Professional Documents
Culture Documents
Report
Tenable Vulnerability Management
Wed, 17 Jan 2024 11:04:39 UTC
Table Of Contents
Vulnerabilities By Host......................................................................................................... 3
•lkazadconnect.............................................................................................................................................................. 4
•lkazbackupresto....................................................................................................................................................... 125
•lkazdc01...................................................................................................................................................................238
Assets Summary (Executive)........................................................................................... 389
•lkazadconnect.......................................................................................................................................................... 390
•lkazbackupresto....................................................................................................................................................... 396
•lkazdc01...................................................................................................................................................................402
Remediations.................................................................................................................... 409
•Suggested Remediations........................................................................................................................................ 410
Vulnerabilities By Host
lkazadconnect
Scan Information
Start time: 2024/01/17 10:30
3 9 9 0 148 169
Results Details
/
10107 - HTTP Server Type and Version
Synopsis
A web server is running on the remote host.
Description
This plugin attempts to determine the type and the version of the remote web server.
Solution
N/A
Risk Factor
None
References
XREF IAVT-0001-T-0931
Exploitable with
Metasploit, CANVAS, Core Impact
Plugin Information:
Publication date: 2000/01/04, Modification date: 2020/10/30
Ports
lkazadconnect (TCP/47001) Vulnerability State: Active
The remote web server type is :
Microsoft-HTTPAPI/2.0
Microsoft-HTTPAPI/2.0
4
Solution
Filter out the ICMP timestamp requests (13), and the outgoing ICMP timestamp replies (14).
Risk Factor
None
Vulnerability Priority Rating (VPR)
0.8
References
CVE CVE-1999-0524
XREF CWE-200
Exploitable with
Metasploit, CANVAS, Core Impact
Plugin Information:
Publication date: 1999/08/01, Modification date: 2023/04/27
Ports
lkazadconnect (ICMP/0) Vulnerability State: Active
This host returns non-standard timestamps (high bit is set)
The ICMP timestamps might be in little endian format (not in network format)
The difference between the local and remote clocks is -213 seconds.
The remote host has the following MAC address on its adapter :
00:0d:3a:07:fd:41
5
N/A
Risk Factor
None
Exploitable with
Metasploit, CANVAS, Core Impact
Plugin Information:
Publication date: 1999/11/27, Modification date: 2023/12/04
Ports
lkazadconnect (UDP/0) Vulnerability State: Active
For your information, here is the traceroute from 192.168.33.11 to 192.168.33.5 :
192.168.33.11
192.168.33.5
Hop Count: 1
https://support.microsoft.com/en-us/help/246261
Solution
N/A
Risk Factor
None
Exploitable with
Metasploit, CANVAS, Core Impact
Plugin Information:
Publication date: 2000/05/09, Modification date: 2023/07/25
Ports
lkazadconnect (TCP/445) Vulnerability State: Resurfaced
- The SMB tests will be done as adl\vaadmin/******
6
Plugin Information:
Publication date: 2000/05/09, Modification date: 2022/02/01
Ports
lkazadconnect (TCP/445) Vulnerability State: Active
Here are the SMB shares available on the remote host when logged in as vaadmin:
- ADMIN$
- C$
- D$
- IPC$
- ADMIN$ - (readable,writable)
+ Content of this share :
..
ADFS
appcompat
apppatch
AppReadiness
assembly
AzureArcSetup
bcastdvr
bfsvc.exe
BitLockerDiscoveryVolumeContents
Boot
bootstat.dat
Branding
BrowserCore
CbsTemp
Containers
Cursors
debug
diagnostics
DiagTrack
DigitalLocker
Downloaded Program Files
drivers
DtcInstall.log
ELAMBKUP
en-US
explorer.exe
Fonts
Globalization
7
Help
HelpPane.exe
hh.exe
IdentityCRL
IME
ImmersiveControlPanel
INF
InputMethod
Installer
InteractiveVMWorkingDir
L2Schemas
LiveKernelReports
Logs
lsasetup.log
Media
mib.bin
Microsoft.NET
Migration
ModemLogs
notepad.exe
OCR
OEM
Offline Web Pages
Panther
Performance
PFRO.log
PLA
PolicyDefinitions
Prefetch
PrintDialog
Provisioning
regedit.exe
Registration
RemotePackages
rescache
Resources
SchCache
schemas
security
ServerDataCenter.xml
ServiceProfiles
ServiceState
servicing
Setup
ShellComponents
ShellExperiences
SKB
SoftwareDistribution
Speech
Speech_OneCore
splwow64.exe
System
system.ini
System32
SystemApps
SystemResources
SystemTemp
SysWOW64
TAPI
Tasks
Temp
tracing
twain_32
- C$ - (readable,writable)
+ Content of this share :
$WinREAgent
Config.Msi
Documents and Settings
Packages
PerfLogs
Program Files
Program Files (x86)
ProgramData
Recovery
8
System Volume Information
Temp
Users
Windows
WindowsAzure
- D$ - (readable,writable)
+ Content of this share :
CollectGuestLogsTemp
DATALOSS_WARNING_README.txt
DumpStack.log.tmp
pagefile.sys
System Volume Information
10398 - Microsoft Windows SMB LsaQueryInformationPolicy Function NULL Session Domain SID
Enumeration
Synopsis
It was possible to obtain the domain SID.
Description
By emulating the call to LsaQueryInformationPolicy(), it was possible to obtain the domain SID (Security Identifier).
The domain SID can then be used to get the list of users of the domain.
Solution
N/A
Risk Factor
None
Exploitable with
Metasploit, CANVAS, Core Impact
Plugin Information:
Publication date: 2000/05/09, Modification date: 2023/02/28
Ports
lkazadconnect (TCP/445) Vulnerability State: Active
The remote domain SID value is :\n1-5-21-2016934633-2723708669-2290440068
9
This plugin implements the SvcOpenSCManager() and SvcEnumServices() calls to obtain, using the SMB protocol,
the list of active and inactive services of the remote host.
An attacker may use this feature to gain better knowledge of the remote host.
Solution
To prevent the listing of the services from being obtained, you should either have tight login restrictions, so that only
trusted users can access your host, and/or you should filter incoming traffic to this port.
Risk Factor
None
References
XREF IAVT-0001-T-0751
Exploitable with
Metasploit, CANVAS, Core Impact
Plugin Information:
Publication date: 2000/07/03, Modification date: 2022/02/01
Ports
lkazadconnect (TCP/445) Vulnerability State: Active
Active Services :
10
IPsec Policy Agent [ PolicyAgent ]
Power [ Power ]
User Profile Service [ ProfSvc ]
Remote Access Connection Manager [ RasMan ]
RdAgent [ RdAgent ]
Remote Registry [ RemoteRegistry ]
RPC [...]
11
lkazadconnect (TCP/49673) Vulnerability State: Active
12
Named pipe : \PIPE\atsvc
Netbios name : \\LKAZADCONNECT
13
Type : Remote RPC service
TCP Port : 49672
IP : 192.168.33.5
14
Annotation : Ngc Pop Key Service
Type : Remote RPC service
TCP Port : 49664
IP : 192.168.33.5
15
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 367abb81-9844-35f1-ad32-98f038001003, version 2.0
Description : Service Control Manager
Windows process : svchost.exe
Type : Remote RPC service
TCP Port : 49719
IP : 192.168.33.5
16
lkazadconnect (TCP/445) Vulnerability State: Active
1-5-21-3230073303-737008294-1742660446
- DefaultAccount
- Guest
- WDAGUtilityAccount
- DefaultAccount
17
- Guest
- DefaultAccount
- Guest
- WDAGUtilityAccount
18
- LKAZADCONNECT\azadmin (User)
- ADL\Domain Admins (Group)
19
the passwords of the users when they login, in order to continue to allow the users to login in the case of the failure of
the primary domain controller (PDC).
Cached logon credentials could be accessed by an attacker and subjected to brute force attacks.
See Also
http://www.nessus.org/u?184d3eab
http://www.nessus.org/u?fe16cea8
https://technet.microsoft.com/en-us/library/cc957390.aspx
Solution
Consult Microsoft documentation and best practices.
Risk Factor
None
Exploitable with
Metasploit, CANVAS, Core Impact
Plugin Information:
Publication date: 2003/03/24, Modification date: 2018/06/05
Ports
lkazadconnect (TCP/445) Vulnerability State: Active
11936 - OS Identification
Synopsis
It is possible to guess the remote operating system.
Description
Using a combination of remote probes (e.g., TCP/IP, SMB, HTTP, NTP, SNMP, etc.), it is possible to guess the name
of the remote operating system in use. It is also possible sometimes to guess the version of the operating system.
Solution
N/A
Risk Factor
None
Exploitable with
Metasploit, CANVAS, Core Impact
Plugin Information:
Publication date: 2003/12/09, Modification date: 2023/11/08
Ports
lkazadconnect (TCP/0) Vulnerability State: Active
Remote operating system : Microsoft Windows Server 2022 Datacenter Build 20348
Confidence level : 100
Method : SMB_OS
Not all fingerprints could give a match. If you think some or all of
the following could be used to identify the host's operating system,
please email them to os-signatures@nessus.org. Be sure to include a
brief description of the host itself, such as the actual operating
system or product / model names.
HTTP:Server: Microsoft-HTTPAPI/2.0
SinFP:!:
P1:B11113:F0x12:W65392:O0204ffff:M1410:
P2:B11113:F0x12:W65535:O0204ffff010303080402080affffffff44454144:M1410:
P3:B00000:F0x00:W0:O0:M0
P4:190704_7_p=49667
20
SSLcert:!:i/CN:LKAZADCONNECT.adl.locals/CN:LKAZADCONNECT.adl.local
39f8f0344399ce92554eb35d11627ea4b2dbdd79
The remote host is running Microsoft Windows Server 2022 Datacenter Build 20348
https://www.tenable.com/blog/auditing-anti-virus-products-with-nessus
Solution
N/A
Risk Factor
None
Exploitable with
Metasploit, CANVAS, Core Impact
Plugin Information:
Publication date: 2005/01/18, Modification date: 2023/10/05
Ports
lkazadconnect (TCP/445) Vulnerability State: Active
Forefront_Endpoint_Protection :
21
Antispyware signature version : 1.403.2259.0
22
lkazadconnect (TCP/0) Vulnerability State: Active
Information about this scan :
23
Microsoft Edge Update [version 1.3.181.5]
OMS Gateway [version 1.0.448.0] [installed on 2022/04/26]
Microsoft .NET Toolset 6.0.417 (x64) [version 24.6.59110] [installed on 2023/11/21]
Microsoft ASP.NET Core 3.1.20 Shared Framework (x64) [version 3.1.20.21472] [installed on
2021/11/03]
Microsoft ASP.NET Core 6.0.25 Targeting Pack (x64) [version 6.0.25.23523] [installed on
2023/11/21]
Microsoft .NET Core 3.1.20 - Windows Server Hosting [version 3.1.20.21472]
Microsoft .NET Host - 5.0.11 (x64) [version 40.44.30523] [installed on 2021/11/03]
Microsoft .NET AppHost Pack - 6.0.25 (x64_arm64) [version 48.100.4028] [installed on 2023/11/21]
Microsoft .NET AppHost Pack - 6.0.25 (x64) [version 48.100.4028] [installed on 2023/11/21]
Microsoft ASP.NET Core 5.0.11 - Shared Framework (x64) [version 5.0.11.21476]
Microsoft .NET Host - 5.0.11 (x86) [version 40.44.30523] [installed on 2021/11/03]
Microsoft .NET SDK 6.0.417 (x64) [version 6.4.1723.52326]
Microsoft .NET Host FX Resolver - 5.0.11 (x64) [version 40.44.30523] [installed on 2021/11/03]
Microsoft .NET Runtime - 6.0.25 (x64) [version 48.100.4028] [installed on 2023/11/21]
Microsoft .NET Core Runtime - 3.1.20 (x86) [version 3.1.20.30521]
Microsoft ASP.NET Core 5.0.11 Shared Framework (x64) [version 5.0.11.21476] [installed on
2021/11/03]
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.29.30036 [version 14.29.30036.3]
Microsoft Visual C++ 2019 X64 Additional Runtime - 14.29.30036 [version 14.29.30036] [installed
on 2021/12/13]
Microsoft Azure AD Connect Agent Updater [version 1.5.3599.0] [installed on 2024/01/09]
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.40660 [version 12.0.40660] [installed on
2021/12/11]
Microsoft ODBC Driver 17 for SQL Server [version 17.10.5.1] [installed on 2024/01/09]
Microsoft.NET.Sdk.tvOS.Manifest-6.0.300 [version 125.191.42208] [installed on [...]
http://www.nessus.org/u?e17ffced
Solution
N/A
Risk Factor
None
Exploitable with
Metasploit, CANVAS, Core Impact
Plugin Information:
Publication date: 2006/06/05, Modification date: 2023/07/10
Ports
lkazadconnect (TCP/3389) Vulnerability State: Active
24
ECDHE-RSA-AES256-SHA384 0xC0, 0x28 ECDH RSA AES-CBC(256)
SHA384
{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
Note that this service does not encrypt traffic by default but does
support upgrading to an encrypted connection using STARTTLS.
25
Ports
lkazadconnect (TCP/445) Vulnerability State: Active
Here is a list of office files which have been found on the remote SMB
shares :
+ C$ :
- C:\Windows\System32\MSDRM\MsoIrmProtector.doc
- C:\Windows\SysWOW64\MSDRM\MsoIrmProtector.doc
- C:\Windows\WinSxS\amd64_microsoft-windows-r..t-office-
protectors_31bf3856ad364e35_10.0.20348.1_none_973a2dbdbe834c5f\MsoIrmProtector.doc
- C:\Windows\WinSxS\wow64_microsoft-windows-r..t-office-
protectors_31bf3856ad364e35_10.0.20348.1_none_a18ed80ff2e40e5a\MsoIrmProtector.doc
- C:\Windows\System32\MSDRM\MsoIrmProtector.ppt
- C:\Windows\SysWOW64\MSDRM\MsoIrmProtector.ppt
- C:\Windows\WinSxS\amd64_microsoft-windows-r..t-office-
protectors_31bf3856ad364e35_10.0.20348.1_none_973a2dbdbe834c5f\MsoIrmProtector.ppt
- C:\Windows\WinSxS\wow64_microsoft-windows-r..t-office-
protectors_31bf3856ad364e35_10.0.20348.1_none_a18ed80ff2e40e5a\MsoIrmProtector.ppt
- C:\Windows\System32\MSDRM\MsoIrmProtector.xls
- C:\Windows\SysWOW64\MSDRM\MsoIrmProtector.xls
- C:\Windows\WinSxS\amd64_microsoft-windows-r..t-office-
protectors_31bf3856ad364e35_10.0.20348.1_none_973a2dbdbe834c5f\MsoIrmProtector.xls
- C:\Windows\WinSxS\wow64_microsoft-windows-r..t-office-
protectors_31bf3856ad364e35_10.0.20348.1_none_a18ed80ff2e40e5a\MsoIrmProtector.xls
Response Body :
26
Response Code : HTTP/1.1 404 Not Found
Response Body :
Response Body :
Response Body :
27
Plugin Information:
Publication date: 2007/02/03, Modification date: 2024/01/16
Ports
lkazadconnect (TCP/445) Vulnerability State: Active
The remote host returned the following caption from Win32_OperatingSystem:
28
Risk Factor
None
Exploitable with
Metasploit, CANVAS, Core Impact
Plugin Information:
Publication date: 2007/02/03, Modification date: 2024/01/16
Ports
lkazadconnect (TCP/0) Vulnerability State: Active
+ Network Interface Information :
+ Routing Information :
29
The remote web server supports the Web Services for Management (WS-Management) specification, a general web
services protocol based on SOAP for managing systems, applications, and other such entities.
See Also
https://www.dmtf.org/standards/ws-man
https://en.wikipedia.org/wiki/WS-Management
Solution
Limit incoming traffic to this port if desired.
Risk Factor
None
Exploitable with
Metasploit, CANVAS, Core Impact
Plugin Information:
Publication date: 2008/06/11, Modification date: 2021/05/19
Ports
lkazadconnect (TCP/5985) Vulnerability State: Active
30
Port 5985/tcp was found to be open
31
lkazadconnect (TCP/49665) Vulnerability State: Resurfaced
Port 49665/tcp was found to be open
This process 'svchost.exe' (pid 1380) is hosting the following Windows services :
Dnscache (@%SystemRoot%\System32\dnsapi.dll,-101)
This process 'lsass.exe' (pid 788) is hosting the following Windows services :
KeyIso (@keyiso.dll,-100)
Netlogon (@%SystemRoot%\System32\netlogon.dll,-102)
SamSs (@%SystemRoot%\system32\samsrv.dll,-1)
This process 'svchost.exe' (pid 1380) is hosting the following Windows services :
Dnscache (@%SystemRoot%\System32\dnsapi.dll,-101)
32
The Win32 process 'lsass.exe' is listening on this port (pid 788).
This process 'lsass.exe' (pid 788) is hosting the following Windows services :
KeyIso (@keyiso.dll,-100)
Netlogon (@%SystemRoot%\System32\netlogon.dll,-102)
SamSs (@%SystemRoot%\system32\samsrv.dll,-1)
This process 'elastic-agent.exe' (pid 3136) is hosting the following Windows services :
Elastic Agent (Elastic Agent)
This process 'svchost.exe' (pid 1136) is hosting the following Windows services :
TermService (@%SystemRoot%\System32\termsrv.dll,-268)
This process 'svchost.exe' (pid 1432) is hosting the following Windows services :
EventLog (@%SystemRoot%\system32\wevtsvc.dll,-200)
This process 'svchost.exe' (pid 2720) is hosting the following Windows services :
SessionEnv (@%SystemRoot%\System32\SessEnv.dll,-1026)
This process 'spoolsv.exe' (pid 2564) is hosting the following Windows services :
Spooler (@%systemroot%\system32\spoolsv.exe,-1)
This process 'svchost.exe' (pid 1136) is hosting the following Windows services :
TermService (@%SystemRoot%\System32\termsrv.dll,-268)
33
The Win32 process 'svchost.exe' is listening on this port (pid 2000).
This process 'svchost.exe' (pid 2000) is hosting the following Windows services :
Schedule (@%SystemRoot%\system32\schedsvc.dll,-100)
This process 'svchost.exe' (pid 1380) is hosting the following Windows services :
Dnscache (@%SystemRoot%\System32\dnsapi.dll,-101)
This process 'svchost.exe' (pid 3020) is hosting the following Windows services :
IKEEXT (@%SystemRoot%\system32\ikeext.dll,-501)
This process 'svchost.exe' (pid 3020) is hosting the following Windows services :
IKEEXT (@%SystemRoot%\system32\ikeext.dll,-501)
This process 'svchost.exe' (pid 1380) is hosting the following Windows services :
Dnscache (@%SystemRoot%\System32\dnsapi.dll,-101)
This process 'svchost.exe' (pid 1016) is hosting the following Windows services :
RpcEptMapper (@%windir%\system32\RpcEpMap.dll,-1001)
RpcSs (@combase.dll,-5010)
This process 'svchost.exe' (pid 3028) is hosting the following Windows services :
PolicyAgent (@%SystemRoot%\System32\polstore.dll,-5010)
34
This process 'svchost.exe' (pid 1380) is hosting the following Windows services :
Dnscache (@%SystemRoot%\System32\dnsapi.dll,-101)
This process 'svchost.exe' (pid 1212) is hosting the following Windows services :
W32Time (@%SystemRoot%\system32\w32time.dll,-200)
This process 'svchost.exe' (pid 3064) is hosting the following Windows services :
Winmgmt (@%Systemroot%\system32\wbem\wmisvc.dll,-205)
http://www.nessus.org/u?794673b4
Solution
N/A
Risk Factor
None
Exploitable with
Metasploit, CANVAS, Core Impact
Plugin Information:
Publication date: 2009/02/19, Modification date: 2020/05/13
Ports
lkazadconnect (TCP/0) Vulnerability State: Active
35
Exploitable with
Metasploit, CANVAS, Core Impact
Plugin Information:
Publication date: 2009/04/24, Modification date: 2019/06/13
Ports
lkazadconnect (TCP/445) Vulnerability State: Resurfaced
The patches for the following bulletins or KBs are missing on the remote host :
- KB5033118 ( https://support.microsoft.com/en-us/help/5033118 )
- KB5033464 ( https://support.microsoft.com/en-us/help/5033464 )
- KB5033914 ( https://support.microsoft.com/en-us/help/5033914 )
- KB5034129 ( https://support.microsoft.com/en-us/help/5034129 )
42897 - SMB Registry : Start the Registry Service during the scan (WMI)
Synopsis
The registry service was enabled for the duration of the scan.
Description
To perform a full credentialed scan, Nessus needs the ability to connect to the remote registry service
(RemoteRegistry). If the service is down, this plugin will attempt to start for the duration of the scan.
For this plugin to work, you need to select the option 'Start the Remote Registry service during the scan' on the
credentials page when you add your Windows credentials.
Solution
N/A
Risk Factor
None
Exploitable with
Metasploit, CANVAS, Core Impact
Plugin Information:
Publication date: 2009/11/25, Modification date: 2024/01/16
36
Ports
lkazadconnect (TCP/0) Vulnerability State: Active
The registry service was successfully started for the duration of the scan.
42898 - SMB Registry : Stop the Registry Service after the scan (WMI)
Synopsis
The registry service was stopped after the scan.
Description
To perform a full credentialed scan, Nessus needs the ability to connect to the remote registry service
(RemoteRegistry). If the service is down and if Nessus automatically enabled the registry for the duration of the scan,
this plugins will stop it afterwards.
Solution
N/A
Risk Factor
None
Exploitable with
Metasploit, CANVAS, Core Impact
Plugin Information:
Publication date: 2009/11/25, Modification date: 2024/01/16
Ports
lkazadconnect (TCP/0) Vulnerability State: Active
37
Display name : Application Identity
Service name : AppIDSvc
Log on as : NT Authority\LocalService
Executable path : C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p
Dependencies : RpcSs/AppID/CryptSvc/
https://docs.microsoft.com/en-us/windows/desktop/WmiSdk/querying-the-status-of-optional-features
Solution
N/A
Risk Factor
None
References
XREF IAVT-0001-T-0754
Exploitable with
Metasploit, CANVAS, Core Impact
38
Plugin Information:
Publication date: 2010/02/24, Modification date: 2024/01/16
Ports
lkazadconnect (TCP/0) Vulnerability State: Active
https://nvd.nist.gov/products/cpe
Solution
N/A
Risk Factor
None
Exploitable with
Metasploit, CANVAS, Core Impact
Plugin Information:
Publication date: 2010/04/21, Modification date: 2023/12/27
Ports
lkazadconnect (TCP/0) Vulnerability State: Active
cpe:/o:microsoft:windows_server_2022:::x64-datacenter
39
cpe:/a:microsoft:asp.net_core:6.0.25 -> Microsoft ASP.NET Core
cpe:/a:microsoft:edge:120.0.2210.133 -> Microsoft Edge
cpe:/a:microsoft:ie:11.1.20348.0 -> Microsoft Internet Explorer
cpe:/a:microsoft:internet_explorer:11.0.20348.2110 -> Microsoft Internet Explorer
cpe:/a:microsoft:remote_desktop_connection:10.0.20348.1850 -> Microsoft Remote Desktop
Connection
cpe:/a:microsoft:sql_server:15.0.4138.2 -> Microsoft SQLServer
cpe:/a:microsoft:system_center_endpoint_protection:4.18.23110.3 -> Microsoft System Center
Endpoint Protection
cpe:/a:microsoft:system_center_operations_manager -> Microsoft System Center Operations Manager
cpe:/a:microsoft:windows_defender:4.18.23110.3 -> Microsoft Windows Defender
cpe:/a:microsoft:windows_defender_atp:1.35
x-cpe:/a:microsoft:azure_active_directory_connect:2.3.2.0
x-cpe:/a:microsoft:odbc_driver_for_sql_server:17.10.5.1
x-cpe:/a:microsoft:ole_db_driver_for_sql_server:18.6.7.0
http://www.nessus.org/u?5234ef0c
Solution
40
N/A
Risk Factor
None
Exploitable with
Metasploit, CANVAS, Core Impact
Plugin Information:
Publication date: 2010/08/26, Modification date: 2019/12/20
Ports
lkazadconnect (TCP/445) Vulnerability State: Active
41
Publication date: 2010/10/26, Modification date: 2022/02/01
Ports
lkazadconnect (TCP/445) Vulnerability State: Active
50859 - Microsoft Windows SMB : WSUS Client Configured
Synopsis
The remote Windows host is utilizing a WSUS server.
Description
The remote host is configured to utilize a Windows Server Update Services (WSUS) server.
See Also
https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/
cc708554(v=ws.10)
https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/
cc708449(v=ws.10)
https://docs.microsoft.com/en-us/previous-versions/technet-magazine/gg153542(v=msdn.10)
Solution
Verify the remote host is configured to utilize the correct WSUS server.
Risk Factor
None
Exploitable with
Metasploit, CANVAS, Core Impact
Plugin Information:
Publication date: 2010/12/01, Modification date: 2018/11/15
Ports
lkazadconnect (TCP/445) Vulnerability State: Active
This host is configured to get updates from the following WSUS server :
http://LKWSUS.adl.local:8530
ElevateNonAdmins : undefined
TargetGroup : undefined
TargetGroupEnabled : undefined
AUOptions : 7
AutoInstallMinorUpdates : undefined
DetectionFrequency : undefined
DetectionFrequencyEnabled : undefined
NoAutoRebootWithLoggedOnUsers : undefined
NoAutoUpdate : 0
RebootRelaunchTimeout : undefined
RebootRelaunchTimeoutEnabled : undefined
RebootWarningTimeout : undefined
RebootWarningTimeoutEnabled : undefined
RescheduleWaitTime : undefined
RescheduleWaitTimeEnabled : undefined
ScheduledInstallDay : 0
ScheduledInstallTime : 5
42
By connecting to the remote host with the supplied credentials, this plugin enumerates encryptable volume information
available on the remote host via WMI.
See Also
http://www.nessus.org/u?8aa7973e
Solution
N/A
Risk Factor
None
Exploitable with
Metasploit, CANVAS, Core Impact
Plugin Information:
Publication date: 2010/12/15, Modification date: 2024/01/16
Ports
lkazadconnect (TCP/0) Vulnerability State: Active
+ DriveLetter D:
+ DriveLetter C:
43
If the remote host is a public host in production, any break in the chain makes it more difficult for users to verify the
authenticity and identity of the web server. This could make it easier to carry out man-in-the-middle attacks against the
remote host.
See Also
https://www.itu.int/rec/T-REC-X.509/en
https://en.wikipedia.org/wiki/X.509
Solution
Purchase or generate a proper SSL certificate for this service.
Risk Factor
Medium
CVSS v3.0 Base Score
6.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)
CVSS Base Score
6.4 (AV:N/AC:L/Au:N/C:P/I:P/A:N)
Exploitable with
Metasploit, CANVAS, Core Impact
Plugin Information:
Publication date: 2010/12/15, Modification date: 2020/04/27
Ports
lkazadconnect (TCP/3389) Vulnerability State: Active
|-Subject : CN=LKAZADCONNECT.adl.local
|-Issuer : CN=LKAZADCONNECT.adl.local
+ KB5031993
44
- Description : Update
- InstalledOn : 12/20/2023
+ KB5012170
- Description : Security Update
- InstalledOn : 4/20/2023
+ KB5032198
- Description : Security Update
- InstalledOn : 12/20/2023
+ KB5032310
- Description : Update
- InstalledOn : 12/20/2023
Note that for detailed information on installed QFE's such as InstalledBy, Caption,
and so on, please run the scan with 'Report Verbosity' set to 'verbose'.
Hostname : LKAZADCONNECT
LKAZADCONNECT (WMI)
45
The remote service supports the use of SSL Perfect Forward Secrecy ciphers, which maintain confidentiality even if
the key is stolen.
Description
The remote host supports the use of SSL ciphers that offer Perfect Forward Secrecy (PFS) encryption. These cipher
suites ensure that recorded SSL traffic cannot be broken at a future date if the server's private key is compromised.
See Also
https://www.openssl.org/docs/manmaster/man1/ciphers.html
https://en.wikipedia.org/wiki/Diffie-Hellman_key_exchange
https://en.wikipedia.org/wiki/Perfect_forward_secrecy
Solution
N/A
Risk Factor
None
Exploitable with
Metasploit, CANVAS, Core Impact
Plugin Information:
Publication date: 2011/12/07, Modification date: 2021/03/09
Ports
lkazadconnect (TCP/3389) Vulnerability State: Active
Here is the list of SSL PFS ciphers supported by the remote server :
{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
46
Purchase or generate a proper SSL certificate for this service.
Risk Factor
Medium
CVSS v3.0 Base Score
6.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)
CVSS Base Score
6.4 (AV:N/AC:L/Au:N/C:P/I:P/A:N)
Exploitable with
Metasploit, CANVAS, Core Impact
Plugin Information:
Publication date: 2012/01/17, Modification date: 2022/06/14
Ports
lkazadconnect (TCP/3389) Vulnerability State: Active
|-Subject : CN=LKAZADCONNECT.adl.local
http://technet.microsoft.com/en-us/library/cc731957.aspx
http://www.nessus.org/u?74b80723
https://www.samba.org/samba/docs/current/man-html/smb.conf.5.html
http://www.nessus.org/u?a3cac4ea
Solution
Enforce message signing in the host's configuration. On Windows, this is found in the policy setting 'Microsoft network
server: Digitally sign communications (always)'. On Samba, the setting is called 'server signing'. See the 'see also'
links for further details.
Risk Factor
Medium
CVSS v3.0 Base Score
5.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
CVSS v3.0 Temporal Score
4.6 (E:U/RL:O/RC:C)
CVSS Base Score
5.0 (AV:N/AC:L/Au:N/C:N/I:P/A:N)
CVSS Temporal Score
3.7 (E:U/RL:OF/RC:C)
Exploitable with
47
Metasploit, CANVAS, Core Impact
Plugin Information:
Publication date: 2012/01/19, Modification date: 2022/10/05
Ports
lkazadconnect (TCP/445) Vulnerability State: Active
58181 - Windows DNS Server Enumeration
Synopsis
Nessus enumerated the DNS servers being used by the remote Windows host.
Description
Nessus was able to enumerate the DNS servers configured on the remote Windows host by looking in the registry.
Solution
N/A
Risk Factor
None
Exploitable with
Metasploit, CANVAS, Core Impact
Plugin Information:
Publication date: 2012/03/01, Modification date: 2022/02/01
Ports
lkazadconnect (TCP/445) Vulnerability State: Active
Interface: {959c826c-a0ff-4cb0-918f-530dfa4b6a31}
Network Connection : Ethernet
NameServer: 192.168.33.4,192.168.20.240
AzureArcSetup - %windir%\AzureArcSetup\Systray\AzureArcSysTray.exe
SecurityHealth - %windir%\system32\SecurityHealthSystray.exe
48
The remote host has quick-fix engineering updates installed.
Description
By connecting to the host with the supplied credentials, this plugin enumerates quick-fix engineering updates installed
on the remote host via the registry.
Solution
N/A
Risk Factor
None
Exploitable with
Metasploit, CANVAS, Core Impact
Plugin Information:
Publication date: 2012/09/11, Modification date: 2022/02/01
Ports
lkazadconnect (TCP/0) Vulnerability State: Active
Name : \dosdevices\e:
Data : \??\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#5&394b69d0&0&000002#{53f5630d-
b6bf-11d0-94f2-00a0c91efb8b}
Raw data :
5c003f003f005c00530043005300490023004300640052006f006d002600560065006e005f004d007300660074002600500072006f006
Name : \dosdevices\d:
Data : Yj
Raw data : a2eb596a0000100000000000
Name : \??\volume{eb0f30f1-57d3-11ec-8658-806e6f6e6963}
49
Data : \??\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#5&394b69d0&0&000002#{53f5630d-
b6bf-11d0-94f2-00a0c91efb8b}
Raw data :
5c003f003f005c00530043005300490023004300640052006f006d002600560065006e005f004d007300660074002600500072006f006
Name : \dosdevices\c:
Data : DMIO:ID:+z|@oFF
Raw data : 444d494f3a49443a052b90ed7a7c93408f9d6f4688ed4611
Note that all but the final portion of the key has been obfuscated.
50
Nessus was able to parse the results of the 'netstat' command on the remote host.
Description
The remote host has listening ports or established connections that Nessus was able to extract from the results of the
'netstat' command.
Note: The output for this plugin can be very long, and is not shown by default. To display it, enable verbose reporting
in scan settings.
Solution
N/A
Risk Factor
None
Exploitable with
Metasploit, CANVAS, Core Impact
Plugin Information:
Publication date: 2013/02/13, Modification date: 2023/05/23
Ports
lkazadconnect (TCP/0) Vulnerability State: Active
64814 - Terminal Services Use SSL/TLS
Synopsis
The remote Terminal Services use SSL/TLS.
Description
The remote Terminal Services is configured to use SSL/TLS.
Solution
N/A
Risk Factor
None
Exploitable with
Metasploit, CANVAS, Core Impact
Plugin Information:
Publication date: 2013/02/22, Modification date: 2023/07/10
Ports
lkazadconnect (TCP/3389) Vulnerability State: Active
Subject Name:
Issuer Name:
Serial Number: 19 9B 64 02 D2 7C D7 A5 4C BD 38 6E FA 2A 3E 3E
Version: 3
51
07 D5 97 80 98 3A 3B 39 0F 80 B2 1F 42 4B 6B 3D 9F 86 EF 10
1D B9 C7 11 AC 01 71 EB E0 36 8B 5F 43 7C D3 7E F3 9A 9E 39
FE 87 A3 AD 0C 00 F0 1E D0 74 5E 90 50 46 E7 E0 09 63 64 EC
CC 83 8F D6 2A 7D A8 5C EC 11 38 2D 4D ED 2D 3D 07 4B 00 B8
17 09 8E DD 0A D2 B6 5B 88 CD F1 30 2F D9 8C B2 58 0B B9 87
23 A2 EF 5E FE A3 15 51 B9 F2 4B D6 3C 4E 6A 90 3B F6 28 FD
14 86 BE 8E 26 DD 57 BE ED CB 04 28 86 88 7F BD E5 D3 0C FE
F1 79 AC EF CE E4 23 C9 EA 6E 01 05 AA 7F 44 64 10 52 93 35
A0 F0 15 6C 75 0B A9 3D 9A 27 5F 2F DD 44 91 01 35
Exponent: 01 00 01
+ Action to take : Update .NET Core, remove vulnerable packages and refer to vendor advisory.
52
[ Security Updates for Microsoft ASP.NET Core (December 2021) (156227) ]
+ Action to take : Update ASP.NET Core, remove vulnerable packages and refer to vendor advisory.
[ Security Updates for Windows Malicious Software Removal Tool (January 2023) (169783) ]
+ Action to take : Microsoft has released version 5.109 to address this issue.
https://support.microsoft.com/en-us/help/891716
Solution
N/A
Risk Factor
None
Exploitable with
Metasploit, CANVAS, Core Impact
Plugin Information:
Publication date: 2013/05/15, Modification date: 2023/01/10
Ports
lkazadconnect (TCP/445) Vulnerability State: Active
File : C:\Windows\system32\MRT.exe
Version : 5.101.19137.3
Release at last run : May 2022
Report infection information to Microsoft : Yes
53
SID: Process (PID)
0 : System Idle Process (0)
0 : |- System (4)
0 : |- smss.exe (404)
2 : csrss.exe (3132)
0 : sqlservr.exe (4984)
0 : csrss.exe (564)
0 : wininit.exe (636)
0 : |- services.exe (772)
0 : |- svchost.exe (1016)
0 : |- svchost.exe (1040)
0 : |- svchost.exe (1056)
0 : |- svchost.exe (1072)
0 : |- svchost.exe (1136)
2 : |- rdpclip.exe (8044)
2 : |- rdpinput.exe (8824)
0 : |- svchost.exe (1160)
0 : |- svchost.exe (1164)
0 : |- svchost.exe (1212)
0 : |- svchost.exe (1244)
0 : |- svchost.exe (1288)
0 : |- svchost.exe (1296)
0 : |- svchost.exe (1380)
0 : |- svchost.exe (1432)
0 : |- svchost.exe (1468)
0 : |- svchost.exe (1476)
0 : |- svchost.exe (1488)
0 : |- svchost.exe (1508)
0 : |- svchost.exe (1528)
0 : |- svchost.exe (1568)
0 : |- svchost.exe (1664)
0 : |- svchost.exe (1700)
0 : |- svchost.exe (1780)
0 : |- svchost.exe (1792)
0 : |- svchost.exe (1808)
0 : |- svchost.exe (1856)
0 : |- svchost.exe (1884)
0 : |- svchost.exe (2000)
0 : |- taskhostw.exe (2376)
2 : |- taskhostw.exe (7864)
0 : |- svchost.exe (2176)
0 : |- SecurityHealthService.exe (2264)
0 : |- svchost.exe (2276)
0 : |- svchost.exe (2320)
0 : |- svchost.exe (2352)
0 : |- svchost.exe (2448)
0 : |- svchost.exe (2476)
2 : |- sihost.exe (8020)
0 : |- svchost.exe (2528)
0 : |- spoolsv.exe (2564)
0 : |- svchost.exe (2572)
0 : |- svchost.exe (2720)
0 : |- svchost.exe (2832)
0 : |- svchost.exe (3012)
0 : |- svchost.exe (3020)
0 : |- svchost.exe (3028)
0 : |- svchost.exe (3064)
0 : |- svchost.exe (3096)
0 : |- AggregatorHost.exe (4368)
0 : |- elastic-agent.exe (3136)
0 : |- metricbeat.exe (6568)
0 : |- conhost.exe (6580)
0 : |- metricbeat.exe (6656)
0 : |- conhost.exe (6668)
0 : |- filebeat.exe [...]
