Azure - Windows Server - Host Scan - 2024 Jan q5trvk

Tenable Vulnerability Management
Report
Tenable Vulnerability Management
Wed, 17 Jan 2024 11:04:39 UTC
Table Of Contents
Vulnerabilities By Host......................................................................................................... 3
•lkazadconnect.............................................................................................................................................................. 4
•lkazbackupresto....................................................................................................................................................... 125
•lkazdc01...................................................................................................................................................................238
Assets Summary (Executive)........................................................................................... 389
•lkazadconnect.......................................................................................................................................................... 390
•lkazbackupresto....................................................................................................................................................... 396
•lkazdc01...................................................................................................................................................................402
Remediations.................................................................................................................... 409
•Suggested Remediations........................................................................................................................................ 410
Vulnerabilities By Host
lkazadconnect
Scan Information
Start time: 2024/01/17 10:30
End time: 2024/01/17 11:04

Host Information
DNS Name: lkazadconnect.adl.local
Netbios Name: LKAZADCONNECT
OS: Microsoft Windows Server 2022 Datacenter Build 20348

Results Summary
Critical High Medium Low Info Total
3 9 9 0 148 169
Results Details
/
10107 - HTTP Server Type and Version
Synopsis
A web server is running on the remote host.
Description
This plugin attempts to determine the type and the version of the remote web server.
Solution
N/A
Risk Factor
None
References
XREF IAVT-0001-T-0931
Exploitable with
Metasploit, CANVAS, Core Impact
Plugin Information:
Publication date: 2000/01/04, Modification date: 2020/10/30
Ports
lkazadconnect (TCP/47001) Vulnerability State: Active
The remote web server type is :
Microsoft-HTTPAPI/2.0

10114 - ICMP Timestamp Request Remote Date Disclosure

Synopsis
It is possible to determine the exact time set on the remote host.
Description
The remote host answers to an ICMP timestamp request. This allows an attacker to know the date that is set on
the targeted machine, which may assist an unauthenticated, remote attacker in defeating time-based authentication
protocols.
Timestamps returned from machines running Windows Vista / 7 / 2008 / 2008 R2 are deliberately incorrect, but
usually within 1000 seconds of the actual system time.
4
Solution
Filter out the ICMP timestamp requests (13), and the outgoing ICMP timestamp replies (14).
Risk Factor
None
Vulnerability Priority Rating (VPR)
0.8
References
CVE CVE-1999-0524
XREF CWE-200
Exploitable with
Plugin Information:
Ports
lkazadconnect (ICMP/0) Vulnerability State: Active
This host returns non-standard timestamps (high bit is set)
The ICMP timestamps might be in little endian format (not in network format)
The difference between the local and remote clocks is -213 seconds.
10150 - Windows NetBIOS / SMB Remote Host Information Disclosure

Synopsis
It was possible to obtain the network name of the remote host.
Description
The remote host is listening on UDP port 137 or TCP port 445, and replies to NetBIOS nbtscan or SMB requests.
Note that this plugin gathers information to be used in other plugins, but does not itself generate a report.
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
Ports
lkazadconnect (UDP/137) Vulnerability State: Active
The following 3 NetBIOS names have been gathered :
LKAZADCONNECT = Computer name

ADL = Workgroup / Domain name
LKAZADCONNECT = File Server Service
The remote host has the following MAC address on its adapter :
00:0d:3a:07:fd:41
10287 - Traceroute Information

Synopsis
It was possible to obtain traceroute information.
Description
Makes a traceroute to the remote host.
Solution
5
N/A
Risk Factor
None
Exploitable with
Plugin Information:
Ports
For your information, here is the traceroute from 192.168.33.11 to 192.168.33.5 :
192.168.33.11
192.168.33.5
Hop Count: 1
10394 - Microsoft Windows SMB Log In Possible

Synopsis
It was possible to log into the remote host.
Description
The remote host is running a Microsoft Windows operating system or Samba, a CIFS/SMB server for Unix. It was
possible to log into it using one of the following accounts :
- Guest account
- Supplied credentials
See Also
http://www.nessus.org/u?5c2589f6
https://support.microsoft.com/en-us/help/246261
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
Ports
lkazadconnect (TCP/445) Vulnerability State: Resurfaced
- The SMB tests will be done as adl\vaadmin/******
10395 - Microsoft Windows SMB Shares Enumeration

Synopsis
It is possible to enumerate remote network shares.
Description
By connecting to the remote host, Nessus was able to enumerate the network share names.
Solution
N/A
Risk Factor
None
Exploitable with
6
Plugin Information:
Ports
Here are the SMB shares available on the remote host when logged in as vaadmin:
- ADMIN$
- C$
- D$
- IPC$
10396 - Microsoft Windows SMB Shares Access

Synopsis
It is possible to access a network share.
Description
The remote has one or more Windows shares that can be accessed through the network with the given credentials.
Depending on the share rights, it may allow an attacker to read / write confidential data.
Solution
To restrict access under Windows, open Explorer, do a right click on each share, go to the 'sharing' tab, and click on
'permissions'.
Risk Factor
None
Exploitable with
Plugin Information:
Ports
The following shares can be accessed as vaadmin :
- ADMIN$ - (readable,writable)
+ Content of this share :
..
ADFS
appcompat
apppatch
AppReadiness
assembly
AzureArcSetup
bcastdvr
bfsvc.exe
BitLockerDiscoveryVolumeContents
Boot
bootstat.dat
Branding
BrowserCore
CbsTemp
Containers
Cursors
debug
diagnostics
DiagTrack
DigitalLocker
Downloaded Program Files
drivers
DtcInstall.log
ELAMBKUP
en-US
explorer.exe
Fonts
Globalization
7
Help
HelpPane.exe
hh.exe
IdentityCRL
IME
ImmersiveControlPanel
INF
InputMethod
Installer
InteractiveVMWorkingDir
L2Schemas
LiveKernelReports
Logs
lsasetup.log
Media
mib.bin
Microsoft.NET
Migration
ModemLogs
notepad.exe
OCR
OEM
Offline Web Pages
Panther
Performance
PFRO.log
PLA
PolicyDefinitions
Prefetch
PrintDialog
Provisioning
regedit.exe
Registration
RemotePackages
rescache
Resources
SchCache
schemas
security
ServerDataCenter.xml
ServiceProfiles
ServiceState
servicing
Setup
ShellComponents
ShellExperiences
SKB
SoftwareDistribution
Speech
Speech_OneCore
splwow64.exe
System
system.ini
System32
SystemApps
SystemResources
SystemTemp
SysWOW64
TAPI
Tasks
Temp
tracing
twain_32
- C$ - (readable,writable)
$WinREAgent
Config.Msi
Documents and Settings
Packages
PerfLogs
Program Files
Program Files (x86)
ProgramData
Recovery
8
System Volume Information
Temp
Users
Windows
WindowsAzure
- D$ - (readable,writable)
CollectGuestLogsTemp
DATALOSS_WARNING_README.txt
DumpStack.log.tmp
pagefile.sys
10398 - Microsoft Windows SMB LsaQueryInformationPolicy Function NULL Session Domain SID
Enumeration
Synopsis
It was possible to obtain the domain SID.
Description
By emulating the call to LsaQueryInformationPolicy(), it was possible to obtain the domain SID (Security Identifier).
The domain SID can then be used to get the list of users of the domain.
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
Ports
The remote domain SID value is :\n1-5-21-2016934633-2723708669-2290440068
10400 - Microsoft Windows SMB Registry Remotely Accessible

Synopsis
Access the remote Windows Registry.
Description
It was possible to access the remote Windows Registry using the login / password combination used for the Windows
local checks (SMB tests).
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
Ports
10456 - Microsoft Windows SMB Service Enumeration
Synopsis
It is possible to enumerate remote services.
Description
9
This plugin implements the SvcOpenSCManager() and SvcEnumServices() calls to obtain, using the SMB protocol,
the list of active and inactive services of the remote host.
An attacker may use this feature to gain better knowledge of the remote host.
Solution
To prevent the listing of the services from being obtained, you should either have tight login restrictions, so that only
trusted users can access your host, and/or you should filter incoming traffic to this port.
Risk Factor
None
References
Exploitable with
Plugin Information:
Ports
Active Services :
Microsoft Azure AD Sync [ ADSync ]

Application Identity [ AppIDSvc ]
Application Information [ Appinfo ]
AppX Deployment Service (AppXSVC) [ AppXSvc ]
Microsoft Azure AD Connect Agent Updater [ AzureADConnectAgentUpdater ]
Base Filtering Engine [ BFE ]
Background Tasks Infrastructure Service [ BrokerInfrastructure ]
Capability Access Manager Service [ camsvc ]
Connected Devices Platform Service [ CDPSvc ]
Certificate Propagation [ CertPropSvc ]
COM+ System Application [ COMSysApp ]
CoreMessaging [ CoreMessagingRegistrar ]
Cryptographic Services [ CryptSvc ]
DCOM Server Process Launcher [ DcomLaunch ]
DHCP Client [ Dhcp ]
Connected User Experiences and Telemetry [ DiagTrack ]
Display Policy Service [ DispBrokerDesktopSvc ]
DNS Client [ Dnscache ]
Diagnostic Policy Service [ DPS ]
Device Setup Manager [ DsmSvc ]
Data Sharing Service [ DsSvc ]
Elastic Agent [ Elastic Agent ]
Windows Event Log [ EventLog ]
COM+ Event System [ EventSystem ]
Windows Font Cache Service [ FontCache ]
Guest Configuration Service [ GCService ]
Group Policy Client [ gpsvc ]
Microsoft Monitoring Agent [ HealthService ]
IKE and AuthIP IPsec Keying Modules [ IKEEXT ]
IP Helper [ iphlpsvc ]
CNG Key Isolation [ KeyIso ]
Server [ LanmanServer ]
Workstation [ LanmanWorkstation ]
Windows License Manager Service [ LicenseManager ]
TCP/IP NetBIOS Helper [ lmhosts ]
Local Session Manager [ LSM ]
Windows Defender Firewall [ mpssvc ]
Distributed Transaction Coordinator [ MSDTC ]
Network Connection Broker [ NcbService ]
Netlogon [ Netlogon ]
Network List Service [ netprofm ]
Network Location Awareness [ NlaSvc ]
Network Store Interface Service [ nsi ]
OMS Gateway [ OMSGatewayService ]
Program Compatibility Assistant Service [ PcaSvc ]
Performance Logs & Alerts [ pla ]
Plug and Play [ PlugPlay ]
10
IPsec Policy Agent [ PolicyAgent ]
Power [ Power ]
User Profile Service [ ProfSvc ]
Remote Access Connection Manager [ RasMan ]
RdAgent [ RdAgent ]
Remote Registry [ RemoteRegistry ]
RPC [...]
10736 - DCE Services Enumeration

Synopsis
A DCE/RPC service is running on the remote host.
Description
By sending a Lookup request to the portmapper (TCP 135 or epmapper PIPE) it was possible to enumerate the
Distributed Computing Environment (DCE) services running on the remote port. Using this information it is possible to
connect and bind to each service by sending an RPC request to the remote port/pipe.
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
Ports
The following DCERPC services are available on TCP port 49670 :
Object UUID : 00000000-0000-0000-0000-000000000000

UUID : 29770a8f-829b-4158-90a2-78cd488501f7, version 1.0
Description : Unknown RPC service
Type : Remote RPC service
TCP Port : 49670
IP : 192.168.33.5
Object UUID : 00000000-0000-0000-0000-000000000000

UUID : 86d35949-83c9-4044-b424-db363231fd0c, version 1.0
TCP Port : 49667
IP : 192.168.33.5
Object UUID : 00000000-0000-0000-0000-000000000000

UUID : 3a9ef155-691d-4449-8d05-09ad57031823, version 1.0
TCP Port : 49667
IP : 192.168.33.5
Object UUID : 765294ba-60bc-48b8-92e9-89fd77769d91

UUID : d95afe70-a6d5-4259-822e-2c84da1ddb0d, version 1.0
TCP Port : 49665
IP : 192.168.33.5
11
Object UUID : 00000000-0000-0000-0000-000000000000

UUID : 12345678-1234-abcd-ef00-0123456789ab, version 1.0
Description : IPsec Services (Windows XP & 2003)
Windows process : lsass.exe
TCP Port : 49673
IP : 192.168.33.5
Object UUID : 00000000-0000-0000-0000-000000000000

UUID : 0b6edbfa-4a24-4fc6-8a23-942b1eca65d1, version 1.0
TCP Port : 49673
IP : 192.168.33.5
Object UUID : 00000000-0000-0000-0000-000000000000

UUID : ae33069b-a2a8-46ee-a235-ddfd339be281, version 1.0
TCP Port : 49673
IP : 192.168.33.5
Object UUID : 00000000-0000-0000-0000-000000000000

UUID : 4a452661-8290-4b36-8fbe-7f4093a94978, version 1.0
TCP Port : 49673
IP : 192.168.33.5
Object UUID : 00000000-0000-0000-0000-000000000000

UUID : 76f03f96-cdfd-44fc-a22c-64950a001209, version 1.0
TCP Port : 49673
IP : 192.168.33.5
The following DCERPC services are available remotely :
Object UUID : 00000000-0000-0000-0000-000000000000

UUID : 650a7e26-eab8-5533-ce43-9c1dfce11511, version 1.0
Annotation : Vpn APIs
Named pipe : \PIPE\ROUTER
Netbios name : \\LKAZADCONNECT
Object UUID : 00000000-0000-0000-0000-000000000000

Named pipe : \pipe\SessEnvPublicRpc
Object UUID : 00000000-0000-0000-0000-000000000000

UUID : 7f1343fe-50a9-4927-a778-0c5859517bac, version 1.0
Annotation : DfsDs service
Named pipe : \PIPE\wkssvc
Object UUID : 00000000-0000-0000-0000-000000000000

UUID : 1ff70682-0a51-30e8-076d-740be8cee98b, version 1.0
Description : Scheduler Service
Windows process : svchost.exe
12
Named pipe : \PIPE\atsvc
Object UUID : 00000000-0000-0000-0000-000000000000

UUID : 378e52b0-c0a9-11cf-822d-00aa0051e40f, version 1.0
Object UUID : 00000000-0000-0000-0000-000000000000

UUID : 33d84484-3626-47ee-8c6f-e7e98b113be1, version 2.0
Object UUID : 00000000-0000-0000-0000-000000000000

Object UUID : 00000000-0000-0000-0000-000000000000

Object UUID : 00000000-0000-0000-0000-000000000000

UUID : [...]
Object UUID : 00000000-0000-0000-0000-000000000000

UUID : 51a227ae-825b-41f2-b4a9-1ac9557a1018, version 1.0
Annotation : Ngc Pop Key Service
TCP Port : 49672
IP : 192.168.33.5
Object UUID : 5fc860e0-6f6e-4fc2-83cd-46324f25e90b

UUID : 0b1c2170-5732-4e0e-8cd3-d9b16f3b84d7, version 0.0
Annotation : RemoteAccessCheck
TCP Port : 49672
IP : 192.168.33.5
Object UUID : 9a81c2bd-a525-471d-a4ed-49907c0b23da

TCP Port : 49672
IP : 192.168.33.5
Object UUID : 00000000-0000-0000-0000-000000000000

UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 2.0
Annotation : KeyIso
TCP Port : 49672
IP : 192.168.33.5
Object UUID : 00000000-0000-0000-0000-000000000000

UUID : 8fb74744-b2ff-4c00-be0d-9ef9a191fe1b, version 1.0
13
TCP Port : 49672
IP : 192.168.33.5
The following DCERPC services are available locally :
Object UUID : 00000000-0000-0000-0000-000000000000

Type : Local RPC service
Named pipe : NETLOGON_LRPC
Object UUID : 00000000-0000-0000-0000-000000000000

Named pipe : MicrosoftLaps_LRPC_0fb2f016-fe45-4a08-a7f9-a467f5e5fa0b
Object UUID : 00000000-0000-0000-0000-000000000000

Named pipe : samss lpc
Object UUID : 00000000-0000-0000-0000-000000000000

Named pipe : SidKey Local End Point
Object UUID : 00000000-0000-0000-0000-000000000000

Named pipe : protected_storage
Object UUID : 00000000-0000-0000-0000-000000000000

Named pipe : lsasspirpc
Object UUID : 00000000-0000-0000-0000-000000000000

Named pipe : lsapolicylookup
Object UUID : 00000000-0000-0000-0000-000000000000

Named pipe : LSA_EAS_ENDPOINT
Object UUID : 00000000-0000-0000-0000-000000000000

UUID : ae2dc901-312d-41df-8b79-e835e63db874, version [...]
Object UUID : 00000000-0000-0000-0000-000000000000

14
TCP Port : 49664
IP : 192.168.33.5
Object UUID : 00000000-0000-0000-0000-000000000000

UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0
Description : Security Account Manager
TCP Port : 49664
IP : 192.168.33.5

TCP Port : 49664
IP : 192.168.33.5

TCP Port : 49664
IP : 192.168.33.5
Object UUID : 00000000-0000-0000-0000-000000000000

Annotation : KeyIso
TCP Port : 49664
IP : 192.168.33.5
Object UUID : 00000000-0000-0000-0000-000000000000

TCP Port : 49664
IP : 192.168.33.5
Object UUID : 00000000-0000-0000-0000-000000000000

UUID : 6b5bdd1e-528c-422c-af8c-a4079be4fe48, version 1.0
Annotation : Remote Fw APIs
TCP Port : 49706
IP : 192.168.33.5
Object UUID : 00000000-0000-0000-0000-000000000000

UUID : f6beaff7-1e19-4fbb-9f8f-b89e2018337c, version 1.0
Annotation : Event log TCPIP
TCP Port : 49666
IP : 192.168.33.5
15
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 367abb81-9844-35f1-ad32-98f038001003, version 2.0
Description : Service Control Manager
TCP Port : 49719
IP : 192.168.33.5
10785 - Microsoft Windows SMB NativeLanManager Remote System Information Disclosure

Synopsis
It was possible to obtain information about the remote operating system.
Description
Nessus was able to obtain the remote operating system name and version (Windows and/or Samba) by sending an
authentication request to port 139 or 445. Note that this plugin requires SMB to be enabled on the host.
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
Ports
Nessus was able to obtain the following information about the host, by
parsing the SMB2 Protocol's NTLM SSP message:
Target Name: ADL

NetBIOS Domain Name: ADL
NetBIOS Computer Name: LKAZADCONNECT
DNS Domain Name: adl.local
DNS Computer Name: LKAZADCONNECT.adl.local
DNS Tree Name: adl.local
Product Version: 10.0.20348
10859 - Microsoft Windows SMB LsaQueryInformationPolicy Function SID Enumeration

Synopsis
It is possible to obtain the host SID for the remote host.
Description
By emulating the call to LsaQueryInformationPolicy(), it was possible to obtain the host SID (Security Identifier).
The host SID can then be used to get the list of local users.
See Also
http://technet.microsoft.com/en-us/library/bb418944.aspx
Solution
You can prevent anonymous lookups of the host SID by setting the 'RestrictAnonymous' registry setting to an
appropriate value.
Refer to the 'See also' section for guidance.
Risk Factor
None
Exploitable with
Plugin Information:
Ports
16
The remote host SID value is :
1-5-21-3230073303-737008294-1742660446
The value of 'RestrictAnonymous' setting is : 0
10897 - Microsoft Windows - Users Information : Disabled Accounts

Synopsis
At least one user account has been disabled.
Description
Using the supplied credentials, Nessus was able to list user accounts that have been disabled.
Solution
Delete accounts that are no longer needed.
Risk Factor
None
Exploitable with
Plugin Information:
Ports
The following user accounts have been disabled :
- DefaultAccount
- Guest
- WDAGUtilityAccount
Note that, in addition to the Administrator, Guest, and Kerberos

accounts, Nessus has enumerated only those domain users with UIDs
between 1000 and 1200. To use a different range, edit the scan policy
and change the 'Start UID' and/or 'End UID' preferences for
'SMB use domain SID to enumerate users' setting, and then re-run the scan.
10898 - Microsoft Windows - Users Information : Never Changed Password

Synopsis
At least one user has never changed his or her password.
Description
Using the supplied credentials, Nessus was able to list users who have never changed their passwords.
Solution
Allow or require users to change their passwords regularly.
Risk Factor
None
Exploitable with
Plugin Information:
Ports
The following users have never changed their passwords :
- DefaultAccount
17
- Guest

10899 - Microsoft Windows - Users Information : User Has Never Logged In

Synopsis
At least one user has never logged into his or her account.
Description
Using the supplied credentials, Nessus was able to list users who have never logged into their accounts.
Solution
Delete accounts that are not needed.
Risk Factor
None
Exploitable with
Plugin Information:
Ports
The following users have never logged in :
- DefaultAccount
- Guest

10902 - Microsoft Windows 'Administrators' Group User List

Synopsis
There is at least one user in the 'Administrators' group.
Description
Using the supplied credentials, it is possible to extract the member list of the 'Administrators' group. Members of this
group have complete access to the remote system.
Solution
Verify that each member of the group should have this type of access.
Risk Factor
None
Exploitable with
Plugin Information:
Ports
The following users are members of the 'Administrators' group :
18
- LKAZADCONNECT\azadmin (User)
- ADL\Domain Admins (Group)
10940 - Remote Desktop Protocol Service Detection

Synopsis
The remote host has an remote desktop protocol service enabled.
Description
The Remote Desktop Protocol allows a user to remotely obtain a graphical login (and therefore act as a local user on
the remote host).
If an attacker gains a valid login and password, this service could be used to gain further access on the remote host.
An attacker may also use this service to mount a dictionary attack against the remote host to try to log in remotely.
Note that RDP (the Remote Desktop Protocol) is vulnerable to Man-in-the-middle attacks, making it easy for attackers
to steal the credentials of legitimate users by impersonating the Windows server.
Solution
Disable the service if you do not use it, and do not allow this service to run across the Internet.
Risk Factor
None
Exploitable with
Plugin Information:
Ports
11011 - Microsoft Windows SMB Service Detection
Synopsis
A file / print sharing service is listening on the remote host.
Description
The remote service understands the CIFS (Common Internet File System) or Server Message Block (SMB) protocol,
used to provide shared access to files, printers, etc between nodes on a network.
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
Ports
An SMB server is running on this port.
A CIFS server is running on this port.
11457 - Microsoft Windows SMB Registry : Winlogon Cached Password Weakness

Synopsis
User credentials are stored in memory.
Description
The registry key 'HKLM\Software\Microsoft\WindowsNT\CurrentVersion\ Winlogon\CachedLogonsCount' is not 0.
Using a value greater than 0 for the CachedLogonsCount key indicates that the remote Windows host locally caches
19
the passwords of the users when they login, in order to continue to allow the users to login in the case of the failure of
the primary domain controller (PDC).
Cached logon credentials could be accessed by an attacker and subjected to brute force attacks.
See Also
http://www.nessus.org/u?184d3eab
http://www.nessus.org/u?fe16cea8
https://technet.microsoft.com/en-us/library/cc957390.aspx
Solution
Consult Microsoft documentation and best practices.
Risk Factor
None
Exploitable with
Plugin Information:
Ports
Max cached logons : 10
11936 - OS Identification
Synopsis
It is possible to guess the remote operating system.
Description
Using a combination of remote probes (e.g., TCP/IP, SMB, HTTP, NTP, SNMP, etc.), it is possible to guess the name
of the remote operating system in use. It is also possible sometimes to guess the version of the operating system.
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
Ports
Remote operating system : Microsoft Windows Server 2022 Datacenter Build 20348
Confidence level : 100
Method : SMB_OS
Not all fingerprints could give a match. If you think some or all of
the following could be used to identify the host's operating system,
please email them to os-signatures@nessus.org. Be sure to include a
brief description of the host itself, such as the actual operating
system or product / model names.
HTTP:Server: Microsoft-HTTPAPI/2.0
SinFP:!:
P1:B11113:F0x12:W65392:O0204ffff:M1410:
P2:B11113:F0x12:W65535:O0204ffff010303080402080affffffff44454144:M1410:
P3:B00000:F0x00:W0:O0:M0
P4:190704_7_p=49667
20
SSLcert:!:i/CN:LKAZADCONNECT.adl.locals/CN:LKAZADCONNECT.adl.local
39f8f0344399ce92554eb35d11627ea4b2dbdd79
The remote host is running Microsoft Windows Server 2022 Datacenter Build 20348
12053 - Host Fully Qualified Domain Name (FQDN) Resolution

Synopsis
It was possible to resolve the name of the remote host.
Description
Nessus was able to resolve the fully qualified domain name (FQDN) of the remote host.
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
Ports
192.168.33.5 resolves as LKAZADCONNECT.adl.local.
16193 - Antivirus Software Check

Synopsis
An antivirus application is installed on the remote host.
Description
An antivirus application is installed on the remote host, and its engine and virus definitions are up to date.
See Also
http://www.nessus.org/u?3ed73b52
https://www.tenable.com/blog/auditing-anti-virus-products-with-nessus
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
Ports
Forefront_Endpoint_Protection :
A Microsoft anti-malware product is installed on the remote host :
Product name : Windows Defender

Path : C:\ProgramData\Microsoft\Windows Defender\Platform
\4.18.23110.3-0\
Version : 4.18.23110.3
Engine version : 1.1.23110.2
Antivirus signature version : 1.403.2259.0
21
Antispyware signature version : 1.403.2259.0
17651 - Microsoft Windows SMB : Obtains the Password Policy

Synopsis
It is possible to retrieve the remote host's password policy using the supplied credentials.
Description
Using the supplied credentials it was possible to extract the password policy for the remote Windows host. The
password policy must conform to the Informational System Policy.
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
Ports
The following password policy is defined on the remote host:
Minimum password len: 10

Password history len: 24
Maximum password age (d): 60
Password must meet complexity requirements: Enabled
Minimum password age (d): 1
Forced logoff time (s): Not set
Locked account time (s): 1800
Time between failed logon (s): 1800
Number of invalid logon before locked out (s): 5
19506 - Nessus Scan Information

Synopsis
This plugin displays information about the Nessus scan.
Description
This plugin displays, for each tested host, information about the scan itself :
- The version of the plugin set.
- The type of scanner (Nessus or Nessus Home).
- The version of the Nessus Engine.
- The port scanner(s) used.
- The port range scanned.
- The ping round trip time
- Whether credentialed or third-party patch management checks are possible.
- Whether the display of superseded patches is enabled
- The date of the scan.
- The duration of the scan.
- The number of hosts scanned in parallel.
- The number of checks done in parallel.
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
Ports
22
Information about this scan :
Nessus version : 10.6.4

Nessus build : 20005
Plugin feed version : 202401170013
Scanner edition used : Nessus
Scanner OS : LINUX
Scanner distribution : es7-x86-64
Scan type : Normal
Scan name : Azure - Windows Server - Host Scan - 2024 Jan
Scan policy used : Advanced Network Scan
Scanner IP : 192.168.33.11
Port scanner(s) : wmi_netstat
Port range : all
Ping RTT : 11.794 ms
Thorough tests : no
Experimental tests : no
Plugin debugging enabled : no
Paranoia level : 1
Report verbosity : 1
Safe checks : yes
Optimize the test : yes
Credentialed checks : yes, as 'adl\vaadmin' via SMB
Patch management checks : None
Display superseded patches : yes (supersedence plugin launched)
CGI scanning : enabled
Web application tests : disabled
Max hosts : 100
Max checks : 5
Recv timeout : 5
Backports : None
Allow post-scan editing : Yes
Nessus Plugin Signature Checking : Enabled
Audit File Signature Checking : Disabled
Scan Start Date : 2024/1/17 5:27 EST
Scan duration : 1317 sec
Scan for malware : no
20811 - Microsoft Windows Installed Software Enumeration (credentialed check)

Synopsis
It is possible to enumerate installed software.
Description
This plugin lists software potentially installed on the remote host by crawling the registry entries in :
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall HKLM\SOFTWARE\Microsoft\Updates
Note that these entries do not necessarily mean the applications are actually installed on the remote host - they may
have been left behind by uninstallers, or the associated files may have been manually removed.
Solution
Remove any applications that are not compliant with your organization's acceptable use and security policies.
Risk Factor
None
References
Exploitable with
Plugin Information:
Ports
The following software are installed on the remote host :
Microsoft Edge [version 120.0.2210.133] [installed on 2024/01/14]
23
Microsoft Edge Update [version 1.3.181.5]
OMS Gateway [version 1.0.448.0] [installed on 2022/04/26]
Microsoft .NET Toolset 6.0.417 (x64) [version 24.6.59110] [installed on 2023/11/21]
Microsoft ASP.NET Core 3.1.20 Shared Framework (x64) [version 3.1.20.21472] [installed on
2021/11/03]
Microsoft ASP.NET Core 6.0.25 Targeting Pack (x64) [version 6.0.25.23523] [installed on
2023/11/21]
Microsoft .NET Core 3.1.20 - Windows Server Hosting [version 3.1.20.21472]
Microsoft .NET Host - 5.0.11 (x64) [version 40.44.30523] [installed on 2021/11/03]
Microsoft .NET AppHost Pack - 6.0.25 (x64_arm64) [version 48.100.4028] [installed on 2023/11/21]
Microsoft .NET AppHost Pack - 6.0.25 (x64) [version 48.100.4028] [installed on 2023/11/21]
Microsoft ASP.NET Core 5.0.11 - Shared Framework (x64) [version 5.0.11.21476]
Microsoft .NET SDK 6.0.417 (x64) [version 6.4.1723.52326]
Microsoft .NET Host FX Resolver - 5.0.11 (x64) [version 40.44.30523] [installed on 2021/11/03]
Microsoft .NET Runtime - 6.0.25 (x64) [version 48.100.4028] [installed on 2023/11/21]
Microsoft .NET Core Runtime - 3.1.20 (x86) [version 3.1.20.30521]
2021/11/03]
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.29.30036 [version 14.29.30036.3]
Microsoft Visual C++ 2019 X64 Additional Runtime - 14.29.30036 [version 14.29.30036] [installed
on 2021/12/13]
Microsoft Azure AD Connect Agent Updater [version 1.5.3599.0] [installed on 2024/01/09]
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.40660 [version 12.0.40660] [installed on
2021/12/11]
Microsoft ODBC Driver 17 for SQL Server [version 17.10.5.1] [installed on 2024/01/09]
Microsoft.NET.Sdk.tvOS.Manifest-6.0.300 [version 125.191.42208] [installed on [...]
21643 - SSL Cipher Suites Supported

Synopsis
The remote service encrypts communications using SSL.
Description
This plugin detects which SSL ciphers are supported by the remote service for encrypting communications.
See Also
https://www.openssl.org/docs/man1.0.2/man1/ciphers.html
http://www.nessus.org/u?e17ffced
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
Ports
Here is the list of SSL ciphers supported by the remote server :

Each group is reported per SSL Version.
SSL Version : TLSv12

High Strength Ciphers (>= 112-bit key)
Name Code KEX Auth Encryption

MAC
---------------------- ---------- --- ---- ---------------------
---
ECDHE-RSA-AES128-SHA256 0xC0, 0x2F ECDH RSA AES-GCM(128)
SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x30 ECDH RSA AES-GCM(256)
SHA384
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128)
SHA256
24
SHA384
The fields above are :
{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
Note that this service does not encrypt traffic by default but does
support upgrading to an encrypted connection using STARTTLS.
22964 - Service Detection

Synopsis
The remote service could be identified.
Description
Nessus was able to identify the remote service by its banner or by looking at the error message it sends when it
receives an HTTP request.
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
Ports
A web server is running on this port.



23974 - Microsoft Windows SMB Share Hosting Office Files

Synopsis
The remote share contains Office-related files.
Description
This plugin connects to the remotely accessible SMB shares and attempts to find office related files (such
as .doc, .ppt, .xls, .pdf etc).
Solution
Make sure that the files containing confidential information have proper access controls set on them.
Risk Factor
None
Exploitable with
Plugin Information:
25
Ports
Here is a list of office files which have been found on the remote SMB
shares :
+ C$ :
- C:\Windows\System32\MSDRM\MsoIrmProtector.doc
- C:\Windows\SysWOW64\MSDRM\MsoIrmProtector.doc
- C:\Windows\WinSxS\amd64_microsoft-windows-r..t-office-
protectors_31bf3856ad364e35_10.0.20348.1_none_973a2dbdbe834c5f\MsoIrmProtector.doc
- C:\Windows\WinSxS\wow64_microsoft-windows-r..t-office-
protectors_31bf3856ad364e35_10.0.20348.1_none_a18ed80ff2e40e5a\MsoIrmProtector.doc
- C:\Windows\System32\MSDRM\MsoIrmProtector.ppt
- C:\Windows\SysWOW64\MSDRM\MsoIrmProtector.ppt
protectors_31bf3856ad364e35_10.0.20348.1_none_973a2dbdbe834c5f\MsoIrmProtector.ppt
protectors_31bf3856ad364e35_10.0.20348.1_none_a18ed80ff2e40e5a\MsoIrmProtector.ppt
- C:\Windows\System32\MSDRM\MsoIrmProtector.xls
- C:\Windows\SysWOW64\MSDRM\MsoIrmProtector.xls
protectors_31bf3856ad364e35_10.0.20348.1_none_973a2dbdbe834c5f\MsoIrmProtector.xls
protectors_31bf3856ad364e35_10.0.20348.1_none_a18ed80ff2e40e5a\MsoIrmProtector.xls
24260 - HyperText Transfer Protocol (HTTP) Information

Synopsis
Some information about the remote HTTP configuration can be extracted.
Description
This test gives some information about the remote HTTP protocol - the version used, whether HTTP Keep-Alive and
HTTP pipelining are enabled, etc...
This test is informational only and does not denote any security problem.
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
Ports
Response Code : HTTP/1.1 404 Not Found
Protocol version : HTTP/1.1

SSL : no
Keep-Alive : no
Options allowed : (Not implemented)
Headers :
Content-Type: text/html; charset=us-ascii

Server: Microsoft-HTTPAPI/2.0
Date: Wed, 17 Jan 2024 10:33:08 GMT
Connection: close
Content-Length: 315
Response Body :
26

SSL : no
Keep-Alive : no
Headers :
Content-Type: text/plain; charset=utf-8

X-Content-Type-Options: nosniff
Date: Wed, 17 Jan 2024 10:33:08 GMT
Content-Length: 19
Connection: close
Response Body :

SSL : no
Keep-Alive : no
Headers :

Date: Wed, 17 Jan 2024 10:33:08 GMT
Connection: close
Content-Length: 315
Response Body :
Response Code : HTTP/1.1 400 Bad request

SSL : no
Keep-Alive : no
Headers :
Response Body :
24269 - WMI Available

Synopsis
WMI queries can be made against the remote host.
Description
The supplied credentials can be used to make WMI (Windows Management Instrumentation) requests against the
remote host over DCOM.
These requests can be used to gather information about the remote host, such as its current state, network interface
configuration, etc.
See Also
https://docs.microsoft.com/en-us/windows/win32/wmisdk/wmi-start-page
Solution
N/A
Risk Factor
None
Exploitable with
27
Plugin Information:
Ports
The remote host returned the following caption from Win32_OperatingSystem:
Microsoft Windows Server 2022 Datacenter
24270 - Computer Manufacturer Information (WMI)

Synopsis
It is possible to obtain the name of the remote computer manufacturer.
Description
By making certain WMI queries, it is possible to obtain the model of the remote computer as well as the name of its
manufacturer and its serial number.
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
Ports
Computer Manufacturer : Microsoft Corporation

Computer Model : Virtual Machine
Computer SerialNumber : 0000-0007-6634-1532-2172-9993-56
Computer Type : Desktop
Computer Physical CPU's : 1

Computer Logical CPU's : 2
CPU0
Architecture : x64
Physical Cores: 1
Logical Cores : 2
Computer Memory : 8190 MB

None
Form Factor: Unknown
Type : Unknown
Capacity : 1024 MB
None
Type : Unknown
Capacity : 7168 MB
24272 - Network Interfaces Enumeration (WMI)

Synopsis
Nessus was able to obtain the list of network interfaces on the remote host.
Description
Nessus was able, via WMI queries, to extract a list of network interfaces on the remote host and the IP addresses
attached to them.
Note that this plugin only enumerates IPv6 addresses for systems running Windows Vista or later.
See Also
http://www.nessus.org/u?b362cab2
Solution
N/A
28
Risk Factor
None
Exploitable with
Plugin Information:
Ports
+ Network Interface Information :
- Network Interface = [00000001] Microsoft Hyper-V Network Adapter

- MAC Address = 00:0D:3A:07:FD:41
- IPAddress/IPSubnet = 192.168.33.5/255.255.255.0
- Network Interface = [00000014] Mellanox ConnectX-4 Lx Virtual Ethernet Adapter

- MAC Address = 00:0D:3A:07:FD:41
+ Routing Information :
Destination Netmask Gateway

----------- ------- -------
0.0.0.0 0.0.0.0 192.168.33.1
127.0.0.0 255.0.0.0 0.0.0.0
127.0.0.1 255.255.255.255 0.0.0.0
127.255.255.255 255.255.255.255 0.0.0.0
192.168.33.0 255.255.255.0 0.0.0.0
192.168.33.5 255.255.255.255 0.0.0.0
192.168.33.255 255.255.255.255 0.0.0.0
224.0.0.0 240.0.0.0 0.0.0.0
224.0.0.0 240.0.0.0 0.0.0.0
255.255.255.255 255.255.255.255 0.0.0.0
255.255.255.255 255.255.255.255 0.0.0.0
25220 - TCP/IP Timestamps Supported

Synopsis
The remote service implements TCP timestamps.
Description
The remote host implements TCP timestamps, as defined by RFC1323. A side effect of this feature is that the uptime
of the remote host can sometimes be computed.
See Also
http://www.ietf.org/rfc/rfc1323.txt
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
Ports
33139 - WS-Management Server Detection
Synopsis
The remote web server is used for remote management.
Description
29
The remote web server supports the Web Services for Management (WS-Management) specification, a general web
services protocol based on SOAP for managing systems, applications, and other such entities.
See Also
https://www.dmtf.org/standards/ws-man
https://en.wikipedia.org/wiki/WS-Management
Solution
Limit incoming traffic to this port if desired.
Risk Factor
None
Exploitable with
Plugin Information:
Ports
Here is some information about the WS-Management Server :
Product Vendor : Microsoft Corporation

Product Version : OS: 0.0.0 SP: 0.0 Stack: 3.0
34220 - Netstat Portscanner (WMI)

Synopsis
Remote open ports can be enumerated via WMI.
Description
Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.
See Also
https://en.wikipedia.org/wiki/Netstat
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
Ports
Port 49667/tcp was found to be open




30
Nessus was able to find 29 open ports.
lkazadconnect (UDP/500) Vulnerability State: Resurfaced

Port 500/udp was found to be open




















31

34252 - Microsoft Windows Remote Listeners Enumeration (WMI)

Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.
Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
Ports
The Win32 process 'System' is listening on this port (pid 4).
The Win32 process 'svchost.exe' is listening on this port (pid 1380).
This process 'svchost.exe' (pid 1380) is hosting the following Windows services :
Dnscache (@%SystemRoot%\System32\dnsapi.dll,-101)
The Win32 process 'lsass.exe' is listening on this port (pid 788).
This process 'lsass.exe' (pid 788) is hosting the following Windows services :
KeyIso (@keyiso.dll,-100)
Netlogon (@%SystemRoot%\System32\netlogon.dll,-102)
SamSs (@%SystemRoot%\system32\samsrv.dll,-1)
32
The Win32 process 'elastic-agent.exe' is listening on this port (pid 3136).
This process 'elastic-agent.exe' (pid 3136) is hosting the following Windows services :
Elastic Agent (Elastic Agent)
TermService (@%SystemRoot%\System32\termsrv.dll,-268)
The Win32 process 'wininit.exe' is listening on this port (pid 636).
The Win32 process 'Microsoft.HttpForwarder.WindowsService.exe' is listening on this port (pid

3324).
This process 'Microsoft.HttpForwarder.WindowsService.exe' (pid 3324) is hosting the following

Windows services :
OMSGatewayService (OMS Gateway)
EventLog (@%SystemRoot%\system32\wevtsvc.dll,-200)
SessionEnv (@%SystemRoot%\System32\SessEnv.dll,-1026)
The Win32 process 'spoolsv.exe' is listening on this port (pid 2564).
This process 'spoolsv.exe' (pid 2564) is hosting the following Windows services :
Spooler (@%systemroot%\system32\spoolsv.exe,-1)
33
Schedule (@%SystemRoot%\system32\schedsvc.dll,-100)
The Win32 process 'services.exe' is listening on this port (pid 772).
IKEEXT (@%SystemRoot%\system32\ikeext.dll,-501)
RpcEptMapper (@%windir%\system32\RpcEpMap.dll,-1001)
RpcSs (@combase.dll,-5010)
PolicyAgent (@%SystemRoot%\System32\polstore.dll,-5010)
34
W32Time (@%SystemRoot%\system32\w32time.dll,-200)
Winmgmt (@%Systemroot%\system32\wbem\wmisvc.dll,-205)
35716 - Ethernet Card Manufacturer Detection

Synopsis
The manufacturer can be identified from the Ethernet OUI.
Description
Each ethernet MAC address starts with a 24-bit Organizationally Unique Identifier (OUI). These OUIs are registered
by IEEE.
See Also
https://standards.ieee.org/faqs/regauth.html
http://www.nessus.org/u?794673b4
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
Ports
The following card manufacturers were identified :
00:0D:3A:07:FD:41 : Microsoft Corp.
38153 - Microsoft Windows Summary of Missing Patches

