey.ecdsa.fingerprint:
02:9d:59:e2:3a:f8:3d:35:41:d3:ca:13:6
2:cf:86:f2
•ssh.hostkey.ed25519.bits: 256
•ssh.hostkey.ed25519.fingerprint:
80:fa:5f:84:17:16:12:03:83:5a:4d:69:1
e:70:7c:18
•ssh.hostkey.rsa.bits: 2048
•ssh.hostkey.rsa.fingerprint:
90:09:1b:72:9e:ee:4b:b8:40:b6:29:0a:
85:e6:9f:a1
•ssh.hostkey.type:
RSA,ECDSA,ED25519
•ssh.protocol.version: 2.0
10.220.251.90
tcp
22
0
•OpenBSD OpenSSH 7.2
•ssh.algorithms.compression:
none,zlib@openssh.com
•ssh.algorithms.encryption: aes128ctr,aes192-ctr,aes256-ctr
•ssh.algorithms.hostkey: ssh-rsa,rsasha2-512,rsa-sha2-256,ecdsa-sha2nistp256,ssh-ed25519
•ssh.algorithms.kex: curve25519sha256@libssh.org,ecdh-sha2nistp256,ecdh-sha2-nistp384,ecdhsha2-nistp521,diffie-hellman-groupexchange-sha256,diffie-hellmangroup14-sha1
•ssh.algorithms.mac: hmac-sha1,hmacsha2-256,hmac-sha2-512
Page 226
Audit Report
Device
Protocol
Port
Vulnerabilities
Additional Information
•ssh.banner: SSH-2.0-OpenSSH_7.2
•ssh.hostkey.ecdsa.bits: 256
•ssh.hostkey.ecdsa.fingerprint:
02:9d:59:e2:3a:f8:3d:35:41:d3:ca:13:6
2:cf:86:f2
•ssh.hostkey.ed25519.bits: 256
•ssh.hostkey.ed25519.fingerprint:
80:fa:5f:84:17:16:12:03:83:5a:4d:69:1
e:70:7c:18
•ssh.hostkey.rsa.bits: 2048
•ssh.hostkey.rsa.fingerprint:
90:09:1b:72:9e:ee:4b:b8:40:b6:29:0a:
85:e6:9f:a1
•ssh.hostkey.type:
RSA,ECDSA,ED25519
•ssh.protocol.version: 2.0
10.220.251.91
tcp
22
0
•OpenBSD OpenSSH 7.2
•ssh.algorithms.compression:
none,zlib@openssh.com
•ssh.algorithms.encryption: aes128ctr,aes192-ctr,aes256-ctr
•ssh.algorithms.hostkey: ssh-rsa,rsasha2-512,rsa-sha2-256,ecdsa-sha2nistp256,ssh-ed25519
•ssh.algorithms.kex: curve25519sha256@libssh.org,ecdh-sha2nistp256,ecdh-sha2-nistp384,ecdhsha2-nistp521,diffie-hellman-groupexchange-sha256,diffie-hellmangroup14-sha1
•ssh.algorithms.mac: hmac-sha1,hmacsha2-256,hmac-sha2-512
•ssh.banner: SSH-2.0-OpenSSH_7.2
•ssh.hostkey.ecdsa.bits: 256
•ssh.hostkey.ecdsa.fingerprint:
02:9d:59:e2:3a:f8:3d:35:41:d3:ca:13:6
2:cf:86:f2
•ssh.hostkey.ed25519.bits: 256
•ssh.hostkey.ed25519.fingerprint:
Page 227
Audit Report
Device
Protocol
Port
Vulnerabilities
Additional Information
80:fa:5f:84:17:16:12:03:83:5a:4d:69:1
e:70:7c:18
•ssh.hostkey.rsa.bits: 2048
•ssh.hostkey.rsa.fingerprint:
90:09:1b:72:9e:ee:4b:b8:40:b6:29:0a:
85:e6:9f:a1
•ssh.hostkey.type:
RSA,ECDSA,ED25519
•ssh.protocol.version: 2.0
10.220.251.92
tcp
22
0
•OpenBSD OpenSSH 7.2
•ssh.algorithms.compression:
none,zlib@openssh.com
•ssh.algorithms.encryption: aes128ctr,aes192-ctr,aes256-ctr
•ssh.algorithms.hostkey: ssh-rsa,rsasha2-512,rsa-sha2-256,ecdsa-sha2nistp256,ssh-ed25519
•ssh.algorithms.kex: curve25519sha256@libssh.org,ecdh-sha2nistp256,ecdh-sha2-nistp384,ecdhsha2-nistp521,diffie-hellman-groupexchange-sha256,diffie-hellmangroup14-sha1
•ssh.algorithms.mac: hmac-sha1,hmacsha2-256,hmac-sha2-512
•ssh.banner: SSH-2.0-OpenSSH_7.2
•ssh.hostkey.ecdsa.bits: 256
•ssh.hostkey.ecdsa.fingerprint:
02:9d:59:e2:3a:f8:3d:35:41:d3:ca:13:6
2:cf:86:f2
•ssh.hostkey.ed25519.bits: 256
•ssh.hostkey.ed25519.fingerprint:
80:fa:5f:84:17:16:12:03:83:5a:4d:69:1
e:70:7c:18
•ssh.hostkey.rsa.bits: 2048
•ssh.hostkey.rsa.fingerprint:
90:09:1b:72:9e:ee:4b:b8:40:b6:29:0a:
85:e6:9f:a1
•ssh.hostkey.type:
Page 228
Audit Report
Device
Protocol
Port
Vulnerabilities
Additional Information
RSA,ECDSA,ED25519
•ssh.protocol.version: 2.0
10.220.251.93
tcp
22
0
•OpenBSD OpenSSH 7.2
•ssh.algorithms.compression:
none,zlib@openssh.com
•ssh.algorithms.encryption: aes128ctr,aes192-ctr,aes256-ctr
•ssh.algorithms.hostkey: ssh-rsa,rsasha2-512,rsa-sha2-256,ecdsa-sha2nistp256,ssh-ed25519
•ssh.algorithms.kex: curve25519sha256@libssh.org,ecdh-sha2nistp256,ecdh-sha2-nistp384,ecdhsha2-nistp521,diffie-hellman-groupexchange-sha256,diffie-hellmangroup14-sha1
•ssh.algorithms.mac: hmac-sha1,hmacsha2-256,hmac-sha2-512
•ssh.banner: SSH-2.0-OpenSSH_7.2
•ssh.hostkey.ecdsa.bits: 256
•ssh.hostkey.ecdsa.fingerprint:
02:9d:59:e2:3a:f8:3d:35:41:d3:ca:13:6
2:cf:86:f2
•ssh.hostkey.ed25519.bits: 256
•ssh.hostkey.ed25519.fingerprint:
80:fa:5f:84:17:16:12:03:83:5a:4d:69:1
e:70:7c:18
•ssh.hostkey.rsa.bits: 2048
•ssh.hostkey.rsa.fingerprint:
90:09:1b:72:9e:ee:4b:b8:40:b6:29:0a:
85:e6:9f:a1
•ssh.hostkey.type:
RSA,ECDSA,ED25519
•ssh.protocol.version: 2.0
10.220.251.94
tcp
22
0
•OpenBSD OpenSSH 7.2
•ssh.algorithms.compression:
none,zlib@openssh.com
•ssh.algorithms.encryption: aes128ctr,aes192-ctr,aes256-ctr
Page 229
Audit Report
Device
Protocol
Port
Vulnerabilities
Additional Information
•ssh.algorithms.hostkey: ssh-rsa,rsasha2-512,rsa-sha2-256,ecdsa-sha2nistp256,ssh-ed25519
•ssh.algorithms.kex: curve25519sha256@libssh.org,ecdh-sha2nistp256,ecdh-sha2-nistp384,ecdhsha2-nistp521,diffie-hellman-groupexchange-sha256,diffie-hellmangroup14-sha1
•ssh.algorithms.mac: hmac-sha1,hmacsha2-256,hmac-sha2-512
•ssh.banner: SSH-2.0-OpenSSH_7.2
•ssh.hostkey.ecdsa.bits: 256
•ssh.hostkey.ecdsa.fingerprint:
02:9d:59:e2:3a:f8:3d:35:41:d3:ca:13:6
2:cf:86:f2
•ssh.hostkey.ed25519.bits: 256
•ssh.hostkey.ed25519.fingerprint:
80:fa:5f:84:17:16:12:03:83:5a:4d:69:1
e:70:7c:18
•ssh.hostkey.rsa.bits: 2048
•ssh.hostkey.rsa.fingerprint:
90:09:1b:72:9e:ee:4b:b8:40:b6:29:0a:
85:e6:9f:a1
•ssh.hostkey.type:
RSA,ECDSA,ED25519
•ssh.protocol.version: 2.0
10.220.251.95
tcp