54
Solution
N/A
Risk Factor
None
Exploitable with
Metasploit, CANVAS, Core Impact
Plugin Information:
Publication date: 2013/10/08, Modification date: 2024/01/16
Ports
lkazadconnect (TCP/0) Vulnerability State: Active
Process_Modules_192.168.33.5.csv : lists the loaded modules for each process.
http://www.nessus.org/u?cc4a822a
https://www.openssl.org/~bodo/tls-cbc.txt
Solution
N/A
Risk Factor
None
Exploitable with
Metasploit, CANVAS, Core Impact
Plugin Information:
Publication date: 2013/10/22, Modification date: 2021/02/03
Ports
lkazadconnect (TCP/3389) Vulnerability State: Active
Here is the list of SSL CBC ciphers supported by the remote server :
{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
55
MAC={message authentication code}
{export flag}
56
Group Name : Guests
Host Name : LKAZADCONNECT
Group SID : S-1-5-32-546
Members :
Name : Guest
Domain : LKAZADCONNECT
Class : Win32_UserAccount
SID : S-1-5-21-3230073303-737008294-1742660446-501
57
Ports
lkazadconnect (TCP/445) Vulnerability State: Active
Version : 11.1.20348.0
Name : azadmin
SID : S-1-5-21-3230073303-737008294-1742660446-500
Disabled : False
Lockout : False
Change password : True
Source : Local
58
Name : DefaultAccount
SID : S-1-5-21-3230073303-737008294-1742660446-503
Disabled : True
Lockout : False
Change password : True
Source : Local
Name : Guest
SID : S-1-5-21-3230073303-737008294-1742660446-501
Disabled : True
Lockout : False
Change password : False
Source : Local
Name : WDAGUtilityAccount
SID : S-1-5-21-3230073303-737008294-1742660446-504
Disabled : True
Lockout : False
Change password : True
Source : Local
No. Of Users : 4
59
None
Exploitable with
Metasploit, CANVAS, Core Impact
Plugin Information:
Publication date: 2013/03/22, Modification date: 2024/01/16
Ports
lkazadconnect (TCP/445) Vulnerability State: Active
Script Rules
Mode : Audit
Rule name : (Default Rule) All Script's
Description :
Rule type : FilePathRule
User/Group SID : S-1-1-0
Condition : Path="*"
Msi Rules
Mode : Audit
Rule name : (Default Rule) All Msi's
Description :
Rule type : FilePathRule
User/Group SID : S-1-1-0
Condition : Path="*"
HKLM\SOFTWARE\Policies\Microsoft\Windows\SrpV2\Msi\allowwindows : 0
60
HKLM\SOFTWARE\Policies\Microsoft\Windows\SrpV2\Msi\enforcementmode : 0
HKLM\SOFTWARE\Policies\Microsoft\Windows\SrpV2\Msi\ecee156c-b5bd-4112-a059-2d6f98f50837\value :
<FilePathRule Id="ecee156c-b5bd-4112-a059-2d6f98f50837" Name="(Default Rule) All Msi's"
Description="" UserOrGroupSid="S-1-1-0" Action="Allow"><Conditions><FilePathCondition Path="*"/
></Conditions></FilePathRule>
HKLM\SOFTWARE\Policies\Microsoft\Windows\SrpV2\Script\allowwindows : 0
HKLM\SOFTWARE\Policies\Microsoft\Windows\SrpV2\Script\enforcementmode : 0
HKLM\SOFTWARE\Policies\Microsoft\Windows\SrpV2\Script\cd23e008-702a-481b-b143-5eeb49cc2f24\value :
<FilePathRule Id="cd23e008-702a-481b-b143-5eeb49cc2f24" Name="(Default Rule) All Script's"
Description="" UserOrGroupSid="S-1-1-0" Action="Allow"><Conditions><FilePathCondition Path="*"/
></Conditions></FilePathRule>
HKLM\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\SrpV2\Exe\serviceenforcementmode : 1
HKLM\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\SrpV2\Exe\allowwindows : 0
HKLM\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\SrpV2\Exe\enforcementmode : 0
HKLM\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\SrpV2\Exe\8bec723d-f7f8-4d03-
a638-944ce45998e4\value : <FilePathRule Id="8bec723d-f7f8-4d03-a638-944ce45998e4"
Name="(Default Rule) All Exe's" Description="" UserOrGroupSid="S-1-1-0"
Action="Allow"><Conditions><FilePathCondition [...]
61
temp : %USERPROFILE%\AppData\Local\Temp
path : %USERPROFILE%\AppData\Local\Microsoft\WindowsApps;
tmp : %USERPROFILE%\AppData\Local\Temp
MD5: 3688374325b992def12793500307566d
SHA-1: 4bed0823746a2a8577ab08ac8711b79770e48274
SHA-256: 2d6bdfb341be3a6234b24742377f93aa7c7cfb0d9fd64efa9282c87852e57085
62
Exploitable with
Metasploit, CANVAS, Core Impact
Plugin Information:
Publication date: 2016/07/19, Modification date: 2020/06/12
Ports
lkazadconnect (TCP/0) Vulnerability State: Active
HKLM\SOFTWARE\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell\ExecutionPolicy : RemoteSigned
HKLM\SOFTWARE\Wow6432Node\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell\ExecutionPolicy :
RemoteSigned
63
169.254.169.254 : 12-34-56-78-9a-bc
192.168.33.1 : 12-34-56-78-9a-bc
192.168.33.4 : 12-34-56-78-9a-bc
192.168.33.6 : 12-34-56-78-9a-bc
192.168.33.7 : 12-34-56-78-9a-bc
192.168.33.10 : 12-34-56-78-9a-bc
192.168.33.11 : 12-34-56-78-9a-bc
192.168.33.255 : ff-ff-ff-ff-ff-ff
224.0.0.22 : 01-00-5e-00-00-16
224.0.0.251 : 01-00-5e-00-00-fb
224.0.0.252 : 01-00-5e-00-00-fc
64
Interface,Name,Suffix,Type,Status,MAC
192.168.33.5,LKAZADCONNECT,<00>,UNIQUE,Registered,00:0D:3A:07:FD:41
192.168.33.5,ADL,<00>,GROUP,Registered,00:0D:3A:07:FD:41
192.168.33.5,LKAZADCONNECT,<20>,UNIQUE,Registered,00:0D:3A:07:FD:41
http://www.nessus.org/u?4a076105
Solution
N/A
Risk Factor
None
Exploitable with
Metasploit, CANVAS, Core Impact
Plugin Information:
Publication date: 2016/07/19, Modification date: 2018/05/23
Ports
lkazadconnect (TCP/0) Vulnerability State: Active
Application compatibility cache report attached.
65
Nessus was able to generate a list URLs that were manually typed into the Internet Explorer address bar.
See Also
https://crucialsecurityblog.harris.com/2011/03/14/typedurls-part-1/
Solution
N/A
Risk Factor
None
Exploitable with
Metasploit, CANVAS, Core Impact
Plugin Information:
Publication date: 2016/07/19, Modification date: 2018/05/16
Ports
lkazadconnect (TCP/0) Vulnerability State: Active
http://go.microsoft.com/fwlink/p/?LinkId=255141
http://go.microsoft.com/fwlink/p/?LinkId=255141
http://windowsir.blogspot.com/2005/12/mystery-of-muicachesolved.html
http://www.nirsoft.net/utils/muicache_view.html
Solution
N/A
Risk Factor
None
Exploitable with
Metasploit, CANVAS, Core Impact
Plugin Information:
Publication date: 2016/07/19, Modification date: 2018/05/16
Ports
lkazadconnect (TCP/0) Vulnerability State: Active
@%systemroot%\system32\bfe.dll,-1002 : The Base Filtering Engine (BFE) is a service that manages
firewall and Internet Protocol security (IPsec) policies and implements user mode filtering.
Stopping or disabling the BFE service will significantly reduce the security of the system. It
will also result in unpredictable behavior in IPsec management and firewall applications.
c:\windows\system32,@elscore.dll,-8 : Microsoft Malayalam to Latin Transliteration
@%systemroot%\system32\userdataaccessres.dll,-14000 : Provides apps access to structured user
data, including contact info, calendars, messages, and other content. If you stop or disable this
service, apps that use this data might not work correctly.
@%systemroot%\system32\tieringengineservice.exe,-701 : Optimizes the placement of data in storage
tiers on all tiered storage spaces in the system.
@%systemroot%\system32\cscsvc.dll,-201 : The Offline Files service performs maintenance activities
on the Offline Files cache, responds to user logon and logoff events, implements the internals of
the public API, and dispatches interesting events to those interested in Offline Files activities
and changes in cache state.
66
@%systemroot%\system32\wevtsvc.dll,-201 : This service manages events and event logs. It supports
logging events, querying events, subscribing to events, archiving event logs, and managing event
metadata. It can display events in both XML and plain text format. Stopping this service may
compromise security and reliability of the system.
@%systemroot%\system32\sysmain.dll,-1001 : Maintains and improves system performance over time.
@%systemroot%\system32\wecsvc.dll,-201 : This service manages persistent subscriptions to events
from remote sources that support WS-Management protocol. This includes Windows Vista event logs,
hardware and IPMI-enabled event sources. The service stores forwarded events in a local Event
Log. If this service is stopped or disabled event subscriptions cannot be created and forwarded
events cannot be [...]
67
- sendto : C:\Users\Damith_106321a\AppData\Roaming\Microsoft\Windows\SendTo
- start menu : C:\Users\Damith_106321a\AppData\Roaming\Microsoft\Windows\Start Menu
- cookies : C:\Users\Damith_106321a\AppData\Local\Microsoft\Windows\INetCookies
- personal : C:\Users\Damith_106321a\Documents
- administrative tools : C:\Users\Damith_106321a\AppData\Roaming\Microsoft\Windows\Start Menu
\Programs\Administrative Tools
- startup : C:\Users\Damith_106321a\AppData\Roaming\Microsoft\Windows\Start Menu\Programs
\Startup
- nethood : C:\Users\Damith_106321a\AppData\Roaming\Microsoft\Windows\Network Shortcuts
- history : C:\Users\Damith_106321a\AppData\Local\Microsoft\Windows\History
- {4c5c32ff-bb9d-43b0-b5b4-2d72e54eaaa4} : C:\Users\Damith_106321a\Saved Games
- {00bcfc5a-ed94-4e48-96a1-3f6217f21990} : C:\Users\Damith_106321a\AppData\Local\Microsoft
\Windows\RoamingTiles
- !do not use this registry key : Use the SHGetFolderPath or SHGetKnownFolderPath function
instead
- local appdata : C:\Users\Damith_106321a\AppData\Local
- my pictures : C:\Users\Damith_106321a\Pictures
- templates : C:\Users\Damith_106321a\AppData\Roaming\Microsoft\Windows\Templates
- printhood : C:\Users\Damith_106321a\AppData\Roaming\Microsoft\Windows\Printer Shortcuts
- cache : [...]
68
None
Exploitable with
Metasploit, CANVAS, Core Impact
Plugin Information:
Publication date: 2016/07/19, Modification date: 2019/11/12
Ports
lkazadconnect (TCP/0) Vulnerability State: Active
windows.immersivecontrolpanel_cw5n1h2txyewy!microsoft.windows.immersivecontrolpanel
{9e3995ab-1f9c-4f13-b827-48b24b6c7174}\taskbar\file explorer.lnk
microsoft.windows.search_cw5n1h2txyewy!cortanaui
{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\accessories\paint.lnk
ueme_ctlcuacount:ctor
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\snippingtool.exe
microsoft.windows.explorer
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\mspaint.exe
ueme_ctlsession
{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\accessories\snipping tool.lnk
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\servermanager.exe
69
Cumulative Rollup : 02_2022
Cumulative Rollup : 01_2022
Cumulative Rollup : 12_2021
Cumulative Rollup : 11_2021
Cumulative Rollup : 10_2021
Path : C:\Windows\Microsoft.NET\Framework\v4.0.30319\system.web.dll
Version : 4.8.4682.0
.NET Version : 4.8
Associated KB : 5031993
Latest effective update level : 11_2023
70
101114 - Microsoft Azure AD Connect Installed
Synopsis
Azure AD Connect is installed on the remote Windows host.
Description
Azure Active Directory (AD) Connect, a cloud integration tool for Microsoft Azure, is installed on the remote Windows
host.
See Also
http://www.nessus.org/u?20111b95
Solution
N/A
Risk Factor
None
Exploitable with
Metasploit, CANVAS, Core Impact
Plugin Information:
Publication date: 2017/06/29, Modification date: 2024/01/16
Ports
lkazadconnect (TCP/445) Vulnerability State: Active
71
Description
ASP .NET Core runtime, web application server side components, are installed on the remote Windows host.
See Also
https://github.com/aspnet/AspNetCore
Solution
N/A
Risk Factor
None
References
XREF IAVT-0001-T-0657
Exploitable with
Metasploit, CANVAS, Core Impact
Plugin Information:
Publication date: 2017/11/17, Modification date: 2024/01/16
Ports
lkazadconnect (TCP/445) Vulnerability State: Active
72
lkazadconnect (TCP/445) Vulnerability State: Active
106716 - Microsoft Windows SMB2 and SMB3 Dialects Supported (remote check)
Synopsis
It was possible to obtain information about the dialects of SMB2 and SMB3 available on the remote host.
Description
Nessus was able to obtain the set of SMB2 and SMB3 dialects running on the remote host by sending an
authentication request to port 139 or 445.
Solution
N/A
Risk Factor
None
Exploitable with
Metasploit, CANVAS, Core Impact
Plugin Information:
Publication date: 2018/02/09, Modification date: 2020/03/11
Ports
lkazadconnect (TCP/445) Vulnerability State: Active
The remote host does NOT support the following SMB dialects :
_version_ _introduced in windows version_
2.2.2 Windows 8 Beta
2.2.4 Windows 8 Beta
3.1 Windows 10
73
For example, authentication to the SSH service on the remote target may have consistently succeeded with
no privilege errors encountered, while connections to the SMB service on the remote target may have failed
intermittently.
- Resolving logged issues for all available authentication protocols may improve scan coverage, but the value of
resolving each issue for a particular protocol may vary from target to target depending upon what data (if any) is
gathered from the target via that protocol and what particular check failed. For example, consistently successful
checks via SSH are more critical for Linux targets than for Windows targets, and likewise consistently successful
checks via SMB are more critical for Windows targets than for Linux targets.
Solution
N/A
Risk Factor
None
References
XREF IAVB-0001-B-0520
Exploitable with
Metasploit, CANVAS, Core Impact
Plugin Information:
Publication date: 2018/05/24, Modification date: 2021/07/26
Ports
lkazadconnect (TCP/445) Vulnerability State: Resurfaced
Nessus was able to log into the remote host with no privilege or access
problems via the following :
User: 'adl\vaadmin'
Port: 445
Proto: SMB
Method: password
74
Nessus was able to log in to the remote host using the provided credentials and enumerate OS security patch levels.
Description
Nessus was able to determine OS security patch levels by logging into the remote host and running commands to
determine the version of the operating system and its components. The remote host was identified as an operating
system or device that Nessus supports for patch and update assessment. The necessary information was obtained to
perform these checks.
Solution
N/A
Risk Factor
None
References
XREF IAVB-0001-B-0516
Exploitable with
Metasploit, CANVAS, Core Impact
Plugin Information:
Publication date: 2018/10/02, Modification date: 2021/07/12
Ports
lkazadconnect (TCP/445) Vulnerability State: Resurfaced
OS Security Patch Assessment is available.
Account : adl\vaadmin
Protocol : SMB
75
See Also
https://www.microsoft.com/en-us/windows/comprehensive-security
Solution
N/A
Risk Factor
None
Exploitable with
Metasploit, CANVAS, Core Impact
Plugin Information:
Publication date: 2019/11/15, Modification date: 2024/01/16
Ports
lkazadconnect (TCP/0) Vulnerability State: Active
76
None
Exploitable with
Metasploit, CANVAS, Core Impact
Plugin Information:
Publication date: 2020/05/29, Modification date: 2024/01/16
Ports
lkazadconnect (TCP/445) Vulnerability State: Active
Package : Downlevel-NLS-Sorting-Versions-Server-FoD-
Package~31bf3856ad364e35~amd64~~10.0.20348.1
State : Installed
Release Type : OnDemand Pack
Install Time : 5/8/2021 9:37 AM
Package : Downlevel-NLS-Sorting-Versions-Server-FoD-
Package~31bf3856ad364e35~wow64~~10.0.20348.1
State : Installed
Release Type : OnDemand Pack
Install Time : 5/8/2021 9:37 AM
Package : Microsoft-OneCore-DirectX-Database-FOD-Package~31bf3856ad364e35~amd64~~10.0.20348.1
State : Installed
Release Type : OnDemand Pack
Install Time : 5/8/2021 9:37 AM
Package : Microsoft-OneCore-RasSstp-Api-Package~31bf3856ad364e35~amd64~~10.0.20348.1
State : Staged
Release Type : Feature Pack
Install Time :
Package : Microsoft-Windows-FodMetadata-Package~31bf3856ad364e35~amd64~~10.0.20348.1
State : Installed
Release Type : Feature Pack
Install Time : 5/8/2021 9:35 AM
Package : Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~10.0.20348.1
State : Installed
Release Type : Foundation
77
Install Time : 5/8/2021 8:24 AM
Package : Microsoft-Windows-InternetExplorer-Optional-
Package~31bf3856ad364e35~amd64~~11.0.20348.380
State : Installed
Release Type : OnDemand Pack
Install Time : 12/13/2021 7:01 PM
Package : Microsoft-Windows-LanguageFeatures-Basic-en-us-
Package~31bf3856ad364e35~amd64~~10.0.20348.1
State : Installed
Release Type : OnDemand Pack
Install Time : 5/8/2021 9:36 AM
Package : Microsoft-Windows-LanguageFeatures-Handwriting-en-us-
Package~31bf3856ad364e35~amd64~~10.0.20348.1
State : Installed
Release Type : OnDemand Pack
Install Time : 5/8/2021 9:37 AM
Package : Microsoft-Windows-LanguageFeatures-OCR-en-us-
Package~31bf3856ad364e35~amd64~~10.0.20348.1
State : Installed
Release Type : OnDemand Pack
Install Time : 5/8/2021 9:37 AM
Package : [...]
Nessus was able to log in to the remote host via the following :
User: 'adl\vaadmin'
Port: 445
Proto: SMB
Method: password
78
148541 - Windows Language Settings Detection
Synopsis
This plugin enumerates language files on a windows host.
Description
By connecting to the remote host with the supplied credentials, this plugin enumerates language IDs listed on the
host.
Solution
N/A
Risk Factor
None
Exploitable with
Metasploit, CANVAS, Core Impact
Plugin Information:
Publication date: 2021/04/14, Modification date: 2022/02/01
Ports
lkazadconnect (TCP/0) Vulnerability State: Active
Default Install Language Code: 1033
79
N/A
Risk Factor
None
Exploitable with
Metasploit, CANVAS, Core Impact
Plugin Information:
Publication date: 2021/11/17, Modification date: 2024/01/16
Ports
lkazadconnect (TCP/0) Vulnerability State: Active
- Invoke-RestMethod:
- + CategoryInfo: InvalidOperation: (System.Net.HttpWebRequest:HttpWebRequest) [Invoke-
RestMethod], WebExc
- + FullyQualifiedErrorId:
WebCmdletWebResponseException,Microsoft.PowerShell.Commands.InvokeRestMethodCommand
- Invoke-RestMethod:
- + CategoryInfo: InvalidOperation: (System.Net.HttpWebRequest:HttpWebRequest) [Invoke-
RestMethod], WebExc
- + FullyQualifiedErrorId:
WebCmdletWebResponseException,Microsoft.PowerShell.Commands.InvokeRestMethodCommand
- Invoke-RestMethod:
- + CategoryInfo: InvalidOperation: (System.Net.HttpWebRequest:HttpWebRequest) [Invoke-
RestMethod], WebExc
- + FullyQualifiedErrorId:
WebCmdletWebResponseException,Microsoft.PowerShell.Commands.InvokeRestMethodCommand
Path : C:\Windows\System32\DriverStore\FileRepository
\ntprint.inf_amd64_675324844f835f70\Amd64\mxdwdrv.dll
Version : 10.0.20348.1
Supported Platform : Windows x64
Path : C:\Windows\System32\DriverStore\FileRepository
\ntprint.inf_amd64_675324844f835f70\Amd64\mxdwdrv.dll
Version : 10.0.20348.1006
80
Supported Platform : Windows x64
Nessus detected 2 installs of Microsoft enhanced Point and Print compatibility driver:
Path : C:\Windows\system32\spool\DRIVERS\x64\3\mxdwdrv.dll
Version : 10.0.20348.2110
Supported Platform : Windows x64
Path : C:\Windows\system32\spool\DRIVERS\W32X86\3\mxdwdrv.dll
Version : 10.0.20348.2110
Supported Platform : Windows NT x86
Path : C:\Windows\System32\DriverStore\FileRepository
\ntprint.inf_amd64_675324844f835f70\Amd64\mxdwdrv.dll
Version : 10.0.20348.1
Supported Platform : Windows x64
Path : C:\Windows\system32\spool\DRIVERS\x64\3\FXSDRV.DLL
Version : 10.0.20348.1906
Supported Platform : Windows x64
Path : C:\Windows\system32\spool\DRIVERS\x64\3\mxdwdrv.dll
Version : 10.0.20348.1
Supported Platform : Windows x64
https://github.com/dotnet/aspnetcore/issues/39028
Solution
Update ASP.NET Core, remove vulnerable packages and refer to vendor advisory.
Risk Factor
Medium
Vulnerability Priority Rating (VPR)
7.3
CVSS v3.0 Base Score
8.8 (AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
7.7 (E:U/RL:O/RC:C)
CVSS Base Score
4.6 (AV:L/AC:L/Au:N/C:P/I:P/A:P)
CVSS Temporal Score
3.4 (E:U/RL:OF/RC:C)
STIG Severity
81
I
References
CVE CVE-2021-43877
XREF IAVA-2021-A-0581-S
Exploitable with
Metasploit, CANVAS, Core Impact
Plugin Information:
Publication date: 2021/12/21, Modification date: 2023/12/28
Ports
lkazadconnect (TCP/445) Vulnerability State: Active
https://ssl-config.mozilla.org/
Solution
Only enable support for recommened cipher suites.
82
Risk Factor
None
Exploitable with
Metasploit, CANVAS, Core Impact
Plugin Information:
Publication date: 2022/01/20, Modification date: 2023/07/10
Ports
lkazadconnect (TCP/3389) Vulnerability State: Active
The remote host has listening SSL/TLS ports which advertise the discouraged cipher suites outlined
below:
{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
https://dotnet.microsoft.com/download/dotnet/6.0
https://github.com/dotnet/announcements/issues/208
http://www.nessus.org/u?65bd7b62
Solution
Update to .NET Core Runtime to version 5.0.14 or 6.0.2
Risk Factor
Medium
Vulnerability Priority Rating (VPR)
4.4
CVSS v3.0 Base Score
7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
83
CVSS v3.0 Temporal Score
6.5 (E:U/RL:O/RC:C)
CVSS Base Score
4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P)
CVSS Temporal Score
3.2 (E:U/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2022-21986
XREF IAVA-2022-A-0078-S
Exploitable with
Metasploit, CANVAS, Core Impact
Plugin Information:
Publication date: 2022/02/10, Modification date: 2022/05/06
Ports
lkazadconnect (TCP/445) Vulnerability State: Active
https://dotnet.microsoft.com/download/dotnet/5.0
https://dotnet.microsoft.com/download/dotnet/6.0
https://github.com/dotnet/announcements/issues/210
http://www.nessus.org/u?56caba70
http://www.nessus.org/u?95177a8e
http://www.nessus.org/u?96c2a71d
Solution
Update .NET Core Runtime to version 3.1.23, 5.0.15 or 6.0.3.
Risk Factor
Medium
Vulnerability Priority Rating (VPR)
84
4.4
CVSS v3.0 Base Score
6.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L)
CVSS v3.0 Temporal Score
5.7 (E:U/RL:O/RC:C)
CVSS Base Score
6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)
CVSS Temporal Score
5.0 (E:U/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2022-24512
CVE CVE-2022-24464
CVE CVE-2020-8927
XREF IAVA-2022-A-0106-S
Exploitable with
Metasploit, CANVAS, Core Impact
Plugin Information:
Publication date: 2022/03/09, Modification date: 2023/04/18
Ports
lkazadconnect (TCP/445) Vulnerability State: Active
85
Publication date: 2022/04/18, Modification date: 2023/08/25
Ports
lkazadconnect (TCP/445) Vulnerability State: Active
http://www.nessus.org/u?1a4b3744
Solution
Disable SMB version 1 and block all versions of SMB at the network boundary by blocking TCP port 445 with related
protocols on UDP ports 137-138 and TCP port 139, for all boundary devices.
Risk Factor
None
Exploitable with
Metasploit, CANVAS, Core Impact
Plugin Information:
Publication date: 2022/05/04, Modification date: 2022/05/04
Ports
86
lkazadconnect (TCP/445) Vulnerability State: Resurfaced
- SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters\SMB2 : Key not found.
- SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters\SMB3 : Key not found.
- SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters\SMB1 : Key not found.
161691 - The Microsoft Windows Support Diagnostic Tool (MSDT) RCE Workaround Detection
(CVE-2022-30190)
Synopsis
Checks for the HKEY_CLASSES_ROOT\ms-msdt registry key.
Description
The remote host has the HKEY_CLASSES_ROOT\ms-msdt registry key. This is a known exposure for
CVE-2022-30190.
Note that Nessus has not tested for CVE-2022-30190. It is only checking if the registry key exists. The
recommendation is to apply the latest patch.
See Also
http://www.nessus.org/u?440e4ba1
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30190
http://www.nessus.org/u?b9345997
Solution
Apply the latest Cumulative Update.
Risk Factor
None
Exploitable with
Metasploit, CANVAS, Core Impact
Plugin Information:
Publication date: 2022/05/31, Modification date: 2022/07/28
Ports
lkazadconnect (TCP/445) Vulnerability State: Active
The HKEY_CLASSES_ROOT\ms-msdt registry key exists on the target. This may indicate that the target
is vulnerable to CVE-2022-30190, if the vendor patch is not applied.
87
Windows AlwaysInstallElevated policy status was found on the remote Windows host
Description
Windows AlwaysInstallElevated policy status was found on the remote Windows host.
You can use the AlwaysInstallElevated policy to install a Windows Installer package with elevated (system) privileges
This option is equivalent to granting full administrative rights, which can pose a massive security risk. Microsoft
strongly discourages the use of this setting.
Solution
If enabled, disable AlwaysInstallElevated policy per your corporate security guidelines.
Risk Factor
None
Exploitable with
Metasploit, CANVAS, Core Impact
Plugin Information:
Publication date: 2022/06/14, Modification date: 2022/06/14
Ports
lkazadconnect (TCP/445) Vulnerability State: Active
AlwaysInstallElevated policy is not enabled under HKEY_LOCAL_MACHINE.
AlwaysInstallElevated policy is not enabled under HKEY_USERS
user:S-1-5-21-2016934633-2723708669-2290440068-7636
https://dotnet.microsoft.com/download/dotnet/6.0
https://github.com/dotnet/announcements/issues/225
http://www.nessus.org/u?bfb8ea98
Solution
Update .NET Core Runtime to version 3.1.26 or 6.0.6.
Risk Factor
Medium
Vulnerability Priority Rating (VPR)
4.4
CVSS v3.0 Base Score
5.5 (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N)
CVSS v3.0 Temporal Score
5.1 (E:F/RL:O/RC:C)
CVSS Base Score
4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N)
CVSS Temporal Score
3.6 (E:F/RL:OF/RC:C)
88
STIG Severity
I
References
CVE CVE-2022-30184
XREF IAVA-2022-A-0235-S
XREF MSFT-MS22-5015429
XREF MSFT-MS22-5015424
XREF MSKB-5015429
XREF MSKB-5015424
Exploitable with
Metasploit, CANVAS, Core Impact
Plugin Information:
Publication date: 2022/06/16, Modification date: 2024/01/16
Ports
lkazadconnect (TCP/445) Vulnerability State: Active
Path : C:\Windows\system32\mshtml.dll
Version : 11.0.20348.2110
89
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.
See Also
https://support.microsoft.com/help/5016987
https://support.microsoft.com/help/5016990
https://dotnet.microsoft.com/download/dotnet/3.1
https://dotnet.microsoft.com/download/dotnet/6.0
http://www.nessus.org/u?327bb1fb
http://www.nessus.org/u?7ce182ee
https://github.com/dotnet/core/issues/7682
Solution
Update .NET Core Runtime to version 3.1.28 or 6.0.8.
Risk Factor
Medium
Vulnerability Priority Rating (VPR)
4.4
CVSS v3.0 Base Score
5.9 (AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)
CVSS v3.0 Temporal Score
5.3 (E:P/RL:O/RC:C)
CVSS Base Score
5.4 (AV:N/AC:H/Au:N/C:C/I:N/A:N)
CVSS Temporal Score
4.2 (E:POC/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2022-34716
XREF IAVA-2022-A-0313-S
XREF MSFT-MS22-5016990
XREF MSFT-MS22-5016987
XREF MSKB-5016990
XREF MSKB-5016987
Exploitable with
Metasploit, CANVAS, Core Impact
Plugin Information:
Publication date: 2022/08/10, Modification date: 2024/01/16
Ports
lkazadconnect (TCP/445) Vulnerability State: Active
90
Installed version : 3.1.20.30521
Fixed version : 3.1.28
Username: DefaultAccount
SID: S-1-5-21-3230073303-737008294-1742660446-503
DisableCMD: Unset
Username: azadmin
SID: S-1-5-21-3230073303-737008294-1742660446-500
DisableCMD: Unset
Username: WDAGUtilityAccount
SID: S-1-5-21-3230073303-737008294-1742660446-504
DisableCMD: Unset
Username: Guest
SID: S-1-5-21-3230073303-737008294-1742660446-501
DisableCMD: Unset
http://www.nessus.org/u?c76821a3
Solution
Update ASP.NET Core Runtime to version 3.1.29 or 6.0.9.
91
Risk Factor
High
Vulnerability Priority Rating (VPR)
4.4
CVSS v3.0 Base Score
7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVSS v3.0 Temporal Score
7.0 (E:F/RL:O/RC:C)
CVSS Base Score
7.8 (AV:N/AC:L/Au:N/C:N/I:N/A:C)
CVSS Temporal Score
6.4 (E:F/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2022-38013
XREF IAVA-2022-A-0374-S
XREF MSFT-MS22-5017915
XREF MSFT-MS22-5017903
XREF MSKB-5017915
XREF MSKB-5017903
Exploitable with
Metasploit, CANVAS, Core Impact
Plugin Information:
Publication date: 2022/09/14, Modification date: 2023/10/11
Ports
lkazadconnect (TCP/445) Vulnerability State: Active
92
https://support.microsoft.com/help/5017915
https://dotnet.microsoft.com/download/dotnet/3.1
https://dotnet.microsoft.com/download/dotnet/6.0
http://www.nessus.org/u?cf2fdae6
http://www.nessus.org/u?775af4a9
https://github.com/dotnet/core/issues/7791
Solution
Update .NET Core Runtime to version 3.1.29 or 6.0.9.
Risk Factor
High
Vulnerability Priority Rating (VPR)
4.4
CVSS v3.0 Base Score
7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVSS v3.0 Temporal Score
7.0 (E:F/RL:O/RC:C)
CVSS Base Score
7.8 (AV:N/AC:L/Au:N/C:N/I:N/A:C)
CVSS Temporal Score
6.4 (E:F/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2022-38013
XREF IAVA-2022-A-0374-S
XREF MSFT-MS22-5017915
XREF MSFT-MS22-5017903
XREF MSKB-5017915
XREF MSKB-5017903
Exploitable with
Metasploit, CANVAS, Core Impact
Plugin Information:
Publication date: 2022/09/14, Modification date: 2024/01/16
Ports
lkazadconnect (TCP/445) Vulnerability State: Active
93
The remote Windows host is potentially missing a mitigation for a remote code execution vulnerability.
Description
The remote system may be in a vulnerable state to CVE-2013-3900 due to a missing or misconfigured registry keys:
- HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Wintrust\Config\EnableCertPaddingCheck
- HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Cryptography\Wintrust\Config
\EnableCertPaddingCheck An unauthenticated, remote attacker could exploit this, by sending specially crafted
requests, to execute arbitrary code on an affected host.
See Also
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2013-3900
http://www.nessus.org/u?9780b9d2
Solution
Add and enable registry value EnableCertPaddingCheck:
- HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Wintrust\Config\EnableCertPaddingCheck
Additionally, on 64 Bit OS systems, Add and enable registry value EnableCertPaddingCheck:
- HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Cryptography\Wintrust\Config
\EnableCertPaddingCheck
Risk Factor
High
Vulnerability Priority Rating (VPR)
8.9
CVSS v3.0 Base Score
7.8 (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
7.5 (E:H/RL:O/RC:C)
CVSS Base Score
7.6 (AV:N/AC:H/Au:N/C:C/I:C/A:C)
CVSS Temporal Score
6.6 (E:H/RL:OF/RC:C)
STIG Severity
II
References
CVE CVE-2013-3900
XREF CISA-KNOWN-EXPLOITED-2022/07/10
XREF IAVA-2013-A-0227
Exploitable with
Metasploit, CANVAS, Core Impact
Plugin Information:
Publication date: 2022/10/26, Modification date: 2023/12/26
Ports
lkazadconnect (TCP/445) Vulnerability State: Active
94
Synopsis
The Microsoft .NET core installations on the remote host are affected by remote code execution vulnerability.
Description
A remote code execution vulnerability exists in .NET Core 3.1, .NET 6.0, and .NET 7.0, where a malicious actor could
cause a user to run arbitrary code as a result of parsing maliciously crafted xps files.
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.
See Also
https://support.microsoft.com/en-us/help/5021953
https://support.microsoft.com/en-us/help/5021954
https://support.microsoft.com/en-us/help/5021955
Solution
Update .NET Core Runtime to version 3.1.32 or 6.0.12 or 7.0.1.
Risk Factor
High
Vulnerability Priority Rating (VPR)
6.7
CVSS v3.0 Base Score
7.8 (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
6.8 (E:U/RL:O/RC:C)
CVSS Base Score
7.2 (AV:L/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score
5.3 (E:U/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2022-41089
XREF IAVA-2022-A-0526
XREF MSFT-MS22-5021955
XREF MSFT-MS22-5021954
XREF MSFT-MS22-5021953
XREF MSKB-5021955
XREF MSKB-5021954
XREF MSKB-5021953
Exploitable with
Metasploit, CANVAS, Core Impact
Plugin Information:
Publication date: 2022/12/15, Modification date: 2024/01/16
Ports
lkazadconnect (TCP/445) Vulnerability State: Active
95
Path : C:\Program Files\dotnet\shared\Microsoft.NetCore.App\3.1.20\
Installed version : 3.1.20.30521
Fixed version : 3.1.32
https://support.microsoft.com/en-us/help/5021954
https://support.microsoft.com/en-us/help/5021955
Solution
Update ASP.NET Core Runtime to version 3.1.32 or 6.0.12 or 7.0.1.
Risk Factor
High
Vulnerability Priority Rating (VPR)
6.7
CVSS v3.0 Base Score
7.8 (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
6.8 (E:U/RL:O/RC:C)
CVSS Base Score
7.2 (AV:L/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score
5.3 (E:U/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2022-41089
XREF IAVA-2022-A-0526
XREF MSFT-MS22-5021955
XREF MSFT-MS22-5021954
XREF MSFT-MS22-5021953
XREF MSKB-5021955
XREF MSKB-5021954
XREF MSKB-5021953
Exploitable with
Metasploit, CANVAS, Core Impact
96
Plugin Information:
Publication date: 2022/12/15, Modification date: 2023/11/20
Ports
lkazadconnect (TCP/445) Vulnerability State: Active
C:\Windows\system32
C:\Windows
C:\Windows\System32\Wbem
C:\Windows\System32\WindowsPowerShell\v1.0\
C:\Windows\System32\OpenSSH\
C:\Program Files\dotnet\
C:\Program Files (x86)\dotnet\
C:\Program Files\Microsoft SQL Server\Client SDK\ODBC\170\Tools\Binn\
C:\Program Files\Microsoft SQL Server\150\Tools\Binn\
C:\Users\vaadmin\AppData\Local\Microsoft\WindowsApps
169783 - Security Updates for Windows Malicious Software Removal Tool (January 2023)
Synopsis
The remote Windows host has an antimalware application that is affected by a privilege escalation vulnerability.
Description
The Windows Malicious Software Removal Tool installation on the remote host is missing a security update. It is,
therefore, affected by the following vulnerability:
- An elevation of privilege vulnerability. An attacker can exploit this to gain elevated privileges.
(CVE-2023-21725)
See Also
http://www.nessus.org/u?867b0b4e
Solution
Microsoft has released version 5.109 to address this issue.
Risk Factor
97
Medium
Vulnerability Priority Rating (VPR)
6.0
CVSS v3.0 Base Score
6.3 (AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H)
CVSS v3.0 Temporal Score
5.9 (E:F/RL:O/RC:C)
CVSS Base Score
5.5 (AV:L/AC:H/Au:S/C:N/I:C/A:C)
CVSS Temporal Score
4.5 (E:F/RL:OF/RC:C)
References
CVE CVE-2023-21725
Exploitable with
Metasploit, CANVAS, Core Impact
Plugin Information:
Publication date: 2023/01/10, Modification date: 2023/09/08
Ports
lkazadconnect (TCP/445) Vulnerability State: Active
98
Common Name : CN=LKAZADCONNECT
SamAccountName : LKAZADCONNECT$
Domain Role : MemberServer
Domain : adl.local
Lowest Subdomain : ADL
DNS Name : LKAZADCONNECT
Distinguished Name : CN=LKAZADCONNECT,OU=Servers,DC=adl,DC=local
Record Name : LKAZADCONNECT
99
lkazadconnect (TCP/0) Vulnerability State: Active
Path : C:\Windows\SysWOW64\curl.exe
Version : 8.4.0.0
Managed by OS : True
Path : C:\Windows\System32\curl.exe
Version : 8.4.0.0
Managed by OS : True
100
Ports
lkazadconnect (TCP/0) Vulnerability State: Active
101
Installed version : 5.0.11.30523
Security End of Life : May 10, 2022
Time since Security End of Life (Est.) : >= 1 year
Path : C:\Windows\System32\msodbcsql17.dll
Version : 17.10.5.1
User : Thilaksha_106310a
|- Browser : Microsoft Edge
|- Add-on information :
102
Name : unknown
Version : 1.69.5
Path : C:\Users\Thilaksha_106310a\AppData\Local\Microsoft\Edge\User Data\Default\Extensions
\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.69.5_0
103
[DisplayName] :
Raw Value : Microsoft .NET Core Host FX Resolver - 3.1.20 (x64)
[UninstallString] :
Raw Value : MsiExec.exe /X{6B6BB193-15B3-4493-914B-19A4B4CE50EF}
[InstallDate] :
Raw Value : 2021/11/03
[DisplayVersion] :
Raw Value : 24.80.30521
[VersionMinor] :
Raw Value : 80
186777 - KB5033118: Windows 2022 / Azure Stack HCI 22H2 Security Update (December 2023)
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing security update 5033118 or Azure HotPatch 5033464. It is, therefore, affected by
multiple vulnerabilities
- Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability (CVE-2023-36006)
- Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability (CVE-2023-36696)
- Win32k Elevation of Privilege Vulnerability (CVE-2023-36011)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.
See Also
https://support.microsoft.com/help/5033118
https://support.microsoft.com/help/5033464
104
Solution
Apply Security Update 5033118 or Azure HotPatch 5033464
Risk Factor
Critical
Vulnerability Priority Rating (VPR)
8.4
CVSS v3.0 Base Score
8.8 (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
7.9 (E:P/RL:O/RC:C)
CVSS Base Score
10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score
7.8 (E:POC/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2023-36696
CVE CVE-2023-36012
CVE CVE-2023-36011
CVE CVE-2023-36006
CVE CVE-2023-36005
CVE CVE-2023-36004
CVE CVE-2023-36003
CVE CVE-2023-35644
CVE CVE-2023-35643
CVE CVE-2023-35642
CVE CVE-2023-35641
CVE CVE-2023-35639
CVE CVE-2023-35638
CVE CVE-2023-35630
CVE CVE-2023-35628
CVE CVE-2023-35622
CVE CVE-2023-21740
CVE CVE-2023-20588
XREF IAVA-2023-A-0690-S
105
XREF IAVA-2023-A-0689-S
XREF MSFT-MS23-5033464
XREF MSFT-MS23-5033118
XREF MSKB-5033464
XREF MSKB-5033118
Exploitable with
Metasploit, CANVAS, Core Impact
Plugin Information:
Publication date: 2023/12/12, Modification date: 2024/01/15
Ports
lkazadconnect (TCP/445) Vulnerability State: Active
https://www.microsoft.com/en-us/windows-server
Solution
N/A
Risk Factor
None
Exploitable with
Metasploit, CANVAS, Core Impact
Plugin Information:
Publication date: 2023/12/27, Modification date: 2023/12/27
Ports
lkazadconnect (TCP/0) Vulnerability State: Active
106
Type : local
Method : SMB
Confidence : 100
187790 - KB5034129: Windows 2022 / Azure Stack HCI 22H2 Security Update (January 2024)
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing security update 5034129. It is, therefore, affected by multiple vulnerabilities
- Microsoft ODBC Driver Remote Code Execution Vulnerability (CVE-2024-20654)
- BitLocker Security Feature Bypass Vulnerability (CVE-2024-20666)
- Windows Kerberos Security Feature Bypass Vulnerability (CVE-2024-20674)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.