Synopsis
The remote host is missing several Microsoft security patches.
Description
This plugin summarizes updates for Microsoft Security Bulletins or Knowledge Base (KB) security updates that have
not been installed on the remote Windows host based on the results of either a credentialed check using the supplied
credentials or a check done using a supported third-party patch management tool.
Note the results of missing patches also include superseded patches.
Review the summary and apply any missing updates in order to be up to date.
Solution
Run Windows Update on the remote host or use a patch management solution.
Risk Factor
None
35
Exploitable with
Plugin Information:
Ports
The patches for the following bulletins or KBs are missing on the remote host :
- KB5033118 ( https://support.microsoft.com/en-us/help/5033118 )
38689 - Microsoft Windows SMB Last Logged On User Disclosure

Synopsis
Nessus was able to identify the last logged on user on the remote host.
Description
By connecting to the remote host with the supplied credentials, Nessus was able to identify the username associated
with the last successful logon.
Microsoft documentation notes that interactive console logons change the DefaultUserName registry entry to be the
last logged-on user.
See Also
http://www.nessus.org/u?a29751b5
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
Ports
Last Successful logon : .\Administrator
42897 - SMB Registry : Start the Registry Service during the scan (WMI)
Synopsis
The registry service was enabled for the duration of the scan.
Description
To perform a full credentialed scan, Nessus needs the ability to connect to the remote registry service
(RemoteRegistry). If the service is down, this plugin will attempt to start for the duration of the scan.
For this plugin to work, you need to select the option 'Start the Remote Registry service during the scan' on the
credentials page when you add your Windows credentials.
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
36
Ports
The registry service was successfully started for the duration of the scan.
42898 - SMB Registry : Stop the Registry Service after the scan (WMI)
Synopsis
The registry service was stopped after the scan.
Description
(RemoteRegistry). If the service is down and if Nessus automatically enabled the registry for the duration of the scan,
this plugins will stop it afterwards.
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
Ports
The registry service was successfully stopped after the scan.
44401 - Microsoft Windows SMB Service Config Enumeration

Synopsis
It was possible to enumerate configuration parameters of remote services.
Description
Nessus was able to obtain, via the SMB protocol, the launch parameters of each active service on the remote host
(executable path, logon type, etc.).
Solution
Ensure that each service is configured properly.
Risk Factor
None
References
Exploitable with
Plugin Information:
Ports
The following services are set to start automatically :
ADSync startup parameters :

Display name : Microsoft Azure AD Sync
Service name : ADSync
Log on as : NT SERVICE\ADSync
Executable path : "C:\Program Files\Microsoft Azure AD Sync\Bin\miiserver.exe"
Dependencies : winmgmt/
AppIDSvc startup parameters :
37
Display name : Application Identity
Service name : AppIDSvc
Log on as : NT Authority\LocalService
Executable path : C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p
Dependencies : RpcSs/AppID/CryptSvc/
AzureADConnectAgentUpdater startup parameters :

Display name : Microsoft Azure AD Connect Agent Updater
Service name : AzureADConnectAgentUpdater
Log on as : NT Authority\System
Executable path : "C:\Program Files\Microsoft Azure AD Connect Agent Updater
\AzureADConnectAgentUpdater.exe"
AzureADConnectHealthAgent startup parameters :

Display name : Microsoft Entra Connect Health Agent
Service name : AzureADConnectHealthAgent
Log on as : LocalSystem
Executable path : "C:\Program Files\Microsoft Azure AD Connect Health Agent
\Microsoft.Identity.Health.AgentV15.Service.exe"
BFE startup parameters :

Display name : Base Filtering Engine
Service name : BFE
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\system32\svchost.exe -k LocalServiceNoNetworkFirewall -p
Dependencies : RpcSs/
BrokerInfrastructure startup parameters :

Display name : Background Tasks Infrastructure Service
Service name : BrokerInfrastructure
Executable path : C:\Windows\system32\svchost.exe -k DcomLaunch -p
Dependencies : RpcEptMapper/DcomLaunch/RpcSs/
CDPSvc startup parameters :

Display name : Connected Devices Platform Service
Service name : CDPSvc
Executable path : C:\Windows\system32\svchost.exe -k LocalService -p
Dependencies : ncbservice/RpcSS/Tcpip/
CDPUserSvc_4c9c2d startup parameters :

[...]
44871 - WMI Windows Feature Enumeration

Synopsis
It is possible to enumerate Windows features using WMI.
Description
Nessus was able to enumerate the server features of the remote host by querying the 'Win32_ServerFeature' class
of the '\Root\cimv2' WMI namespace for Windows Server versions or the 'Win32_OptionalFeature' class of the '\Root
\cimv2' WMI namespace for Windows Desktop versions.
Note that Features can only be enumerated for Windows 7 and later for desktop versions.
See Also
https://msdn.microsoft.com/en-us/library/cc280268
https://docs.microsoft.com/en-us/windows/desktop/WmiSdk/querying-the-status-of-optional-features
Solution
N/A
Risk Factor
None
References
Exploitable with
38
Plugin Information:
Ports
Nessus enumerated the following Windows features :
- .NET Framework 4.8

- .NET Framework 4.8 Features
- Azure Arc Setup
- BitLocker Drive Encryption
- Enhanced Storage
- File and Storage Services
- Microsoft Defender Antivirus
- Storage Services
- System Data Archiver
- TCP Port Sharing
- WCF Services
- Windows PowerShell
- Windows PowerShell 5.1
- WoW64 Support
- XPS Viewer
45590 - Common Platform Enumeration (CPE)

Synopsis
It was possible to enumerate CPE names that matched on the remote system.
Description
By using information obtained from a Nessus scan, this plugin reports CPE (Common Platform Enumeration) matches
for various hardware and software products found on a host.
Note that if an official CPE is not available for the product, this plugin computes the best possible CPE based on the
information available from the scan.
See Also
http://cpe.mitre.org/
https://nvd.nist.gov/products/cpe
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
Ports
The remote operating system matched the following CPE :
cpe:/o:microsoft:windows_server_2022:::x64-datacenter
Following application CPE's matched on the remote system :
cpe:/a:haxx:curl:8.4.0.0 -> Haxx Curl

cpe:/a:microsoft:.net_core:3.1.20.30521 -> Microsoft .NET Core
cpe:/a:microsoft:.net_core:6.0.25 -> Microsoft .NET Core
cpe:/a:microsoft:.net_core:6.0.417 -> Microsoft .NET Core
cpe:/a:microsoft:.net_framework:4.8 -> Microsoft .NET Framework
cpe:/a:microsoft:.net_framework:4.8.4682.0 -> Microsoft .NET Framework
cpe:/a:microsoft:asp.net_core:3.1.20 -> Microsoft ASP.NET Core
39
cpe:/a:microsoft:edge:120.0.2210.133 -> Microsoft Edge
cpe:/a:microsoft:ie:11.1.20348.0 -> Microsoft Internet Explorer
cpe:/a:microsoft:internet_explorer:11.0.20348.2110 -> Microsoft Internet Explorer
cpe:/a:microsoft:remote_desktop_connection:10.0.20348.1850 -> Microsoft Remote Desktop
Connection
cpe:/a:microsoft:sql_server:15.0.4138.2 -> Microsoft SQLServer
cpe:/a:microsoft:system_center_endpoint_protection:4.18.23110.3 -> Microsoft System Center
Endpoint Protection
cpe:/a:microsoft:system_center_operations_manager -> Microsoft System Center Operations Manager
cpe:/a:microsoft:windows_defender:4.18.23110.3 -> Microsoft Windows Defender
cpe:/a:microsoft:windows_defender_atp:1.35
x-cpe:/a:microsoft:azure_active_directory_connect:2.3.2.0
x-cpe:/a:microsoft:odbc_driver_for_sql_server:17.10.5.1
x-cpe:/a:microsoft:ole_db_driver_for_sql_server:18.6.7.0
48337 - Windows ComputerSystemProduct Enumeration (WMI)

Synopsis
It is possible to obtain product information from the remote host using WMI.
Description
By querying the WMI class 'Win32_ComputerSystemProduct', it is possible to extract product information about the
computer system such as UUID, IdentifyingNumber, vendor, etc.
See Also
http://www.nessus.org/u?a21ce849
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
Ports
+ Computer System Product

- IdentifyingNumber : 0000-0007-6634-1532-2172-9993-56
- Description : Computer System Product
- Vendor : Microsoft Corporation
- Name : Virtual Machine
- UUID : 6A59EBA2-0C68-46BC-902A-FE950C42B5BB
- Version : Hyper-V UEFI Release v4.1
48763 - Microsoft Windows 'CWDIllegalInDllSearch' Registry Setting

Synopsis
CWDIllegalInDllSearch Settings: Improper settings could allow code execution attacks.
Description
Windows Hosts can be hardened against DLL hijacking attacks by setting the The 'CWDIllegalInDllSearch' registry
entry in to one of the following settings:
- 0xFFFFFFFF (Removes the current working directory from the default DLL search order)
- 1 (Blocks a DLL Load from the current working directory if the current working directory is set to a WebDAV folder)
- 2 (Blocks a DLL Load from the current working directory if the current working directory is set to a remote folder)
See Also
http://www.nessus.org/u?0c574c56
http://www.nessus.org/u?5234ef0c
Solution
40
N/A
Risk Factor
None
Exploitable with
Plugin Information:
Ports
Name : SYSTEM\CurrentControlSet\Control\Session Manager\CWDIllegalInDllSearch

Value : Registry Key Empty or Missing
48942 - Microsoft Windows SMB Registry : OS Version and Processor Architecture

Synopsis
It was possible to determine the processor architecture, build lab strings, and Windows OS version installed on the
remote system.
Description
Nessus was able to determine the processor architecture, build lab strings, and the Windows OS version installed on
the remote system by connecting to the remote registry with the supplied credentials.
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
Ports
Operating system version = 10.20348
Architecture = x64
Build lab extended = 20348.1.amd64fre.fe_release.210507-1500
50346 - Microsoft Update Installed

Synopsis
A software updating service is installed.
Description
Microsoft Update, an expanded version of Windows Update, is installed on the remote Windows host. This service
provides updates for the operating system and Internet Explorer as well as other Windows software such as Microsoft
Office, Exchange, and SQL Server.
See Also
http://update.microsoft.com/microsoftupdate/v6/default.aspx
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
41
Ports
50859 - Microsoft Windows SMB : WSUS Client Configured
Synopsis
The remote Windows host is utilizing a WSUS server.
Description
The remote host is configured to utilize a Windows Server Update Services (WSUS) server.
See Also
https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/
cc708554(v=ws.10)
cc708449(v=ws.10)
https://docs.microsoft.com/en-us/previous-versions/technet-magazine/gg153542(v=msdn.10)
Solution
Verify the remote host is configured to utilize the correct WSUS server.
Risk Factor
None
Exploitable with
Plugin Information:
Ports
This host is configured to get updates from the following WSUS server :
http://LKWSUS.adl.local:8530
WSUS Environment Options :
ElevateNonAdmins : undefined
TargetGroup : undefined
TargetGroupEnabled : undefined
Automatic Update settings :
AUOptions : 7
AutoInstallMinorUpdates : undefined
DetectionFrequency : undefined
DetectionFrequencyEnabled : undefined
NoAutoRebootWithLoggedOnUsers : undefined
NoAutoUpdate : 0
RebootRelaunchTimeout : undefined
RebootRelaunchTimeoutEnabled : undefined
RebootWarningTimeout : undefined
RebootWarningTimeoutEnabled : undefined
RescheduleWaitTime : undefined
RescheduleWaitTimeEnabled : undefined
ScheduledInstallDay : 0
ScheduledInstallTime : 5
51187 - WMI Encryptable Volume Enumeration

Synopsis
The remote Windows host has encryptable volumes available.
Description
42
By connecting to the remote host with the supplied credentials, this plugin enumerates encryptable volume information
available on the remote host via WMI.
See Also
http://www.nessus.org/u?8aa7973e
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
Ports
Here is a list of encryptable volumes available on the remote system :
+ DriveLetter D:
- Automatic Unlock : Disabled

- BitLocker Version : None
- Conversion Status : Fully Decrypted
- DeviceID : \\?\Volume{6a59eba2-0000-0000-0000-100000000000}\
- Encryption Method : None
- Identification Field : None
- Key Protectors : None Found
- Lock Status : Unlocked
- Percentage Encrypted : 0.0%
- Protection Status : Protection Off
- Size : 16.00 GB
+ DriveLetter C:

- DeviceID : \\?\Volume{ed902b05-7c7a-4093-8f9d-6f4688ed4611}\
- Size : 126.45 GB
51192 - SSL Certificate Cannot Be Trusted

Synopsis
The SSL certificate for this service cannot be trusted.
Description
The server's X.509 certificate cannot be trusted. This situation can occur in three different ways, in which the chain of
trust can be broken, as stated below :
- First, the top of the certificate chain sent by the server might not be descended from a known public certificate
authority. This can occur either when the top of the chain is an unrecognized, self-signed certificate, or when
intermediate certificates are missing that would connect the top of the certificate chain to a known public certificate
authority.
- Second, the certificate chain may contain a certificate that is not valid at the time of the scan. This can occur either
when the scan occurs before one of the certificate's 'notBefore' dates, or after one of the certificate's 'notAfter' dates.
- Third, the certificate chain may contain a signature that either didn't match the certificate's information or could not
be verified. Bad signatures can be fixed by getting the certificate with the bad signature to be re-signed by its issuer.
Signatures that could not be verified are the result of the certificate's issuer using a signing algorithm that Nessus
either does not support or does not recognize.
43
If the remote host is a public host in production, any break in the chain makes it more difficult for users to verify the
authenticity and identity of the web server. This could make it easier to carry out man-in-the-middle attacks against the
remote host.
See Also
https://www.itu.int/rec/T-REC-X.509/en
https://en.wikipedia.org/wiki/X.509
Solution
Purchase or generate a proper SSL certificate for this service.
Risk Factor
Medium
CVSS v3.0 Base Score
6.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)
CVSS Base Score
6.4 (AV:N/AC:L/Au:N/C:P/I:P/A:N)
Exploitable with
Plugin Information:
Ports
The following certificate was at the top of the certificate

chain sent by the remote host, but it is signed by an unknown
certificate authority :
|-Subject : CN=LKAZADCONNECT.adl.local
|-Issuer : CN=LKAZADCONNECT.adl.local
52001 - WMI QuickFixEngineering (QFE) Enumeration

Synopsis
The remote Windows host has quick-fix engineering updates installed.
Description
By connecting to the remote host with the supplied credentials, this plugin enumerates quick-fix engineering updates
installed on the remote host via WMI.
See Also
http://www.nessus.org/u?0c4ec249
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
Ports
Here is a list of quick-fix engineering updates installed on the

remote system :
+ KB5031993
44
- Description : Update
- InstalledOn : 12/20/2023
+ KB5012170
- Description : Security Update
+ KB5032198
+ KB5032310
Note that for detailed information on installed QFE's such as InstalledBy, Caption,
and so on, please run the scan with 'Report Verbosity' set to 'verbose'.
55472 - Device Hostname

Synopsis
It was possible to determine the remote system hostname.
Description
This plugin reports a device's hostname collected via SSH or WMI.
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
Ports
Hostname : LKAZADCONNECT
LKAZADCONNECT (WMI)
56984 - SSL / TLS Versions Supported

Synopsis
The remote service encrypts communications.
Description
This plugin detects which SSL and TLS versions are supported by the remote service for encrypting communications.
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
Ports
This port supports TLSv1.2.
57041 - SSL Perfect Forward Secrecy Cipher Suites Supported

Synopsis
45
The remote service supports the use of SSL Perfect Forward Secrecy ciphers, which maintain confidentiality even if
the key is stolen.
Description
The remote host supports the use of SSL ciphers that offer Perfect Forward Secrecy (PFS) encryption. These cipher
suites ensure that recorded SSL traffic cannot be broken at a future date if the server's private key is compromised.
See Also
https://www.openssl.org/docs/manmaster/man1/ciphers.html
https://en.wikipedia.org/wiki/Diffie-Hellman_key_exchange
https://en.wikipedia.org/wiki/Perfect_forward_secrecy
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
Ports
Here is the list of SSL PFS ciphers supported by the remote server :

MAC
---------------------- ---------- --- ---- ---------------------
---
SHA256
SHA384
SHA256
SHA384
{Cipher ID code}
Kex={key exchange}
{export flag}
57582 - SSL Self-Signed Certificate

Synopsis
The SSL certificate chain for this service ends in an unrecognized self-signed certificate.
Description
The X.509 certificate chain for this service is not signed by a recognized certificate authority. If the remote host is a
public host in production, this nullifies the use of SSL as anyone could establish a man-in-the-middle attack against
the remote host.
Note that this plugin does not check for certificate chains that end in a certificate that is not self-signed, but is signed
by an unrecognized certificate authority.
Solution
46
Risk Factor
Medium
CVSS Base Score
Exploitable with
Plugin Information:
Ports
The following certificate was found at the top of the certificate

chain sent by the remote host, but is self-signed and was not
found in the list of known certificate authorities :
|-Subject : CN=LKAZADCONNECT.adl.local
57608 - SMB Signing not required

Synopsis
Signing is not required on the remote SMB server.
Description
Signing is not required on the remote SMB server. An unauthenticated, remote attacker can exploit this to conduct
man-in-the-middle attacks against the SMB server.
See Also
http://www.nessus.org/u?df39b8b3
http://technet.microsoft.com/en-us/library/cc731957.aspx
https://www.samba.org/samba/docs/current/man-html/smb.conf.5.html
http://www.nessus.org/u?a3cac4ea
Solution
Enforce message signing in the host's configuration. On Windows, this is found in the policy setting 'Microsoft network
server: Digitally sign communications (always)'. On Samba, the setting is called 'server signing'. See the 'see also'
links for further details.
Risk Factor
Medium
5.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
CVSS v3.0 Temporal Score
4.6 (E:U/RL:O/RC:C)
CVSS Base Score
5.0 (AV:N/AC:L/Au:N/C:N/I:P/A:N)
CVSS Temporal Score
3.7 (E:U/RL:OF/RC:C)
Exploitable with
47
Plugin Information:
Ports
58181 - Windows DNS Server Enumeration
Synopsis
Nessus enumerated the DNS servers being used by the remote Windows host.
Description
Nessus was able to enumerate the DNS servers configured on the remote Windows host by looking in the registry.
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
Ports
Nessus enumerated DNS servers for the following interfaces :
Interface: {959c826c-a0ff-4cb0-918f-530dfa4b6a31}
Network Connection : Ethernet
NameServer: 192.168.33.4,192.168.20.240
58452 - Microsoft Windows Startup Software Enumeration

Synopsis
It is possible to enumerate startup software.
Description
This plugin lists software that is configured to run on system startup by crawling the registry entries in :
- HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
- HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersi on\Run
Solution
Review the list of applications and remove any that are not compliant with your organization's acceptable use and
security policies.
Risk Factor
None
Exploitable with
Plugin Information:
Ports
The following startup item was found :
AzureArcSetup - %windir%\AzureArcSetup\Systray\AzureArcSysTray.exe
SecurityHealth - %windir%\system32\SecurityHealthSystray.exe
62042 - SMB QuickFixEngineering (QFE) Enumeration

Synopsis
48
The remote host has quick-fix engineering updates installed.
Description
By connecting to the host with the supplied credentials, this plugin enumerates quick-fix engineering updates installed
on the remote host via the registry.
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
Ports

remote system :
KB5004330, Installed on: 2021/11/03

KB5012170, Installed on: 2023/04/20
KB5022507, Installed on: 2023/04/20
KB5029928, Installed on: 2023/10/29
KB5030999, Installed on: 2023/11/21
KB5031993, Installed on: 2023/12/20
63080 - Microsoft Windows Mounted Devices

Synopsis
It is possible to get a list of mounted devices that may have been connected to the remote system in the past.
Description
By connecting to the remote host with the supplied credentials, this plugin enumerates mounted devices that have
been connected to the remote host in the past.
See Also
http://www.nessus.org/u?99fcc329
Solution
Make sure that the mounted drives agree with your organization's acceptable use and security policies.
Risk Factor
None
Exploitable with
Plugin Information:
Ports
Name : \dosdevices\e:
Data : \??\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#5&394b69d0&0&000002#{53f5630d-
b6bf-11d0-94f2-00a0c91efb8b}
Raw data :
5c003f003f005c00530043005300490023004300640052006f006d002600560065006e005f004d007300660074002600500072006f006
Name : \dosdevices\d:
Data : Yj
Raw data : a2eb596a0000100000000000
Name : \??\volume{eb0f30f1-57d3-11ec-8658-806e6f6e6963}
49
b6bf-11d0-94f2-00a0c91efb8b}
Raw data :
5c003f003f005c00530043005300490023004300640052006f006d002600560065006e005f004d007300660074002600500072006f006
Name : \dosdevices\c:
Data : DMIO:ID:+z|@oFF
Raw data : 444d494f3a49443a052b90ed7a7c93408f9d6f4688ed4611
63418 - Microsoft System Center Operations Manager Component Installed

Synopsis
A data center management system component is installed on the remote Windows host.
Description
Microsoft System Center Operations Manager (SCOM, formerly known as Microsoft Operations Manager) is a data
center management system. A component of the SCOM system is installed on the remote host.
See Also
http://www.nessus.org/u?76f71a39
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
Ports
Path : C:\Program Files\Microsoft Monitoring Agent\Agent\

Version : unknown
63620 - Windows Product Key Retrieval

Synopsis
This plugin retrieves the Windows Product key of the remote Windows host.
Description
Using the supplied credentials, Nessus was able to obtain the retrieve the Windows host's partial product key'.
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
Ports
Product key : XXXXX-XXXXX-XXXXX-XXXXX-6VM33
Note that all but the final portion of the key has been obfuscated.
64582 - Netstat Connection Information

Synopsis
50
Nessus was able to parse the results of the 'netstat' command on the remote host.
Description
The remote host has listening ports or established connections that Nessus was able to extract from the results of the
'netstat' command.
Note: The output for this plugin can be very long, and is not shown by default. To display it, enable verbose reporting
in scan settings.
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
Ports
64814 - Terminal Services Use SSL/TLS
Synopsis
The remote Terminal Services use SSL/TLS.
Description
The remote Terminal Services is configured to use SSL/TLS.
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
Ports
Subject Name:
Common Name: LKAZADCONNECT.adl.local
Issuer Name:
Serial Number: 19 9B 64 02 D2 7C D7 A5 4C BD 38 6E FA 2A 3E 3E
Version: 3
Signature Algorithm: SHA-256 With RSA Encryption
Not Valid Before: Jan 07 18:30:31 2024 GMT

Not Valid After: Jul 08 18:30:31 2024 GMT
Public Key Info:
Algorithm: RSA Encryption

Key Length: 2048 bits
Public Key: 00 C2 58 08 7D 8D A0 90 F0 B9 95 0C DF 3D B0 92 BE DB C5 E8
51 AA 67 3E 7F 11 F2 76 09 CC C5 02 98 35 2F D0 0F 1A AC 28
68 4D F0 D5 3E 23 DD E8 5D 9F 78 89 94 7B 3D 06 C0 37 2B 9D
22 BA 58 D2 71 56 2A CA FF 79 A6 69 E9 BF 40 4B F0 64 AD 79
51
07 D5 97 80 98 3A 3B 39 0F 80 B2 1F 42 4B 6B 3D 9F 86 EF 10
1D B9 C7 11 AC 01 71 EB E0 36 8B 5F 43 7C D3 7E F3 9A 9E 39
FE 87 A3 AD 0C 00 F0 1E D0 74 5E 90 50 46 E7 E0 09 63 64 EC
CC 83 8F D6 2A 7D A8 5C EC 11 38 2D 4D ED 2D 3D 07 4B 00 B8
17 09 8E DD 0A D2 B6 5B 88 CD F1 30 2F D9 8C B2 58 0B B9 87
23 A2 EF 5E FE A3 15 51 B9 F2 4B D6 3C 4E 6A 90 3B F6 28 FD
14 86 BE 8E 26 DD 57 BE ED CB 04 28 86 88 7F BD E5 D3 0C FE
F1 79 AC EF CE E4 23 C9 EA 6E 01 05 AA 7F 44 64 10 52 93 35
A0 F0 15 6C 75 0B A9 3D 9A 27 5F 2F DD 44 91 01 35
Exponent: 01 00 01
Signature Length: 256 bytes / 2048 bits

Signature: 00 15 D6 01 FB F5 CA 83 C9 6A 3B 08 1B 55 C1 9F 15 38 6C F5
2D 7A 65 65 2E DE DE 5D EB 5E 2B D8 D2 E0 0E A5 96 68 1F 0F
EB 81 0F 38 D4 C0 6B 9E FE 31 E2 DC A3 E4 C3 03 05 5C 74 A9
1A A1 E2 74 E7 B8 07 36 A6 E4 C4 8D 22 A4 EC 45 B0 E9 1C 73
84 A5 97 19 C0 4A 5D B4 7E 77 71 EC 06 D6 06 91 9C 73 30 16
45 CA 16 AF 98 02 DD 52 BA 17 99 05 05 7D 46 AB A9 E6 53 78
A3 77 9B DD 75 95 87 D2 EA A0 96 7D BD 56 EC 46 03 9E 7F D0
64 9D B1 2F 90 5B AB 26 20 38 A4 D8 2E 28 8F AE 20 BC 5D 07
B2 77 55 A2 67 08 8E D3 06 D0 BB D0 FC 98 1D 2A 8D 0D 83 CA
[...]
66334 - Patch Report

Synopsis
The remote host is missing several patches.
Description
The remote host is missing one or more security patches. This plugin lists the newest version of each patch to install
to make sure the remote host is up-to-date.
Note: Because the 'Show missing patches that have been superseded' setting in your scan policy depends on this
plugin, it will always run and cannot be disabled.
Solution
Install the patches listed below.
Risk Factor
None
Exploitable with
Plugin Information:
Ports
. You need to take the following 7 actions :
+ Install the following Microsoft patches :

- KB5034129 (2 vulnerabilities)
- KB5033914
- KB5033464
[ Microsoft Edge (Chromium) < 120.0.2336.0 Multiple Vulnerabilities (187966) ]
+ Action to take : Upgrade to Microsoft Edge version 120.0.2336.0 or later.
+Impact : Taking this action will resolve 5 different vulnerabilities (CVEs).
[ Security Update for Microsoft .NET Core (January 2024) (187859) ]
+ Action to take : Update .NET Core, remove vulnerable packages and refer to vendor advisory.
52
[ Security Updates for Microsoft ASP.NET Core (December 2021) (156227) ]
+ Action to take : Update ASP.NET Core, remove vulnerable packages and refer to vendor advisory.
[ Security Updates for Windows Malicious Software Removal Tool (January 2023) (169783) ]
+ Action to take : Microsoft has released version 5.109 to address this issue.
66424 - Microsoft Malicious Software Removal Tool Installed

Synopsis
An antimalware application is installed on the remote Windows host.
Description
The Microsoft Malicious Software Removal Tool is installed on the remote host. This tool is an application that
attempts to detect and remove known malware from Windows systems.
See Also
http://www.nessus.org/u?47a3e94d
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
Ports
File : C:\Windows\system32\MRT.exe
Version : 5.101.19137.3
Release at last run : May 2022
Report infection information to Microsoft : Yes
70329 - Microsoft Windows Process Information

Synopsis
Use WMI to obtain running process information.
Description
Report details on the running processes on the machine.
This plugin is informative only and could be used for forensic investigation, malware detection, and to confirm that
your system processes conform to your system policies.
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
Ports
Process Overview :
53
SID: Process (PID)
0 : System Idle Process (0)
0 : |- System (4)
0 : |- smss.exe (404)
2 : csrss.exe (3132)
0 : sqlservr.exe (4984)
0 : csrss.exe (564)
0 : wininit.exe (636)
0 : |- services.exe (772)
0 : |- svchost.exe (1016)
2 : |- rdpclip.exe (8044)
2 : |- rdpinput.exe (8824)
0 : |- taskhostw.exe (2376)
0 : |- SecurityHealthService.exe (2264)
2 : |- sihost.exe (8020)
0 : |- spoolsv.exe (2564)
0 : |- AggregatorHost.exe (4368)
0 : |- elastic-agent.exe (3136)
0 : |- metricbeat.exe (6568)
0 : |- conhost.exe (6580)
0 : |- metricbeat.exe (6656)
0 : |- filebeat.exe [...]
70331 - Microsoft Windows Process Module Information

Synopsis
Use WMI to obtain running process module information.
Description
Report details on the running processes modules on the machine.
This plugin is informative only and could be used for forensic investigation, malware detection, and to that confirm
54
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
Ports
Process_Modules_192.168.33.5.csv : lists the loaded modules for each process.
70544 - SSL Cipher Block Chaining Cipher Suites Supported

Synopsis
The remote service supports the use of SSL Cipher Block Chaining ciphers, which combine previous blocks with
subsequent ones.
Description
The remote host supports the use of SSL ciphers that operate in Cipher Block Chaining (CBC) mode. These cipher
suites offer additional security over Electronic Codebook (ECB) mode, but have the potential to leak information if
used improperly.
See Also
http://www.nessus.org/u?cc4a822a
https://www.openssl.org/~bodo/tls-cbc.txt
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
Ports
Here is the list of SSL CBC ciphers supported by the remote server :

MAC
---------------------- ---------- --- ---- ---------------------
---
SHA256
SHA384
{Cipher ID code}
Kex={key exchange}
55
{export flag}
71246 - Enumerate Local Group Memberships

Synopsis
Nessus was able to connect to a host via SMB to retrieve a list of local Groups and their Members.
Description
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
Ports
Group Name : Access Control Assistance Operators
Host Name : LKAZADCONNECT
Group SID : S-1-5-32-579
Members :
Group Name : Administrators

Group SID : S-1-5-32-544
Members :
Name : azadmin
Domain : LKAZADCONNECT
Class : Win32_UserAccount
SID : S-1-5-21-3230073303-737008294-1742660446-500
Name : Domain Admins
Domain : ADL
Class : Win32_Group
SID :
Group Name : Backup Operators

Group SID : S-1-5-32-551
Members :
Group Name : Certificate Service DCOM Access

Group SID : S-1-5-32-574
Members :
Group Name : Cryptographic Operators

Group SID : S-1-5-32-569
Members :
Group Name : Device Owners

Group SID : S-1-5-32-583
Members :
Group Name : Distributed COM Users

Group SID : S-1-5-32-562
Members :
Group Name : Event Log Readers

Group SID : S-1-5-32-573
Members :
56
Group Name : Guests
Group SID : S-1-5-32-546
Members :
Name : Guest
SID : S-1-5-21-3230073303-737008294-1742660446-501
Group Name : Hyper-V Administrators

Group SID : S-1-5-32-578
Members :
Group Name : IIS_IUSRS

Group SID : S-1-5-32-568
Members :
Name : IUSR
Class : Win32_SystemAccount
SID : S-1-5-17
Group Name : Network Configuration Operators

Group SID : S-1-5-32-556
Members :
Group Name : Performance Log Users

Group SID : S-1-5-32-559
Members :
Group Name : Performance Monitor Users

Group SID : S-1-5-32-558
Members :
Group Name : Power Users

Group SID : S-1-5-32-547
Members :
Group Name : Print Operators

Group SID : [...]
72367 - Microsoft Internet Explorer Version Detection

Synopsis
Internet Explorer is installed on the remote host.
Description
The remote Windows host contains Internet Explorer, a web browser created by Microsoft.
See Also
https://support.microsoft.com/en-us/help/17621/internet-explorer-downloads
Solution
N/A
Risk Factor
None
References
Exploitable with
Plugin Information:
57
Ports
Version : 11.1.20348.0
72482 - Windows Display Driver Enumeration

Synopsis
Nessus was able to enumerate one or more of the display drivers on the remote host.
Description
Nessus was able to enumerate one or more of the display drivers on the remote host via WMI.
See Also
http://www.nessus.org/u?b6e87533
Solution
N/A
Risk Factor
None
References
Exploitable with
Plugin Information:
Ports
Device Name : Microsoft Hyper-V Video

Driver File Version : 10.0.20348.1
Driver Date : 06/21/2006
72684 - Enumerate Users via WMI

Synopsis
Nessus was able to connect to a host via SMB to retrieve a list of users using WMI.
Description
Nessus was able to connect to a host via SMB to retrieve a list of users using WMI. Only identities that the
authenticated SMB user has permissions to view will be retrieved by this plugin.
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
Ports
Name : azadmin
SID : S-1-5-21-3230073303-737008294-1742660446-500
Disabled : False
Lockout : False
Change password : True
Source : Local
58
Name : DefaultAccount
SID : S-1-5-21-3230073303-737008294-1742660446-503
Disabled : True
Lockout : False
Source : Local
Name : Guest
SID : S-1-5-21-3230073303-737008294-1742660446-501
Disabled : True
Lockout : False
Change password : False
Source : Local
Name : WDAGUtilityAccount
SID : S-1-5-21-3230073303-737008294-1742660446-504
Disabled : True
Lockout : False
Source : Local
No. Of Users : 4
72879 - Microsoft Internet Explorer Enhanced Security Configuration Detection

Synopsis
The remote host supports IE Enhanced Security Configuration.
Description
Nessus detects if the remote Windows host supports IE Enhanced Security Configuration (ESC) and if IE ESC
features are enabled or disabled.
See Also
http://www.nessus.org/u?a9c4c131
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
Ports
Type : Admin Groups

Is Enabled : True
Type : User Groups

Is Enabled : True
73149 - Windows AppLocker Installed

Synopsis
The remote host has an application installed for managing software access.
Description
Windows AppLocker, a tool for managing user access to applications, is installed on the remote Windows host.
See Also
dd759117(v=ws.11)
Solution
N/A
Risk Factor
59
None
Exploitable with
Plugin Information:
Ports
Nessus enumerated the following Windows AppLocker configuration :

Exe Rules
Mode : Audit
Rule name : (Default Rule) All Exe's
Description :
Rule type : FilePathRule
User/Group SID : S-1-1-0
Condition : Path="*"
Script Rules
Mode : Audit
Rule name : (Default Rule) All Script's
Description :
Msi Rules
Mode : Audit
Rule name : (Default Rule) All Msi's
Description :
92362 - Microsoft Windows AppLocker Configuration

Synopsis
Nessus was able to collect and report AppLocker's configuration on the remote host.
Description
Nessus was able to collect AppLocker configuration information on the remote Windows host and generate a report as
a CSV attachment.
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
Ports
HKLM\SOFTWARE\Policies\Microsoft\Windows\SrpV2\Exe\serviceenforcementmode : 1
HKLM\SOFTWARE\Policies\Microsoft\Windows\SrpV2\Exe\allowwindows : 0
HKLM\SOFTWARE\Policies\Microsoft\Windows\SrpV2\Exe\enforcementmode : 0
HKLM\SOFTWARE\Policies\Microsoft\Windows\SrpV2\Exe\8bec723d-f7f8-4d03-a638-944ce45998e4\value :
<FilePathRule Id="8bec723d-f7f8-4d03-a638-944ce45998e4" Name="(Default Rule) All Exe's"
Description="" UserOrGroupSid="S-1-1-0" Action="Allow"><Conditions><FilePathCondition Path="*"/
></Conditions></FilePathRule>
HKLM\SOFTWARE\Policies\Microsoft\Windows\SrpV2\Msi\allowwindows : 0
60
HKLM\SOFTWARE\Policies\Microsoft\Windows\SrpV2\Msi\enforcementmode : 0
HKLM\SOFTWARE\Policies\Microsoft\Windows\SrpV2\Msi\ecee156c-b5bd-4112-a059-2d6f98f50837\value :
<FilePathRule Id="ecee156c-b5bd-4112-a059-2d6f98f50837" Name="(Default Rule) All Msi's"
HKLM\SOFTWARE\Policies\Microsoft\Windows\SrpV2\Script\allowwindows : 0
HKLM\SOFTWARE\Policies\Microsoft\Windows\SrpV2\Script\enforcementmode : 0
HKLM\SOFTWARE\Policies\Microsoft\Windows\SrpV2\Script\cd23e008-702a-481b-b143-5eeb49cc2f24\value :
<FilePathRule Id="cd23e008-702a-481b-b143-5eeb49cc2f24" Name="(Default Rule) All Script's"
HKLM\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\SrpV2\Exe\serviceenforcementmode : 1
HKLM\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\SrpV2\Exe\allowwindows : 0
HKLM\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\SrpV2\Exe\enforcementmode : 0
HKLM\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\SrpV2\Exe\8bec723d-f7f8-4d03-
a638-944ce45998e4\value : <FilePathRule Id="8bec723d-f7f8-4d03-a638-944ce45998e4"
Name="(Default Rule) All Exe's" Description="" UserOrGroupSid="S-1-1-0"
Action="Allow"><Conditions><FilePathCondition [...]
92364 - Microsoft Windows Environment Variables

Synopsis
Nessus was able to collect and report environment variables from the remote host.
Description
Nessus was able to collect system and active account environment variables on the remote Windows host and
generate a report as a CSV attachment.
Solution
N/A
Risk Factor
None
References
Exploitable with
Plugin Information:
Ports
Global Environment Variables :
processor_level : 6
comspec : %SystemRoot%\system32\cmd.exe
number_of_processors : 2
username : SYSTEM
os : Windows_NT
temp : %SystemRoot%\TEMP
processor_revision : 5507
path : %SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%
\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files\dotnet\;C:
\Program Files (x86)\dotnet\;C:\Program Files\Microsoft SQL Server\Client SDK\ODBC\170\Tools\Binn
\;C:\Program Files\Microsoft SQL Server\150\Tools\Binn\
tmp : %SystemRoot%\TEMP
processor_identifier : Intel64 Family 6 Model 85 Stepping 7, GenuineIntel
driverdata : C:\Windows\System32\Drivers\DriverData
pathext : .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
processor_architecture : AMD64
psmodulepath : C:\Program Files\WindowsPowerShell\Modules;C:\Windows\system32\WindowsPowerShell
\v1.0\Modules;C:\Program Files\Microsoft Azure AD Sync\Bin\;C:\Program Files\OMS Gateway
\PowerShell\;C:\Program Files\Microsoft Monitoring Agent\Agent\PowerShell\;C:\Program Files
\Microsoft Monitoring Agent\Agent\AzureAutomation\7.3.1840.0
windir : %SystemRoot%
Active User Environment Variables

- S-1-5-21-2016934633-2723708669-2290440068-7636
61
temp : %USERPROFILE%\AppData\Local\Temp
path : %USERPROFILE%\AppData\Local\Microsoft\WindowsApps;
tmp : %USERPROFILE%\AppData\Local\Temp
92365 - Microsoft Windows Hosts File

Synopsis
Nessus was able to collect the hosts file from the remote host.
Description
Nessus was able to collect the hosts file from the remote Windows host and report it as attachment.
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
Ports
Windows hosts file attached.
MD5: 3688374325b992def12793500307566d
SHA-1: 4bed0823746a2a8577ab08ac8711b79770e48274
SHA-256: 2d6bdfb341be3a6234b24742377f93aa7c7cfb0d9fd64efa9282c87852e57085
92366 - Microsoft Windows Last Boot Time

Synopsis
Nessus was able to collect the remote host's last boot time in a human readable format.
Description
Nessus was able to collect and report the remote host's last boot time as an ISO 8601 timestamp.
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
Ports
Last reboot : 2023-12-20T19:01:42+05:30 (20231220190142.202877+330)
92367 - Microsoft Windows PowerShell Execution Policy

Synopsis
Nessus was able to collect and report the PowerShell execution policy for the remote host.
Description
Nessus was able to collect and report the PowerShell execution policy for the remote Windows host.
Solution
N/A
Risk Factor
None
62
Exploitable with
Plugin Information:
Ports
HKLM\SOFTWARE\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell\ExecutionPolicy : RemoteSigned
HKLM\SOFTWARE\Wow6432Node\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell\ExecutionPolicy :
RemoteSigned
92368 - Microsoft Windows Scripting Host Settings

Synopsis
Nessus was able to collect and report the Windows scripting host settings from the remote host.
Description
Nessus was able to collect system and user level Windows scripting host settings from the remote Windows host and
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
Ports
HKLM\SOFTWARE\Microsoft\Windows Script Host\Settings\displaylogo : 1
HKLM\SOFTWARE\Microsoft\Windows Script Host\Settings\usewinsafer : 1
HKLM\SOFTWARE\Microsoft\Windows Script Host\Settings\silentterminate : 0
HKLM\SOFTWARE\Microsoft\Windows Script Host\Settings\activedebugging : 1
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows Script Host\Settings\displaylogo : 1
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows Script Host\Settings\usewinsafer : 1
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows Script Host\Settings\silentterminate : 0
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows Script Host\Settings\activedebugging : 1
Windows scripting host configuration attached.
92370 - Microsoft Windows ARP Table

Synopsis
Nessus was able to collect and report ARP table information from the remote host.
Description
Nessus was able to collect ARP table information from the remote Windows host and generate a report as a CSV
attachment.
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
Ports
63
169.254.169.254 : 12-34-56-78-9a-bc
192.168.33.1 : 12-34-56-78-9a-bc
192.168.33.4 : 12-34-56-78-9a-bc
192.168.33.6 : 12-34-56-78-9a-bc
192.168.33.7 : 12-34-56-78-9a-bc
192.168.33.10 : 12-34-56-78-9a-bc
192.168.33.11 : 12-34-56-78-9a-bc
192.168.33.255 : ff-ff-ff-ff-ff-ff
224.0.0.22 : 01-00-5e-00-00-16
224.0.0.251 : 01-00-5e-00-00-fb
224.0.0.252 : 01-00-5e-00-00-fc
Extended ARP table information attached.
92371 - Microsoft Windows DNS Cache