22
0
•OpenBSD OpenSSH 7.2
•ssh.algorithms.compression:
none,zlib@openssh.com
•ssh.algorithms.encryption: aes128ctr,aes192-ctr,aes256-ctr
•ssh.algorithms.hostkey: ssh-rsa,rsasha2-512,rsa-sha2-256,ecdsa-sha2nistp256,ssh-ed25519
•ssh.algorithms.kex: curve25519sha256@libssh.org,ecdh-sha2nistp256,ecdh-sha2-nistp384,ecdhsha2-nistp521,diffie-hellman-group-
Page 230
Audit Report
Device
Protocol
Port
Vulnerabilities
Additional Information
exchange-sha256,diffie-hellmangroup14-sha1
•ssh.algorithms.mac: hmac-sha1,hmacsha2-256,hmac-sha2-512
•ssh.banner: SSH-2.0-OpenSSH_7.2
•ssh.hostkey.ecdsa.bits: 256
•ssh.hostkey.ecdsa.fingerprint:
02:9d:59:e2:3a:f8:3d:35:41:d3:ca:13:6
2:cf:86:f2
•ssh.hostkey.ed25519.bits: 256
•ssh.hostkey.ed25519.fingerprint:
80:fa:5f:84:17:16:12:03:83:5a:4d:69:1
e:70:7c:18
•ssh.hostkey.rsa.bits: 2048
•ssh.hostkey.rsa.fingerprint:
90:09:1b:72:9e:ee:4b:b8:40:b6:29:0a:
85:e6:9f:a1
•ssh.hostkey.type:
RSA,ECDSA,ED25519
•ssh.protocol.version: 2.0
10.220.251.96
tcp
22
0
•OpenBSD OpenSSH 7.2
•ssh.algorithms.compression:
none,zlib@openssh.com
•ssh.algorithms.encryption: aes128ctr,aes192-ctr,aes256-ctr
•ssh.algorithms.hostkey: ssh-rsa,rsasha2-512,rsa-sha2-256,ecdsa-sha2nistp256,ssh-ed25519
•ssh.algorithms.kex: curve25519sha256@libssh.org,ecdh-sha2nistp256,ecdh-sha2-nistp384,ecdhsha2-nistp521,diffie-hellman-groupexchange-sha256,diffie-hellmangroup14-sha1
•ssh.algorithms.mac: hmac-sha1,hmacsha2-256,hmac-sha2-512
•ssh.banner: SSH-2.0-OpenSSH_7.2
•ssh.hostkey.ecdsa.bits: 256
•ssh.hostkey.ecdsa.fingerprint:
Page 231
Audit Report
Device
Protocol
Port
Vulnerabilities
Additional Information
02:9d:59:e2:3a:f8:3d:35:41:d3:ca:13:6
2:cf:86:f2
•ssh.hostkey.ed25519.bits: 256
•ssh.hostkey.ed25519.fingerprint:
80:fa:5f:84:17:16:12:03:83:5a:4d:69:1
e:70:7c:18
•ssh.hostkey.rsa.bits: 2048
•ssh.hostkey.rsa.fingerprint:
90:09:1b:72:9e:ee:4b:b8:40:b6:29:0a:
85:e6:9f:a1
•ssh.hostkey.type:
RSA,ECDSA,ED25519
•ssh.protocol.version: 2.0
10.220.251.97
tcp
22
0
•OpenBSD OpenSSH 7.2
•ssh.algorithms.compression:
none,zlib@openssh.com
•ssh.algorithms.encryption: aes128ctr,aes192-ctr,aes256-ctr
•ssh.algorithms.hostkey: ssh-rsa,rsasha2-512,rsa-sha2-256,ecdsa-sha2nistp256,ssh-ed25519
•ssh.algorithms.kex: curve25519sha256@libssh.org,ecdh-sha2nistp256,ecdh-sha2-nistp384,ecdhsha2-nistp521,diffie-hellman-groupexchange-sha256,diffie-hellmangroup14-sha1
•ssh.algorithms.mac: hmac-sha1,hmacsha2-256,hmac-sha2-512
•ssh.banner: SSH-2.0-OpenSSH_7.2
•ssh.hostkey.ecdsa.bits: 256
•ssh.hostkey.ecdsa.fingerprint:
02:9d:59:e2:3a:f8:3d:35:41:d3:ca:13:6
2:cf:86:f2
•ssh.hostkey.ed25519.bits: 256
•ssh.hostkey.ed25519.fingerprint:
80:fa:5f:84:17:16:12:03:83:5a:4d:69:1
e:70:7c:18
•ssh.hostkey.rsa.bits: 2048
Page 232
Audit Report
Device
Protocol
Port
Vulnerabilities
Additional Information
•ssh.hostkey.rsa.fingerprint:
90:09:1b:72:9e:ee:4b:b8:40:b6:29:0a:
85:e6:9f:a1
•ssh.hostkey.type:
RSA,ECDSA,ED25519
•ssh.protocol.version: 2.0
10.220.251.98
tcp
22
0
•OpenBSD OpenSSH 7.2
•ssh.algorithms.compression:
none,zlib@openssh.com
•ssh.algorithms.encryption: aes128ctr,aes192-ctr,aes256-ctr
•ssh.algorithms.hostkey: ssh-rsa,rsasha2-512,rsa-sha2-256,ecdsa-sha2nistp256,ssh-ed25519
•ssh.algorithms.kex: curve25519sha256@libssh.org,ecdh-sha2nistp256,ecdh-sha2-nistp384,ecdhsha2-nistp521,diffie-hellman-groupexchange-sha256,diffie-hellmangroup14-sha1
•ssh.algorithms.mac: hmac-sha1,hmacsha2-256,hmac-sha2-512
•ssh.banner: SSH-2.0-OpenSSH_7.2
•ssh.hostkey.ecdsa.bits: 256
•ssh.hostkey.ecdsa.fingerprint:
02:9d:59:e2:3a:f8:3d:35:41:d3:ca:13:6
2:cf:86:f2
•ssh.hostkey.ed25519.bits: 256
•ssh.hostkey.ed25519.fingerprint:
80:fa:5f:84:17:16:12:03:83:5a:4d:69:1
e:70:7c:18
•ssh.hostkey.rsa.bits: 2048
•ssh.hostkey.rsa.fingerprint:
90:09:1b:72:9e:ee:4b:b8:40:b6:29:0a:
85:e6:9f:a1
•ssh.hostkey.type:
RSA,ECDSA,ED25519
•ssh.protocol.version: 2.0
10.220.251.99
tcp
22
0
•OpenBSD OpenSSH 7.2
Page 233
Audit Report
Device
Protocol
Port
Vulnerabilities
Additional Information
•ssh.algorithms.compression:
none,zlib@openssh.com
•ssh.algorithms.encryption: aes128ctr,aes192-ctr,aes256-ctr
•ssh.algorithms.hostkey: ssh-rsa,rsasha2-512,rsa-sha2-256,ecdsa-sha2nistp256,ssh-ed25519
•ssh.algorithms.kex: curve25519sha256@libssh.org,ecdh-sha2nistp256,ecdh-sha2-nistp384,ecdhsha2-nistp521,diffie-hellman-groupexchange-sha256,diffie-hellmangroup14-sha1
•ssh.algorithms.mac: hmac-sha1,hmacsha2-256,hmac-sha2-512
•ssh.banner: SSH-2.0-OpenSSH_7.2
•ssh.hostkey.ecdsa.bits: 256
•ssh.hostkey.ecdsa.fingerprint:
02:9d:59:e2:3a:f8:3d:35:41:d3:ca:13:6
2:cf:86:f2
•ssh.hostkey.ed25519.bits: 256
•ssh.hostkey.ed25519.fingerprint:
80:fa:5f:84:17:16:12:03:83:5a:4d:69:1
e:70:7c:18
•ssh.hostkey.rsa.bits: 2048
•ssh.hostkey.rsa.fingerprint:
90:09:1b:72:9e:ee:4b:b8:40:b6:29:0a:
85:e6:9f:a1
•ssh.hostkey.type:
RSA,ECDSA,ED25519
•ssh.protocol.version: 2.0
4.17. UPnP-HTTPU
UPnP, Universal Plug and Play, was designed to provide peer to peer networking of intelligent appliances, wireless devices, personal
computers, etc. UPnP compliant devices use HTTP, the HyperText Transfer Protocol, to advertise their services and provide
information to peers. This service is used to receive broadcasts, such as service advertisements from peer UPnP devices.