See Also
https://support.microsoft.com/help/5034129
Solution
Apply Security Update 5034129
Risk Factor
High
Vulnerability Priority Rating (VPR)
8.4
CVSS v3.0 Base Score
8.0 (AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
7.2 (E:P/RL:O/RC:C)
CVSS Base Score
9.0 (AV:N/AC:L/Au:S/C:C/I:C/A:C)
CVSS Temporal Score
7.0 (E:POC/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2024-21320
CVE CVE-2024-21316
CVE CVE-2024-21314
CVE CVE-2024-21313
CVE CVE-2024-21311
CVE CVE-2024-21310
CVE CVE-2024-21309
CVE CVE-2024-21307
CVE CVE-2024-21306
CVE CVE-2024-21305
CVE CVE-2024-20700
107
CVE CVE-2024-20699
CVE CVE-2024-20698
CVE CVE-2024-20696
CVE CVE-2024-20694
CVE CVE-2024-20692
CVE CVE-2024-20691
CVE CVE-2024-20687
CVE CVE-2024-20683
CVE CVE-2024-20682
CVE CVE-2024-20681
CVE CVE-2024-20680
CVE CVE-2024-20674
CVE CVE-2024-20666
CVE CVE-2024-20664
CVE CVE-2024-20663
CVE CVE-2024-20662
CVE CVE-2024-20661
CVE CVE-2024-20660
CVE CVE-2024-20658
CVE CVE-2024-20657
CVE CVE-2024-20655
CVE CVE-2024-20654
CVE CVE-2024-20653
CVE CVE-2024-20652
CVE CVE-2022-35737
XREF IAVA-2024-A-0016
XREF IAVA-2024-A-0015
XREF MSFT-MS24-5034129
XREF MSKB-5034129
Exploitable with
Metasploit, CANVAS, Core Impact
Plugin Information:
Publication date: 2024/01/09, Modification date: 2024/01/15
108
Ports
lkazadconnect (TCP/445) Vulnerability State: Active
https://dotnet.microsoft.com/download/dotnet/6.0
https://dotnet.microsoft.com/en-us/download/dotnet/7.0
https://dotnet.microsoft.com/en-us/download/dotnet/8.0
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-0057
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20672
https://support.microsoft.com/help/5033733
https://support.microsoft.com/help/5033734
https://support.microsoft.com/help/5033741
http://www.nessus.org/u?7cc3c135
http://www.nessus.org/u?f9bea036
Solution
Update .NET Core, remove vulnerable packages and refer to vendor advisory.
Risk Factor
High
Vulnerability Priority Rating (VPR)
6.0
CVSS v3.0 Base Score
9.1 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N)
CVSS v3.0 Temporal Score
7.9 (E:U/RL:O/RC:C)
CVSS Base Score
9.4 (AV:N/AC:L/Au:N/C:C/I:C/A:N)
CVSS Temporal Score
109
7.0 (E:U/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2024-20672
CVE CVE-2024-0057
XREF IAVA-2024-A-0017
Exploitable with
Metasploit, CANVAS, Core Impact
Plugin Information:
Publication date: 2024/01/10, Modification date: 2024/01/12
Ports
lkazadconnect (TCP/445) Vulnerability State: Active
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-0056
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-0057
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21312
https://support.microsoft.com/en-us/help/5033898
https://support.microsoft.com/en-us/help/5033899
https://support.microsoft.com/en-us/help/5033904
https://support.microsoft.com/en-us/help/5033907
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36042
https://support.microsoft.com/en-us/help/5033909
https://support.microsoft.com/en-us/help/5033910
https://support.microsoft.com/en-us/help/5033911
110
https://support.microsoft.com/en-us/help/5033912
https://support.microsoft.com/en-us/help/5033914
https://support.microsoft.com/en-us/help/5033916
https://support.microsoft.com/en-us/help/5033917
https://support.microsoft.com/en-us/help/5033918
https://support.microsoft.com/en-us/help/5033919
https://support.microsoft.com/en-us/help/5033920
https://support.microsoft.com/en-us/help/5033922
https://support.microsoft.com/en-us/help/5033945
https://support.microsoft.com/en-us/help/5033946
https://support.microsoft.com/en-us/help/5033947
https://support.microsoft.com/en-us/help/5033948
Solution
Microsoft has released security updates for Microsoft .NET Framework.
Risk Factor
High
Vulnerability Priority Rating (VPR)
7.1
CVSS v3.0 Base Score
9.1 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N)
CVSS v3.0 Temporal Score
7.9 (E:U/RL:O/RC:C)
CVSS Base Score
9.4 (AV:N/AC:L/Au:N/C:C/I:C/A:N)
CVSS Temporal Score
7.0 (E:U/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2024-21312
CVE CVE-2024-0057
CVE CVE-2024-0056
CVE CVE-2023-36042
XREF IAVA-2024-A-0011
XREF MSFT-MS24-5033948
XREF MSFT-MS24-5033947
111
XREF MSFT-MS24-5033946
XREF MSFT-MS24-5033945
XREF MSFT-MS24-5033922
XREF MSFT-MS24-5033920
XREF MSFT-MS24-5033919
XREF MSFT-MS24-5033918
XREF MSFT-MS24-5033917
XREF MSFT-MS24-5033916
XREF MSFT-MS24-5033914
XREF MSFT-MS24-5033912
XREF MSFT-MS24-5033911
XREF MSFT-MS24-5033910
XREF MSFT-MS24-5033909
XREF MSFT-MS24-5033907
XREF MSFT-MS24-5033904
XREF MSFT-MS24-5033899
XREF MSFT-MS24-5033898
XREF MSKB-5033948
XREF MSKB-5033947
XREF MSKB-5033946
XREF MSKB-5033945
XREF MSKB-5033922
XREF MSKB-5033920
XREF MSKB-5033919
XREF MSKB-5033918
XREF MSKB-5033917
XREF MSKB-5033916
XREF MSKB-5033914
XREF MSKB-5033912
XREF MSKB-5033911
XREF MSKB-5033910
112
XREF MSKB-5033909
XREF MSKB-5033907
XREF MSKB-5033904
XREF MSKB-5033899
XREF MSKB-5033898
Exploitable with
Metasploit, CANVAS, Core Impact
Plugin Information:
Publication date: 2024/01/10, Modification date: 2024/01/12
Ports
lkazadconnect (TCP/445) Vulnerability State: Active
Cumulative
- 5033914
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-0333
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20675
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20709
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20721
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21337
Solution
Upgrade to Microsoft Edge version 120.0.2336.0 or later.
Risk Factor
High
Vulnerability Priority Rating (VPR)
113
7.4
CVSS v3.0 Base Score
6.3 (AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L)
CVSS v3.0 Temporal Score
5.5 (E:U/RL:O/RC:C)
CVSS Base Score
7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS Temporal Score
5.5 (E:U/RL:OF/RC:C)
References
CVE CVE-2024-21337
CVE CVE-2024-20721
CVE CVE-2024-20709
CVE CVE-2024-20675
CVE CVE-2024-0333
Exploitable with
Metasploit, CANVAS, Core Impact
Plugin Information:
Publication date: 2024/01/11, Modification date: 2024/01/11
Ports
lkazadconnect (TCP/445) Vulnerability State: Active
Issuer Name:
114
Serial Number: 19 9B 64 02 D2 7C D7 A5 4C BD 38 6E FA 2A 3E 3E
Version: 3
115
Path : C:\Program Files\Microsoft SQL Server\150\LocalDB\Binn\
Named Instance : MSSQL15E.LOCALDB
http://www.nessus.org/u?15ae6806
Solution
N/A
Risk Factor
None
References
XREF IAVT-0001-T-0655
Exploitable with
Metasploit, CANVAS, Core Impact
Plugin Information:
Publication date: 2010/12/20, Modification date: 2022/10/18
Ports
lkazadconnect (TCP/445) Vulnerability State: Active
Path : C:\Windows\Microsoft.NET\Framework64\v4.0.30319\
Version : 4.8
116
Full Version : 4.8.04161
Install Type : Full
Release : 528449
Path : C:\Windows\Microsoft.NET\Framework64\v4.0.30319\
Version : 4.8
Full Version : 4.8.04161
Install Type : Client
Release : 528449
20231220190142.202877+330
117
Solution
N/A
Risk Factor
None
Exploitable with
Metasploit, CANVAS, Core Impact
Plugin Information:
Publication date: 2011/12/06, Modification date: 2021/07/12
Ports
lkazadconnect (TCP/445) Vulnerability State: Active
118
lkazadconnect (TCP/0) Vulnerability State: Active
HKLM\SYSTEM\CurrentControlSet\Control\TimeZoneInformation\TimeZoneKeyName : Sri Lanka Standard
Time
HKLM\SYSTEM\CurrentControlSet\Control\TimeZoneInformation\StandardName : @tzres.dll,-532
HKLM\SYSTEM\CurrentControlSet\Control\TimeZoneInformation\DaylightName : @tzres.dll,-531
HKLM\SYSTEM\CurrentControlSet\Control\TimeZoneInformation\DynamicDaylightTimeDisabled : 0x00000000
HKLM\SYSTEM\CurrentControlSet\Control\TimeZoneInformation\StandardBias : 0x00000000
HKLM\SYSTEM\CurrentControlSet\Control\TimeZoneInformation\DaylightBias : 0xFFFFFFC4
HKLM\SYSTEM\CurrentControlSet\Control\TimeZoneInformation\Bias : 0xFFFFFEB6
HKLM\SYSTEM\CurrentControlSet\Control\TimeZoneInformation\DaylightStart :
00000000000000000000000000000000
HKLM\SYSTEM\CurrentControlSet\Control\TimeZoneInformation\StandardStart :
00000000000000000000000000000000
http://www.nessus.org/u?61293b38
Solution
N/A
Risk Factor
None
Exploitable with
Metasploit, CANVAS, Core Impact
Plugin Information:
Publication date: 2016/07/19, Modification date: 2018/11/15
Ports
119
lkazadconnect (TCP/0) Vulnerability State: Active
[...]
Path : C:\Windows\\System32\\mstsc.exe
Version : 10.0.20348.1850
120
Windows LSA Protection is disabled on the remote Windows host.
Description
The LSA Protection validates users for local and remote sign-ins and enforces local security policies to prevent
reading memory and code injection by non-protected processes. This provides added security for the credentials that
the LSA stores and manages. This protects against Pass-the-Hash or Mimikatz-style attacks.
Solution
Enable LSA Protection per your corporate security guidelines.
Risk Factor
None
Exploitable with
Metasploit, CANVAS, Core Impact
Plugin Information:
Publication date: 2022/04/20, Modification date: 2022/05/25
Ports
lkazadconnect (TCP/445) Vulnerability State: Active
https://dotnet.microsoft.com/download/dotnet/5.0
https://dotnet.microsoft.com/download/dotnet/6.0
https://github.com/dotnet/announcements/issues/219
http://www.nessus.org/u?3b99f604
http://www.nessus.org/u?b1b0aff4
http://www.nessus.org/u?39d07c32
Solution
Update .NET Core Runtime to version 3.1.25, 5.0.17 or 6.0.5.
Risk Factor
Medium
Vulnerability Priority Rating (VPR)
4.4
CVSS v3.0 Base Score
7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
121
CVSS v3.0 Temporal Score
7.0 (E:F/RL:O/RC:C)
CVSS Base Score
5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVSS Temporal Score
4.1 (E:F/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2022-29145
CVE CVE-2022-29117
CVE CVE-2022-23267
XREF IAVA-2022-A-0201-S
Exploitable with
Metasploit, CANVAS, Core Impact
Plugin Information:
Publication date: 2022/05/13, Modification date: 2023/10/27
Ports
lkazadconnect (TCP/445) Vulnerability State: Active
122
Synopsis
The Microsoft .NET core installations on the remote host are affected by a privilege escalation vulnerability.
Description
A privilege escalation vulnerability exists in .NET core 6.0 < 6.0.10 and .NET Core 3.1 < 3.1.30. An authenticated,
local attacker can exploit this, via the NuGet client, to cause the user to execute arbitrary code.
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.
See Also
https://support.microsoft.com/help/5019349
https://support.microsoft.com/help/5019351
https://dotnet.microsoft.com/download/dotnet/3.1
https://dotnet.microsoft.com/download/dotnet/6.0
http://www.nessus.org/u?1a5250e3
http://www.nessus.org/u?0eafd070
https://github.com/dotnet/core/issues/7864
Solution
Update .NET Core Runtime to version 3.1.30 or 6.0.10.
Risk Factor
Medium
Vulnerability Priority Rating (VPR)
7.4
CVSS v3.0 Base Score
7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
7.2 (E:F/RL:O/RC:C)
CVSS Base Score
6.8 (AV:L/AC:L/Au:S/C:C/I:C/A:C)
CVSS Temporal Score
5.6 (E:F/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2022-41032
XREF IAVA-2022-A-0411-S
XREF MSFT-MS22-5019351
XREF MSFT-MS22-5019349
XREF MSKB-5019351
XREF MSKB-5019349
Exploitable with
Metasploit, CANVAS, Core Impact
Plugin Information:
123
Publication date: 2022/10/12, Modification date: 2024/01/16
Ports
lkazadconnect (TCP/445) Vulnerability State: Active
Path : C:\Windows\System32\msoledbsql.dll
Version : 18.6.7.0
124
lkazbackupresto
Scan Information
Start time: 2024/01/17 10:30
3 5 3 0 145 156
Results Details
/
10107 - HTTP Server Type and Version
Synopsis
A web server is running on the remote host.
Description
This plugin attempts to determine the type and the version of the remote web server.
Solution
N/A
Risk Factor
None
References
XREF IAVT-0001-T-0931
Exploitable with
Metasploit, CANVAS, Core Impact
Plugin Information:
Publication date: 2000/01/04, Modification date: 2020/10/30
Ports
lkazbackupresto (TCP/5985) Vulnerability State: Active
The remote web server type is :
Microsoft-HTTPAPI/2.0
Microsoft-HTTPAPI/2.0
125
Solution
Filter out the ICMP timestamp requests (13), and the outgoing ICMP timestamp replies (14).
Risk Factor
None
Vulnerability Priority Rating (VPR)
0.8
References
CVE CVE-1999-0524
XREF CWE-200
Exploitable with
Metasploit, CANVAS, Core Impact
Plugin Information:
Publication date: 1999/08/01, Modification date: 2023/04/27
Ports
lkazbackupresto (ICMP/0) Vulnerability State: Active
The ICMP timestamps seem to be in little endian format (not in network format)
The difference between the local and remote clocks is -244 seconds.
The remote host has the following MAC address on its adapter :
00:22:48:5a:cb:6d
126
Risk Factor
None
Exploitable with
Metasploit, CANVAS, Core Impact
Plugin Information:
Publication date: 1999/11/27, Modification date: 2023/12/04
Ports
lkazbackupresto (UDP/0) Vulnerability State: Active
For your information, here is the traceroute from 192.168.33.11 to 192.168.33.8 :
192.168.33.11
192.168.33.8
Hop Count: 1
https://support.microsoft.com/en-us/help/246261
Solution
N/A
Risk Factor
None
Exploitable with
Metasploit, CANVAS, Core Impact
Plugin Information:
Publication date: 2000/05/09, Modification date: 2023/07/25
Ports
lkazbackupresto (TCP/445) Vulnerability State: Resurfaced
- The SMB tests will be done as adl\vaadmin/******
127
Publication date: 2000/05/09, Modification date: 2022/02/01
Ports
lkazbackupresto (TCP/445) Vulnerability State: Active
Here are the SMB shares available on the remote host when logged in as vaadmin:
- ADMIN$
- C$
- D$
- IPC$
- MTATempStore$
- MTATempStore$ - (readable,writable)
+ Content of this share :
..
- D$ - (readable,writable)
+ Content of this share :
CollectGuestLogsTemp
DATALOSS_WARNING_README.txt
pagefile.sys
System Volume Information
- C$ - (readable,writable)
+ Content of this share :
BKP Restore
Documents and Settings
Packages
PerfLogs
Program Files
Program Files (x86)
ProgramData
Recovery
System Volume Information
Users
Windows
WindowsAzure
- ADMIN$ - (readable,writable)
+ Content of this share :
..
ADFS
appcompat
apppatch
128
AppReadiness
assembly
bcastdvr
bfsvc.exe
BitLockerDiscoveryVolumeContents
Boot
bootstat.dat
Branding
CbsTemp
Containers
CSC
Cursors
debug
DfsrAdmin.exe
DfsrAdmin.exe.config
diagnostics
DigitalLocker
Downloaded Program Files
drivers
DtcInstall.log
ELAMBKUP
en-US
explorer.exe
Fonts
Globalization
Help
HelpPane.exe
hh.exe
IdentityCRL
IME
ImmersiveControlPanel
INF
InputMethod
Installer
L2Schemas
LiveKernelReports
Logs
lsasetup.log
media
mib.bin
Microsoft.NET
Migration
ModemLogs
notepad.exe
OCR
OEM
Offline Web Pages
Panther
Performance
PFRO.log
PLA
PolicyDefinitions
Prefetch
PrintDialog
Provisioning
regedit.exe
Registration
RemotePackages
rescache
Resources
SchCache
schemas
security
ServerDataCenter.xml
ServiceProfiles
ServiceState
servicing
Setup
ShellComponents
ShellExperiences
SKB
SoftwareDistribution
Speech
Speech_OneCore
splwow64.exe
129
System
system.ini
System32
SystemApps
SystemResources
SystemTemp
SysWOW64
TAPI
Tasks
Temp
TextInput
tracing
twain_32
twain_32.dll
10398 - Microsoft Windows SMB LsaQueryInformationPolicy Function NULL Session Domain SID
Enumeration
Synopsis
It was possible to obtain the domain SID.
Description
By emulating the call to LsaQueryInformationPolicy(), it was possible to obtain the domain SID (Security Identifier).
The domain SID can then be used to get the list of users of the domain.
Solution
N/A
Risk Factor
None
Exploitable with
Metasploit, CANVAS, Core Impact
Plugin Information:
Publication date: 2000/05/09, Modification date: 2023/02/28
Ports
lkazbackupresto (TCP/445) Vulnerability State: Active
The remote domain SID value is :\n1-5-21-2016934633-2723708669-2290440068
130
This plugin implements the SvcOpenSCManager() and SvcEnumServices() calls to obtain, using the SMB protocol,
the list of active and inactive services of the remote host.
An attacker may use this feature to gain better knowledge of the remote host.
Solution
To prevent the listing of the services from being obtained, you should either have tight login restrictions, so that only
trusted users can access your host, and/or you should filter incoming traffic to this port.
Risk Factor
None
References
XREF IAVT-0001-T-0751
Exploitable with
Metasploit, CANVAS, Core Impact
Plugin Information:
Publication date: 2000/07/03, Modification date: 2022/02/01
Ports
lkazbackupresto (TCP/445) Vulnerability State: Active
Active Services :
131
RdAgent [ RdAgent ]
Remote Registry [ RemoteRegistry ]
RPC Endpoint Mapper [ RpcEptMapper ]
Remote Procedure Call (RPC) [ RpcSs ]
Special Administration Console Helper [ sacsvr ]
Security Accounts Manager [ SamSs ]
Task Scheduler [ Schedule ]
Windows Security Service [ SecurityHealthService [...]
132
Object UUID : 9a81c2bd-a525-471d-a4ed-49907c0b23da
UUID : 0b1c2170-5732-4e0e-8cd3-d9b16f3b84d7, version 0.0
Description : Unknown RPC service
Annotation : RemoteAccessCheck
Type : Remote RPC service
Named pipe : \pipe\lsass
Netbios name : \\LKAZBACKUPRESTO
Object [...]
133
Object UUID : 9a81c2bd-a525-471d-a4ed-49907c0b23da
UUID : 0b1c2170-5732-4e0e-8cd3-d9b16f3b84d7, version 0.0
Description : Unknown RPC service
Annotation : RemoteAccessCheck
Type : Remote RPC service
TCP Port : 49668
IP : 192.168.33.8
134
Type : Local RPC service
Named pipe : WindowsShutdown
135
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : ae33069b-a2a8-46ee-a235-ddfd339be281, version 1.0
Description : Unknown RPC service
Type : Remote RPC service
TCP Port : 49669
IP : 192.168.33.8
136
Publication date: 2001/10/17, Modification date: 2021/09/20
Ports
lkazbackupresto (TCP/445) Vulnerability State: Active
Nessus was able to obtain the following information about the host, by
parsing the SMB2 Protocol's NTLM SSP message:
1-5-21-1965139271-2296524897-3907604036
137
Ports
lkazbackupresto (TCP/0) Vulnerability State: Active
- DefaultAccount
- Guest
- WDAGUtilityAccount
- DefaultAccount
- Guest
138
Ports
lkazbackupresto (TCP/0) Vulnerability State: Active
- DefaultAccount
- Guest
- WDAGUtilityAccount
- Honeuser
139
Ports
lkazbackupresto (TCP/445) Vulnerability State: Active
- LKAZBackupResto\azadmin (User)
- ADL\Domain Admins (Group)
140
Metasploit, CANVAS, Core Impact
Plugin Information:
Publication date: 2002/04/20, Modification date: 2023/08/21
Ports
lkazbackupresto (TCP/3389) Vulnerability State: Active
11011 - Microsoft Windows SMB Service Detection
Synopsis
A file / print sharing service is listening on the remote host.
Description
The remote service understands the CIFS (Common Internet File System) or Server Message Block (SMB) protocol,
used to provide shared access to files, printers, etc between nodes on a network.
Solution
N/A
Risk Factor
None
Exploitable with
Metasploit, CANVAS, Core Impact
Plugin Information:
Publication date: 2002/06/05, Modification date: 2021/02/11
Ports
lkazbackupresto (TCP/139) Vulnerability State: Active
http://www.nessus.org/u?fe16cea8
https://technet.microsoft.com/en-us/library/cc957390.aspx
Solution
Consult Microsoft documentation and best practices.
Risk Factor
None
Exploitable with
Metasploit, CANVAS, Core Impact
Plugin Information:
Publication date: 2003/03/24, Modification date: 2018/06/05
141
Ports
lkazbackupresto (TCP/445) Vulnerability State: Active
11936 - OS Identification
Synopsis
It is possible to guess the remote operating system.
Description
Using a combination of remote probes (e.g., TCP/IP, SMB, HTTP, NTP, SNMP, etc.), it is possible to guess the name
of the remote operating system in use. It is also possible sometimes to guess the version of the operating system.
Solution
N/A
Risk Factor
None
Exploitable with
Metasploit, CANVAS, Core Impact
Plugin Information:
Publication date: 2003/12/09, Modification date: 2023/11/08
Ports
lkazbackupresto (TCP/0) Vulnerability State: Active
Remote operating system : Microsoft Windows Server 2019 Datacenter Build 17763
Confidence level : 100
Method : SMB_OS
Not all fingerprints could give a match. If you think some or all of
the following could be used to identify the host's operating system,
please email them to os-signatures@nessus.org. Be sure to include a
brief description of the host itself, such as the actual operating
system or product / model names.
HTTP:Server: Microsoft-HTTPAPI/2.0
SinFP:!:
P1:B11113:F0x12:W65392:O0204ffff:M1410:
P2:B11113:F0x12:W65535:O0204ffff0103030801010402:M1410:
P3:B00000:F0x00:W0:O0:M0
P4:190704_7_p=49669
SSLcert:!:i/CN:LKAZBackupResto.adl.locals/CN:LKAZBackupResto.adl.local
7c0126e826ba29ee4ee8cead0542fcf1d40da575
The remote host is running Microsoft Windows Server 2019 Datacenter Build 17763
142
Publication date: 2004/02/11, Modification date: 2017/04/14
Ports
lkazbackupresto (TCP/0) Vulnerability State: Active
https://www.tenable.com/blog/auditing-anti-virus-products-with-nessus
Solution
N/A
Risk Factor
None
Exploitable with
Metasploit, CANVAS, Core Impact
Plugin Information:
Publication date: 2005/01/18, Modification date: 2023/10/05
Ports
lkazbackupresto (TCP/445) Vulnerability State: Active
Forefront_Endpoint_Protection :
143
lkazbackupresto (TCP/445) Vulnerability State: Active
The following password policy is defined on the remote host:
144
Display superseded patches : yes (supersedence plugin launched)
CGI scanning : enabled
Web application tests : disabled
Max hosts : 100
Max checks : 5
Recv timeout : 5
Backports : None
Allow post-scan editing : Yes
Nessus Plugin Signature Checking : Enabled
Audit File Signature Checking : Disabled
Scan Start Date : 2024/1/17 5:27 EST
Scan duration : 2012 sec
Scan for malware : no
http://www.nessus.org/u?e17ffced
Solution
145
N/A
Risk Factor
None
Exploitable with
Metasploit, CANVAS, Core Impact
Plugin Information:
Publication date: 2006/06/05, Modification date: 2023/07/10
Ports
lkazbackupresto (TCP/3389) Vulnerability State: Active
146
None
Exploitable with
Metasploit, CANVAS, Core Impact
Plugin Information:
Publication date: 2007/08/19, Modification date: 2023/07/10
Ports
lkazbackupresto (TCP/5985) Vulnerability State: Active
A web server is running on this port.
Here is a list of office files which have been found on the remote SMB
shares :
+ C$ :
- C:\Windows\System32\MSDRM\MsoIrmProtector.doc
- C:\Windows\SysWOW64\MSDRM\MsoIrmProtector.doc
- C:\Windows\WinSxS\amd64_microsoft-windows-r..t-office-
protectors_31bf3856ad364e35_10.0.17763.1697_none_5b402724c75d80d6\MsoIrmProtector.doc
- C:\Windows\WinSxS\wow64_microsoft-windows-r..t-office-
protectors_31bf3856ad364e35_10.0.17763.1697_none_6594d176fbbe42d1\MsoIrmProtector.doc
- C:\Windows\System32\MSDRM\MsoIrmProtector.ppt
- C:\Windows\SysWOW64\MSDRM\MsoIrmProtector.ppt
- C:\Windows\WinSxS\amd64_microsoft-windows-r..t-office-
protectors_31bf3856ad364e35_10.0.17763.1697_none_5b402724c75d80d6\MsoIrmProtector.ppt
- C:\Windows\WinSxS\wow64_microsoft-windows-r..t-office-
protectors_31bf3856ad364e35_10.0.17763.1697_none_6594d176fbbe42d1\MsoIrmProtector.ppt
- C:\Windows\System32\MSDRM\MsoIrmProtector.xls
- C:\Windows\SysWOW64\MSDRM\MsoIrmProtector.xls
- C:\Windows\WinSxS\amd64_microsoft-windows-r..t-office-
protectors_31bf3856ad364e35_10.0.17763.1697_none_5b402724c75d80d6\MsoIrmProtector.xls
- C:\Windows\WinSxS\wow64_microsoft-windows-r..t-office-
protectors_31bf3856ad364e35_10.0.17763.1697_none_6594d176fbbe42d1\MsoIrmProtector.xls
147
This test gives some information about the remote HTTP protocol - the version used, whether HTTP Keep-Alive and
HTTP pipelining are enabled, etc...
This test is informational only and does not denote any security problem.
Solution
N/A
Risk Factor
None
Exploitable with
Metasploit, CANVAS, Core Impact
Plugin Information:
Publication date: 2007/01/30, Modification date: 2019/11/22
Ports
lkazbackupresto (TCP/47001) Vulnerability State: Active
Response Body :
Response Body :
148
N/A
Risk Factor
None
Exploitable with
Metasploit, CANVAS, Core Impact
Plugin Information:
Publication date: 2007/02/03, Modification date: 2024/01/16
Ports
lkazbackupresto (TCP/445) Vulnerability State: Active
The remote host returned the following caption from Win32_OperatingSystem:
149
Nessus was able, via WMI queries, to extract a list of network interfaces on the remote host and the IP addresses
attached to them.
Note that this plugin only enumerates IPv6 addresses for systems running Windows Vista or later.
See Also
http://www.nessus.org/u?b362cab2
Solution
N/A
Risk Factor
None
Exploitable with
Metasploit, CANVAS, Core Impact
Plugin Information:
Publication date: 2007/02/03, Modification date: 2024/01/16
Ports
lkazbackupresto (TCP/0) Vulnerability State: Active
+ Network Interface Information :
+ Routing Information :
150
https://www.dmtf.org/standards/ws-man
https://en.wikipedia.org/wiki/WS-Management
Solution
Limit incoming traffic to this port if desired.
Risk Factor
None
Exploitable with
Metasploit, CANVAS, Core Impact
Plugin Information:
Publication date: 2008/06/11, Modification date: 2021/05/19
Ports
lkazbackupresto (TCP/5985) Vulnerability State: Active
Note that Nessus only looked in the registry for evidence of Google
Chrome. If there are multiple users on this host, you may wish to
enable the 'Perform thorough tests' setting and re-scan. This will
cause Nessus to scan each local user's directory for installs.
151
Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.
See Also
https://en.wikipedia.org/wiki/Netstat
Solution
N/A
Risk Factor
None
Exploitable with
Metasploit, CANVAS, Core Impact
Plugin Information:
Publication date: 2008/09/16, Modification date: 2024/01/16
Ports
lkazbackupresto (TCP/49666) Vulnerability State: Active
Port 49666/tcp was found to be open
152
Port 49668/tcp was found to be open
This process 'DPMRA.exe' (pid 6272) is hosting the following Windows services :
DPMRA (DPMRA)
153
The Win32 process 'System' is listening on this port (pid 4).
This process 'svchost.exe' (pid 2912) is hosting the following Windows services :
Winmgmt (@%Systemroot%\system32\wbem\wmisvc.dll,-205)
This process 'lsass.exe' (pid 988) is hosting the following Windows services :
KeyIso (@keyiso.dll,-100)
Netlogon (@%SystemRoot%\System32\netlogon.dll,-102)
SamSs (@%SystemRoot%\system32\samsrv.dll,-1)
This process 'svchost.exe' (pid 1384) is hosting the following Windows services :
TermService (@%SystemRoot%\System32\termsrv.dll,-268)
This process 'svchost.exe' (pid 2148) is hosting the following Windows services :
Schedule (@%SystemRoot%\system32\schedsvc.dll,-100)
This process 'svchost.exe' (pid 2848) is hosting the following Windows services :
IKEEXT (@%SystemRoot%\system32\ikeext.dll,-501)
This process 'svchost.exe' (pid 2840) is hosting the following Windows services :
PolicyAgent (@%SystemRoot%\System32\polstore.dll,-5010)
This process 'DPMRA.exe' (pid 6272) is hosting the following Windows services :
DPMRA (DPMRA)
154
The Win32 process 'System' is listening on this port (pid 4).
This process 'vmms.exe' (pid 3496) is hosting the following Windows services :
vmms (@%systemroot%\system32\vmms.exe,-10)
This process 'lsass.exe' (pid 988) is hosting the following Windows services :
KeyIso (@keyiso.dll,-100)
Netlogon (@%SystemRoot%\System32\netlogon.dll,-102)
SamSs (@%SystemRoot%\system32\samsrv.dll,-1)
This process 'svchost.exe' (pid 2828) is hosting the following Windows services :
SessionEnv (@%SystemRoot%\System32\SessEnv.dll,-1026)
This process 'spoolsv.exe' (pid 2996) is hosting the following Windows services :
Spooler (@%systemroot%\system32\spoolsv.exe,-1)
This process 'svchost.exe' (pid 1740) is hosting the following Windows services :
EventLog (@%SystemRoot%\system32\wevtsvc.dll,-200)
This process 'svchost.exe' (pid 1384) is hosting the following Windows services :
TermService (@%SystemRoot%\System32\termsrv.dll,-268)
This process 'svchost.exe' (pid 1604) is hosting the following Windows services :
Dnscache (@%SystemRoot%\System32\dnsapi.dll,-101)
155
lkazbackupresto (UDP/123) Vulnerability State: Active
This process 'svchost.exe' (pid 1408) is hosting the following Windows services :
W32Time (@%SystemRoot%\system32\w32time.dll,-200)
This process 'svchost.exe' (pid 1104) is hosting the following Windows services :
RpcEptMapper (@%windir%\system32\RpcEpMap.dll,-1001)
RpcSs (@combase.dll,-5010)
This process 'svchost.exe' (pid 2848) is hosting the following Windows services :
IKEEXT (@%SystemRoot%\system32\ikeext.dll,-501)
http://www.nessus.org/u?794673b4
Solution
N/A
Risk Factor
None
Exploitable with
Metasploit, CANVAS, Core Impact
Plugin Information:
Publication date: 2009/02/19, Modification date: 2020/05/13
Ports
lkazbackupresto (TCP/0) Vulnerability State: Active
156
The remote host is missing several Microsoft security patches.
Description
This plugin summarizes updates for Microsoft Security Bulletins or Knowledge Base (KB) security updates that have
not been installed on the remote Windows host based on the results of either a credentialed check using the supplied
credentials or a check done using a supported third-party patch management tool.
Note the results of missing patches also include superseded patches.
Review the summary and apply any missing updates in order to be up to date.
Solution
Run Windows Update on the remote host or use a patch management solution.
Risk Factor
None
Exploitable with
Metasploit, CANVAS, Core Impact
Plugin Information:
Publication date: 2009/04/24, Modification date: 2019/06/13
Ports
lkazbackupresto (TCP/445) Vulnerability State: Active
The patches for the following bulletins or KBs are missing on the remote host :
- KB5031984 ( https://support.microsoft.com/en-us/help/5031984 )
- KB5032196 ( https://support.microsoft.com/en-us/help/5032196 )
- KB5033371 ( https://support.microsoft.com/en-us/help/5033371 )
- KB5033904 ( https://support.microsoft.com/en-us/help/5033904 )
- KB5034127 ( https://support.microsoft.com/en-us/help/5034127 )
157
The remote host supports the use of SSL ciphers that offer medium strength encryption. Nessus regards medium
strength as any encryption that uses key lengths at least 64 bits and less than 112 bits, or else that uses the 3DES
encryption suite.
Note that it is considerably easier to circumvent medium strength encryption if the attacker is on the same physical
network.
See Also
https://www.openssl.org/blog/blog/2016/08/24/sweet32/
https://sweet32.info
Solution
Reconfigure the affected application if possible to avoid use of medium strength ciphers.
Risk Factor
Medium
Vulnerability Priority Rating (VPR)
6.1
CVSS v3.0 Base Score
7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
CVSS Base Score
5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)
References
CVE CVE-2016-2183
Exploitable with
Metasploit, CANVAS, Core Impact
Plugin Information:
Publication date: 2009/11/23, Modification date: 2021/02/03
Ports
lkazbackupresto (TCP/3389) Vulnerability State: Active
Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)
{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
42897 - SMB Registry : Start the Registry Service during the scan (WMI)
Synopsis
The registry service was enabled for the duration of the scan.
Description
To perform a full credentialed scan, Nessus needs the ability to connect to the remote registry service
(RemoteRegistry). If the service is down, this plugin will attempt to start for the duration of the scan.
For this plugin to work, you need to select the option 'Start the Remote Registry service during the scan' on the
credentials page when you add your Windows credentials.
Solution
158
N/A
Risk Factor
None
Exploitable with
Metasploit, CANVAS, Core Impact
Plugin Information:
Publication date: 2009/11/25, Modification date: 2024/01/16
Ports
lkazbackupresto (TCP/0) Vulnerability State: Active
The registry service was successfully started for the duration of the scan.
42898 - SMB Registry : Stop the Registry Service after the scan (WMI)
Synopsis
The registry service was stopped after the scan.
Description
To perform a full credentialed scan, Nessus needs the ability to connect to the remote registry service
(RemoteRegistry). If the service is down and if Nessus automatically enabled the registry for the duration of the scan,
this plugins will stop it afterwards.
Solution
N/A
Risk Factor
None
Exploitable with
Metasploit, CANVAS, Core Impact
Plugin Information:
Publication date: 2009/11/25, Modification date: 2024/01/16
Ports
lkazbackupresto (TCP/0) Vulnerability State: Active
159
- 192.168.33.8
- 169.254.206.161
160
CryptSvc startup parameters :
Display name : Cryptographic Services
Service name : CryptSvc
Log on as : NT Authority\NetworkService
Executable path : C:\Windows\system32\svchost.exe -k NetworkService -p
Dependencies : RpcSs/
https://docs.microsoft.com/en-us/windows/desktop/WmiSdk/querying-the-status-of-optional-features
Solution
N/A
Risk Factor
None
References
XREF IAVT-0001-T-0754
Exploitable with
Metasploit, CANVAS, Core Impact
Plugin Information:
Publication date: 2010/02/24, Modification date: 2024/01/16
Ports
lkazbackupresto (TCP/0) Vulnerability State: Active
161
- WoW64 Support
- XPS Viewer
https://nvd.nist.gov/products/cpe
Solution
N/A
Risk Factor
None
Exploitable with
Metasploit, CANVAS, Core Impact
Plugin Information:
Publication date: 2010/04/21, Modification date: 2023/12/27
Ports
lkazbackupresto (TCP/0) Vulnerability State: Active
162
None
Exploitable with
Metasploit, CANVAS, Core Impact
Plugin Information:
Publication date: 2010/08/16, Modification date: 2024/01/16
Ports
lkazbackupresto (TCP/0) Vulnerability State: Active
http://www.nessus.org/u?5234ef0c
Solution
N/A
Risk Factor
None
Exploitable with
Metasploit, CANVAS, Core Impact
Plugin Information:
Publication date: 2010/08/26, Modification date: 2019/12/20
Ports
lkazbackupresto (TCP/445) Vulnerability State: Active
163
None
Exploitable with
Metasploit, CANVAS, Core Impact
Plugin Information:
Publication date: 2010/08/31, Modification date: 2022/02/01
Ports
lkazbackupresto (TCP/445) Vulnerability State: Active
Operating system version = 10.17763
Architecture = x64
Build lab extended = 17763.1.amd64fre.rs5_release.180914-1434
https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/
cc708449(v=ws.10)
https://docs.microsoft.com/en-us/previous-versions/technet-magazine/gg153542(v=msdn.10)
Solution
Verify the remote host is configured to utilize the correct WSUS server.
Risk Factor
None
Exploitable with
Metasploit, CANVAS, Core Impact
Plugin Information:
Publication date: 2010/12/01, Modification date: 2018/11/15
Ports
lkazbackupresto (TCP/445) Vulnerability State: Active
This host is configured to get updates from the following WSUS server :
http://LKWSUS.adl.local:8530
ElevateNonAdmins : undefined
TargetGroup : undefined
TargetGroupEnabled : undefined
AUOptions : 7
AutoInstallMinorUpdates : undefined
DetectionFrequency : undefined
DetectionFrequencyEnabled : undefined
NoAutoRebootWithLoggedOnUsers : undefined
NoAutoUpdate : 0
RebootRelaunchTimeout : undefined
RebootRelaunchTimeoutEnabled : undefined
RebootWarningTimeout : undefined
RebootWarningTimeoutEnabled : undefined
RescheduleWaitTime : undefined
RescheduleWaitTimeEnabled : undefined
164
ScheduledInstallDay : 0
ScheduledInstallTime : 5
+ DriveLetter D:
+ DriveLetter C:
165
- Second, the certificate chain may contain a certificate that is not valid at the time of the scan. This can occur either
when the scan occurs before one of the certificate's 'notBefore' dates, or after one of the certificate's 'notAfter' dates.
- Third, the certificate chain may contain a signature that either didn't match the certificate's information or could not
be verified. Bad signatures can be fixed by getting the certificate with the bad signature to be re-signed by its issuer.
Signatures that could not be verified are the result of the certificate's issuer using a signing algorithm that Nessus
either does not support or does not recognize.
If the remote host is a public host in production, any break in the chain makes it more difficult for users to verify the
authenticity and identity of the web server. This could make it easier to carry out man-in-the-middle attacks against the
remote host.
