Scribd Logo
Upload

Welcome to Scribd!

  • VulnerabilityReport Scan Manual 230531 0626 20230531131702

    Uploaded by

    Matías Valenzuela
    1 views8 pages
    Documento de estudio

    Original Title

    VulnerabilityReport_Scan_Manual_230531_0626_20230531131702

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    Documento de estudio

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    1 views8 pages

    VulnerabilityReport Scan Manual 230531 0626 20230531131702

    Uploaded by

    Matías Valenzuela
    Documento de estudio

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 8

    Executive Report

    Scan Manual 230531 0626

    SUPERXTRA

    May 2023
    Objective
    Provide SUPERXTRA the results of analyzes listed bellow, indicating the risks and
    vulnerabilities detected in the assets. This with the purpose of delivering an executive
    report of risk treatment or mitigation recommendations, to minimize the risk level of the
    analyzed assets.

    Executive Summary
    Camel Secure provides an assessment of existing vulnerabilities that were found in the
    scans listed below:

    Scan Manual 230531 0626 (May 31, 2023)

    The assets that were included in the analyzes are listed in the following table:

    IP Address Name Business Service


    Sistemas
    172.19.1.46 SX-AZR-FULLXTRA
    Comerciales
    LtBoAbgCTjvaL3Xrxpt5Ng==

    The objective of this report is to present the risks associated with your infrastructure, but
    even more importantly, the risks associated with the Business Services.

    This document details the identification of the vulnerabilities found.We will be able to
    see the criticality of each one, the committed asset and how they are related to the
    Business Services.

    2
    Assessment Calculation
    For the analysis result, an evaluation scale is used that allows us to obtain a level of the
    security state, which is based on the Scoring CVSS System (Common Vulnerability
    Scoring System).

    CVSS
    Risk Description
    Score
    They are considered informative findings since they only provide
    None 0.0
    information of the system operation.
    Low 0.1 - 3.9 Vulnerabilities with low impact on the system.
    Vulnerabilities that affect one or more components of the system,
    but complex to exploit or that do not have a total impact on the
    Medium 4.0 - 6.9
    confidentiality or integrity of the information, neither on the
    availability of services.
    They completely affect the availability of the services, the integrity
    High 7.0 - 8.9 of the information or its confidentiality; however, special
    characteristics are required for their exploitation.
    They completely affect the availability of services, the integrity of
    Critical 9.0 - 10.0 the information or its confidentiality. They don't require specific
    characteristics or knowledge for their exploitation.

    3
    Summary of Findings
    Consolidated

    Number of vulnerabilities found according to criticality (NOTE: “Informative” criticality


    vulnerabilities are excluded, for more information please see Camel 360).

    Critical High Medium Low


    2 12 0 0

    Details of Findings

    The following list show the vulnerabilities found and the affected assets, orber by
    criticality.