Synopsis
Nessus was able to collect and report DNS cache information from the remote host.
Description
Nessus was able to collect details of the DNS cache from the remote Windows host and generate a report as a CSV
attachment.
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
Ports
lkazdc01.adl.local
lkazdc01.adl.local
lkpdc.adl.local
passwordreset.microsoftonline.com
DNS cache information attached.
92372 - Microsoft Windows NetBIOS over TCP/IP Info

Synopsis
Nessus was able to collect and report NBT information from the remote host.
Description
Nessus was able to collect details for NetBIOS over TCP/IP from the remote Windows host and generate a report as a
CSV attachment.
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
Ports
NBT information attached.
First 10 lines of all CSVs:
nbtstat_local.csv:
64
Interface,Name,Suffix,Type,Status,MAC
192.168.33.5,LKAZADCONNECT,<00>,UNIQUE,Registered,00:0D:3A:07:FD:41
192.168.33.5,ADL,<00>,GROUP,Registered,00:0D:3A:07:FD:41
192.168.33.5,LKAZADCONNECT,<20>,UNIQUE,Registered,00:0D:3A:07:FD:41
92373 - Microsoft Windows SMB Sessions

Synopsis
Nessus was able to collect and report SMB session information from the remote host.
Description
Nessus was able to collect details of SMB sessions from the remote Windows host and generate a report as a CSV
attachment.
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
Ports
vaadmin
Extended SMB session information attached.
92415 - Application Compatibility Cache

Synopsis
Nessus was able to gather application compatibility settings on the remote host.
Description
Nessus was able to generate a report on the application compatibility cache on the remote Windows host.
See Also
https://dl.mandiant.com/EE/library/Whitepaper_ShimCacheParser.pdf
http://www.nessus.org/u?4a076105
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
Ports
Application compatibility cache report attached.
92421 - Internet Explorer Typed URLs

Synopsis
Nessus was able to enumerate URLs that were manually typed into the Internet Explorer address bar.
Description
65
Nessus was able to generate a list URLs that were manually typed into the Internet Explorer address bar.
See Also
https://crucialsecurityblog.harris.com/2011/03/14/typedurls-part-1/
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
Ports
http://go.microsoft.com/fwlink/p/?LinkId=255141
Internet Explorer typed URL report attached.
92424 - MUICache Program Execution History

Synopsis
Nessus was able to enumerate recently executed programs on the remote host.
Description
Nessus was able to query the MUIcache registry key to find evidence of program execution.
See Also
https://forensicartifacts.com/2010/08/registry-muicache/
http://windowsir.blogspot.com/2005/12/mystery-of-muicachesolved.html
http://www.nirsoft.net/utils/muicache_view.html
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
Ports
@%systemroot%\system32\bfe.dll,-1002 : The Base Filtering Engine (BFE) is a service that manages
firewall and Internet Protocol security (IPsec) policies and implements user mode filtering.
Stopping or disabling the BFE service will significantly reduce the security of the system. It
will also result in unpredictable behavior in IPsec management and firewall applications.
c:\windows\system32,@elscore.dll,-8 : Microsoft Malayalam to Latin Transliteration
@%systemroot%\system32\userdataaccessres.dll,-14000 : Provides apps access to structured user
data, including contact info, calendars, messages, and other content. If you stop or disable this
service, apps that use this data might not work correctly.
@%systemroot%\system32\tieringengineservice.exe,-701 : Optimizes the placement of data in storage
tiers on all tiered storage spaces in the system.
@%systemroot%\system32\cscsvc.dll,-201 : The Offline Files service performs maintenance activities
on the Offline Files cache, responds to user logon and logoff events, implements the internals of
the public API, and dispatches interesting events to those interested in Offline Files activities
and changes in cache state.
66
@%systemroot%\system32\wevtsvc.dll,-201 : This service manages events and event logs. It supports
logging events, querying events, subscribing to events, archiving event logs, and managing event
metadata. It can display events in both XML and plain text format. Stopping this service may
compromise security and reliability of the system.
@%systemroot%\system32\sysmain.dll,-1001 : Maintains and improves system performance over time.
@%systemroot%\system32\wecsvc.dll,-201 : This service manages persistent subscriptions to events
from remote sources that support WS-Management protocol. This includes Windows Vista event logs,
hardware and IPMI-enabled event sources. The service stores forwarded events in a local Event
Log. If this service is stopped or disabled event subscriptions cannot be created and forwarded
events cannot be [...]
92431 - User Shell Folders Settings

Synopsis
Nessus was able to find the folder paths for user folders on the remote host.
Description
Nessus was able to gather a list of settings from the target system that store common user folder locations. A few of
the more common locations are listed below :
- Administrative Tools
- AppData
- Cache
- CD Burning
- Cookies
- Desktop
- Favorites
- Fonts
- History
- Local AppData
- My Music
- My Pictures
- My Video
- NetHood
- Personal
- PrintHood
- Programs
- Recent
- SendTo
- Start Menu
- Startup
- Templates
See Also
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
Ports
ADL.LOCAL\Damith_106321a
- {7d1d3a04-debb-4115-95cf-2f29da2920da} : C:\Users\Damith_106321a\Searches
- {1b3ea5dc-b587-4786-b4ef-bd1dc332aeae} : C:\Users\Damith_106321a\AppData\Roaming\Microsoft
\Windows\Libraries
- {374de290-123f-4565-9164-39c4925e467b} : C:\Users\Damith_106321a\Downloads
- recent : C:\Users\Damith_106321a\AppData\Roaming\Microsoft\Windows\Recent
- my video : C:\Users\Damith_106321a\Videos
- my music : C:\Users\Damith_106321a\Music
- {56784854-c6cb-462b-8169-88e350acb882} : C:\Users\Damith_106321a\Contacts
- {bfb9d5e0-c6a9-404c-b2b2-ae6db6af4968} : C:\Users\Damith_106321a\Links
- {a520a1a4-1780-4ff6-bd18-167343c5af16} : C:\Users\Damith_106321a\AppData\LocalLow
67
- sendto : C:\Users\Damith_106321a\AppData\Roaming\Microsoft\Windows\SendTo
- start menu : C:\Users\Damith_106321a\AppData\Roaming\Microsoft\Windows\Start Menu
- cookies : C:\Users\Damith_106321a\AppData\Local\Microsoft\Windows\INetCookies
- personal : C:\Users\Damith_106321a\Documents
- administrative tools : C:\Users\Damith_106321a\AppData\Roaming\Microsoft\Windows\Start Menu
\Programs\Administrative Tools
- startup : C:\Users\Damith_106321a\AppData\Roaming\Microsoft\Windows\Start Menu\Programs
\Startup
- nethood : C:\Users\Damith_106321a\AppData\Roaming\Microsoft\Windows\Network Shortcuts
- history : C:\Users\Damith_106321a\AppData\Local\Microsoft\Windows\History
- {4c5c32ff-bb9d-43b0-b5b4-2d72e54eaaa4} : C:\Users\Damith_106321a\Saved Games
- {00bcfc5a-ed94-4e48-96a1-3f6217f21990} : C:\Users\Damith_106321a\AppData\Local\Microsoft
\Windows\RoamingTiles
- !do not use this registry key : Use the SHGetFolderPath or SHGetKnownFolderPath function
instead
- local appdata : C:\Users\Damith_106321a\AppData\Local
- my pictures : C:\Users\Damith_106321a\Pictures
- templates : C:\Users\Damith_106321a\AppData\Roaming\Microsoft\Windows\Templates
- printhood : C:\Users\Damith_106321a\AppData\Roaming\Microsoft\Windows\Printer Shortcuts
- cache : [...]
92434 - User Download Folder Files

Synopsis
Nessus was able to enumerate downloaded files on the remote host.
Description
Nessus was able to generate a report of all files listed in the default user download folder.
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
Ports
C:\\Users\Ashan_105704a\Downloads\desktop.ini
C:\\Users\azadmin\Downloads\desktop.ini
C:\\Users\azadmin.ADL\Downloads\AzureADConnect.msi
C:\\Users\azadmin.ADL\Downloads\desktop.ini
C:\\Users\Damith_106321a\Downloads\desktop.ini
C:\\Users\Madhawa_105798a\Downloads\desktop.ini
C:\\Users\Public\Downloads\desktop.ini
C:\\Users\Thilaksha_106310a\Downloads\desktop.ini
C:\\Users\Thilaksha_106310a\Downloads\dotnet-runtime-6.0.25-win-arm64.exe
C:\\Users\vaadmin\Downloads\desktop.ini
Download folder content report attached.
92435 - UserAssist Execution History

Synopsis
Nessus was able to enumerate program execution history on the remote host.
Description
Nessus was able to gather evidence from the UserAssist registry key that has a list of programs that have been
executed.
See Also
https://www.nirsoft.net/utils/userassist_view.html
Solution
N/A
Risk Factor
68
None
Exploitable with
Plugin Information:
Ports
windows.immersivecontrolpanel_cw5n1h2txyewy!microsoft.windows.immersivecontrolpanel
{9e3995ab-1f9c-4f13-b827-48b24b6c7174}\taskbar\file explorer.lnk
microsoft.windows.search_cw5n1h2txyewy!cortanaui
{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\accessories\paint.lnk
ueme_ctlcuacount:ctor
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\snippingtool.exe
microsoft.windows.explorer
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\mspaint.exe
ueme_ctlsession
{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\accessories\snipping tool.lnk
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\servermanager.exe
Extended userassist report attached.
93962 - Microsoft Security Rollup Enumeration

Synopsis
This plugin enumerates installed Microsoft security rollups.
Description
Nessus was able to enumerate the Microsoft security rollups installed on the remote Windows host.
See Also
http://www.nessus.org/u?b23205aa
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
Ports
Cumulative Rollup : 11_2023 [KB5032198]

Cumulative Rollup : 10_2023
69
Latest effective update level : 11_2023

File checked : C:\Windows\system32\ntoskrnl.exe
File version : 10.0.20348.2110
Associated KB : 5032198
99364 - Microsoft .NET Security Rollup Enumeration

Synopsis
This plugin enumerates installed Microsoft .NET security rollups.
Description
Nessus was able to enumerate the Microsoft .NET security rollups installed on the remote Windows host.
See Also
http://www.nessus.org/u?662e30c9
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
Ports
Path : C:\Windows\Microsoft.NET\Framework\v4.0.30319\system.web.dll
Version : 4.8.4682.0
.NET Version : 4.8
100871 - Microsoft Windows SMB Versions Supported (remote check)

Synopsis
It was possible to obtain information about the version of SMB running on the remote host.
Description
Nessus was able to obtain the version of SMB running on the remote host by sending an authentication request to
port 139 or 445.
Note that this plugin is a remote check and does not work on agents.
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
Ports
The remote host supports the following versions of SMB :

SMBv2
70
101114 - Microsoft Azure AD Connect Installed
Synopsis
Azure AD Connect is installed on the remote Windows host.
Description
Azure Active Directory (AD) Connect, a cloud integration tool for Microsoft Azure, is installed on the remote Windows
host.
See Also
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
Ports
Path : C:\Program Files\Microsoft Azure Active Directory Connect\AzureADConnect.exe

Version : 2.3.2.0
103871 - Microsoft Windows Network Adapters

Synopsis
Identifies the network adapters installed on the remote host.
Description
Using the supplied credentials, this plugin enumerates and reports the installed network adapters on the remote
Windows host.
Solution
Make sure that all of the installed network adapters agrees with your organization's acceptable use and security
policies.
Risk Factor
None
References
Exploitable with
Plugin Information:
Ports
Network Adapter Driver Description : Mellanox ConnectX-4 Lx Virtual Ethernet Adapter
Network Adapter Driver Version : 2.70.24728.0

104667 - Microsoft ASP .NET Core for Windows

Synopsis
ASP .NET Core runtime packages are installed on the remote Windows host.
71
Description
ASP .NET Core runtime, web application server side components, are installed on the remote Windows host.
See Also
https://github.com/aspnet/AspNetCore
Solution
N/A
Risk Factor
None
References
Exploitable with
Plugin Information:
Ports
Nessus detected 5 installs of ASP .NET Core Windows:
Path : C:\Program Files\dotnet\shared\Microsoft.AspNetCore.App\3.1.20

Version : 3.1.20

Version : 6.0.25

Version : 5.0.11
Path : C:\Program Files (x86)\dotnet\shared\Microsoft.AspNetCore.App\3.1.20

Version : 3.1.20

Version : 5.0.11
104668 - Microsoft .NET Core for Windows

Synopsis
.NET Core runtime is installed on the remote Windows host.
Description
.NET Core, a managed software framework, is installed on the remote Windows host.
See Also
https://dotnet.github.io/
Solution
N/A
Risk Factor
None
References
Exploitable with
Plugin Information:
Ports
72
Nessus detected 3 installs of .NET Core Windows:
Path : C:\Program Files\dotnet\shared\Microsoft.NetCore.App\3.1.20\

Version : 3.1.20.30521

Version : 5.0.11.30523
Path : C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\

Version : 6.0.25
106716 - Microsoft Windows SMB2 and SMB3 Dialects Supported (remote check)
Synopsis
It was possible to obtain information about the dialects of SMB2 and SMB3 available on the remote host.
Description
Nessus was able to obtain the set of SMB2 and SMB3 dialects running on the remote host by sending an
authentication request to port 139 or 445.
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
Ports
The remote host supports the following SMB dialects :

_version_ _introduced in windows version_
2.0.2 Windows 2008
2.1 Windows 7
3.0 Windows 8
3.0.2 Windows 8.1
3.1.1 Windows 10
The remote host does NOT support the following SMB dialects :
2.2.2 Windows 8 Beta
3.1 Windows 10
110095 - Target Credential Issues by Authentication Protocol - No Issues Found

Synopsis
Nessus was able to log in to the remote host using the provided credentials. No issues were reported with access,
privilege, or intermittent failure.
Description
Valid credentials were provided for an authentication protocol on the remote target and Nessus did not log any
subsequent errors or failures for the authentication protocol.
When possible, Nessus tracks errors or failures related to otherwise valid credentials in order to highlight issues that
may result in incomplete scan results or limited scan coverage. The types of issues that are tracked include errors
that indicate that the account used for scanning did not have sufficient permissions for a particular check, intermittent
protocol failures which are unexpected after the protocol has been negotiated successfully earlier in the scan, and
intermittent authentication failures which are unexpected after a credential set has been accepted as valid earlier in
the scan. This plugin reports when none of the above issues have been logged during the course of the scan for at
least one authenticated protocol. See plugin output for details, including protocol, port, and account.
Please note the following :
- This plugin reports per protocol, so it is possible for issues to be encountered for one protocol and not another.
73
For example, authentication to the SSH service on the remote target may have consistently succeeded with
no privilege errors encountered, while connections to the SMB service on the remote target may have failed
intermittently.
- Resolving logged issues for all available authentication protocols may improve scan coverage, but the value of
resolving each issue for a particular protocol may vary from target to target depending upon what data (if any) is
gathered from the target via that protocol and what particular check failed. For example, consistently successful
checks via SSH are more critical for Linux targets than for Windows targets, and likewise consistently successful
checks via SMB are more critical for Windows targets than for Linux targets.
Solution
N/A
Risk Factor
None
References
XREF IAVB-0001-B-0520
Exploitable with
Plugin Information:
Ports
Nessus was able to log into the remote host with no privilege or access
problems via the following :
User: 'adl\vaadmin'
Port: 445
Proto: SMB
Method: password
112279 - Windows Defender Advanced Threat Protection Installed (Windows)

Synopsis
Windows Defender Advanced Threat Protection is installed on the remote Windows host.
Description
Windows Defender Advanced Threat Protection, a unified platform for preventative protection, post-breach detection,
automated investigation, and response, is installed on the remote Windows host.
See Also
http://www.nessus.org/u?a7391db8
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
Ports
Path : C:\Program Files\Windows Defender Advanced Threat Protection\

Version : 1.35
Full Version : Windows Defender Advanced Threat Protection Service (1.35)
117887 - OS Security Patch Assessment Available

Synopsis
74
Nessus was able to log in to the remote host using the provided credentials and enumerate OS security patch levels.
Description
Nessus was able to determine OS security patch levels by logging into the remote host and running commands to
determine the version of the operating system and its components. The remote host was identified as an operating
system or device that Nessus supports for patch and update assessment. The necessary information was obtained to
perform these checks.
Solution
N/A
Risk Factor
None
References
Exploitable with
Plugin Information:
Ports
OS Security Patch Assessment is available.
Account : adl\vaadmin
Protocol : SMB
126527 - Microsoft Windows SAM user enumeration

Synopsis
Nessus was able to enumerate domain users from the local SAM.
Description
Using the domain security identifier (SID), Nessus was able to enumerate the domain users on the remote Windows
system using the Security Accounts Manager.
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
Ports
- azadmin (id S-1-5-21-2016934633-2723708669-500, Built-in account for administering the
computer/domain, Administrator account)
- DefaultAccount (id S-1-5-21-2016934633-2723708669-503, A user account managed by the system.)
- Guest (id S-1-5-21-2016934633-2723708669-501, Built-in account for guest access to the
computer/domain, Guest account)
- WDAGUtilityAccount (id S-1-5-21-2016934633-2723708669-504, A user account managed and used by
the system for Windows Defender Application Guard scenarios.)
131023 - Windows Defender Installed

Synopsis
Windows Defender is installed on the remote Windows host.
Description
Windows Defender, an antivirus component of Microsoft Windows is installed on the remote Windows host.
75
See Also
https://www.microsoft.com/en-us/windows/comprehensive-security
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
Ports
Path : C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\

Version : 4.18.23110.3
Engine Version : 1.1.23110.2
Malware Signature Timestamp : Jan. 16, 2024 at 19:35:58 GMT
Malware Signature Version : 1.403.2259.0
Signatures Last Updated : Jan. 17, 2024 at 03:57:25 GMT
136318 - TLS Version 1.2 Protocol Detection

Synopsis
The remote service encrypts traffic using a version of TLS.
Description
The remote service accepts connections encrypted using TLS 1.2.
See Also
https://tools.ietf.org/html/rfc5246
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
Ports
TLSv1.2 is enabled and the server supports at least one cipher.
136969 - Microsoft Edge Chromium Installed

Synopsis
Microsoft Edge (Chromium-based) is installed on the remote host.
Description
Microsoft Edge (Chromium-based), a Chromium-based web browser, is installed on the remote host.
See Also
https://www.microsoft.com/en-us/edge
Solution
N/A
Risk Factor
76
None
Exploitable with
Plugin Information:
Ports
Path : C:\Program Files (x86)\Microsoft\Edge\Application

Version : 120.0.2210.133
139785 - DISM Package List (Windows)

Synopsis
Use DISM to extract package info from the host.
Description
Using the Deployment Image Servicing Management tool, this plugin enumerates installed packages.
See Also
http://www.nessus.org/u?cbb428b2
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
Ports
The following packages were enumerated using the Deployment Image Servicing and Management Tool:
Package : Downlevel-NLS-Sorting-Versions-Server-FoD-
Package~31bf3856ad364e35~amd64~~10.0.20348.1
State : Installed
Release Type : OnDemand Pack
Install Time : 5/8/2021 9:37 AM
Package~31bf3856ad364e35~wow64~~10.0.20348.1
State : Installed
Package : Microsoft-OneCore-DirectX-Database-FOD-Package~31bf3856ad364e35~amd64~~10.0.20348.1
State : Installed
Package : Microsoft-OneCore-RasSstp-Api-Package~31bf3856ad364e35~amd64~~10.0.20348.1
State : Staged
Release Type : Feature Pack
Install Time :
Package : Microsoft-Windows-FodMetadata-Package~31bf3856ad364e35~amd64~~10.0.20348.1
State : Installed
Package : Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~10.0.20348.1
State : Installed
Release Type : Foundation
77
Package : Microsoft-Windows-InternetExplorer-Optional-
State : Installed
Install Time : 12/13/2021 7:01 PM
Package : Microsoft-Windows-LanguageFeatures-Basic-en-us-
State : Installed
Package : Microsoft-Windows-LanguageFeatures-Handwriting-en-us-
State : Installed
Package : Microsoft-Windows-LanguageFeatures-OCR-en-us-
State : Installed
Package : [...]
141118 - Target Credential Status by Authentication Protocol - Valid Credentials Provided

Synopsis
Valid credentials were provided for an available authentication protocol.
Description
Nessus was able to determine that valid credentials were provided for an authentication protocol available on the
remote target because it was able to successfully authenticate directly to the remote target using that authentication
protocol at least once. Authentication was successful because the authentication protocol service was available
remotely, the service was able to be identified, the authentication protocol was able to be negotiated successfully, and
a set of credentials provided in the scan policy for that authentication protocol was accepted by the remote service.
See plugin output for details, including protocol, port, and account.
- This plugin reports per protocol, so it is possible for valid credentials to be provided for one protocol and not another.
For example, authentication may succeed via SSH but fail via SMB, while no credentials were provided for an
available SNMP service.
- Providing valid credentials for all available authentication protocols may improve scan coverage, but the value of
successful authentication for a given protocol may vary from target to target depending upon what data (if any) is
gathered from the target via that protocol. For example, successful authentication via SSH is more valuable for Linux
targets than for Windows targets, and likewise successful authentication via SMB is more valuable for Windows
targets than for Linux targets.
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
Ports
Nessus was able to log in to the remote host via the following :
User: 'adl\vaadmin'
Port: 445
Proto: SMB
Method: password
78
148541 - Windows Language Settings Detection
Synopsis
This plugin enumerates language files on a windows host.
Description
By connecting to the remote host with the supplied credentials, this plugin enumerates language IDs listed on the
host.
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
Ports
Default Install Language Code: 1033
Default Active Language Code: 1033
Other common microsoft Language packs may be scanned as well.
151440 - Microsoft Windows Print Spooler Service Enabled

Synopsis
The Microsoft Windows Print Spooler service on the remote host is enabled.
Description
The Microsoft Windows Print Spooler service (spoolsv.exe) on the remote host is enabled.
See Also
http://www.nessus.org/u?8fc5df24
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
Ports
155470 - Oracle Cloud Infrastructure Instance Metadata Enumeration (Windows)

Synopsis
The remote host is an OCI (Oracle Cloud Infrastructure) instance for which metadata could be retrieved.
Description
See Also
https://www.oracle.com/ie/cloud/compute/
Solution
79
N/A
Risk Factor
None
Exploitable with
Plugin Information:
Ports
It was possible to retrieve the following API items:
- Invoke-RestMethod:
- + CategoryInfo: InvalidOperation: (System.Net.HttpWebRequest:HttpWebRequest) [Invoke-
RestMethod], WebExc
- + FullyQualifiedErrorId:
WebCmdletWebResponseException,Microsoft.PowerShell.Commands.InvokeRestMethodCommand
RestMethod], WebExc
RestMethod], WebExc
155963 - Windows Printer Driver Enumeration

Synopsis
Nessus was able to enumerate one or more of the printer drivers on the remote host.
Description
Nessus was able to enumerate one or more of the printer drivers on the remote host via WMI.
See Also
http://www.nessus.org/u?fab99415
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
Ports
--- Microsoft XPS Document Writer v4 ---
Path : C:\Windows\System32\DriverStore\FileRepository
\ntprint.inf_amd64_675324844f835f70\Amd64\mxdwdrv.dll
Version : 10.0.20348.1
Supported Platform : Windows x64
--- Microsoft Software Printer Driver ---
Version : 10.0.20348.1006
80
--- Microsoft enhanced Point and Print compatibility driver ---
Nessus detected 2 installs of Microsoft enhanced Point and Print compatibility driver:
Path : C:\Windows\system32\spool\DRIVERS\x64\3\mxdwdrv.dll
Version : 10.0.20348.2110
Path : C:\Windows\system32\spool\DRIVERS\W32X86\3\mxdwdrv.dll
Version : 10.0.20348.2110
Supported Platform : Windows NT x86
--- Microsoft Print To PDF ---
Version : 10.0.20348.1
--- Microsoft Shared Fax Driver ---
Path : C:\Windows\system32\spool\DRIVERS\x64\3\FXSDRV.DLL
Version : 10.0.20348.1906
--- Remote Desktop Easy Print ---
Version : 10.0.20348.1
156227 - Security Updates for Microsoft ASP.NET Core (December 2021)

Synopsis
The Microsoft ASP.NET Core installations on the remote host are missing a security update.
Description
The Microsoft ASP.NET Core installations on the remote host are missing a security update. It is, therefore, affected
by an elevation of privilege vulnerability. An attacker can exploit this to gain elevated privileges.
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.
See Also
https://github.com/dotnet/announcements/issues/206
https://github.com/dotnet/aspnetcore/issues/39028
Solution
Update ASP.NET Core, remove vulnerable packages and refer to vendor advisory.
Risk Factor
Medium
7.3
8.8 (AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H)
7.7 (E:U/RL:O/RC:C)
CVSS Base Score
4.6 (AV:L/AC:L/Au:N/C:P/I:P/A:P)
CVSS Temporal Score
STIG Severity
81
I
References
CVE CVE-2021-43877
XREF IAVA-2021-A-0581-S
Exploitable with
Plugin Information:
Ports

Installed version : 5.0.11
Fixed version : 5.0.13



156899 - SSL/TLS Recommended Cipher Suites

Synopsis
The remote host advertises discouraged SSL/TLS ciphers.
Description
The remote host has open SSL/TLS ports which advertise discouraged cipher suites. It is recommended to only
enable support for the following cipher suites:
TLSv1.3:
- 0x13,0x01 TLS13_AES_128_GCM_SHA256
- 0x13,0x02 TLS13_AES_256_GCM_SHA384
- 0x13,0x03 TLS13_CHACHA20_POLY1305_SHA256
TLSv1.2:
- 0xC0,0x2B ECDHE-ECDSA-AES128-GCM-SHA256
- 0xC0,0x2F ECDHE-RSA-AES128-GCM-SHA256
- 0xC0,0x2C ECDHE-ECDSA-AES256-GCM-SHA384
- 0xC0,0x30 ECDHE-RSA-AES256-GCM-SHA384
- 0xCC,0xA9 ECDHE-ECDSA-CHACHA20-POLY1305
- 0xCC,0xA8 ECDHE-RSA-CHACHA20-POLY1305
- 0x00,0x9E DHE-RSA-AES128-GCM-SHA256
- 0x00,0x9F DHE-RSA-AES256-GCM-SHA384
This is the recommended configuration for the vast majority of services, as it is highly secure and compatible with
nearly every client released in the last five (or more) years.
See Also
https://wiki.mozilla.org/Security/Server_Side_TLS
https://ssl-config.mozilla.org/
Solution
Only enable support for recommened cipher suites.
82
Risk Factor
None
Exploitable with
Plugin Information:
Ports
The remote host has listening SSL/TLS ports which advertise the discouraged cipher suites outlined
below:

MAC
---------------------- ---------- --- ---- ---------------------
---
SHA256
SHA384
{Cipher ID code}
Kex={key exchange}
{export flag}
157879 - Security Update for .NET Core (February 2022)

Synopsis
The Microsoft .NET core installations on the remote host are missing a security update.
Description
The Microsoft .NET core installation on the remote host is version 5.0 prior to 5.0.14 or version 6.0 prior to 6.0.2.
It is, therefore, affected by a denial of service (DoS) vulnerability. An attacker can exploit this issue to cause the
affected component to deny system or application services.
number.
See Also
https://dotnet.microsoft.com/download/dotnet/5.0
http://www.nessus.org/u?65bd7b62
Solution
Update to .NET Core Runtime to version 5.0.14 or 6.0.2
Risk Factor
Medium
4.4
7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
83
6.5 (E:U/RL:O/RC:C)
CVSS Base Score
4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P)
CVSS Temporal Score
STIG Severity
I
References
CVE CVE-2022-21986
Exploitable with
Plugin Information:
Ports

Installed version : 5.0.11.30523
158744 - Security Updates for Microsoft .NET core (March 2022)

Synopsis
The Microsoft .NET core installations on the remote host are affected by multiple vulnerabilities.
Description
The Microsoft .NET core installations on the remote host are missing security updates. It is, therefore, affected by
multiple vulnerabilities:
- A denial of service (DoS) vulnerability. An attacker can exploit this issue to cause the affected component to deny
system or application services. (CVE-2022-24464)
- A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute
unauthorized arbitrary commands. (CVE-2020-8927, CVE-2022-24512)
number.
See Also
http://www.nessus.org/u?56caba70
http://www.nessus.org/u?95177a8e
http://www.nessus.org/u?96c2a71d
Solution
Update .NET Core Runtime to version 3.1.23, 5.0.15 or 6.0.3.
Risk Factor
Medium
84
4.4
6.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L)
5.7 (E:U/RL:O/RC:C)
CVSS Base Score
6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)
CVSS Temporal Score
STIG Severity
I
References
CVE CVE-2022-24512
CVE CVE-2022-24464
CVE CVE-2020-8927
Exploitable with
Plugin Information:
Ports


159817 - Windows Credential Guard Status

Synopsis
Retrieves the status of Windows Credential Guard.
Description
Credential Guard prevents attacks such as such as Pass-the-Hash or Pass-The-Ticket by protecting NTLM password
hashes, Kerberos Ticket Granting Tickets, and credentials stored by applications as domain credentials.
See Also
http://www.nessus.org/u?fb8c8c37
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
85
Ports
Windows Credential Guard is not fully enabled.

The following registry keys have not been set :
- System\CurrentControlSet\Control\DeviceGuard\RequirePlatformSecurityFeatures : Key not found.
- System\CurrentControlSet\Control\LSA\LsaCfgFlags : Key not found.
- System\CurrentControlSet\Control\DeviceGuard\EnableVirtualizationBasedSecurity : Key not
found.
160301 - Link-Local Multicast Name Resolution (LLMNR) Service Detection

Synopsis
Verify status of the LLMNR service on the remote host.
Description
The Link-Local Multicast Name Resolution (LLMNR) service allows both IPv4 and IPv6 hosts to perform name
resolution for hosts on the same local link
See Also
Solution
Make sure that use of this software conforms to your organization's acceptable use and security policies.
Risk Factor
None
Exploitable with
Plugin Information:
Ports
LLMNR Key SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\EnableMulticast not found.
160486 - Server Message Block (SMB) Protocol Version Detection

Synopsis
Verify the version of SMB on the remote host.
Description
The Server Message Block (SMB) Protocol provides shared access to files and printers across nodes on a network.
See Also
http://www.nessus.org/u?f463096b
http://www.nessus.org/u?1a4b3744
Solution
Disable SMB version 1 and block all versions of SMB at the network boundary by blocking TCP port 445 with related
protocols on UDP ports 137-138 and TCP port 139, for all boundary devices.
Risk Factor
None
Exploitable with
Plugin Information:
Ports
86
- SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters\SMB2 : Key not found.
160576 - Windows Services Registry ACL

Synopsis
Checks Windows Registry for Service ACLs
Description
Checks Windows Registry for Service ACLs.
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
Ports
Verbosity must be set to 'Report as much information as possible' for this plugin to produce
output.
161691 - The Microsoft Windows Support Diagnostic Tool (MSDT) RCE Workaround Detection
(CVE-2022-30190)
Synopsis
Checks for the HKEY_CLASSES_ROOT\ms-msdt registry key.
Description
The remote host has the HKEY_CLASSES_ROOT\ms-msdt registry key. This is a known exposure for
CVE-2022-30190.
Note that Nessus has not tested for CVE-2022-30190. It is only checking if the registry key exists. The
recommendation is to apply the latest patch.
See Also
http://www.nessus.org/u?440e4ba1
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30190
http://www.nessus.org/u?b9345997
Solution
Apply the latest Cumulative Update.
Risk Factor
None
Exploitable with
Plugin Information:
Ports
The HKEY_CLASSES_ROOT\ms-msdt registry key exists on the target. This may indicate that the target
is vulnerable to CVE-2022-30190, if the vendor patch is not applied.
162174 - Windows Always Installed Elevated Status

Synopsis
87
Windows AlwaysInstallElevated policy status was found on the remote Windows host
Description
Windows AlwaysInstallElevated policy status was found on the remote Windows host.
You can use the AlwaysInstallElevated policy to install a Windows Installer package with elevated (system) privileges
This option is equivalent to granting full administrative rights, which can pose a massive security risk. Microsoft
strongly discourages the use of this setting.
Solution
If enabled, disable AlwaysInstallElevated policy per your corporate security guidelines.
Risk Factor
None
Exploitable with
Plugin Information:
Ports
AlwaysInstallElevated policy is not enabled under HKEY_LOCAL_MACHINE.
AlwaysInstallElevated policy is not enabled under HKEY_USERS
user:S-1-5-21-2016934633-2723708669-2290440068-7636
162314 - Security Updates for Microsoft .NET core (June 2022)

Synopsis
The Microsoft .NET core installations on the remote host are affected by an information disclosure vulnerability.
Description
An information disclosure vulnerability exists in .NET core 6.0 < 6.0.6 and .NET Core 3.1 < 3.1.26. An
unauthenticated, local attacker can exploit this, to disclose potentially sensitive information.
number.
See Also
http://www.nessus.org/u?bfb8ea98
Solution
Update .NET Core Runtime to version 3.1.26 or 6.0.6.
Risk Factor
Medium
4.4
5.5 (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N)
5.1 (E:F/RL:O/RC:C)
CVSS Base Score
4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N)
CVSS Temporal Score
3.6 (E:F/RL:OF/RC:C)
88
STIG Severity
I
References
CVE CVE-2022-30184
XREF MSFT-MS22-5015429
XREF MSKB-5015429
XREF MSKB-5015424
Exploitable with
Plugin Information:
Ports

162560 - Microsoft Internet Explorer Installed

Synopsis
A web browser is installed on the remote Windows host.
Description
Microsoft Internet Explorer, a web browser bundled with Microsoft Windows, is installed on the remote Windows host.
See Also
https://support.microsoft.com/products/internet-explorer
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
Ports
Path : C:\Windows\system32\mshtml.dll
Version : 11.0.20348.2110
163974 - Security Updates for Microsoft .NET Core (August 2022)

Synopsis
The Microsoft .NET core installations on the remote host are affected by a spoofing vulnerability.
Description
A spoofing vulnerability exists in .NET core 6.0 < 6.0.8 and .NET Core 3.1 < 3.1.28. An unauthenticated, remote
attacker can exploit this, to perform actions with the privileges of another user.
89
number.
See Also
https://support.microsoft.com/help/5016987
http://www.nessus.org/u?327bb1fb
http://www.nessus.org/u?7ce182ee
https://github.com/dotnet/core/issues/7682
Solution
Risk Factor
Medium
4.4
5.9 (AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)
5.3 (E:P/RL:O/RC:C)
CVSS Base Score
5.4 (AV:N/AC:H/Au:N/C:C/I:N/A:N)
CVSS Temporal Score
4.2 (E:POC/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2022-34716
XREF MSKB-5016990
XREF MSKB-5016987
Exploitable with
Plugin Information:
Ports
90
164690 - Windows Disabled Command Prompt Enumeration

Synopsis
This plugin determines if the DisableCMD policy is enabled or disabled on the remote host for each local user.
Description
The remote host may employ the DisableCMD policy on a per user basis. Enumerated local users may have the
following registry key:
'HKLM\Software\Policies\Microsoft\Windows\System\DisableCMD'
- Unset or 0: The command prompt is enabled normally.
- 1: The command promt is disabled.
- 2: The command prompt is disabled however windows batch processing is allowed.
See Also
http://www.nessus.org/u?b40698bc
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
Ports
Username: DefaultAccount
SID: S-1-5-21-3230073303-737008294-1742660446-503
DisableCMD: Unset
Username: azadmin
SID: S-1-5-21-3230073303-737008294-1742660446-500
DisableCMD: Unset
Username: WDAGUtilityAccount
SID: S-1-5-21-3230073303-737008294-1742660446-504
DisableCMD: Unset
Username: Guest
SID: S-1-5-21-3230073303-737008294-1742660446-501
DisableCMD: Unset
165076 - Security Updates for Microsoft ASP.NET Core (September 2022)

Synopsis
Description
A denial of service vulnerability exists in ASP.NET core 6.0 < 6.0.9 and ASP.NET Core 3.1 < 3.1.29. An
unauthenticated, remote attacker can exploit this, by sending a customized payload that is parsed during model
binding, to cause a stack overflow, which may cause the application to stop responding.
number.
See Also
http://www.nessus.org/u?c76821a3
Solution
Update ASP.NET Core Runtime to version 3.1.29 or 6.0.9.
91
Risk Factor
High
4.4
7.0 (E:F/RL:O/RC:C)
CVSS Base Score
7.8 (AV:N/AC:L/Au:N/C:N/I:N/A:C)
CVSS Temporal Score
STIG Severity
I
References
CVE CVE-2022-38013
XREF MSKB-5017915
XREF MSKB-5017903
Exploitable with
Plugin Information:
Ports


165077 - Security Updates for Microsoft .NET Core (September 2022)

Synopsis
The Microsoft .NET core installations on the remote host are affected by a denial of service vulnerability.
Description
A denial of service vulnerability exists in .NET core 6.0 < 6.0.9 and .NET Core 3.1 < 3.1.29. An unauthenticated,
remote attacker can exploit this, by sending a customized payload that is parsed during model binding, to cause a
stack overflow, which may cause the application to stop responding.
number.
See Also
92
http://www.nessus.org/u?cf2fdae6
http://www.nessus.org/u?775af4a9
Solution
Risk Factor
High
4.4
7.0 (E:F/RL:O/RC:C)
CVSS Base Score
CVSS Temporal Score
STIG Severity
I
References
CVE CVE-2022-38013
XREF MSKB-5017915
XREF MSKB-5017903
Exploitable with
Plugin Information:
Ports

166555 - WinVerifyTrust Signature Validation CVE-2013-3900 Mitigation (EnableCertPaddingCheck)

Synopsis
93
The remote Windows host is potentially missing a mitigation for a remote code execution vulnerability.
Description
The remote system may be in a vulnerable state to CVE-2013-3900 due to a missing or misconfigured registry keys:
- HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Wintrust\Config\EnableCertPaddingCheck
- HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Cryptography\Wintrust\Config
\EnableCertPaddingCheck An unauthenticated, remote attacker could exploit this, by sending specially crafted
requests, to execute arbitrary code on an affected host.
See Also
http://www.nessus.org/u?9780b9d2
Solution
Add and enable registry value EnableCertPaddingCheck:
Additionally, on 64 Bit OS systems, Add and enable registry value EnableCertPaddingCheck:
\EnableCertPaddingCheck
Risk Factor
High
8.9
7.8 (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
7.5 (E:H/RL:O/RC:C)
CVSS Base Score
7.6 (AV:N/AC:H/Au:N/C:C/I:C/A:C)
CVSS Temporal Score
6.6 (E:H/RL:OF/RC:C)
STIG Severity
II
References
CVE CVE-2013-3900
XREF CISA-KNOWN-EXPLOITED-2022/07/10
XREF IAVA-2013-A-0227
Exploitable with
Plugin Information:
Ports
Nessus detected the following potentially insecure registry key configuration:

- Software\Microsoft\Cryptography\Wintrust\Config\EnableCertPaddingCheck is not present in the
registry.
- Software\Wow6432Node\Microsoft\Cryptography\Wintrust\Config\EnableCertPaddingCheck is not
present in the registry.
168747 - Security Updates for Microsoft .NET Core (December 2022)
94
Synopsis
The Microsoft .NET core installations on the remote host are affected by remote code execution vulnerability.
Description
A remote code execution vulnerability exists in .NET Core 3.1, .NET 6.0, and .NET 7.0, where a malicious actor could
cause a user to run arbitrary code as a result of parsing maliciously crafted xps files.
number.
See Also
Solution
Update .NET Core Runtime to version 3.1.32 or 6.0.12 or 7.0.1.
Risk Factor
High
6.7
6.8 (E:U/RL:O/RC:C)
CVSS Base Score
7.2 (AV:L/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score
STIG Severity
I
References
CVE CVE-2022-41089
XREF MSKB-5021955
XREF MSKB-5021954
XREF MSKB-5021953
Exploitable with
Plugin Information:
Ports
95

Synopsis
The Microsoft ASP.NET core installations on the remote host are affected by remote code execution vulnerability.
Description
A remote code execution vulnerability exists in ASP.NET core 3.1, ASP.NET 6.0, and ASP.NET 7.0, where a
malicious actor could cause a user to run arbitrary code as a result of parsing maliciously crafted xps files.
number.
See Also
Solution
Update ASP.NET Core Runtime to version 3.1.32 or 6.0.12 or 7.0.1.
Risk Factor
High
6.7
6.8 (E:U/RL:O/RC:C)
CVSS Base Score
CVSS Temporal Score
STIG Severity
I
References
CVE CVE-2022-41089
XREF MSKB-5021955
XREF MSKB-5021954
XREF MSKB-5021953
Exploitable with
96
Plugin Information:
Ports