See Also
https://www.itu.int/rec/T-REC-X.509/en
https://en.wikipedia.org/wiki/X.509
Solution
Purchase or generate a proper SSL certificate for this service.
Risk Factor
Medium
CVSS v3.0 Base Score
6.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)
CVSS Base Score
6.4 (AV:N/AC:L/Au:N/C:P/I:P/A:N)
Exploitable with
Metasploit, CANVAS, Core Impact
Plugin Information:
Publication date: 2010/12/15, Modification date: 2020/04/27
Ports
lkazbackupresto (TCP/3389) Vulnerability State: Active
|-Subject : CN=LKAZBackupResto.adl.local
|-Issuer : CN=LKAZBackupResto.adl.local
Hostname : LKAZBACKUPRESTO
LKAZBACKUPRESTO (WMI)
166
56984 - SSL / TLS Versions Supported
Synopsis
The remote service encrypts communications.
Description
This plugin detects which SSL and TLS versions are supported by the remote service for encrypting communications.
Solution
N/A
Risk Factor
None
Exploitable with
Metasploit, CANVAS, Core Impact
Plugin Information:
Publication date: 2011/12/01, Modification date: 2023/07/10
Ports
lkazbackupresto (TCP/3389) Vulnerability State: Active
https://en.wikipedia.org/wiki/Diffie-Hellman_key_exchange
https://en.wikipedia.org/wiki/Perfect_forward_secrecy
Solution
N/A
Risk Factor
None
Exploitable with
Metasploit, CANVAS, Core Impact
Plugin Information:
Publication date: 2011/12/07, Modification date: 2021/03/09
Ports
lkazbackupresto (TCP/3389) Vulnerability State: Active
Here is the list of SSL PFS ciphers supported by the remote server :
167
ECDHE-RSA-AES128-SHA256 0xC0, 0x2F ECDH RSA AES-GCM(128)
SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x30 ECDH RSA AES-GCM(256)
SHA384
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDH RSA AES-CBC(128)
SHA1
ECDHE-RSA-AES256-SHA 0xC0, 0x14 ECDH RSA AES-CBC(256)
SHA1
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128)
SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x28 ECDH RSA AES-CBC(256)
SHA384
{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
|-Subject : CN=LKAZBackupResto.adl.local
168
http://www.nessus.org/u?df39b8b3
http://technet.microsoft.com/en-us/library/cc731957.aspx
http://www.nessus.org/u?74b80723
https://www.samba.org/samba/docs/current/man-html/smb.conf.5.html
http://www.nessus.org/u?a3cac4ea
Solution
Enforce message signing in the host's configuration. On Windows, this is found in the policy setting 'Microsoft network
server: Digitally sign communications (always)'. On Samba, the setting is called 'server signing'. See the 'see also'
links for further details.
Risk Factor
Medium
CVSS v3.0 Base Score
5.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
CVSS v3.0 Temporal Score
4.6 (E:U/RL:O/RC:C)
CVSS Base Score
5.0 (AV:N/AC:L/Au:N/C:N/I:P/A:N)
CVSS Temporal Score
3.7 (E:U/RL:OF/RC:C)
Exploitable with
Metasploit, CANVAS, Core Impact
Plugin Information:
Publication date: 2012/01/19, Modification date: 2022/10/05
Ports
lkazbackupresto (TCP/445) Vulnerability State: Active
58181 - Windows DNS Server Enumeration
Synopsis
Nessus enumerated the DNS servers being used by the remote Windows host.
Description
Nessus was able to enumerate the DNS servers configured on the remote Windows host by looking in the registry.
Solution
N/A
Risk Factor
None
Exploitable with
Metasploit, CANVAS, Core Impact
Plugin Information:
Publication date: 2012/03/01, Modification date: 2022/02/01
Ports
lkazbackupresto (TCP/445) Vulnerability State: Active
Interface: {7a2c4c62-8c76-4d03-be10-7e780bb63f76}
Network Connection : Ethernet
NameServer: 192.168.20.240,192.168.33.4,192.168.20.239
169
58452 - Microsoft Windows Startup Software Enumeration
Synopsis
It is possible to enumerate startup software.
Description
This plugin lists software that is configured to run on system startup by crawling the registry entries in :
- HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
- HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersi on\Run
Solution
Review the list of applications and remove any that are not compliant with your organization's acceptable use and
security policies.
Risk Factor
None
Exploitable with
Metasploit, CANVAS, Core Impact
Plugin Information:
Publication date: 2012/03/23, Modification date: 2022/02/01
Ports
lkazbackupresto (TCP/445) Vulnerability State: Active
SecurityHealth - %windir%\system32\SecurityHealthSystray.exe
https://technet.microsoft.com/en-us/library/cc783530.aspx
Solution
N/A
Risk Factor
None
Exploitable with
Metasploit, CANVAS, Core Impact
Plugin Information:
Publication date: 2012/07/25, Modification date: 2022/08/11
Ports
lkazbackupresto (TCP/445) Vulnerability State: Active
170
[*] Allow ACE for LKAZBackupResto\DPMRADCOMTrustedMachines
(S-1-5-21-1965139271-2296524897-3907604036-1000): 0x001f01ff
FILE_GENERIC_READ: YES
FILE_GENERIC_WRITE: YES
FILE_GENERIC_EXECUTE: YES
171
Publication date: 2012/11/28, Modification date: 2022/02/01
Ports
lkazbackupresto (TCP/445) Vulnerability State: Active
Name : \dosdevices\d:
Data : Ui
Raw data : 9055cd690000100000000000
Name : \dosdevices\c:
Data : DMIO:ID:wM"sP
Raw data : 444d494f3a49443ad2a0c677c3d5e64d81b522067350ce14
Name : \??\volume{2ed37b6d-cd1d-11ec-9620-806e6f6e6963}
Data : \??\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#000002#{53f5630d-
b6bf-11d0-94f2-00a0c91efb8b}
Raw data :
5c003f003f005c00530043005300490023004300640052006f006d002600560065006e005f004d007300660074002600500072006f006
172
Ports
lkazbackupresto (TCP/445) Vulnerability State: Active
Note that all but the final portion of the key has been obfuscated.
Issuer Name:
Serial Number: 74 3B B6 C9 C1 21 DF 87 47 8F 72 8C 5D DD 88 0A
Version: 3
173
Not Valid After: Jun 20 18:09:05 2024 GMT
174
+ Action to take : Upgrade to Google Chrome version 120.0.6099.225 or later.
175
3 : |- ctfmon.exe (9208)
0 : |- svchost.exe (1148)
0 : |- svchost.exe (1236)
0 : |- vmcompute.exe (128)
0 : |- svchost.exe (1292)
0 : |- svchost.exe (1384)
3 : |- rdpclip.exe (8852)
3 : |- rdpinput.exe (636)
0 : |- svchost.exe (1392)
0 : |- svchost.exe (1408)
0 : |- svchost.exe (1416)
0 : |- svchost.exe (1476)
0 : |- svchost.exe (1504)
0 : |- svchost.exe (1520)
0 : |- svchost.exe (1552)
0 : |- svchost.exe (1564)
0 : |- svchost.exe (1604)
0 : |- MsMpEng.exe (1652)
0 : |- svchost.exe (1740)
0 : |- svchost.exe (1764)
0 : |- svchost.exe (1780)
0 : |- svchost.exe (1792)
0 : |- svchost.exe (1816)
0 : |- svchost.exe (1856)
0 : |- svchost.exe (1864)
0 : |- svchost.exe (1880)
0 : |- svchost.exe (1928)
[...]
http://www.nessus.org/u?cc4a822a
176
https://www.openssl.org/~bodo/tls-cbc.txt
Solution
N/A
Risk Factor
None
Exploitable with
Metasploit, CANVAS, Core Impact
Plugin Information:
Publication date: 2013/10/22, Modification date: 2021/02/03
Ports
lkazbackupresto (TCP/3389) Vulnerability State: Active
Here is the list of SSL CBC ciphers supported by the remote server :
Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)
{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
177
Risk Factor
None
Exploitable with
Metasploit, CANVAS, Core Impact
Plugin Information:
Publication date: 2013/12/06, Modification date: 2024/01/16
Ports
lkazbackupresto (TCP/0) Vulnerability State: Active
Group Name : Access Control Assistance Operators
Host Name : LKAZBACKUPRESTO
Group SID : S-1-5-32-579
Members :
178
Host Name : LKAZBACKUPRESTO
Group SID : S-1-5-32-578
Members :
Version : 11.1790.17763.0
179
http://www.nessus.org/u?b6e87533
Solution
N/A
Risk Factor
None
References
XREF IAVT-0001-T-0756
Exploitable with
Metasploit, CANVAS, Core Impact
Plugin Information:
Publication date: 2014/02/06, Modification date: 2024/01/16
Ports
lkazbackupresto (TCP/0) Vulnerability State: Active
Name : azadmin
SID : S-1-5-21-1965139271-2296524897-3907604036-500
Disabled : False
Lockout : False
Change password : True
Source : Local
Name : DefaultAccount
SID : S-1-5-21-1965139271-2296524897-3907604036-503
Disabled : True
Lockout : False
Change password : True
Source : Local
Name : Guest
SID : S-1-5-21-1965139271-2296524897-3907604036-501
Disabled : True
Lockout : False
Change password : False
Source : Local
180
Name : Honeuser
SID : S-1-5-21-1965139271-2296524897-3907604036-1003
Disabled : False
Lockout : False
Change password : True
Source : Local
Name : WDAGUtilityAccount
SID : S-1-5-21-1965139271-2296524897-3907604036-504
Disabled : True
Lockout : False
Change password : True
Source : Local
No. Of Users : 5
181
Publication date: 2013/03/22, Modification date: 2024/01/16
Ports
lkazbackupresto (TCP/445) Vulnerability State: Active
Script Rules
Mode : Audit
Rule name : (Default Rule) All Script's
Description :
Rule type : FilePathRule
User/Group SID : S-1-1-0
Condition : Path="*"
Msi Rules
Mode : Audit
Rule name : (Default Rule) All Msi's
Description :
Rule type : FilePathRule
User/Group SID : S-1-1-0
Condition : Path="*"
HKLM\SOFTWARE\Policies\Microsoft\Windows\SrpV2\Msi\allowwindows : 0
HKLM\SOFTWARE\Policies\Microsoft\Windows\SrpV2\Msi\enforcementmode : 0
HKLM\SOFTWARE\Policies\Microsoft\Windows\SrpV2\Msi\668be2ac-faa0-4462-a44f-1decb7af26c8\value :
<FilePathRule Id="668be2ac-faa0-4462-a44f-1decb7af26c8" Name="(Default Rule) All Msi's"
Description="" UserOrGroupSid="S-1-1-0" Action="Allow"><Conditions><FilePathCondition Path="*"/
></Conditions></FilePathRule>
HKLM\SOFTWARE\Policies\Microsoft\Windows\SrpV2\Script\allowwindows : 0
182
HKLM\SOFTWARE\Policies\Microsoft\Windows\SrpV2\Script\enforcementmode : 0
HKLM\SOFTWARE\Policies\Microsoft\Windows\SrpV2\Script\08d31ed6-bb3d-425f-97be-50907743ba36\value :
<FilePathRule Id="08d31ed6-bb3d-425f-97be-50907743ba36" Name="(Default Rule) All Script's"
Description="" UserOrGroupSid="S-1-1-0" Action="Allow"><Conditions><FilePathCondition Path="*"/
></Conditions></FilePathRule>
HKLM\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\SrpV2\Exe\serviceenforcementmode : 1
HKLM\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\SrpV2\Exe\allowwindows : 0
HKLM\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\SrpV2\Exe\enforcementmode : 0
HKLM\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\SrpV2\Exe
\04db5032-64ac-4eb8-9808-09d5f9502c57\value : <FilePathRule
Id="04db5032-64ac-4eb8-9808-09d5f9502c57" Name="(Default Rule) All Exe's" Description=""
UserOrGroupSid="S-1-1-0" Action="Allow"><Conditions><FilePathCondition [...]
183
Nessus was able to collect the hosts file from the remote Windows host and report it as attachment.
Solution
N/A
Risk Factor
None
Exploitable with
Metasploit, CANVAS, Core Impact
Plugin Information:
Publication date: 2016/07/19, Modification date: 2020/01/27
Ports
lkazbackupresto (TCP/0) Vulnerability State: Active
Windows hosts file attached.
MD5: 3688374325b992def12793500307566d
SHA-1: 4bed0823746a2a8577ab08ac8711b79770e48274
SHA-256: 2d6bdfb341be3a6234b24742377f93aa7c7cfb0d9fd64efa9282c87852e57085
184
HKLM\SOFTWARE\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell\ExecutionPolicy : RemoteSigned
HKLM\SOFTWARE\Wow6432Node\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell\ExecutionPolicy :
RemoteSigned
185
192.168.33.10 : 12-34-56-78-9a-bc
192.168.33.11 : 12-34-56-78-9a-bc
192.168.33.255 : ff-ff-ff-ff-ff-ff
224.0.0.22 : 01-00-5e-00-00-16
224.0.0.251 : 01-00-5e-00-00-fb
224.0.0.252 : 01-00-5e-00-00-fc
239.255.255.250 : 01-00-5e-7f-ff-fa
186
92373 - Microsoft Windows SMB Sessions
Synopsis
Nessus was able to collect and report SMB session information from the remote host.
Description
Nessus was able to collect details of SMB sessions from the remote Windows host and generate a report as a CSV
attachment.
Solution
N/A
Risk Factor
None
Exploitable with
Metasploit, CANVAS, Core Impact
Plugin Information:
Publication date: 2016/07/19, Modification date: 2024/01/16
Ports
lkazbackupresto (TCP/0) Vulnerability State: Active
vaadmin
http://www.nessus.org/u?4a076105
Solution
N/A
Risk Factor
None
Exploitable with
Metasploit, CANVAS, Core Impact
Plugin Information:
Publication date: 2016/07/19, Modification date: 2018/05/23
Ports
lkazbackupresto (TCP/0) Vulnerability State: Active
Application compatibility cache report attached.
187
Solution
N/A
Risk Factor
None
Exploitable with
Metasploit, CANVAS, Core Impact
Plugin Information:
Publication date: 2016/07/19, Modification date: 2018/05/16
Ports
lkazbackupresto (TCP/0) Vulnerability State: Resurfaced
http://go.microsoft.com/fwlink/p/?LinkId=255141
http://windowsir.blogspot.com/2005/12/mystery-of-muicachesolved.html
http://www.nirsoft.net/utils/muicache_view.html
Solution
N/A
Risk Factor
None
Exploitable with
Metasploit, CANVAS, Core Impact
Plugin Information:
Publication date: 2016/07/19, Modification date: 2018/05/16
Ports
lkazbackupresto (TCP/0) Vulnerability State: Active
@%systemroot%\system32\firewallapi.dll,-3400 : COM+ Network Access
@%systemroot%\system32\bfe.dll,-1002 : The Base Filtering Engine (BFE) is a service that manages
firewall and Internet Protocol security (IPsec) policies and implements user mode filtering.
Stopping or disabling the BFE service will significantly reduce the security of the system. It
will also result in unpredictable behavior in IPsec management and firewall applications.
c:\windows\system32,@elscore.dll,-8 : Microsoft Malayalam to Latin Transliteration
@%systemroot%\system32\userdataaccessres.dll,-14000 : Provides apps access to structured user
data, including contact info, calendars, messages, and other content. If you stop or disable this
service, apps that use this data might not work correctly.
@%systemroot%\system32\tieringengineservice.exe,-701 : Optimizes the placement of data in storage
tiers on all tiered storage spaces in the system.
@%systemroot%\system32\cscsvc.dll,-201 : The Offline Files service performs maintenance activities
on the Offline Files cache, responds to user logon and logoff events, implements the internals of
the public API, and dispatches interesting events to those interested in Offline Files activities
and changes in cache state.
@%systemroot%\system32\wevtsvc.dll,-201 : This service manages events and event logs. It supports
logging events, querying events, subscribing to events, archiving event logs, and managing event
metadata. It can display events in both XML and plain text format. Stopping this service may
compromise security and reliability of the system.
@%systemroot%\system32\sysmain.dll,-1001 : Maintains and improves system performance over time.
@%systemroot%\system32\wecsvc.dll,-201 : This service manages persistent subscriptions to events
from remote sources that support WS-Management protocol. This includes Windows Vista event logs,
188
hardware and IPMI-enabled event sources. The service stores forwarded events in a local Event
Log. If this service is stopped or disabled event subscriptions cannot be [...]
189
- history : C:\Users\Honeuser\AppData\Local\Microsoft\Windows\History
- {4c5c32ff-bb9d-43b0-b5b4-2d72e54eaaa4} : C:\Users\Honeuser\Saved Games
- {00bcfc5a-ed94-4e48-96a1-3f6217f21990} : C:\Users\Honeuser\AppData\Local\Microsoft\Windows
\RoamingTiles
- !do not use this registry key : Use the SHGetFolderPath or SHGetKnownFolderPath function
instead
- local appdata : C:\Users\Honeuser\AppData\Local
- my pictures : C:\Users\Honeuser\Pictures
- templates : C:\Users\Honeuser\AppData\Roaming\Microsoft\Windows\Templates
- printhood : C:\Users\Honeuser\AppData\Roaming\Microsoft\Windows\Printer Shortcuts
- cache : C:\Users\Honeuser\AppData\Local\Microsoft\Windows\INetCache
- desktop : C:\Users\Honeuser\Desktop
- programs : C:\Users\Honeuser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs
- fonts : [...]
190
Publication date: 2016/07/19, Modification date: 2018/05/16
Ports
lkazbackupresto (TCP/0) Vulnerability State: Active
C:\\Users\Ashan_105704a\Downloads\desktop.ini
C:\\Users\Atheeq_106273a\Downloads\desktop.ini
C:\\Users\azadmin\Downloads\desktop.ini
C:\\Users\azadmin.ADL\Downloads\desktop.ini
C:\\Users\Honeuser\Downloads\desktop.ini
C:\\Users\Madhawa_105798a\Downloads\desktop.ini
C:\\Users\Public\Downloads\desktop.ini
C:\\Users\Thilaksha_106310a\Downloads\desktop.ini
C:\\Users\Thilaksha_106310a\Downloads\dotnet-sdk-6.0.417-win-x64.exe
191
This plugin enumerates installed Microsoft security rollups.
Description
Nessus was able to enumerate the Microsoft security rollups installed on the remote Windows host.
See Also
http://www.nessus.org/u?b23205aa
Solution
N/A
Risk Factor
None
Exploitable with
Metasploit, CANVAS, Core Impact
Plugin Information:
Publication date: 2016/10/11, Modification date: 2023/06/26
Ports
lkazbackupresto (TCP/445) Vulnerability State: Active
192
Cumulative Rollup : 10_2019
Cumulative Rollup : 09_2019
Cumulative Rollup : 08_2019
Cumulative Rollup : 07_2019
Cumulative Rollup : 06_2019
Cumulative Rollup : 05_2019
Cumulative Rollup : 04_2019
Cumulative Rollup : 03_2019
Cumulative Rollup : 02_2019
Cumulative Rollup : 01_2019
Cumulative Rollup : 12_2018
Cumulative Rollup : 11_2018
Cumulative Rollup : 10_2018
User : Ashan_105704a
|- Browser : Chrome
|- Add-on information :
193
Version : 1.60.0
Update Date : Mar. 30, 2023 at 15:51:32 GMT
Path : C:\Users\Ashan_105704a\AppData\Local\Google\Chrome\User Data\Default\Extensions
\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.60.0_0
User : Atheeq_106273a
|- Browser : Chrome
|- Add-on information :
Path : C:\Windows\Microsoft.NET\Framework\v4.0.30319\diasymreader.dll
Version : 14.7.4063.0
.NET Version : 4.7.2
Associated KB : 5029931
Latest effective update level : 09_2023
194
N/A
Risk Factor
None
Exploitable with
Metasploit, CANVAS, Core Impact
Plugin Information:
Publication date: 2017/06/19, Modification date: 2019/11/22
Ports
lkazbackupresto (TCP/445) Vulnerability State: Active
195
Network Adapter Driver Description : Mellanox ConnectX-4 Lx Virtual Ethernet Adapter
Network Adapter Driver Version : 2.70.24728.0
106716 - Microsoft Windows SMB2 and SMB3 Dialects Supported (remote check)
Synopsis
It was possible to obtain information about the dialects of SMB2 and SMB3 available on the remote host.
Description
Nessus was able to obtain the set of SMB2 and SMB3 dialects running on the remote host by sending an
authentication request to port 139 or 445.
Solution
N/A
Risk Factor
None
Exploitable with
Metasploit, CANVAS, Core Impact
Plugin Information:
Publication date: 2018/02/09, Modification date: 2020/03/11
Ports
196
lkazbackupresto (TCP/445) Vulnerability State: Active
The remote host does NOT support the following SMB dialects :
_version_ _introduced in windows version_
2.2.2 Windows 8 Beta
2.2.4 Windows 8 Beta
3.1 Windows 10
Nessus was able to log into the remote host with no privilege or access
problems via the following :
User: 'adl\vaadmin'
Port: 445
Proto: SMB
Method: password
197
Synopsis
Windows Defender Advanced Threat Protection is installed on the remote Windows host.
Description
Windows Defender Advanced Threat Protection, a unified platform for preventative protection, post-breach detection,
automated investigation, and response, is installed on the remote Windows host.
See Also
http://www.nessus.org/u?a7391db8
Solution
N/A
Risk Factor
None
Exploitable with
Metasploit, CANVAS, Core Impact
Plugin Information:
Publication date: 2018/09/05, Modification date: 2024/01/16
Ports
lkazbackupresto (TCP/445) Vulnerability State: Active
Account : adl\vaadmin
Protocol : SMB
198
The remote service accepts connections encrypted using TLS 1.1.
TLS 1.1 lacks support for current and recommended cipher suites.
Ciphers that support encryption before MAC computation, and authenticated encryption modes such as GCM cannot
be used with TLS 1.1
As of March 31, 2020, Endpoints that are not enabled for TLS 1.2 and higher will no longer function properly with
major web browsers and major vendors.
See Also
https://tools.ietf.org/html/draft-ietf-tls-oldversions-deprecate-00
http://www.nessus.org/u?c8ae820d
Solution
Enable support for TLS 1.2 and/or 1.3, and disable support for TLS 1.1.
Risk Factor
None
References
XREF CWE-327
Exploitable with
Metasploit, CANVAS, Core Impact
Plugin Information:
Publication date: 2019/01/08, Modification date: 2023/04/19
Ports
lkazbackupresto (TCP/3389) Vulnerability State: Active
TLSv1.1 is enabled and the server supports at least one cipher.
199
Windows Defender, an antivirus component of Microsoft Windows is installed on the remote Windows host.
See Also
https://www.microsoft.com/en-us/windows/comprehensive-security
Solution
N/A
Risk Factor
None
Exploitable with
Metasploit, CANVAS, Core Impact
Plugin Information:
Publication date: 2019/11/15, Modification date: 2024/01/16
Ports
lkazbackupresto (TCP/0) Vulnerability State: Active
http://www.nessus.org/u?6a005ed4
Solution
Apply vendor recommended settings.
Risk Factor
Medium
Vulnerability Priority Rating (VPR)
8.4
CVSS v3.0 Base Score
6.5 (AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N)
CVSS v3.0 Temporal Score
6.2 (E:H/RL:O/RC:C)
CVSS Base Score
200
5.4 (AV:L/AC:M/Au:N/C:C/I:P/A:N)
CVSS Temporal Score
4.7 (E:H/RL:OF/RC:C)
References
CVE CVE-2019-11135
CVE CVE-2018-3646
CVE CVE-2018-3639
CVE CVE-2018-3620
CVE CVE-2018-3615
CVE CVE-2018-12130
CVE CVE-2018-12127
CVE CVE-2018-12126
CVE CVE-2017-5754
CVE CVE-2017-5753
CVE CVE-2017-5715
BID 108330
BID 105080
BID 104232
BID 102378
BID 102371
Exploitable with
Metasploit, CANVAS, Core Impact
Plugin Information:
Publication date: 2019/12/18, Modification date: 2023/09/25
Ports
lkazbackupresto (TCP/445) Vulnerability State: Active
Current Settings:
- SOFTWARE\Microsoft\Windows NT\CurrentVersion\Virtualization\
MinVmVersionForCpuBasedMitigations: Not Set
- SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\
FeatureSettingsOverrideMask: Not Set
- SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\
FeatureSettingsOverride: Not Set
-----------------------------------
Recommended Settings 1:
- SOFTWARE\Microsoft\Windows NT\CurrentVersion\Virtualization\
MinVmVersionForCpuBasedMitigations: 1.0
- SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\
FeatureSettingsOverrideMask: 0x00000003 (3)
- SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\
FeatureSettingsOverride: 0x00000048 (72)
CVEs Covered:
CVE-2017-5715, CVE-2017-5753, CVE-2017-5754, CVE-2018-3615, CVE-2018-3620,
CVE-2018-3639, CVE-2018-3646, CVE-2018-11091, CVE-2018-12126, CVE-2018-12127,
CVE-2018-12130, CVE-2019-11135
201
Note: Hyper-Threading enabled.
-----------------------------------
Recommended Settings 2:
- SOFTWARE\Microsoft\Windows NT\CurrentVersion\Virtualization\
MinVmVersionForCpuBasedMitigations: 1.0
- SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\
FeatureSettingsOverrideMask: 0x00000003 (3)
- SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\
FeatureSettingsOverride: 0x00002048 (8264)
CVEs Covered:
CVE-2017-5715, CVE-2017-5753, CVE-2017-5754, CVE-2018-3615, CVE-2018-3620,
CVE-2018-3639, CVE-2018-3646, CVE-2018-11091, CVE-2018-12126, CVE-2018-12127,
CVE-2018-12130, CVE-2019-11135
Note: Hyper-Threading disabled.
202
Package : Microsoft-Windows-FodMetadata-Package~31bf3856ad364e35~amd64~~10.0.17763.1
State : Installed
Release Type : Feature Pack
Install Time : 9/15/2018 9:08 AM
Package : Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~10.0.17763.1
State : Installed
Release Type : Foundation
Install Time : 9/15/2018 7:21 AM
Package : Microsoft-Windows-InternetExplorer-Optional-
Package~31bf3856ad364e35~amd64~~11.0.17763.1
State : Installed
Release Type : OnDemand Pack
Install Time : 9/15/2018 9:07 AM
Package : Microsoft-Windows-LanguageFeatures-Basic-en-us-
Package~31bf3856ad364e35~amd64~~10.0.17763.1
State : Installed
Release Type : OnDemand Pack
Install Time : 9/15/2018 9:08 AM
Package : Microsoft-Windows-LanguageFeatures-Handwriting-en-us-
Package~31bf3856ad364e35~amd64~~10.0.17763.1
State : Installed
Release Type : OnDemand Pack
Install Time : 9/15/2018 9:08 AM
Package : Microsoft-Windows-LanguageFeatures-OCR-en-us-
Package~31bf3856ad364e35~amd64~~10.0.17763.1
State : Installed
Release Type : OnDemand Pack
Install Time : 9/15/2018 9:08 AM
Package : Microsoft-Windows-LanguageFeatures-Speech-en-us-
Package~31bf3856ad364e35~amd64~~10.0.17763.1
State : Installed
Release Type : OnDemand Pack
Install Time : 9/15/2018 9:08 AM
Package : Microsoft-Windows-LanguageFeatures-TextToSpeech-en-us-
Package~31bf3856ad364e35~amd64~~10.0.17763.1
State : Installed
Release Type : OnDemand Pack
Install Time : 9/15/2018 9:08 AM
Package : Microsoft-Windows-MediaPlayer-Package~31bf3856ad364e35~amd64~~10.0.17763.1
State : Installed
Release Type : OnDemand Pack
Install Time : 9/15/2018 9:08 AM
Package : Microsoft-Windows-Security-SPP-Component-SKU-ServerDatacenter-GVLK-
Package~31bf3856ad364e35~amd64~~10.0.17763.1
State : Installed
Release Type : Feature Pack
Install Time : 9/15/2018 9:11 AM
Package : [...]
203
- This plugin reports per protocol, so it is possible for valid credentials to be provided for one protocol and not another.
For example, authentication may succeed via SSH but fail via SMB, while no credentials were provided for an
available SNMP service.
- Providing valid credentials for all available authentication protocols may improve scan coverage, but the value of
successful authentication for a given protocol may vary from target to target depending upon what data (if any) is
gathered from the target via that protocol. For example, successful authentication via SSH is more valuable for Linux
targets than for Windows targets, and likewise successful authentication via SMB is more valuable for Windows
targets than for Linux targets.
Solution
N/A
Risk Factor
None
Exploitable with
Metasploit, CANVAS, Core Impact
Plugin Information:
Publication date: 2020/10/15, Modification date: 2021/07/26
Ports
lkazbackupresto (TCP/445) Vulnerability State: Resurfaced
Nessus was able to log in to the remote host via the following :
User: 'adl\vaadmin'
Port: 445
Proto: SMB
Method: password
204
http://www.nessus.org/u?8fc5df24
Solution
N/A
Risk Factor
None
Exploitable with
Metasploit, CANVAS, Core Impact
Plugin Information:
Publication date: 2021/07/07, Modification date: 2021/07/07
Ports
lkazbackupresto (TCP/445) Vulnerability State: Active
The Microsoft Windows Print Spooler service on the remote host is enabled.
Path : C:\Windows\System32\DriverStore\FileRepository
\ntprint.inf_amd64_2121e11a60e09843\Amd64\mxdwdrv.dll
Version : 10.0.17763.1
Supported Platform : Windows x64
Path : C:\Windows\System32\DriverStore\FileRepository
\ntprint.inf_amd64_2121e11a60e09843\Amd64\mxdwdrv.dll
Version : 10.0.17763.1192
Supported Platform : Windows x64
Nessus detected 2 installs of Microsoft enhanced Point and Print compatibility driver:
Path : C:\Windows\system32\spool\DRIVERS\x64\3\mxdwdrv.dll
Version : 10.0.17763.3532
Supported Platform : Windows x64
Path : C:\Windows\system32\spool\DRIVERS\W32X86\3\mxdwdrv.dll
Version : 10.0.17763.3532
Supported Platform : Windows NT x86
205
--- Microsoft Print To PDF ---
Path : C:\Windows\System32\DriverStore\FileRepository
\ntprint.inf_amd64_2121e11a60e09843\Amd64\mxdwdrv.dll
Version : 10.0.17763.1
Supported Platform : Windows x64
Path : C:\Windows\system32\spool\DRIVERS\x64\3\FXSDRV.DLL
Version : 10.0.17763.4720
Supported Platform : Windows x64
Path : C:\Windows\system32\spool\DRIVERS\x64\3\mxdwdrv.dll
Version : 10.0.17763.973
Supported Platform : Windows x64
https://ssl-config.mozilla.org/
Solution
Only enable support for recommened cipher suites.
Risk Factor
None
Exploitable with
Metasploit, CANVAS, Core Impact
Plugin Information:
Publication date: 2022/01/20, Modification date: 2023/07/10
Ports
lkazbackupresto (TCP/3389) Vulnerability State: Active
The remote host has listening SSL/TLS ports which advertise the discouraged cipher suites outlined
below:
Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)
206
---------------------- ---------- --- ---- ---------------------
---
DES-CBC3-SHA 0x00, 0x0A RSA RSA 3DES-CBC(168)
SHA1
{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
http://www.nessus.org/u?c8ae820d
Solution
Enable support for TLS 1.2 and/or 1.3, and disable support for TLS 1.1.
Risk Factor
Medium
CVSS v3.0 Base Score
6.5 (AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N)
CVSS Base Score
6.1 (AV:N/AC:H/Au:N/C:C/I:P/A:N)
References
207
XREF CWE-327
Exploitable with
Metasploit, CANVAS, Core Impact
Plugin Information:
Publication date: 2022/04/04, Modification date: 2023/04/19
Ports
lkazbackupresto (TCP/3389) Vulnerability State: Active
TLSv1.1 is enabled and the server supports at least one cipher.
208
Plugin Information:
Publication date: 2022/04/28, Modification date: 2022/12/29
Ports
lkazbackupresto (TCP/445) Vulnerability State: Active
http://www.nessus.org/u?1a4b3744
Solution
Disable SMB version 1 and block all versions of SMB at the network boundary by blocking TCP port 445 with related
protocols on UDP ports 137-138 and TCP port 139, for all boundary devices.
Risk Factor
None
Exploitable with
Metasploit, CANVAS, Core Impact
Plugin Information:
Publication date: 2022/05/04, Modification date: 2022/05/04
Ports
lkazbackupresto (TCP/445) Vulnerability State: Resurfaced
- SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters\SMB2 : Key not found.
- SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters\SMB3 : Key not found.
- SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters\SMB1 : Key not found.
161691 - The Microsoft Windows Support Diagnostic Tool (MSDT) RCE Workaround Detection
(CVE-2022-30190)
Synopsis
209
Checks for the HKEY_CLASSES_ROOT\ms-msdt registry key.
Description
The remote host has the HKEY_CLASSES_ROOT\ms-msdt registry key. This is a known exposure for
CVE-2022-30190.
Note that Nessus has not tested for CVE-2022-30190. It is only checking if the registry key exists. The
recommendation is to apply the latest patch.
See Also
http://www.nessus.org/u?440e4ba1
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30190
http://www.nessus.org/u?b9345997
Solution
Apply the latest Cumulative Update.
Risk Factor
None
Exploitable with
Metasploit, CANVAS, Core Impact
Plugin Information:
Publication date: 2022/05/31, Modification date: 2022/07/28
Ports
lkazbackupresto (TCP/445) Vulnerability State: Active
The HKEY_CLASSES_ROOT\ms-msdt registry key exists on the target. This may indicate that the target
is vulnerable to CVE-2022-30190, if the vendor patch is not applied.
210
Microsoft Internet Explorer, a web browser bundled with Microsoft Windows, is installed on the remote Windows host.
See Also
https://support.microsoft.com/products/internet-explorer
Solution
N/A
Risk Factor
None
Exploitable with
Metasploit, CANVAS, Core Impact
Plugin Information:
Publication date: 2022/06/28, Modification date: 2024/01/16
Ports
lkazbackupresto (TCP/0) Vulnerability State: Active
Path : C:\Windows\system32\mshtml.dll
Version : 11.0.17763.4974
Username: DefaultAccount
SID: S-1-5-21-1965139271-2296524897-3907604036-503
DisableCMD: Unset
Username: azadmin
SID: S-1-5-21-1965139271-2296524897-3907604036-500
DisableCMD: Unset
Username: Honeuser
SID: S-1-5-21-1965139271-2296524897-3907604036-1003
DisableCMD: Unset
Username: WDAGUtilityAccount
SID: S-1-5-21-1965139271-2296524897-3907604036-504
DisableCMD: Unset
211
Username: Guest
SID: S-1-5-21-1965139271-2296524897-3907604036-501
DisableCMD: Unset
http://www.nessus.org/u?9780b9d2
Solution
Add and enable registry value EnableCertPaddingCheck:
- HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Wintrust\Config\EnableCertPaddingCheck
Additionally, on 64 Bit OS systems, Add and enable registry value EnableCertPaddingCheck:
- HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Cryptography\Wintrust\Config
\EnableCertPaddingCheck
Risk Factor
High
Vulnerability Priority Rating (VPR)
8.9
CVSS v3.0 Base Score
7.8 (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
7.5 (E:H/RL:O/RC:C)
CVSS Base Score
7.6 (AV:N/AC:H/Au:N/C:C/I:C/A:C)
CVSS Temporal Score
6.6 (E:H/RL:OF/RC:C)
STIG Severity
II
References
CVE CVE-2013-3900
XREF CISA-KNOWN-EXPLOITED-2022/07/10
XREF IAVA-2013-A-0227
Exploitable with
Metasploit, CANVAS, Core Impact
Plugin Information:
Publication date: 2022/10/26, Modification date: 2023/12/26
Ports
lkazbackupresto (TCP/445) Vulnerability State: Active
212
Nessus detected the following potentially insecure registry key configuration:
- Software\Microsoft\Cryptography\Wintrust\Config\EnableCertPaddingCheck is not present in the
registry.
- Software\Wow6432Node\Microsoft\Cryptography\Wintrust\Config\EnableCertPaddingCheck is not
present in the registry.
C:\Windows\system32
C:\Windows
C:\Windows\System32\Wbem
C:\Windows\System32\WindowsPowerShell\v1.0\
C:\Windows\System32\OpenSSH\
C:\Program Files\Microsoft Data Protection Manager\DPM\bin\VDDK\bin\
213
Ports
lkazbackupresto (TCP/0) Vulnerability State: Active
214
None
Exploitable with
Metasploit, CANVAS, Core Impact
Plugin Information:
Publication date: 2023/02/23, Modification date: 2024/01/16
Ports
lkazbackupresto (TCP/0) Vulnerability State: Active
Path : C:\Windows\SysWOW64\curl.exe
Version : 8.0.1.0
Managed by OS : True
Path : C:\Windows\System32\curl.exe
Version : 8.0.1.0
Managed by OS : True
215
Publication date: 2023/07/10, Modification date: 2023/07/18
Ports
lkazbackupresto (TCP/445) Vulnerability State: Active
216
Metasploit, CANVAS, Core Impact
Plugin Information:
Publication date: 2023/08/18, Modification date: 2024/01/16
Ports
lkazbackupresto (TCP/135) Vulnerability State: Active
Nessus was able to extract the following cpuid: 00000
XREF IAVA-2023-A-0485-S
Exploitable with
Metasploit, CANVAS, Core Impact
Plugin Information:
Publication date: 2023/09/14, Modification date: 2023/10/12
Ports
lkazbackupresto (TCP/445) Vulnerability State: Active
Path : C:\Windows\System32\curl.exe
Installed version : 8.0.1.0
Fixed version : 8.3.0
217
Path : C:\Windows\SysWOW64\curl.exe
Installed version : 8.0.1.0
Fixed version : 8.3.0
185579 - KB5032196: Windows 10 version 1809 / Windows Server 2019 Security Update (November
2023)
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing security update 5032196. It is, therefore, affected by multiple vulnerabilities
- Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability (CVE-2023-36402)
- Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability (CVE-2023-36397)
- Microsoft Protected Extensible Authentication Protocol (PEAP) Remote Code Execution Vulnerability
(CVE-2023-36028)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.
See Also
https://support.microsoft.com/help/5032196
Solution
Apply Security Update 5032196
Risk Factor
Critical
Vulnerability Priority Rating (VPR)
9.2
CVSS v3.0 Base Score
9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
9.1 (E:F/RL:O/RC:C)
CVSS Base Score
10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score
8.3 (E:F/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2023-38545
CVE CVE-2023-38039
CVE CVE-2023-36719
CVE CVE-2023-36705
CVE CVE-2023-36428
CVE CVE-2023-36427
CVE CVE-2023-36425
CVE CVE-2023-36424
CVE CVE-2023-36423
CVE CVE-2023-36408
218
CVE CVE-2023-36405
CVE CVE-2023-36404
CVE CVE-2023-36403
CVE CVE-2023-36402
CVE CVE-2023-36401
CVE CVE-2023-36400
CVE CVE-2023-36398
CVE CVE-2023-36397
CVE CVE-2023-36395
CVE CVE-2023-36394
CVE CVE-2023-36393
CVE CVE-2023-36392
CVE CVE-2023-36047
CVE CVE-2023-36036
CVE CVE-2023-36033
CVE CVE-2023-36028
CVE CVE-2023-36025
CVE CVE-2023-36017
CVE CVE-2023-24023
XREF CISA-KNOWN-EXPLOITED-2023/12/05
XREF IAVA-2023-A-0638-S
XREF IAVA-2023-A-0636-S
XREF MSFT-MS23-5032196
XREF MSKB-5032196
Exploitable with
Metasploit, CANVAS, Core Impact
Plugin Information:
Publication date: 2023/11/14, Modification date: 2023/12/15
Ports
lkazbackupresto (TCP/445) Vulnerability State: Active
219
185887 - Security Updates for Microsoft .NET Framework (November 2023)
Synopsis
The Microsoft .NET Framework installation on the remote host is missing a security update.