4.17.1. Discovered Instances of this Service
Device
Protocol
Port
Vulnerabilities
Additional Information
10.220.251.64
udp
1900
1
•upnp.headers.server: UPnP/2.0
Page 234
Audit Report
Device
Protocol
Port
Vulnerabilities
Additional Information
iBMC/3.43 ProductName/2288H V5
SN/2102351TGT10K6000005
•upnp.headers.usn: uuid:7A81A6B3E0CC-B7CF-E911CD9402A5735B::urn:dmtforg:service:redfish-rest:1
10.220.251.65
udp
1900
1
•upnp.headers.server: UPnP/2.0
iBMC/3.43 ProductName/2288H V5
SN/2102351TGT10K6000007
•upnp.headers.usn: uuid:8DBAA60E04FE-98CE-E91141951E736D6C::urn:dmtforg:service:redfish-rest:1
4.18. Xwindows
X Windows is the graphical desktop shell for UNIX environments. It inherently provides functionality to allow remote clients to run local
applications.
4.18.1. Discovered Instances of this Service
Device
Protocol
Port
Vulnerabilities
Additional Information
10.220.251.119
tcp
6000
0
•sslv3: false
•tlsv1_0: false
•tlsv1_1: false
•tlsv1_2: false
10.220.251.119
tcp
6001
0
•sslv3: false
•tlsv1_0: false
•tlsv1_1: false
•tlsv1_2: false
10.220.251.119
tcp
6002
0
•sslv3: false
•tlsv1_0: false
•tlsv1_1: false
•tlsv1_2: false
10.220.251.119
tcp
6003
0
•sslv3: false
•tlsv1_0: false
•tlsv1_1: false
•tlsv1_2: false
10.220.251.119
tcp
6004
0
•sslv3: false
•tlsv1_0: false
Page 235
Audit Report
Device
Protocol
Port
Vulnerabilities
Additional Information
•tlsv1_1: false
•tlsv1_2: false
10.220.251.119
tcp
6005
0
•sslv3: false
•tlsv1_0: false
•tlsv1_1: false
•tlsv1_2: false
10.220.251.119
tcp
6006
0
•sslv3: false
•tlsv1_0: false
•tlsv1_1: false
•tlsv1_2: false
10.220.251.119
tcp
6007
0
•sslv3: false
•tlsv1_0: false
•tlsv1_1: false
•tlsv1_2: false
10.220.251.119
tcp
6008
0
•sslv3: false
•tlsv1_0: false
•tlsv1_1: false
•tlsv1_2: false
10.220.251.119
tcp
6009
0
•sslv3: false
•tlsv1_0: false
•tlsv1_1: false
•tlsv1_2: false
4.19. echo
A server providing the echo service returns all data it receives back to the originating source. Its primary use is for debugging and
measurement.
4.19.1. General Security Issues
Diagnostics Denial-of-Service Attacks
Many implementations of diagnostics services (like echo, chargen, daytime, and discard) are vulnerable to denial-of-service attacks
which flood the service with diagnostics requests, causing the device to spend all its CPU power processing these requests (instead of
doing what it should be doing). One common attack against the echo service involves spoofing echo requests so that the device sends
echo replies back its own echo service, causing an infinite loop which uses up bandwidth and CPU. This can also be achieved by
tricking the chargen service to spam bytes at the echo service, and so on. For more information on the Echo UDP Looping vulnerability,
see the paper by Peter Shipley entitled "TCP/IP Weaknesses and Vulnerabilities": http://www.dis.org/filez/vun-1s.pdf Many Cisco
devices come with these diagnostics services enabled by default. For more information on how Cisco to protect Cisco devices from
diagnostics DoS attacks, see the following white paper: http://www.cisco.com/warp/public/707/3.html Diagnostics services should
always be blocked at the firewall. In addition, if you don't use the diagnostic services, you should disable them.
Page 236
Audit Report
4.19.2. Discovered Instances of this Service
Device
Protocol
Port
Vulnerabilities
10.220.251.52
udp
7
0
10.220.251.77
udp
7
0
10.220.251.81
udp
7
0
Additional Information
4.20. fics (Free Internet Chess Server)
4.20.1. Discovered Instances of this Service
Device
Protocol
Port
Vulnerabilities
Additional Information
10.220.251.36
tcp
5000
2
•ssl: true
•ssl.protocols: tlsv1_2
•sslv3: false
•tlsv1_0: false
•tlsv1_1: false
•tlsv1_2: true
•tlsv1_2.ciphers:
TLS_RSA_WITH_AES_128_CBC_SH
A256
•tlsv1_2.extensions:
RENEGOTIATION_INFO
10.220.251.48
tcp
5000
2
•ssl: true
•ssl.protocols: tlsv1_2
•sslv3: false
•tlsv1_0: false
•tlsv1_1: false
•tlsv1_2: true
•tlsv1_2.ciphers:
TLS_RSA_WITH_AES_128_CBC_SH
A256
•tlsv1_2.extensions:
RENEGOTIATION_INFO
10.220.251.49
tcp
5000
2
•ssl: true
•ssl.protocols: tlsv1_2
•sslv3: false
•tlsv1_0: false
•tlsv1_1: false
•tlsv1_2: true
Page 237
Audit Report
Device
Protocol
Port
Vulnerabilities
Additional Information
•tlsv1_2.ciphers:
TLS_RSA_WITH_AES_128_CBC_SH
A256
•tlsv1_2.extensions:
RENEGOTIATION_INFO
10.220.251.51
tcp
5000
2
•ssl: true
•ssl.protocols: tlsv1_2
•sslv3: false
•tlsv1_0: false
•tlsv1_1: false
•tlsv1_2: true
•tlsv1_2.ciphers:
TLS_RSA_WITH_AES_128_CBC_SH
A256
•tlsv1_2.extensions:
RENEGOTIATION_INFO
10.220.251.52
tcp
5000
2
•ssl: true
•ssl.protocols: tlsv1_2
•sslv3: false
•tlsv1_0: false
•tlsv1_1: false
•tlsv1_2: true
•tlsv1_2.ciphers:
TLS_RSA_WITH_AES_128_CBC_SH
A256
•tlsv1_2.extensions:
RENEGOTIATION_INFO
10.220.251.54
tcp
5000
2
•ssl: true
•ssl.protocols: tlsv1_2
•sslv3: false
•tlsv1_0: false
•tlsv1_1: false
•tlsv1_2: true
•tlsv1_2.ciphers:
TLS_RSA_WITH_AES_128_CBC_SH
A256
•tlsv1_2.extensions:
RENEGOTIATION_INFO
Page 238
Audit Report
4.21. mongodb
4.21.1. Discovered Instances of this Service
Device
Protocol
Port
Vulnerabilities
10.220.251.46
tcp
27017
0
Additional Information
4.22. mountd
4.22.1. Discovered Instances of this Service
Device
Protocol
Port
Vulnerabilities
Additional Information
10.220.251.36
udp
14381
0
•port.discovered.from: udp/111
•program-number: 100005
•program-version: 3
10.220.251.36
tcp
14381
0
•port.discovered.from: tcp/111
•program-number: 100005
•program-version: 3
10.220.251.46
tcp
49671
0
•port.discovered.from: udp/111
•program-number: 100005
•program-version: 3
10.220.251.46
tcp
49674
0
•port.discovered.from: udp/111
•program-number: 100005
•program-version: 2
10.220.251.46
tcp
49675
0
•port.discovered.from: udp/111
•program-number: 100005
•program-version: 1
10.220.251.47
tcp
60506
0
•port.discovered.from: udp/111
•program-number: 100005
•program-version: 3
10.220.251.47
tcp
60507
0
•port.discovered.from: udp/111
•program-number: 100005
•program-version: 2
10.220.251.47
tcp
60508
0
•port.discovered.from: udp/111
•program-number: 100005
•program-version: 1
4.23. nfs_acl
Page 239
Audit Report
4.23.1. Discovered Instances of this Service
Device
Protocol
Port
Vulnerabilities
Additional Information
10.220.251.36
tcp
2049
0
•port.discovered.from: tcp/111
•program-number: 100227
•program-version: 3
10.220.251.36
udp
2049
0
•port.discovered.from: udp/111
•program-number: 100227
•program-version: 3
4.24. portmapper
The Remote Procedure Call portmapper is a service that maps RPC programs to specific ports, and provides that information to client
programs. Since most RPC programs do not have a well defined port number, they are dynamically allocated a port number when they
are first run. Any client program that wishes to use a particular RPC program first contacts the portmapper to determine the port and
protocol of the specified RPC program. The client then uses that information to contact the RPC program directly. In addition some
implementations of the portmapper allow tunneling commands to RPC programs through the portmapper.