168980 - Enumerate the PATH Variables

Synopsis
Enumerates the PATH variable of the current scan user.
Description
Enumerates the PATH variables of the current scan user.
Solution
Ensure that directories listed here are in line with corporate policy.
Risk Factor
None
Exploitable with
Plugin Information:
Ports
Nessus has enumerated the path of the current scan user :
C:\Windows\system32
C:\Windows
C:\Windows\System32\Wbem
C:\Windows\System32\WindowsPowerShell\v1.0\
C:\Windows\System32\OpenSSH\
C:\Program Files\dotnet\
C:\Program Files (x86)\dotnet\
C:\Program Files\Microsoft SQL Server\Client SDK\ODBC\170\Tools\Binn\
C:\Program Files\Microsoft SQL Server\150\Tools\Binn\
C:\Users\vaadmin\AppData\Local\Microsoft\WindowsApps
169783 - Security Updates for Windows Malicious Software Removal Tool (January 2023)
Synopsis
The remote Windows host has an antimalware application that is affected by a privilege escalation vulnerability.
Description
The Windows Malicious Software Removal Tool installation on the remote host is missing a security update. It is,
therefore, affected by the following vulnerability:
- An elevation of privilege vulnerability. An attacker can exploit this to gain elevated privileges.
(CVE-2023-21725)
See Also
http://www.nessus.org/u?867b0b4e
Solution
Microsoft has released version 5.109 to address this issue.
Risk Factor
97
Medium
6.0
6.3 (AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H)
5.9 (E:F/RL:O/RC:C)
CVSS Base Score
5.5 (AV:L/AC:H/Au:S/C:N/I:C/A:C)
CVSS Temporal Score
References
CVE CVE-2023-21725
Exploitable with
Plugin Information:
Ports
Product : Microsoft Malicious Software Removal Tool

Fixed version : 5.109.19957.1
170631 - Host Active Directory Configuration (Windows)

Synopsis
The remote host is joined to an Active Directory domain.
Description
The remote host is joined to an Active Directory domain and it was possible to retrieve certain Active Directory
configuration attributes, including:
- Domain Name
- Common Name
- samAccountName
- Domain Role
- DNS Name
- Record Name
- Distinguished Name
See Also
http://www.nessus.org/u?56077cfb
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
Ports
98
Common Name : CN=LKAZADCONNECT
SamAccountName : LKAZADCONNECT$
Domain Role : MemberServer
Domain : adl.local
Lowest Subdomain : ADL
DNS Name : LKAZADCONNECT
Distinguished Name : CN=LKAZADCONNECT,OU=Servers,DC=adl,DC=local
Record Name : LKAZADCONNECT
171410 - IP Assignment Method Detection

Synopsis
Enumerates the IP address assignment method(static/dynamic).
Description
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
Ports
+ Loopback Pseudo-Interface 1
+ IPv4
- Address : 127.0.0.1
Assign Method : static
+ IPv6
- Address : ::1
+ Ethernet
+ IPv4
- Address : 192.168.33.5
171860 - Curl Installed (Windows)

Synopsis
Curl is installed on the remote Windows host.
Description
Curl, a command line tool for transferring data with URLs, was detected on the remote Windows host.
Please note, if the installation is located in either the Windows\System32 or Windows\SysWOW64 directory, it will
be considered as managed by the OS. In this case, paranoid scanning is require to trigger downstream vulnerabilty
checks. Paranoid scanning has no affect on this plugin itself.
See Also
https://curl.se/
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
Ports
99
Nessus detected 2 installs of Curl:
Path : C:\Windows\SysWOW64\curl.exe
Version : 8.4.0.0
Managed by OS : True
Path : C:\Windows\System32\curl.exe
Version : 8.4.0.0
171956 - Windows Enumerate Accounts

Synopsis
Enumerate Windows accounts.
Description
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
Ports
Windows accounts enumerated. Results output to DB.
User data gathered in scan starting at : 2024/1/17 5:27 EST
172178 - ASP.NET Core SEoL

Synopsis
An unsupported version of ASP.NET Core is installed on the remote host.
Description
According to its version, the ASP.NET Core installed on the remote host is no longer maintained by its vendor or
provider.
Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it may
contain security vulnerabilities.
See Also
http://www.nessus.org/u?89faa62b
Solution
Upgrade to a version of ASP.NET Core that is currently supported.
Risk Factor
Critical
10.0 (AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
CVSS Base Score
10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Exploitable with
Plugin Information:
100
Ports
Path : C:\Program Files\dotnet\shared\Microsoft.AspNetCore.App

\5.0.11
Security End of Life : May 10, 2022
Time since Security End of Life (Est.) : >= 1 year

\3.1.20
Security End of Life : December 13, 2022
Path : C:\Program Files (x86)\dotnet\shared

\Microsoft.AspNetCore.App\5.0.11

172179 - Microsoft .NET Core SEoL

Synopsis
An unsupported version of Microsoft .NET Core is installed on the remote host.
Description
According to its version, the Microsoft .NET Core installed on the remote host is no longer maintained by its vendor or
provider.
See Also
Solution
Upgrade to a version of Microsoft .NET Core that is currently supported.
Risk Factor
Critical
CVSS Base Score
Exploitable with
Plugin Information:
Ports
Path : C:\Program Files\dotnet\shared\Microsoft.NetCore.App

\5.0.11\
101

\3.1.20\
174413 - Microsoft ODBC Driver for SQL Server Installed (Windows)

Synopsis
Microsoft ODBC Driver for SQL Server is installed on the remote Windows host.
Description
Microsoft ODBC Driver for SQL Server is installed on the remote Windows host.
See Also
http://www.nessus.org/u?3e257554
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
Ports
Path : C:\Windows\System32\msodbcsql17.dll
Version : 17.10.5.1
176212 - Microsoft Edge Add-on Enumeration (Windows)

Synopsis
One or more Microsoft Egde browser extensions are installed on the remote host.
Description
Nessus was able to enumerate Microsoft Edge browser extensions installed on the remote host.
See Also
https://microsoftedge.microsoft.com/addons
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
Ports
User : Thilaksha_106310a
|- Browser : Microsoft Edge
|- Add-on information :
102
Name : unknown
Version : 1.69.5
Path : C:\Users\Thilaksha_106310a\AppData\Local\Microsoft\Edge\User Data\Default\Extensions
\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.69.5_0
Name : Edge relevant text changes

Description : Edge relevant text changes on select websites to improve user experience and
precisely surfaces the action they want to take.
Version : 1.2.0
Path : C:\Users\Thilaksha_106310a\AppData\Local\Microsoft\Edge\User Data\Default
\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha\1.2.0_0
178102 - Microsoft Windows Installed Software Version Enumeration

Synopsis
Enumerates installed software versions.
Description
This plugin enumerates the installed software version by interrogating information obtained from various registry
entries and files on disk. This plugin provides a best guess at the software version and a confidence level for that
version.
Note that the versions detected here do not necessarily indicate the actual installed version nor do they necessarily
mean that the application is actually installed on the remote host. In some cases there may be artifacts left behind by
uninstallers on the system.
Solution
Risk Factor
None
Exploitable with
Plugin Information:
Ports
The following software information is available on the remote host :
- Microsoft Monitoring Agent

Best Confidence Version : 10.20.18064.0
Version Confidence Level : 2
All Possible Versions : 10.20.18064.0
Other Version Data
[VersionMajor] :
Raw Value : 10
[Version] :
Raw Value : 169100944
[DisplayName] :
Raw Value : Microsoft Monitoring Agent
[UninstallString] :
Raw Value : MsiExec.exe /I{F2F6A09E-8BE3-484E-BA48-888AFEC5F20A}
[InstallDate] :
Raw Value : 2022/04/26
[DisplayVersion] :
Raw Value : 10.20.18064.0
[VersionMinor] :
Raw Value : 20
- Microsoft .NET Core Host FX Resolver - 3.1.20 (x64)

Best Confidence Version : 24.80.30521
All Possible Versions : 24.80.30521
Other Version Data
[VersionMajor] :
Raw Value : 24
[Version] :
Raw Value : 407926585
103
[DisplayName] :
Raw Value : Microsoft .NET Core Host FX Resolver - 3.1.20 (x64)
[UninstallString] :
Raw Value : MsiExec.exe /X{6B6BB193-15B3-4493-914B-19A4B4CE50EF}
[InstallDate] :
Raw Value : 2021/11/03
[DisplayVersion] :
Raw Value : 24.80.30521
[VersionMinor] :
Raw Value : 80
- Microsoft ASP.NET Core 5.0.11 Shared Framework (x64)

All Possible Versions : 131.136.24721, 5.0.11.21476
Other Version Data
[VersionMajor] :
Raw Value : 5
[Version] :
Raw Value : 83886091
Parsed Version : 131.136.24721
[DisplayName] :
Raw Value : Microsoft ASP.NET Core 5.0.11 Shared Framework (x64)
[...]
179947 - Intel CPUID detection

Synopsis
The processor CPUID was detected on the remote host.
Description
The CPUID of the Intel processor was detected on the remote host.
See Also
https://www.intel.com
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
Ports
Nessus was able to extract the following cpuid: 00000
186777 - KB5033118: Windows 2022 / Azure Stack HCI 22H2 Security Update (December 2023)
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing security update 5033118 or Azure HotPatch 5033464. It is, therefore, affected by
multiple vulnerabilities
- Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability (CVE-2023-36006)
- Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability (CVE-2023-36696)
- Win32k Elevation of Privilege Vulnerability (CVE-2023-36011)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.
See Also
104
Solution
Apply Security Update 5033118 or Azure HotPatch 5033464
Risk Factor
Critical
8.4
8.8 (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
7.9 (E:P/RL:O/RC:C)
CVSS Base Score
CVSS Temporal Score
STIG Severity
I
References
CVE CVE-2023-36696
CVE CVE-2023-36012
CVE CVE-2023-36011
CVE CVE-2023-36006
CVE CVE-2023-36005
CVE CVE-2023-36004
CVE CVE-2023-36003
CVE CVE-2023-35644
CVE CVE-2023-35643
CVE CVE-2023-35642
CVE CVE-2023-35641
CVE CVE-2023-35639
CVE CVE-2023-35638
CVE CVE-2023-35630
CVE CVE-2023-35628
CVE CVE-2023-35622
CVE CVE-2023-21740
CVE CVE-2023-20588
105
XREF MSKB-5033464
XREF MSKB-5033118
Exploitable with
Plugin Information:
Ports
The remote host is missing one of the following rollup KBs :

- 5033118
- 5033464
- C:\Windows\system32\ntoskrnl.exe has not been patched.

Remote version : 10.0.20348.2110
Should be : 10.0.20348.2141
187318 - Microsoft Windows Installed

Synopsis
The remote host is running Microsoft Windows.
Description
See Also
https://www.microsoft.com/en-us/windows
https://www.microsoft.com/en-us/windows-server
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
Ports
OS Name : Microsoft Windows Server 2022 21H2

Vendor : Microsoft
Product : Windows Server
Release : 2022 21H2
Edition : Datacenter
Version : 10.0.20348.2113
Role : server
Kernel : Windows NT 10.0
Architecture : x64
CPE v2.2 : cpe:/o:microsoft:windows_server_2022:10.0.20348.2113:-
CPE v2.3 :
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.2113:-:any:*:datacenter:*:x64:*
106
Type : local
Method : SMB
Confidence : 100
187790 - KB5034129: Windows 2022 / Azure Stack HCI 22H2 Security Update (January 2024)
Synopsis
Description
The remote Windows host is missing security update 5034129. It is, therefore, affected by multiple vulnerabilities
- Microsoft ODBC Driver Remote Code Execution Vulnerability (CVE-2024-20654)
- BitLocker Security Feature Bypass Vulnerability (CVE-2024-20666)
- Windows Kerberos Security Feature Bypass Vulnerability (CVE-2024-20674)
number.
See Also
Solution
Apply Security Update 5034129
Risk Factor
High
8.4
8.0 (AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H)
7.2 (E:P/RL:O/RC:C)
CVSS Base Score
9.0 (AV:N/AC:L/Au:S/C:C/I:C/A:C)
CVSS Temporal Score
STIG Severity
I
References
CVE CVE-2024-21320
CVE CVE-2024-21316
CVE CVE-2024-21314
CVE CVE-2024-21313
CVE CVE-2024-21311
CVE CVE-2024-21310
CVE CVE-2024-21309
CVE CVE-2024-21307
CVE CVE-2024-21306
CVE CVE-2024-21305
CVE CVE-2024-20700
107
CVE CVE-2024-20699
CVE CVE-2024-20698
CVE CVE-2024-20696
CVE CVE-2024-20694
CVE CVE-2024-20692
CVE CVE-2024-20691
CVE CVE-2024-20687
CVE CVE-2024-20683
CVE CVE-2024-20682
CVE CVE-2024-20681
CVE CVE-2024-20680
CVE CVE-2024-20674
CVE CVE-2024-20666
CVE CVE-2024-20664
CVE CVE-2024-20663
CVE CVE-2024-20662
CVE CVE-2024-20661
CVE CVE-2024-20660
CVE CVE-2024-20658
CVE CVE-2024-20657
CVE CVE-2024-20655
CVE CVE-2024-20654
CVE CVE-2024-20653
CVE CVE-2024-20652
CVE CVE-2022-35737
XREF MSKB-5034129
Exploitable with
Plugin Information:
108
Ports

- 5034129

Should be : 10.0.20348.2227
187859 - Security Update for Microsoft .NET Core (January 2024)

Synopsis
The remote Windows host is affected by a .NET Core vulnerability
Description
The version of tested product installed on the remote host is prior to tested version. It is, therefore, affected by multiple
vulnerabilities as referenced in the 2024_Jan_09 advisory.
- NET, .NET Framework, and Visual Studio Security Feature Bypass Vulnerability (CVE-2024-0057)
- .NET Denial of Service Vulnerability (CVE-2024-20672)
number.
See Also
http://www.nessus.org/u?60479684
https://dotnet.microsoft.com/en-us/download/dotnet/7.0
https://dotnet.microsoft.com/en-us/download/dotnet/8.0
http://www.nessus.org/u?7cc3c135
http://www.nessus.org/u?f9bea036
Solution
Update .NET Core, remove vulnerable packages and refer to vendor advisory.
Risk Factor
High
6.0
9.1 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N)
7.9 (E:U/RL:O/RC:C)
CVSS Base Score
9.4 (AV:N/AC:L/Au:N/C:C/I:C/A:N)
CVSS Temporal Score
109
STIG Severity
I
References
CVE CVE-2024-20672
CVE CVE-2024-0057
Exploitable with
Plugin Information:
Ports
Path : C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\

187901 - Security Updates for Microsoft .NET Framework (January 2024)

Synopsis
The Microsoft .NET Framework installation on the remote host is missing a security update.
Description
The Microsoft .NET Framework installation on the remote host is missing a security update. It is, therefore, affected by
multiple vulnerabilities, as follows:
- Denial of service vulnerability in Microsoft .NET Framework. (CVE-2023-36042, CVE-2024-21312)
- Security feature bypass in System.Data.SqlClient SQL data provider. An attacker can perform a man-in-the-middle
attack on the connection between the client and server in order to read and modify the TLS traffic. (CVE-2024-0056)
- Security feature bypass in applications that use the X.509 chain building APIs. When processing an untrusted
certificate with malformed signatures, the framework returns an incorrect reason code.
Applications which make use of this reason code may treat this scenario as a successful chain build, potentially
bypassing the application's typical authentication logic. (CVE-2024-0057)
See Also
http://www.nessus.org/u?a8f77e6e
110
Solution
Microsoft has released security updates for Microsoft .NET Framework.
Risk Factor
High
7.1
7.9 (E:U/RL:O/RC:C)
CVSS Base Score
CVSS Temporal Score
STIG Severity
I
References
CVE CVE-2024-21312
CVE CVE-2024-0057
CVE CVE-2024-0056
CVE CVE-2023-36042
111
XREF MSKB-5033948
XREF MSKB-5033947
XREF MSKB-5033946
XREF MSKB-5033945
XREF MSKB-5033922
XREF MSKB-5033920
XREF MSKB-5033919
XREF MSKB-5033918
XREF MSKB-5033917
XREF MSKB-5033916
XREF MSKB-5033914
XREF MSKB-5033912
XREF MSKB-5033911
XREF MSKB-5033910
112
XREF MSKB-5033909
XREF MSKB-5033907
XREF MSKB-5033904
XREF MSKB-5033899
XREF MSKB-5033898
Exploitable with
Plugin Information:
Ports
Microsoft .NET Framework 4.8

Cumulative
- 5033914
C:\Windows\Microsoft.NET\Framework\v4.0.30319\system.web.dll has not been patched.

Should be : 4.8.4690.0
187966 - Microsoft Edge (Chromium) < 120.0.2336.0 Multiple Vulnerabilities

Synopsis
The remote host has an web browser installed that is affected by multiple vulnerabilities.
Description
The version of Microsoft Edge installed on the remote Windows host is prior to 120.0.2336.0. It is, therefore, affected
by multiple vulnerabilities as referenced in the January 11, 2024 advisory.
- Insufficient data validation in Extensions in Google Chrome prior to 120.0.6099.216 allowed an attacker in a
privileged network position to install a malicious extension via a crafted HTML page. (Chromium security severity:
High) (CVE-2024-0333)
- Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability (CVE-2024-20675)
- Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability (CVE-2024-21337)
number.
See Also
http://www.nessus.org/u?3844aad0
Solution
Upgrade to Microsoft Edge version 120.0.2336.0 or later.
Risk Factor
High
113
7.4
6.3 (AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L)
5.5 (E:U/RL:O/RC:C)
CVSS Base Score
7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS Temporal Score
References
CVE CVE-2024-21337
CVE CVE-2024-20721
CVE CVE-2024-20709
CVE CVE-2024-20675
CVE CVE-2024-0333
Exploitable with
Plugin Information:
Ports

10863 - SSL Certificate Information

Synopsis
This plugin displays the SSL certificate.
Description
This plugin connects to every SSL-related port and attempts to extract and dump the X.509 certificate.
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
Ports
Subject Name:
Issuer Name:
114
Serial Number: 19 9B 64 02 D2 7C D7 A5 4C BD 38 6E FA 2A 3E 3E
Version: 3

Public Key Info:

Public Key: 00 C2 58 08 7D 8D A0 90 F0 B9 95 0C DF 3D B0 92 BE DB C5 E8
51 AA 67 3E 7F 11 F2 76 09 CC C5 02 98 35 2F D0 0F 1A AC 28
68 4D F0 D5 3E 23 DD E8 5D 9F 78 89 94 7B 3D 06 C0 37 2B 9D
22 BA 58 D2 71 56 2A CA FF 79 A6 69 E9 BF 40 4B F0 64 AD 79
07 D5 97 80 98 3A 3B 39 0F 80 B2 1F 42 4B 6B 3D 9F 86 EF 10
1D B9 C7 11 AC 01 71 EB E0 36 8B 5F 43 7C D3 7E F3 9A 9E 39
FE 87 A3 AD 0C 00 F0 1E D0 74 5E 90 50 46 E7 E0 09 63 64 EC
CC 83 8F D6 2A 7D A8 5C EC 11 38 2D 4D ED 2D 3D 07 4B 00 B8
17 09 8E DD 0A D2 B6 5B 88 CD F1 30 2F D9 8C B2 58 0B B9 87
23 A2 EF 5E FE A3 15 51 B9 F2 4B D6 3C 4E 6A 90 3B F6 28 FD
14 86 BE 8E 26 DD 57 BE ED CB 04 28 86 88 7F BD E5 D3 0C FE
F1 79 AC EF CE E4 23 C9 EA 6E 01 05 AA 7F 44 64 10 52 93 35
A0 F0 15 6C 75 0B A9 3D 9A 27 5F 2F DD 44 91 01 35
Exponent: 01 00 01

Signature: 00 15 D6 01 FB F5 CA 83 C9 6A 3B 08 1B 55 C1 9F 15 38 6C F5
2D 7A 65 65 2E DE DE 5D EB 5E 2B D8 D2 E0 0E A5 96 68 1F 0F
EB 81 0F 38 D4 C0 6B 9E FE 31 E2 DC A3 E4 C3 03 05 5C 74 A9
1A A1 E2 74 E7 B8 07 36 A6 E4 C4 8D 22 A4 EC 45 B0 E9 1C 73
84 A5 97 19 C0 4A 5D B4 7E 77 71 EC 06 D6 06 91 9C 73 30 16
45 CA 16 AF 98 02 DD 52 BA 17 99 05 05 7D 46 AB A9 E6 53 78
A3 77 9B DD 75 95 87 D2 EA A0 96 7D BD 56 EC 46 03 9E 7F D0
64 9D B1 2F 90 5B AB 26 20 38 A4 D8 2E 28 8F AE 20 BC 5D 07
B2 77 55 A2 67 08 8E D3 06 D0 BB D0 FC 98 1D 2A 8D 0D 83 CA
[...]
11217 - Microsoft SQL Server Detection (credentialed check)

Synopsis
The remote host has a database server installed.
Description
Nessus has detected one or more installs of Microsoft SQL server by examining the registry and file systems on the
remote host.
See Also
http://www.nessus.org/u?e45407e9
Solution
Ensure the latest service pack and hotfixes are installed.
Risk Factor
None
References
Exploitable with
Plugin Information:
Ports
Version : 15.0.4138.2
Edition : Express Edition
115
Path : C:\Program Files\Microsoft SQL Server\150\LocalDB\Binn\
Named Instance : MSSQL15E.LOCALDB
34096 - BIOS Info (WMI)

Synopsis
The BIOS info could be read.
Description
It is possible to get information about the BIOS via the host's WMI interface.
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
Ports
Vendor : Microsoft Corporation

Version : Hyper-V UEFI Release v4.1
Release date : 20230712000000.000000+000
UUID : 6A59EBA2-0C68-46BC-902A-FE950C42B5BB
Secure boot : disabled
51351 - Microsoft .NET Framework Detection

Synopsis
A software framework is installed on the remote host.
Description
Microsoft .NET Framework, a software framework for Microsoft Windows operating systems, is installed on the remote
host.
See Also
https://www.microsoft.com/net
http://www.nessus.org/u?15ae6806
Solution
N/A
Risk Factor
None
References
Exploitable with
Plugin Information:
Ports
Nessus detected 2 installs of Microsoft .NET Framework:
Path : C:\Windows\Microsoft.NET\Framework64\v4.0.30319\
Version : 4.8
116
Full Version : 4.8.04161
Install Type : Full
Release : 528449
Version : 4.8
Install Type : Client
Release : 528449
54615 - Device Type

Synopsis
It is possible to guess the remote device type.
Description
Based on the remote operating system, it is possible to determine what the remote system type is (eg: a printer,
router, general-purpose computer, etc).
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
Ports
Remote device type : general-purpose
56468 - Time of Last System Startup

Synopsis
The system has been started.
Description
Using the supplied credentials, Nessus was able to determine when the host was last started.
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
Ports
20231220190142.202877+330
57033 - Microsoft Patch Bulletin Feasibility Check

Synopsis
Nessus is able to check for Microsoft patch bulletins.
Description
Using credentials supplied in the scan policy, Nessus is able to collect information about the software and patches
installed on the remote Windows host and will use that information to check for missing Microsoft security updates.
Note that this plugin is purely informational.
117
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
Ports
Nessus is able to test for missing patches using :

Nessus
86420 - Ethernet MAC Addresses

Synopsis
This plugin gathers MAC addresses from various sources and consolidates them into a list.
Description
This plugin gathers MAC addresses discovered from both remote probing of the host (e.g. SNMP and Netbios) and
from running local checks (e.g. ifconfig). It then consolidates the MAC addresses into a single, unique, and uniform
list.
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
Ports
The following is a consolidated list of detected MAC addresses:
- 00:0D:3A:07:FD:41
92369 - Microsoft Windows Time Zone Information

Synopsis
Nessus was able to collect and report time zone information from the remote host.
Description
Nessus was able to collect time zone information from the remote Windows host and generate a report as a CSV
attachment.
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
Ports
118
HKLM\SYSTEM\CurrentControlSet\Control\TimeZoneInformation\TimeZoneKeyName : Sri Lanka Standard
Time
HKLM\SYSTEM\CurrentControlSet\Control\TimeZoneInformation\StandardName : @tzres.dll,-532
HKLM\SYSTEM\CurrentControlSet\Control\TimeZoneInformation\DaylightName : @tzres.dll,-531
HKLM\SYSTEM\CurrentControlSet\Control\TimeZoneInformation\DynamicDaylightTimeDisabled : 0x00000000
HKLM\SYSTEM\CurrentControlSet\Control\TimeZoneInformation\StandardBias : 0x00000000
HKLM\SYSTEM\CurrentControlSet\Control\TimeZoneInformation\DaylightBias : 0xFFFFFFC4
HKLM\SYSTEM\CurrentControlSet\Control\TimeZoneInformation\Bias : 0xFFFFFEB6
HKLM\SYSTEM\CurrentControlSet\Control\TimeZoneInformation\DaylightStart :
00000000000000000000000000000000
HKLM\SYSTEM\CurrentControlSet\Control\TimeZoneInformation\StandardStart :
00000000000000000000000000000000
92428 - Recent File History

Synopsis
Nessus was able to enumerate recently opened files on the remote host.
Description
Nessus was able to gather evidence of files opened by file type from the remote host.
See Also
https://www.4n6k.com/2014/02/forensics-quickie-pinpointing-recent.html
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
Ports
C:\\Users\vaadmin\AppData\Roaming\Microsoft\Windows\Recent\desktop.ini
Recent files found in registry and appdata attached.
92429 - Recycle Bin Files

Synopsis
Nessus was able to enumerate files in the recycle bin on the remote host.
Description
Nessus was able to generate a list of all files found in $Recycle.Bin subdirectories.
See Also
http://www.nessus.org/u?0c1a03df
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
Ports
119
[...]
108712 - Microsoft .NET Core SDK for Windows

Synopsis
.NET Core SDK is installed on the remote Windows host.
Description
.NET Core SDK, a managed software framework, is installed on the remote Windows host.
See Also
Solution
N/A
Risk Factor
None
References
Exploitable with
Plugin Information:
Ports
Path : C:\\program files\dotnet\\sdk\6.0.417

Version : 6.0.417
File Version : 6.4.1723.52326
125835 - Microsoft Remote Desktop Connection Installed

Synopsis
A graphical interface connection utility is installed on the remote Windows host
Description
Microsoft Remote Desktop Connection (also known as Remote Desktop Protocol or Terminal Services Client) is
installed on the remote Windows host.
See Also
http://www.nessus.org/u?1c33f0e7
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
Ports
Path : C:\Windows\\System32\\mstsc.exe
Version : 10.0.20348.1850
159929 - Windows LSA Protection Status

Synopsis
120
Windows LSA Protection is disabled on the remote Windows host.
Description
The LSA Protection validates users for local and remote sign-ins and enforces local security policies to prevent
reading memory and code injection by non-protected processes. This provides added security for the credentials that
the LSA stores and manages. This protects against Pass-the-Hash or Mimikatz-style attacks.
Solution
Enable LSA Protection per your corporate security guidelines.
Risk Factor
None
Exploitable with
Plugin Information:
Ports
LSA Protection Key \SYSTEM\CurrentControlSet\Control\Lsa\RunAsPPL not found.
161167 - Security Updates for Microsoft .NET core (May 2022)

Synopsis
Description
multiple denial of service vulnerabilities:
- A vulnerability where a malicious client can cause a denial of service via excess memory allocations through
HttpClient. (CVE-2022-23267)
- A vulnerability where a malicious client can manipulate cookies and cause a denial of service. (CVE-2022-29117)
- A vulnerability where a malicious client can cause a denial of service when HTML forms are parsed.
(CVE-2022-29145)
number.
See Also
http://www.nessus.org/u?3b99f604
http://www.nessus.org/u?b1b0aff4
http://www.nessus.org/u?39d07c32
Solution
Risk Factor
Medium
4.4
121
7.0 (E:F/RL:O/RC:C)
CVSS Base Score
5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVSS Temporal Score
STIG Severity
I
References
CVE CVE-2022-29145
CVE CVE-2022-29117
CVE CVE-2022-23267
Exploitable with
Plugin Information:
Ports


161502 - Microsoft Windows Logged On Users

Synopsis
Nessus was able to determine the logged on users from the registry
Description
Using the HKU registry, Nessus was able to enuemrate the SIDs of logged on users
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
Ports
Logged on users :
- S-1-5-21-2016934633-2723708669-2290440068-7636
Domain : ADL
Username : Damith_106321a
166054 - Security Updates for Microsoft .NET Core (October 2022)
122
Synopsis
The Microsoft .NET core installations on the remote host are affected by a privilege escalation vulnerability.
Description
A privilege escalation vulnerability exists in .NET core 6.0 < 6.0.10 and .NET Core 3.1 < 3.1.30. An authenticated,
local attacker can exploit this, via the NuGet client, to cause the user to execute arbitrary code.
number.
See Also
http://www.nessus.org/u?1a5250e3
http://www.nessus.org/u?0eafd070
Solution
Risk Factor
Medium
7.4
7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
7.2 (E:F/RL:O/RC:C)
CVSS Base Score
6.8 (AV:L/AC:L/Au:S/C:C/I:C/A:C)
CVSS Temporal Score
STIG Severity
I
References
CVE CVE-2022-41032
XREF MSKB-5019351
XREF MSKB-5019349
Exploitable with
Plugin Information:
123
Ports

174405 - Microsoft OLE DB Driver for SQL Server Installed (Windows)

Synopsis
Microsoft OLE DB Driver for SQL Server is installed on the remote Windows host.
Description
Microsoft OLE DB Driver for SQL Server is installed on the remote Windows host.
See Also
http://www.nessus.org/u?f30efb87
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
Ports
Path : C:\Windows\System32\msoledbsql.dll
Version : 18.6.7.0
124
lkazbackupresto
Scan Information
Start time: 2024/01/17 10:30
End time: 2024/01/17 11:04

Host Information
DNS Name: lkazbackupresto.adl.local
Netbios Name: LKAZBACKUPRESTO

Results Summary
3 5 3 0 145 156
Results Details
/
Synopsis
Description
Solution
N/A
Risk Factor
None
References
Exploitable with
Plugin Information:
Ports
lkazbackupresto (TCP/5985) Vulnerability State: Active


Synopsis
Description
protocols.
125
Solution
Risk Factor
None
0.8
References
CVE CVE-1999-0524
XREF CWE-200
Exploitable with
Plugin Information:
Ports
lkazbackupresto (ICMP/0) Vulnerability State: Active
The ICMP timestamps seem to be in little endian format (not in network format)

Synopsis
Description
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
Ports
lkazbackupresto (UDP/137) Vulnerability State: Active
LKAZBACKUPRESTO = Computer name

LKAZBACKUPRESTO = File Server Service
00:22:48:5a:cb:6d

Synopsis
Description
Solution
N/A
126
Risk Factor
None
Exploitable with
Plugin Information:
Ports
192.168.33.11
192.168.33.8
Hop Count: 1

Synopsis
Description
- Guest account
See Also
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
Ports
lkazbackupresto (TCP/445) Vulnerability State: Resurfaced

Synopsis
Description
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
127
Ports
- ADMIN$
- C$
- D$
- IPC$
- MTATempStore$

Synopsis
Description
Solution
'permissions'.
Risk Factor
None
Exploitable with
Plugin Information:
Ports
- MTATempStore$ - (readable,writable)
..
pagefile.sys
BKP Restore
Packages
PerfLogs
Program Files
Program Files (x86)
ProgramData
Recovery
Users
Windows
WindowsAzure
..
ADFS
appcompat
apppatch
128
AppReadiness
assembly
bcastdvr
bfsvc.exe
Boot
bootstat.dat
Branding
CbsTemp
Containers
CSC
Cursors
debug
DfsrAdmin.exe
DfsrAdmin.exe.config
diagnostics
DigitalLocker
drivers
DtcInstall.log
ELAMBKUP
en-US
explorer.exe
Fonts
Globalization
Help
HelpPane.exe
hh.exe
IdentityCRL
IME
INF
InputMethod
Installer
L2Schemas
LiveKernelReports
Logs
lsasetup.log
media
mib.bin
Microsoft.NET
Migration
ModemLogs
notepad.exe
OCR
OEM
Offline Web Pages
Panther
Performance
PFRO.log
PLA
PolicyDefinitions
Prefetch
PrintDialog
Provisioning
regedit.exe
Registration
RemotePackages
rescache
Resources
SchCache
schemas
security
ServiceProfiles
ServiceState
servicing
Setup
ShellComponents
ShellExperiences
SKB
Speech
Speech_OneCore
splwow64.exe
129
System
system.ini
System32
SystemApps
SystemResources
SystemTemp
SysWOW64
TAPI
Tasks
Temp
TextInput
tracing
twain_32
twain_32.dll
Enumeration
Synopsis
Description
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
Ports

Synopsis
Description
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
Ports
Synopsis
Description
130
Solution
Risk Factor
None
References
Exploitable with
Plugin Information:
Ports
Active Services :

AVCTP service [ BthAvctpSvc ]
Device Setup Manager [ DsmSvc ]
HV Host Service [ HvHost ]
Network Connections [ Netman ]
Network Store Interface Service [ nsi ]
Program Compatibility Assistant Service [ PcaSvc ]
Performance Logs & Alerts [ pla ]
Plug and Play [ PlugPlay ]
IPsec Policy Agent [ PolicyAgent ]
Power [ Power ]
User Profile Service [ ProfSvc ]
Qualys Cloud Agent [ QualysAgent ]
Remote Access Connection Manager [ RasMan ]
131
RdAgent [ RdAgent ]
Remote Registry [ RemoteRegistry ]
RPC Endpoint Mapper [ RpcEptMapper ]
Remote Procedure Call (RPC) [ RpcSs ]
Special Administration Console Helper [ sacsvr ]
Security Accounts Manager [ SamSs ]
Task Scheduler [ Schedule ]
Windows Security Service [ SecurityHealthService [...]

Synopsis
Description
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
Ports

Named pipe : \PIPE\InitShutdown
Netbios name : \\LKAZBACKUPRESTO
Object UUID : b08669ee-8cb5-43a5-a017-84fe00000000

UUID : 76f226c3-ec14-4325-8a99-6a46348418af, version 1.0
Named pipe : \PIPE\InitShutdown
Object UUID : 00000000-0000-0000-0000-000000000000

Object UUID : 00000000-0000-0000-0000-000000000000


Named pipe : \pipe\lsass
132
Object UUID : 00000000-0000-0000-0000-000000000000

Annotation : KeyIso
Object UUID : 00000000-0000-0000-0000-000000000000

Object [...]
Object UUID : 00000000-0000-0000-0000-000000000000

TCP Port : 49671
IP : 192.168.33.8

TCP Port : 49664
IP : 192.168.33.8
Object UUID : 00000000-0000-0000-0000-000000000000

TCP Port : 49721
IP : 192.168.33.8

TCP Port : 49668
IP : 192.168.33.8
133
TCP Port : 49668
IP : 192.168.33.8
Object UUID : 00000000-0000-0000-0000-000000000000

Annotation : KeyIso
TCP Port : 49668
IP : 192.168.33.8
Object UUID : 00000000-0000-0000-0000-000000000000

TCP Port : 49668
IP : 192.168.33.8
Object UUID : 00000000-0000-0000-0000-000000000000

TCP Port : 49668
IP : 192.168.33.8
Object UUID : 00000000-0000-0000-0000-000000000000

TCP Port : 49668
IP : 192.168.33.8
Object UUID : 00000000-0000-0000-0000-000000000000

TCP Port : 49665
IP : 192.168.33.8
Object UUID : 00000000-0000-0000-0000-000000000000

TCP Port : 49695
IP : 192.168.33.8

134
Named pipe : WindowsShutdown

Named pipe : WMsgKRpc0ABD90

Named pipe : WindowsShutdown

Named pipe : WMsgKRpc0ABD90
Object UUID : 00000000-0000-0000-0000-000000000000

UUID : fc48cd89-98d6-4628-9839-86f7a3e4161a, version 1.0
Named pipe : dabrpc
Object UUID : 00000000-0000-0000-0000-000000000000

Named pipe : csebpub
Object UUID : 00000000-0000-0000-0000-000000000000

Named pipe : LRPC-cd6120d0851484108d
Object UUID : 3bdb59a0-d736-4d44-9074-c1ee00000003

UUID : f3f09ffd-fbcf-4291-944d-70ad6e0e73bb, version 1.0
Named pipe : LRPC-a2af0e3073dc5b958c
Object UUID : 0590fd16-ccf6-4e6e-bd7f-31997dca1094

UUID : 906b0ce0-c70b-1067-b317-00dd010662da, version 1.0
Description : Distributed Transaction Coordinator
Windows process : msdtc.exe
Named pipe : OLEC646BA169C77B26C583CF1190252
Object UUID : 0590fd16-ccf6-4e6e-bd7f-31997dca1094

UUID : 906b0ce0-c70b-1067-b317-00dd010662da, version 1.0
Description : Distributed Transaction [...]
Object UUID : 00000000-0000-0000-0000-000000000000

Description : IPsec Services (Windows XP & 2003)
TCP Port : 49669
IP : 192.168.33.8
Object UUID : 00000000-0000-0000-0000-000000000000

UUID : 0b6edbfa-4a24-4fc6-8a23-942b1eca65d1, version 1.0
TCP Port : 49669
IP : 192.168.33.8
135
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : ae33069b-a2a8-46ee-a235-ddfd339be281, version 1.0
TCP Port : 49669
IP : 192.168.33.8
Object UUID : 00000000-0000-0000-0000-000000000000

UUID : 4a452661-8290-4b36-8fbe-7f4093a94978, version 1.0
TCP Port : 49669
IP : 192.168.33.8
Object UUID : 00000000-0000-0000-0000-000000000000

UUID : 76f03f96-cdfd-44fc-a22c-64950a001209, version 1.0
TCP Port : 49669
IP : 192.168.33.8
Object UUID : 00000000-0000-0000-0000-000000000000

TCP Port : 49683
IP : 192.168.33.8
Object UUID : 00000000-0000-0000-0000-000000000000

TCP Port : 49666
IP : 192.168.33.8
Object UUID : 00000000-0000-0000-0000-000000000000

TCP Port : 49666
IP : 192.168.33.8

Synopsis
Description
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
136
Ports
Target Name: ADL

NetBIOS Computer Name: LKAZBACKUPRESTO
DNS Computer Name: LKAZBackupResto.adl.local

Synopsis
Description
See Also
Solution
appropriate value.
Risk Factor
None
Exploitable with
Plugin Information:
Ports
1-5-21-1965139271-2296524897-3907604036

Synopsis
Description
Solution
Risk Factor
None
Exploitable with
Plugin Information:
137
Ports
- DefaultAccount
- Guest


Synopsis
Description
Solution
Risk Factor
None
Exploitable with
Plugin Information:
Ports
- DefaultAccount
- Guest


Synopsis
Description
Solution
Risk Factor
None
Exploitable with
Plugin Information:
138
Ports
- DefaultAccount
- Guest

10900 - Microsoft Windows - Users Information : Passwords Never Expire

Synopsis
At least one user has a password that never expires.
Description
Using the supplied credentials, Nessus was able to list users that are enabled and whose passwords never expire.
Solution
Risk Factor
None
Exploitable with
Plugin Information:
Ports
The following user has a password that never expires :
- Honeuser

and change the 'Start UID' and/or 'End UID' preferences for this
plugin, then re-run the scan.

Synopsis
Description
Solution
Risk Factor
None
Exploitable with
Plugin Information:
139
Ports
- LKAZBackupResto\azadmin (User)
10919 - Open Port Re-check

Synopsis
Previously open ports are now closed.
Description
One of several ports that were previously open are now closed or unresponsive.
There are several possible reasons for this :
- The scan may have caused a service to freeze or stop running.
- An administrator may have stopped a particular service during the scanning process.
This might be an availability problem related to the following :
- A network outage has been experienced during the scan, and the remote network cannot be reached anymore by
the scanner.
- This scanner may has been blacklisted by the system administrator or by an automatic intrusion detection /
prevention system that detected the scan.
- The remote host is now down, either because a user turned it off during the scan or because a select denial of
service was effective.
In any case, the audit of the remote host might be incomplete and may need to be done again.
Solution
Steps to resolve this issue include :
- Increase checks_read_timeout and/or reduce max_checks.
- Disable any IPS during the Nessus scan
Risk Factor
None
References
Exploitable with
Plugin Information:
Ports
Port 60038 was detected as being open but is now closed

Synopsis
Description
the remote host).
Solution
Risk Factor
None
Exploitable with
140
Plugin Information:
Ports
Synopsis
Description
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
Ports

Synopsis
Description
See Also
Solution
Risk Factor
None
Exploitable with
Plugin Information:
141
Ports
Synopsis
Description
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
Ports
Method : SMB_OS
SinFP:!:
P1:B11113:F0x12:W65392:O0204ffff:M1410:
P2:B11113:F0x12:W65535:O0204ffff0103030801010402:M1410:
P3:B00000:F0x00:W0:O0:M0
P4:190704_7_p=49669
SSLcert:!:i/CN:LKAZBackupResto.adl.locals/CN:LKAZBackupResto.adl.local
7c0126e826ba29ee4ee8cead0542fcf1d40da575

Synopsis
Description
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
142
Ports
192.168.33.8 resolves as LKAZBackupResto.adl.local.