Description
The Microsoft .NET Framework installation on the remote host is missing a security update. It is, therefore, affected by
multiple vulnerabilities, as follows:
- Security feature bypass in ASP.NET. An attacker can bypass the security checks that prevents an attacker from
accessing internal applications in a website. (CVE-2023-36560)
- Privilege escalation vulnerability in FTP component of .NET Framework. An attacker can inject arbitrary commands
to the FTP server. (CVE-2023-36049)
See Also
http://www.nessus.org/u?8ab9cfd4
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36049
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36560
https://support.microsoft.com/en-us/help/5031984
https://support.microsoft.com/en-us/help/5031987
https://support.microsoft.com/en-us/help/5031988
https://support.microsoft.com/en-us/help/5031989
https://support.microsoft.com/en-us/help/5032004
https://support.microsoft.com/en-us/help/5032005
https://support.microsoft.com/en-us/help/5032006
https://support.microsoft.com/en-us/help/5032007
https://support.microsoft.com/en-us/help/5032008
https://support.microsoft.com/en-us/help/5032009
https://support.microsoft.com/en-us/help/5032010
https://support.microsoft.com/en-us/help/5032011
https://support.microsoft.com/en-us/help/5032012
https://support.microsoft.com/en-us/help/5031990
https://support.microsoft.com/en-us/help/5031991
https://support.microsoft.com/en-us/help/5031993
https://support.microsoft.com/en-us/help/5031995
https://support.microsoft.com/en-us/help/5031999
https://support.microsoft.com/en-us/help/5032000
Solution
Microsoft has released security updates for Microsoft .NET Framework.
Risk Factor
Critical
Vulnerability Priority Rating (VPR)
220
7.4
CVSS v3.0 Base Score
9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
8.5 (E:U/RL:O/RC:C)
CVSS Base Score
10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score
7.4 (E:U/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2023-36560
CVE CVE-2023-36049
XREF IAVA-2023-A-0618-S
XREF MSFT-MS23-5032012
XREF MSFT-MS23-5032011
XREF MSFT-MS23-5032010
XREF MSFT-MS23-5032009
XREF MSFT-MS23-5032008
XREF MSFT-MS23-5032007
XREF MSFT-MS23-5032006
XREF MSFT-MS23-5032005
XREF MSFT-MS23-5032004
XREF MSFT-MS23-5032000
XREF MSFT-MS23-5031999
XREF MSFT-MS23-5031995
XREF MSFT-MS23-5031993
XREF MSFT-MS23-5031991
XREF MSFT-MS23-5031990
XREF MSFT-MS23-5031989
XREF MSFT-MS23-5031988
XREF MSFT-MS23-5031987
XREF MSFT-MS23-5031984
XREF MSKB-5032012
221
XREF MSKB-5032011
XREF MSKB-5032010
XREF MSKB-5032009
XREF MSKB-5032008
XREF MSKB-5032007
XREF MSKB-5032006
XREF MSKB-5032005
XREF MSKB-5032004
XREF MSKB-5032000
XREF MSKB-5031999
XREF MSKB-5031995
XREF MSKB-5031993
XREF MSKB-5031991
XREF MSKB-5031990
XREF MSKB-5031989
XREF MSKB-5031988
XREF MSKB-5031987
XREF MSKB-5031984
Exploitable with
Metasploit, CANVAS, Core Impact
Plugin Information:
Publication date: 2023/11/16, Modification date: 2024/01/12
Ports
lkazbackupresto (TCP/445) Vulnerability State: Active
Cumulative
- 5031984
186789 - KB5033371: Windows 10 version 1809 / Windows Server 2019 Security Update (December
2023)
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing security update 5033371. It is, therefore, affected by multiple vulnerabilities
- Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability (CVE-2023-36006)
222
- Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability (CVE-2023-36696)
- Win32k Elevation of Privilege Vulnerability (CVE-2023-36011)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.
See Also
https://support.microsoft.com/help/5033371
Solution
Apply Security Update 5033371
Risk Factor
Critical
Vulnerability Priority Rating (VPR)
8.4
CVSS v3.0 Base Score
8.8 (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
7.9 (E:P/RL:O/RC:C)
CVSS Base Score
10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score
7.8 (E:POC/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2023-36696
CVE CVE-2023-36012
CVE CVE-2023-36011
CVE CVE-2023-36006
CVE CVE-2023-36005
CVE CVE-2023-36004
CVE CVE-2023-36003
CVE CVE-2023-35644
CVE CVE-2023-35643
CVE CVE-2023-35642
CVE CVE-2023-35641
CVE CVE-2023-35639
CVE CVE-2023-35638
CVE CVE-2023-35632
CVE CVE-2023-35630
CVE CVE-2023-35628
223
CVE CVE-2023-35622
CVE CVE-2023-21740
CVE CVE-2023-20588
XREF IAVA-2023-A-0690-S
XREF IAVA-2023-A-0689-S
XREF MSFT-MS23-5033371
XREF MSKB-5033371
Exploitable with
Metasploit, CANVAS, Core Impact
Plugin Information:
Publication date: 2023/12/12, Modification date: 2024/01/15
Ports
lkazbackupresto (TCP/445) Vulnerability State: Active
https://www.microsoft.com/en-us/windows-server
Solution
N/A
Risk Factor
None
Exploitable with
Metasploit, CANVAS, Core Impact
Plugin Information:
Publication date: 2023/12/27, Modification date: 2023/12/27
Ports
lkazbackupresto (TCP/0) Vulnerability State: Active
224
CPE v2.2 : cpe:/o:microsoft:windows_server_2019:10.0.17763.4974:-
CPE v2.3 :
cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.4974:-:any:*:datacenter:*:x64:*
Type : local
Method : SMB
Confidence : 100
187803 - KB5034127: Windows 10 version 1809 / Windows Server 2019 Security Update (January
2024)
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing security update 5034127. It is, therefore, affected by multiple vulnerabilities
- Microsoft ODBC Driver Remote Code Execution Vulnerability (CVE-2024-20654)
- BitLocker Security Feature Bypass Vulnerability (CVE-2024-20666)
- Windows Kerberos Security Feature Bypass Vulnerability (CVE-2024-20674)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.
See Also
https://support.microsoft.com/help/5034127
Solution
Apply Security Update 5034127
Risk Factor
High
Vulnerability Priority Rating (VPR)
8.4
CVSS v3.0 Base Score
8.0 (AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
7.2 (E:P/RL:O/RC:C)
CVSS Base Score
9.0 (AV:N/AC:L/Au:S/C:C/I:C/A:C)
CVSS Temporal Score
7.0 (E:POC/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2024-21320
CVE CVE-2024-21316
CVE CVE-2024-21314
CVE CVE-2024-21313
CVE CVE-2024-21311
CVE CVE-2024-21310
CVE CVE-2024-21307
CVE CVE-2024-21305
CVE CVE-2024-20700
225
CVE CVE-2024-20699
CVE CVE-2024-20698
CVE CVE-2024-20696
CVE CVE-2024-20694
CVE CVE-2024-20692
CVE CVE-2024-20691
CVE CVE-2024-20690
CVE CVE-2024-20687
CVE CVE-2024-20683
CVE CVE-2024-20682
CVE CVE-2024-20680
CVE CVE-2024-20674
CVE CVE-2024-20666
CVE CVE-2024-20664
CVE CVE-2024-20663
CVE CVE-2024-20662
CVE CVE-2024-20661
CVE CVE-2024-20660
CVE CVE-2024-20658
CVE CVE-2024-20657
CVE CVE-2024-20655
CVE CVE-2024-20654
CVE CVE-2024-20653
CVE CVE-2024-20652
CVE CVE-2022-35737
XREF IAVA-2024-A-0016
XREF IAVA-2024-A-0015
XREF MSFT-MS24-5034127
XREF MSKB-5034127
Exploitable with
Metasploit, CANVAS, Core Impact
Plugin Information:
Publication date: 2024/01/09, Modification date: 2024/01/15
226
Ports
lkazbackupresto (TCP/445) Vulnerability State: Active
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-0056
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-0057
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21312
https://support.microsoft.com/en-us/help/5033898
https://support.microsoft.com/en-us/help/5033899
https://support.microsoft.com/en-us/help/5033904
https://support.microsoft.com/en-us/help/5033907
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36042
https://support.microsoft.com/en-us/help/5033909
https://support.microsoft.com/en-us/help/5033910
https://support.microsoft.com/en-us/help/5033911
https://support.microsoft.com/en-us/help/5033912
https://support.microsoft.com/en-us/help/5033914
https://support.microsoft.com/en-us/help/5033916
https://support.microsoft.com/en-us/help/5033917
https://support.microsoft.com/en-us/help/5033918
https://support.microsoft.com/en-us/help/5033919
https://support.microsoft.com/en-us/help/5033920
227
https://support.microsoft.com/en-us/help/5033922
https://support.microsoft.com/en-us/help/5033945
https://support.microsoft.com/en-us/help/5033946
https://support.microsoft.com/en-us/help/5033947
https://support.microsoft.com/en-us/help/5033948
Solution
Microsoft has released security updates for Microsoft .NET Framework.
Risk Factor
High
Vulnerability Priority Rating (VPR)
7.1
CVSS v3.0 Base Score
9.1 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N)
CVSS v3.0 Temporal Score
7.9 (E:U/RL:O/RC:C)
CVSS Base Score
9.4 (AV:N/AC:L/Au:N/C:C/I:C/A:N)
CVSS Temporal Score
7.0 (E:U/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2024-21312
CVE CVE-2024-0057
CVE CVE-2024-0056
CVE CVE-2023-36042
XREF IAVA-2024-A-0011
XREF MSFT-MS24-5033948
XREF MSFT-MS24-5033947
XREF MSFT-MS24-5033946
XREF MSFT-MS24-5033945
XREF MSFT-MS24-5033922
XREF MSFT-MS24-5033920
XREF MSFT-MS24-5033919
XREF MSFT-MS24-5033918
XREF MSFT-MS24-5033917
228
XREF MSFT-MS24-5033916
XREF MSFT-MS24-5033914
XREF MSFT-MS24-5033912
XREF MSFT-MS24-5033911
XREF MSFT-MS24-5033910
XREF MSFT-MS24-5033909
XREF MSFT-MS24-5033907
XREF MSFT-MS24-5033904
XREF MSFT-MS24-5033899
XREF MSFT-MS24-5033898
XREF MSKB-5033948
XREF MSKB-5033947
XREF MSKB-5033946
XREF MSKB-5033945
XREF MSKB-5033922
XREF MSKB-5033920
XREF MSKB-5033919
XREF MSKB-5033918
XREF MSKB-5033917
XREF MSKB-5033916
XREF MSKB-5033914
XREF MSKB-5033912
XREF MSKB-5033911
XREF MSKB-5033910
XREF MSKB-5033909
XREF MSKB-5033907
XREF MSKB-5033904
XREF MSKB-5033899
XREF MSKB-5033898
Exploitable with
Metasploit, CANVAS, Core Impact
Plugin Information:
Publication date: 2024/01/10, Modification date: 2024/01/12
229
Ports
lkazbackupresto (TCP/445) Vulnerability State: Active
Cumulative
- 5033904
https://crbug.com/1515930
https://crbug.com/1507412
https://crbug.com/1517354
Solution
Upgrade to Google Chrome version 120.0.6099.225 or later.
Risk Factor
High
CVSS v3.0 Base Score
9.6 (AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
8.3 (E:U/RL:O/RC:C)
CVSS Base Score
7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS Temporal Score
5.5 (E:U/RL:OF/RC:C)
References
CVE CVE-2024-0519
CVE CVE-2024-0518
CVE CVE-2024-0517
Exploitable with
Metasploit, CANVAS, Core Impact
Plugin Information:
230
Publication date: 2024/01/16, Modification date: 2024/01/16
Ports
lkazbackupresto (TCP/445) Vulnerability State: Active
Issuer Name:
Serial Number: 74 3B B6 C9 C1 21 DF 87 47 8F 72 8C 5D DD 88 0A
Version: 3
231
5C F9 CF 37 01 DE EF F7 51 63 4A 7A B4 E2 AD 67 DB 7A 1C C9
4C 3A 6E BF 63 E6 6A AF C9 9B 1A D3 BE 9D 7F 7A 92 CA A8 80
E5 0A 35 80 46 79 FA 49 D8 72 A1 43 E5 A3 D2 78 94 3A 6F EF
EB 01 63 E3 5D F6 73 12 49 13 ED 42 38 1C 40 5A 5E 31 B6 EF
3E 4D 78 53 5C 8E 41 A8 9E F1 E5 27 2A 71 29 9D A8 A3 DE F4
[...]
http://www.nessus.org/u?15ae6806
Solution
N/A
Risk Factor
None
References
XREF IAVT-0001-T-0655
Exploitable with
Metasploit, CANVAS, Core Impact
Plugin Information:
Publication date: 2010/12/20, Modification date: 2022/10/18
Ports
lkazbackupresto (TCP/445) Vulnerability State: Active
232
Path : C:\Windows\Microsoft.NET\Framework64\v4.0.30319\
Version : 4.7.2
Full Version : 4.7.03190
Install Type : Full
Release : 461814
Path : C:\Windows\Microsoft.NET\Framework64\v4.0.30319\
Version : 4.7.2
Full Version : 4.7.03190
Install Type : Client
Release : 461814
20231122113623.500000+330
233
Using credentials supplied in the scan policy, Nessus is able to collect information about the software and patches
installed on the remote Windows host and will use that information to check for missing Microsoft security updates.
Note that this plugin is purely informational.
Solution
N/A
Risk Factor
None
Exploitable with
Metasploit, CANVAS, Core Impact
Plugin Information:
Publication date: 2011/12/06, Modification date: 2021/07/12
Ports
lkazbackupresto (TCP/445) Vulnerability State: Active
234
Publication date: 2016/07/19, Modification date: 2023/06/06
Ports
lkazbackupresto (TCP/0) Vulnerability State: Active
HKLM\SYSTEM\CurrentControlSet\Control\TimeZoneInformation\TimeZoneKeyName : Sri Lanka Standard
Time
HKLM\SYSTEM\CurrentControlSet\Control\TimeZoneInformation\StandardName : @tzres.dll,-532
HKLM\SYSTEM\CurrentControlSet\Control\TimeZoneInformation\DaylightName : @tzres.dll,-531
HKLM\SYSTEM\CurrentControlSet\Control\TimeZoneInformation\DynamicDaylightTimeDisabled : 0x00000000
HKLM\SYSTEM\CurrentControlSet\Control\TimeZoneInformation\StandardBias : 0x00000000
HKLM\SYSTEM\CurrentControlSet\Control\TimeZoneInformation\DaylightBias : 0xFFFFFFC4
HKLM\SYSTEM\CurrentControlSet\Control\TimeZoneInformation\Bias : 0xFFFFFEB6
HKLM\SYSTEM\CurrentControlSet\Control\TimeZoneInformation\DaylightStart :
00000000000000000000000000000000
HKLM\SYSTEM\CurrentControlSet\Control\TimeZoneInformation\StandardStart :
00000000000000000000000000000000
http://www.nessus.org/u?61293b38
Solution
N/A
Risk Factor
None
Exploitable with
Metasploit, CANVAS, Core Impact
Plugin Information:
235
Publication date: 2016/07/19, Modification date: 2018/11/15
Ports
lkazbackupresto (TCP/0) Vulnerability State: Active
[...]
Path : C:\Windows\\System32\\mstsc.exe
Version : 10.0.17763.2867
236
Using the HKU registry, Nessus was able to enuemrate the SIDs of logged on users
Solution
N/A
Risk Factor
None
Exploitable with
Metasploit, CANVAS, Core Impact
Plugin Information:
Publication date: 2022/05/25, Modification date: 2022/05/25
Ports
lkazbackupresto (TCP/445) Vulnerability State: Active
Logged on users :
- S-1-5-21-1965139271-2296524897-3907604036-1003
Domain : LKAZBackupResto
Username : Honeuser
237
lkazdc01
Scan Information
Start time: 2024/01/17 10:30
3 8 10 0 162 183
Results Details
/
10107 - HTTP Server Type and Version
Synopsis
A web server is running on the remote host.
Description
This plugin attempts to determine the type and the version of the remote web server.
Solution
N/A
Risk Factor
None
References
XREF IAVT-0001-T-0931
Exploitable with
Metasploit, CANVAS, Core Impact
Plugin Information:
Publication date: 2000/01/04, Modification date: 2020/10/30
Ports
lkazdc01 (TCP/47001) Vulnerability State: Active
The remote web server type is :
Microsoft-HTTPAPI/2.0
Microsoft-HTTPAPI/2.0
238
Solution
Filter out the ICMP timestamp requests (13), and the outgoing ICMP timestamp replies (14).
Risk Factor
None
Vulnerability Priority Rating (VPR)
0.8
References
CVE CVE-1999-0524
XREF CWE-200
Exploitable with
Metasploit, CANVAS, Core Impact
Plugin Information:
Publication date: 1999/08/01, Modification date: 2023/04/27
Ports
lkazdc01 (ICMP/0) Vulnerability State: Active
The ICMP timestamps seem to be in little endian format (not in network format)
The difference between the local and remote clocks is -212 seconds.
The remote host has the following MAC address on its adapter :
00:0d:3a:a3:a4:f2
239
N/A
Risk Factor
None
Exploitable with
Metasploit, CANVAS, Core Impact
Plugin Information:
Publication date: 1999/11/27, Modification date: 2023/12/04
Ports
lkazdc01 (UDP/0) Vulnerability State: Active
For your information, here is the traceroute from 192.168.33.11 to 192.168.33.4 :
192.168.33.11
192.168.33.4
Hop Count: 1
https://support.microsoft.com/en-us/help/246261
Solution
N/A
Risk Factor
None
Exploitable with
Metasploit, CANVAS, Core Impact
Plugin Information:
Publication date: 2000/05/09, Modification date: 2023/07/25
Ports
lkazdc01 (TCP/445) Vulnerability State: Resurfaced
- The SMB tests will be done as adl\vaadmin/******
- NULL sessions may be enabled on the remote host.
240
Plugin Information:
Publication date: 2000/05/09, Modification date: 2022/02/01
Ports
lkazdc01 (TCP/445) Vulnerability State: Active
Here are the SMB shares available on the remote host when logged in as vaadmin:
- ADMIN$
- C$
- D$
- IPC$
- NETLOGON
- SYSVOL
- ADMIN$ - (readable,writable)
+ Content of this share :
..
ADFS
ADWS
appcompat
apppatch
AppReadiness
assembly
AzureArcSetup
bcastdvr
bfsvc.exe
BitLockerDiscoveryVolumeContents
Boot
bootstat.dat
Branding
BrowserCore
CbsTemp
Containers
Cursors
debug
diagnostics
DiagTrack
DigitalLocker
Downloaded Program Files
drivers
DtcInstall.log
ELAMBKUP
en-US
241
explorer.exe
Fonts
Globalization
Help
HelpPane.exe
hh.exe
IdentityCRL
IME
ImmersiveControlPanel
INF
InputMethod
Installer
InteractiveVMWorkingDir
L2Schemas
LiveKernelReports
Logs
lsasetup.log
Media
mib.bin
Microsoft.NET
Migration
ModemLogs
notepad.exe
NTDS
OCR
OEM
Offline Web Pages
Panther
Performance
PFRO.log
PLA
PolicyDefinitions
Prefetch
PrintDialog
Provisioning
regedit.exe
Registration
RemotePackages
rescache
Resources
SchCache
schemas
security
ServerDataCenter.xml
ServiceProfiles
ServiceState
servicing
Setup
ShellComponents
ShellExperiences
SKB
SoftwareDistribution
Speech
Speech_OneCore
splwow64.exe
System
system.ini
System32
SystemApps
SystemResources
SystemTemp
SYSVOL
SysWOW64
TAPI
Tasks
Temp
- SYSVOL - (readable,writable)
+ Content of this share :
..
adl.local
- NETLOGON - (readable,writable)
+ Content of this share :
..
242
- D$ - (readable,writable)
+ Content of this share :
CollectGuestLogsTemp
DATALOSS_WARNING_README.txt
DumpStack.log.tmp
pagefile.sys
System Volume Information
- C$ - (readable,writable)
+ Content of this share :
$WinREAgent
ADL
batch1.csv
cert new
Documents and Settings
Linux OS
LKROOTCA_LKROOTCA-CA.crt
localadmin
Microsoft.Tri.Sensor.Deployment.Deployer.exe
New
NonADDEDMEMBERS.csv
OwnerError.csv
Packages
pass1.csv
pass12.csv
pass2.csv
passchange.csv
passchange1.csv
passchange2.csv
passchange3.csv
Password1.txt
PerfLogs
Program Files
Program Files (x86)
ProgramData
Recovery
Results.csv
System Volume Information
Temp
userlist.csv
Users
Windows
WindowsAzure
10398 - Microsoft Windows SMB LsaQueryInformationPolicy Function NULL Session Domain SID
Enumeration
Synopsis
It was possible to obtain the domain SID.
Description
By emulating the call to LsaQueryInformationPolicy(), it was possible to obtain the domain SID (Security Identifier).
The domain SID can then be used to get the list of users of the domain.
Solution
N/A
Risk Factor
None
Exploitable with
Metasploit, CANVAS, Core Impact
Plugin Information:
Publication date: 2000/05/09, Modification date: 2023/02/28
Ports
lkazdc01 (TCP/445) Vulnerability State: Active
The remote domain SID value is :\n1-5-21-2016934633-2723708669-2290440068
243
Synopsis
Access the remote Windows Registry.
Description
It was possible to access the remote Windows Registry using the login / password combination used for the Windows
local checks (SMB tests).
Solution
N/A
Risk Factor
None
Exploitable with
Metasploit, CANVAS, Core Impact
Plugin Information:
Publication date: 2000/05/09, Modification date: 2022/02/01
Ports
lkazdc01 (TCP/445) Vulnerability State: Active
10413 - Microsoft Windows SMB Registry : Remote PDC/BDC Detection
Synopsis
The remote system is a Domain Controller.
Description
The remote host seems to be a Primary Domain Controller or a Backup Domain Controller.
This can be verified by the value of the registry key 'ProductType' under 'HKLM\SYSTEM\CurrentControlSet\Control
\ProductOptions'.
Solution
N/A
Risk Factor
None
References
XREF IAVT-0001-T-0942
XREF IAVT-0001-T-0030
Exploitable with
Metasploit, CANVAS, Core Impact
Plugin Information:
Publication date: 2000/05/20, Modification date: 2023/08/17
Ports
lkazdc01 (TCP/445) Vulnerability State: Active
10456 - Microsoft Windows SMB Service Enumeration
Synopsis
It is possible to enumerate remote services.
Description
This plugin implements the SvcOpenSCManager() and SvcEnumServices() calls to obtain, using the SMB protocol,
the list of active and inactive services of the remote host.
An attacker may use this feature to gain better knowledge of the remote host.
Solution
To prevent the listing of the services from being obtained, you should either have tight login restrictions, so that only
trusted users can access your host, and/or you should filter incoming traffic to this port.
Risk Factor
None
244
References
XREF IAVT-0001-T-0751
Exploitable with
Metasploit, CANVAS, Core Impact
Plugin Information:
Publication date: 2000/07/03, Modification date: 2022/02/01
Ports
lkazdc01 (TCP/445) Vulnerability State: Active
Active Services :
245
By sending a Lookup request to the portmapper (TCP 135 or epmapper PIPE) it was possible to enumerate the
Distributed Computing Environment (DCE) services running on the remote port. Using this information it is possible to
connect and bind to each service by sending an RPC request to the remote port/pipe.
Solution
N/A
Risk Factor
None
Exploitable with
Metasploit, CANVAS, Core Impact
Plugin Information:
Publication date: 2001/08/26, Modification date: 2021/10/04
Ports
lkazdc01 (TCP/49664) Vulnerability State: Active
246
UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 2.0
Description : Unknown RPC service
Annotation : KeyIso
Type : Remote RPC service
TCP Port : 49664
IP : 192.168.33.4
247
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : bf4dc912-e52f-4904-8ebe-9317c1bdd497, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : [...]
248
TCP Port : 49668
IP : 192.168.33.4
249
The following DCERPC services are available remotely :
250
TCP Port : 49670
IP : 192.168.33.4
251
COM+ Internet Services are RPC over HTTP tunneling and require IIS to operate. CIS ports shouldn't be visible on
internet but only behind a firewall.
See Also
http://www.nessus.org/u?d02f7e6e
https://support.microsoft.com/en-us/support/kb/articles/q282/2/61.asp
Solution
If you do not use this service, disable it with DCOMCNFG.
Otherwise, limit access to this port.
Risk Factor
None
Exploitable with
Metasploit, CANVAS, Core Impact
Plugin Information:
Publication date: 2001/09/14, Modification date: 2019/11/22
Ports
lkazdc01 (TCP/49676) Vulnerability State: Active
Server banner :
ncacn_http/1.0
252
The host SID can then be used to get the list of local users.
See Also
http://technet.microsoft.com/en-us/library/bb418944.aspx
Solution
You can prevent anonymous lookups of the host SID by setting the 'RestrictAnonymous' registry setting to an
appropriate value.
Refer to the 'See also' section for guidance.
Risk Factor
None
Exploitable with
Metasploit, CANVAS, Core Impact
Plugin Information:
Publication date: 2002/02/13, Modification date: 2023/02/28
Ports
lkazdc01 (TCP/445) Vulnerability State: Active
1-5-21-2016934633-2723708669-2290440068
- Priyan_105623
253
Using the supplied credentials, Nessus was able to list user accounts that have been disabled.
Solution
Delete accounts that are no longer needed.
Risk Factor
None
Exploitable with
Metasploit, CANVAS, Core Impact
Plugin Information:
Publication date: 2002/03/15, Modification date: 2018/08/13
Ports
lkazdc01 (TCP/0) Vulnerability State: Active
- Aaditya_117927
- Aamir_105935
- aayushi_118161
- abansit
- Abdillah_118176
- Abdul Haliim_118016
- Abdul_118297
- Abhilasha_107386
- Abraham_117970
- Abyan_117868
- Ade_118362
- Adheesha_105648
- Adhip_119038
- Adib_118215
- Adiba_118487
- Adilla_117682
- Adithya_112332
- Afzan_118197
- Agus_118072
- Ahaash_105894
- Ahmad_117999
- Ahmad_118191
- Ahmad_118223
- Ainna_118292
- Ajay_119077
- Aji_118331
- Akalanka_112260
- Akeshala_121219
- akhil_119063
- Akhmad_118392
- Akila_105229
- Akila_107210
- Akma_118451
- akmal_118141
- Akshayaa_105637
- Alberto_118361
- Aldi_118083
- Aleesya_118206
- Alek_118057
- Alexander_118317
- Alfa_118068
- Alfan_117882
- Alfan_118499
- Alfredo_117797
- Alini_118563
- Ama_105779
- Amal_105244
- amalina.axiata
- Amasha_112290
- Amasha_112321
- Amaya_112393
- Ambar_118214
- Amila_105101
- Amila_107001
254
- Amila_107352
- AMIR_117655
- Amirul_117984
- Amirul_118375
- Amith_105834
- Ammar_118070
- Anand_117719
- Anandakarthik_117627
- Anant_118162
- Anbarasan_117738
- Andari_118457
- Andre_117812
- Andrew_112329
- Angga_118216
- Anggito_118097
- Anil_25152
- Anil_25187
- Anjanan_105763
- Ankit_118064
- Ankit_118480
- Ankit_119101
- annabella.axiata
- Annoma_105145
- Anoma_105262
- Antonythas_106203
- Anuj_118412
- Anuj_119049
- Anuradha_119023
- Anurag_119093
- Anusara_112185
- anusha_119072
- Anusha_121226
- Anushan_112261
- Anushesh_119097
- Anushka_106003
- Aparna_105193
- apoorv_119062
- apptest
- Apsara_112294
- Aqil_118444
- Aravind_118033
- Aravinda_105196
- Aravindan_105615
- Argavi_118468
- Arifa_118442-old
- Arindra_118372
- arinjay_119064
- Arissa_118035
- Ariva_118337
- Arona_118028
- Arosha_107031
- Aruna_106164
- Arunkumar_117698
- Asal_112362
- asanka_105009
- Asanka_105329
- Asel_112123
- Asela_107258
[...]
255
Metasploit, CANVAS, Core Impact
Plugin Information:
Publication date: 2002/03/15, Modification date: 2018/08/13
Ports
lkazdc01 (TCP/0) Vulnerability State: Active
- Afzan_118197
- Ahamed_112434
- Ahmad_118191
- Ajay_119077
- Anusha_121226
- Ariva_118337
- Ashish_118200
- Bonomi_106344
- Chatura_ObjectOne
- Denver_ObjectOne
- Devindi_106336
- Devon_106335
- Diluksha_106339
- Dulmi_106341
- Gangadhar_118266
- Gayan_106345
- Guntur_118069
- hanif_118164
- Haziratul_118195
- Indranil_119076
- Ira_118190
- Jaypalsinh_118267
- Joko_118170
- Kasun_106333
- lobby
- Luqman_118168
- Muhammad_118265
- Nikila_10584512
- Nimesh_106340
- Niroshan_112432
- Nivethasree_118203
- Pasindu_106343
- Pavan_118207
- Pramod_106342
- pw04
- Rizwan_118194
- Sanket_118227
- SM_309a4e43459f4c4c9
256
Plugin Information:
Publication date: 2002/03/15, Modification date: 2018/08/13
Ports
lkazdc01 (TCP/0) Vulnerability State: Active
- Aadhil_105729
- Aaditya_117927
- Aamir_105935
- aayushi_118161
- Aazif_105922
- abansit
- Abdillah_118176
- Abdul Haliim_118016
- Abdul_106325
- Abdul_117932
- Abdul_118297
- Abdullah_117850
- Abhilasha_107386
- Abhimanyu_117786
- Abi_118479
- Abigail_118438
- Abraham_117970
- Abrar_118515
- Abyan_117868
- Achintha_121258
- adam_118338
- Ade_118362
- Adheesha_105648
- Adheesha_106025
- Adhip_119038
- Adhitya_118409
- Adi_117969
- Adi_118230
- Adib _120038
- Adib_118215
- Adiba_118487
- Adilla_117682
- Adithya_112332
- Adiv_118406
- Adli_118349
- administrator
- Afkar_106101
- Afzan_118197
- Agnes_118486
- Agung_117893
- Agung_118177
- Agus_118072
- Ahaash_105894
- Ahamed_106331
- Ahamed_112434
- AHMAD_117661
- Ahmad_117931
- Ahmad_117999
- Ahmad_118191
- Ahmad_118223
- Ahmad_118473
- ahmed_118144
- Aiman_118256
- Ainatul_25182
- Ainna_118292
- Aisyah_120040
- Ajay_117712
- Ajay_119077
- Ajeeth_105793
- Aji_118331
- Akalanka_105485
- Akalanka_112260
- Akbar_118283
- Akesh_106123
- Akeshala_121219
- akhil_119063
257
- Akhmad_118392
- Akila_105229
- Akila_105570
- Akila_105627
- Akila_105691
- Akila_105947
- Akila_106058
- Akila_106287
- Akila_107210
- Akma_118451
- akmal_118141
- Akram_118559
- Akshay_117526
- Akshayaa_105637
- Alberto_118361
- Aldi_118083
- Aldiansyah_118286
- Aleesya_118206
- Alek_118057
- Alexander_118317
- Alfa_118068
- Alfan_117882
- Alfan_118499
- Alfredo_117797
- ALIA_117956
- Aliah_118296
- Alif_118253
- Aliff_120039
- Alifyando_118336
- Alini_118563
- Aloka_106023
- Alwan_117829
- Ama_105779
- Amal_105244
- Amal_105640
- Amal_120020
- Amali_105384
- amalina.axiata
- Amalina_118254
- Amalka_105324
- Amanda_112428
- Amasha_112290
- Amasha_112321
- Amasha_121264
- Amaya_112393
- Ambar_118214
- Ameerah_120034
- amila_105022
[...]
258
The following users have passwords that never expire :
- azadmin
- domainadd001
- domainaddind
- domainaddmy
- fim.service
- fim.sync
- fwsync
- mihcm_admin
- MIHCM_Sync
- mihcmadmin
- MSOL_03ffe2f18357
- secadmin
- ADL\azadmin (User)
- ADL\Enterprise Admins (Group)
- ADL\Domain Admins (Group)
- ADL\mihcmadmin (User)
259
Publication date: 2002/03/15, Modification date: 2018/05/16
Ports
lkazdc01 (TCP/0) Vulnerability State: Active
- azadmin
- NableAdmin
- vaadmin
- Atheeq_106273a
- Thilaksha_106310a
- Damith_106321a
260
11011 - Microsoft Windows SMB Service Detection
Synopsis
A file / print sharing service is listening on the remote host.
Description
The remote service understands the CIFS (Common Internet File System) or Server Message Block (SMB) protocol,
used to provide shared access to files, printers, etc between nodes on a network.
Solution
N/A
Risk Factor
None
Exploitable with
Metasploit, CANVAS, Core Impact
Plugin Information:
Publication date: 2002/06/05, Modification date: 2021/02/11
Ports
lkazdc01 (TCP/445) Vulnerability State: Active
http://www.nessus.org/u?fe16cea8
https://technet.microsoft.com/en-us/library/cc957390.aspx
Solution
Consult Microsoft documentation and best practices.
Risk Factor
None
Exploitable with
Metasploit, CANVAS, Core Impact
Plugin Information:
Publication date: 2003/03/24, Modification date: 2018/06/05
Ports
lkazdc01 (TCP/445) Vulnerability State: Active
11936 - OS Identification
Synopsis
261
It is possible to guess the remote operating system.
Description
Using a combination of remote probes (e.g., TCP/IP, SMB, HTTP, NTP, SNMP, etc.), it is possible to guess the name
of the remote operating system in use. It is also possible sometimes to guess the version of the operating system.
Solution
N/A
Risk Factor
None
Exploitable with
Metasploit, CANVAS, Core Impact
Plugin Information:
Publication date: 2003/12/09, Modification date: 2023/11/08
Ports
lkazdc01 (TCP/0) Vulnerability State: Active
Remote operating system : Microsoft Windows Server 2022 Datacenter Build 20348
Confidence level : 100
Method : SMB_OS
Not all fingerprints could give a match. If you think some or all of
the following could be used to identify the host's operating system,
please email them to os-signatures@nessus.org. Be sure to include a
brief description of the host itself, such as the actual operating
system or product / model names.
NTP:!:unknown
HTTP:Server: Microsoft-HTTPAPI/2.0
SinFP:!:
P1:B11113:F0x12:W65392:O0204ffff:M1410:
P2:B11113:F0x12:W65535:O0204ffff010303080402080affffffff44454144:M1410:
P3:B00000:F0x00:W0:O0:M0
P4:190704_7_p=47001
SSLcert:!:i/CN:LKAZSUBCA-CA
42b4abec267a325bd46d8bcbb78f2c2aaa5b1cb7
i/CN:LKAZSUBCA-CA
42b4abec267a325bd46d8bcbb78f2c2aaa5b1cb7
i/CN:LKAZDC01.adl.locals/CN:LKAZDC01.adl.local
bc636ba074b9ba93650d24e2fac93dbc6c5f1be7
The remote host is running Microsoft Windows Server 2022 Datacenter Build 20348
262
Ports
lkazdc01 (TCP/0) Vulnerability State: Active
https://www.tenable.com/blog/auditing-anti-virus-products-with-nessus
Solution
N/A
Risk Factor
None
Exploitable with
Metasploit, CANVAS, Core Impact
Plugin Information:
Publication date: 2005/01/18, Modification date: 2023/10/05
Ports
lkazdc01 (TCP/445) Vulnerability State: Active
Forefront_Endpoint_Protection :
263
Minimum password len: 10
Password history len: 24
Maximum password age (d): 60
Password must meet complexity requirements: Enabled
Minimum password age (d): 1
Forced logoff time (s): Not set
Locked account time (s): 1800
Time between failed logon (s): 1800
Number of invalid logon before locked out (s): 5
264
Max hosts : 100
Max checks : 5
Recv timeout : 5
Backports : None
Allow post-scan editing : Yes
Nessus Plugin Signature Checking : Enabled
Audit File Signature Checking : Disabled
Scan Start Date : 2024/1/17 5:27 EST
Scan duration : 1924 sec
Scan for malware : no
265
20870 - LDAP Server Detection
Synopsis
An LDAP server was detected on the remote host.
Description
The remote host is running a Lightweight Directory Access Protocol (LDAP) server. LDAP is a protocol for providing
access to directory services over TCP/IP.
See Also
https://en.wikipedia.org/wiki/LDAP
Solution
N/A
Risk Factor
None
Exploitable with
Metasploit, CANVAS, Core Impact
Plugin Information:
Publication date: 2006/02/10, Modification date: 2022/09/29
Ports
lkazdc01 (TCP/389) Vulnerability State: Active
lkazdc01 (TCP/636) Vulnerability State: Active
lkazdc01 (TCP/3268) Vulnerability State: Active
21643 - SSL Cipher Suites Supported
Synopsis
The remote service encrypts communications using SSL.
Description
This plugin detects which SSL ciphers are supported by the remote service for encrypting communications.
See Also
https://www.openssl.org/docs/man1.0.2/man1/ciphers.html
http://www.nessus.org/u?e17ffced
Solution
N/A
Risk Factor
None
Exploitable with
Metasploit, CANVAS, Core Impact
Plugin Information:
Publication date: 2006/06/05, Modification date: 2023/07/10
Ports
lkazdc01 (TCP/636) Vulnerability State: Active
266
TLS_AES_256_GCM_SHA384 0x13, 0x02 - - AES-GCM(256)
AEAD
{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
267
Here is the list of SSL ciphers supported by the remote server :
Each group is reported per SSL Version.
{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
Note that this service does not encrypt traffic by default but does
support upgrading to an encrypted connection using STARTTLS.
268
A web server is running on this port.
Here is a list of office files which have been found on the remote SMB
shares :
+ C$ :
- C:\Windows\System32\MSDRM\MsoIrmProtector.doc
- C:\Windows\SysWOW64\MSDRM\MsoIrmProtector.doc
- C:\Windows\WinSxS\amd64_microsoft-windows-r..t-office-
protectors_31bf3856ad364e35_10.0.20348.1_none_973a2dbdbe834c5f\MsoIrmProtector.doc
- C:\Windows\WinSxS\wow64_microsoft-windows-r..t-office-
protectors_31bf3856ad364e35_10.0.20348.1_none_a18ed80ff2e40e5a\MsoIrmProtector.doc
- C:\Windows\System32\MSDRM\MsoIrmProtector.ppt
- C:\Windows\SysWOW64\MSDRM\MsoIrmProtector.ppt
- C:\Windows\WinSxS\amd64_microsoft-windows-r..t-office-
protectors_31bf3856ad364e35_10.0.20348.1_none_973a2dbdbe834c5f\MsoIrmProtector.ppt
- C:\Windows\WinSxS\wow64_microsoft-windows-r..t-office-
protectors_31bf3856ad364e35_10.0.20348.1_none_a18ed80ff2e40e5a\MsoIrmProtector.ppt
- C:\Windows\System32\MSDRM\MsoIrmProtector.xls
- C:\Windows\SysWOW64\MSDRM\MsoIrmProtector.xls
- C:\Windows\WinSxS\amd64_microsoft-windows-r..t-office-
protectors_31bf3856ad364e35_10.0.20348.1_none_973a2dbdbe834c5f\MsoIrmProtector.xls
- C:\Windows\WinSxS\wow64_microsoft-windows-r..t-office-
protectors_31bf3856ad364e35_10.0.20348.1_none_a18ed80ff2e40e5a\MsoIrmProtector.xls
- C:\ADL\ADL_DL_Details\ADL-Malaysia\ADL-Team-Malaysia(Senders).xlsx
- C:\Users\azadmin\Downloads\Domain Controller Coverage - 5-18-2022.xlsx
- C:\Users\secadmin\Downloads\TriSizingTool_1.3.0.0\TriSizingToolResults_20220426_1439.xlsx
- C:\Users\Thilaksha_106310a\Desktop\ADL\ADL_DL_Details\ADL-Malaysia\ADL-Team-
Malaysia(Senders).xlsx
- C:\Users\secadmin\Downloads\TriSizingTool_1.3.0.0\EULA.docx
269
This test is informational only and does not denote any security problem.