4.24.1. Discovered Instances of this Service
Device
Protocol
Port
Vulnerabilities
Additional Information
10.220.251.33
tcp
111
0
•port.discovered.from: udp/111
•program-number: 100000
•program-version: 2
10.220.251.33
udp
111
0
•port.discovered.from: udp/111
•program-number: 100000
•program-version: 2
10.220.251.34
tcp
111
0
•port.discovered.from: udp/111
•program-number: 100000
•program-version: 2
10.220.251.34
udp
111
0
•port.discovered.from: tcp/111
•program-number: 100000
•program-version: 2
10.220.251.35
tcp
111
0
•port.discovered.from: udp/111
•program-number: 100000
•program-version: 2
10.220.251.35
udp
111
0
•port.discovered.from: tcp/111
•program-number: 100000
•program-version: 2
10.220.251.36
tcp
111
0
•port.discovered.from: tcp/111
Page 240
Audit Report
Device
Protocol
Port
Vulnerabilities
Additional Information
•program-number: 100000
•program-version: 2
10.220.251.36
udp
111
0
•port.discovered.from: udp/111
•program-number: 100000
•program-version: 2
10.220.251.46
tcp
111
0
10.220.251.46
udp
111
0
10.220.251.47
tcp
111
0
10.220.251.47
udp
111
0
4.25. status
4.25.1. Discovered Instances of this Service
Device
Protocol
Port
Vulnerabilities
Additional Information
10.220.251.33
tcp
14380
0
•port.discovered.from: tcp/111
•program-number: 100024
•program-version: 1
10.220.251.33
udp
14380
0
•port.discovered.from: udp/111
•program-number: 100024
•program-version: 1
10.220.251.34
tcp
14380
0
•port.discovered.from: tcp/111
•program-number: 100024
•program-version: 1
10.220.251.34
udp
14380
0
•port.discovered.from: tcp/111
•program-number: 100024
•program-version: 1
10.220.251.35
tcp
14380
0
•port.discovered.from: tcp/111
•program-number: 100024
•program-version: 1
10.220.251.35
udp
14380
0
•port.discovered.from: udp/111
•program-number: 100024
•program-version: 1
10.220.251.36
udp
14380
0
•port.discovered.from: udp/111
•program-number: 100024
•program-version: 1
Page 241
Audit Report
Device
Protocol
Port
Vulnerabilities
Additional Information
10.220.251.36
tcp
14380
0
•port.discovered.from: tcp/111
•program-number: 100024
•program-version: 1
Page 242
Audit Report
5. Discovered Users and Groups
No user or group information was discovered during the scan.
Page 243
Audit Report
6. Discovered Databases
No database information was discovered during the scan.
Page 244
Audit Report
7. Discovered Files and Directories
No file or directory information was discovered during the scan.
Page 245
Audit Report
8. Policy Evaluations
No policy evaluations were performed.
Page 246
Audit Report
9. Spidered Web Sites
9.1. http://10.220.251.24:80
9.1.1. Common Default URLs
The following URLs were guessed. They are often included with default web server or web server add-on installations.
Redirect (302)
•login.html
9.1.2. Guessed URLs
The following URLs were guessed using various tricks based on the discovered web site content.
Error (400)
•?P=+ADw-script+AD4-alert(42)+ADw•script+AD4-
Redirect (302)
•login.html
•<script>xss<
•script>
9.1.3. Linked URLs
The following URLs were found as links in the content of other web pages.
Redirect (302)
9.2. http://10.220.251.25:80
9.2.1. Common Default URLs
The following URLs were guessed. They are often included with default web server or web server add-on installations.
Redirect (302)
•login.html
9.2.2. Guessed URLs
The following URLs were guessed using various tricks based on the discovered web site content.
Error (400)
•?P=+ADw-script+AD4-alert(42)+ADw•script+AD4-
Page 247
Audit Report
Redirect (302)
•login.html
•<script>xss<
•script>
9.2.3. Linked URLs
The following URLs were found as links in the content of other web pages.
Redirect (302)
9.3. http://10.220.251.26:80
9.3.1. Common Default URLs
The following URLs were guessed. They are often included with default web server or web server add-on installations.
Redirect (302)
•login.html
9.3.2. Guessed URLs
The following URLs were guessed using various tricks based on the discovered web site content.
Error (400)
•?P=+ADw-script+AD4-alert(42)+ADw•script+AD4-
Redirect (302)
•login.html
•<script>xss<
•script>
9.3.3. Linked URLs
The following URLs were found as links in the content of other web pages.
Redirect (302)
9.4. http://10.220.251.27:80
9.4.1. Common Default URLs
The following URLs were guessed. They are often included with default web server or web server add-on installations.
Redirect (302)
•login.html
Page 248
Audit Report
9.4.2. Guessed URLs
The following URLs were guessed using various tricks based on the discovered web site content.
Error (400)
•?P=+ADw-script+AD4-alert(42)+ADw•script+AD4-
Redirect (302)
•login.html
•<script>xss<
•script>
9.4.3. Linked URLs
The following URLs were found as links in the content of other web pages.
Redirect (302)
9.5. http://10.220.251.28:80
9.5.1. Common Default URLs
The following URLs were guessed. They are often included with default web server or web server add-on installations.
Redirect (302)
•login.html
9.5.2. Guessed URLs
The following URLs were guessed using various tricks based on the discovered web site content.
Error (400)
•?P=+ADw-script+AD4-alert(42)+ADw•script+AD4-
Redirect (302)
•login.html
•<script>xss<
•script>
9.5.3. Linked URLs
The following URLs were found as links in the content of other web pages.
Redirect (302)
9.6. http://10.220.251.29:80
Page 249
Audit Report
9.6.1. Common Default URLs
The following URLs were guessed. They are often included with default web server or web server add-on installations.
Redirect (302)
•login.html
9.6.2. Guessed URLs
The following URLs were guessed using various tricks based on the discovered web site content.
Error (400)
•?P=+ADw-script+AD4-alert(42)+ADw•script+AD4-
Redirect (302)
•login.html
•<script>xss<
•script>
9.6.3. Linked URLs
The following URLs were found as links in the content of other web pages.
Redirect (302)
9.7. http://10.220.251.30:80
9.7.1. Common Default URLs
The following URLs were guessed. They are often included with default web server or web server add-on installations.