Synopsis
Description
See Also
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
Ports

\4.18.23110.3-0\
Version : 4.18.23110.3

Synopsis
Description
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
Ports
143


Synopsis
Description
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
Ports

Scanner OS : LINUX
Scan type : Normal
Scanner IP : 192.168.33.11
Port range : all
Thorough tests : no
Paranoia level : 1
Safe checks : yes
144
Max hosts : 100
Max checks : 5
Recv timeout : 5
Backports : None

Synopsis
Description
Solution
Risk Factor
None
References
Exploitable with
Plugin Information:
Ports
Google Chrome [version 120.0.6099.224] [installed on 2024/01/17]

Microsoft Monitoring Agent [version 10.20.18067.0] [installed on 2022/05/08]
2022/05/06]
Qualys Cloud Security Agent [version 5.4.0.10] [installed on 2023/12/07]
Microsoft Azure Backup Server DPM Protection Agent [version 13.0.415.0] [installed on
2022/05/06]
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 [version 11.0.61030] [installed on
2022/05/06]
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 [version 11.0.61030.0]

Synopsis
Description
See Also
Solution
145
N/A
Risk Factor
None
Exploitable with
Plugin Information:
Ports


Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

MAC
---------------------- ---------- --- ---- ---------------------
---
DES-CBC3-SHA 0x00, 0x0A RSA RSA 3DES-CBC(168)
SHA1

MAC
---------------------- ---------- --- ---- ---------------------
---
DHE-RSA-AES128-SHA256 0x00, 0x9E DH RSA AES-GCM(128)
SHA256
DHE-RSA-AES256-SHA384 0x00, 0x9F DH RSA AES-GCM(256)
SHA384
SHA256
SHA384
RSA-AES128-SHA256 0x00, 0x9C RSA RSA AES-GCM(128)
SHA256
RSA-AES256-SHA384 0x00, 0x9D RSA RSA AES-GCM(256)
SHA384
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDH RSA AES-CBC(128)
SHA1
SHA1
AES128-SHA 0x00, 0x2F RSA RSA AES-CBC(128)
SHA1
AES256-SHA 0x00, 0x35 RSA RSA AES-CBC(256)
SHA1
SHA256
SHA384
RSA-AES128-SHA256 0x00, 0x3C RSA [...]

Synopsis
Description
Solution
N/A
Risk Factor
146
None
Exploitable with
Plugin Information:
Ports


Synopsis
Description
Solution
Risk Factor
None
Exploitable with
Plugin Information:
Ports
shares :
+ C$ :
protectors_31bf3856ad364e35_10.0.17763.1697_none_5b402724c75d80d6\MsoIrmProtector.doc
protectors_31bf3856ad364e35_10.0.17763.1697_none_6594d176fbbe42d1\MsoIrmProtector.doc
protectors_31bf3856ad364e35_10.0.17763.1697_none_5b402724c75d80d6\MsoIrmProtector.ppt
protectors_31bf3856ad364e35_10.0.17763.1697_none_6594d176fbbe42d1\MsoIrmProtector.ppt
protectors_31bf3856ad364e35_10.0.17763.1697_none_5b402724c75d80d6\MsoIrmProtector.xls
protectors_31bf3856ad364e35_10.0.17763.1697_none_6594d176fbbe42d1\MsoIrmProtector.xls

Synopsis
Description
147
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
Ports

SSL : no
Keep-Alive : no
Headers :

Date: Wed, 17 Jan 2024 10:34:14 GMT
Connection: close
Content-Length: 315
Response Body :

SSL : no
Keep-Alive : no
Headers :

Date: Wed, 17 Jan 2024 10:34:14 GMT
Connection: close
Content-Length: 315
Response Body :

Synopsis
Description
configuration, etc.
See Also
Solution
148
N/A
Risk Factor
None
Exploitable with
Plugin Information:
Ports

Synopsis
Description
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
Ports


CPU0
Architecture : x64
Physical Cores: 2
Logical Cores : 4

None
Type : Unknown
Capacity : 1024 MB
None
Type : Unknown
Capacity : 15360 MB

Synopsis
Description
149
attached to them.
See Also
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
Ports

- MAC Address = 00:22:48:5A:CB:6D
- Network Interface = [00000006] Hyper-V Virtual Ethernet Adapter

- MAC Address = 00:15:5D:21:08:03
- IPAddress/IPSubnet = fe80::abb0:a12d:9a82:e40f/64
- Network Interface = [00000016] Mellanox ConnectX-3 Virtual Function Ethernet Adapter

- MAC Address = 00:22:48:5A:CB:6D

----------- ------- -------
0.0.0.0 0.0.0.0 192.168.33.1
127.0.0.0 255.0.0.0 0.0.0.0
127.0.0.1 255.255.255.255 0.0.0.0
127.255.255.255 255.255.255.255 0.0.0.0
169.254.0.0 255.255.0.0 0.0.0.0
169.254.206.161 255.255.255.255 0.0.0.0
169.254.255.255 255.255.255.255 0.0.0.0
192.168.33.0 255.255.255.0 0.0.0.0
192.168.33.8 255.255.255.255 0.0.0.0
192.168.33.255 255.255.255.255 0.0.0.0
224.0.0.0 240.0.0.0 0.0.0.0
224.0.0.0 240.0.0.0 0.0.0.0
224.0.0.0 240.0.0.0 0.0.0.0
255.255.255.255 255.255.255.255 0.0.0.0
255.255.255.255 255.255.255.255 0.0.0.0
255.255.255.255 255.255.255.255 0.0.0.0

Synopsis
Description
See Also
150
Solution
Risk Factor
None
Exploitable with
Plugin Information:
Ports

34196 - Google Chrome Detection (Windows)

Synopsis
The remote Windows host contains a web browser.
Description
Google Chrome, a web browser from Google, is installed on the remote Windows host.
See Also
https://www.google.com/chrome/
Solution
N/A
Risk Factor
None
References
Exploitable with
Plugin Information:
Ports
Path : C:\Program Files\Google\Chrome\Application

Version : 120.0.6099.224
Note that Nessus only looked in the registry for evidence of Google
Chrome. If there are multiple users on this host, you may wish to
enable the 'Perform thorough tests' setting and re-scan. This will
cause Nessus to scan each local user's directory for installs.

Synopsis
Description
151
See Also
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
Ports


Nessus was able to find 31 open ports.












152













Synopsis
Description
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
Ports
The Win32 process 'DPMRA.exe' is listening on this port (pid 6272).
This process 'DPMRA.exe' (pid 6272) is hosting the following Windows services :
DPMRA (DPMRA)
153
The Win32 process 'DPMRA.exe' is listening on this port (pid 6272).
This process 'DPMRA.exe' (pid 6272) is hosting the following Windows services :
DPMRA (DPMRA)
154
The Win32 process 'vmms.exe' is listening on this port (pid 3496).
This process 'vmms.exe' (pid 3496) is hosting the following Windows services :
vmms (@%systemroot%\system32\vmms.exe,-10)
The Win32 process 'SenseNdr.exe' is listening on this port (pid 10920).
The Win32 process 'spoolsv.exe' is listening on this port (pid 2996).
This process 'spoolsv.exe' (pid 2996) is hosting the following Windows services :
Spooler (@%systemroot%\system32\spoolsv.exe,-1)
155
The Win32 process 'chrome.exe' is listening on this port (pid 8672).

Synopsis
Description
by IEEE.
See Also
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
Ports
00:22:48:5A:CB:6D : Microsoft Corporation

Synopsis
156
Description
Solution
Risk Factor
None
Exploitable with
Plugin Information:
Ports

Synopsis
Description
See Also
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
Ports
42873 - SSL Medium Strength Cipher Suites Supported (SWEET32)

Synopsis
The remote service supports the use of medium strength SSL ciphers.
Description
157
The remote host supports the use of SSL ciphers that offer medium strength encryption. Nessus regards medium
strength as any encryption that uses key lengths at least 64 bits and less than 112 bits, or else that uses the 3DES
encryption suite.
Note that it is considerably easier to circumvent medium strength encryption if the attacker is on the same physical
network.
See Also
https://www.openssl.org/blog/blog/2016/08/24/sweet32/
https://sweet32.info
Solution
Reconfigure the affected application if possible to avoid use of medium strength ciphers.
Risk Factor
Medium
6.1
7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
CVSS Base Score
5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)
References
CVE CVE-2016-2183
Exploitable with
Plugin Information:
Ports

MAC
---------------------- ---------- --- ---- ---------------------
---
SHA1
{Cipher ID code}
Kex={key exchange}
{export flag}
Synopsis
Description
Solution
158
N/A
Risk Factor
None
Exploitable with
Plugin Information:
Ports
42898 - SMB Registry : Stop the Registry Service after the scan (WMI)
Synopsis
The registry service was stopped after the scan.
Description
(RemoteRegistry). If the service is down and if Nessus automatically enabled the registry for the duration of the scan,
this plugins will stop it afterwards.
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
Ports
The registry service was successfully stopped after the scan.
43815 - NetBIOS Multiple IP Address Enumeration

Synopsis
The remote host is configured with multiple IP addresses.
Description
By sending a special NetBIOS query, Nessus was able to detect the use of multiple IP addresses on the remote host.
This indicates the host may be running virtualization software, a VPN client, or has multiple network interfaces.
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
Ports
The remote host appears to be using the following IP addresses :
159
- 192.168.33.8
- 169.254.206.161

Synopsis
Description
Solution
Risk Factor
None
References
Exploitable with
Plugin Information:
Ports


Service name : BFE

Dependencies : RpcEptMapper/DcomLaunch/RpcSs/
CDPSvc startup parameters :

Display name : Connected Devices Platform Service
Service name : CDPSvc
Executable path : C:\Windows\system32\svchost.exe -k LocalService -p
Dependencies : ncbservice/RpcSS/Tcpip/
CDPUserSvc_f1ae37a startup parameters :

Display name : Connected Devices Platform User Service_f1ae37a
Service name : CDPUserSvc_f1ae37a
Executable path : C:\Windows\system32\svchost.exe -k UnistackSvcGroup
CoreMessagingRegistrar startup parameters :

Display name : CoreMessaging
Service name : CoreMessagingRegistrar
Executable path : C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork -p
Dependencies : rpcss/
160
CryptSvc startup parameters :
Display name : Cryptographic Services
Service name : CryptSvc
Log on as : NT Authority\NetworkService
Executable path : C:\Windows\system32\svchost.exe -k NetworkService -p
DPS startup parameters :

Display name : Diagnostic Policy Service
Service name : DPS
Executable path : [...]

Synopsis
Description
See Also
Solution
N/A
Risk Factor
None
References
Exploitable with
Plugin Information:
Ports

- Enhanced Storage
- File Server
- File and iSCSI Services
- Hyper-V
- Hyper-V GUI Management Tools
- Hyper-V Management Tools
- Hyper-V Module for Windows PowerShell
- Remote Server Administration Tools
- Role Administration Tools
- Storage Services
- TCP Port Sharing
- WCF Services
- Windows Defender Antivirus
- Windows PowerShell ISE
161
- WoW64 Support
- XPS Viewer

Synopsis
Description
See Also
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
Ports
cpe:/o:microsoft:windows_server_2019:::x64-datacenter -> Microsoft Windows Server 2019
cpe:/a:google:chrome:120.0.6099.224 -> Google Chrome

cpe:/a:microsoft:.net_framework:4.7.2 -> Microsoft .NET Framework
Connection
Endpoint Protection
x-cpe:/a:qualys:cloud_agent_for_windows:5.4.0.10

Synopsis
Description
See Also
Solution
N/A
Risk Factor
162
None
Exploitable with
Plugin Information:
Ports

- UUID : 69CD5590-FE34-4A28-B3B5-5111E44CDBBE

Synopsis
Description
See Also
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
Ports


Synopsis
remote system.
Description
Solution
N/A
Risk Factor
163
None
Exploitable with
Plugin Information:
Ports
Architecture = x64
Build lab extended = 17763.1.amd64fre.rs5_release.180914-1434

Synopsis
Description
See Also
cc708554(v=ws.10)
cc708449(v=ws.10)
Solution
Risk Factor
None
Exploitable with
Plugin Information:
Ports
AUOptions : 7
NoAutoUpdate : 0
164

Synopsis
Description
See Also
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
Ports
+ DriveLetter D:

- DeviceID : \\?\Volume{69cd5590-0000-0000-0000-100000000000}\
- Size : 32.00 GB
+ DriveLetter C:

- DeviceID : \\?\Volume{77c6a0d2-d5c3-4de6-81b5-22067350ce14}\
- Size : 2047.45 GB

Synopsis
Description
authority.
165
remote host.
See Also
Solution
Risk Factor
Medium
CVSS Base Score
Exploitable with
Plugin Information:
Ports

|-Subject : CN=LKAZBackupResto.adl.local
|-Issuer : CN=LKAZBackupResto.adl.local

Synopsis
Description
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
Ports
Hostname : LKAZBACKUPRESTO
LKAZBACKUPRESTO (WMI)
166
Synopsis
Description
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
Ports
This port supports TLSv1.0/TLSv1.1/TLSv1.2.

Synopsis
the key is stolen.
Description
See Also
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
Ports

MAC
---------------------- ---------- --- ---- ---------------------
---
DHE-RSA-AES128-SHA256 0x00, 0x9E DH RSA AES-GCM(128)
SHA256
DHE-RSA-AES256-SHA384 0x00, 0x9F DH RSA AES-GCM(256)
SHA384
167
SHA256
SHA384
SHA1
SHA1
SHA256
SHA384
{Cipher ID code}
Kex={key exchange}
{export flag}

Synopsis
Description
the remote host.
Solution
Risk Factor
Medium
CVSS Base Score
Exploitable with
Plugin Information:
Ports

|-Subject : CN=LKAZBackupResto.adl.local
57608 - SMB Signing not required

Synopsis
Signing is not required on the remote SMB server.
Description
Signing is not required on the remote SMB server. An unauthenticated, remote attacker can exploit this to conduct
man-in-the-middle attacks against the SMB server.
See Also
168
http://www.nessus.org/u?df39b8b3
http://technet.microsoft.com/en-us/library/cc731957.aspx
https://www.samba.org/samba/docs/current/man-html/smb.conf.5.html
http://www.nessus.org/u?a3cac4ea
Solution
Enforce message signing in the host's configuration. On Windows, this is found in the policy setting 'Microsoft network
server: Digitally sign communications (always)'. On Samba, the setting is called 'server signing'. See the 'see also'
links for further details.
Risk Factor
Medium
5.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
4.6 (E:U/RL:O/RC:C)
CVSS Base Score
5.0 (AV:N/AC:L/Au:N/C:N/I:P/A:N)
CVSS Temporal Score
Exploitable with
Plugin Information:
Ports
Synopsis
Description
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
Ports
Interface: {7a2c4c62-8c76-4d03-be10-7e780bb63f76}
NameServer: 192.168.20.240,192.168.33.4,192.168.20.239
169
Synopsis
Description
Solution
security policies.
Risk Factor
None
Exploitable with
Plugin Information:
Ports
60119 - Microsoft Windows SMB Share Permissions Enumeration

Synopsis
It was possible to enumerate the permissions of remote network shares.
Description
By using the supplied credentials, Nessus was able to enumerate the permissions of network shares. User
permissions are enumerated for each network share that has a list of access control entries (ACEs).
See Also
https://technet.microsoft.com/en-us/library/bb456988.aspx
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
Ports
Share path : \\LKAZBACKUPRESTO\MTATempStore$

Local path : C:\Program Files\Microsoft Data Protection Manager\DPM\Temp\MTA\.
[*] Allow ACE for BUILTIN\Administrators (S-1-5-32-544): 0x001f01ff
FILE_GENERIC_READ: YES
FILE_GENERIC_WRITE: YES
FILE_GENERIC_EXECUTE: YES
[*] Allow ACE for NT AUTHORITY\SYSTEM (S-1-5-18): 0x001f01ff
170
[*] Allow ACE for LKAZBackupResto\DPMRADCOMTrustedMachines
(S-1-5-21-1965139271-2296524897-3907604036-1000): 0x001f01ff

Synopsis
Description
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
Ports

remote system :
KB4589208, Installed on: 2023/10/29

KB5005112, Installed on: 2023/10/29
KB5011574, Installed on: 2022/04/04
KB5012128
KB5012647, Installed on: 2022/04/04
KB5020374, Installed on: 2023/10/29
KB5022511
KB5022840, Installed on: 2023/10/29
KB5029931
KB5030214, Installed on: 2023/10/29
KB5030505, Installed on: 2023/10/29
KB5031005
KB5031361, Installed on: 2023/11/22
KB5031589, Installed on: 2023/11/21

Synopsis
Description
See Also
Solution
Risk Factor
None
Exploitable with
Plugin Information:
171
Ports
Data : Ui
Raw data : 9055cd690000100000000000
Data : DMIO:ID:wM"sP
Raw data : 444d494f3a49443ad2a0c677c3d5e64d81b522067350ce14
Name : \??\volume{2ed37b6d-cd1d-11ec-9620-806e6f6e6963}
Data : \??\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#000002#{53f5630d-
b6bf-11d0-94f2-00a0c91efb8b}
Raw data :
5c003f003f005c00530043005300490023004300640052006f006d002600560065006e005f004d007300660074002600500072006f006

Synopsis
Description
See Also
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
Ports

Version : unknown

Synopsis
Description
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
172
Ports
Product key : XXXXX-XXXXX-XXXXX-XXXXX-63DFG

Synopsis
Description
'netstat' command.
in scan settings.
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
Ports
Synopsis
Description
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
Ports
Subject Name:
Common Name: LKAZBackupResto.adl.local
Issuer Name:
Serial Number: 74 3B B6 C9 C1 21 DF 87 47 8F 72 8C 5D DD 88 0A
Version: 3
Not Valid Before: Dec 20 18:09:05 2023 GMT
173
Not Valid After: Jun 20 18:09:05 2024 GMT
Public Key Info:

Public Key: 00 B7 76 3B 47 CD 2A F6 CB AE 66 B5 DE 02 02 90 12 A0 D7 F6
96 B9 72 8F 95 40 AA 76 87 47 A5 B7 FB 88 09 04 E7 AD 15 2E
24 A7 BB 47 F7 D0 E4 13 E3 63 C1 34 0F 70 93 65 E8 4D DF 06
E1 48 F8 DA E5 D6 C3 EF 0A 0B F5 E9 F7 60 F5 D1 73 67 5E F2
A7 EA AF B9 49 1D 5F C9 DE 41 0E 7D EC D4 00 33 21 F0 C4 EB
B5 1E BD B7 55 FA 4F 9B AB 6B 1E 4C B1 26 53 9F 3E 83 0C 3D
8A 4A 26 8B 8F 90 97 BF 9C 0A 21 6C 4E 47 E8 20 3D 83 D8 65
BA D9 69 CB 7A CC 6C 3E 79 FA 9F 2D 89 9D 51 64 A1 4A 69 77
E0 8A 3F F4 BF 19 7C EE 66 52 B8 63 B1 94 81 9D 84 AC 42 28
EC C5 A1 F4 2A 4A DB B0 74 FD 4A C0 31 55 29 56 CA 02 B1 56
3B 70 C9 BC 79 4B 6D A4 A9 24 83 BD 34 BD 19 66 37 85 4E EE
45 DB 7F FF 23 C1 CA E0 25 11 33 15 DF A7 B6 A9 FC 37 FB 3D
00 AD F8 92 B3 E7 81 85 BE CC 80 F0 A8 13 18 A4 1D
Exponent: 01 00 01

Signature: 00 43 98 39 52 E4 64 7B B3 EA F5 EB 11 93 D8 FA C7 0B D4 55
80 25 DD C0 6F 9C 9D 16 F7 F7 1E 67 36 12 6D E9 91 77 29 D7
78 90 7B 47 54 DF B8 D4 73 95 E3 48 D1 DE C2 8C 48 88 66 87
FE BA D4 99 23 3B EF 71 FE 1D E9 66 6A B7 F2 C8 9D DA F7 82
5C F9 CF 37 01 DE EF F7 51 63 4A 7A B4 E2 AD 67 DB 7A 1C C9
4C 3A 6E BF 63 E6 6A AF C9 9B 1A D3 BE 9D 7F 7A 92 CA A8 80
E5 0A 35 80 46 79 FA 49 D8 72 A1 43 E5 A3 D2 78 94 3A 6F EF
EB 01 63 E3 5D F6 73 12 49 13 ED 42 38 1C 40 5A 5E 31 B6 EF
3E 4D 78 53 5C 8E 41 A8 9E F1 E5 27 2A 71 29 9D A8 A3 DE F4
[...]

Synopsis
Description
Solution
Risk Factor
None
Exploitable with
Plugin Information:
Ports

- KB5033904
- KB5031984
[ Curl 7.84 <= 8.2.1 Header DoS (CVE-2023-38039) (181409) ]
+ Action to take : Upgrade Curl to version 8.3.0 or later
[ Google Chrome < 120.0.6099.225 Multiple Vulnerabilities (188161) ]
174
+ Action to take : Upgrade to Google Chrome version 120.0.6099.225 or later.

Synopsis
Description
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
Ports
Process Overview :
SID: Process (PID)
0 : |- System (4)
0 : |- smss.exe (480)
0 : Registry (100)
0 : cmd.exe (1712)
0 : |- powershell.exe (6832)
0 : GoogleCrashHandler64.exe (5276)
0 : Secure System (56)
0 : GoogleCrashHandler.exe (6224)
3 : winlogon.exe (6636)
3 : |- LogonUI.exe (7388)
3 : |- fontdrvhost.exe (7940)
3 : |- dwm.exe (8180)
0 : csrss.exe (740)
3 : explorer.exe (7656)
3 : |- notepad.exe (10592)
3 : |- chrome.exe (8672)
3 : |- chrome.exe (10176)
3 : |- chrome.exe (5404)
3 : |- chrome.exe (6792)
3 : |- chrome.exe (6844)
3 : |- chrome.exe (7632)
3 : |- chrome.exe (8312)
3 : |- chrome.exe (9192)
3 : |- iexplore.exe (8708)
3 : |- iexplore.exe (7460)
0 : |- QualysAgent.exe (10104)
0 : |- svchost.exe (10184)
0 : |- MMAExtensionHeartbeatService.exe (11220)
3 : |- TabTip.exe (10432)
3 : |- TabTip.exe (7588)
3 : |- TabTip32.exe (2244)
175
3 : |- ctfmon.exe (9208)
0 : |- vmcompute.exe (128)
3 : |- rdpinput.exe (636)
0 : |- MsMpEng.exe (1652)
[...]

Synopsis
Description
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
Ports
Process_Modules_192.168.33.8.csv : lists the loaded modules for each process.

Synopsis
subsequent ones.
Description
used improperly.
See Also
176
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
Ports

MAC
---------------------- ---------- --- ---- ---------------------
---
SHA1

MAC
---------------------- ---------- --- ---- ---------------------
---
SHA1
SHA1
SHA1
SHA1
SHA256
SHA384
RSA-AES128-SHA256 0x00, 0x3C RSA RSA AES-CBC(128)
SHA256
RSA-AES256-SHA256 0x00, 0x3D RSA RSA AES-CBC(256)
SHA256
{Cipher ID code}
Kex={key exchange}
{export flag}

Synopsis
Description
Solution
N/A
177
Risk Factor
None
Exploitable with
Plugin Information:
Ports
Group Name : Access Control Assistance Operators
Host Name : LKAZBACKUPRESTO
Group SID : S-1-5-32-579
Members :

Group SID : S-1-5-32-544
Members :
Name : azadmin
Domain : LKAZBackupResto
SID : S-1-5-21-1965139271-2296524897-3907604036-500
Domain : ADL
Class : Win32_Group
SID :
Group Name : Backup Operators

Group SID : S-1-5-32-551
Members :
Group Name : Certificate Service DCOM Access

Group SID : S-1-5-32-574
Members :
Group Name : Cryptographic Operators

Group SID : S-1-5-32-569
Members :
Group Name : Device Owners

Group SID : S-1-5-32-583
Members :
Group Name : Distributed COM Users

Group SID : S-1-5-32-562
Members :
Name : LKBACKUP$
Domain : ADL
SID :
Group Name : Event Log Readers

Group SID : S-1-5-32-573
Members :
Group Name : Guests

Group SID : S-1-5-32-546
Members :
Name : Guest
SID : S-1-5-21-1965139271-2296524897-3907604036-501
Group Name : Hyper-V Administrators
178
Group SID : S-1-5-32-578
Members :
Group Name : IIS_IUSRS

Group SID : S-1-5-32-568
Members :
Name : IUSR
Domain : LKAZBACKUPRESTO
SID : S-1-5-17
Group Name : Network Configuration Operators

Group SID : S-1-5-32-556
Members :
Group Name : Performance Log Users

Group SID : S-1-5-32-559
Members :
Group Name : Performance Monitor Users

Group SID : S-1-5-32-558
Members :
Group Name : Power Users

Host Name : [...]

Synopsis
Description
See Also
Solution
N/A
Risk Factor
None
References
Exploitable with
Plugin Information:
Ports
Version : 11.1790.17763.0

Synopsis
Description
See Also
179
Solution
N/A
Risk Factor
None
References
Exploitable with
Plugin Information:
Ports


Synopsis
Description
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
Ports
Name : azadmin
SID : S-1-5-21-1965139271-2296524897-3907604036-500
Disabled : False
Lockout : False
Source : Local
Name : DefaultAccount
SID : S-1-5-21-1965139271-2296524897-3907604036-503
Disabled : True
Lockout : False
Source : Local
Name : Guest
SID : S-1-5-21-1965139271-2296524897-3907604036-501
Disabled : True
Lockout : False
Change password : False
Source : Local
180
Name : Honeuser
SID : S-1-5-21-1965139271-2296524897-3907604036-1003
Disabled : False
Lockout : False
Source : Local
Name : WDAGUtilityAccount
SID : S-1-5-21-1965139271-2296524897-3907604036-504
Disabled : True
Lockout : False
Source : Local
No. Of Users : 5

Synopsis
Description
See Also
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
Ports
Type : Admin Groups

Is Enabled : False
Type : User Groups

Is Enabled : False

Synopsis
Description
See Also
dd759117(v=ws.11)
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
181
Ports

Exe Rules
Mode : Audit
Description :
Script Rules
Mode : Audit
Description :
Msi Rules
Mode : Audit
Description :

Synopsis
Description
a CSV attachment.
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
Ports
HKLM\SOFTWARE\Policies\Microsoft\Windows\SrpV2\Exe\04db5032-64ac-4eb8-9808-09d5f9502c57\value :
<FilePathRule Id="04db5032-64ac-4eb8-9808-09d5f9502c57" Name="(Default Rule) All Exe's"
HKLM\SOFTWARE\Policies\Microsoft\Windows\SrpV2\Msi\668be2ac-faa0-4462-a44f-1decb7af26c8\value :
<FilePathRule Id="668be2ac-faa0-4462-a44f-1decb7af26c8" Name="(Default Rule) All Msi's"
182
HKLM\SOFTWARE\Policies\Microsoft\Windows\SrpV2\Script\08d31ed6-bb3d-425f-97be-50907743ba36\value :
<FilePathRule Id="08d31ed6-bb3d-425f-97be-50907743ba36" Name="(Default Rule) All Script's"
HKLM\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\SrpV2\Exe
\04db5032-64ac-4eb8-9808-09d5f9502c57\value : <FilePathRule
Id="04db5032-64ac-4eb8-9808-09d5f9502c57" Name="(Default Rule) All Exe's" Description=""
UserOrGroupSid="S-1-1-0" Action="Allow"><Conditions><FilePathCondition [...]

Synopsis
Description
Solution
N/A
Risk Factor
None
References
Exploitable with
Plugin Information:
Ports
processor_level : 6
username : SYSTEM
os : Windows_NT
processor_revision : 4f01
\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files\Microsoft Data
Protection Manager\DPM\bin\VDDK\bin\
psmodulepath : %ProgramFiles%\WindowsPowerShell\Modules;%SystemRoot%\system32\WindowsPowerShell
\v1.0\Modules;C:\Program Files\Microsoft Monitoring Agent\Agent\PowerShell\

- S-1-5-21-1965139271-2296524897-3907604036-1003

Synopsis
Description
183
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
Ports
MD5: 3688374325b992def12793500307566d
SHA-1: 4bed0823746a2a8577ab08ac8711b79770e48274

Synopsis
Description
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
Ports
Last reboot : 2023-11-22T11:36:23+05:30 (20231122113623.500000+330)

Synopsis
Description
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
Ports
184
RemoteSigned

Synopsis
Description
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
Ports

Synopsis
Description
attachment.
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
Ports
169.254.255.255 : ff-ff-ff-ff-ff-ff
224.0.0.22 : 01-00-5e-00-00-16
224.0.0.251 : 01-00-5e-00-00-fb
224.0.0.252 : 01-00-5e-00-00-fc
239.255.255.250 : 01-00-5e-7f-ff-fa
255.255.255.255 : ff-ff-ff-ff-ff-ff
169.254.169.254 : 12-34-56-78-9a-bc
192.168.33.1 : 12-34-56-78-9a-bc
192.168.33.4 : 12-34-56-78-9a-bc
185
192.168.33.10 : 12-34-56-78-9a-bc
192.168.33.11 : 12-34-56-78-9a-bc
192.168.33.255 : ff-ff-ff-ff-ff-ff
224.0.0.22 : 01-00-5e-00-00-16
224.0.0.251 : 01-00-5e-00-00-fb
224.0.0.252 : 01-00-5e-00-00-fc
239.255.255.250 : 01-00-5e-7f-ff-fa

Synopsis
Description
attachment.
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
Ports
lkazdc01.adl.local
lkbackup.adl.local

Synopsis
Description
CSV attachment.
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
Ports
nbtstat_local.csv:
192.168.33.8,LKAZBACKUPRESTO,<00>,UNIQUE,Registered,00:22:48:5A:CB:6D
192.168.33.8,ADL,<00>,GROUP,Registered,00:22:48:5A:CB:6D
192.168.33.8,LKAZBACKUPRESTO,<20>,UNIQUE,Registered,00:22:48:5A:CB:6D
169.254.206.161,LKAZBACKUPRESTO,<00>,UNIQUE,Registered,00:15:5D:21:08:03
169.254.206.161,ADL,<00>,GROUP,Registered,00:15:5D:21:08:03
169.254.206.161,LKAZBACKUPRESTO,<20>,UNIQUE,Registered,00:15:5D:21:08:03
186
Synopsis
Description
attachment.
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
Ports
vaadmin

Synopsis
Description
See Also
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
Ports

Synopsis
Description
See Also
187
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
Ports

Synopsis
Description
See Also
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
Ports
@%systemroot%\system32\firewallapi.dll,-3400 : COM+ Network Access
Stopping or disabling the BFE service will significantly reduce the security of the system. It
will also result in unpredictable behavior in IPsec management and firewall applications.
c:\windows\system32,@elscore.dll,-8 : Microsoft Malayalam to Latin Transliteration
@%systemroot%\system32\userdataaccessres.dll,-14000 : Provides apps access to structured user
data, including contact info, calendars, messages, and other content. If you stop or disable this
service, apps that use this data might not work correctly.
@%systemroot%\system32\tieringengineservice.exe,-701 : Optimizes the placement of data in storage
tiers on all tiered storage spaces in the system.
@%systemroot%\system32\cscsvc.dll,-201 : The Offline Files service performs maintenance activities
on the Offline Files cache, responds to user logon and logoff events, implements the internals of
the public API, and dispatches interesting events to those interested in Offline Files activities
and changes in cache state.
@%systemroot%\system32\wevtsvc.dll,-201 : This service manages events and event logs. It supports
logging events, querying events, subscribing to events, archiving event logs, and managing event
metadata. It can display events in both XML and plain text format. Stopping this service may
compromise security and reliability of the system.
@%systemroot%\system32\sysmain.dll,-1001 : Maintains and improves system performance over time.
@%systemroot%\system32\wecsvc.dll,-201 : This service manages persistent subscriptions to events
from remote sources that support WS-Management protocol. This includes Windows Vista event logs,
188
hardware and IPMI-enabled event sources. The service stores forwarded events in a local Event
Log. If this service is stopped or disabled event subscriptions cannot be [...]

Synopsis
Description
- AppData
- Cache
- CD Burning
- Cookies
- Desktop
- Favorites
- Fonts
- History
- Local AppData
- My Music
- My Pictures
- My Video
- NetHood
- Personal
- PrintHood
- Programs
- Recent
- SendTo
- Start Menu
- Startup
- Templates
See Also
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
Ports
Honeuser
- {7d1d3a04-debb-4115-95cf-2f29da2920da} : C:\Users\Honeuser\Searches
- {1b3ea5dc-b587-4786-b4ef-bd1dc332aeae} : C:\Users\Honeuser\AppData\Roaming\Microsoft\Windows
\Libraries
- {374de290-123f-4565-9164-39c4925e467b} : C:\Users\Honeuser\Downloads
- recent : C:\Users\Honeuser\AppData\Roaming\Microsoft\Windows\Recent
- my video : C:\Users\Honeuser\Videos
- my music : C:\Users\Honeuser\Music
- {56784854-c6cb-462b-8169-88e350acb882} : C:\Users\Honeuser\Contacts
- {bfb9d5e0-c6a9-404c-b2b2-ae6db6af4968} : C:\Users\Honeuser\Links
- {a520a1a4-1780-4ff6-bd18-167343c5af16} : C:\Users\Honeuser\AppData\LocalLow
- sendto : C:\Users\Honeuser\AppData\Roaming\Microsoft\Windows\SendTo
- start menu : C:\Users\Honeuser\AppData\Roaming\Microsoft\Windows\Start Menu
- cookies : C:\Users\Honeuser\AppData\Local\Microsoft\Windows\INetCookies
- personal : C:\Users\Honeuser\Documents
- administrative tools : C:\Users\Honeuser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs
\Administrative Tools
- startup : C:\Users\Honeuser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
- nethood : C:\Users\Honeuser\AppData\Roaming\Microsoft\Windows\Network Shortcuts
189
- history : C:\Users\Honeuser\AppData\Local\Microsoft\Windows\History
- {4c5c32ff-bb9d-43b0-b5b4-2d72e54eaaa4} : C:\Users\Honeuser\Saved Games
- {00bcfc5a-ed94-4e48-96a1-3f6217f21990} : C:\Users\Honeuser\AppData\Local\Microsoft\Windows
\RoamingTiles
instead
- local appdata : C:\Users\Honeuser\AppData\Local
- my pictures : C:\Users\Honeuser\Pictures
- templates : C:\Users\Honeuser\AppData\Roaming\Microsoft\Windows\Templates
- printhood : C:\Users\Honeuser\AppData\Roaming\Microsoft\Windows\Printer Shortcuts
- cache : C:\Users\Honeuser\AppData\Local\Microsoft\Windows\INetCache
- desktop : C:\Users\Honeuser\Desktop
- programs : C:\Users\Honeuser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs
- fonts : [...]
92433 - Terminal Services History

Synopsis
Nessus was able to gather terminal service connection information.
Description
Nessus was able to generate a report on terminal service connections on the target system.
See Also
http://www.nessus.org/u?15f94efb
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
Ports
Terminal Services Client
- Honeuser
Terminal Services Server

- Honeuser
- S-1-5-18
- S-1-5-21-1965139271-2296524897-3907604036-1003_Classes
Extended Terminal Services report attached.

Synopsis
Description
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
190
Ports
C:\\Users\Atheeq_106273a\Downloads\desktop.ini
C:\\Users\azadmin.ADL\Downloads\desktop.ini
C:\\Users\Honeuser\Downloads\desktop.ini
C:\\Users\Thilaksha_106310a\Downloads\dotnet-sdk-6.0.417-win-x64.exe

Synopsis
Description
executed.
See Also
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
Ports
{9e3995ab-1f9c-4f13-b827-48b24b6c7174}\taskbar\google chrome.lnk
microsoft.windows.controlpanel
c:\users\public\desktop\google chrome.lnk
microsoft.internetexplorer.default
microsoft.windows.cortana_cw5n1h2txyewy!cortanaui
microsoft.windows.remotedesktop
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\notepad.exe
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\cmd.exe
{9e3995ab-1f9c-4f13-b827-48b24b6c7174}\taskbar\internet explorer.lnk
{a77f5d77-2e2b-44c3-a6a2-aba601054a51}\accessories\notepad.lnk
{a77f5d77-2e2b-44c3-a6a2-aba601054a51}\system tools\command prompt.lnk
ueme_ctlsession
microsoft.windows.shellexperiencehost_cw5n1h2txyewy!app
{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\accessories\remote desktop connection.lnk
chrome

Synopsis
191
Description
See Also
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
Ports

Cumulative Rollup : 06_2021_07_01
192

File version : 10.0.17763.4974
Associated KB : [...]
96533 - Chrome Browser Extension Enumeration

Synopsis
One or more Chrome browser extensions are installed on the remote host.
Description
Nessus was able to enumerate Chrome browser extensions installed on the remote host.
See Also
https://chrome.google.com/webstore/category/extensions
Solution
Make sure that the use and configuration of these extensions comply with your organization's acceptable use and
security policies.
Risk Factor
None
References
Exploitable with
Plugin Information:
Ports
User : Ashan_105704a
|- Browser : Chrome
Name : Google Docs Offline

Description : Edit, create, and view your documents, spreadsheets, and presentations — all
without internet access.
Version : 1.53.0
Update Date : Feb. 15, 2023 at 05:01:22 GMT
Path : C:\Users\Ashan_105704a\AppData\Local\Google\Chrome\User Data\Default\Extensions

Version : 1.58.4
Update Date : Mar. 6, 2023 at 02:16:08 GMT

193
Version : 1.60.0
Update Date : Mar. 30, 2023 at 15:51:32 GMT
Name : Chrome Web Store Payments

Description : Chrome Web Store Payments
Version : 1.0.0.6
Update Date : Feb. 15, 2023 at 05:01:23 GMT
\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0
User : Atheeq_106273a
|- Browser : Chrome

Version : 1.66.0
Update Date : Oct. 6, 2023 at 03:49:42 GMT
Path : C:\Users\Atheeq_106273a\AppData\Local\Google\Chrome\User Data\Default\Extensions
Name : Chrome Web Store Payments

Description : Chrome Web Store Payments
Version : [...]

Synopsis
Description
See Also
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
Ports
Path : C:\Windows\Microsoft.NET\Framework\v4.0.30319\diasymreader.dll
Version : 14.7.4063.0
.NET Version : 4.7.2

Synopsis
Description
port 139 or 445.
Solution
194
N/A
Risk Factor
None
Exploitable with
Plugin Information:
Ports

SMBv2

Synopsis
Description
Windows host.
Solution
policies.
Risk Factor
None
References
Exploitable with
Plugin Information:
Ports








195

Synopsis
The remote service encrypts traffic using an older version of TLS.
Description
The remote service accepts connections encrypted using TLS 1.0. TLS 1.0 has a number of cryptographic design
flaws. Modern implementations of TLS 1.0 mitigate these problems, but newer versions of TLS like 1.2 and 1.3 are
designed against these flaws and should be used whenever possible.
As of March 31, 2020, Endpoints that aren’t enabled for TLS 1.2 and higher will no longer function properly with major
web browsers and major vendors.
PCI DSS v3.2 requires that TLS 1.0 be disabled entirely by June 30, 2018, except for POS POI terminals (and the
SSL/TLS termination points to which they connect) that can be verified as not being susceptible to any known exploits.
See Also
https://tools.ietf.org/html/draft-ietf-tls-oldversions-deprecate-00
Solution
Enable support for TLS 1.2 and 1.3, and disable support for TLS 1.0.
Risk Factor
Medium
6.5 (AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N)
CVSS Base Score
6.1 (AV:N/AC:H/Au:N/C:C/I:P/A:N)
References
XREF CWE-327
Exploitable with
Plugin Information:
Ports
TLSv1 is enabled and the server supports at least one cipher.
Synopsis
Description
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
Ports
196

2.0.2 Windows 2008
2.1 Windows 7
3.0 Windows 8
3.0.2 Windows 8.1
3.1.1 Windows 10
3.1 Windows 10

Synopsis
Description
intermittently.
Solution
N/A
Risk Factor
None
References
Exploitable with
Plugin Information:
Ports
User: 'adl\vaadmin'
Port: 445
Proto: SMB
Method: password
197
Synopsis
Description
See Also
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
Ports

Version : 1.4

Synopsis
Description
Solution
N/A
Risk Factor
None
References
Exploitable with
Plugin Information:
Ports
Protocol : SMB

Synopsis
Description
198
TLS 1.1 lacks support for current and recommended cipher suites.
Ciphers that support encryption before MAC computation, and authenticated encryption modes such as GCM cannot
be used with TLS 1.1
As of March 31, 2020, Endpoints that are not enabled for TLS 1.2 and higher will no longer function properly with
major web browsers and major vendors.
See Also
https://tools.ietf.org/html/draft-ietf-tls-oldversions-deprecate-00
http://www.nessus.org/u?c8ae820d
Solution
Enable support for TLS 1.2 and/or 1.3, and disable support for TLS 1.1.
Risk Factor
None
References
XREF CWE-327
Exploitable with
Plugin Information:
Ports

Synopsis
Description
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
Ports
- azadmin (id S-1-5-21-1965139271-2296524897-500, Built-in account for administering the
computer/domain, Administrator account)
- DefaultAccount (id S-1-5-21-1965139271-2296524897-503, A user account managed by the system.)
- Guest (id S-1-5-21-1965139271-2296524897-501, Built-in account for guest access to the
computer/domain, Guest account)
- Honeuser (id S-1-5-21-1965139271-2296524897-1003, Honeuser)
- WDAGUtilityAccount (id S-1-5-21-1965139271-2296524897-504, A user account managed and used by
the system for Windows Defender Application Guard scenarios.)