Solution
N/A
Risk Factor
None
Exploitable with
Metasploit, CANVAS, Core Impact
Plugin Information:
Publication date: 2007/01/30, Modification date: 2019/11/22
Ports
lkazdc01 (TCP/6791) Vulnerability State: Active
Response Body :
Response Body :
Response Body :
270
SSL : no
Keep-Alive : no
Options allowed : (Not implemented)
Headers :
Response Body :
271
Computer Manufacturer : Microsoft Corporation
Computer Model : Virtual Machine
Computer SerialNumber : 0000-0012-8010-1202-5928-0089-99
Computer Type : Desktop
+ Routing Information :
272
224.0.0.0 240.0.0.0 0.0.0.0
224.0.0.0 240.0.0.0 0.0.0.0
255.255.255.255 255.255.255.255 0.0.0.0
255.255.255.255 255.255.255.255 0.0.0.0
273
[+]-isGlobalCatalogReady:
| TRUE
[+]-supportedSASLMechanisms:
| GSSAPI
| GSS-SPNEGO
| EXTERNAL
| DIGEST-MD5
[+]-supportedLDAPVersion:
| 3
| 2
[+]-supportedLDAPPolicies:
| MaxPoolThreads
| MaxPercentDirSyncRequests
| MaxDatagramRecv
| MaxReceiveBuffer
| InitRecvTimeout
| MaxConnections
| MaxConnIdleTime
| MaxPageSize
| MaxBatchReturnMessages
| MaxQueryDuration
| MaxDirSyncDuration
| MaxTempTableSize
| MaxResultSetSize
| MinResultSets
| MaxResultSetsPerConn
| MaxNotificationPerConn
| MaxValRange
| MaxValRangeTransitive
| ThreadMemoryLimit
| SystemMemoryLimitPercent
[+]-supportedControl:
| 1.2.840.113556.1.4.319
| 1.2.840.113556.1.4.801
| 1.2.840.113556.1.4.473
| 1.2.840.113556.1.4.528
| 1.2.840.113556.1.4.417
| 1.2.840.113556.1.4.619
| 1.2.840.113556.1.4.841
| 1.2.840.113556.1.4.529
| 1.2.840.113556.1.4.805
| 1.2.840.113556.1.4.521
| 1.2.840.113556.1.4.970
| 1.2.840.113556.1.4.1338
| 1.2.840.113556.1.4.474
| 1.2.840.113556.1.4.1339
| 1.2.840.113556.1.4.1340
| 1.2.840.113556.1.4.1413
| 2.16.840.1.113730.3.4.9
| 2.16.840.1.113730.3.4.10
| 1.2.840.113556.1.4.1504
| 1.2.840.113556.1.4.1852
| 1.2.840.113556.1.4.802
| 1.2.840.113556.1.4.1907
| 1.2.840.113556.1.4.1948
| 1.2.840.113556.1.4.1974
| 1.2.840.113556.1.4.1341
| 1.2.840.113556.1.4.2026
| 1.2.840.113556.1.4.2064
| 1.2.840.113556.1.4.2065
| 1.2.840.113556.1.4.2066
| 1.2.840.113556.1.4.2090
| 1.2.840.113556.1.4.2205
[...]
274
| 7
[+]-domainControllerFunctionality:
| 7
[+]-rootDomainNamingContext:
| DC=adl,DC=local
[+]-ldapServiceName:
| adl.local:lkazdc01$@ADL.LOCAL
[+]-isGlobalCatalogReady:
| TRUE
[+]-supportedSASLMechanisms:
| GSSAPI
| GSS-SPNEGO
| EXTERNAL
| DIGEST-MD5
[+]-supportedLDAPVersion:
| 3
| 2
[+]-supportedLDAPPolicies:
| MaxPoolThreads
| MaxPercentDirSyncRequests
| MaxDatagramRecv
| MaxReceiveBuffer
| InitRecvTimeout
| MaxConnections
| MaxConnIdleTime
| MaxPageSize
| MaxBatchReturnMessages
| MaxQueryDuration
| MaxDirSyncDuration
| MaxTempTableSize
| MaxResultSetSize
| MinResultSets
| MaxResultSetsPerConn
| MaxNotificationPerConn
| MaxValRange
| MaxValRangeTransitive
| ThreadMemoryLimit
| SystemMemoryLimitPercent
[+]-supportedControl:
| 1.2.840.113556.1.4.319
| 1.2.840.113556.1.4.801
| 1.2.840.113556.1.4.473
| 1.2.840.113556.1.4.528
| 1.2.840.113556.1.4.417
| 1.2.840.113556.1.4.619
| 1.2.840.113556.1.4.841
| 1.2.840.113556.1.4.529
| 1.2.840.113556.1.4.805
| 1.2.840.113556.1.4.521
| 1.2.840.113556.1.4.970
| 1.2.840.113556.1.4.1338
| 1.2.840.113556.1.4.474
| 1.2.840.113556.1.4.1339
| 1.2.840.113556.1.4.1340
| 1.2.840.113556.1.4.1413
| 2.16.840.1.113730.3.4.9
| 2.16.840.1.113730.3.4.10
| 1.2.840.113556.1.4.1504
| 1.2.840.113556.1.4.1852
| 1.2.840.113556.1.4.802
| 1.2.840.113556.1.4.1907
| 1.2.840.113556.1.4.1948
| 1.2.840.113556.1.4.1974
| 1.2.840.113556.1.4.1341
| 1.2.840.113556.1.4.2026
| 1.2.840.113556.1.4.2064
| 1.2.840.113556.1.4.2065
| 1.2.840.113556.1.4.2066
| 1.2.840.113556.1.4.2090
| 1.2.840.113556.1.4.2205
[...]
275
| CN=Configuration,DC=adl,DC=local
| CN=Schema,CN=Configuration,DC=adl,DC=local
| DC=DomainDnsZones,DC=adl,DC=local
| DC=ForestDnsZones,DC=adl,DC=local
[+]-domainFunctionality:
| 7
[+]-forestFunctionality:
| 7
[+]-domainControllerFunctionality:
| 7
[+]-rootDomainNamingContext:
| DC=adl,DC=local
[+]-ldapServiceName:
| adl.local:lkazdc01$@ADL.LOCAL
[+]-isGlobalCatalogReady:
| TRUE
[+]-supportedSASLMechanisms:
| GSSAPI
| GSS-SPNEGO
| EXTERNAL
| DIGEST-MD5
[+]-supportedLDAPVersion:
| 3
| 2
[+]-supportedLDAPPolicies:
| MaxPoolThreads
| MaxPercentDirSyncRequests
| MaxDatagramRecv
| MaxReceiveBuffer
| InitRecvTimeout
| MaxConnections
| MaxConnIdleTime
| MaxPageSize
| MaxBatchReturnMessages
| MaxQueryDuration
| MaxDirSyncDuration
| MaxTempTableSize
| MaxResultSetSize
| MinResultSets
| MaxResultSetsPerConn
| MaxNotificationPerConn
| MaxValRange
| MaxValRangeTransitive
| ThreadMemoryLimit
| SystemMemoryLimitPercent
[+]-supportedControl:
| 1.2.840.113556.1.4.319
| 1.2.840.113556.1.4.801
| 1.2.840.113556.1.4.473
| 1.2.840.113556.1.4.528
| 1.2.840.113556.1.4.417
| 1.2.840.113556.1.4.619
| 1.2.840.113556.1.4.841
| 1.2.840.113556.1.4.529
| 1.2.840.113556.1.4.805
| 1.2.840.113556.1.4.521
| 1.2.840.113556.1.4.970
| 1.2.840.113556.1.4.1338
| 1.2.840.113556.1.4.474
| 1.2.840.113556.1.4.1339
| 1.2.840.113556.1.4.1340
| 1.2.840.113556.1.4.1413
| 2.16.840.1.113730.3.4.9
| 2.16.840.1.113730.3.4.10
| 1.2.840.113556.1.4.1504
| 1.2.840.113556.1.4.1852
| 1.2.840.113556.1.4.802
| 1.2.840.113556.1.4.1907
| 1.2.840.113556.1.4.1948
| 1.2.840.113556.1.4.1974
| 1.2.840.113556.1.4.1341
| 1.2.840.113556.1.4.2026
| 1.2.840.113556.1.4.2064
| 1.2.840.113556.1.4.2065
| 1.2.840.113556.1.4.2066
276
| 1.2.840.113556.1.4.2090
| 1.2.840.113556.1.4.2205
[...]
https://en.wikipedia.org/wiki/WS-Management
Solution
Limit incoming traffic to this port if desired.
Risk Factor
None
Exploitable with
Metasploit, CANVAS, Core Impact
Plugin Information:
Publication date: 2008/06/11, Modification date: 2021/05/19
Ports
lkazdc01 (TCP/5985) Vulnerability State: Active
277
Port 88/tcp was found to be open
278
Port 8080/tcp was found to be open
Note that 2502 UDP ports belonging to DNS.exe have been ignored.
279
lkazdc01 (UDP/2535) Vulnerability State: Active
Port 2535/udp was found to be open
280
The Win32 process 'lsass.exe' is listening on this port (pid 884).
This process 'lsass.exe' (pid 884) is hosting the following Windows services :
Kdc (@%SystemRoot%\System32\kdcsvc.dll,-1)
KdsSvc (@KdsSvc.dll,-100)
KeyIso (@keyiso.dll,-100)
Netlogon (@%SystemRoot%\System32\netlogon.dll,-102)
NTDS (@%SystemRoot%\System32\ntdsmsg.dll,-1)
SamSs (@%SystemRoot%\system32\samsrv.dll,-1)
This process 'svchost.exe' (pid 1216) is hosting the following Windows services :
TermService (@%SystemRoot%\System32\termsrv.dll,-268)
This process 'svchost.exe' (pid 568) is hosting the following Windows services :
RpcEptMapper (@%windir%\system32\RpcEpMap.dll,-1001)
RpcSs (@combase.dll,-5010)
This process 'svchost.exe' (pid 2756) is hosting the following Windows services :
IKEEXT (@%SystemRoot%\system32\ikeext.dll,-501)
This process 'svchost.exe' (pid 1556) is hosting the following Windows services :
Dnscache (@%SystemRoot%\System32\dnsapi.dll,-101)
This process 'svchost.exe' (pid 2756) is hosting the following Windows services :
IKEEXT (@%SystemRoot%\system32\ikeext.dll,-501)
This process 'svchost.exe' (pid 1556) is hosting the following Windows services :
Dnscache (@%SystemRoot%\System32\dnsapi.dll,-101)
This process 'svchost.exe' (pid 3592) is hosting the following Windows services :
IAS (@%SystemRoot%\system32\ias.dll,-1000)
281
lkazdc01 (UDP/53) Vulnerability State: Active
This process 'dns.exe' (pid 3500) is hosting the following Windows services :
DNS (@%systemroot%\system32\dns.exe,-49157)
This process 'svchost.exe' (pid 1216) is hosting the following Windows services :
TermService (@%SystemRoot%\System32\termsrv.dll,-268)
This process 'svchost.exe' (pid 1556) is hosting the following Windows services :
Dnscache (@%SystemRoot%\System32\dnsapi.dll,-101)
This process 'svchost.exe' (pid 1556) is hosting the following Windows services :
Dnscache (@%SystemRoot%\System32\dnsapi.dll,-101)
This process 'svchost.exe' (pid 568) is hosting the following Windows services :
RpcEptMapper (@%windir%\system32\RpcEpMap.dll,-1001)
RpcSs (@combase.dll,-5010)
This process 'lsass.exe' (pid 884) is hosting the following Windows services :
Kdc (@%SystemRoot%\System32\kdcsvc.dll,-1)
KdsSvc (@KdsSvc.dll,-100)
KeyIso (@keyiso.dll,-100)
Netlogon (@%SystemRoot%\System32\netlogon.dll,-102)
NTDS (@%SystemRoot%\System32\ntdsmsg.dll,-1)
SamSs (@%SystemRoot%\system32\samsrv.dll,-1)
This process 'svchost.exe' (pid 3240) is hosting the following Windows services :
Winmgmt (@%Systemroot%\system32\wbem\wmisvc.dll,-205)
282
This process 'Microsoft.HttpForwarder.WindowsService.exe' (pid 3620) is hosting the following
Windows services :
OMSGatewayService (OMS Gateway)
This process 'lsass.exe' (pid 884) is hosting the following Windows services :
Kdc (@%SystemRoot%\System32\kdcsvc.dll,-1)
KdsSvc (@KdsSvc.dll,-100)
KeyIso (@keyiso.dll,-100)
Netlogon (@%SystemRoot%\System32\netlogon.dll,-102)
NTDS (@%SystemRoot%\System32\ntdsmsg.dll,-1)
SamSs (@%SystemRoot%\system32\samsrv.dll,-1)
This process 'svchost.exe' (pid 1484) is hosting the following Windows services :
EventLog (@%SystemRoot%\system32\wevtsvc.dll,-200)
This process 'lsass.exe' (pid 884) is hosting the following Windows services :
Kdc (@%SystemRoot%\System32\kdcsvc.dll,-1)
KdsSvc (@KdsSvc.dll,-100)
KeyIso (@keyiso.dll,-100)
Netlogon (@%SystemRoot%\System32\netlogon.dll,-102)
NTDS (@%SystemRoot%\System32\ntdsmsg.dll,-1)
SamSs (@%SystemRoot%\system32\samsrv.dll,-1)
This process 'svchost.exe' (pid 1556) is hosting the following Windows services :
Dnscache (@%SystemRoot%\System32\dnsapi.dll,-101)
This process 'lsass.exe' (pid 884) is hosting the following Windows services :
Kdc (@%SystemRoot%\System32\kdcsvc.dll,-1)
KdsSvc (@KdsSvc.dll,-100)
KeyIso (@keyiso.dll,-100)
Netlogon (@%SystemRoot%\System32\netlogon.dll,-102)
NTDS (@%SystemRoot%\System32\ntdsmsg.dll,-1)
SamSs (@%SystemRoot%\system32\samsrv.dll,-1)
This process 'elastic-agent.exe' (pid 3564) is hosting the following Windows services :
Elastic Agent (Elastic Agent)
283
The Win32 process 'svchost.exe' is listening on this port (pid 3472).
This process 'svchost.exe' (pid 3472) is hosting the following Windows services :
DHCPServer (@%SystemRoot%\system32\dhcpssvc.dll,-200)
This process 'svchost.exe' (pid 3472) is hosting the following Windows services :
DHCPServer (@%SystemRoot%\system32\dhcpssvc.dll,-200)
This process 'lsass.exe' (pid 884) is hosting the following Windows services :
Kdc (@%SystemRoot%\System32\kdcsvc.dll,-1)
KdsSvc (@KdsSvc.dll,-100)
KeyIso (@keyiso.dll,-100)
Netlogon (@%SystemRoot%\System32\netlogon.dll,-102)
NTDS (@%SystemRoot%\System32\ntdsmsg.dll,-1)
SamSs (@%SystemRoot%\system32\samsrv.dll,-1)
This process 'svchost.exe' (pid 2672) is hosting the following Windows services :
SessionEnv (@%SystemRoot%\System32\SessEnv.dll,-1026)
This process 'svchost.exe' (pid 1556) is hosting the following Windows services :
Dnscache (@%SystemRoot%\System32\dnsapi.dll,-101)
This process 'svchost.exe' (pid 1556) is hosting the following Windows services :
Dnscache (@%SystemRoot%\System32\dnsapi.dll,-101)
This process 'lsass.exe' (pid 884) is hosting the following Windows services :
Kdc (@%SystemRoot%\System32\kdcsvc.dll,-1)
KdsSvc (@KdsSvc.dll,-100)
KeyIso (@keyiso.dll,-100)
Netlogon (@%SystemRoot%\System32\netlogon.dll,-102)
NTDS (@%SystemRoot%\System32\ntdsmsg.dll,-1)
SamSs (@%SystemRoot%\system32\samsrv.dll,-1)
This process 'Microsoft.Tri.Sensor.exe' (pid 5824) is hosting the following Windows services :
AATPSensor (Azure Advanced Threat Protection Sensor)
284
lkazdc01 (UDP/57879) Vulnerability State: Active
This process 'svchost.exe' (pid 1556) is hosting the following Windows services :
Dnscache (@%SystemRoot%\System32\dnsapi.dll,-101)
This process 'lsass.exe' (pid 884) is hosting the following Windows services :
Kdc (@%SystemRoot%\System32\kdcsvc.dll,-1)
KdsSvc (@KdsSvc.dll,-100)
KeyIso (@keyiso.dll,-100)
Netlogon (@%SystemRoot%\System32\netlogon.dll,-102)
NTDS (@%SystemRoot%\System32\ntdsmsg.dll,-1)
SamSs (@%SystemRoot%\system32\samsrv.dll,-1)
This process 'lsass.exe' (pid 884) is hosting the following Windows services :
Kdc (@%SystemRoot%\System32\kdcsvc.dll,-1)
KdsSvc (@KdsSvc.dll,-100)
KeyIso (@keyiso.dll,-100)
Netlogon (@%SystemRoot%\System32\netlogon.dll,-102)
NTDS (@%SystemRoot%\System32\ntdsmsg.dll,-1)
SamSs (@%SystemRoot%\system32\samsrv.dll,-1)
This process 'svchost.exe' (pid 1556) is hosting the following Windows services :
Dnscache (@%SystemRoot%\System32\dnsapi.dll,-101)
This process 'lsass.exe' (pid 884) is hosting the following Windows services :
Kdc (@%SystemRoot%\System32\kdcsvc.dll,-1)
KdsSvc (@KdsSvc.dll,-100)
KeyIso (@keyiso.dll,-100)
Netlogon (@%SystemRoot%\System32\netlogon.dll,-102)
NTDS (@%SystemRoot%\System32\ntdsmsg.dll,-1)
SamSs (@%SystemRoot%\system32\samsrv.dll,-1)
This process 'svchost.exe' (pid 1556) is hosting the following Windows services :
Dnscache (@%SystemRoot%\System32\dnsapi.dll,-101)
285
lkazdc01 (UDP/1645) Vulnerability State: Active
This process 'svchost.exe' (pid 3592) is hosting the following Windows services :
IAS (@%SystemRoot%\system32\ias.dll,-1000)
This process 'svchost.exe' (pid 1556) is hosting the following Windows services :
Dnscache (@%SystemRoot%\System32\dnsapi.dll,-101)
This process 'svchost.exe' (pid 3472) is hosting the following Windows services :
DHCPServer (@%SystemRoot%\system32\dhcpssvc.dll,-200)
This process 'svchost.exe' (pid 3472) is hosting the following Windows services :
DHCPServer (@%SystemRoot%\system32\dhcpssvc.dll,-200)
This process 'lsass.exe' (pid 884) is hosting the following Windows services :
Kdc (@%SystemRoot%\System32\kdcsvc.dll,-1)
KdsSvc (@KdsSvc.dll,-100)
KeyIso (@keyiso.dll,-100)
Netlogon (@%SystemRoot%\System32\netlogon.dll,-102)
NTDS (@%SystemRoot%\System32\ntdsmsg.dll,-1)
SamSs (@%SystemRoot%\system32\samsrv.dll,-1)
This process 'Microsoft.Tri.Sensor.exe' (pid 5824) is hosting the following Windows services :
AATPSensor (Azure Advanced Threat Protection Sensor)
This process 'svchost.exe' (pid 1284) is hosting the following Windows services :
W32Time (@%SystemRoot%\system32\w32time.dll,-200)
This process 'svchost.exe' (pid 1556) is hosting the following Windows services :
Dnscache (@%SystemRoot%\System32\dnsapi.dll,-101)
286
lkazdc01 (TCP/53) Vulnerability State: Active
This process 'dns.exe' (pid 3500) is hosting the following Windows services :
DNS (@%systemroot%\system32\dns.exe,-49157)
This process 'dfsrs.exe' (pid 3516) is hosting the following Windows services :
DFSR (@dfsrress.dll,-101)
This process 'lsass.exe' (pid 884) is hosting the following Windows services :
Kdc (@%SystemRoot%\System32\kdcsvc.dll,-1)
KdsSvc (@KdsSvc.dll,-100)
KeyIso (@keyiso.dll,-100)
Netlogon (@%SystemRoot%\System32\netlogon.dll,-102)
NTDS (@%SystemRoot%\System32\ntdsmsg.dll,-1)
SamSs (@%SystemRoot%\system32\samsrv.dll,-1)
This process 'svchost.exe' (pid 1088) is hosting the following Windows services :
Schedule (@%SystemRoot%\system32\schedsvc.dll,-100)
This process 'svchost.exe' (pid 2736) is hosting the following Windows services :
PolicyAgent (@%SystemRoot%\System32\polstore.dll,-5010)
This process 'lsass.exe' (pid 884) is hosting the following Windows services :
Kdc (@%SystemRoot%\System32\kdcsvc.dll,-1)
KdsSvc (@KdsSvc.dll,-100)
KeyIso (@keyiso.dll,-100)
Netlogon (@%SystemRoot%\System32\netlogon.dll,-102)
NTDS (@%SystemRoot%\System32\ntdsmsg.dll,-1)
SamSs (@%SystemRoot%\system32\samsrv.dll,-1)
This process 'svchost.exe' (pid 3592) is hosting the following Windows services :
IAS (@%SystemRoot%\system32\ias.dll,-1000)
287
35297 - SSL Service Requests Client Certificate
Synopsis
The remote service requests an SSL client certificate.
Description
The remote service encrypts communications using SSL/TLS, requests a client certificate, and may require a valid
certificate in order to establish a connection to the underlying service.
Solution
N/A
Risk Factor
None
Exploitable with
Metasploit, CANVAS, Core Impact
Plugin Information:
Publication date: 2009/01/06, Modification date: 2022/04/11
Ports
lkazdc01 (TCP/3269) Vulnerability State: Active
35706 - SMB Registry : Stopping the Registry Service after the scan failed
Synopsis
The registry service could not be stopped after the scan.
Description
To perform a full credentialed scan, Nessus needs the ability to connect to the remote registry service
(RemoteRegistry).
While Nessus successfully started the registry service, it could not stop it after the scan. You might want to disable it
manually.
Solution
N/A
Risk Factor
None
Exploitable with
Metasploit, CANVAS, Core Impact
Plugin Information:
Publication date: 2009/02/18, Modification date: 2011/03/19
Ports
lkazdc01 (TCP/0) Vulnerability State: Active
StopService() failed
288
Each ethernet MAC address starts with a 24-bit Organizationally Unique Identifier (OUI). These OUIs are registered
by IEEE.
See Also
https://standards.ieee.org/faqs/regauth.html
http://www.nessus.org/u?794673b4
Solution
N/A
Risk Factor
None
Exploitable with
Metasploit, CANVAS, Core Impact
Plugin Information:
Publication date: 2009/02/19, Modification date: 2020/05/13
Ports
lkazdc01 (TCP/0) Vulnerability State: Active
- KB5033118 ( https://support.microsoft.com/en-us/help/5033118 )
- KB5033464 ( https://support.microsoft.com/en-us/help/5033464 )
- KB5033914 ( https://support.microsoft.com/en-us/help/5033914 )
- KB5034129 ( https://support.microsoft.com/en-us/help/5034129 )
289
Microsoft documentation notes that interactive console logons change the DefaultUserName registry entry to be the
last logged-on user.
See Also
http://www.nessus.org/u?a29751b5
Solution
N/A
Risk Factor
None
Exploitable with
Metasploit, CANVAS, Core Impact
Plugin Information:
Publication date: 2009/05/05, Modification date: 2019/09/02
Ports
lkazdc01 (TCP/445) Vulnerability State: Active
42897 - SMB Registry : Start the Registry Service during the scan (WMI)
Synopsis
The registry service was enabled for the duration of the scan.
Description
To perform a full credentialed scan, Nessus needs the ability to connect to the remote registry service
(RemoteRegistry). If the service is down, this plugin will attempt to start for the duration of the scan.
For this plugin to work, you need to select the option 'Start the Remote Registry service during the scan' on the
credentials page when you add your Windows credentials.
Solution
N/A
Risk Factor
None
Exploitable with
Metasploit, CANVAS, Core Impact
Plugin Information:
Publication date: 2009/11/25, Modification date: 2024/01/16
Ports
lkazdc01 (TCP/0) Vulnerability State: Active
The registry service was successfully started for the duration of the scan.
290
Publication date: 2010/01/08, Modification date: 2015/09/24
Ports
lkazdc01 (TCP/88) Vulnerability State: Active
291
Log on as : LocalSystem
Executable path : "C:\Packages\Plugins
\Microsoft.Azure.NetworkWatcher.NetworkWatcherAgentWindows\1.4.2146.1\NetworkWatcherAgent
\NetworkWatcherAgent.exe" /service
https://docs.microsoft.com/en-us/windows/desktop/WmiSdk/querying-the-status-of-optional-features
Solution
N/A
Risk Factor
None
References
XREF IAVT-0001-T-0754
Exploitable with
Metasploit, CANVAS, Core Impact
Plugin Information:
Publication date: 2010/02/24, Modification date: 2024/01/16
Ports
lkazdc01 (TCP/0) Vulnerability State: Active
292
- File and Storage Services
- File and iSCSI Services
- Group Policy Management
- Microsoft Defender Antivirus
- Network Policy and Access Services
- Network Policy and Access Services Tools
- Remote Server Administration Tools
- Role Administration Tools
- Storage Services
- System Data Archiver
- TCP Port Sharing
- WCF Services
- Windows PowerShell
- Windows PowerShell 5.1
- WoW64 Support
- XPS Viewer
https://nvd.nist.gov/products/cpe
Solution
N/A
Risk Factor
None
Exploitable with
Metasploit, CANVAS, Core Impact
Plugin Information:
Publication date: 2010/04/21, Modification date: 2023/12/27
Ports
lkazdc01 (TCP/0) Vulnerability State: Active
cpe:/o:microsoft:windows_server_2022:::x64-datacenter
293
x-cpe:/a:microsoft:dhcp_server:10.0.20348.2110
http://www.nessus.org/u?5234ef0c
Solution
N/A
Risk Factor
None
Exploitable with
Metasploit, CANVAS, Core Impact
Plugin Information:
Publication date: 2010/08/26, Modification date: 2019/12/20
Ports
lkazdc01 (TCP/445) Vulnerability State: Active
294
Name : SYSTEM\CurrentControlSet\Control\Session Manager\CWDIllegalInDllSearch
Value : Registry Key Empty or Missing
https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/
cc708449(v=ws.10)
https://docs.microsoft.com/en-us/previous-versions/technet-magazine/gg153542(v=msdn.10)
Solution
Verify the remote host is configured to utilize the correct WSUS server.
Risk Factor
None
Exploitable with
Metasploit, CANVAS, Core Impact
Plugin Information:
Publication date: 2010/12/01, Modification date: 2018/11/15
Ports
lkazdc01 (TCP/445) Vulnerability State: Active
This host is configured to get updates from the following WSUS server :
http://LKWSUS.adl.local:8530
295
ElevateNonAdmins : undefined
TargetGroup : undefined
TargetGroupEnabled : undefined
AUOptions : 7
AutoInstallMinorUpdates : undefined
DetectionFrequency : undefined
DetectionFrequencyEnabled : undefined
NoAutoRebootWithLoggedOnUsers : undefined
NoAutoUpdate : 0
RebootRelaunchTimeout : undefined
RebootRelaunchTimeoutEnabled : undefined
RebootWarningTimeout : undefined
RebootWarningTimeoutEnabled : undefined
RescheduleWaitTime : undefined
RescheduleWaitTimeEnabled : undefined
ScheduledInstallDay : 0
ScheduledInstallTime : 5
+ DriveLetter D:
+ DriveLetter C:
296
- Key Protectors : None Found
- Lock Status : Unlocked
- Percentage Encrypted : 0.0%
- Protection Status : Protection Off
- Size : 126.45 GB
https://en.wikipedia.org/wiki/X.509
Solution
Purchase or generate a proper SSL certificate for this service.
Risk Factor
Medium
CVSS v3.0 Base Score
6.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)
CVSS Base Score
6.4 (AV:N/AC:L/Au:N/C:P/I:P/A:N)
Exploitable with
Metasploit, CANVAS, Core Impact
Plugin Information:
Publication date: 2010/12/15, Modification date: 2020/04/27
Ports
lkazdc01 (TCP/636) Vulnerability State: Active
|-Subject : DC=local/DC=adl/CN=LKAZSUBCA-CA
|-Issuer : CN=LKROOTCA-CA
|-Subject : CN=LKAZDC01.adl.local
|-Issuer : CN=LKAZDC01.adl.local
297
lkazdc01 (TCP/3269) Vulnerability State: Active
|-Subject : DC=local/DC=adl/CN=LKAZSUBCA-CA
|-Issuer : CN=LKROOTCA-CA
+ KB5031993
- Description : Update
- InstalledOn : 12/20/2023
+ KB5012170
- Description : Security Update
- InstalledOn : 4/20/2023
+ KB5032198
- Description : Security Update
- InstalledOn : 12/20/2023
+ KB5032310
- Description : Update
- InstalledOn : 12/20/2023
Note that for detailed information on installed QFE's such as InstalledBy, Caption,
and so on, please run the scan with 'Report Verbosity' set to 'verbose'.
298
None
Exploitable with
Metasploit, CANVAS, Core Impact
Plugin Information:
Publication date: 2011/06/30, Modification date: 2024/01/16
Ports
lkazdc01 (TCP/0) Vulnerability State: Active
Hostname : LKAZDC01
LKAZDC01 (WMI)
https://en.wikipedia.org/wiki/Diffie-Hellman_key_exchange
https://en.wikipedia.org/wiki/Perfect_forward_secrecy
Solution
N/A
Risk Factor
299
None
Exploitable with
Metasploit, CANVAS, Core Impact
Plugin Information:
Publication date: 2011/12/07, Modification date: 2021/03/09
Ports
lkazdc01 (TCP/636) Vulnerability State: Active
Here is the list of SSL PFS ciphers supported by the remote server :
{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
Here is the list of SSL PFS ciphers supported by the remote server :
{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
Here is the list of SSL PFS ciphers supported by the remote server :
300
Name Code KEX Auth Encryption
MAC
---------------------- ---------- --- ---- ---------------------
---
ECDHE-RSA-AES128-SHA256 0xC0, 0x2F ECDH RSA AES-GCM(128)
SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x30 ECDH RSA AES-GCM(256)
SHA384
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128)
SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x28 ECDH RSA AES-CBC(256)
SHA384
{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
|-Subject : CN=LKAZDC01.adl.local
301
N/A
Risk Factor
None
Exploitable with
Metasploit, CANVAS, Core Impact
Plugin Information:
Publication date: 2012/03/01, Modification date: 2022/02/01
Ports
lkazdc01 (TCP/445) Vulnerability State: Active
Interface: {8c5fcf84-6e2e-45ec-920c-295e99709d0e}
Network Connection : Ethernet
NameServer: 192.168.20.240,192.168.20.239,127.0.0.1
AzureArcSetup - %windir%\AzureArcSetup\Systray\AzureArcSysTray.exe
SecurityHealth - %windir%\system32\SecurityHealthSystray.exe
https://technet.microsoft.com/en-us/library/cc783530.aspx
Solution
N/A
Risk Factor
302
None
Exploitable with
Metasploit, CANVAS, Core Impact
Plugin Information:
Publication date: 2012/07/25, Modification date: 2022/08/11
Ports
lkazdc01 (TCP/445) Vulnerability State: Active
303
KB5031993, Installed on: 2023/12/20
Name : \dosdevices\e:
Data : \??\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#5&394b69d0&0&000002#{53f5630d-
b6bf-11d0-94f2-00a0c91efb8b}
Raw data :
5c003f003f005c00530043005300490023004300640052006f006d002600560065006e005f004d007300660074002600500072006f006
Name : \dosdevices\d:
Data : T
Raw data : 9d54a6b10000100000000000
Name : \dosdevices\c:
Data : DMIO:ID:+z|@oFF
Raw data : 444d494f3a49443a052b90ed7a7c93408f9d6f4688ed4611
Name : \??\volume{af9a4571-5786-11ec-8658-806e6f6e6963}
Data : \??\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#5&394b69d0&0&000002#{53f5630d-
b6bf-11d0-94f2-00a0c91efb8b}
Raw data :
5c003f003f005c00530043005300490023004300640052006f006d002600560065006e005f004d007300660074002600500072006f006
304
Plugin Information:
Publication date: 2013/01/09, Modification date: 2022/10/10
Ports
lkazdc01 (TCP/445) Vulnerability State: Active
Note that all but the final portion of the key has been obfuscated.
305
Solution
N/A
Risk Factor
None
Exploitable with
Metasploit, CANVAS, Core Impact
Plugin Information:
Publication date: 2013/02/22, Modification date: 2023/07/10
Ports
lkazdc01 (TCP/3389) Vulnerability State: Active
Subject Name:
Issuer Name:
Serial Number: 4C 13 5B 7B F5 BD 4A B2 41 13 F5 57 08 A5 E6 6E
Version: 3
306
Solution
Install the patches listed below.
Risk Factor
None
Exploitable with
Metasploit, CANVAS, Core Impact
Plugin Information:
Publication date: 2013/07/08, Modification date: 2024/01/16
Ports
lkazdc01 (TCP/0) Vulnerability State: Active
+ Action to take : Update .NET Core Runtime to version 3.1.32 or 6.0.12 or 7.0.1.
+ Action to take : Update ASP.NET Core, remove vulnerable packages and refer to vendor advisory.
[ Security Updates for Windows Malicious Software Removal Tool (January 2023) (169783) ]
+ Action to take : Microsoft has released version 5.109 to address this issue.
https://support.microsoft.com/en-us/help/891716
Solution
N/A
Risk Factor
None
Exploitable with
307
Metasploit, CANVAS, Core Impact
Plugin Information:
Publication date: 2013/05/15, Modification date: 2023/01/10
Ports
lkazdc01 (TCP/445) Vulnerability State: Active
File : C:\Windows\system32\MRT.exe
Version : 5.101.19137.3
Release at last run : May 2022
Report infection information to Microsoft : Yes
308
0 : |- svchost.exe (1284)
0 : |- svchost.exe (1372)
0 : |- svchost.exe (1428)
0 : |- svchost.exe (1456)
0 : |- svchost.exe (1484)
0 : |- svchost.exe (1548)
0 : |- svchost.exe (1556)
0 : |- svchost.exe (1560)
0 : |- svchost.exe (1572)
0 : |- svchost.exe (1652)
0 : |- svchost.exe (1668)
0 : |- svchost.exe (1820)
0 : |- svchost.exe (1832)
0 : |- svchost.exe (1848)
0 : |- svchost.exe (1932)
0 : |- svchost.exe (1940)
0 : |- svchost.exe (1952)
0 : |- svchost.exe (1964)
0 : |- svchost.exe (1976)
0 : |- svchost.exe (2080)
0 : |- svchost.exe (2124)
0 : |- svchost.exe (2236)
0 : |- svchost.exe (2280)
0 : |- svchost.exe (2320)
0 : |- svchost.exe (2396)
0 : |- svchost.exe (2412)
0 : |- svchost.exe (2464)
0 : |- svchost.exe (2568)
2 : |- sihost.exe (3176)
0 : |- svchost.exe (2672)
0 : |- svchost.exe (2736)
0 : |- svchost.exe (2744)
0 : |- svchost.exe (2756)
0 : [...]
309
https://www.openssl.org/docs/manmaster/man1/ciphers.html
http://www.nessus.org/u?cc4a822a
https://www.openssl.org/~bodo/tls-cbc.txt
Solution
N/A
Risk Factor
None
Exploitable with
Metasploit, CANVAS, Core Impact
Plugin Information:
Publication date: 2013/10/22, Modification date: 2021/02/03
Ports
lkazdc01 (TCP/3269) Vulnerability State: Active
Here is the list of SSL CBC ciphers supported by the remote server :
{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
Here is the list of SSL CBC ciphers supported by the remote server :
{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
310
Here is the list of SSL CBC ciphers supported by the remote server :
{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
311
Group Name : Windows Authorization Access Group
Host Name : LKAZDC01
Group SID : S-1-5-32-560
Members :
Name : ENTERPRISE DOMAIN CONTROLLERS
Domain : LKAZDC01
Class : Win32_SystemAccount
SID : S-1-5-9
Name : Exchange Servers
Domain : ADL
Class : Win32_Group
SID : S-1-5-21-2016934633-2723708669-2290440068-6268
312
XREF IAVT-0001-T-0509
Exploitable with
Metasploit, CANVAS, Core Impact
Plugin Information:
Publication date: 2014/02/06, Modification date: 2022/02/01
Ports
lkazdc01 (TCP/445) Vulnerability State: Active
Version : 11.1.20348.0
313
lkazdc01 (TCP/0) Vulnerability State: Active
Name : azadmin
SID : S-1-5-21-2016934633-2723708669-2290440068-500
Disabled : False
Lockout : False
Change password : True
Source : Domain
Name : lobby
SID : S-1-5-21-2016934633-2723708669-2290440068-501
Disabled : True
Lockout : False
Change password : True
Source : Domain
Name : krbtgt
SID : S-1-5-21-2016934633-2723708669-2290440068-502
Disabled : True
Lockout : False
Change password : True
Source : Domain
Name : secadmin
SID : S-1-5-21-2016934633-2723708669-2290440068-1106
Disabled : False
Lockout : False
Change password : True
Source : Domain
Name : Ruzlina_25121
SID : S-1-5-21-2016934633-2723708669-2290440068-1107
Disabled : False
Lockout : False
Change password : True
Source : Domain
Name : Jonathan_25136
SID : S-1-5-21-2016934633-2723708669-2290440068-1108
Disabled : False
Lockout : False
Change password : True
Source : Domain
Name : Surbhi_25139
SID : S-1-5-21-2016934633-2723708669-2290440068-1109
Disabled : True
Lockout : False
Change password : True
Source : Domain
Name : Hajar_25145
SID : S-1-5-21-2016934633-2723708669-2290440068-1110
Disabled : False
Lockout : False
Change password : True
Source : Domain
Name : Hang_25146
SID : S-1-5-21-2016934633-2723708669-2290440068-1111
Disabled : False
Lockout : False
Change password : True
Source : Domain
Name : Farris_118250
SID : S-1-5-21-2016934633-2723708669-2290440068-1112
Disabled : False
Lockout : False
Change password : True
Source : Domain
Name : [...]
314
Synopsis
The remote host supports IE Enhanced Security Configuration.
Description
Nessus detects if the remote Windows host supports IE Enhanced Security Configuration (ESC) and if IE ESC
features are enabled or disabled.