Redirect (302)
•login.html
9.7.2. Guessed URLs
The following URLs were guessed using various tricks based on the discovered web site content.
Error (400)
•?P=+ADw-script+AD4-alert(42)+ADw•script+AD4-
Redirect (302)
•login.html
•<script>xss<
•script>
Page 250
Audit Report
9.7.3. Linked URLs
The following URLs were found as links in the content of other web pages.
Redirect (302)
9.8. http://10.220.251.31:80
9.8.1. Common Default URLs
The following URLs were guessed. They are often included with default web server or web server add-on installations.
Redirect (302)
•login.html
9.8.2. Guessed URLs
The following URLs were guessed using various tricks based on the discovered web site content.
Error (400)
•?P=+ADw-script+AD4-alert(42)+ADw•script+AD4-
Redirect (302)
•login.html
•<script>xss<
•script>
9.8.3. Linked URLs
The following URLs were found as links in the content of other web pages.
Redirect (302)
9.9. http://10.220.251.32:80
9.9.1. Common Default URLs
The following URLs were guessed. They are often included with default web server or web server add-on installations.
Redirect (302)
•login.html
9.9.2. Guessed URLs
The following URLs were guessed using various tricks based on the discovered web site content.
Error (400)
•?P=+ADw-script+AD4-alert(42)+ADw•script+AD4-
Page 251
Audit Report
Redirect (302)
•login.html
•<script>xss<
•script>
9.9.3. Linked URLs
The following URLs were found as links in the content of other web pages.
Redirect (302)
9.10. http://10.220.251.46:80
9.10.1. Common Default URLs
The following URLs were guessed. They are often included with default web server or web server add-on installations.
Access Error (403)
•manager
Redirect (302)
•adminconsole
9.10.2. Guessed URLs
The following URLs were guessed using various tricks based on the discovered web site content.
Access Error (403)
•manager
•ADw-script AD4-alert(42) ADw•script AD4-
Error (400)
•"<script>TestScriptValueHere<
•script>"
•<script>xss<
•%23script>.asp%23
•%23script>.aspx%23
•%23script>.jsp%23
•%23script>.php%23
•script>.CGI
•script>.FCGI
•script>.PHP
•script>.PHP3
•script>.PHP4
Page 252
Audit Report
•script>.PHP5
•script>.PHTML
•script>.PL
•script>.PY
•script>.RB
•script>.SH
•script>.SHTML
•script>.asp
•script>.asp%2E
•script>.asp%3f.jsp
•script>.asp%81
•script>.asp+htr
•script>.asp.
•script>.asp.bak
•script>.asp.old
•script>.asp.tmp
•script>.asp
•script>
•script>.asp::$DATA
•script>.aspx
•script>.aspx%3f.jsp
•script>.aspx+htr
•script>.aspx.bak
•script>.aspx.old
•script>.aspx.tmp
•script>.aspx
•script>
•script>.aspx~
•script>.asp~
•script>.jsp
•script>.jsp%00
•script>.jsp%5C
•script>.jsp.bak
•script>.jsp.old
•script>.jsp.tmp
•script>.jsp~
•script>.php
•script>.php.
•script>.php.bak
•script>.php.old
Page 253
Audit Report
•script>.php.tmp
•script>.php
•script>
•script>.php~
•script>.py
•script>.py.
•script>.rb
•script>.rb.
•script>.shtml
•script>.shtml.
•script>.shtml
•script>
•script>.asp%20&CiRestriction=none&CiHiliteType=Full
•script>.asp&CiRestriction=%22<script>TestScriptValueHere<
•script>%22
•script>.asp&CiRestriction=none&CiHiliteType=Full
•script>.aspx%20&CiRestriction=none&CiHiliteType=Full
•script>.aspx&CiRestriction=%22<script>TestScriptValueHere<
•script>%22
•script>.aspx&CiRestriction=none&CiHiliteType=Full
•null.htw?CiWebHitsFile=
Redirect (302)
•adminconsole
•?P=+ADw-script+AD4-alert(42)+ADw•script+AD4-
9.10.3. Linked URLs
The following URLs were found as links in the content of other web pages.
Redirect (301)
•adminconsole
•wcSSO.do
Redirect (302)
•webconsole
Successful (200)
9.11. http://10.220.251.46:81
Page 254
Audit Report
9.11.1. Common Default URLs
The following URLs were guessed. They are often included with default web server or web server add-on installations.
Redirect (301)
•aspnet_client
•system_web
9.11.2. Guessed URLs
The following URLs were guessed using various tricks based on the discovered web site content.
Access Error (403)
•Trace.axd
•aspnet_client
•system_web
•Trace.axd
Error (400)
•"<script>TestScriptValueHere<
•script>"
•<script>xss<
•script>.asp
•script>.asp
•script>
•script>.aspx
•script>.aspx
•script>
•script>.jsp
•script>.php
•script>.php
•script>
•script>.py
•script>.rb
•script>.shtml
•script>.shtml
•script>
9.11.3. Linked URLs
The following URLs were found as links in the content of other web pages.
Access Error (403)
•aspnet_client
•system_web
Page 255
Audit Report
Successful (200)
9.12. http://10.220.251.46:82
9.12.1. Common Default URLs
The following URLs were guessed. They are often included with default web server or web server add-on installations.
Redirect (301)
•aspnet_client
•system_web
9.12.2. Guessed URLs
The following URLs were guessed using various tricks based on the discovered web site content.
Access Error (403)
•Trace.axd
•aspnet_client
•system_web
•Trace.axd
Error (400)
•"<script>TestScriptValueHere<
•script>"
•<script>xss<
•script>.asp
•script>.asp
•script>
•script>.aspx
•script>.aspx
•script>
•script>.jsp
•script>.php
•script>.php
•script>
•script>.py
•script>.rb
•script>.shtml
•script>.shtml
•script>
9.12.3. Linked URLs
The following URLs were found as links in the content of other web pages.
Page 256
Audit Report
Access Error (403)
•aspnet_client
•system_web
Successful (200)
9.13. http://10.220.251.64:80
9.13.1. Common Default URLs
The following URLs were guessed. They are often included with default web server or web server add-on installations.
Redirect (302)
•login.html
9.13.2. Guessed URLs
The following URLs were guessed using various tricks based on the discovered web site content.
Redirect (302)
•login.html
•<script>xss<
•script>
9.13.3. Linked URLs
The following URLs were found as links in the content of other web pages.
Redirect (302)
9.14. http://10.220.251.65:80
9.14.1. Common Default URLs
The following URLs were guessed. They are often included with default web server or web server add-on installations.
Redirect (302)
•login.html
9.14.2. Guessed URLs
The following URLs were guessed using various tricks based on the discovered web site content.
Redirect (302)
•login.html
•<script>xss<
•script>
Page 257
Audit Report
9.14.3. Linked URLs
The following URLs were found as links in the content of other web pages.
Redirect (302)
9.15. http://10.220.251.82:80
9.15.1. Common Default URLs
The following URLs were guessed. They are often included with default web server or web server add-on installations.
Redirect (302)
•login.html
9.15.2. Guessed URLs
The following URLs were guessed using various tricks based on the discovered web site content.
Error (400)
•?P=+ADw-script+AD4-alert(42)+ADw•script+AD4-
Redirect (302)
•login.html
•<script>xss<
•script>
9.15.3. Linked URLs
The following URLs were found as links in the content of other web pages.
Redirect (302)
9.16. http://10.220.251.83:80
9.16.1. Common Default URLs
The following URLs were guessed. They are often included with default web server or web server add-on installations.
Redirect (302)
•login.html
9.16.2. Guessed URLs
The following URLs were guessed using various tricks based on the discovered web site content.
Error (400)
•?P=+ADw-script+AD4-alert(42)+ADw•script+AD4-
Page 258
Audit Report
Redirect (302)
•login.html
•<script>xss<
•script>
9.16.3. Linked URLs
The following URLs were found as links in the content of other web pages.
Redirect (302)
9.17. http://10.220.251.84:80
9.17.1. Common Default URLs
The following URLs were guessed. They are often included with default web server or web server add-on installations.