Synopsis
Description
199
See Also
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
Ports

Version : 4.18.23110.3
132101 - Windows Speculative Execution Configuration Check

Synopsis
The remote host has not properly mitigated a series of speculative execution vulnerabilities.
Description
The remote host has not properly mitigated a series of known speculative execution vulnerabilities. It, therefore, may
be affected by :
- Branch Target Injection (BTI) (CVE-2017-5715)
- Bounds Check Bypass (BCB) (CVE-2017-5753)
- Rogue Data Cache Load (RDCL) (CVE-2017-5754)
- Rogue System Register Read (RSRE) (CVE-2018-3640)
- Speculative Store Bypass (SSB) (CVE-2018-3639)
- L1 Terminal Fault (L1TF) (CVE-2018-3615, CVE-2018-3620, CVE-2018-3646)
- Microarchitectural Data Sampling Uncacheable Memory (MDSUM) (CVE-2019-11091)
- Microarchitectural Store Buffer Data Sampling (MSBDS) (CVE-2018-12126)
- Microarchitectural Load Port Data Sampling (MLPDS) (CVE-2018-12127)
- Microarchitectural Fill Buffer Data Sampling (MFBDS) (CVE-2018-12130)
- TSX Asynchronous Abort (TAA) (CVE-2019-11135)
See Also
http://www.nessus.org/u?8902cebb
http://www.nessus.org/u?6a005ed4
Solution
Apply vendor recommended settings.
Risk Factor
Medium
8.4
6.5 (AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N)
6.2 (E:H/RL:O/RC:C)
CVSS Base Score
200
5.4 (AV:L/AC:M/Au:N/C:C/I:P/A:N)
CVSS Temporal Score
References
CVE CVE-2019-11135
CVE CVE-2018-3646
CVE CVE-2018-3639
CVE CVE-2018-3620
CVE CVE-2018-3615
CVE CVE-2018-12130
CVE CVE-2018-12127
CVE CVE-2018-12126
CVE CVE-2017-5754
CVE CVE-2017-5753
CVE CVE-2017-5715
BID 108330
BID 105080
BID 104232
BID 102378
BID 102371
Exploitable with
Plugin Information:
Ports
Current Settings:
- SOFTWARE\Microsoft\Windows NT\CurrentVersion\Virtualization\
MinVmVersionForCpuBasedMitigations: Not Set
- SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\
FeatureSettingsOverrideMask: Not Set
FeatureSettingsOverride: Not Set
-----------------------------------
Recommended Settings 1:
MinVmVersionForCpuBasedMitigations: 1.0
FeatureSettingsOverrideMask: 0x00000003 (3)
FeatureSettingsOverride: 0x00000048 (72)
CVEs Covered:
CVE-2017-5715, CVE-2017-5753, CVE-2017-5754, CVE-2018-3615, CVE-2018-3620,
CVE-2018-12130, CVE-2019-11135
201
Note: Hyper-Threading enabled.
-----------------------------------
Recommended Settings 2:
MinVmVersionForCpuBasedMitigations: 1.0
FeatureSettingsOverrideMask: 0x00000003 (3)
FeatureSettingsOverride: 0x00002048 (8264)
CVEs Covered:
CVE-2018-12130, CVE-2019-11135
Note: Hyper-Threading disabled.

Synopsis
Description
See Also
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
Ports

Synopsis
Description
See Also
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
Ports
202
State : Installed
State : Installed
State : Installed
State : Installed
State : Installed
State : Installed
Package : Microsoft-Windows-LanguageFeatures-Speech-en-us-
State : Installed
Package : Microsoft-Windows-LanguageFeatures-TextToSpeech-en-us-
State : Installed
Package : Microsoft-Windows-MediaPlayer-Package~31bf3856ad364e35~amd64~~10.0.17763.1
State : Installed
Package : Microsoft-Windows-Security-SPP-Component-SKU-ServerDatacenter-GVLK-
State : Installed
Package : [...]

Synopsis
Description
203
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
Ports
User: 'adl\vaadmin'
Port: 445
Proto: SMB
Method: password

Synopsis
Description
host.
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
Ports
151440 - Microsoft Windows Print Spooler Service Enabled

Synopsis
Description
The Microsoft Windows Print Spooler service (spoolsv.exe) on the remote host is enabled.
See Also
204
http://www.nessus.org/u?8fc5df24
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
Ports
155963 - Windows Printer Driver Enumeration

Synopsis
Nessus was able to enumerate one or more of the printer drivers on the remote host.
Description
Nessus was able to enumerate one or more of the printer drivers on the remote host via WMI.
See Also
http://www.nessus.org/u?fab99415
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
Ports
--- Microsoft XPS Document Writer v4 ---
\ntprint.inf_amd64_2121e11a60e09843\Amd64\mxdwdrv.dll
Version : 10.0.17763.1
--- Microsoft Software Printer Driver ---
Version : 10.0.17763.1192
--- Microsoft enhanced Point and Print compatibility driver ---
Nessus detected 2 installs of Microsoft enhanced Point and Print compatibility driver:
Version : 10.0.17763.3532
Path : C:\Windows\system32\spool\DRIVERS\W32X86\3\mxdwdrv.dll
Version : 10.0.17763.3532
Supported Platform : Windows NT x86
205
--- Microsoft Print To PDF ---
Version : 10.0.17763.1
--- Microsoft Shared Fax Driver ---
Path : C:\Windows\system32\spool\DRIVERS\x64\3\FXSDRV.DLL
Version : 10.0.17763.4720
--- Remote Desktop Easy Print ---
Version : 10.0.17763.973

Synopsis
Description
TLSv1.3:
- 0x13,0x01 TLS13_AES_128_GCM_SHA256
- 0x13,0x02 TLS13_AES_256_GCM_SHA384
TLSv1.2:
See Also
Solution
Risk Factor
None
Exploitable with
Plugin Information:
Ports
below:

MAC
206
---------------------- ---------- --- ---- ---------------------
---
SHA1

MAC
---------------------- ---------- --- ---- ---------------------
---
RSA-AES128-SHA256 0x00, 0x9C RSA RSA AES-GCM(128)
SHA256
RSA-AES256-SHA384 0x00, 0x9D RSA RSA AES-GCM(256)
SHA384
SHA1
SHA1
SHA1
SHA1
SHA256
SHA384
RSA-AES128-SHA256 0x00, 0x3C RSA RSA AES-CBC(128)
SHA256
RSA-AES256-SHA256 0x00, 0x3D RSA RSA AES-CBC(256)
SHA256
{Cipher ID code}
Kex={key exchange}
{export flag}
157288 - TLS Version 1.1 Protocol Deprecated

Synopsis
Description
The remote service accepts connections encrypted using TLS 1.1. TLS 1.1 lacks support for current and
recommended cipher suites. Ciphers that support encryption before MAC computation, and authenticated encryption
modes such as GCM cannot be used with TLS 1.1
As of March 31, 2020, Endpoints that are not enabled for TLS 1.2 and higher will no longer function properly with
major web browsers and major vendors.
See Also
https://datatracker.ietf.org/doc/html/rfc8996
http://www.nessus.org/u?c8ae820d
Solution
Enable support for TLS 1.2 and/or 1.3, and disable support for TLS 1.1.
Risk Factor
Medium
6.5 (AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N)
CVSS Base Score
6.1 (AV:N/AC:H/Au:N/C:C/I:P/A:N)
References
207
XREF CWE-327
Exploitable with
Plugin Information:
Ports

Synopsis
Description
See Also
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
Ports

found.

Synopsis
Description
See Also
Solution
Risk Factor
None
Exploitable with
208
Plugin Information:
Ports

Synopsis
Description
See Also
Solution
Risk Factor
None
Exploitable with
Plugin Information:
Ports

Synopsis
Description
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
Ports
output.
(CVE-2022-30190)
Synopsis
209
Description
CVE-2022-30190.
See Also
Solution
Risk Factor
None
Exploitable with
Plugin Information:
Ports

Synopsis
Description
Solution
Risk Factor
None
Exploitable with
Plugin Information:
Ports
user:S-1-5-21-1965139271-2296524897-3907604036-1003

Synopsis
Description
210
See Also
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
Ports
Version : 11.0.17763.4974
164690 - Windows Disabled Command Prompt Enumeration

Synopsis
This plugin determines if the DisableCMD policy is enabled or disabled on the remote host for each local user.
Description
The remote host may employ the DisableCMD policy on a per user basis. Enumerated local users may have the
following registry key:
'HKLM\Software\Policies\Microsoft\Windows\System\DisableCMD'
- Unset or 0: The command prompt is enabled normally.
- 1: The command promt is disabled.
- 2: The command prompt is disabled however windows batch processing is allowed.
See Also
http://www.nessus.org/u?b40698bc
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
Ports
Username: DefaultAccount
SID: S-1-5-21-1965139271-2296524897-3907604036-503
DisableCMD: Unset
Username: azadmin
SID: S-1-5-21-1965139271-2296524897-3907604036-500
DisableCMD: Unset
Username: Honeuser
SID: S-1-5-21-1965139271-2296524897-3907604036-1003
DisableCMD: Unset
Username: WDAGUtilityAccount
SID: S-1-5-21-1965139271-2296524897-3907604036-504
DisableCMD: Unset
211
Username: Guest
SID: S-1-5-21-1965139271-2296524897-3907604036-501
DisableCMD: Unset

Synopsis
Description
See Also
Solution
Risk Factor
High
8.9
7.5 (E:H/RL:O/RC:C)
CVSS Base Score
CVSS Temporal Score
STIG Severity
II
References
CVE CVE-2013-3900
Exploitable with
Plugin Information:
Ports
212
registry.

Synopsis
Description
Solution
Risk Factor
None
Exploitable with
Plugin Information:
Ports
C:\Windows\system32
C:\Windows
C:\Program Files\Microsoft Data Protection Manager\DPM\bin\VDDK\bin\

Synopsis
Description
- Domain Name
- Common Name
- samAccountName
- Domain Role
- DNS Name
- Record Name
See Also
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
213
Ports
Common Name : CN=LKAZBackupResto

SamAccountName : LKAZBACKUPRESTO$
Domain Role : MemberServer
Domain : adl.local
DNS Name : LKAZBACKUPRESTO
Distinguished Name : CN=LKAZBackupResto,OU=Servers,DC=adl,DC=local
Record Name : LKAZBACKUPRESTO

Synopsis
Description
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
Ports
+ IPv4
- Address : 127.0.0.1
+ IPv6
- Address : ::1
+ vEthernet (IN)
+ IPv4
- Address : 169.254.206.161
Assign Method : dynamic
+ IPv6
- Address : fe80::abb0:a12d:9a82:e40f%9
Assign Method : dynamic
+ Ethernet
+ IPv4
- Address : 192.168.33.8

Synopsis
Description
See Also
https://curl.se/
Solution
N/A
Risk Factor
214
None
Exploitable with
Plugin Information:
Ports
Version : 8.0.1.0
Version : 8.0.1.0

Synopsis
Description
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
Ports

Synopsis
Description
version.
Solution
Risk Factor
None
Exploitable with
Plugin Information:
215
Ports
- Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030

Other Version Data
[DisplayName] :
Raw Value : Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030
[UninstallString] :
Raw Value : "C:\ProgramData\Package Cache\{ca67548a-5ebe-413a-
b50c-4b9ceb6d66c6}\vcredist_x64.exe" /uninstall
Parsed File Path : C:\ProgramData\Package Cache\{ca67548a-5ebe-413a-
b50c-4b9ceb6d66c6}\vcredist_x64.exe
Parsed File Version : 11.0.61030.0
[DisplayVersion] :
Raw Value : 11.0.61030.0
[DisplayIcon] :
Raw Value : C:\ProgramData\Package Cache\{ca67548a-5ebe-413a-
b50c-4b9ceb6d66c6}\vcredist_x64.exe,0
Parsed File Path : C:\ProgramData\Package Cache\{ca67548a-5ebe-413a-
b50c-4b9ceb6d66c6}\vcredist_x64.exe
- Microsoft Azure Backup Server DPM Protection Agent

Other Version Data
[VersionMajor] :
Raw Value : 13
[Version] :
Raw Value : 218104223
[InstallLocation] :
Raw Value : C:\Program Files\Microsoft Data Protection Manager\DPM\
[DisplayName] :
Raw Value : Microsoft Azure Backup Server DPM Protection Agent
[UninstallString] :
Raw Value : MsiExec.exe /X{96C6D546-D4C7-490C-A082-76A9D34BD7E3}
[InstallDate] :
Raw Value : 2022/05/06
[DisplayVersion] :
Raw Value : 13.0.415.0
[VersionMinor] :
Raw Value : 0
- Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030

Best [...]

Synopsis
Description
See Also
Solution
N/A
Risk Factor
None
Exploitable with
216
Plugin Information:
Ports
181409 - Curl 7.84 <= 8.2.1 Header DoS (CVE-2023-38039)

Synopsis
The remote Windows host has a program that is affected by a denial of service vulnerability.
Description
The version of Curl installed on the remote host is affected by a denial of service vulnerability due to accepting and
storing unlimited large headers.
number.
See Also
https://curl.se/docs/CVE-2023-38039.html
Solution
Upgrade Curl to version 8.3.0 or later
Risk Factor
High
4.4
6.7 (E:P/RL:O/RC:C)
CVSS Base Score
CVSS Temporal Score
STIG Severity
I
References
CVE CVE-2023-38039
Exploitable with
Plugin Information:
Ports
217
185579 - KB5032196: Windows 10 version 1809 / Windows Server 2019 Security Update (November
2023)
Synopsis
Description
- Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability (CVE-2023-36397)
- Microsoft Protected Extensible Authentication Protocol (PEAP) Remote Code Execution Vulnerability
(CVE-2023-36028)
number.
See Also
Solution
Risk Factor
Critical
9.2
9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
9.1 (E:F/RL:O/RC:C)
CVSS Base Score
CVSS Temporal Score
STIG Severity
I
References
CVE CVE-2023-38545
CVE CVE-2023-38039
CVE CVE-2023-36719
CVE CVE-2023-36705
CVE CVE-2023-36428
CVE CVE-2023-36427
CVE CVE-2023-36425
CVE CVE-2023-36424
CVE CVE-2023-36423
CVE CVE-2023-36408
218
CVE CVE-2023-36405
CVE CVE-2023-36404
CVE CVE-2023-36403
CVE CVE-2023-36402
CVE CVE-2023-36401
CVE CVE-2023-36400
CVE CVE-2023-36398
CVE CVE-2023-36397
CVE CVE-2023-36395
CVE CVE-2023-36394
CVE CVE-2023-36393
CVE CVE-2023-36392
CVE CVE-2023-36047
CVE CVE-2023-36036
CVE CVE-2023-36033
CVE CVE-2023-36028
CVE CVE-2023-36025
CVE CVE-2023-36017
CVE CVE-2023-24023
XREF MSKB-5032196
Exploitable with
Plugin Information:
Ports

- 5032196

Should be : 10.0.17763.5122
219
185887 - Security Updates for Microsoft .NET Framework (November 2023)
Synopsis
Description
- Security feature bypass in ASP.NET. An attacker can bypass the security checks that prevents an attacker from
accessing internal applications in a website. (CVE-2023-36560)
- Privilege escalation vulnerability in FTP component of .NET Framework. An attacker can inject arbitrary commands
to the FTP server. (CVE-2023-36049)
See Also
http://www.nessus.org/u?8ab9cfd4
Solution
Risk Factor
Critical
220
7.4
9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
8.5 (E:U/RL:O/RC:C)
CVSS Base Score
CVSS Temporal Score
STIG Severity
I
References
CVE CVE-2023-36560
CVE CVE-2023-36049
XREF MSKB-5032012
221
XREF MSKB-5032011
XREF MSKB-5032010
XREF MSKB-5032009
XREF MSKB-5032008
XREF MSKB-5032007
XREF MSKB-5032006
XREF MSKB-5032005
XREF MSKB-5032004
XREF MSKB-5032000
XREF MSKB-5031999
XREF MSKB-5031995
XREF MSKB-5031993
XREF MSKB-5031991
XREF MSKB-5031990
XREF MSKB-5031989
XREF MSKB-5031988
XREF MSKB-5031987
XREF MSKB-5031984
Exploitable with
Plugin Information:
Ports
Microsoft .NET Framework 4.7.2

Cumulative
- 5031984

Should be : 4.7.4076.0
186789 - KB5033371: Windows 10 version 1809 / Windows Server 2019 Security Update (December
2023)
Synopsis
Description
222
number.
See Also
Solution
Risk Factor
Critical
8.4
7.9 (E:P/RL:O/RC:C)
CVSS Base Score
CVSS Temporal Score
STIG Severity
I
References
CVE CVE-2023-36696
CVE CVE-2023-36012
CVE CVE-2023-36011
CVE CVE-2023-36006
CVE CVE-2023-36005
CVE CVE-2023-36004
CVE CVE-2023-36003
CVE CVE-2023-35644
CVE CVE-2023-35643
CVE CVE-2023-35642
CVE CVE-2023-35641
CVE CVE-2023-35639
CVE CVE-2023-35638
CVE CVE-2023-35632
CVE CVE-2023-35630
CVE CVE-2023-35628
223
CVE CVE-2023-35622
CVE CVE-2023-21740
CVE CVE-2023-20588
XREF MSKB-5033371
Exploitable with
Plugin Information:
Ports

- 5033371

Should be : 10.0.17763.5202

Synopsis
Description
See Also
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
Ports
OS Name : Microsoft Windows Server 2019 1809

Vendor : Microsoft
Release : 2019 1809
Version : 10.0.17763.4974
Role : server
Architecture : x64
224
CPE v2.3 :
Type : local
Method : SMB
Confidence : 100
187803 - KB5034127: Windows 10 version 1809 / Windows Server 2019 Security Update (January
2024)
Synopsis
Description
number.
See Also
Solution
Risk Factor
High
8.4
7.2 (E:P/RL:O/RC:C)
CVSS Base Score
CVSS Temporal Score
STIG Severity
I
References
CVE CVE-2024-21320
CVE CVE-2024-21316
CVE CVE-2024-21314
CVE CVE-2024-21313
CVE CVE-2024-21311
CVE CVE-2024-21310
CVE CVE-2024-21307
CVE CVE-2024-21305
CVE CVE-2024-20700
225
CVE CVE-2024-20699
CVE CVE-2024-20698
CVE CVE-2024-20696
CVE CVE-2024-20694
CVE CVE-2024-20692
CVE CVE-2024-20691
CVE CVE-2024-20690
CVE CVE-2024-20687
CVE CVE-2024-20683
CVE CVE-2024-20682
CVE CVE-2024-20680
CVE CVE-2024-20674
CVE CVE-2024-20666
CVE CVE-2024-20664
CVE CVE-2024-20663
CVE CVE-2024-20662
CVE CVE-2024-20661
CVE CVE-2024-20660
CVE CVE-2024-20658
CVE CVE-2024-20657
CVE CVE-2024-20655
CVE CVE-2024-20654
CVE CVE-2024-20653
CVE CVE-2024-20652
CVE CVE-2022-35737
XREF MSKB-5034127
Exploitable with
Plugin Information:
226
Ports

- 5034127

Should be : 10.0.17763.5328

Synopsis
Description
See Also
227
Solution
Risk Factor
High
7.1
7.9 (E:U/RL:O/RC:C)
CVSS Base Score
CVSS Temporal Score
STIG Severity
I
References
CVE CVE-2024-21312
CVE CVE-2024-0057
CVE CVE-2024-0056
CVE CVE-2023-36042
228
XREF MSKB-5033948
XREF MSKB-5033947
XREF MSKB-5033946
XREF MSKB-5033945
XREF MSKB-5033922
XREF MSKB-5033920
XREF MSKB-5033919
XREF MSKB-5033918
XREF MSKB-5033917
XREF MSKB-5033916
XREF MSKB-5033914
XREF MSKB-5033912
XREF MSKB-5033911
XREF MSKB-5033910
XREF MSKB-5033909
XREF MSKB-5033907
XREF MSKB-5033904
XREF MSKB-5033899
XREF MSKB-5033898
Exploitable with
Plugin Information:
229
Ports
Microsoft .NET Framework 4.7.2

Cumulative
- 5033904

Should be : 4.7.4081.0
188161 - Google Chrome < 120.0.6099.225 Multiple Vulnerabilities

Synopsis
A web browser installed on the remote Windows host is affected by multiple vulnerabilities.
Description
The version of Google Chrome installed on the remote Windows host is prior to 120.0.6099.225. It is, therefore,
affected by multiple vulnerabilities as referenced in the 2024_01_stable-channel-update-for-desktop_16 advisory.
- Out of bounds write in V8. (CVE-2024-0517)
- Type Confusion in V8. (CVE-2024-0518)
- Out of bounds memory access in V8. (CVE-2024-0519)
number.
See Also
http://www.nessus.org/u?88013c25
https://crbug.com/1515930
Solution
Upgrade to Google Chrome version 120.0.6099.225 or later.
Risk Factor
High
9.6 (AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H)
8.3 (E:U/RL:O/RC:C)
CVSS Base Score
CVSS Temporal Score
References
CVE CVE-2024-0519
CVE CVE-2024-0518
CVE CVE-2024-0517
Exploitable with
Plugin Information:
230
Ports
Path : C:\Program Files\Google\Chrome\Application


Synopsis
Description
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
Ports
Subject Name:
Issuer Name:
Serial Number: 74 3B B6 C9 C1 21 DF 87 47 8F 72 8C 5D DD 88 0A
Version: 3
Not Valid Before: Dec 20 18:09:05 2023 GMT

Not Valid After: Jun 20 18:09:05 2024 GMT
Public Key Info:

Public Key: 00 B7 76 3B 47 CD 2A F6 CB AE 66 B5 DE 02 02 90 12 A0 D7 F6
96 B9 72 8F 95 40 AA 76 87 47 A5 B7 FB 88 09 04 E7 AD 15 2E
24 A7 BB 47 F7 D0 E4 13 E3 63 C1 34 0F 70 93 65 E8 4D DF 06
E1 48 F8 DA E5 D6 C3 EF 0A 0B F5 E9 F7 60 F5 D1 73 67 5E F2
A7 EA AF B9 49 1D 5F C9 DE 41 0E 7D EC D4 00 33 21 F0 C4 EB
B5 1E BD B7 55 FA 4F 9B AB 6B 1E 4C B1 26 53 9F 3E 83 0C 3D
8A 4A 26 8B 8F 90 97 BF 9C 0A 21 6C 4E 47 E8 20 3D 83 D8 65
BA D9 69 CB 7A CC 6C 3E 79 FA 9F 2D 89 9D 51 64 A1 4A 69 77
E0 8A 3F F4 BF 19 7C EE 66 52 B8 63 B1 94 81 9D 84 AC 42 28
EC C5 A1 F4 2A 4A DB B0 74 FD 4A C0 31 55 29 56 CA 02 B1 56
3B 70 C9 BC 79 4B 6D A4 A9 24 83 BD 34 BD 19 66 37 85 4E EE
45 DB 7F FF 23 C1 CA E0 25 11 33 15 DF A7 B6 A9 FC 37 FB 3D
00 AD F8 92 B3 E7 81 85 BE CC 80 F0 A8 13 18 A4 1D
Exponent: 01 00 01

Signature: 00 43 98 39 52 E4 64 7B B3 EA F5 EB 11 93 D8 FA C7 0B D4 55
80 25 DD C0 6F 9C 9D 16 F7 F7 1E 67 36 12 6D E9 91 77 29 D7
78 90 7B 47 54 DF B8 D4 73 95 E3 48 D1 DE C2 8C 48 88 66 87
FE BA D4 99 23 3B EF 71 FE 1D E9 66 6A B7 F2 C8 9D DA F7 82
231
5C F9 CF 37 01 DE EF F7 51 63 4A 7A B4 E2 AD 67 DB 7A 1C C9
4C 3A 6E BF 63 E6 6A AF C9 9B 1A D3 BE 9D 7F 7A 92 CA A8 80
E5 0A 35 80 46 79 FA 49 D8 72 A1 43 E5 A3 D2 78 94 3A 6F EF
EB 01 63 E3 5D F6 73 12 49 13 ED 42 38 1C 40 5A 5E 31 B6 EF
3E 4D 78 53 5C 8E 41 A8 9E F1 E5 27 2A 71 29 9D A8 A3 DE F4
[...]

Synopsis
Description
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
Ports

Release date : 20230712000000.000000+000
UUID : 69CD5590-FE34-4A28-B3B5-5111E44CDBBE

Synopsis
Description
host.
See Also
Solution
N/A
Risk Factor
None
References
Exploitable with
Plugin Information:
Ports
232
Version : 4.7.2
Install Type : Full
Release : 461814
Version : 4.7.2
Release : 461814
54615 - Device Type

Synopsis
Description
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
Ports

Synopsis
Description
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
Ports
20231122113623.500000+330

Synopsis
Description
233
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
Ports

Nessus

Synopsis
Description
list.
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
Ports
- 00:22:48:5A:CB:6D

Synopsis
Description
attachment.
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
234
Ports
Time
00000000000000000000000000000000
00000000000000000000000000000000

Synopsis
Description
See Also
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
Ports
C:\\Users\Thilaksha_106310a\AppData\Roaming\Microsoft\Windows\Recent\System.lnk

Synopsis
Description
See Also
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
235
Ports
[...]

Synopsis
Description
See Also
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
Ports
Version : 10.0.17763.2867

Synopsis
Description
Solution
Risk Factor
None
Exploitable with
Plugin Information:
Ports

Synopsis
Description
236
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
Ports
Logged on users :
- S-1-5-21-1965139271-2296524897-3907604036-1003
Username : Honeuser
168008 - Qualys Cloud Security Agent Installed (Windows)

Synopsis
Qualys Cloud Security Agent was detected on the remote Windows host.
Description
Qualys Cloud Security Agent was detected on the remote Windows host.
See Also
https://www.qualys.com/cloud-agent/
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
Ports
Path : C:\Program Files\Qualys\QualysAgent

Version : 5.4.0.10
Agent ID : 88C707F7-86C3-44D3-97B3-BB7BAA1649C5
Command Line : "C:\Program Files\Qualys\QualysAgent\QualysAgent.exe"
Product : Qualys Cloud Security Agent
237
lkazdc01
Scan Information
Start time: 2024/01/17 10:30
End time: 2024/01/17 11:04

Host Information
DNS Name: lkazdc01.adl.local
Netbios Name: LKAZDC01

Results Summary
3 8 10 0 162 183
Results Details
/
Synopsis
Description
Solution
N/A
Risk Factor
None
References
Exploitable with
Plugin Information:
Ports
lkazdc01 (TCP/47001) Vulnerability State: Active


Synopsis
Description
protocols.
238
Solution
Risk Factor
None
0.8
References
CVE CVE-1999-0524
XREF CWE-200
Exploitable with
Plugin Information:
Ports
lkazdc01 (ICMP/0) Vulnerability State: Active
The ICMP timestamps seem to be in little endian format (not in network format)

Synopsis
Description
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
Ports
lkazdc01 (UDP/137) Vulnerability State: Active
LKAZDC01 = Computer name

ADL = Domain Controllers
LKAZDC01 = File Server Service
00:0d:3a:a3:a4:f2

Synopsis
Description
Solution
239
N/A
Risk Factor
None
Exploitable with
Plugin Information:
Ports
192.168.33.11
192.168.33.4
Hop Count: 1

Synopsis
Description
- Guest account
See Also
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
Ports
lkazdc01 (TCP/445) Vulnerability State: Resurfaced
- NULL sessions may be enabled on the remote host.

Synopsis
Description
Solution
N/A
Risk Factor
None
Exploitable with
240
Plugin Information:
Ports
- ADMIN$
- C$
- D$
- IPC$
- NETLOGON
- SYSVOL

Synopsis
Description
Solution
'permissions'.
Risk Factor
None
Exploitable with
Plugin Information:
Ports
..
ADFS
ADWS
appcompat
apppatch
AppReadiness
assembly
AzureArcSetup
bcastdvr
bfsvc.exe
Boot
bootstat.dat
Branding
BrowserCore
CbsTemp
Containers
Cursors
debug
diagnostics
DiagTrack
DigitalLocker
drivers
DtcInstall.log
ELAMBKUP
en-US
241
explorer.exe
Fonts
Globalization
Help
HelpPane.exe
hh.exe
IdentityCRL
IME
INF
InputMethod
Installer
InteractiveVMWorkingDir
L2Schemas
LiveKernelReports
Logs
lsasetup.log
Media
mib.bin
Microsoft.NET
Migration
ModemLogs
notepad.exe
NTDS
OCR
OEM
Offline Web Pages
Panther
Performance
PFRO.log
PLA
PolicyDefinitions
Prefetch
PrintDialog
Provisioning
regedit.exe
Registration
RemotePackages
rescache
Resources
SchCache
schemas
security
ServiceProfiles
ServiceState
servicing
Setup
ShellComponents
ShellExperiences
SKB
Speech
Speech_OneCore
splwow64.exe
System
system.ini
System32
SystemApps
SystemResources
SystemTemp
SYSVOL
SysWOW64
TAPI
Tasks
Temp
- SYSVOL - (readable,writable)
..
adl.local
- NETLOGON - (readable,writable)
..
242
DumpStack.log.tmp
pagefile.sys
$WinREAgent
ADL
batch1.csv
cert new
Linux OS
LKROOTCA_LKROOTCA-CA.crt
localadmin
Microsoft.Tri.Sensor.Deployment.Deployer.exe
New
NonADDEDMEMBERS.csv
OwnerError.csv
Packages
pass1.csv
pass12.csv
pass2.csv
passchange.csv
passchange1.csv
passchange2.csv
passchange3.csv
Password1.txt
PerfLogs
Program Files
Program Files (x86)
ProgramData
Recovery
Results.csv
Temp
userlist.csv
Users
Windows
WindowsAzure
Enumeration
Synopsis
Description
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
Ports
243
Synopsis
Description
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
Ports
10413 - Microsoft Windows SMB Registry : Remote PDC/BDC Detection
Synopsis
The remote system is a Domain Controller.
Description
The remote host seems to be a Primary Domain Controller or a Backup Domain Controller.
This can be verified by the value of the registry key 'ProductType' under 'HKLM\SYSTEM\CurrentControlSet\Control
\ProductOptions'.
Solution
N/A
Risk Factor
None
References
Exploitable with
Plugin Information:
Ports
Synopsis
Description
Solution
Risk Factor
None
244
References
Exploitable with
Plugin Information:
Ports
Active Services :
Azure Advanced Threat Protection Sensor [ AATPSensor ]

Azure Advanced Threat Protection Sensor Updater [ AATPSensorUpdater ]
Active Directory Web Services [ ADWS ]
AppX Deployment Service (AppXSVC) [ AppXSvc ]
Azure Network Watcher Agent [ AzureNetworkWatcherAgent ]
Capability Access Manager Service [ camsvc ]
DFS Namespace [ Dfs ]
DFS Replication [ DFSR ]
DHCP Server [ DHCPServer ]
Display Policy Service [ DispBrokerDesktopSvc ]
DNS Server [ DNS ]
Elastic Agent [ Elastic Agent ]
Guest Configuration Service [ GCService ]
Network Policy Server [ IAS ]
Intersite Messaging [ IsmServ ]
Kerberos Key Distribution Center [ Kdc ]
Microsoft Key Distribution Service [ KdsSvc ]
Network Setup Service [ NetSetupSvc ]
Network Store [...]

Synopsis
Description
245
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
Ports
Object UUID : 00000000-0000-0000-0000-000000000000

UUID : b9785960-524f-11df-8b6d-83dcded72085, version 1.0
Annotation : SIDKEY
TCP Port : 49664
IP : 192.168.33.4
Object UUID : 00000000-0000-0000-0000-000000000000

TCP Port : 49664
IP : 192.168.33.4
Object UUID : 7364746e-0000-0000-0000-000000000000

UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0
Annotation : Impl friendly name
TCP Port : 49664
IP : 192.168.33.4
Object UUID : 00000000-0000-0000-0000-000000000000

UUID : e3514235-4b06-11d1-ab04-00c04fc2dcd2, version 4.0
Description : Active Directory Replication Interface
Windows process : unknown
Annotation : MS NT Directory DRS Interface
TCP Port : 49664
IP : 192.168.33.4
Object UUID : 00000000-0000-0000-0000-000000000000

UUID : f5cc5a18-4264-101a-8c59-08002b2f8426, version 56.0
Description : Active Directory Name Service Provider (NSP)
Annotation : MS NT Directory NSP Interface
TCP Port : 49664
IP : 192.168.33.4
Object UUID : 00000000-0000-0000-0000-000000000000

Description : Local Security Authority
TCP Port : 49664
IP : 192.168.33.4
Object UUID : 00000000-0000-0000-0000-000000000000
246
Annotation : KeyIso
TCP Port : 49664
IP : 192.168.33.4
Object UUID : 00000000-0000-0000-0000-000000000000

TCP Port : 49664
IP : [...]
Object UUID : 00000000-0000-0000-0000-000000000000

Annotation : SIDKEY
Named pipe : kdssvc_lrpc
Object UUID : 00000000-0000-0000-0000-000000000000

Annotation : SIDKEY
Named pipe : NETLOGON_LRPC
Object UUID : 00000000-0000-0000-0000-000000000000

Annotation : SIDKEY
Named pipe : NTDS_LPC
Object UUID : 00000000-0000-0000-0000-000000000000

Annotation : SIDKEY
Named pipe : OLEDC63BDB6C6D6334F41E5CF810E33
Object UUID : 00000000-0000-0000-0000-000000000000

Annotation : SIDKEY
Named pipe : MicrosoftLaps_LRPC_0fb2f016-fe45-4a08-a7f9-a467f5e5fa0b
Object UUID : 00000000-0000-0000-0000-000000000000

UUID : a111f1c5-5923-47c0-9a68-d0bafb577901, version 1.0
Annotation : NetSetup API
Named pipe : LRPC-4bb3e667a4043745d5
Object UUID : 00000000-0000-0000-0000-000000000000

UUID : ae2dc901-312d-41df-8b79-e835e63db874, version 1.0
Annotation : appxsvc
Named pipe : LRPC-28280423cec95cc706
Object UUID : 00000000-0000-0000-0000-000000000000

UUID : ff9fd3c4-742e-45e0-91dd-2f5bc632a1df, version 1.0
Annotation : appxsvc
Named pipe : LRPC-28280423cec95cc706
247
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : bf4dc912-e52f-4904-8ebe-9317c1bdd497, version 1.0
Named pipe : [...]
Object UUID : 00000000-0000-0000-0000-000000000000

UUID : 6bffd098-a112-3610-9833-46c3f874532d, version 1.0
Description : DHCP Server Service
TCP Port : 60149
IP : 192.168.33.4
Object UUID : 00000000-0000-0000-0000-000000000000

UUID : 5b821720-f63b-11d0-aad2-00c04fc324db, version 1.0
Description : DHCP Server Service
TCP Port : 60149
IP : 192.168.33.4
Object UUID : 00000000-0000-0000-0000-000000000000

TCP Port : 49687
IP : 192.168.33.4
Object UUID : 00000000-0000-0000-0000-000000000000

Annotation : SIDKEY
TCP Port : 49668
IP : 192.168.33.4
Object UUID : 7364746e-0000-0000-0000-000000000000

UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0
Annotation : Impl friendly name
TCP Port : 49668
IP : 192.168.33.4
Object UUID : 00000000-0000-0000-0000-000000000000

UUID : e3514235-4b06-11d1-ab04-00c04fc2dcd2, version 4.0
Description : Active Directory Replication Interface
Annotation : MS NT Directory DRS Interface
TCP Port : 49668
IP : 192.168.33.4
Object UUID : 00000000-0000-0000-0000-000000000000

UUID : f5cc5a18-4264-101a-8c59-08002b2f8426, version 56.0
Description : Active Directory Name Service Provider (NSP)
Annotation : MS NT Directory NSP Interface
248
TCP Port : 49668
IP : 192.168.33.4
Object UUID : 00000000-0000-0000-0000-000000000000

Description : Local Security Authority
TCP Port : 49668
IP : 192.168.33.4
Object UUID : 00000000-0000-0000-0000-000000000000

Annotation : KeyIso
TCP Port : 49668
IP : 192.168.33.4
Object UUID : 00000000-0000-0000-0000-000000000000

TCP Port : 49668
IP : 192.168.33.4
Object UUID : 00000000-0000-0000-0000-000000000000

TCP Port : 49668
IP : [...]
Object UUID : 00000000-0000-0000-0000-000000000000

UUID : 50abc2a4-574d-40b3-9d66-ee4fd5fba076, version 5.0
Description : DNS Server
Windows process : dns.exe
TCP Port : 60195
IP : 192.168.33.4
Object UUID : 5bc1ed07-f5f5-485f-9dfd-6fd0acf9a23c

UUID : 897e2e5f-93f3-4376-9c9c-fd2277495c27, version 1.0
Annotation : Frs2 Service
TCP Port : 60066
IP : 192.168.33.4
Object UUID : 00000000-0000-0000-0000-000000000000

TCP Port : 49666
IP : 192.168.33.4
249
Object UUID : 00000000-0000-0000-0000-000000000000

Annotation : SIDKEY
Named pipe : \pipe\4e51345dd2467799
Netbios name : \\LKAZDC01
Object UUID : 00000000-0000-0000-0000-000000000000

Object UUID : 00000000-0000-0000-0000-000000000000

Object UUID : 00000000-0000-0000-0000-000000000000

UUID : 7f1343fe-50a9-4927-a778-0c5859517bac, version 1.0
Annotation : DfsDs service
Named pipe : \PIPE\wkssvc
Object UUID : 00000000-0000-0000-0000-000000000000

UUID : 1ff70682-0a51-30e8-076d-740be8cee98b, version 1.0
Object UUID : 00000000-0000-0000-0000-000000000000

UUID : 378e52b0-c0a9-11cf-822d-00aa0051e40f, version 1.0
Object UUID : 00000000-0000-0000-0000-000000000000

UUID : 33d84484-3626-47ee-8c6f-e7e98b113be1, version 2.0
Object UUID : 00000000-0000-0000-0000-000000000000

Object UUID : 00000000-0000-0000-0000-000000000000

UUID : [...]
Object UUID : 00000000-0000-0000-0000-000000000000

250
TCP Port : 49670
IP : 192.168.33.4
Object UUID : 00000000-0000-0000-0000-000000000000

TCP Port : 49667
IP : 192.168.33.4
Object UUID : 00000000-0000-0000-0000-000000000000

TCP Port : 49667
IP : 192.168.33.4

TCP Port : 49665
IP : 192.168.33.4
Object UUID : 00000000-0000-0000-0000-000000000000

TCP Port : 49673
IP : 192.168.33.4
Object UUID : 00000000-0000-0000-0000-000000000000

Annotation : SIDKEY
TCP Port : 49691
IP : 192.168.33.4
Object UUID : 00000000-0000-0000-0000-000000000000

UUID : 12345678-1234-abcd-ef00-01234567cffb, version 1.0
Description : Network Logon Service
TCP Port : 49691
IP : 192.168.33.4
10761 - COM+ Internet Services (CIS) Server Detection

Synopsis
A COM+ Internet Services (CIS) server is listening on this port.
Description
251
COM+ Internet Services are RPC over HTTP tunneling and require IIS to operate. CIS ports shouldn't be visible on
internet but only behind a firewall.
See Also
http://www.nessus.org/u?d02f7e6e
https://support.microsoft.com/en-us/support/kb/articles/q282/2/61.asp
Solution
If you do not use this service, disable it with DCOMCNFG.
Otherwise, limit access to this port.
Risk Factor
None
Exploitable with
Plugin Information:
Ports
Server banner :
ncacn_http/1.0

Synopsis
Description
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
Ports
Target Name: ADL

NetBIOS Computer Name: LKAZDC01
DNS Computer Name: LKAZDC01.adl.local

Synopsis
Description
252
See Also
Solution
appropriate value.
Risk Factor
None
Exploitable with
Plugin Information:
Ports
1-5-21-2016934633-2723708669-2290440068
10895 - Microsoft Windows - Users Information : Automatically Disabled Accounts

Synopsis
At least one user account has been automatically disabled.
Description
Using the supplied credentials, Nessus was able to list user accounts that have been automatically disabled. These
accounts may have been disabled for security reasons or due to brute-force attack attempts.
Solution
Risk Factor
None
Exploitable with
Plugin Information:
Ports
The following user account has been automatically disabled :
- Priyan_105623


Synopsis
Description
253
Solution
Risk Factor
None
Exploitable with
Plugin Information:
Ports
- Aaditya_117927
- Aamir_105935
- aayushi_118161
- abansit
- Abdillah_118176
- Abdul Haliim_118016
- Abdul_118297
- Abhilasha_107386
- Abraham_117970
- Abyan_117868
- Ade_118362
- Adheesha_105648
- Adhip_119038
- Adib_118215
- Adiba_118487
- Adilla_117682
- Adithya_112332
- Afzan_118197
- Agus_118072
- Ahaash_105894
- Ahmad_117999
- Ahmad_118191
- Ahmad_118223
- Ainna_118292
- Ajay_119077
- Aji_118331
- Akalanka_112260
- Akeshala_121219
- akhil_119063
- Akhmad_118392
- Akila_105229
- Akila_107210
- Akma_118451
- akmal_118141
- Akshayaa_105637
- Alberto_118361
- Aldi_118083
- Aleesya_118206
- Alek_118057
- Alexander_118317
- Alfa_118068
- Alfan_117882
- Alfan_118499
- Alfredo_117797
- Alini_118563
- Ama_105779
- Amal_105244
- amalina.axiata
- Amasha_112290
- Amasha_112321
- Amaya_112393
- Ambar_118214
- Amila_105101
- Amila_107001
254
- Amila_107352
- AMIR_117655
- Amirul_117984
- Amirul_118375
- Amith_105834
- Ammar_118070
- Anand_117719
- Anandakarthik_117627
- Anant_118162
- Anbarasan_117738
- Andari_118457
- Andre_117812
- Andrew_112329
- Angga_118216
- Anggito_118097
- Anil_25152
- Anil_25187
- Anjanan_105763
- Ankit_118064
- Ankit_118480
- Ankit_119101
- annabella.axiata
- Annoma_105145
- Anoma_105262
- Antonythas_106203
- Anuj_118412
- Anuj_119049
- Anuradha_119023
- Anurag_119093
- Anusara_112185
- anusha_119072
- Anusha_121226
- Anushan_112261
- Anushesh_119097
- Anushka_106003
- Aparna_105193
- apoorv_119062
- apptest
- Apsara_112294
- Aqil_118444
- Aravind_118033
- Aravinda_105196
- Aravindan_105615
- Argavi_118468
- Arifa_118442-old
- Arindra_118372
- arinjay_119064
- Arissa_118035
- Ariva_118337
- Arona_118028
- Arosha_107031
- Aruna_106164
- Arunkumar_117698
- Asal_112362
- asanka_105009
- Asanka_105329
- Asel_112123
- Asela_107258
[...]