See Also
http://www.nessus.org/u?a9c4c131
Solution
N/A
Risk Factor
None
Exploitable with
Metasploit, CANVAS, Core Impact
Plugin Information:
Publication date: 2014/03/07, Modification date: 2024/01/16
Ports
lkazdc01 (TCP/445) Vulnerability State: Active
315
Script Rules
Mode : Audit
Rule name : (Default Rule) All Script's
Description :
Rule type : FilePathRule
User/Group SID : S-1-1-0
Condition : Path="*"
Msi Rules
Mode : Audit
Rule name : (Default Rule) All Msi's
Description :
Rule type : FilePathRule
User/Group SID : S-1-1-0
Condition : Path="*"
HKLM\SOFTWARE\Policies\Microsoft\Windows\SrpV2\Msi\allowwindows : 0
HKLM\SOFTWARE\Policies\Microsoft\Windows\SrpV2\Msi\enforcementmode : 0
HKLM\SOFTWARE\Policies\Microsoft\Windows\SrpV2\Msi\39ce2524-d8af-4ea9-a710-88270fc89780\value :
<FilePathRule Id="39ce2524-d8af-4ea9-a710-88270fc89780" Name="(Default Rule) All Msi's"
Description="" UserOrGroupSid="S-1-1-0" Action="Allow"><Conditions><FilePathCondition Path="*"/
></Conditions></FilePathRule>
HKLM\SOFTWARE\Policies\Microsoft\Windows\SrpV2\Script\allowwindows : 0
HKLM\SOFTWARE\Policies\Microsoft\Windows\SrpV2\Script\enforcementmode : 0
HKLM\SOFTWARE\Policies\Microsoft\Windows\SrpV2\Script\7c7d3e82-167e-4ab7-a8e5-33e6bda8a768\value :
<FilePathRule Id="7c7d3e82-167e-4ab7-a8e5-33e6bda8a768" Name="(Default Rule) All Script's"
Description="" UserOrGroupSid="S-1-1-0" Action="Allow"><Conditions><FilePathCondition Path="*"/
></Conditions></FilePathRule>
HKLM\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\SrpV2\Exe\serviceenforcementmode : 1
HKLM\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\SrpV2\Exe\allowwindows : 0
HKLM\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\SrpV2\Exe\enforcementmode : 0
HKLM\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\SrpV2\Exe\680c8cd4-b6b0-4b7f-8db5-
ee7e28da6e08\value : <FilePathRule Id="680c8cd4-b6b0-4b7f-8db5-ee7e28da6e08" Name="(Default Rule)
All Exe's" Description="" UserOrGroupSid="S-1-1-0" Action="Allow"><Conditions><FilePathCondition
[...]
316
Nessus was able to collect and report environment variables from the remote host.
Description
Nessus was able to collect system and active account environment variables on the remote Windows host and
generate a report as a CSV attachment.
Solution
N/A
Risk Factor
None
References
XREF IAVT-0001-T-0757
Exploitable with
Metasploit, CANVAS, Core Impact
Plugin Information:
Publication date: 2016/07/19, Modification date: 2022/06/24
Ports
lkazdc01 (TCP/0) Vulnerability State: Active
Global Environment Variables :
processor_level : 6
comspec : %SystemRoot%\system32\cmd.exe
number_of_processors : 4
username : SYSTEM
os : Windows_NT
temp : %SystemRoot%\TEMP
processor_revision : 4f01
path : %SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%
\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files\dotnet\;C:
\Program Files (x86)\dotnet\;C:\Program Files\Microsoft Network Monitor 3\
tmp : %SystemRoot%\TEMP
processor_identifier : Intel64 Family 6 Model 79 Stepping 1, GenuineIntel
driverdata : C:\Windows\System32\Drivers\DriverData
pathext : .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
processor_architecture : AMD64
psmodulepath : C:\Program Files\WindowsPowerShell\Modules;C:\Windows\system32\WindowsPowerShell
\v1.0\Modules;C:\Program Files\OMS Gateway\PowerShell\;C:\Program Files\Microsoft Monitoring Agent
\Agent\PowerShell\;C:\Program Files\Microsoft Monitoring Agent\Agent\AzureAutomation\7.3.1840.0
windir : %SystemRoot%
317
Ports
lkazdc01 (TCP/0) Vulnerability State: Active
Windows hosts file attached.
MD5: 3688374325b992def12793500307566d
SHA-1: 4bed0823746a2a8577ab08ac8711b79770e48274
SHA-256: 2d6bdfb341be3a6234b24742377f93aa7c7cfb0d9fd64efa9282c87852e57085
318
Risk Factor
None
Exploitable with
Metasploit, CANVAS, Core Impact
Plugin Information:
Publication date: 2016/07/19, Modification date: 2018/05/23
Ports
lkazdc01 (TCP/0) Vulnerability State: Active
HKLM\SOFTWARE\Microsoft\Windows Script Host\Settings\displaylogo : 1
HKLM\SOFTWARE\Microsoft\Windows Script Host\Settings\usewinsafer : 1
HKLM\SOFTWARE\Microsoft\Windows Script Host\Settings\silentterminate : 0
HKLM\SOFTWARE\Microsoft\Windows Script Host\Settings\activedebugging : 1
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows Script Host\Settings\displaylogo : 1
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows Script Host\Settings\usewinsafer : 1
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows Script Host\Settings\silentterminate : 0
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows Script Host\Settings\activedebugging : 1
319
Risk Factor
None
Exploitable with
Metasploit, CANVAS, Core Impact
Plugin Information:
Publication date: 2016/07/19, Modification date: 2024/01/16
Ports
lkazdc01 (TCP/0) Vulnerability State: Active
1a4aa774-9c19-4aa5-a56a-e7590013dcb3._msdcs.adl.local
320
Publication date: 2016/07/19, Modification date: 2024/01/16
Ports
lkazdc01 (TCP/0) Vulnerability State: Active
vaadmin
http://www.nessus.org/u?4a076105
Solution
N/A
Risk Factor
None
Exploitable with
Metasploit, CANVAS, Core Impact
Plugin Information:
Publication date: 2016/07/19, Modification date: 2018/05/23
Ports
lkazdc01 (TCP/0) Vulnerability State: Active
Application compatibility cache report attached.
321
Nessus was able to enumerate recently executed programs on the remote host.
Description
Nessus was able to find evidence of program execution using Windows Explorer registry logs and settings.
See Also
http://www.forensicswiki.org/wiki/LastVisitedMRU
http://www.nessus.org/u?7e00b191
http://www.nessus.org/u?ac4dd3fb
http://www.nessus.org/u?c409cb41
Solution
N/A
Risk Factor
None
Exploitable with
Metasploit, CANVAS, Core Impact
Plugin Information:
Publication date: 2016/07/19, Modification date: 2019/08/15
Ports
lkazdc01 (TCP/0) Vulnerability State: Resurfaced
a
mmc\1
mmc.exe@
http://windowsir.blogspot.com/2005/12/mystery-of-muicachesolved.html
http://www.nirsoft.net/utils/muicache_view.html
Solution
N/A
Risk Factor
None
Exploitable with
Metasploit, CANVAS, Core Impact
Plugin Information:
Publication date: 2016/07/19, Modification date: 2018/05/16
Ports
lkazdc01 (TCP/0) Vulnerability State: Active
c:\windows\system32\fsquirt.exe.applicationcompany : Microsoft Corporation
c:\windows\system32\notepad.exe.friendlyappname : Notepad
c:\windows\system32\shell32.dll.applicationcompany : Microsoft Corporation
c:\windows\system32\explorerframe.dll.friendlyappname : ExplorerFrame
322
c:\windows\system32\notepad.exe.applicationcompany : Microsoft Corporation
c:\program files\internet explorer\iexplore.exe.friendlyappname : Internet Explorer
c:\windows\system32\explorerframe.dll.applicationcompany : Microsoft Corporation
c:\program files\internet explorer\iexplore.exe.applicationcompany : Microsoft Corporation
c:\windows\explorer.exe.friendlyappname : Windows Explorer
c:\windows\explorer.exe.applicationcompany : Microsoft Corporation
c:\windows\system32\appresolver.dll.applicationcompany : Microsoft Corporation
langid : .
c:\windows\system32\mmc.exe.friendlyappname : Microsoft Management Console
c:\windows\system32\shell32.dll.friendlyappname : Windows Shell Common Dll
c:\windows\system32\fsquirt.exe.friendlyappname : fsquirt
c:\windows\system32\appresolver.dll.friendlyappname : App Resolver
c:\windows\system32\mmc.exe.applicationcompany : Microsoft Corporation
@%systemroot%\system32\winhttp.dll,-100 : WinHTTP Web Proxy Auto-Discovery Service
@%systemroot%\system32\themeservice.dll,-8192 : Themes
@%systemroot%\system32\firewallapi.dll,-3400 : COM+ Network Access
@%systemroot%\system32\mprmsg.dll,-32011 : Remote Access IP ARP Driver
@%systemroot%\system32\windows.devices.picker.dll,-1006 : DevicePicker
@%systemroot%\system32\tabsvc.dll,-100 : Touch Keyboard and Handwriting Panel Service
@%systemroot%\system32\iasuihelper.dll,-103 : Configures and manages Network Policy Server
settings
@%systemroot%\system32\dsadmin.dll,-8887 : Manages users, computers, security groups and other
objects in Active Directory Domain Services.
@%systemroot%\system32\bfe.dll,-1002 : The Base Filtering Engine (BFE) is a service that manages
firewall and Internet Protocol security (IPsec) policies and implements user mode filtering.
Stopping or [...]
323
Publication date: 2016/07/19, Modification date: 2018/05/16
Ports
lkazdc01 (TCP/0) Vulnerability State: Resurfaced
ADL.LOCAL\Thilaksha_106310a
- {7d1d3a04-debb-4115-95cf-2f29da2920da} : C:\Users\Thilaksha_106310a\Searches
- {1b3ea5dc-b587-4786-b4ef-bd1dc332aeae} : C:\Users\Thilaksha_106310a\AppData\Roaming\Microsoft
\Windows\Libraries
- {374de290-123f-4565-9164-39c4925e467b} : C:\Users\Thilaksha_106310a\Downloads
- recent : C:\Users\Thilaksha_106310a\AppData\Roaming\Microsoft\Windows\Recent
- my video : C:\Users\Thilaksha_106310a\Videos
- my music : C:\Users\Thilaksha_106310a\Music
- {56784854-c6cb-462b-8169-88e350acb882} : C:\Users\Thilaksha_106310a\Contacts
- {bfb9d5e0-c6a9-404c-b2b2-ae6db6af4968} : C:\Users\Thilaksha_106310a\Links
- {a520a1a4-1780-4ff6-bd18-167343c5af16} : C:\Users\Thilaksha_106310a\AppData\LocalLow
- sendto : C:\Users\Thilaksha_106310a\AppData\Roaming\Microsoft\Windows\SendTo
- start menu : C:\Users\Thilaksha_106310a\AppData\Roaming\Microsoft\Windows\Start Menu
- cookies : C:\Users\Thilaksha_106310a\AppData\Local\Microsoft\Windows\INetCookies
- personal : C:\Users\Thilaksha_106310a\Documents
- administrative tools : C:\Users\Thilaksha_106310a\AppData\Roaming\Microsoft\Windows\Start Menu
\Programs\Administrative Tools
- startup : C:\Users\Thilaksha_106310a\AppData\Roaming\Microsoft\Windows\Start Menu\Programs
\Startup
- nethood : C:\Users\Thilaksha_106310a\AppData\Roaming\Microsoft\Windows\Network Shortcuts
- history : C:\Users\Thilaksha_106310a\AppData\Local\Microsoft\Windows\History
- {4c5c32ff-bb9d-43b0-b5b4-2d72e54eaaa4} : C:\Users\Thilaksha_106310a\Saved Games
- {00bcfc5a-ed94-4e48-96a1-3f6217f21990} : C:\Users\Thilaksha_106310a\AppData\Local\Microsoft
\Windows\RoamingTiles
- !do not use this registry key : Use the SHGetFolderPath or SHGetKnownFolderPath function
instead
- local appdata : C:\Users\Thilaksha_106310a\AppData\Local
- my pictures : C:\Users\Thilaksha_106310a\Pictures
- templates : C:\Users\Thilaksha_106310a\AppData\Roaming\Microsoft\Windows\Templates
- printhood : C:\Users\Thilaksha_106310a\AppData\Roaming\Microsoft\Windows\Printer Shortcuts
[...]
324
C:\\Users\secadmin\Downloads\Microsoft-Defender-for-Identity-Sizing-Tool-1.3.0.0\Microsoft-
Defender-for-Identity-Sizing-Tool-1.3.0.0\CODE_OF_CONDUCT.md
C:\\Users\secadmin\Downloads\Microsoft-Defender-for-Identity-Sizing-Tool-1.3.0.0\Microsoft-
Defender-for-Identity-Sizing-Tool-1.3.0.0\LICENSE
C:\\Users\secadmin\Downloads\Microsoft-Defender-for-Identity-Sizing-Tool-1.3.0.0\Microsoft-
Defender-for-Identity-Sizing-Tool-1.3.0.0\README.md
C:\\Users\secadmin\Downloads\Microsoft-Defender-for-Identity-Sizing-Tool-1.3.0.0\Microsoft-
Defender-for-Identity-Sizing-Tool-1.3.0.0\SECURITY.md
C:\\Users\secadmin\Downloads\Microsoft-Defender-for-Identity-Sizing-Tool-1.3.0.0.zip
C:\\Users\secadmin\Downloads\TriSizingTool_1.3.0.0\EPPlus.dll
C:\\Users\secadmin\Downloads\TriSizingTool_1.3.0.0\EULA.docx
C:\\Users\secadmin\Downloads\TriSizingTool_1.3.0.0\Third Party Notices.txt
C:\\Users\secadmin\Downloads\TriSizingTool_1.3.0.0\TriSizingTool.exe
C:\\Users\secadmin\Downloads\TriSizingTool_1.3.0.0\TriSizingToolResults_20220426_1439.xlsx
C:\\Users\secadmin\Downloads\TriSizingTool_1.3.0.0.zip
C:\\Users\Thilaksha_106310a\Downloads\desktop.ini
C:\\Users\vaadmin\Downloads\desktop.ini
325
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\servermanager.exe
326
http://www.nessus.org/u?662e30c9
Solution
N/A
Risk Factor
None
Exploitable with
Metasploit, CANVAS, Core Impact
Plugin Information:
Publication date: 2017/04/14, Modification date: 2024/01/10
Ports
lkazdc01 (TCP/445) Vulnerability State: Active
Path : C:\Windows\Microsoft.NET\Framework\v4.0.30319\system.web.dll
Version : 4.8.4682.0
.NET Version : 4.8
Associated KB : 5031993
Latest effective update level : 11_2023
327
XREF IAVT-0001-T-0758
Exploitable with
Metasploit, CANVAS, Core Impact
Plugin Information:
Publication date: 2017/10/17, Modification date: 2022/02/01
Ports
lkazdc01 (TCP/445) Vulnerability State: Active
Network Adapter Driver Description : Mellanox ConnectX-5 Virtual Adapter
Network Adapter Driver Version : 2.70.24728.0
328
N/A
Risk Factor
None
References
XREF IAVT-0001-T-0653
Exploitable with
Metasploit, CANVAS, Core Impact
Plugin Information:
Publication date: 2017/11/17, Modification date: 2024/01/16
Ports
lkazdc01 (TCP/445) Vulnerability State: Active
106716 - Microsoft Windows SMB2 and SMB3 Dialects Supported (remote check)
Synopsis
It was possible to obtain information about the dialects of SMB2 and SMB3 available on the remote host.
Description
Nessus was able to obtain the set of SMB2 and SMB3 dialects running on the remote host by sending an
authentication request to port 139 or 445.
Solution
N/A
Risk Factor
None
Exploitable with
Metasploit, CANVAS, Core Impact
Plugin Information:
Publication date: 2018/02/09, Modification date: 2020/03/11
Ports
lkazdc01 (TCP/445) Vulnerability State: Active
The remote host does NOT support the following SMB dialects :
_version_ _introduced in windows version_
2.2.2 Windows 8 Beta
2.2.4 Windows 8 Beta
3.1 Windows 10
329
Valid credentials were provided for an authentication protocol on the remote target and Nessus did not log any
subsequent errors or failures for the authentication protocol.
When possible, Nessus tracks errors or failures related to otherwise valid credentials in order to highlight issues that
may result in incomplete scan results or limited scan coverage. The types of issues that are tracked include errors
that indicate that the account used for scanning did not have sufficient permissions for a particular check, intermittent
protocol failures which are unexpected after the protocol has been negotiated successfully earlier in the scan, and
intermittent authentication failures which are unexpected after a credential set has been accepted as valid earlier in
the scan. This plugin reports when none of the above issues have been logged during the course of the scan for at
least one authenticated protocol. See plugin output for details, including protocol, port, and account.
Please note the following :
- This plugin reports per protocol, so it is possible for issues to be encountered for one protocol and not another.
For example, authentication to the SSH service on the remote target may have consistently succeeded with
no privilege errors encountered, while connections to the SMB service on the remote target may have failed
intermittently.
- Resolving logged issues for all available authentication protocols may improve scan coverage, but the value of
resolving each issue for a particular protocol may vary from target to target depending upon what data (if any) is
gathered from the target via that protocol and what particular check failed. For example, consistently successful
checks via SSH are more critical for Linux targets than for Windows targets, and likewise consistently successful
checks via SMB are more critical for Windows targets than for Linux targets.
Solution
N/A
Risk Factor
None
References
XREF IAVB-0001-B-0520
Exploitable with
Metasploit, CANVAS, Core Impact
Plugin Information:
Publication date: 2018/05/24, Modification date: 2021/07/26
Ports
lkazdc01 (TCP/445) Vulnerability State: Resurfaced
Nessus was able to log into the remote host with no privilege or access
problems via the following :
User: 'adl\vaadmin'
Port: 445
Proto: SMB
Method: password
330
Publication date: 2018/09/05, Modification date: 2024/01/16
Ports
lkazdc01 (TCP/445) Vulnerability State: Active
Account : adl\vaadmin
Protocol : SMB
331
Ports
lkazdc01 (TCP/445) Vulnerability State: Active
Path : C:\Windows\System32\
Version : 10.0.20348.2110
File Version : Windows DHCP Server (10.0.20348.2110)
332
N/A
Risk Factor
None
Exploitable with
Metasploit, CANVAS, Core Impact
Plugin Information:
Publication date: 2019/11/15, Modification date: 2024/01/16
Ports
lkazdc01 (TCP/0) Vulnerability State: Active
333
None
Exploitable with
Metasploit, CANVAS, Core Impact
Plugin Information:
Publication date: 2020/05/29, Modification date: 2024/01/16
Ports
lkazdc01 (TCP/445) Vulnerability State: Active
334
lkazdc01 (TCP/445) Vulnerability State: Active
The following packages were enumerated using the Deployment Image Servicing and Management Tool:
Package : Downlevel-NLS-Sorting-Versions-Server-FoD-
Package~31bf3856ad364e35~amd64~~10.0.20348.1
State : Installed
Release Type : OnDemand Pack
Install Time : 5/8/2021 9:37 AM
Package : Downlevel-NLS-Sorting-Versions-Server-FoD-
Package~31bf3856ad364e35~wow64~~10.0.20348.1
State : Installed
Release Type : OnDemand Pack
Install Time : 5/8/2021 9:37 AM
Package : Microsoft-OneCore-DirectX-Database-FOD-Package~31bf3856ad364e35~amd64~~10.0.20348.1
State : Installed
Release Type : OnDemand Pack
Install Time : 5/8/2021 9:37 AM
Package : Microsoft-OneCore-RasSstp-Api-Package~31bf3856ad364e35~amd64~~10.0.20348.1
State : Staged
Release Type : Feature Pack
Install Time :
Package : Microsoft-Windows-FodMetadata-Package~31bf3856ad364e35~amd64~~10.0.20348.1
State : Installed
Release Type : Feature Pack
Install Time : 5/8/2021 9:35 AM
Package : Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~10.0.20348.1
State : Installed
Release Type : Foundation
Install Time : 5/8/2021 8:24 AM
Package : Microsoft-Windows-InternetExplorer-Optional-
Package~31bf3856ad364e35~amd64~~11.0.20348.380
State : Installed
Release Type : OnDemand Pack
Install Time : 12/14/2021 6:39 AM
Package : Microsoft-Windows-LanguageFeatures-Basic-en-us-
Package~31bf3856ad364e35~amd64~~10.0.20348.1
State : Installed
Release Type : OnDemand Pack
Install Time : 5/8/2021 9:36 AM
Package : Microsoft-Windows-LanguageFeatures-Handwriting-en-us-
Package~31bf3856ad364e35~amd64~~10.0.20348.1
State : Installed
Release Type : OnDemand Pack
Install Time : 5/8/2021 9:37 AM
Package : Microsoft-Windows-LanguageFeatures-OCR-en-us-
Package~31bf3856ad364e35~amd64~~10.0.20348.1
State : Installed
Release Type : OnDemand Pack
Install Time : 5/8/2021 9:37 AM
Package : [...]
335
- This plugin reports per protocol, so it is possible for valid credentials to be provided for one protocol and not another.
For example, authentication may succeed via SSH but fail via SMB, while no credentials were provided for an
available SNMP service.
- Providing valid credentials for all available authentication protocols may improve scan coverage, but the value of
successful authentication for a given protocol may vary from target to target depending upon what data (if any) is
gathered from the target via that protocol. For example, successful authentication via SSH is more valuable for Linux
targets than for Windows targets, and likewise successful authentication via SMB is more valuable for Windows
targets than for Linux targets.
Solution
N/A
Risk Factor
None
Exploitable with
Metasploit, CANVAS, Core Impact
Plugin Information:
Publication date: 2020/10/15, Modification date: 2021/07/26
Ports
lkazdc01 (TCP/445) Vulnerability State: Resurfaced
Nessus was able to log in to the remote host via the following :
User: 'adl\vaadmin'
Port: 445
Proto: SMB
Method: password
336
By default, this check skips disabled accounts. To also check disabled accounts, please enable thorough tests.
Note: This plugin is part of the Active Directory Starter Scan Template and is meant to be used for preliminary
analysis of AD hosts. For more information on the issues discovered by the Active Directory Starter Scan plugins,
please refer to this blog post - https://www.tenable.com/blog/new-in-nessus-find-and-fix-these-10-active-directory-
misconfigurations
See Also
http://www.nessus.org/u?3acc23a3
http://www.nessus.org/u?f721fda2
http://www.nessus.org/u?d5c4c81f
Solution
A password expiration policy limits the risk of an attacker guessing or cracking a password before it is changed. All the
user accounts and administrator accounts must follow this policy without exception.
Service accounts can be more difficult to deal with: if a password expires and it has not been taken into account by
the application developer, the service might stop functioning. A special procedure must then be written to allow for a
manual password change on a regular basis.
Note: The AD Starter Scan and associated plugins are intended to be used with smaller AD deployments for purposes
of preliminary analysis. Accurate preliminary analysis can be expected for AD deployments with up to 5000 users,
groups or machines and incomplete results will be returned for larger AD deployments with Nessus, Security Center
and Vulnerability Management. For more information on the issues discovered by the Active Directory Starter Scan
plugins, please refer to this blog post - https://www.tenable.com/blog/new-in-nessus-find-and-fix-these-10-active-
directory-misconfigurations
Risk Factor
Medium
CVSS v3.0 Base Score
4.5 (AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L)
CVSS Base Score
4.1 (AV:L/AC:M/Au:S/C:P/I:P/A:P)
Exploitable with
Metasploit, CANVAS, Core Impact
Plugin Information:
Publication date: 2021/07/29, Modification date: 2024/01/16
Ports
lkazdc01 (TCP/636) Vulnerability State: Active
14 user account(s) may never renew their password.
User : CN=azadmin,CN=Users,DC=adl,DC=local
userAccountControl : 66048 = (NORMAL_ACCOUNT|DONT_EXPIRE_PASSWD)
User : CN=secadmin,CN=Users,DC=adl,DC=local
userAccountControl : 66048 = (NORMAL_ACCOUNT|DONT_EXPIRE_PASSWD)
User : CN=MSOL_03ffe2f18357,CN=Users,DC=adl,DC=local
userAccountControl : 66048 = (NORMAL_ACCOUNT|DONT_EXPIRE_PASSWD)
User : CN=MiHCM,CN=Users,DC=adl,DC=local
userAccountControl : 66048 = (NORMAL_ACCOUNT|DONT_EXPIRE_PASSWD)
User : CN=MIHCM_Sync,CN=Users,DC=adl,DC=local
userAccountControl : 66048 = (NORMAL_ACCOUNT|DONT_EXPIRE_PASSWD)
337
User : CN=Domain Add MY,OU=No-Sync,DC=adl,DC=local
userAccountControl : 66048 = (NORMAL_ACCOUNT|DONT_EXPIRE_PASSWD)
User : CN=domainadd001,OU=No-Sync,DC=adl,DC=local
userAccountControl : 66048 = [...]
http://www.nessus.org/u?2c17f1e1
https://github.com/microsoft/New-KrbtgtKeys.ps1
http://www.nessus.org/u?d5c4c81f
Solution
The KRBTGT password must be changed by following a precise sequence of operations. If it is not done properly,
some domain controllers may lose the ability to authenticate against other domain controllers. Microsoft provides an
official procedure and helper script.
Risk Factor
Medium
CVSS v3.0 Base Score
6.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)
CVSS Base Score
6.4 (AV:N/AC:L/Au:N/C:P/I:P/A:N)
Exploitable with
Metasploit, CANVAS, Core Impact
Plugin Information:
Publication date: 2021/07/29, Modification date: 2024/01/16
Ports
lkazdc01 (TCP/636) Vulnerability State: Active
The Kerberos master key is too old and could be used as a backdoor.
User : CN=krbtgt,CN=Users,DC=adl,DC=local
pwdLastSet : 2021/12/10 05:20:38 UTC
338
155470 - Oracle Cloud Infrastructure Instance Metadata Enumeration (Windows)
Synopsis
The remote host is an OCI (Oracle Cloud Infrastructure) instance for which metadata could be retrieved.
Description
The remote host is an OCI (Oracle Cloud Infrastructure) instance for which metadata could be retrieved.
See Also
https://www.oracle.com/ie/cloud/compute/
Solution
N/A
Risk Factor
None
Exploitable with
Metasploit, CANVAS, Core Impact
Plugin Information:
Publication date: 2021/11/17, Modification date: 2024/01/16
Ports
lkazdc01 (TCP/0) Vulnerability State: Active
- Invoke-RestMethod:
- + CategoryInfo: InvalidOperation: (System.Net.HttpWebRequest:HttpWebRequest) [Invoke-
RestMethod], WebExc
- + FullyQualifiedErrorId:
WebCmdletWebResponseException,Microsoft.PowerShell.Commands.InvokeRestMethodCommand
- Invoke-RestMethod:
- + CategoryInfo: InvalidOperation: (System.Net.HttpWebRequest:HttpWebRequest) [Invoke-
RestMethod], WebExc
- + FullyQualifiedErrorId:
WebCmdletWebResponseException,Microsoft.PowerShell.Commands.InvokeRestMethodCommand
- Invoke-RestMethod:
- + CategoryInfo: InvalidOperation: (System.Net.HttpWebRequest:HttpWebRequest) [Invoke-
RestMethod], WebExc
- + FullyQualifiedErrorId:
WebCmdletWebResponseException,Microsoft.PowerShell.Commands.InvokeRestMethodCommand
https://github.com/dotnet/aspnetcore/issues/39028
Solution
Update ASP.NET Core, remove vulnerable packages and refer to vendor advisory.
Risk Factor
Medium
Vulnerability Priority Rating (VPR)
7.3
CVSS v3.0 Base Score
339
8.8 (AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
7.7 (E:U/RL:O/RC:C)
CVSS Base Score
4.6 (AV:L/AC:L/Au:N/C:P/I:P/A:P)
CVSS Temporal Score
3.4 (E:U/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2021-43877
XREF IAVA-2021-A-0581-S
Exploitable with
Metasploit, CANVAS, Core Impact
Plugin Information:
Publication date: 2021/12/21, Modification date: 2023/12/28
Ports
lkazdc01 (TCP/445) Vulnerability State: Active
340
- 0x00,0x9E DHE-RSA-AES128-GCM-SHA256
- 0x00,0x9F DHE-RSA-AES256-GCM-SHA384
This is the recommended configuration for the vast majority of services, as it is highly secure and compatible with
nearly every client released in the last five (or more) years.
See Also
https://wiki.mozilla.org/Security/Server_Side_TLS
https://ssl-config.mozilla.org/
Solution
Only enable support for recommened cipher suites.
Risk Factor
None
Exploitable with
Metasploit, CANVAS, Core Impact
Plugin Information:
Publication date: 2022/01/20, Modification date: 2023/07/10
Ports
lkazdc01 (TCP/3389) Vulnerability State: Active
The remote host has listening SSL/TLS ports which advertise the discouraged cipher suites outlined
below:
{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
341
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
https://dotnet.microsoft.com/download/dotnet/6.0
https://github.com/dotnet/announcements/issues/208
http://www.nessus.org/u?65bd7b62
Solution
Update to .NET Core Runtime to version 5.0.14 or 6.0.2
Risk Factor
Medium
Vulnerability Priority Rating (VPR)
4.4
CVSS v3.0 Base Score
7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVSS v3.0 Temporal Score
6.5 (E:U/RL:O/RC:C)
CVSS Base Score
4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P)
CVSS Temporal Score
342
3.2 (E:U/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2022-21986
XREF IAVA-2022-A-0078-S
Exploitable with
Metasploit, CANVAS, Core Impact
Plugin Information:
Publication date: 2022/02/10, Modification date: 2022/05/06
Ports
lkazdc01 (TCP/445) Vulnerability State: Active
https://dotnet.microsoft.com/download/dotnet/5.0
https://dotnet.microsoft.com/download/dotnet/6.0
https://github.com/dotnet/announcements/issues/210
http://www.nessus.org/u?56caba70
http://www.nessus.org/u?95177a8e
http://www.nessus.org/u?96c2a71d
Solution
Update .NET Core Runtime to version 3.1.23, 5.0.15 or 6.0.3.
Risk Factor
Medium
Vulnerability Priority Rating (VPR)
4.4
CVSS v3.0 Base Score
6.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L)
CVSS v3.0 Temporal Score
343
5.7 (E:U/RL:O/RC:C)
CVSS Base Score
6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)
CVSS Temporal Score
5.0 (E:U/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2022-24512
CVE CVE-2022-24464
CVE CVE-2020-8927
XREF IAVA-2022-A-0106-S
Exploitable with
Metasploit, CANVAS, Core Impact
Plugin Information:
Publication date: 2022/03/09, Modification date: 2023/04/18
Ports
lkazdc01 (TCP/445) Vulnerability State: Active
344
Issuer Name:
Serial Number: 11 00 00 00 21 F8 B3 DA BC 92 1F C6 44 00 01 00 00 00 21
Version: 3
Issuer Name:
Serial Number: 11 00 00 00 21 F8 B3 DA BC 92 1F C6 44 00 01 00 00 00 21
Version: 3
345
B5 4A 60 FA ED 5D FD A4 21 BC 0A E0 B6 ED D8 63 CD A2 C9 4B
30 70 DE 78 B9 D1 2F 91 95 58 15 87 A1 BB E2 2E 25 05 AB 18
2D 44 FD 0D C3 5A 60 D3 F0 F4 1B 23 3B 44 A0 64 D9 E0 73 FD
FA 15 67 3B 7B 68 5F 01 2A AF 70 3C 92 AC 63 BA 35 A4 F8 6E
9E 88 CC 3E 82 0E F6 D8 A7 29 90 4C 96 CD 65 F7 0C C7 CA DD
EB 9F 81 32 01 41 F0 25 1F 0D 78 58 79 50 6D 8D B7 84 57 14
9B 13 FF 3C 59 88 2E 2D 59 81 AC 11 87 6E B4 D9 8C 33 53 5D
32 FF D0 00 C9 67 CE 33 66 B2 67 FF F6 6A 7D FC FE 07 71 56
13 9C 6D A0 8A 15 05 B9 86 72 90 BD 13 1A FE 8D 7B C9 A0 18
8A B4 43 96 54 60 83 73 5B 13 D7 94 9D 25 93 D2 A6 87 B9 B4
2C B1 2A 80 7E 01 BD FC FF 42 00 F7 0C 7D 03 C3 2E A5 F0 00
9F A1 A2 7A B2 4B F1 E8 47 1D 05 BD 0D 83 DC DC B3 B9 73 64
6E 3C 08 4A AC E0 68 8E F0 B3 73 8C A0 76 C5 DA F1 2D 6D D0
E6 11 CA 7D 86 F7 F1 65 44 BE EC [...]
Issuer Name:
Serial Number: 11 00 00 00 21 F8 B3 DA BC 92 1F C6 44 00 01 00 00 00 21
Version: 3
346
B5 4A 60 FA ED 5D FD A4 21 BC 0A E0 B6 ED D8 63 CD A2 C9 4B
30 70 DE 78 B9 D1 2F 91 95 58 15 87 A1 BB E2 2E 25 05 AB 18
2D 44 FD 0D C3 5A 60 D3 F0 F4 1B 23 3B 44 A0 64 D9 E0 73 FD
FA 15 67 3B 7B 68 5F 01 2A AF 70 3C 92 AC 63 BA 35 A4 F8 6E
9E 88 CC 3E 82 0E F6 D8 A7 29 90 4C 96 CD 65 F7 0C C7 CA DD
EB 9F 81 32 01 41 F0 25 1F 0D 78 58 79 50 6D 8D B7 84 57 14
9B 13 FF 3C 59 88 2E 2D 59 81 AC 11 87 6E B4 D9 8C 33 53 5D
32 FF D0 00 C9 67 CE 33 66 B2 67 FF F6 6A 7D FC FE 07 71 56
13 9C 6D A0 8A 15 05 B9 86 72 90 BD 13 1A FE 8D 7B C9 A0 18
8A B4 43 96 54 60 83 73 5B 13 D7 94 9D 25 93 D2 A6 87 B9 B4
2C B1 2A 80 7E 01 BD FC FF 42 00 F7 0C 7D 03 C3 2E A5 F0 00
9F A1 A2 7A B2 4B F1 E8 47 1D 05 BD 0D 83 DC DC B3 B9 73 64
6E 3C 08 4A AC E0 68 8E F0 B3 73 8C A0 76 C5 DA F1 2D 6D D0
E6 11 CA 7D 86 F7 F1 65 44 BE EC [...]
Issuer Name:
Serial Number: 11 00 00 00 21 F8 B3 DA BC 92 1F C6 44 00 01 00 00 00 21
Version: 3
347
Solution
N/A
Risk Factor
None
Exploitable with
Metasploit, CANVAS, Core Impact
Plugin Information:
Publication date: 2022/04/18, Modification date: 2023/08/25
Ports
lkazdc01 (TCP/445) Vulnerability State: Active
http://www.nessus.org/u?1a4b3744
Solution
Disable SMB version 1 and block all versions of SMB at the network boundary by blocking TCP port 445 with related
protocols on UDP ports 137-138 and TCP port 139, for all boundary devices.
348
Risk Factor
None
Exploitable with
Metasploit, CANVAS, Core Impact
Plugin Information:
Publication date: 2022/05/04, Modification date: 2022/05/04
Ports
lkazdc01 (TCP/445) Vulnerability State: Resurfaced
- SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters\SMB2 : Key not found.
- SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters\SMB3 : Key not found.
- SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters\SMB1 : Key not found.
161691 - The Microsoft Windows Support Diagnostic Tool (MSDT) RCE Workaround Detection
(CVE-2022-30190)
Synopsis
Checks for the HKEY_CLASSES_ROOT\ms-msdt registry key.
Description
The remote host has the HKEY_CLASSES_ROOT\ms-msdt registry key. This is a known exposure for
CVE-2022-30190.
Note that Nessus has not tested for CVE-2022-30190. It is only checking if the registry key exists. The
recommendation is to apply the latest patch.
See Also
http://www.nessus.org/u?440e4ba1
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30190
http://www.nessus.org/u?b9345997
Solution
Apply the latest Cumulative Update.
Risk Factor
None
Exploitable with
Metasploit, CANVAS, Core Impact
349
Plugin Information:
Publication date: 2022/05/31, Modification date: 2022/07/28
Ports
lkazdc01 (TCP/445) Vulnerability State: Active
The HKEY_CLASSES_ROOT\ms-msdt registry key exists on the target. This may indicate that the target
is vulnerable to CVE-2022-30190, if the vendor patch is not applied.
https://dotnet.microsoft.com/download/dotnet/6.0
https://github.com/dotnet/announcements/issues/225
http://www.nessus.org/u?bfb8ea98
Solution
Update .NET Core Runtime to version 3.1.26 or 6.0.6.
Risk Factor
Medium
Vulnerability Priority Rating (VPR)
4.4
CVSS v3.0 Base Score
350
5.5 (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N)
CVSS v3.0 Temporal Score
5.1 (E:F/RL:O/RC:C)
CVSS Base Score
4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N)
CVSS Temporal Score
3.6 (E:F/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2022-30184
XREF IAVA-2022-A-0235-S
XREF MSFT-MS22-5015429
XREF MSFT-MS22-5015424
XREF MSKB-5015429
XREF MSKB-5015424
Exploitable with
Metasploit, CANVAS, Core Impact
Plugin Information:
Publication date: 2022/06/16, Modification date: 2024/01/16
Ports
lkazdc01 (TCP/445) Vulnerability State: Active
351
Path : C:\Windows\system32\mshtml.dll
Version : 11.0.20348.2110
https://support.microsoft.com/help/5016990
https://dotnet.microsoft.com/download/dotnet/3.1
https://dotnet.microsoft.com/download/dotnet/6.0
http://www.nessus.org/u?327bb1fb
http://www.nessus.org/u?7ce182ee
https://github.com/dotnet/core/issues/7682
Solution
Update .NET Core Runtime to version 3.1.28 or 6.0.8.
Risk Factor
Medium
Vulnerability Priority Rating (VPR)
4.4
CVSS v3.0 Base Score
5.9 (AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)
CVSS v3.0 Temporal Score
5.3 (E:P/RL:O/RC:C)
CVSS Base Score
5.4 (AV:N/AC:H/Au:N/C:C/I:N/A:N)
CVSS Temporal Score
4.2 (E:POC/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2022-34716
XREF IAVA-2022-A-0313-S
XREF MSFT-MS22-5016990
XREF MSFT-MS22-5016987
XREF MSKB-5016990
XREF MSKB-5016987
Exploitable with
352
Metasploit, CANVAS, Core Impact
Plugin Information:
Publication date: 2022/08/10, Modification date: 2024/01/16
Ports
lkazdc01 (TCP/445) Vulnerability State: Active
http://www.nessus.org/u?c76821a3
Solution
Update ASP.NET Core Runtime to version 3.1.29 or 6.0.9.
Risk Factor
High
Vulnerability Priority Rating (VPR)
4.4
CVSS v3.0 Base Score
7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVSS v3.0 Temporal Score
7.0 (E:F/RL:O/RC:C)
CVSS Base Score
7.8 (AV:N/AC:L/Au:N/C:N/I:N/A:C)
CVSS Temporal Score
6.4 (E:F/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2022-38013
XREF IAVA-2022-A-0374-S
XREF MSFT-MS22-5017915
XREF MSFT-MS22-5017903
XREF MSKB-5017915
XREF MSKB-5017903
Exploitable with
353
Metasploit, CANVAS, Core Impact
Plugin Information:
Publication date: 2022/09/14, Modification date: 2023/10/11
Ports
lkazdc01 (TCP/445) Vulnerability State: Active
https://support.microsoft.com/help/5017915
https://dotnet.microsoft.com/download/dotnet/3.1
https://dotnet.microsoft.com/download/dotnet/6.0
http://www.nessus.org/u?cf2fdae6
http://www.nessus.org/u?775af4a9
https://github.com/dotnet/core/issues/7791
Solution
Update .NET Core Runtime to version 3.1.29 or 6.0.9.