Redirect (302)
•login.html
9.17.2. Guessed URLs
The following URLs were guessed using various tricks based on the discovered web site content.
Error (400)
•?P=+ADw-script+AD4-alert(42)+ADw•script+AD4-
Redirect (302)
•login.html
•<script>xss<
•script>
9.17.3. Linked URLs
The following URLs were found as links in the content of other web pages.
Redirect (302)
9.18. https://10.220.251.24:443
9.18.1. Common Default URLs
The following URLs were guessed. They are often included with default web server or web server add-on installations.
Successful (200)
•login.html
Page 259
Audit Report
9.18.2. Guessed URLs
The following URLs were guessed using various tricks based on the discovered web site content.
Access Error (403)
•index.bak
•loginhandler.php.bak
•loginhandler.php.tmp
•loginhandler.php
•<script>xss<
•script>
•loginhandler.php~
Error (400)
•?P=+ADw-script+AD4-alert(42)+ADw•script+AD4-
Redirect (302)
•check_first_login.html
•<script>xss<
•script>
•script>
•script>
•script>
•error.html
•index.html
•login.html
Successful (200)
•error.html?type=3
9.18.3. Linked URLs
The following URLs were found as links in the content of other web pages.
Access Error (403)
•loginhandler.php
Redirect (302)
•check_first_login.html?chassisid=0
•index.html?chassisid=0
Successful (200)
•css
•en_css.css
Page 260
Audit Report
•login.css
•js
•jquery-3.2.1.min.js
•jquery-migrate-1.4.1.min.js
•l10n.js
•main.js
•messagebox.js
•popbox2.js
9.19. https://10.220.251.25:443
9.19.1. Common Default URLs
The following URLs were guessed. They are often included with default web server or web server add-on installations.
Successful (200)
•login.html
9.19.2. Guessed URLs
The following URLs were guessed using various tricks based on the discovered web site content.
Access Error (403)
•index.bak
•loginhandler.php.bak
•loginhandler.php.tmp
•loginhandler.php
•<script>xss<
•script>
•loginhandler.php~
Error (400)
•?P=+ADw-script+AD4-alert(42)+ADw•script+AD4-
Redirect (302)
•check_first_login.html
•<script>xss<
•script>
•script>
•script>
•script>
•error.html
Page 261
Audit Report
•index.html
•login.html
Successful (200)
•error.html?type=3
9.19.3. Linked URLs
The following URLs were found as links in the content of other web pages.
Access Error (403)
•loginhandler.php
Redirect (302)
•check_first_login.html?chassisid=0
•index.html?chassisid=0
Successful (200)
•css
•en_css.css
•login.css
•js
•jquery-3.2.1.min.js
•jquery-migrate-1.4.1.min.js
•l10n.js
•main.js
•messagebox.js
•popbox2.js
9.20. https://10.220.251.26:443
9.20.1. Common Default URLs
The following URLs were guessed. They are often included with default web server or web server add-on installations.
Successful (200)
•login.html
9.20.2. Guessed URLs
The following URLs were guessed using various tricks based on the discovered web site content.
Access Error (403)
•index.bak
•loginhandler.php.bak
Page 262
Audit Report
•loginhandler.php.tmp
•loginhandler.php
•<script>xss<
•script>
•loginhandler.php~
Error (400)
•?P=+ADw-script+AD4-alert(42)+ADw•script+AD4-
Redirect (302)
•check_first_login.html
•<script>xss<
•script>
•script>
•script>
•script>
•error.html
•index.html
•login.html
Successful (200)
•error.html?type=3
9.20.3. Linked URLs
The following URLs were found as links in the content of other web pages.
Access Error (403)
•loginhandler.php
Redirect (302)
•check_first_login.html?chassisid=0
•index.html?chassisid=0
Successful (200)
•css
•en_css.css
•login.css
•js
•jquery-3.2.1.min.js
•jquery-migrate-1.4.1.min.js
•l10n.js
Page 263
Audit Report
•main.js
•messagebox.js
•popbox2.js
9.21. https://10.220.251.27:443
9.21.1. Common Default URLs
The following URLs were guessed. They are often included with default web server or web server add-on installations.
Successful (200)
•login.html
9.21.2. Guessed URLs
The following URLs were guessed using various tricks based on the discovered web site content.
Access Error (403)
•index.bak
•loginhandler.php.bak
•loginhandler.php.tmp
•loginhandler.php
•<script>xss<
•script>
•loginhandler.php~
Error (400)
•?P=+ADw-script+AD4-alert(42)+ADw•script+AD4-
Redirect (302)
•check_first_login.html
•<script>xss<
•script>
•script>
•script>
•script>
•error.html
•index.html
•login.html
Successful (200)
•error.html?type=3
Page 264
Audit Report
9.21.3. Linked URLs
The following URLs were found as links in the content of other web pages.
Access Error (403)
•loginhandler.php
Redirect (302)
•check_first_login.html?chassisid=0
•index.html?chassisid=0
Successful (200)
•css
•en_css.css
•login.css
•js
•jquery-3.2.1.min.js
•jquery-migrate-1.4.1.min.js
•l10n.js
•main.js
•messagebox.js
•popbox2.js
9.22. https://10.220.251.28:443
9.22.1. Common Default URLs
The following URLs were guessed. They are often included with default web server or web server add-on installations.
Successful (200)
•login.html
9.22.2. Guessed URLs
The following URLs were guessed using various tricks based on the discovered web site content.
Access Error (403)
•index.bak
•loginhandler.php.bak
•loginhandler.php.tmp
•loginhandler.php
•<script>xss<
•script>
•loginhandler.php~
Page 265
Audit Report
Error (400)
•?P=+ADw-script+AD4-alert(42)+ADw•script+AD4-
Redirect (302)
•check_first_login.html
•<script>xss<
•script>
•script>
•script>
•script>
•error.html
•index.html
•login.html
Successful (200)
•error.html?type=3
9.22.3. Linked URLs
The following URLs were found as links in the content of other web pages.
Access Error (403)
•loginhandler.php
Redirect (302)
•check_first_login.html?chassisid=0
•index.html?chassisid=0
Successful (200)
•css
•en_css.css
•login.css
•js
•jquery-3.2.1.min.js
•jquery-migrate-1.4.1.min.js
•l10n.js
•main.js
•messagebox.js
•popbox2.js
9.23. https://10.220.251.29:443
Page 266
Audit Report
9.23.1. Common Default URLs
The following URLs were guessed. They are often included with default web server or web server add-on installations.
Successful (200)
•login.html
9.23.2. Guessed URLs
The following URLs were guessed using various tricks based on the discovered web site content.
Access Error (403)
•index.bak
•loginhandler.php.bak
•loginhandler.php.tmp
•loginhandler.php
•<script>xss<
•script>
•loginhandler.php~
Error (400)
•?P=+ADw-script+AD4-alert(42)+ADw•script+AD4-
Redirect (302)
•check_first_login.html
•<script>xss<
•script>
•script>
•script>
•script>
•error.html
•index.html
•login.html
Successful (200)
•error.html?type=3
9.23.3. Linked URLs
The following URLs were found as links in the content of other web pages.
Access Error (403)
•loginhandler.php
Redirect (302)
Page 267
Audit Report
•check_first_login.html?chassisid=0
•index.html?chassisid=0
Successful (200)
•css
•en_css.css
•login.css
•js
•jquery-3.2.1.min.js
•jquery-migrate-1.4.1.min.js
•l10n.js
•main.js
•messagebox.js
•popbox2.js
9.24. https://10.220.251.30:443
9.24.1. Common Default URLs
The following URLs were guessed. They are often included with default web server or web server add-on installations.
Successful (200)
•login.html
9.24.2. Guessed URLs
The following URLs were guessed using various tricks based on the discovered web site content.
Access Error (403)
•index.bak
•loginhandler.php.bak
•loginhandler.php.tmp
•loginhandler.php
•<script>xss<
•script>
•loginhandler.php~
Error (400)
•?P=+ADw-script+AD4-alert(42)+ADw•script+AD4-
Redirect (302)
•check_first_login.html
•<script>xss<
•script>
Page 268
Audit Report
•script>
•script>
•script>
•error.html
•index.html
•login.html
Successful (200)
•error.html?type=3
9.24.3. Linked URLs
The following URLs were found as links in the content of other web pages.