    Name Description Mitigation IP Addresses Risk


    6HPgVq855ekghOjLQcfetgPIZ
    BpEyFI2RbXWIqxlUb8K6DGTS
    VnZruALbAFC/VmhmjTzvgZH
    W4ICalAA8iz0wEBQTBBzvKtUt k+WWCk3kkcqoiFJmzlJhjtWIM
    MiLzb9em1ROo+TkJSOVpnTZT Xm6koxg4LlLqhYSSewHJ55+L1I
    NwXtTOyeX/3Ee8nWSLUG4Rp
    wc98MdxdNIRmEaFZG1pqK3o yf17H0S5Hv74aBDrKioyhDXSo LtBoAbgCTjvaL3Xr
    2lzDqDB4mL2CCuJx5jnJyJHeA Critical
    0RnUtHFi7fuiBw8msKW1Na/G5 UJ8HGvsF8IHveWbiuUGeNQ6I xpt5Ng==
    fAuJgy6ljlQkt6Z7
    CkhlQTSdIIIqqPc7G+a3i+mn4b NcJDC/KtPHGQVviHmpo/HifCq
    D50SnlAn2Vip5BND0S+pyJG8B jiM
    krVik/PRtNo30SmR9KRk9o+cu
    RyRY1XnyI7iMZ212ejngeMeB0U
    4pdrfrQ==
    YtGXCKfP6f27gcqWdmWNBav
    ovJzkwqGaw3uMm96rrmcBB7
    QfeMGiEuDfLXqm0tXqhrdhwsr
    Ilw1B/KjK0mCWzI2U15Kj5iTwtX WgkrAPtUD24YBpP/CjYZx84rB
    9fNidZcG8lY76dfaWrvMn9i62g
    sNY+pmLDrg62jHuOL6xDsZxb J/QTxZe0j3IngWEMyFMRl90B5 LtBoAbgCTjvaL3Xr
    3B2Jc9wJ7hxX7xJXL4ZPIykX+6 High
    3vupsPdGDgEVJSRw4pcg1pHc +fLCnEE+s1Q2GVYQPijcbLFNq xpt5Ng==
    wjjBwrTwa4usguK8z0NuHAxC
    kVvlXWhgznQ== RLJrvtDbWICPXmi1e58RcOZn
    s05MchmwxonQFhjErtSsDLtajf
    QNZUUi
    CIQdW7E+YzcQ8VcBA4GB0=
    ovJzkwqGaw3uMm96rrmcBB7
    GKJDFYRbcTZQE6lRM1ESLBvy WgkrAPtUD24YBpP/CjYZx84rB Tdd5W/9rnLl3ccPrur/81JuIahFQ
    Sou4SN2hR1VqSfs4Z8736jm2p J/QTxZe0j3IngWEMlq6DTyJVaF yoUC51/6MloFvx3cM4hoHtXfvpf LtBoAbgCTjvaL3Xr
    High
    kRCXpJE4FR+MLzzWcKeISZ1tU YZP/76j5zrUGfzZCWFV2gWz4b IGq4BoxNHTbDL/H9xiB7Tazaht xpt5Ng==
    +w9C7+qds6QQ== VV1MdEG0Xf9KhuqfrFGz4shgn 8heGA==
    w0pE
    ovJzkwqGaw3uMm96rrmcBB7
    GKJDFYRbcTZQE6lRM1ESLBvy WgkrAPtUD24YBpP/CjYZx84rB Tdd5W/9rnLl3ccPrur/81JuIahFQ
    Sou4SN2hR1VqSfs4Z8736jm2p J/QTxZe0j3IngWEMlq6DTyJVaF yoUC51/6MloFvx3cM4hoHtXfvpf LtBoAbgCTjvaL3Xr
    High
    kRCXpJE4FR+MLzzWcKeISZ1tU YZP/76j5zrUGfzZCWFV2gWz4b IGq4BoxNHTbDL/H9xiB7Tazaht xpt5Ng==
    +w9C7+qds6QQ== VV1MdEG2qqkeYZLO+iWfaWE7 8heGA==
    C+Dz8
    Name Description Mitigation IP Addresses Risk
    OBZw//KJPoiVuvY//rjwae3Mbd
    6CcR1T/HGjjmWYaIgc3fJxckJrd
    2Mretjjb29n+jN7M5/aeTlea8w7
    LQvP6FURdO/rEhkISSVnZ1Xb1 8pz9Lz55EVXjO/OKxp4pZ3t/StZ
    GkMYCQeBUFl+ABRRezPwaL 9+kMJsd/hPDjjNQU+1NnDrcXW
    WfPnGE7TLB2qOh8sP1M8DuR OY1kHRIwoyAfQmIlAFjeoANEe
    g9Z+umlle5bmGFjZQutkPj7Ua W9SAint3cbYv01l7rz0ANUGTqa
    UEIuRj/vvk+xiSb4ImA3QlMd+b
    7gjXosATDDH2pxbijhX+y6N40 Mx0TrFVZGknA3bKC2pVmMkE LtBoAbgCTjvaL3Xr
    4ztGuJGQyAhzN3st6UgguJLqO High
    V6cXXn/sc8ovs59VxQIK0lW+el5 dFbNDcn8+U/VXfIM09sAerJLtq xpt5Ng==
    qlt55G7lDmymC
    gsVuwNC7hwLqUtNmABKrsU 1B8WeRUKvP0k9NSkBzLOHxE
    d2P3Sie0jfzoT0OwjsjuYdDad6j QRdYdYJfGYokGCXu5z/faRyLk
    +GSJkw1HC3OsiT5u5T41MguOX wVASbDTGxXn1pYgwZYCmMn
    iOpdFBopFRlStoRPmPseDce9 OWhbeibw4VVJg=
    Woir73WKJYV2sUFDkW7RdTle
    zYjatPao0zcCpyl06+8gJipRA6o
    JiGf5cBG8IEp3kGo0D8nQHH4
    YtGXCKfP6f27gcqWdmWNBav
    ovJzkwqGaw3uMm96rrmcBB7
    QfeMGiEuDfLXqm0tXqhrdhwsr
    Ilw1B/KjK0mCWzI2U15Kj5iTwtX WgkrAPtUD24YBpP/CjYZx84rB
    9fNidZcG8lY76dfaWrvMn9i62g
    sNY+pmLDrg62jHuOL6xDsZxb J/QTxZe0j3IngWEMyFMRl90B5 LtBoAbgCTjvaL3Xr
    3B2Jc9wJ7hxX7xJXL4ZPIykX+6 High
    3vupsPdGDgEVJSRw4pcg1pHc +fLCnEE+s1Q2GVYQPijcbLFNq xpt5Ng==
    wjjBwrTwa4usguK8z0NuHAxC
    kVvlXWhgznQ== RLJrvtDbXGjwOehJHdMz3Hzx
    s05MchmwxonQFhjErtSsDLtajf
    BP7Fn5
    CIQdW7E+YzcQ8VcBA4GB0=
    'DHE' cipher suites accepted by
    this service via the TLSv1.0
    protocol:
    TLS_DHE_RSA_WITH_AES_128_
    CBC_SHA '- DHE key exchange should be
    TLS_DHE_RSA_WITH_AES_256_ disabled if no other mitigation
    CBC_SHA 'DHE' cipher suites mechanism can be used and
    accepted by this service via the either elliptic-curve variant of
    Diffie-Hellman Ephemeral Key
    TLSv1.1 protocol: Diffie-Hellman (ECDHE) or RSA
    Exchange DoS Vulnerability 172.19.1.46 High
    TLS_DHE_RSA_WITH_AES_128_ key exchange is supported by
    (SSL/TLS, D(HE)ater)
    CBC_SHA the clients. The fact that RSA
    TLS_DHE_RSA_WITH_AES_256_ key exchange is not forward
    CBC_SHA 'DHE' cipher suites secret should be considered. -
    accepted by this service via the Limit the maximum num
    TLSv1.2 protocol:
    TLS_DHE_RSA_WITH_AES_128_
    CBC_SHA
    TLS_DHE_RSA_WITH_

    5
    Affected Business Services

    Service Total Low Medium High Critical


    Sistemas Comerciales 2 0 0 2 0

    6
    Affected Operating Systems

    OS Nº Vulnerabilities
    Microsoft Windows Server 2012 R2 Standard Edition 2

    7
    Vulnerabilities by Criticality

    Criticality Nº Vulnerabilities
    Critical 2
    High 12
    Medium 0
    Low 0
    Total 14

    You might also like