Synopsis
Description
Solution
Risk Factor
None
Exploitable with
255
Plugin Information:
Ports
- Afzan_118197
- Ahamed_112434
- Ahmad_118191
- Ajay_119077
- Anusha_121226
- Ariva_118337
- Ashish_118200
- Bonomi_106344
- Chatura_ObjectOne
- Denver_ObjectOne
- Devindi_106336
- Devon_106335
- Diluksha_106339
- Dulmi_106341
- Gangadhar_118266
- Gayan_106345
- Guntur_118069
- hanif_118164
- Haziratul_118195
- Indranil_119076
- Ira_118190
- Jaypalsinh_118267
- Joko_118170
- Kasun_106333
- lobby
- Luqman_118168
- Muhammad_118265
- Nikila_10584512
- Nimesh_106340
- Niroshan_112432
- Nivethasree_118203
- Pasindu_106343
- Pavan_118207
- Pramod_106342
- pw04
- Rizwan_118194
- Sanket_118227
- SM_309a4e43459f4c4c9


Synopsis
Description
Solution
Risk Factor
None
Exploitable with
256
Plugin Information:
Ports
- Aadhil_105729
- Aaditya_117927
- Aamir_105935
- aayushi_118161
- Aazif_105922
- abansit
- Abdillah_118176
- Abdul Haliim_118016
- Abdul_106325
- Abdul_117932
- Abdul_118297
- Abdullah_117850
- Abhilasha_107386
- Abhimanyu_117786
- Abi_118479
- Abigail_118438
- Abraham_117970
- Abrar_118515
- Abyan_117868
- Achintha_121258
- adam_118338
- Ade_118362
- Adheesha_105648
- Adheesha_106025
- Adhip_119038
- Adhitya_118409
- Adi_117969
- Adi_118230
- Adib _120038
- Adib_118215
- Adiba_118487
- Adilla_117682
- Adithya_112332
- Adiv_118406
- Adli_118349
- administrator
- Afkar_106101
- Afzan_118197
- Agnes_118486
- Agung_117893
- Agung_118177
- Agus_118072
- Ahaash_105894
- Ahamed_106331
- Ahamed_112434
- AHMAD_117661
- Ahmad_117931
- Ahmad_117999
- Ahmad_118191
- Ahmad_118223
- Ahmad_118473
- ahmed_118144
- Aiman_118256
- Ainatul_25182
- Ainna_118292
- Aisyah_120040
- Ajay_117712
- Ajay_119077
- Ajeeth_105793
- Aji_118331
- Akalanka_105485
- Akalanka_112260
- Akbar_118283
- Akesh_106123
- Akeshala_121219
- akhil_119063
257
- Akhmad_118392
- Akila_105229
- Akila_105570
- Akila_105627
- Akila_105691
- Akila_105947
- Akila_106058
- Akila_106287
- Akila_107210
- Akma_118451
- akmal_118141
- Akram_118559
- Akshay_117526
- Akshayaa_105637
- Alberto_118361
- Aldi_118083
- Aldiansyah_118286
- Aleesya_118206
- Alek_118057
- Alexander_118317
- Alfa_118068
- Alfan_117882
- Alfan_118499
- Alfredo_117797
- ALIA_117956
- Aliah_118296
- Alif_118253
- Aliff_120039
- Alifyando_118336
- Alini_118563
- Aloka_106023
- Alwan_117829
- Ama_105779
- Amal_105244
- Amal_105640
- Amal_120020
- Amali_105384
- amalina.axiata
- Amalina_118254
- Amalka_105324
- Amanda_112428
- Amasha_112290
- Amasha_112321
- Amasha_121264
- Amaya_112393
- Ambar_118214
- Ameerah_120034
- amila_105022
[...]
10900 - Microsoft Windows - Users Information : Passwords Never Expire

Synopsis
At least one user has a password that never expires.
Description
Using the supplied credentials, Nessus was able to list users that are enabled and whose passwords never expire.
Solution
Risk Factor
None
Exploitable with
Plugin Information:
Ports
258
The following users have passwords that never expire :
- azadmin
- domainadd001
- domainaddind
- domainaddmy
- fim.service
- fim.sync
- fwsync
- mihcm_admin
- MIHCM_Sync
- mihcmadmin
- MSOL_03ffe2f18357
- secadmin

and change the 'Start UID' and/or 'End UID' preferences for this
plugin, then re-run the scan.

Synopsis
Description
Solution
Risk Factor
None
Exploitable with
Plugin Information:
Ports
- ADL\azadmin (User)
- ADL\Enterprise Admins (Group)
- ADL\mihcmadmin (User)
10908 - Microsoft Windows 'Domain Administrators' Group User List

Synopsis
There is at least one user in the 'Domain Administrators' group.
Description
Using the supplied credentials, it is possible to extract the member list of the 'Domain Administrators' group. Members
of this group have complete access to the Windows Domain.
Solution
Risk Factor
None
Exploitable with
Plugin Information:
259
Ports
The following users are members of the 'Domain Administrators' group :
- azadmin
- NableAdmin
- vaadmin
- Atheeq_106273a
- Thilaksha_106310a
- Damith_106321a

Synopsis
Description
the remote host).
Solution
Risk Factor
None
Exploitable with
Plugin Information:
Ports
11002 - DNS Server Detection
Synopsis
A DNS server is listening on the remote host.
Description
The remote service is a Domain Name System (DNS) server, which provides a mapping between hostnames and IP
addresses.
See Also
https://en.wikipedia.org/wiki/Domain_Name_System
Solution
Disable this service if it is not needed or restrict access to internal hosts only if the service is available externally.
Risk Factor
None
Exploitable with
Plugin Information:
Ports
260
Synopsis
Description
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
Ports

Synopsis
Description
See Also
Solution
Risk Factor
None
Exploitable with
Plugin Information:
Ports
Synopsis
261
Description
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
Ports
Method : SMB_OS
NTP:!:unknown
SinFP:!:
P1:B11113:F0x12:W65392:O0204ffff:M1410:
P2:B11113:F0x12:W65535:O0204ffff010303080402080affffffff44454144:M1410:
P3:B00000:F0x00:W0:O0:M0
P4:190704_7_p=47001
SSLcert:!:i/CN:LKAZSUBCA-CA
42b4abec267a325bd46d8bcbb78f2c2aaa5b1cb7
i/CN:LKAZSUBCA-CA
42b4abec267a325bd46d8bcbb78f2c2aaa5b1cb7
i/CN:LKAZDC01.adl.locals/CN:LKAZDC01.adl.local
bc636ba074b9ba93650d24e2fac93dbc6c5f1be7

Synopsis
Description
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
262
Ports
192.168.33.4 resolves as LKAZDC01.adl.local.

Synopsis
Description
See Also
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
Ports

\4.18.23110.3-0\
Version : 4.18.23110.3

Synopsis
Description
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
Ports
263

Synopsis
Description
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
Ports

Scanner OS : LINUX
Scan type : Normal
Scanner IP : 192.168.33.11
Port range : all
Thorough tests : no
Paranoia level : 1
Safe checks : yes
264
Max hosts : 100
Max checks : 5
Recv timeout : 5
Backports : None

Synopsis
Description
Solution
Risk Factor
None
References
Exploitable with
Plugin Information:
Ports
Microsoft Edge [version 120.0.2210.133] [installed on 2024/01/13]

Microsoft Edge Update [version 1.3.181.5]
Npcap OEM [version 1.00]
OMS Gateway [version 1.0.448.0] [installed on 2022/04/27]
2021/11/03]
Microsoft .NET Core 3.1.20 - Windows Server Hosting [version 3.1.20.21472]
Microsoft ASP.NET Core 5.0.11 - Shared Framework (x64) [version 5.0.11.21476]
Microsoft .NET Core Runtime - 3.1.20 (x86) [version 3.1.20.30521]
2021/11/03]
Azure Advanced Threat Protection Sensor [version 2.179.15243.22320]
2021/12/10]
Microsoft .NET Core Runtime - 3.1.20 (x64) [version 24.80.30521] [installed on 2021/11/03]
Microsoft .NET Core Host FX Resolver - 3.1.20 (x64) [version 24.80.30521] [installed on
2021/11/03]
Microsoft .NET Runtime - 5.0.11 (x64) [version 5.0.11.30523]
Microsoft .NET Core Host FX Resolver - 3.1.20 (x86) [version 24.80.30521] [installed on
2021/11/03]
Microsoft Network Monitor 3.4 [version 3.4.2350.0] [installed on 2022/08/18]
Microsoft .NET Core Host - 3.1.20 (x64) [version 24.80.30521] [installed on 2021/11/03]
Microsoft .NET Runtime - 5.0.11 (x86) [version 40.44.30523] [installed on 2021/11/03]
Microsoft Network Monitor: NetworkMonitor Parsers 3.4 [version 3.4.2350.0] [installed on
2022/08/18]
Microsoft ASP.NET Core 5.0.11 Shared Framework (x86) [version 5.0.11.21476] [installed on [...]
265
20870 - LDAP Server Detection
Synopsis
An LDAP server was detected on the remote host.
Description
The remote host is running a Lightweight Directory Access Protocol (LDAP) server. LDAP is a protocol for providing
access to directory services over TCP/IP.
See Also
https://en.wikipedia.org/wiki/LDAP
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
Ports
Synopsis
Description
See Also
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
Ports



MAC
---------------------- ---------- --- ---- ---------------------
---
TLS_AES_128_GCM_SHA256 0x13, 0x01 - - AES-GCM(128)
AEAD
266
AEAD


MAC
---------------------- ---------- --- ---- ---------------------
---
SHA256
SHA384
SHA256
SHA384
{Cipher ID code}
Kex={key exchange}
{export flag}



MAC
---------------------- ---------- --- ---- ---------------------
---
AEAD
AEAD


MAC
---------------------- ---------- --- ---- ---------------------
---
SHA256
SHA384
SHA256
SHA384
{Cipher ID code}
Kex={key exchange}
{export flag}
267


MAC
---------------------- ---------- --- ---- ---------------------
---
SHA256
SHA384
SHA256
SHA384
{Cipher ID code}
Kex={key exchange}
{export flag}
Note that this service does not encrypt traffic by default but does
support upgrading to an encrypted connection using STARTTLS.

Synopsis
Description
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
Ports

An http-rpc-epmap is running on this port.

A TLSv1.2 server answered on this port.


A TLSv1.2 server answered on this port.
268


An ncacn_http server is running on this port.

Synopsis
Description
Solution
Risk Factor
None
Exploitable with
Plugin Information:
Ports
shares :
+ C$ :
protectors_31bf3856ad364e35_10.0.20348.1_none_973a2dbdbe834c5f\MsoIrmProtector.doc
protectors_31bf3856ad364e35_10.0.20348.1_none_a18ed80ff2e40e5a\MsoIrmProtector.doc
protectors_31bf3856ad364e35_10.0.20348.1_none_973a2dbdbe834c5f\MsoIrmProtector.ppt
protectors_31bf3856ad364e35_10.0.20348.1_none_a18ed80ff2e40e5a\MsoIrmProtector.ppt
protectors_31bf3856ad364e35_10.0.20348.1_none_973a2dbdbe834c5f\MsoIrmProtector.xls
protectors_31bf3856ad364e35_10.0.20348.1_none_a18ed80ff2e40e5a\MsoIrmProtector.xls
- C:\ADL\ADL_DL_Details\ADL-Malaysia\ADL-Team-Malaysia(Senders).xlsx
- C:\Users\azadmin\Downloads\Domain Controller Coverage - 5-18-2022.xlsx
- C:\Users\secadmin\Downloads\TriSizingTool_1.3.0.0\TriSizingToolResults_20220426_1439.xlsx
- C:\Users\Thilaksha_106310a\Desktop\ADL\ADL_DL_Details\ADL-Malaysia\ADL-Team-
Malaysia(Senders).xlsx
- C:\Users\secadmin\Downloads\TriSizingTool_1.3.0.0\EULA.docx

Synopsis
Description
269
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
Ports

SSL : no
Keep-Alive : no
Headers :
Content-Type: text/plain; charset=utf-8

X-Content-Type-Options: nosniff
Date: Wed, 17 Jan 2024 10:42:49 GMT
Content-Length: 19
Connection: close
Response Body :
Response Code : HTTP/1.1 400 Bad request

SSL : no
Keep-Alive : no
Headers :
Response Body :

SSL : no
Keep-Alive : no
Headers :

Date: Wed, 17 Jan 2024 10:42:48 GMT
Connection: close
Content-Length: 315
Response Body :
270
SSL : no
Keep-Alive : no
Headers :

Date: Wed, 17 Jan 2024 10:42:48 GMT
Connection: close
Content-Length: 315
Response Body :

Synopsis
Description
configuration, etc.
See Also
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
Ports

Synopsis
Description
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
Ports
271

CPU0
Architecture : x64
Physical Cores: 2
Logical Cores : 4

None
Type : Unknown
Capacity : 1024 MB
None
Type : Unknown
Capacity : 15360 MB

Synopsis
Description
attached to them.
See Also
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
Ports

- MAC Address = 00:0D:3A:A3:A4:F2
- Network Interface = [00000012] Mellanox ConnectX-3 Virtual Function Ethernet Adapter

- MAC Address = 00:0D:3A:A3:A4:F2

----------- ------- -------
0.0.0.0 0.0.0.0 192.168.33.1
127.0.0.0 255.0.0.0 0.0.0.0
127.0.0.1 255.255.255.255 0.0.0.0
127.255.255.255 255.255.255.255 0.0.0.0
192.168.33.0 255.255.255.0 0.0.0.0
192.168.33.4 255.255.255.255 0.0.0.0
192.168.33.255 255.255.255.255 0.0.0.0
272
224.0.0.0 240.0.0.0 0.0.0.0
224.0.0.0 240.0.0.0 0.0.0.0
255.255.255.255 255.255.255.255 0.0.0.0
255.255.255.255 255.255.255.255 0.0.0.0
25220 - TCP/IP Timestamps Supported

Synopsis
The remote service implements TCP timestamps.
Description
The remote host implements TCP timestamps, as defined by RFC1323. A side effect of this feature is that the uptime
of the remote host can sometimes be computed.
See Also
http://www.ietf.org/rfc/rfc1323.txt
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
Ports
25701 - LDAP Crafted Search Request Server Information Disclosure
Synopsis
It is possible to discover information about the remote LDAP server.
Description
By sending a search request with a filter set to 'objectClass=*', it is possible to extract information about the remote
LDAP server.
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
Ports
[+]-namingContexts:
| DC=adl,DC=local
| CN=Configuration,DC=adl,DC=local
| CN=Schema,CN=Configuration,DC=adl,DC=local
| DC=DomainDnsZones,DC=adl,DC=local
| DC=ForestDnsZones,DC=adl,DC=local
[+]-domainFunctionality:
| 7
[+]-forestFunctionality:
| 7
[+]-domainControllerFunctionality:
| 7
[+]-rootDomainNamingContext:
| DC=adl,DC=local
[+]-ldapServiceName:
| adl.local:lkazdc01$@ADL.LOCAL
273
[+]-isGlobalCatalogReady:
| TRUE
[+]-supportedSASLMechanisms:
| GSSAPI
| GSS-SPNEGO
| EXTERNAL
| DIGEST-MD5
[+]-supportedLDAPVersion:
| 3
| 2
[+]-supportedLDAPPolicies:
| MaxPoolThreads
| MaxPercentDirSyncRequests
| MaxDatagramRecv
| MaxReceiveBuffer
| InitRecvTimeout
| MaxConnections
| MaxConnIdleTime
| MaxPageSize
| MaxBatchReturnMessages
| MaxQueryDuration
| MaxDirSyncDuration
| MaxTempTableSize
| MaxResultSetSize
| MinResultSets
| MaxResultSetsPerConn
| MaxNotificationPerConn
| MaxValRange
| MaxValRangeTransitive
| ThreadMemoryLimit
| SystemMemoryLimitPercent
[+]-supportedControl:
| 1.2.840.113556.1.4.319
| 1.2.840.113556.1.4.801
| 1.2.840.113556.1.4.473
| 1.2.840.113556.1.4.528
| 1.2.840.113556.1.4.417
| 1.2.840.113556.1.4.619
| 1.2.840.113556.1.4.841
| 1.2.840.113556.1.4.529
| 1.2.840.113556.1.4.805
| 1.2.840.113556.1.4.521
| 1.2.840.113556.1.4.970
| 1.2.840.113556.1.4.1338
| 1.2.840.113556.1.4.474
| 1.2.840.113556.1.4.1339
| 1.2.840.113556.1.4.1340
| 1.2.840.113556.1.4.1413
| 2.16.840.1.113730.3.4.9
| 2.16.840.1.113730.3.4.10
| 1.2.840.113556.1.4.1504
| 1.2.840.113556.1.4.1852
| 1.2.840.113556.1.4.802
| 1.2.840.113556.1.4.1907
| 1.2.840.113556.1.4.1948
| 1.2.840.113556.1.4.1974
| 1.2.840.113556.1.4.1341
| 1.2.840.113556.1.4.2026
| 1.2.840.113556.1.4.2064
| 1.2.840.113556.1.4.2065
| 1.2.840.113556.1.4.2066
| 1.2.840.113556.1.4.2090
| 1.2.840.113556.1.4.2205
[...]

[+]-namingContexts:
| DC=adl,DC=local
| 7
274
| 7
| 7
| DC=adl,DC=local
| TRUE
| GSSAPI
| GSS-SPNEGO
| EXTERNAL
| DIGEST-MD5
| 3
| 2
| MaxPoolThreads
| MaxDatagramRecv
| MaxReceiveBuffer
| InitRecvTimeout
| MaxConnections
| MaxConnIdleTime
| MaxPageSize
| MaxQueryDuration
| MaxTempTableSize
| MaxResultSetSize
| MinResultSets
| MaxValRange
| ThreadMemoryLimit
| 1.2.840.113556.1.4.319
| 1.2.840.113556.1.4.801
| 1.2.840.113556.1.4.473
| 1.2.840.113556.1.4.528
| 1.2.840.113556.1.4.417
| 1.2.840.113556.1.4.619
| 1.2.840.113556.1.4.841
| 1.2.840.113556.1.4.529
| 1.2.840.113556.1.4.805
| 1.2.840.113556.1.4.521
| 1.2.840.113556.1.4.970
| 1.2.840.113556.1.4.1338
| 1.2.840.113556.1.4.474
| 1.2.840.113556.1.4.1339
| 1.2.840.113556.1.4.1340
| 1.2.840.113556.1.4.1413
| 2.16.840.1.113730.3.4.9
| 2.16.840.1.113730.3.4.10
| 1.2.840.113556.1.4.1504
| 1.2.840.113556.1.4.1852
| 1.2.840.113556.1.4.802
| 1.2.840.113556.1.4.1907
| 1.2.840.113556.1.4.1948
| 1.2.840.113556.1.4.1974
| 1.2.840.113556.1.4.1341
| 1.2.840.113556.1.4.2026
| 1.2.840.113556.1.4.2064
| 1.2.840.113556.1.4.2065
| 1.2.840.113556.1.4.2066
| 1.2.840.113556.1.4.2090
| 1.2.840.113556.1.4.2205
[...]

[+]-namingContexts:
| DC=adl,DC=local
275
| 7
| 7
| 7
| DC=adl,DC=local
| TRUE
| GSSAPI
| GSS-SPNEGO
| EXTERNAL
| DIGEST-MD5
| 3
| 2
| MaxPoolThreads
| MaxDatagramRecv
| MaxReceiveBuffer
| InitRecvTimeout
| MaxConnections
| MaxConnIdleTime
| MaxPageSize
| MaxQueryDuration
| MaxTempTableSize
| MaxResultSetSize
| MinResultSets
| MaxValRange
| ThreadMemoryLimit
| 1.2.840.113556.1.4.319
| 1.2.840.113556.1.4.801
| 1.2.840.113556.1.4.473
| 1.2.840.113556.1.4.528
| 1.2.840.113556.1.4.417
| 1.2.840.113556.1.4.619
| 1.2.840.113556.1.4.841
| 1.2.840.113556.1.4.529
| 1.2.840.113556.1.4.805
| 1.2.840.113556.1.4.521
| 1.2.840.113556.1.4.970
| 1.2.840.113556.1.4.1338
| 1.2.840.113556.1.4.474
| 1.2.840.113556.1.4.1339
| 1.2.840.113556.1.4.1340
| 1.2.840.113556.1.4.1413
| 2.16.840.1.113730.3.4.9
| 2.16.840.1.113730.3.4.10
| 1.2.840.113556.1.4.1504
| 1.2.840.113556.1.4.1852
| 1.2.840.113556.1.4.802
| 1.2.840.113556.1.4.1907
| 1.2.840.113556.1.4.1948
| 1.2.840.113556.1.4.1974
| 1.2.840.113556.1.4.1341
| 1.2.840.113556.1.4.2026
| 1.2.840.113556.1.4.2064
| 1.2.840.113556.1.4.2065
| 1.2.840.113556.1.4.2066
276
| 1.2.840.113556.1.4.2090
| 1.2.840.113556.1.4.2205
[...]

Synopsis
Description
See Also
Solution
Risk Factor
None
Exploitable with
Plugin Information:
Ports


Synopsis
Description
See Also
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
Ports

277






















278








Note that 2502 UDP ports belonging to DNS.exe have been ignored.













279













Synopsis
Description
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
Ports
280
Kdc (@%SystemRoot%\System32\kdcsvc.dll,-1)
KdsSvc (@KdsSvc.dll,-100)
NTDS (@%SystemRoot%\System32\ntdsmsg.dll,-1)
IAS (@%SystemRoot%\system32\ias.dll,-1000)
281
The Win32 process 'dns.exe' is listening on this port (pid 3500).
This process 'dns.exe' (pid 3500) is hosting the following Windows services :
DNS (@%systemroot%\system32\dns.exe,-49157)
The Win32 process 'Microsoft.HttpForwarder.WindowsService.exe' is listening on this port (pid

3620).
282
This process 'Microsoft.HttpForwarder.WindowsService.exe' (pid 3620) is hosting the following
Windows services :
OMSGatewayService (OMS Gateway)
The Win32 process 'elastic-agent.exe' is listening on this port (pid 3564).
This process 'elastic-agent.exe' (pid 3564) is hosting the following Windows services :
Elastic Agent (Elastic Agent)
283
DHCPServer (@%SystemRoot%\system32\dhcpssvc.dll,-200)
The Win32 process 'Microsoft.Tri.Sensor.exe' is listening on this port (pid 5824).
This process 'Microsoft.Tri.Sensor.exe' (pid 5824) is hosting the following Windows services :
AATPSensor (Azure Advanced Threat Protection Sensor)
284
The Win32 process 'Microsoft.ActiveDirectory.WebServices.exe' is listening on this port (pid

3544).
This process 'Microsoft.ActiveDirectory.WebServices.exe' (pid 3544) is hosting the following

Windows services :
ADWS (@%SystemRoot%\ADWS\adwsres.dll,-1)
285
The Win32 process 'Microsoft.Tri.Sensor.exe' is listening on this port (pid 5824).
This process 'Microsoft.Tri.Sensor.exe' (pid 5824) is hosting the following Windows services :
AATPSensor (Azure Advanced Threat Protection Sensor)
286
The Win32 process 'dns.exe' is listening on this port (pid 3500).
This process 'dns.exe' (pid 3500) is hosting the following Windows services :
DNS (@%systemroot%\system32\dns.exe,-49157)
The Win32 process 'dfsrs.exe' is listening on this port (pid 3516).
This process 'dfsrs.exe' (pid 3516) is hosting the following Windows services :
DFSR (@dfsrress.dll,-101)
287
35297 - SSL Service Requests Client Certificate
Synopsis
The remote service requests an SSL client certificate.
Description
The remote service encrypts communications using SSL/TLS, requests a client certificate, and may require a valid
certificate in order to establish a connection to the underlying service.
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
Ports
A TLSv12 server is listening on this port that requests a client certificate.
A TLSv12 server is listening on this port that requests a client certificate.
35706 - SMB Registry : Stopping the Registry Service after the scan failed
Synopsis
The registry service could not be stopped after the scan.
Description
(RemoteRegistry).
While Nessus successfully started the registry service, it could not stop it after the scan. You might want to disable it
manually.
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
Ports
The following error occured :
StopService() failed

Synopsis
Description
288
by IEEE.
See Also
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
Ports
00:0D:3A:A3:A4:F2 : Microsoft Corp.

Synopsis
Description
Solution
Risk Factor
None
Exploitable with
Plugin Information:
Ports

Synopsis
Description
289
See Also
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
Ports
Synopsis
Description
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
Ports
43829 - Kerberos Information Disclosure

Synopsis
The remote Kerberos server is leaking information.
Description
Nessus was able to retrieve the realm name and/or server time of the remote Kerberos server.
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
290
Ports
Nessus gathered the following information :
Server time : 2024-01-17 10:35:54 UTC

Realm : ADL.LOCAL

Synopsis
Description
Solution
Risk Factor
None
References
Exploitable with
Plugin Information:
Ports
AATPSensor startup parameters :

Display name : Azure Advanced Threat Protection Sensor
Service name : AATPSensor
Executable path : "C:\Program Files\Azure Advanced Threat Protection Sensor
\2.225.17490.45310\Microsoft.Tri.Sensor.exe"
Dependencies : AATPSensorUpdater/
AATPSensorUpdater startup parameters :

Display name : Azure Advanced Threat Protection Sensor Updater
Service name : AATPSensorUpdater
Executable path : "C:\Program Files\Azure Advanced Threat Protection Sensor
\2.225.17490.45310\Microsoft.Tri.Sensor.Updater.exe"
Dependencies : WmiApSrv/
ADWS startup parameters :

Display name : Active Directory Web Services
Service name : ADWS
Executable path : C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe

AzureNetworkWatcherAgent startup parameters :

Display name : Azure Network Watcher Agent
Service name : AzureNetworkWatcherAgent
291
Executable path : "C:\Packages\Plugins
\Microsoft.Azure.NetworkWatcher.NetworkWatcherAgentWindows\1.4.2146.1\NetworkWatcherAgent
\NetworkWatcherAgent.exe" /service

Service name : BFE

[...]

Synopsis
Description
See Also
Solution
N/A
Risk Factor
None
References
Exploitable with
Plugin Information:
Ports

- AD DS Snap-Ins and Command-Line Tools
- AD DS Tools
- AD DS and AD LDS Tools
- Active Directory Administrative Center
- Active Directory Domain Services
- Active Directory module for Windows PowerShell
- Azure Arc Setup
- DHCP Server
- DHCP Server Tools
- DNS Server
- DNS Server Tools
- Enhanced Storage
- File Server
292
- File and iSCSI Services
- Group Policy Management
- Microsoft Defender Antivirus
- Network Policy and Access Services
- Network Policy and Access Services Tools
- Remote Server Administration Tools
- Role Administration Tools
- Storage Services
- TCP Port Sharing
- WCF Services
- WoW64 Support
- XPS Viewer

Synopsis
Description
See Also
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
Ports
cpe:/o:microsoft:windows_server_2022:::x64-datacenter

cpe:/a:microsoft:.net_framework:4.8 -> Microsoft .NET Framework
cpe:/a:microsoft:edge:120.0.2210.133 -> Microsoft Edge
Connection
Endpoint Protection
293
x-cpe:/a:microsoft:dhcp_server:10.0.20348.2110

Synopsis
Description
See Also
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
Ports

- UUID : B1A6549D-6AF1-4527-BBDC-176D06588D46

Synopsis
Description
See Also
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
Ports
294

Synopsis
remote system.
Description
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
Ports
Architecture = x64
Build lab extended = 20348.1.amd64fre.fe_release.210507-1500

Synopsis
Description
See Also
cc708554(v=ws.10)
cc708449(v=ws.10)
Solution
Risk Factor
None
Exploitable with
Plugin Information:
Ports
295
AUOptions : 7
NoAutoUpdate : 0

Synopsis
Description
See Also
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
Ports
+ DriveLetter D:

- DeviceID : \\?\Volume{b1a6549d-0000-0000-0000-100000000000}\
- Size : 32.00 GB
+ DriveLetter C:

- DeviceID : \\?\Volume{ed902b05-7c7a-4093-8f9d-6f4688ed4611}\
296
- Size : 126.45 GB

Synopsis
Description
authority.
remote host.
See Also
Solution
Risk Factor
Medium
CVSS Base Score
Exploitable with
Plugin Information:
Ports

|-Subject : DC=local/DC=adl/CN=LKAZSUBCA-CA
|-Issuer : CN=LKROOTCA-CA

|-Subject : CN=LKAZDC01.adl.local
|-Issuer : CN=LKAZDC01.adl.local
297

|-Subject : DC=local/DC=adl/CN=LKAZSUBCA-CA
|-Issuer : CN=LKROOTCA-CA
52001 - WMI QuickFixEngineering (QFE) Enumeration

Synopsis
The remote Windows host has quick-fix engineering updates installed.
Description
By connecting to the remote host with the supplied credentials, this plugin enumerates quick-fix engineering updates
installed on the remote host via WMI.
See Also
http://www.nessus.org/u?0c4ec249
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
Ports

remote system :
+ KB5031993
+ KB5012170
+ KB5032198
+ KB5032310
Note that for detailed information on installed QFE's such as InstalledBy, Caption,
and so on, please run the scan with 'Report Verbosity' set to 'verbose'.

Synopsis
Description
Solution
N/A
Risk Factor
298
None
Exploitable with
Plugin Information:
Ports
Hostname : LKAZDC01
LKAZDC01 (WMI)

Synopsis
Description
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
Ports
This port supports TLSv1.3/TLSv1.2.
This port supports TLSv1.3/TLSv1.2.
This port supports TLSv1.2.

Synopsis
the key is stolen.
Description
See Also
Solution
N/A
Risk Factor
299
None
Exploitable with
Plugin Information:
Ports

MAC
---------------------- ---------- --- ---- ---------------------
---
SHA256
SHA384
SHA256
SHA384
{Cipher ID code}
Kex={key exchange}
{export flag}

MAC
---------------------- ---------- --- ---- ---------------------
---
SHA256
SHA384
SHA256
SHA384
{Cipher ID code}
Kex={key exchange}
{export flag}
300
MAC
---------------------- ---------- --- ---- ---------------------
---
SHA256
SHA384
SHA256
SHA384
{Cipher ID code}
Kex={key exchange}
{export flag}

Synopsis
Description
the remote host.
Solution
Risk Factor
Medium
CVSS Base Score
Exploitable with
Plugin Information:
Ports

|-Subject : CN=LKAZDC01.adl.local

Synopsis
Description
Solution
301
N/A
Risk Factor
None
Exploitable with
Plugin Information:
Ports
Interface: {8c5fcf84-6e2e-45ec-920c-295e99709d0e}
NameServer: 192.168.20.240,192.168.20.239,127.0.0.1

Synopsis
Description
Solution
security policies.
Risk Factor
None
Exploitable with
Plugin Information:
Ports
AzureArcSetup - %windir%\AzureArcSetup\Systray\AzureArcSysTray.exe
60119 - Microsoft Windows SMB Share Permissions Enumeration

Synopsis
It was possible to enumerate the permissions of remote network shares.
Description
By using the supplied credentials, Nessus was able to enumerate the permissions of network shares. User
permissions are enumerated for each network share that has a list of access control entries (ACEs).
See Also
https://technet.microsoft.com/en-us/library/bb456988.aspx
Solution
N/A
Risk Factor
302
None
Exploitable with
Plugin Information:
Ports
Share path : \\LKAZDC01\NETLOGON

Local path : C:\Windows\SYSVOL\sysvol\adl.local\SCRIPTS
Comment : Logon server share
[*] Allow ACE for Everyone (S-1-1-0): 0x001200a9
FILE_GENERIC_WRITE: NO
Share path : \\LKAZDC01\SYSVOL

Local path : C:\Windows\SYSVOL\sysvol
Comment : Logon server share
[*] Allow ACE for Everyone (S-1-1-0): 0x001200a9
FILE_GENERIC_WRITE: NO
[*] Allow ACE for NT AUTHORITY\Authenticated Users (S-1-5-11): 0x001f01ff

Synopsis
Description
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
Ports

remote system :
KB5004330, Installed on: 2021/11/03

KB5012170, Installed on: 2023/04/20
KB5022507, Installed on: 2023/04/20
KB5029928, Installed on: 2023/10/29
KB5030999, Installed on: 2023/11/21
303
KB5031993, Installed on: 2023/12/20

Synopsis
Description
See Also
Solution
Risk Factor
None
Exploitable with
Plugin Information:
Ports
Name : \dosdevices\e:
b6bf-11d0-94f2-00a0c91efb8b}
Raw data :
5c003f003f005c00530043005300490023004300640052006f006d002600560065006e005f004d007300660074002600500072006f006
Data : T
Raw data : 9d54a6b10000100000000000
Data : DMIO:ID:+z|@oFF
Raw data : 444d494f3a49443a052b90ed7a7c93408f9d6f4688ed4611
Name : \??\volume{af9a4571-5786-11ec-8658-806e6f6e6963}
b6bf-11d0-94f2-00a0c91efb8b}
Raw data :
5c003f003f005c00530043005300490023004300640052006f006d002600560065006e005f004d007300660074002600500072006f006

Synopsis
Description
See Also
Solution
N/A
Risk Factor
None
Exploitable with
304
Plugin Information:
Ports

Version : unknown

Synopsis
Description
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
Ports
Product key : XXXXX-XXXXX-XXXXX-XXXXX-6VM33

Synopsis
Description
'netstat' command.
in scan settings.
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
Ports
Synopsis
Description
305
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
Ports
Subject Name:
Common Name: LKAZDC01.adl.local
Issuer Name:
Serial Number: 4C 13 5B 7B F5 BD 4A B2 41 13 F5 57 08 A5 E6 6E
Version: 3

Public Key Info:

Public Key: 00 C0 99 F9 3B D3 9E 14 FC B9 25 8D 2D DE 31 D5 4C F3 3D 0F
46 B0 BF C9 86 F9 2B AB 8E 8B 01 1B 89 07 07 D1 0A C8 40 9D
94 80 28 94 C5 20 58 BB 82 1B CE 2F CF 3C EC 9D E6 3C 71 86
24 4C 4F FE A2 8F 37 D8 85 A0 92 50 D7 D8 39 D6 75 22 29 5B
18 82 7A 85 89 5F 8D D2 6D 04 3E 48 B9 A5 30 E9 CF BB 46 4A
C1 B9 5C 94 DE 2C A2 62 D0 B9 61 29 3D 0A 25 3A D6 DF A2 24
03 73 2A A2 8D 72 CF A3 E3 86 3C 2A 8D 7D 0F 3E 0E 55 56 DC
64 30 94 AA BB 37 91 C9 6F 86 8F DC 38 D5 01 41 9E BF D9 22
84 30 A0 97 8E EB 95 7E DB 50 C8 E4 E1 11 EF E2 8A 91 87 D6
74 C8 3C F0 81 C2 BD 77 5C D8 EE 55 FF 26 04 B5 C1 C4 D9 E7
1B E2 72 DF A6 04 BF AD 94 71 D0 58 7E 1D 0F B0 1B 14 48 18
F7 23 9A A2 47 BB AD 25 6D AB E6 20 EB 42 E9 BA 78 FB 13 02
5D 2E BE A9 1F F5 08 07 AC A3 F0 3D 1D 82 E1 D1 15
Exponent: 01 00 01

Signature: 00 03 DE CD 4B DA 2C 03 CE D9 B5 78 EB 57 27 2C AD 32 15 34
59 A8 47 E3 49 E7 51 AA A4 1C B0 1C 2B C7 D6 7C D6 02 D0 D4
07 E8 04 C9 C7 6B A0 32 35 29 0B B7 78 FD 6B 73 F6 07 CB 17
AE 17 FD 01 C3 6B F1 B6 65 CE 3A 3C 62 91 F3 34 AC 20 00 BC
85 F3 B4 EF E5 E3 62 8A C0 23 06 9F 6D D6 F9 A4 87 42 54 AC
FD 1F 11 61 89 C3 FC 13 BC 67 89 15 AA BD 08 A7 1C 6B 05 01
9A 66 CE 49 BE 92 D6 07 08 A2 B6 A2 2A A5 54 EB A9 56 C1 51
5A D8 29 C8 E8 3B B7 01 87 23 1E 6C 1B 02 2C EF 5F 93 FB 2F
09 9D 50 CA 44 7E 50 8B 45 28 6B 96 0C 50 EF BF F8 28 C6 37
7B 60 66 [...]

Synopsis
Description
306
Solution
Risk Factor
None
Exploitable with
Plugin Information:
Ports

- KB5033914
- KB5033464
[ Microsoft Edge (Chromium) < 120.0.2336.0 Multiple Vulnerabilities (187966) ]
+ Action to take : Upgrade to Microsoft Edge version 120.0.2336.0 or later.
[ Security Updates for Microsoft .NET Core (December 2022) (168747) ]
+ Action to take : Update .NET Core Runtime to version 3.1.32 or 6.0.12 or 7.0.1.
[ Security Updates for Microsoft ASP.NET Core (December 2021) (156227) ]
+ Action to take : Update ASP.NET Core, remove vulnerable packages and refer to vendor advisory.
[ Security Updates for Windows Malicious Software Removal Tool (January 2023) (169783) ]
+ Action to take : Microsoft has released version 5.109 to address this issue.
66424 - Microsoft Malicious Software Removal Tool Installed

Synopsis
An antimalware application is installed on the remote Windows host.
Description
The Microsoft Malicious Software Removal Tool is installed on the remote host. This tool is an application that
attempts to detect and remove known malware from Windows systems.
See Also
http://www.nessus.org/u?47a3e94d
Solution
N/A
Risk Factor
None
Exploitable with
307
Plugin Information:
Ports
File : C:\Windows\system32\MRT.exe
Version : 5.101.19137.3
Release at last run : May 2022
Report infection information to Microsoft : Yes

Synopsis
Description
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
Ports
Process Overview :
SID: Process (PID)
0 : |- System (4)
0 : |- smss.exe (468)
0 : Registry (116)
2 : winlogon.exe (2212)
2 : |- dwm.exe (5368)
2 : |- LogonUI.exe (5964)
0 : csrss.exe (628)
2 : explorer.exe (6500)
2 : |- AzureArcSysTray.exe (10228)
2 : |- mmc.exe (1356)
0 : |- vds.exe (10204)
0 : |- svchost.exe (10824)
0 : |- Microsoft.Tri.Sensor.Updater.exe (11404)
0 : |- MMAExtensionHeartbeatService.exe (11592)
308
2 : |- sihost.exe (3176)
0 : [...]

Synopsis
Description
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
Ports
Process_Modules_.csv : lists the loaded modules for each process.