Access Error (403)
•loginhandler.php
Redirect (302)
•check_first_login.html?chassisid=0
•index.html?chassisid=0
Successful (200)
•css
•en_css.css
•login.css
•js
•jquery-3.2.1.min.js
•jquery-migrate-1.4.1.min.js
•l10n.js
•main.js
•messagebox.js
•popbox2.js
9.25. https://10.220.251.31:443
9.25.1. Common Default URLs
The following URLs were guessed. They are often included with default web server or web server add-on installations.
Successful (200)
•login.html
9.25.2. Guessed URLs
The following URLs were guessed using various tricks based on the discovered web site content.
Page 269
Audit Report
Access Error (403)
•index.bak
•loginhandler.php.bak
•loginhandler.php.tmp
•loginhandler.php
•<script>xss<
•script>
•loginhandler.php~
Error (400)
•?P=+ADw-script+AD4-alert(42)+ADw•script+AD4-
Redirect (302)
•check_first_login.html
•<script>xss<
•script>
•script>
•script>
•script>
•error.html
•index.html
•login.html
Successful (200)
•error.html?type=3
9.25.3. Linked URLs
The following URLs were found as links in the content of other web pages.
Access Error (403)
•loginhandler.php
Redirect (302)
•check_first_login.html?chassisid=0
•index.html?chassisid=0
Successful (200)
•css
•en_css.css
•login.css
•js
•jquery-3.2.1.min.js
Page 270
Audit Report
•jquery-migrate-1.4.1.min.js
•l10n.js
•main.js
•messagebox.js
•popbox2.js
9.26. https://10.220.251.32:443
9.26.1. Common Default URLs
The following URLs were guessed. They are often included with default web server or web server add-on installations.
Successful (200)
•login.html
9.26.2. Guessed URLs
The following URLs were guessed using various tricks based on the discovered web site content.
Access Error (403)
•index.bak
•loginhandler.php.bak
•loginhandler.php.tmp
•loginhandler.php
•<script>xss<
•script>
•loginhandler.php~
Error (400)
•?P=+ADw-script+AD4-alert(42)+ADw•script+AD4-
Redirect (302)
•check_first_login.html
•<script>xss<
•script>
•script>
•script>
•script>
•error.html
•index.html
•login.html
Page 271
Audit Report
Successful (200)
•error.html?type=3
9.26.3. Linked URLs
The following URLs were found as links in the content of other web pages.
Access Error (403)
•loginhandler.php
Redirect (302)
•check_first_login.html?chassisid=0
•index.html?chassisid=0
Successful (200)
•css
•en_css.css
•login.css
•js
•jquery-3.2.1.min.js
•jquery-migrate-1.4.1.min.js
•l10n.js
•main.js
•messagebox.js
•popbox2.js
9.27. https://10.220.251.46:443
9.27.1. Common Default URLs
The following URLs were guessed. They are often included with default web server or web server add-on installations.
Access Error (403)
•manager
9.27.2. Guessed URLs
The following URLs were guessed using various tricks based on the discovered web site content.
Access Error (403)
•manager
•ADw-script AD4-alert(42) ADw•script AD4-
Error (400)
Page 272
Audit Report
•"<script>TestScriptValueHere<
•script>"
•<script>xss<
•%23script>.asp%23
•%23script>.aspx%23
•%23script>.jsp%23
•%23script>.php%23
•script>.CGI
•script>.FCGI
•script>.PHP
•script>.PHP3
•script>.PHP4
•script>.PHP5
•script>.PHTML
•script>.PL
•script>.PY
•script>.RB
•script>.SH
•script>.SHTML
•script>.asp
•script>.asp%2E
•script>.asp%3f.jsp
•script>.asp%81
•script>.asp+htr
•script>.asp.
•script>.asp.bak
•script>.asp.old
•script>.asp.tmp
•script>.asp
•script>
•script>.asp::$DATA
•script>.aspx
•script>.aspx%3f.jsp
•script>.aspx+htr
•script>.aspx.bak
•script>.aspx.old
•script>.aspx.tmp
•script>.aspx
•script>
•script>.aspx~
Page 273
Audit Report
•script>.asp~
•script>.jsp
•script>.jsp%00
•script>.jsp%5C
•script>.jsp.bak
•script>.jsp.old
•script>.jsp.tmp
•script>.jsp~
•script>.php
•script>.php.
•script>.php.bak
•script>.php.old
•script>.php.tmp
•script>.php
•script>
•script>.php~
•script>.py
•script>.py.
•script>.rb
•script>.rb.
•script>.shtml
•script>.shtml.
•script>.shtml
•script>
•script>.asp%20&CiRestriction=none&CiHiliteType=Full
•script>.asp&CiRestriction=%22<script>TestScriptValueHere<
•script>%22
•script>.asp&CiRestriction=none&CiHiliteType=Full
•script>.aspx%20&CiRestriction=none&CiHiliteType=Full
•script>.aspx&CiRestriction=%22<script>TestScriptValueHere<
•script>%22
•script>.aspx&CiRestriction=none&CiHiliteType=Full
•Chrome
•(
•d+)
•),c=navigator.userAgent.match(
•Edge
•);b(c||!a||parseInt(a[1],10)
•all|left
•.test(P)&&L==0?c?t:r:
Page 274
Audit Report
•all|right
•.test(P)&&L==0?c?r:t:
•canvas|textarea|input|select|button|img
•i)&&(this.element.wrap(a(
•document
•.test(h)||h==document)e.containerOffset={left:0,top:0},e.containerPosition={left:0,top:0},e.parentData={element:a(document),left:0,top:
0,width:a(document).width(),height:a(document).height()||document.body.parentNode.scrollHeight};else{var
•getIDPSSORedirectUrl.do?username
•x3d
•h{1,2}
•ig,
•input|select|textarea|button|object
•.test(e)?!b.disabled:
•login
•index.jsp$
•)||(loc.match(
•login$
•)||loc.match(
•logout.jsp$
•$
•)));console.debug(
•forgotPassword.jsp%00
•forgotPassword.jsp%5C
•index.jsp%00
•index.jsp%5C
•registerRegular.jsp%00
•registerRegular.jsp%5C
•l{1}
•ig,
•m{1,2}
•ig,
•null.htw?CiWebHitsFile=
•right|left
•.test(a)){var
•s{1,2}
•ig,
•textarea|input|select|button
•i)){var
•t{1,2}
•ig,
Page 275
Audit Report
•ui-resizable-(se|sw|ne|nw|n|e|s|w)
•i);b.axis=a&&a[1]?a[1]:
•webconsole
•z{1}
•ig,
Redirect (302)
•webconsole
•?P=+ADw-script+AD4-alert(42)+ADw•script+AD4•index.jsp
Successful (200)
•webconsole
•common
•behavior.jsp
•css
•IE8Styles.css?1606211146263
•reportsNav.css?1606211146263
•login
•js
•legalNotice.do
•reports
•responsive
9.27.3. Linked URLs
The following URLs were found as links in the content of other web pages.