Risk Factor
High
Vulnerability Priority Rating (VPR)
4.4
CVSS v3.0 Base Score
7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVSS v3.0 Temporal Score
7.0 (E:F/RL:O/RC:C)
CVSS Base Score
7.8 (AV:N/AC:L/Au:N/C:N/I:N/A:C)
CVSS Temporal Score
6.4 (E:F/RL:OF/RC:C)
STIG Severity
354
I
References
CVE CVE-2022-38013
XREF IAVA-2022-A-0374-S
XREF MSFT-MS22-5017915
XREF MSFT-MS22-5017903
XREF MSKB-5017915
XREF MSKB-5017903
Exploitable with
Metasploit, CANVAS, Core Impact
Plugin Information:
Publication date: 2022/09/14, Modification date: 2024/01/16
Ports
lkazdc01 (TCP/445) Vulnerability State: Active
http://www.nessus.org/u?9780b9d2
Solution
Add and enable registry value EnableCertPaddingCheck:
- HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Wintrust\Config\EnableCertPaddingCheck
Additionally, on 64 Bit OS systems, Add and enable registry value EnableCertPaddingCheck:
- HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Cryptography\Wintrust\Config
\EnableCertPaddingCheck
Risk Factor
High
Vulnerability Priority Rating (VPR)
8.9
CVSS v3.0 Base Score
7.8 (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
7.5 (E:H/RL:O/RC:C)
CVSS Base Score
7.6 (AV:N/AC:H/Au:N/C:C/I:C/A:C)
355
CVSS Temporal Score
6.6 (E:H/RL:OF/RC:C)
STIG Severity
II
References
CVE CVE-2013-3900
XREF CISA-KNOWN-EXPLOITED-2022/07/10
XREF IAVA-2013-A-0227
Exploitable with
Metasploit, CANVAS, Core Impact
Plugin Information:
Publication date: 2022/10/26, Modification date: 2023/12/26
Ports
lkazdc01 (TCP/445) Vulnerability State: Active
356
["countryCode",["0"]],["badPasswordTime",["133384468715982098"]],["lastLogoff",
["0"]],["lastLogon",["133384468778009953"]],["logonHours",["ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ"]],
["pwdLastSet",["132869748730484448"]],["primaryGroupID",["513"]],["objectSid",
["S-1-5-21-2016934633-2723708669-2290440068-500"]],["adminCount",["1"]],["accountExpires",
["0"]],["logonCount",["1212"]],["sAMAccountName",["azadmin"]],["sAMAccountType",["805306368"]],
["lockoutTime",["0"]],["objectCategory",["CN=Person,CN=Schema,CN=Configuration,DC=adl,DC=local"]],
["isCriticalSystemObject",["TRUE"]],["dSCorePropagationData",
["20230202102819.0Z","20221129062758.0Z","20221129054324.0Z","20221026042747.0Z","16010101000001.0Z"]],
["lastLogonTimestamp",["133396447408357706"]],["msDS-SupportedEncryptionTypes",["0"]]]
[["objectClass",["top","person","organizationalPerson","user"]],["cn",["lobby"]],["description",
["Built-in account for guest access to the [...]
357
Risk Factor
None
Exploitable with
Metasploit, CANVAS, Core Impact
Plugin Information:
Publication date: 2022/11/15, Modification date: 2024/01/16
Ports
lkazdc01 (TCP/636) Vulnerability State: Active
[["objectClass",["top","person","organizationalPerson","user","computer"]],["cn",["LKAZDC01"]],
["distinguishedName",["CN=LKAZDC01,OU=Domain Controllers,DC=adl,DC=local"]],["instanceType",
["4"]],["whenCreated",["20211210052038.0Z"]],["whenChanged",["20240115183137.0Z"]],["uSNCreated",
["12293"]],["memberOf",["CN=MDI-GMSA_Group,OU=Groups,DC=adl,DC=local"]],["uSNChanged",
["5866472"]],["name",["LKAZDC01"]],["objectGUID",["ed7daeeb8a667c4c8d6ccd7def755995"]],
["userAccountControl",["532480"]],["badPwdCount",["0"]],["codePage",["0"]],
["countryCode",["0"]],["badPasswordTime",["0"]],["lastLogoff",["0"]],["lastLogon",
["133499583902368134"]],["localPolicyFlags",["0"]],["pwdLastSet",["133498164002339304"]],
["primaryGroupID",["516"]],["objectSid",["S-1-5-21-2016934633-2723708669-2290440068-1000"]],
["accountExpires",["9223372036854775807"]],["logonCount",["11483"]],["sAMAccountName",
["LKAZDC01$"]],["sAMAccountType",["805306369"]],["operatingSystem",["Windows Server
2022 Datacenter"]],["operatingSystemVersion",["10.0 (20348)"]],["serverReferenceBL",
["CN=LKAZDC01,CN=Servers,CN=DRSite,CN=Sites,CN=Configuration,DC=adl,DC=local"]],["dNSHostName",
["LKAZDC01.adl.local"]],["rIDSetReferences",["CN=RID Set,CN=LKAZDC01,OU=Domain [...]
https://support.microsoft.com/en-us/help/5021954
https://support.microsoft.com/en-us/help/5021955
Solution
Update .NET Core Runtime to version 3.1.32 or 6.0.12 or 7.0.1.
Risk Factor
High
Vulnerability Priority Rating (VPR)
6.7
CVSS v3.0 Base Score
7.8 (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
6.8 (E:U/RL:O/RC:C)
CVSS Base Score
7.2 (AV:L/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score
5.3 (E:U/RL:OF/RC:C)
STIG Severity
I
358
References
CVE CVE-2022-41089
XREF IAVA-2022-A-0526
XREF MSFT-MS22-5021955
XREF MSFT-MS22-5021954
XREF MSFT-MS22-5021953
XREF MSKB-5021955
XREF MSKB-5021954
XREF MSKB-5021953
Exploitable with
Metasploit, CANVAS, Core Impact
Plugin Information:
Publication date: 2022/12/15, Modification date: 2024/01/16
Ports
lkazdc01 (TCP/445) Vulnerability State: Active
https://support.microsoft.com/en-us/help/5021954
https://support.microsoft.com/en-us/help/5021955
Solution
Update ASP.NET Core Runtime to version 3.1.32 or 6.0.12 or 7.0.1.
Risk Factor
High
Vulnerability Priority Rating (VPR)
6.7
CVSS v3.0 Base Score
7.8 (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
6.8 (E:U/RL:O/RC:C)
CVSS Base Score
7.2 (AV:L/AC:L/Au:N/C:C/I:C/A:C)
359
CVSS Temporal Score
5.3 (E:U/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2022-41089
XREF IAVA-2022-A-0526
XREF MSFT-MS22-5021955
XREF MSFT-MS22-5021954
XREF MSFT-MS22-5021953
XREF MSKB-5021955
XREF MSKB-5021954
XREF MSKB-5021953
Exploitable with
Metasploit, CANVAS, Core Impact
Plugin Information:
Publication date: 2022/12/15, Modification date: 2023/11/20
Ports
lkazdc01 (TCP/445) Vulnerability State: Active
C:\Windows\system32
360
C:\Windows
C:\Windows\System32\Wbem
C:\Windows\System32\WindowsPowerShell\v1.0\
C:\Windows\System32\OpenSSH\
C:\Program Files\dotnet\
C:\Program Files (x86)\dotnet\
C:\Program Files\Microsoft Network Monitor 3\
C:\Users\vaadmin\AppData\Local\Microsoft\WindowsApps
169783 - Security Updates for Windows Malicious Software Removal Tool (January 2023)
Synopsis
The remote Windows host has an antimalware application that is affected by a privilege escalation vulnerability.
Description
The Windows Malicious Software Removal Tool installation on the remote host is missing a security update. It is,
therefore, affected by the following vulnerability:
- An elevation of privilege vulnerability. An attacker can exploit this to gain elevated privileges.
(CVE-2023-21725)
See Also
http://www.nessus.org/u?867b0b4e
Solution
Microsoft has released version 5.109 to address this issue.
Risk Factor
Medium
Vulnerability Priority Rating (VPR)
6.0
CVSS v3.0 Base Score
6.3 (AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H)
CVSS v3.0 Temporal Score
5.9 (E:F/RL:O/RC:C)
CVSS Base Score
5.5 (AV:L/AC:H/Au:S/C:N/I:C/A:C)
CVSS Temporal Score
4.5 (E:F/RL:OF/RC:C)
References
CVE CVE-2023-21725
Exploitable with
Metasploit, CANVAS, Core Impact
Plugin Information:
Publication date: 2023/01/10, Modification date: 2023/09/08
Ports
lkazdc01 (TCP/445) Vulnerability State: Active
361
- Domain Name
- Common Name
- samAccountName
- Domain Role
- DNS Name
- Record Name
- Distinguished Name
See Also
http://www.nessus.org/u?56077cfb
Solution
N/A
Risk Factor
None
Exploitable with
Metasploit, CANVAS, Core Impact
Plugin Information:
Publication date: 2023/01/25, Modification date: 2024/01/16
Ports
lkazdc01 (TCP/0) Vulnerability State: Active
362
Synopsis
Curl is installed on the remote Windows host.
Description
Curl, a command line tool for transferring data with URLs, was detected on the remote Windows host.
Please note, if the installation is located in either the Windows\System32 or Windows\SysWOW64 directory, it will
be considered as managed by the OS. In this case, paranoid scanning is require to trigger downstream vulnerabilty
checks. Paranoid scanning has no affect on this plugin itself.
See Also
https://curl.se/
Solution
N/A
Risk Factor
None
Exploitable with
Metasploit, CANVAS, Core Impact
Plugin Information:
Publication date: 2023/02/23, Modification date: 2024/01/16
Ports
lkazdc01 (TCP/0) Vulnerability State: Active
Path : C:\Windows\SysWOW64\curl.exe
Version : 8.4.0.0
Managed by OS : True
Path : C:\Windows\System32\curl.exe
Version : 8.4.0.0
Managed by OS : True
363
According to its version, the ASP.NET Core installed on the remote host is no longer maintained by its vendor or
provider.
Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it may
contain security vulnerabilities.
See Also
http://www.nessus.org/u?89faa62b
Solution
Upgrade to a version of ASP.NET Core that is currently supported.
Risk Factor
Critical
CVSS v3.0 Base Score
10.0 (AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
CVSS Base Score
10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Exploitable with
Metasploit, CANVAS, Core Impact
Plugin Information:
Publication date: 2023/03/07, Modification date: 2023/03/07
Ports
lkazdc01 (TCP/0) Vulnerability State: Active
364
http://www.nessus.org/u?89faa62b
Solution
Upgrade to a version of Microsoft .NET Core that is currently supported.
Risk Factor
Critical
CVSS v3.0 Base Score
10.0 (AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
CVSS Base Score
10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Exploitable with
Metasploit, CANVAS, Core Impact
Plugin Information:
Publication date: 2023/03/07, Modification date: 2023/03/07
Ports
lkazdc01 (TCP/0) Vulnerability State: Active
NOTE: This list may be truncated depending on the scan verbosity settings.
365
Description
Nessus was able to enumerate Microsoft Edge browser extensions installed on the remote host.
See Also
https://microsoftedge.microsoft.com/addons
Solution
N/A
Risk Factor
None
Exploitable with
Metasploit, CANVAS, Core Impact
Plugin Information:
Publication date: 2023/05/22, Modification date: 2024/01/16
Ports
lkazdc01 (TCP/445) Vulnerability State: Active
User : Thilaksha_106310a
|- Browser : Microsoft Edge
|- Add-on information :
Name : unknown
Version : 1.69.5
Path : C:\Users\Thilaksha_106310a\AppData\Local\Microsoft\Edge\User Data\Default\Extensions
\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.69.5_0
User : azadmin
|- Browser : Microsoft Edge
|- Add-on information :
366
Risk Factor
None
Exploitable with
Metasploit, CANVAS, Core Impact
Plugin Information:
Publication date: 2023/06/13, Modification date: 2024/01/16
Ports
lkazdc01 (TCP/636) Vulnerability State: Active
[["objectClass",["top","crossRef"]],["cn",["Enterprise Configuration"]],["distinguishedName",
["CN=Enterprise Configuration,CN=Partitions,CN=Configuration,DC=adl,DC=local"]],["instanceType",
["4"]],["whenCreated",["20211210051849.0Z"]],["whenChanged",["20211210051849.0Z"]],
["nCName",["CN=Configuration,DC=adl,DC=local"]],["uSNCreated",["4117"]],["uSNChanged",
["4117"]],["showInAdvancedViewOnly",["TRUE"]],["name",["Enterprise Configuration"]],
["objectGUID",["c907ca407622c64f85dec923cd0ccc16"]],["dnsRoot",["adl.local"]],["systemFlags",
["1"]],["objectCategory",["CN=Cross-Ref,CN=Schema,CN=Configuration,DC=adl,DC=local"]],
["dSCorePropagationData",["16010101000000.0Z"]]]
[["objectClass",["top","crossRef"]],["cn",["ADL"]],["distinguishedName",
["CN=ADL,CN=Partitions,CN=Configuration,DC=adl,DC=local"]],["instanceType",["4"]],["whenCreated",
["20211210051849.0Z"]],["whenChanged",["20211210052151.0Z"]],["nCName",["DC=adl,DC=local"]],
["uSNCreated",["4118"]],["uSNChanged",["12719"]],["showInAdvancedViewOnly",["TRUE"]],["name",
["ADL"]],["objectGUID",["2f1cf247335e714eb1d5feb0c80c17db"]],["dnsRoot",["adl.local"]],
["nETBIOSName",["ADL"]],["nTMixedDomain",["0"]],["systemFlags",["3"]],["objectCategory",
["CN=Cross-Ref,CN=Schema,CN=Configuration,DC=adl,DC=local"]],["dSCorePropagationData",
["16010101000000.0Z"]],["msDS-Behavior-Version",["7"]]]
[["objectClass",["top","crossRef"]],["cn",["Enterprise Schema"]],["distinguishedName",
["CN=Enterprise Schema,CN=Partitions,CN=Configuration,DC=adl,DC=local"]],["instanceType",
["4"]],["whenCreated",["20211210051849.0Z"]],["whenChanged",["20211210051849.0Z"]],["nCName",
["CN=Schema,CN=Configuration,DC=adl,DC=local"]],["uSNCreated",["4119"]],["uSNChanged",["4119"]],
["showInAdvancedViewOnly",["TRUE"]],["name",["Enterprise [...]
367
["0"]],["nextRid",["1000"]],["pwdProperties",["1"]],["pwdHistoryLength",["24"]],
["objectSid",["S-1-5-21-2016934633-2723708669-2290440068"]],["serverState",["1"]],
["uASCompat",["0"]],["modifiedCount",["1"]],["auditingPolicy",[""]],["nTMixedDomain",["0"]],
["rIDManagerReference",["CN=RID Manager$,CN=System,DC=adl,DC=local"]],["fSMORoleOwner",["CN=NTDS
Settings,CN=LKPDC,CN=Servers,CN=PrimarySite,CN=Sites,CN=Configuration,DC=adl,DC=local"]],
["systemFlags",["-1946157056"]],["wellKnownObjects",
["B:32:AA312825768811D1ADED00C04FD8D5CD:OU=Workstations,DC=adl,DC=local","B:32:6227F0AF1FC2410D8E3BB10615BB5B0
Quotas,DC=adl,DC=local","B:32:F4BE92A4C777485E878E9421D53087DB:CN=Microsoft,CN=Program
Data,DC=adl,DC=local","B:32:09460C08AE1E4A4EA0F64AEE7DAA1E5A:CN=Program
Data,DC=adl,DC=local","B:32:22B70C67D56E4EFB91E9300FCA3DC1AA:CN=ForeignSecurityPrincipals,DC=adl,DC=local","B
Objects,DC=adl,DC=local","B:32:2FBAC1870ADE11D297C400C04FD8D5CD:CN=Infrastructure,DC=adl,DC=local","B:32:AB81
[...]
368
[UninstallString] :
Raw Value : "C:\ProgramData\Package Cache\{25bd12e2-e68f-4a4e-8534-
e1c2889ae5a9}\AspNetCoreSharedFrameworkBundle-x64.exe" /uninstall
Parsed File Path : C:\ProgramData\Package Cache\{25bd12e2-e68f-4a4e-8534-
e1c2889ae5a9}\AspNetCoreSharedFrameworkBundle-x64.exe
Parsed File Version : 5.0.11.21476
[DisplayVersion] :
Raw Value : 5.0.11.21476
[VersionMinor] :
Raw Value : 0
[DisplayIcon] :
Raw Value : C:\ProgramData\Package Cache\{25bd12e2-e68f-4a4e-8534-
e1c2889ae5a9}\AspNetCoreSharedFrameworkBundle-x64.exe,0
Parsed File Path : C:\ProgramData\Package Cache\{25bd12e2-e68f-4a4e-8534-
e1c2889ae5a9}\AspNetCoreSharedFrameworkBundle-x64.exe
Parsed File Version : [...]
186777 - KB5033118: Windows 2022 / Azure Stack HCI 22H2 Security Update (December 2023)
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing security update 5033118 or Azure HotPatch 5033464. It is, therefore, affected by
multiple vulnerabilities
- Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability (CVE-2023-36006)
- Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability (CVE-2023-36696)
- Win32k Elevation of Privilege Vulnerability (CVE-2023-36011)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.
See Also
https://support.microsoft.com/help/5033118
https://support.microsoft.com/help/5033464
Solution
Apply Security Update 5033118 or Azure HotPatch 5033464
Risk Factor
Critical
Vulnerability Priority Rating (VPR)
369
8.4
CVSS v3.0 Base Score
8.8 (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
7.9 (E:P/RL:O/RC:C)
CVSS Base Score
10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score
7.8 (E:POC/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2023-36696
CVE CVE-2023-36012
CVE CVE-2023-36011
CVE CVE-2023-36006
CVE CVE-2023-36005
CVE CVE-2023-36004
CVE CVE-2023-36003
CVE CVE-2023-35644
CVE CVE-2023-35643
CVE CVE-2023-35642
CVE CVE-2023-35641
CVE CVE-2023-35639
CVE CVE-2023-35638
CVE CVE-2023-35630
CVE CVE-2023-35628
CVE CVE-2023-35622
CVE CVE-2023-21740
CVE CVE-2023-20588
XREF IAVA-2023-A-0690-S
XREF IAVA-2023-A-0689-S
XREF MSFT-MS23-5033464
XREF MSFT-MS23-5033118
XREF MSKB-5033464
370
XREF MSKB-5033118
Exploitable with
Metasploit, CANVAS, Core Impact
Plugin Information:
Publication date: 2023/12/12, Modification date: 2024/01/15
Ports
lkazdc01 (TCP/445) Vulnerability State: Active
https://www.microsoft.com/en-us/windows-server
Solution
N/A
Risk Factor
None
Exploitable with
Metasploit, CANVAS, Core Impact
Plugin Information:
Publication date: 2023/12/27, Modification date: 2023/12/27
Ports
lkazdc01 (TCP/0) Vulnerability State: Active
187790 - KB5034129: Windows 2022 / Azure Stack HCI 22H2 Security Update (January 2024)
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
371
The remote Windows host is missing security update 5034129. It is, therefore, affected by multiple vulnerabilities
- Microsoft ODBC Driver Remote Code Execution Vulnerability (CVE-2024-20654)
- BitLocker Security Feature Bypass Vulnerability (CVE-2024-20666)
- Windows Kerberos Security Feature Bypass Vulnerability (CVE-2024-20674)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.
See Also
https://support.microsoft.com/help/5034129
Solution
Apply Security Update 5034129
Risk Factor
High
Vulnerability Priority Rating (VPR)
8.4
CVSS v3.0 Base Score
8.0 (AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
7.2 (E:P/RL:O/RC:C)
CVSS Base Score
9.0 (AV:N/AC:L/Au:S/C:C/I:C/A:C)
CVSS Temporal Score
7.0 (E:POC/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2024-21320
CVE CVE-2024-21316
CVE CVE-2024-21314
CVE CVE-2024-21313
CVE CVE-2024-21311
CVE CVE-2024-21310
CVE CVE-2024-21309
CVE CVE-2024-21307
CVE CVE-2024-21306
CVE CVE-2024-21305
CVE CVE-2024-20700
CVE CVE-2024-20699
CVE CVE-2024-20698
CVE CVE-2024-20696
CVE CVE-2024-20694
372
CVE CVE-2024-20692
CVE CVE-2024-20691
CVE CVE-2024-20687
CVE CVE-2024-20683
CVE CVE-2024-20682
CVE CVE-2024-20681
CVE CVE-2024-20680
CVE CVE-2024-20674
CVE CVE-2024-20666
CVE CVE-2024-20664
CVE CVE-2024-20663
CVE CVE-2024-20662
CVE CVE-2024-20661
CVE CVE-2024-20660
CVE CVE-2024-20658
CVE CVE-2024-20657
CVE CVE-2024-20655
CVE CVE-2024-20654
CVE CVE-2024-20653
CVE CVE-2024-20652
CVE CVE-2022-35737
XREF IAVA-2024-A-0016
XREF IAVA-2024-A-0015
XREF MSFT-MS24-5034129
XREF MSKB-5034129
Exploitable with
Metasploit, CANVAS, Core Impact
Plugin Information:
Publication date: 2024/01/09, Modification date: 2024/01/15
Ports
lkazdc01 (TCP/445) Vulnerability State: Active
373
Should be : 10.0.20348.2227
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-0056
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-0057
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21312
https://support.microsoft.com/en-us/help/5033898
https://support.microsoft.com/en-us/help/5033899
https://support.microsoft.com/en-us/help/5033904
https://support.microsoft.com/en-us/help/5033907
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36042
https://support.microsoft.com/en-us/help/5033909
https://support.microsoft.com/en-us/help/5033910
https://support.microsoft.com/en-us/help/5033911
https://support.microsoft.com/en-us/help/5033912
https://support.microsoft.com/en-us/help/5033914
https://support.microsoft.com/en-us/help/5033916
https://support.microsoft.com/en-us/help/5033917
https://support.microsoft.com/en-us/help/5033918
https://support.microsoft.com/en-us/help/5033919
https://support.microsoft.com/en-us/help/5033920
https://support.microsoft.com/en-us/help/5033922
https://support.microsoft.com/en-us/help/5033945
https://support.microsoft.com/en-us/help/5033946
https://support.microsoft.com/en-us/help/5033947
374
https://support.microsoft.com/en-us/help/5033948
Solution
Microsoft has released security updates for Microsoft .NET Framework.
Risk Factor
High
Vulnerability Priority Rating (VPR)
7.1
CVSS v3.0 Base Score
9.1 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N)
CVSS v3.0 Temporal Score
7.9 (E:U/RL:O/RC:C)
CVSS Base Score
9.4 (AV:N/AC:L/Au:N/C:C/I:C/A:N)
CVSS Temporal Score
7.0 (E:U/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2024-21312
CVE CVE-2024-0057
CVE CVE-2024-0056
CVE CVE-2023-36042
XREF IAVA-2024-A-0011
XREF MSFT-MS24-5033948
XREF MSFT-MS24-5033947
XREF MSFT-MS24-5033946
XREF MSFT-MS24-5033945
XREF MSFT-MS24-5033922
XREF MSFT-MS24-5033920
XREF MSFT-MS24-5033919
XREF MSFT-MS24-5033918
XREF MSFT-MS24-5033917
XREF MSFT-MS24-5033916
XREF MSFT-MS24-5033914
XREF MSFT-MS24-5033912
XREF MSFT-MS24-5033911
375
XREF MSFT-MS24-5033910
XREF MSFT-MS24-5033909
XREF MSFT-MS24-5033907
XREF MSFT-MS24-5033904
XREF MSFT-MS24-5033899
XREF MSFT-MS24-5033898
XREF MSKB-5033948
XREF MSKB-5033947
XREF MSKB-5033946
XREF MSKB-5033945
XREF MSKB-5033922
XREF MSKB-5033920
XREF MSKB-5033919
XREF MSKB-5033918
XREF MSKB-5033917
XREF MSKB-5033916
XREF MSKB-5033914
XREF MSKB-5033912
XREF MSKB-5033911
XREF MSKB-5033910
XREF MSKB-5033909
XREF MSKB-5033907
XREF MSKB-5033904
XREF MSKB-5033899
XREF MSKB-5033898
Exploitable with
Metasploit, CANVAS, Core Impact
Plugin Information:
Publication date: 2024/01/10, Modification date: 2024/01/12
Ports
lkazdc01 (TCP/445) Vulnerability State: Active
Cumulative
- 5033914
376
C:\Windows\Microsoft.NET\Framework\v4.0.30319\system.web.dll has not been patched.
Remote version : 4.8.4682.0
Should be : 4.8.4690.0
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-0333
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20675
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20709
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20721
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21337
Solution
Upgrade to Microsoft Edge version 120.0.2336.0 or later.
Risk Factor
High
Vulnerability Priority Rating (VPR)
7.4
CVSS v3.0 Base Score
6.3 (AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L)
CVSS v3.0 Temporal Score
5.5 (E:U/RL:O/RC:C)
CVSS Base Score
7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS Temporal Score
5.5 (E:U/RL:OF/RC:C)
References
CVE CVE-2024-21337
CVE CVE-2024-20721
CVE CVE-2024-20709
CVE CVE-2024-20675
377
CVE CVE-2024-0333
Exploitable with
Metasploit, CANVAS, Core Impact
Plugin Information:
Publication date: 2024/01/11, Modification date: 2024/01/11
Ports
lkazdc01 (TCP/445) Vulnerability State: Active
Issuer Name:
Serial Number: 11 00 00 00 21 F8 B3 DA BC 92 1F C6 44 00 01 00 00 00 21
Version: 3
378
FA 15 67 3B 7B 68 5F 01 2A AF 70 3C 92 AC 63 BA 35 A4 F8 6E
9E 88 CC 3E 82 0E F6 D8 A7 29 90 4C 96 CD 65 F7 0C C7 CA DD
EB 9F 81 32 01 41 F0 25 1F 0D 78 58 79 50 6D 8D B7 84 57 14
9B 13 FF 3C 59 88 2E 2D 59 81 AC 11 87 6E B4 D9 8C 33 53 5D
32 FF D0 00 C9 67 CE 33 66 B2 67 FF F6 6A 7D FC FE 07 71 56
13 9C 6D A0 8A 15 05 B9 86 72 90 BD 13 1A FE 8D 7B C9 A0 18
8A B4 43 96 54 60 83 73 5B 13 D7 94 9D 25 93 D2 A6 87 B9 B4
2C B1 2A 80 7E 01 BD FC FF 42 00 F7 0C 7D 03 C3 2E A5 F0 00
9F A1 A2 7A B2 4B F1 E8 47 1D 05 BD 0D 83 DC DC B3 B9 73 64
6E 3C 08 4A AC E0 68 8E F0 B3 73 8C A0 76 C5 DA F1 2D 6D D0
E6 11 CA 7D 86 F7 F1 65 44 BE EC [...]
Issuer Name:
Serial Number: 4C 13 5B 7B F5 BD 4A B2 41 13 F5 57 08 A5 E6 6E
Version: 3
Issuer Name:
Serial Number: 11 00 00 00 21 F8 B3 DA BC 92 1F C6 44 00 01 00 00 00 21
Version: 3
379
Signature Algorithm: SHA-256 With RSA Encryption
Version : unknown
380
The BIOS info could be read.
Description
It is possible to get information about the BIOS via the host's WMI interface.
Solution
N/A
Risk Factor
None
Exploitable with
Metasploit, CANVAS, Core Impact
Plugin Information:
Publication date: 2008/09/05, Modification date: 2024/01/16
Ports
lkazdc01 (TCP/0) Vulnerability State: Active
http://www.nessus.org/u?15ae6806
Solution
N/A
Risk Factor
None
References
XREF IAVT-0001-T-0655
Exploitable with
Metasploit, CANVAS, Core Impact
Plugin Information:
Publication date: 2010/12/20, Modification date: 2022/10/18
Ports
lkazdc01 (TCP/445) Vulnerability State: Active
Path : C:\Windows\Microsoft.NET\Framework64\v4.0.30319\
Version : 4.8
Full Version : 4.8.04161
Install Type : Full
Release : 528449
Path : C:\Windows\Microsoft.NET\Framework64\v4.0.30319\
Version : 4.8
381
Full Version : 4.8.04161
Install Type : Client
Release : 528449
20240105071606.236433+330
382
None
Exploitable with
Metasploit, CANVAS, Core Impact
Plugin Information:
Publication date: 2011/12/06, Modification date: 2021/07/12
Ports
lkazdc01 (TCP/445) Vulnerability State: Active
383
HKLM\SYSTEM\CurrentControlSet\Control\TimeZoneInformation\DaylightName : @tzres.dll,-531
HKLM\SYSTEM\CurrentControlSet\Control\TimeZoneInformation\DynamicDaylightTimeDisabled : 0x00000000
HKLM\SYSTEM\CurrentControlSet\Control\TimeZoneInformation\StandardBias : 0x00000000
HKLM\SYSTEM\CurrentControlSet\Control\TimeZoneInformation\DaylightBias : 0xFFFFFFC4
HKLM\SYSTEM\CurrentControlSet\Control\TimeZoneInformation\Bias : 0xFFFFFEB6
HKLM\SYSTEM\CurrentControlSet\Control\TimeZoneInformation\DaylightStart :
00000000000000000000000000000000
HKLM\SYSTEM\CurrentControlSet\Control\TimeZoneInformation\StandardStart :
00000000000000000000000000000000
http://www.nessus.org/u?61293b38
Solution
N/A
Risk Factor
None
Exploitable with
Metasploit, CANVAS, Core Impact
Plugin Information:
Publication date: 2016/07/19, Modification date: 2018/11/15
Ports
lkazdc01 (TCP/0) Vulnerability State: Active
[...]
384
Synopsis
A graphical interface connection utility is installed on the remote Windows host
Description
Microsoft Remote Desktop Connection (also known as Remote Desktop Protocol or Terminal Services Client) is
installed on the remote Windows host.
See Also
http://www.nessus.org/u?1c33f0e7
Solution
N/A
Risk Factor
None
Exploitable with
Metasploit, CANVAS, Core Impact
Plugin Information:
Publication date: 2019/06/12, Modification date: 2022/10/10
Ports
lkazdc01 (TCP/0) Vulnerability State: Active
Path : C:\Windows\\System32\\mstsc.exe
Version : 10.0.20348.1850
385
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.
See Also
https://dotnet.microsoft.com/download/dotnet/3.1
https://dotnet.microsoft.com/download/dotnet/5.0
https://dotnet.microsoft.com/download/dotnet/6.0
https://github.com/dotnet/announcements/issues/219
http://www.nessus.org/u?3b99f604
http://www.nessus.org/u?b1b0aff4
http://www.nessus.org/u?39d07c32
Solution
Update .NET Core Runtime to version 3.1.25, 5.0.17 or 6.0.5.
Risk Factor
Medium
Vulnerability Priority Rating (VPR)
4.4
CVSS v3.0 Base Score
7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVSS v3.0 Temporal Score
7.0 (E:F/RL:O/RC:C)
CVSS Base Score
5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVSS Temporal Score
4.1 (E:F/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2022-29145
CVE CVE-2022-29117
CVE CVE-2022-23267
XREF IAVA-2022-A-0201-S
Exploitable with
Metasploit, CANVAS, Core Impact
Plugin Information:
Publication date: 2022/05/13, Modification date: 2023/10/27
Ports
lkazdc01 (TCP/445) Vulnerability State: Active
386
Path : C:\Program Files\dotnet\shared\Microsoft.NetCore.App\3.1.20\
Installed version : 3.1.20.30521
Fixed version : 3.1.25
https://support.microsoft.com/help/5019351
https://dotnet.microsoft.com/download/dotnet/3.1
https://dotnet.microsoft.com/download/dotnet/6.0
http://www.nessus.org/u?1a5250e3
http://www.nessus.org/u?0eafd070
https://github.com/dotnet/core/issues/7864
Solution
Update .NET Core Runtime to version 3.1.30 or 6.0.10.
Risk Factor
Medium
Vulnerability Priority Rating (VPR)
7.4
CVSS v3.0 Base Score
7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
387
CVSS v3.0 Temporal Score
7.2 (E:F/RL:O/RC:C)
CVSS Base Score
6.8 (AV:L/AC:L/Au:S/C:C/I:C/A:C)
CVSS Temporal Score
5.6 (E:F/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2022-41032
XREF IAVA-2022-A-0411-S
XREF MSFT-MS22-5019351
XREF MSFT-MS22-5019349
XREF MSKB-5019351
XREF MSKB-5019349
Exploitable with
Metasploit, CANVAS, Core Impact
Plugin Information:
Publication date: 2022/10/12, Modification date: 2024/01/16
Ports
lkazdc01 (TCP/445) Vulnerability State: Active
388
Assets Summary (Executive)
lkazadconnect
Summary
Critical High Medium Low Info Total
3 9 9 0 148 169
Details
Severity Plugin Id Name
Critical 186777 KB5033118: Windows 2022 / Azure Stack HCI 22H2 Security Update
(December 2023)
High 187790 KB5034129: Windows 2022 / Azure Stack HCI 22H2 Security Update
(January 2024)
High 165076 Security Updates for Microsoft ASP.NET Core (September 2022)
High 168826 Security Updates for Microsoft ASP.NET Core (December 2022)
High 187901 Security Updates for Microsoft .NET Framework (January 2024)
High 168747 Security Updates for Microsoft .NET Core (December 2022)
High 165077 Security Updates for Microsoft .NET Core (September 2022)
High 187859 Security Update for Microsoft .NET Core (January 2024)
Medium 166054 Security Updates for Microsoft .NET Core (October 2022)
Medium 158744 Security Updates for Microsoft .NET core (March 2022)
Medium 162314 Security Updates for Microsoft .NET core (June 2022)
Medium 169783 Security Updates for Windows Malicious Software Removal Tool (January
2023)
Medium 163974 Security Updates for Microsoft .NET Core (August 2022)
Medium 161167 Security Updates for Microsoft .NET core (May 2022)
Medium 156227 Security Updates for Microsoft ASP.NET Core (December 2021)
390
Info 92421 Internet Explorer Typed URLs
Info 174405 Microsoft OLE DB Driver for SQL Server Installed (Windows)
Info 161691 The Microsoft Windows Support Diagnostic Tool (MSDT) RCE Workaround
Detection (CVE-2022-30190)
Info 106716 Microsoft Windows SMB2 and SMB3 Dialects Supported (remote check)
391
Info 33139 WS-Management Server Detection
Info 11457 Microsoft Windows SMB Registry : Winlogon Cached Password Weakness
Info 48942 Microsoft Windows SMB Registry : OS Version and Processor Architecture
392
Info 179947 Intel CPUID detection
Info 42898 SMB Registry : Stop the Registry Service after the scan (WMI)
Info 10899 Microsoft Windows - Users Information : User Has Never Logged In
393
Info 63080 Microsoft Windows Mounted Devices
Info 42897 SMB Registry : Start the Registry Service during the scan (WMI)
Info 174413 Microsoft ODBC Driver for SQL Server Installed (Windows)
394
Info 92424 MUICache Program Execution History
395
lkazbackupresto
Summary
Critical High Medium Low Info Total
3 5 3 0 145 156
Details
Severity Plugin Id Name
Critical 185887 Security Updates for Microsoft .NET Framework (November 2023)
Critical 186789 KB5033371: Windows 10 version 1809 / Windows Server 2019 Security
Update (December 2023)
Critical 185579 KB5032196: Windows 10 version 1809 / Windows Server 2019 Security
Update (November 2023)
High 187803 KB5034127: Windows 10 version 1809 / Windows Server 2019 Security
Update (January 2024)
High 187901 Security Updates for Microsoft .NET Framework (January 2024)
Info 161691 The Microsoft Windows Support Diagnostic Tool (MSDT) RCE Workaround
Detection (CVE-2022-30190)
396
Info 56468 Time of Last System Startup
Info 106716 Microsoft Windows SMB2 and SMB3 Dialects Supported (remote check)
Info 11457 Microsoft Windows SMB Registry : Winlogon Cached Password Weakness
397
Info 56984 SSL / TLS Versions Supported
Info 48942 Microsoft Windows SMB Registry : OS Version and Processor Architecture
Info 42898 SMB Registry : Stop the Registry Service after the scan (WMI)
Info 10899 Microsoft Windows - Users Information : User Has Never Logged In
398
Info 164690 Windows Disabled Command Prompt Enumeration
Info 42897 SMB Registry : Start the Registry Service during the scan (WMI)
399
Info 16193 Antivirus Software Check
400
Info 125835 Microsoft Remote Desktop Connection Installed
401
lkazdc01
Summary
Critical High Medium Low Info Total
3 8 10 0 162 183
Details
Severity Plugin Id Name
Critical 186777 KB5033118: Windows 2022 / Azure Stack HCI 22H2 Security Update
(December 2023)
High 187790 KB5034129: Windows 2022 / Azure Stack HCI 22H2 Security Update
(January 2024)
High 165076 Security Updates for Microsoft ASP.NET Core (September 2022)
High 168826 Security Updates for Microsoft ASP.NET Core (December 2022)
High 187901 Security Updates for Microsoft .NET Framework (January 2024)
High 168747 Security Updates for Microsoft .NET Core (December 2022)
High 165077 Security Updates for Microsoft .NET Core (September 2022)
Medium 166054 Security Updates for Microsoft .NET Core (October 2022)
Medium 158744 Security Updates for Microsoft .NET core (March 2022)
Medium 162314 Security Updates for Microsoft .NET core (June 2022)
Medium 169783 Security Updates for Windows Malicious Software Removal Tool (January
2023)
Medium 163974 Security Updates for Microsoft .NET Core (August 2022)
Medium 161167 Security Updates for Microsoft .NET core (May 2022)
Medium 156227 Security Updates for Microsoft ASP.NET Core (December 2021)
402
Info 11011 Microsoft Windows SMB Service Detection
Info 161691 The Microsoft Windows Support Diagnostic Tool (MSDT) RCE Workaround
Detection (CVE-2022-30190)
Info 106716 Microsoft Windows SMB2 and SMB3 Dialects Supported (remote check)
403
Info 174736 Netstat Ingress Connections
Info 11457 Microsoft Windows SMB Registry : Winlogon Cached Password Weakness
Info 35706 SMB Registry : Stopping the Registry Service after the scan failed
Info 48942 Microsoft Windows SMB Registry : OS Version and Processor Architecture
404
Info 99364 Microsoft .NET Security Rollup Enumeration
Info 10899 Microsoft Windows - Users Information : User Has Never Logged In
405
Info 131023 Windows Defender Installed
Info 42897 SMB Registry : Start the Registry Service during the scan (WMI)
406
Info 44401 Microsoft Windows SMB Service Config Enumeration
407
Info 92423 Windows Explorer Recently Executed Programs
408
Remediations
Suggested Remediations
Taking the following actions across 3 hosts would resolve 16% of the vulnerabilities on the network:
Security Update for Microsoft .NET Core (January 2024): Update .NET Core, remove vulnerable 14 1
packages and refer to vendor advisory.
Security Updates for Microsoft .NET Core (December 2022): Update .NET Core Runtime to version 3.1.32 12 1
or 6.0.12 or 7.0.1.
Microsoft Edge (Chromium) < 120.0.2336.0 Multiple Vulnerabilities: Upgrade to Microsoft Edge version 10 2
120.0.2336.0 or later.
Install KB5034129 4 2
Google Chrome < 120.0.6099.225 Multiple Vulnerabilities: Upgrade to Google Chrome version 3 1
120.0.6099.225 or later.
Install KB5034127 3 1
Security Updates for Microsoft ASP.NET Core (December 2021): Update ASP.NET Core, remove 2 2
vulnerable packages and refer to vendor advisory.
Security Updates for Windows Malicious Software Removal Tool (January 2023): Microsoft has released 0 2
version 5.109 to address this issue.
410