Redirect (302)
•webconsole
Successful (200)
•webconsole
•applications
•css
•apps.css?1606211146263
•custom-cb.css?1606211146263
•cvdialog.css?1606211146263
•headerstyles.css?1606211146263
•jquery-ui-timepicker-addon.css?1606211146263
•jquery.loadmask.css?1606211146263
Page 276
Audit Report
•notificationHistory.css?1606211146263
•sprites.css?1606211146263
•template-bootstrap.css?1606211146263
•templatestyles.css?1606211146263
•theme
•jquery-ui.css?1606211146263
•ui.notify.css?1606211146263
•bareFrameModeCss.do?1606211146263
•clientLoggingJs.do?1606211146263
•common
•bootstrap
•fonts
•glyphicons-filetypes-regular.eot
•glyphicons-filetypes-regular.svg
•glyphicons-filetypes-regular.ttf
•glyphicons-filetypes-regular.woff
•glyphicons-filetypes-regular.woff2
•glyphicons-halflings-regular.eot
•glyphicons-halflings-regular.svg
•glyphicons-halflings-regular.ttf
•glyphicons-halflings-regular.woff
•glyphicons-halflings-regular.woff2
•glyphicons-regular.eot
•glyphicons-regular.svg
•glyphicons-regular.ttf
•glyphicons-regular.woff
•glyphicons-regular.woff2
•glyphicons-halflings-regular.eot
•glyphicons-halflings-regular.svg
•glyphicons-halflings-regular.ttf
•glyphicons-halflings-regular.woff
•glyphicons-halflings-regular.woff2
•javascripts
•bootstrap.min.js?1606211146263
•csspie
•PIE.htc
•customTheme.do?1606211146263
•js
•custom-cb.js?1606211146263
•custom-modal.js?1606211146263
Page 277
Audit Report
•cvutil.js?1606211146263
•dateformatter.js?1606211146263
•encoder.js?1606211146263
•hashMap.js?1606211146263
•jquery-migrate-1.2.1.js?1606211146263
•jquery-ui-min.js?1606211146263
•jquery-ui-timepicker-addon.js?1606211146263
•jquery.cookie.js?1606211146263
•jquery.loadmask.min.js?1606211146263
•jquery.min.js?1606211146263
•jquery.notify.js?1606211146263
•localforage.min.js?1606211146263
•logUtil.js?1606211146263
•mustache.js?1606211146263
•notificationHistory.js?1606211146263
•pollTaskHandler.js?1606211146263
•forgotPassword.js?1606211146263
•login.js?1606211146263
•register.js?1606211146263
•thirdParty
•glyphicons
•glyphicons-filetypes.css?1606211146263
•glyphicons-halflings.css?1606211146263
•glyphicons.css?1606211146263
•devModeCss.do?1606211146263
•devModeJs.do?1606211146263
•getCaptcha.do
•login
•forgotPassword.jsp
•index.jsp
•registerRegular.jsp
•settings
•settings.css?1606211146263
9.28. https://10.220.251.64:443
9.28.1. Common Default URLs
The following URLs were guessed. They are often included with default web server or web server add-on installations.
Successful (200)
•login.html
Page 278
Audit Report
9.28.2. Guessed URLs
The following URLs were guessed using various tricks based on the discovered web site content.
Access Error (403)
•index.bak
•index.php.bak
•index.php.tmp
•index.php~
Redirect (301)
•bmc
•resources
•i18n
•js
•widget
•i18n
•js
•tiny-common
•tiny-directives
•tiny-lib
•tiny-widgets
Redirect (302)
•index.php
•<script>xss<
•script>
Successful (200)
•login.html
•<script>xss<
•script>
9.28.3. Linked URLs
The following URLs were found as links in the content of other web pages.
Redirect (302)
•index.php
Successful (200)
•bmc
•resources
•css
•cmn.css?resource_id=15585350952019
Page 279
Audit Report
•frame.css?resource_id=15585350952019
•jquery-ui.css?resource_id=15585350952019
•i18n
•en_ibmclanguageset.js?resource_id=15585350952019
•versionInfo.js?resource_id=15585350952019
•js
•module-config.js?resource_id=15585350952019
•tiny-lib
•require.js?resource_id=15585350952019
•widget
9.29. https://10.220.251.65:443
9.29.1. Common Default URLs
The following URLs were guessed. They are often included with default web server or web server add-on installations.
Successful (200)
•login.html
9.29.2. Guessed URLs
The following URLs were guessed using various tricks based on the discovered web site content.
Access Error (403)
•index.bak
•index.php.bak
•index.php.tmp
•index.php~
Redirect (301)
•bmc
•resources
•i18n
•js
•widget
•i18n
•js
•tiny-common
•tiny-directives
•tiny-lib
•tiny-widgets
Page 280
Audit Report
Redirect (302)
•index.php
•<script>xss<
•script>
Successful (200)
•login.html
•<script>xss<
•script>
9.29.3. Linked URLs
The following URLs were found as links in the content of other web pages.
Redirect (302)
•index.php
Successful (200)
•bmc
•resources
•css
•cmn.css?resource_id=15585350952019
•frame.css?resource_id=15585350952019
•jquery-ui.css?resource_id=15585350952019
•i18n
•en_ibmclanguageset.js?resource_id=15585350952019
•versionInfo.js?resource_id=15585350952019
•js
•module-config.js?resource_id=15585350952019
•tiny-lib
•require.js?resource_id=15585350952019
•widget
9.30. https://10.220.251.82:443
9.30.1. Common Default URLs
The following URLs were guessed. They are often included with default web server or web server add-on installations.
Successful (200)
•login.html
9.30.2. Guessed URLs
The following URLs were guessed using various tricks based on the discovered web site content.
Page 281
Audit Report
Access Error (403)
•index.bak
•loginhandler.php.bak
•loginhandler.php.tmp
•loginhandler.php
•<script>xss<
•script>
•loginhandler.php~
Error (400)
•?P=+ADw-script+AD4-alert(42)+ADw•script+AD4-
Redirect (302)
•check_first_login.html
•<script>xss<
•script>
•script>
•script>
•script>
•error.html
•index.html
•login.html
Successful (200)
•error.html?type=3
9.30.3. Linked URLs
The following URLs were found as links in the content of other web pages.
Access Error (403)
•loginhandler.php
Redirect (302)
•check_first_login.html?chassisid=0
•index.html?chassisid=0
Successful (200)
•css
•en_css.css
•login.css
•js
•jquery-migrate-1.4.1.min.js
Page 282
Audit Report
•jquery.min.js
•l10n.js
•main.js
•messagebox.js
•popbox2.js
9.31. https://10.220.251.83:443
9.31.1. Common Default URLs
The following URLs were guessed. They are often included with default web server or web server add-on installations.
Successful (200)
•login.html
9.31.2. Guessed URLs
The following URLs were guessed using various tricks based on the discovered web site content.
Access Error (403)
•index.bak
•loginhandler.php.bak
•loginhandler.php.tmp
•loginhandler.php
•<script>xss<
•script>
•loginhandler.php~
Error (400)
•?P=+ADw-script+AD4-alert(42)+ADw•script+AD4-
Redirect (302)
•check_first_login.html
•<script>xss<
•script>
•script>
•script>
•script>
•error.html
•index.html
•login.html
Page 283
Audit Report
Successful (200)
•error.html?type=3
9.31.3. Linked URLs
The following URLs were found as links in the content of other web pages.
Access Error (403)
•loginhandler.php
Redirect (302)
•check_first_login.html?chassisid=0
•index.html?chassisid=0
Successful (200)
•css
•en_css.css
•login.css
•js
•jquery-migrate-1.4.1.min.js
•jquery.min.js
•l10n.js
•main.js
•messagebox.js
•popbox2.js
9.32. https://10.220.251.84:443
9.32.1. Common Default URLs
The following URLs were guessed. They are often included with default web server or web server add-on installations.
Successful (200)
•login.html
9.32.2. Guessed URLs
The following URLs were guessed using various tricks based on the discovered web site content.
Access Error (403)
•index.bak
•loginhandler.php.bak
•loginhandler.php.tmp
•loginhandler.php
•<script>xss<
•script>
Page 284
Audit Report
•loginhandler.php~
Error (400)
•?P=+ADw-script+AD4-alert(42)+ADw•script+AD4-
Redirect (302)
•check_first_login.html
•<script>xss<
•script>
•script>
•script>
•script>
•error.html
•index.html
•login.html
Successful (200)
•error.html?type=3
9.32.3. Linked URLs
The following URLs were found as links in the content of other web pages.
Access Error (403)
•loginhandler.php
Redirect (302)
•check_first_login.html?chassisid=0
•index.html?chassisid=0
Successful (200)
•css
•en_css.css
•login.css
•js
•jquery-migrate-1.4.1.min.js
•jquery.min.js
•l10n.js
•main.js
•messagebox.js
•popbox2.js
Page 285