Synopsis
subsequent ones.
Description
used improperly.
See Also
309
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
Ports

MAC
---------------------- ---------- --- ---- ---------------------
---
SHA256
SHA384
{Cipher ID code}
Kex={key exchange}
{export flag}

MAC
---------------------- ---------- --- ---- ---------------------
---
SHA256
SHA384
{Cipher ID code}
Kex={key exchange}
{export flag}
310

MAC
---------------------- ---------- --- ---- ---------------------
---
SHA256
SHA384
{Cipher ID code}
Kex={key exchange}
{export flag}

Synopsis
Description
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
Ports
Group Name : Server Operators
Host Name : LKAZDC01
Group SID : S-1-5-32-549
Members :
Group Name : Account Operators

Group SID : S-1-5-32-548
Members :
Group Name : Pre-Windows 2000 Compatible Access

Group SID : S-1-5-32-554
Members :
Name : Authenticated Users
Domain : LKAZDC01
SID : S-1-5-11
Name : LKAZSUBCA$
Domain : ADL
SID :
Group Name : Incoming Forest Trust Builders

Group SID : S-1-5-32-557
Members :
311
Group Name : Windows Authorization Access Group
Group SID : S-1-5-32-560
Members :
Name : ENTERPRISE DOMAIN CONTROLLERS
Domain : LKAZDC01
SID : S-1-5-9
Name : Exchange Servers
Domain : ADL
Class : Win32_Group
SID : S-1-5-21-2016934633-2723708669-2290440068-6268
Group Name : Terminal Server License Servers

Group SID : S-1-5-32-561
Members :

Group SID : S-1-5-32-544
Members :
Name : azadmin
Domain : ADL
SID : S-1-5-21-2016934633-2723708669-2290440068-500
Name : Enterprise Admins
Domain : ADL
Class : Win32_Group
SID : S-1-5-21-2016934633-2723708669-2290440068-519
Domain : ADL
Class : Win32_Group
SID : S-1-5-21-2016934633-2723708669-2290440068-512
Name : mihcmadmin
Domain : ADL
SID : S-1-5-21-2016934633-2723708669-2290440068-2860
Group Name : Users

Group SID : S-1-5-32-545
Members :
Name : INTERACTIVE
Domain : LKAZDC01
SID : S-1-5-4
Name : Authenticated Users
Domain : LKAZDC01
SID : S-1-5-11
Name : Domain Users
Domain : ADL
Class : Win32_Group
SID : [...]

Synopsis
Description
See Also
Solution
N/A
Risk Factor
None
References
312
Exploitable with
Plugin Information:
Ports
Version : 11.1.20348.0

Synopsis
Description
See Also
Solution
N/A
Risk Factor
None
References
Exploitable with
Plugin Information:
Ports


Synopsis
Description
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
Ports
313
Name : azadmin
SID : S-1-5-21-2016934633-2723708669-2290440068-500
Disabled : False
Lockout : False
Source : Domain
Name : lobby
SID : S-1-5-21-2016934633-2723708669-2290440068-501
Disabled : True
Lockout : False
Source : Domain
Name : krbtgt
SID : S-1-5-21-2016934633-2723708669-2290440068-502
Disabled : True
Lockout : False
Source : Domain
Name : secadmin
SID : S-1-5-21-2016934633-2723708669-2290440068-1106
Disabled : False
Lockout : False
Source : Domain
Name : Ruzlina_25121
SID : S-1-5-21-2016934633-2723708669-2290440068-1107
Disabled : False
Lockout : False
Source : Domain
Name : Jonathan_25136
SID : S-1-5-21-2016934633-2723708669-2290440068-1108
Disabled : False
Lockout : False
Source : Domain
Name : Surbhi_25139
SID : S-1-5-21-2016934633-2723708669-2290440068-1109
Disabled : True
Lockout : False
Source : Domain
Name : Hajar_25145
SID : S-1-5-21-2016934633-2723708669-2290440068-1110
Disabled : False
Lockout : False
Source : Domain
Name : Hang_25146
SID : S-1-5-21-2016934633-2723708669-2290440068-1111
Disabled : False
Lockout : False
Source : Domain
Name : Farris_118250
SID : S-1-5-21-2016934633-2723708669-2290440068-1112
Disabled : False
Lockout : False
Source : Domain
Name : [...]
314
Synopsis
Description
See Also
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
Ports
Type : Admin Groups

Is Enabled : True
Type : User Groups

Is Enabled : True

Synopsis
Description
See Also
dd759117(v=ws.11)
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
Ports

Exe Rules
Mode : Audit
Description :
315
Script Rules
Mode : Audit
Description :
Msi Rules
Mode : Audit
Description :

Synopsis
Description
a CSV attachment.
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
Ports
HKLM\SOFTWARE\Policies\Microsoft\Windows\SrpV2\Exe\680c8cd4-b6b0-4b7f-8db5-ee7e28da6e08\value :
<FilePathRule Id="680c8cd4-b6b0-4b7f-8db5-ee7e28da6e08" Name="(Default Rule) All Exe's"
HKLM\SOFTWARE\Policies\Microsoft\Windows\SrpV2\Msi\39ce2524-d8af-4ea9-a710-88270fc89780\value :
<FilePathRule Id="39ce2524-d8af-4ea9-a710-88270fc89780" Name="(Default Rule) All Msi's"
HKLM\SOFTWARE\Policies\Microsoft\Windows\SrpV2\Script\7c7d3e82-167e-4ab7-a8e5-33e6bda8a768\value :
<FilePathRule Id="7c7d3e82-167e-4ab7-a8e5-33e6bda8a768" Name="(Default Rule) All Script's"
HKLM\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\SrpV2\Exe\680c8cd4-b6b0-4b7f-8db5-
ee7e28da6e08\value : <FilePathRule Id="680c8cd4-b6b0-4b7f-8db5-ee7e28da6e08" Name="(Default Rule)
All Exe's" Description="" UserOrGroupSid="S-1-1-0" Action="Allow"><Conditions><FilePathCondition
[...]

Synopsis
316
Description
Solution
N/A
Risk Factor
None
References
Exploitable with
Plugin Information:
Ports
processor_level : 6
username : SYSTEM
os : Windows_NT
processor_revision : 4f01
\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files\dotnet\;C:
\Program Files (x86)\dotnet\;C:\Program Files\Microsoft Network Monitor 3\
psmodulepath : C:\Program Files\WindowsPowerShell\Modules;C:\Windows\system32\WindowsPowerShell
\v1.0\Modules;C:\Program Files\OMS Gateway\PowerShell\;C:\Program Files\Microsoft Monitoring Agent
\Agent\PowerShell\;C:\Program Files\Microsoft Monitoring Agent\Agent\AzureAutomation\7.3.1840.0

- S-1-5-21-2016934633-2723708669-2290440068-7560

Synopsis
Description
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
317
Ports
MD5: 3688374325b992def12793500307566d
SHA-1: 4bed0823746a2a8577ab08ac8711b79770e48274

Synopsis
Description
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
Ports
Last reboot : 2024-01-05T07:16:06+05:30 (20240105071606.236433+330)

Synopsis
Description
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
Ports
RemoteSigned

Synopsis
Description
Solution
N/A
318
Risk Factor
None
Exploitable with
Plugin Information:
Ports

Synopsis
Description
attachment.
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
Ports
169.254.169.254 : 12-34-56-78-9a-bc
192.168.33.1 : 12-34-56-78-9a-bc
192.168.33.5 : 12-34-56-78-9a-bc
192.168.33.6 : 12-34-56-78-9a-bc
192.168.33.7 : 12-34-56-78-9a-bc
192.168.33.8 : 12-34-56-78-9a-bc
192.168.33.11 : 12-34-56-78-9a-bc
192.168.33.255 : ff-ff-ff-ff-ff-ff
224.0.0.22 : 01-00-5e-00-00-16
224.0.0.251 : 01-00-5e-00-00-fb
224.0.0.252 : 01-00-5e-00-00-fc

Synopsis
Description
attachment.
Solution
N/A
319
Risk Factor
None
Exploitable with
Plugin Information:
Ports
1a4aa774-9c19-4aa5-a56a-e7590013dcb3._msdcs.adl.local

Synopsis
Description
CSV attachment.
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
Ports
nbtstat_local.csv:
192.168.33.4,LKAZDC01,<00>,UNIQUE,Registered,00:0D:3A:A3:A4:F2
192.168.33.4,ADL,<00>,GROUP,Registered,00:0D:3A:A3:A4:F2
192.168.33.4,ADL,<1C>,GROUP,Registered,00:0D:3A:A3:A4:F2
192.168.33.4,LKAZDC01,<20>,UNIQUE,Registered,00:0D:3A:A3:A4:F2

Synopsis
Description
attachment.
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
320
Ports
vaadmin

Synopsis
Description
See Also
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
Ports

Synopsis
Description
See Also
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
Ports
92423 - Windows Explorer Recently Executed Programs

Synopsis
321
Description
Nessus was able to find evidence of program execution using Windows Explorer registry logs and settings.
See Also
http://www.forensicswiki.org/wiki/LastVisitedMRU
http://www.nessus.org/u?7e00b191
http://www.nessus.org/u?ac4dd3fb
http://www.nessus.org/u?c409cb41
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
Ports
a
mmc\1
mmc.exe@
MRU programs details in attached report.

Synopsis
Description
See Also
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
Ports
c:\windows\system32\fsquirt.exe.applicationcompany : Microsoft Corporation
c:\windows\system32\notepad.exe.friendlyappname : Notepad
c:\windows\system32\shell32.dll.applicationcompany : Microsoft Corporation
c:\windows\system32\explorerframe.dll.friendlyappname : ExplorerFrame
322
c:\windows\system32\notepad.exe.applicationcompany : Microsoft Corporation
c:\program files\internet explorer\iexplore.exe.friendlyappname : Internet Explorer
c:\windows\system32\explorerframe.dll.applicationcompany : Microsoft Corporation
c:\program files\internet explorer\iexplore.exe.applicationcompany : Microsoft Corporation
c:\windows\explorer.exe.friendlyappname : Windows Explorer
c:\windows\explorer.exe.applicationcompany : Microsoft Corporation
c:\windows\system32\appresolver.dll.applicationcompany : Microsoft Corporation
langid : .
c:\windows\system32\mmc.exe.friendlyappname : Microsoft Management Console
c:\windows\system32\shell32.dll.friendlyappname : Windows Shell Common Dll
c:\windows\system32\fsquirt.exe.friendlyappname : fsquirt
c:\windows\system32\appresolver.dll.friendlyappname : App Resolver
c:\windows\system32\mmc.exe.applicationcompany : Microsoft Corporation
@%systemroot%\system32\winhttp.dll,-100 : WinHTTP Web Proxy Auto-Discovery Service
@%systemroot%\system32\themeservice.dll,-8192 : Themes
@%systemroot%\system32\firewallapi.dll,-3400 : COM+ Network Access
@%systemroot%\system32\mprmsg.dll,-32011 : Remote Access IP ARP Driver
@%systemroot%\system32\windows.devices.picker.dll,-1006 : DevicePicker
@%systemroot%\system32\tabsvc.dll,-100 : Touch Keyboard and Handwriting Panel Service
@%systemroot%\system32\iasuihelper.dll,-103 : Configures and manages Network Policy Server
settings
@%systemroot%\system32\dsadmin.dll,-8887 : Manages users, computers, security groups and other
objects in Active Directory Domain Services.
Stopping or [...]

Synopsis
Description
- AppData
- Cache
- CD Burning
- Cookies
- Desktop
- Favorites
- Fonts
- History
- Local AppData
- My Music
- My Pictures
- My Video
- NetHood
- Personal
- PrintHood
- Programs
- Recent
- SendTo
- Start Menu
- Startup
- Templates
See Also
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
323
Ports
ADL.LOCAL\Thilaksha_106310a
- {7d1d3a04-debb-4115-95cf-2f29da2920da} : C:\Users\Thilaksha_106310a\Searches
- {1b3ea5dc-b587-4786-b4ef-bd1dc332aeae} : C:\Users\Thilaksha_106310a\AppData\Roaming\Microsoft
\Windows\Libraries
- {374de290-123f-4565-9164-39c4925e467b} : C:\Users\Thilaksha_106310a\Downloads
- recent : C:\Users\Thilaksha_106310a\AppData\Roaming\Microsoft\Windows\Recent
- my video : C:\Users\Thilaksha_106310a\Videos
- my music : C:\Users\Thilaksha_106310a\Music
- {56784854-c6cb-462b-8169-88e350acb882} : C:\Users\Thilaksha_106310a\Contacts
- {bfb9d5e0-c6a9-404c-b2b2-ae6db6af4968} : C:\Users\Thilaksha_106310a\Links
- {a520a1a4-1780-4ff6-bd18-167343c5af16} : C:\Users\Thilaksha_106310a\AppData\LocalLow
- sendto : C:\Users\Thilaksha_106310a\AppData\Roaming\Microsoft\Windows\SendTo
- start menu : C:\Users\Thilaksha_106310a\AppData\Roaming\Microsoft\Windows\Start Menu
- cookies : C:\Users\Thilaksha_106310a\AppData\Local\Microsoft\Windows\INetCookies
- personal : C:\Users\Thilaksha_106310a\Documents
- administrative tools : C:\Users\Thilaksha_106310a\AppData\Roaming\Microsoft\Windows\Start Menu
\Programs\Administrative Tools
- startup : C:\Users\Thilaksha_106310a\AppData\Roaming\Microsoft\Windows\Start Menu\Programs
\Startup
- nethood : C:\Users\Thilaksha_106310a\AppData\Roaming\Microsoft\Windows\Network Shortcuts
- history : C:\Users\Thilaksha_106310a\AppData\Local\Microsoft\Windows\History
- {4c5c32ff-bb9d-43b0-b5b4-2d72e54eaaa4} : C:\Users\Thilaksha_106310a\Saved Games
- {00bcfc5a-ed94-4e48-96a1-3f6217f21990} : C:\Users\Thilaksha_106310a\AppData\Local\Microsoft
\Windows\RoamingTiles
instead
- local appdata : C:\Users\Thilaksha_106310a\AppData\Local
- my pictures : C:\Users\Thilaksha_106310a\Pictures
- templates : C:\Users\Thilaksha_106310a\AppData\Roaming\Microsoft\Windows\Templates
- printhood : C:\Users\Thilaksha_106310a\AppData\Roaming\Microsoft\Windows\Printer Shortcuts
[...]

Synopsis
Description
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
Ports
C:\\Users\azadmin\Downloads\Azure ATP Sensor Setup\Azure ATP Sensor Setup.exe
C:\\Users\azadmin\Downloads\Azure ATP Sensor Setup\NPCAP\npcap-1.00-oem.exe
C:\\Users\azadmin\Downloads\Azure ATP Sensor Setup\Readme.txt
C:\\Users\azadmin\Downloads\Azure ATP Sensor Setup\SensorInstallationConfiguration.json
C:\\Users\azadmin\Downloads\Azure ATP Sensor Setup.zip
C:\\Users\azadmin\Downloads\Domain Controller Coverage - 5-18-2022.xlsx
C:\\Users\azadmin\Downloads\kanchana__ssl_vpn_client.exe
C:\\Users\azadmin\Downloads\NM34_x64.exe
C:\\Users\Damith_106321a\Downloads\desktop.ini
C:\\Users\secadmin\Downloads\desktop.ini
324
C:\\Users\secadmin\Downloads\Microsoft-Defender-for-Identity-Sizing-Tool-1.3.0.0\Microsoft-
Defender-for-Identity-Sizing-Tool-1.3.0.0\CODE_OF_CONDUCT.md
Defender-for-Identity-Sizing-Tool-1.3.0.0\LICENSE
Defender-for-Identity-Sizing-Tool-1.3.0.0\README.md
Defender-for-Identity-Sizing-Tool-1.3.0.0\SECURITY.md
C:\\Users\secadmin\Downloads\Microsoft-Defender-for-Identity-Sizing-Tool-1.3.0.0.zip
C:\\Users\secadmin\Downloads\TriSizingTool_1.3.0.0\EPPlus.dll
C:\\Users\secadmin\Downloads\TriSizingTool_1.3.0.0\EULA.docx
C:\\Users\secadmin\Downloads\TriSizingTool_1.3.0.0\Third Party Notices.txt
C:\\Users\secadmin\Downloads\TriSizingTool_1.3.0.0\TriSizingTool.exe
C:\\Users\secadmin\Downloads\TriSizingTool_1.3.0.0\TriSizingToolResults_20220426_1439.xlsx
C:\\Users\secadmin\Downloads\TriSizingTool_1.3.0.0.zip
C:\\Users\vaadmin\Downloads\desktop.ini

Synopsis
Description
executed.
See Also
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
Ports
microsoft.autogenerated.{bb044bfd-25b7-2faa-22a8-6371a93e0456}
microsoft.autogenerated.{10488565-01d2-2288-e14c-acda5a0c6302}
microsoft.windows.search_cw5n1h2txyewy!cortanaui
microsoft.windows.shell.rundialog
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\dsa.msc
microsoft.windows.remotedesktop
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\notepad.exe
{9e3995ab-1f9c-4f13-b827-48b24b6c7174}\taskbar\microsoft edge.lnk
{9e3995ab-1f9c-4f13-b827-48b24b6c7174}\taskbar\active directory users and computers.lnk
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\cmd.exe
msedge
{a77f5d77-2e2b-44c3-a6a2-aba601054a51}\system tools\command prompt.lnk
microsoft.autogenerated.{923dd477-5846-686b-a659-0fccd73851a8}
ueme_ctlsession
{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\administrative tools\event viewer.lnk
microsoft.windows.shellexperiencehost_cw5n1h2txyewy!app
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\logoff.exe
{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\accessories\remote desktop connection.lnk
325
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\servermanager.exe

Synopsis
Description
See Also
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
Ports


File version : 10.0.20348.2110

Synopsis
Description
See Also
326
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
Ports
Path : C:\Windows\Microsoft.NET\Framework\v4.0.30319\system.web.dll
Version : 4.8.4682.0
.NET Version : 4.8

Synopsis
Description
port 139 or 445.
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
Ports

SMBv2

Synopsis
Description
Windows host.
Solution
policies.
Risk Factor
None
References
327
Exploitable with
Plugin Information:
Ports
Network Adapter Driver Description : Mellanox ConnectX-5 Virtual Adapter
104667 - Microsoft ASP .NET Core for Windows

Synopsis
ASP .NET Core runtime packages are installed on the remote Windows host.
Description
ASP .NET Core runtime, web application server side components, are installed on the remote Windows host.
See Also
https://github.com/aspnet/AspNetCore
Solution
N/A
Risk Factor
None
References
Exploitable with
Plugin Information:
Ports
Nessus detected 4 installs of ASP .NET Core Windows:

Version : 3.1.20

Version : 5.0.11

Version : 3.1.20

Version : 5.0.11
104668 - Microsoft .NET Core for Windows

Synopsis
.NET Core runtime is installed on the remote Windows host.
Description
.NET Core, a managed software framework, is installed on the remote Windows host.
See Also
Solution
328
N/A
Risk Factor
None
References
Exploitable with
Plugin Information:
Ports
Nessus detected 2 installs of .NET Core Windows:

Version : 3.1.20.30521

Version : 5.0.11.30523
Synopsis
Description
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
Ports

2.0.2 Windows 2008
2.1 Windows 7
3.0 Windows 8
3.0.2 Windows 8.1
3.1.1 Windows 10
3.1 Windows 10

Synopsis
Description
329
intermittently.
Solution
N/A
Risk Factor
None
References
Exploitable with
Plugin Information:
Ports
User: 'adl\vaadmin'
Port: 445
Proto: SMB
Method: password

Synopsis
Description
See Also
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
330
Ports

Version : 1.35

Synopsis
Description
Solution
N/A
Risk Factor
None
References
Exploitable with
Plugin Information:
Ports
Protocol : SMB
121509 - DHCP Server Detection (Windows)

Synopsis
A DHCP server is installed on the remote Windows host.
Description
A DHCP server is installed on the remote Windows host.
See Also
http://www.nessus.org/u?5a5ed447
Solution
N/A
Risk Factor
None
References
Exploitable with
Plugin Information:
331
Ports
Path : C:\Windows\System32\
Version : 10.0.20348.2110
File Version : Windows DHCP Server (10.0.20348.2110)

Synopsis
Description
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
Ports
- Aadhil_105729 (id S-1-5-21-2016934633-2723708669-2783, Aadhil Imam)
- Aaditya_117927 (id S-1-5-21-2016934633-2723708669-1942, Aaditya Atmaram)
- Aamir_105935 (id S-1-5-21-2016934633-2723708669-5610, Aamir Jawfer)
- aayushi_118161 (id S-1-5-21-2016934633-2723708669-2911, Aayushi )
- Aazif_105922 (id S-1-5-21-2016934633-2723708669-4881, Aazif Packeer)
- abansit (id S-1-5-21-2016934633-2723708669-5846, This is used by abans team to access wifi)
- Abdillah_118176 (id S-1-5-21-2016934633-2723708669-2253, Abdillah Faisal)
- Abdul Haliim_118016 (id S-1-5-21-2016934633-2723708669-2011, Abdul Haliim bin Khamaruzaman)
- Abdul_106325 (id S-1-5-21-2016934633-2723708669-8234, Abdul Hakam)
- Abdul_117932 (id S-1-5-21-2016934633-2723708669-1947, Abdul Aziz)
- Abdul_118297 (id S-1-5-21-2016934633-2723708669-5655, Tengku Abdul Fattah bin Tengku Mohd
Yusoff)
- Abdullah_117850 (id S-1-5-21-2016934633-2723708669-1881, Abdullah Umar Babsel)
- Abhilasha_107386 (id S-1-5-21-2016934633-2723708669-2889, Abhilasha Gamage)
- Abhimanyu_117786 (id S-1-5-21-2016934633-2723708669-1834, Abhimanyu Kumar)
- Abi_118479 (id S-1-5-21-2016934633-2723708669-7298, Abi Faisal Milzam)
- Abigail_118438 (id S-1-5-21-2016934633-2723708669-6751, Abigail Tesalonika)
- Abraham_117970 (id S-1-5-21-2016934633-2723708669-1974, Abraham Gopilli)
- Abrar_118515 (id S-1-5-21-2016934633-2723708669-7509, Abrar Manzoor)
- Abyan_117868 (id S-1-5-21-2016934633-2723708669-1895, Abyan Arief)
- Achintha_121258 (id S-1-5-21-2016934633-2723708669-7242, Achintha Rathnayake)
- adam_118338 (id S-1-5-21-2016934633-2723708669-4810, adam syahputta)
- Ade_118362 (id S-1-5-21-2016934633-2723708669-5932, Ade Kurnia Alam)
- Adheesha_105648 (id S-1-5-21-2016934633-2723708669-1569, Adheesha Wickramasinghe)
- Adheesha_106025 (id S-1-5-21-2016934633-2723708669-5834, Adheesha Gamage)
- Adhip_119038 (id S-1-5-21-2016934633-2723708669-2061, Adhip Kumar)
- Adhitya_118409 (id S-1-5-21-2016934633-2723708669-6455, Adhitya Dharmawan Santosa)
[...]

Synopsis
Description
See Also
Solution
332
N/A
Risk Factor
None
Exploitable with
Plugin Information:
Ports

Version : 4.18.23110.3

Synopsis
Description
See Also
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
Ports


136969 - Microsoft Edge Chromium Installed

Synopsis
Microsoft Edge (Chromium-based) is installed on the remote host.
Description
Microsoft Edge (Chromium-based), a Chromium-based web browser, is installed on the remote host.
See Also
https://www.microsoft.com/en-us/edge
Solution
N/A
Risk Factor
333
None
Exploitable with
Plugin Information:
Ports

Version : 120.0.2210.133

Synopsis
Description
See Also
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
Ports


Synopsis
Description
See Also
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
Ports
334
State : Installed
Package~31bf3856ad364e35~wow64~~10.0.20348.1
State : Installed
Package : Microsoft-OneCore-DirectX-Database-FOD-Package~31bf3856ad364e35~amd64~~10.0.20348.1
State : Installed
Package : Microsoft-OneCore-RasSstp-Api-Package~31bf3856ad364e35~amd64~~10.0.20348.1
State : Staged
Install Time :
State : Installed
State : Installed
State : Installed
Install Time : 12/14/2021 6:39 AM
State : Installed
State : Installed
State : Installed
Package : [...]

Synopsis
Description
335
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
Ports
User: 'adl\vaadmin'
Port: 445
Proto: SMB
Method: password

Synopsis
Description
host.
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
Ports
150483 - AD Starter Scan - Non-Expiring Account Password

Synopsis
Accounts with never expiring passwords
Description
Active Directory accounts can be configured to escape global password renewal policies. Accounts set up like this can
be used indefinitely without ever changing their password. User and administrator accounts should never have this
attribute set.
336
By default, this check skips disabled accounts. To also check disabled accounts, please enable thorough tests.
Note: This plugin is part of the Active Directory Starter Scan Template and is meant to be used for preliminary
analysis of AD hosts. For more information on the issues discovered by the Active Directory Starter Scan plugins,
please refer to this blog post - https://www.tenable.com/blog/new-in-nessus-find-and-fix-these-10-active-directory-
misconfigurations
See Also
http://www.nessus.org/u?3acc23a3
http://www.nessus.org/u?f721fda2
http://www.nessus.org/u?d5c4c81f
Solution
A password expiration policy limits the risk of an attacker guessing or cracking a password before it is changed. All the
user accounts and administrator accounts must follow this policy without exception.
Service accounts can be more difficult to deal with: if a password expires and it has not been taken into account by
the application developer, the service might stop functioning. A special procedure must then be written to allow for a
manual password change on a regular basis.
Note: The AD Starter Scan and associated plugins are intended to be used with smaller AD deployments for purposes
of preliminary analysis. Accurate preliminary analysis can be expected for AD deployments with up to 5000 users,
groups or machines and incomplete results will be returned for larger AD deployments with Nessus, Security Center
and Vulnerability Management. For more information on the issues discovered by the Active Directory Starter Scan
plugins, please refer to this blog post - https://www.tenable.com/blog/new-in-nessus-find-and-fix-these-10-active-
directory-misconfigurations
Risk Factor
Medium
4.5 (AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L)
CVSS Base Score
4.1 (AV:L/AC:M/Au:S/C:P/I:P/A:P)
Exploitable with
Plugin Information:
Ports
14 user account(s) may never renew their password.
User : CN=azadmin,CN=Users,DC=adl,DC=local
userAccountControl : 66048 = (NORMAL_ACCOUNT|DONT_EXPIRE_PASSWD)
User : CN=secadmin,CN=Users,DC=adl,DC=local
User : CN=MSOL_03ffe2f18357,CN=Users,DC=adl,DC=local
User : CN=MiHCM,CN=Users,DC=adl,DC=local
User : CN=MIHCM_Sync,CN=Users,DC=adl,DC=local
User : CN=MiHCM ADMIN,CN=Users,DC=adl,DC=local

User : CN=ADL Firewall,CN=Users,DC=adl,DC=local

User : CN=VA Admin,CN=Users,DC=adl,DC=local

337
User : CN=Domain Add MY,OU=No-Sync,DC=adl,DC=local
User : CN=Domain ADD Indoonesia,OU=No-Sync,DC=adl,DC=local

User : CN=Fim Service,CN=Managed Service Accounts,DC=adl,DC=local

userAccountControl : 590336 = (NORMAL_ACCOUNT|DONT_EXPIRE_PASSWD|TRUSTED_FOR_DELEGATION)
User : CN=Fim Sync,CN=Managed Service Accounts,DC=adl,DC=local

userAccountControl : 590336 = (NORMAL_ACCOUNT|DONT_EXPIRE_PASSWD|TRUSTED_FOR_DELEGATION)
User : CN=Supun Manamperi,OU=Users,OU=Sri Lanka,DC=adl,DC=local

User : CN=domainadd001,OU=No-Sync,DC=adl,DC=local
userAccountControl : 66048 = [...]
150484 - AD Starter Scan - Kerberos Krbtgt

Synopsis
KDC last password change is too old.
Description
Every Active Directory domain includes a special account called KRBTGT. This account holds the Kerberos master
key, protecting all other secrets in the domain. Hence, it must be protected at all costs and renewed regularly. This
plugin checks if the master key is set to be renewed at least once every two years.
Note: The AD Starter Scan and associated plugins are intended to be used with smaller AD deployments for purposes
of preliminary analysis. Accurate preliminary analysis can be expected for AD deployments with up to 5000 users,
groups or machines and incomplete results will be returned for larger AD deployments with Nessus, Security Center
and Vulnerability Management. For more information on the issues discovered by the Active Directory Starter Scan
plugins, please refer to this blog post - https://www.tenable.com/blog/new-in-nessus-find-and-fix-these-10-active-
directory-misconfigurations
See Also
http://www.nessus.org/u?79a46bf7
https://github.com/microsoft/New-KrbtgtKeys.ps1
http://www.nessus.org/u?d5c4c81f
Solution
The KRBTGT password must be changed by following a precise sequence of operations. If it is not done properly,
some domain controllers may lose the ability to authenticate against other domain controllers. Microsoft provides an
official procedure and helper script.
Risk Factor
Medium
CVSS Base Score
Exploitable with
Plugin Information:
Ports
The Kerberos master key is too old and could be used as a backdoor.
User : CN=krbtgt,CN=Users,DC=adl,DC=local
pwdLastSet : 2021/12/10 05:20:38 UTC
338
155470 - Oracle Cloud Infrastructure Instance Metadata Enumeration (Windows)
Synopsis
Description
See Also
https://www.oracle.com/ie/cloud/compute/
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
Ports
It was possible to retrieve the following API items:
RestMethod], WebExc
RestMethod], WebExc
RestMethod], WebExc

Synopsis
Description
The Microsoft ASP.NET Core installations on the remote host are missing a security update. It is, therefore, affected
by an elevation of privilege vulnerability. An attacker can exploit this to gain elevated privileges.
number.
See Also
https://github.com/dotnet/aspnetcore/issues/39028
Solution
Update ASP.NET Core, remove vulnerable packages and refer to vendor advisory.
Risk Factor
Medium
7.3
339
8.8 (AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H)
7.7 (E:U/RL:O/RC:C)
CVSS Base Score
4.6 (AV:L/AC:L/Au:N/C:P/I:P/A:P)
CVSS Temporal Score
STIG Severity
I
References
CVE CVE-2021-43877
Exploitable with
Plugin Information:
Ports





Synopsis
Description
TLSv1.3:
- 0x13,0x01 TLS13_AES_128_GCM_SHA256
- 0x13,0x02 TLS13_AES_256_GCM_SHA384
TLSv1.2:
340
See Also
Solution
Risk Factor
None
Exploitable with
Plugin Information:
Ports
below:

MAC
---------------------- ---------- --- ---- ---------------------
---
SHA256
SHA384
{Cipher ID code}
Kex={key exchange}
{export flag}

below:

MAC
---------------------- ---------- --- ---- ---------------------
---
SHA256
SHA384
{Cipher ID code}
Kex={key exchange}
341
{export flag}

below:

MAC
---------------------- ---------- --- ---- ---------------------
---
SHA256
SHA384
{Cipher ID code}
Kex={key exchange}
{export flag}
157879 - Security Update for .NET Core (February 2022)

Synopsis
The Microsoft .NET core installations on the remote host are missing a security update.
Description
The Microsoft .NET core installation on the remote host is version 5.0 prior to 5.0.14 or version 6.0 prior to 6.0.2.
It is, therefore, affected by a denial of service (DoS) vulnerability. An attacker can exploit this issue to cause the
affected component to deny system or application services.
number.
See Also
http://www.nessus.org/u?65bd7b62
Solution
Update to .NET Core Runtime to version 5.0.14 or 6.0.2
Risk Factor
Medium
4.4
6.5 (E:U/RL:O/RC:C)
CVSS Base Score
4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P)
CVSS Temporal Score
342
STIG Severity
I
References
CVE CVE-2022-21986
Exploitable with
Plugin Information:
Ports

158744 - Security Updates for Microsoft .NET core (March 2022)

Synopsis
Description
multiple vulnerabilities:
- A denial of service (DoS) vulnerability. An attacker can exploit this issue to cause the affected component to deny
system or application services. (CVE-2022-24464)
- A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute
unauthorized arbitrary commands. (CVE-2020-8927, CVE-2022-24512)
number.
See Also
http://www.nessus.org/u?56caba70
http://www.nessus.org/u?95177a8e
http://www.nessus.org/u?96c2a71d
Solution
Risk Factor
Medium
4.4
6.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L)
343
5.7 (E:U/RL:O/RC:C)
CVSS Base Score
6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)
CVSS Temporal Score
STIG Severity
I
References
CVE CVE-2022-24512
CVE CVE-2022-24464
CVE CVE-2020-8927
Exploitable with
Plugin Information:
Ports


159544 - SSL Certificate with no Common Name

Synopsis
Checks for an SSL certificate with no Common Name
Description
The remote system is providing an SSL/TLS certificate without a subject common name field. While this is not
required in all cases, it is recommended to ensure broad compatibility.
See Also
https://datatracker.ietf.org/doc/html/rfc5280#section-4.1.2.6
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
Ports
Subject Name:
344
Issuer Name:
Domain Component: local

Domain Component: adl
Common Name: LKAZSUBCA-CA
Serial Number: 11 00 00 00 21 F8 B3 DA BC 92 1F C6 44 00 01 00 00 00 21
Version: 3

Not Valid After: Jan 04 11:24:49 2025 GMT
Public Key Info:

Public Key: 00 D4 38 09 59 45 02 8C 1E 72 12 FC 27 C5 64 27 87 39 E3 68
BC FE FD A4 FD 8E FC E9 AE F2 2A 4C 71 F7 7C 23 FF CB 6A 41
4F 76 F8 C5 74 48 E7 6A 54 05 AD A2 6A 5B 32 9B 47 3B A3 96
CC A0 2A 17 3A 23 EC 5F 90 88 69 8F 2B D6 17 F3 CF 87 AA B0
33 18 87 62 CC 9E 26 CC B5 0F 25 16 EF C1 F8 B7 B9 63 03 03
20 4F F2 14 14 B0 28 C3 97 30 62 9C 70 B2 14 9E EF AC CE EF
E5 FA ED B7 B5 5E CB F4 56 68 5A 85 49 C9 91 B7 22 95 7D 3F
45 ED 55 0F 4A FA FF A9 87 B9 B8 24 79 9F 91 24 4C 7F 89 C2
D8 83 AC 26 7F 2A 38 9C AD FA DB 1E 05 EB DF 26 99 D6 C3 AE
B5 4A 60 FA ED 5D FD A4 21 BC 0A E0 B6 ED D8 63 CD A2 C9 4B
30 70 DE 78 B9 D1 2F 91 95 58 15 87 A1 BB E2 2E 25 05 AB 18
2D 44 FD 0D C3 5A 60 D3 F0 F4 1B 23 3B 44 A0 64 D9 E0 73 FD
FA 15 67 3B 7B 68 5F 01 2A AF 70 3C 92 AC 63 BA 35 A4 F8 6E
9E 88 CC 3E 82 0E F6 D8 A7 29 90 4C 96 CD 65 F7 0C C7 CA DD
EB 9F 81 32 01 41 F0 25 1F 0D 78 58 79 50 6D 8D B7 84 57 14
9B 13 FF 3C 59 88 2E 2D 59 81 AC 11 87 6E B4 D9 8C 33 53 5D
32 FF D0 00 C9 67 CE 33 66 B2 67 FF F6 6A 7D FC FE 07 71 56
13 9C 6D A0 8A 15 05 B9 86 72 90 BD 13 1A FE 8D 7B C9 A0 18
8A B4 43 96 54 60 83 73 5B 13 D7 94 9D 25 93 D2 A6 87 B9 B4
2C B1 2A 80 7E 01 BD FC FF 42 00 F7 0C 7D 03 C3 2E A5 F0 00
9F A1 A2 7A B2 4B F1 E8 47 1D 05 BD 0D 83 DC DC B3 B9 73 64
6E 3C 08 4A AC E0 68 8E F0 B3 73 8C A0 76 C5 DA F1 2D 6D D0
E6 11 CA 7D 86 F7 F1 65 44 BE EC [...]

Subject Name:
Issuer Name:

Version: 3

Public Key Info:

4F 76 F8 C5 74 48 E7 6A 54 05 AD A2 6A 5B 32 9B 47 3B A3 96
33 18 87 62 CC 9E 26 CC B5 0F 25 16 EF C1 F8 B7 B9 63 03 03
345
30 70 DE 78 B9 D1 2F 91 95 58 15 87 A1 BB E2 2E 25 05 AB 18
EB 9F 81 32 01 41 F0 25 1F 0D 78 58 79 50 6D 8D B7 84 57 14
9B 13 FF 3C 59 88 2E 2D 59 81 AC 11 87 6E B4 D9 8C 33 53 5D
13 9C 6D A0 8A 15 05 B9 86 72 90 BD 13 1A FE 8D 7B C9 A0 18
8A B4 43 96 54 60 83 73 5B 13 D7 94 9D 25 93 D2 A6 87 B9 B4
E6 11 CA 7D 86 F7 F1 65 44 BE EC [...]
159545 - SSL Certificate with no Subject

Synopsis
Checks for an SSL certificate with no Subject
Description
The remote system is providing an SSL/TLS certificate without a subject field. While this is not required in all cases, it
is recommended to ensure broad compatibility.
See Also
https://datatracker.ietf.org/doc/html/rfc5280#section-4.1.2.6
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
Ports
Subject Name:
Issuer Name:

Version: 3

Public Key Info:

4F 76 F8 C5 74 48 E7 6A 54 05 AD A2 6A 5B 32 9B 47 3B A3 96
33 18 87 62 CC 9E 26 CC B5 0F 25 16 EF C1 F8 B7 B9 63 03 03
346
30 70 DE 78 B9 D1 2F 91 95 58 15 87 A1 BB E2 2E 25 05 AB 18
EB 9F 81 32 01 41 F0 25 1F 0D 78 58 79 50 6D 8D B7 84 57 14
9B 13 FF 3C 59 88 2E 2D 59 81 AC 11 87 6E B4 D9 8C 33 53 5D
13 9C 6D A0 8A 15 05 B9 86 72 90 BD 13 1A FE 8D 7B C9 A0 18
8A B4 43 96 54 60 83 73 5B 13 D7 94 9D 25 93 D2 A6 87 B9 B4
E6 11 CA 7D 86 F7 F1 65 44 BE EC [...]

Subject Name:
Issuer Name:

Version: 3

Public Key Info:

4F 76 F8 C5 74 48 E7 6A 54 05 AD A2 6A 5B 32 9B 47 3B A3 96
33 18 87 62 CC 9E 26 CC B5 0F 25 16 EF C1 F8 B7 B9 63 03 03
30 70 DE 78 B9 D1 2F 91 95 58 15 87 A1 BB E2 2E 25 05 AB 18
EB 9F 81 32 01 41 F0 25 1F 0D 78 58 79 50 6D 8D B7 84 57 14
9B 13 FF 3C 59 88 2E 2D 59 81 AC 11 87 6E B4 D9 8C 33 53 5D
13 9C 6D A0 8A 15 05 B9 86 72 90 BD 13 1A FE 8D 7B C9 A0 18
8A B4 43 96 54 60 83 73 5B 13 D7 94 9D 25 93 D2 A6 87 B9 B4
E6 11 CA 7D 86 F7 F1 65 44 BE EC [...]

Synopsis
Description
See Also
347
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
Ports

found.

Synopsis
Description
See Also
Solution
Risk Factor
None
Exploitable with
Plugin Information:
Ports

Synopsis
Description
See Also
Solution
348
Risk Factor
None
Exploitable with
Plugin Information:
Ports

Synopsis
Description
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
Ports
output.
(CVE-2022-30190)
Synopsis
Description
CVE-2022-30190.
See Also
Solution
Risk Factor
None
Exploitable with
349
Plugin Information:
Ports

Synopsis
Description
Solution
Risk Factor
None
Exploitable with
Plugin Information:
Ports
user:S-1-5-21-2016934633-2723708669-2290440068-7560
162314 - Security Updates for Microsoft .NET core (June 2022)

Synopsis
The Microsoft .NET core installations on the remote host are affected by an information disclosure vulnerability.
Description
An information disclosure vulnerability exists in .NET core 6.0 < 6.0.6 and .NET Core 3.1 < 3.1.26. An
unauthenticated, local attacker can exploit this, to disclose potentially sensitive information.
number.
See Also
http://www.nessus.org/u?bfb8ea98
Solution
Risk Factor
Medium
4.4
350
5.5 (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N)
5.1 (E:F/RL:O/RC:C)
CVSS Base Score
4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N)
CVSS Temporal Score
STIG Severity
I
References
CVE CVE-2022-30184
XREF MSKB-5015429
XREF MSKB-5015424
Exploitable with
Plugin Information:
Ports


Synopsis
Description
See Also
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
Ports
351
Version : 11.0.20348.2110
163974 - Security Updates for Microsoft .NET Core (August 2022)

Synopsis
The Microsoft .NET core installations on the remote host are affected by a spoofing vulnerability.
Description
A spoofing vulnerability exists in .NET core 6.0 < 6.0.8 and .NET Core 3.1 < 3.1.28. An unauthenticated, remote
attacker can exploit this, to perform actions with the privileges of another user.
number.
See Also
http://www.nessus.org/u?327bb1fb
http://www.nessus.org/u?7ce182ee
Solution
Risk Factor
Medium
4.4
5.9 (AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)
5.3 (E:P/RL:O/RC:C)
CVSS Base Score
5.4 (AV:N/AC:H/Au:N/C:C/I:N/A:N)
CVSS Temporal Score
STIG Severity
I
References
CVE CVE-2022-34716
XREF MSKB-5016990
XREF MSKB-5016987
Exploitable with
352
Plugin Information:
Ports

165076 - Security Updates for Microsoft ASP.NET Core (September 2022)

Synopsis
Description
A denial of service vulnerability exists in ASP.NET core 6.0 < 6.0.9 and ASP.NET Core 3.1 < 3.1.29. An
unauthenticated, remote attacker can exploit this, by sending a customized payload that is parsed during model
binding, to cause a stack overflow, which may cause the application to stop responding.
number.
See Also
http://www.nessus.org/u?c76821a3
Solution
Update ASP.NET Core Runtime to version 3.1.29 or 6.0.9.
Risk Factor
High
4.4
7.0 (E:F/RL:O/RC:C)
CVSS Base Score
CVSS Temporal Score
STIG Severity
I
References
CVE CVE-2022-38013
XREF MSKB-5017915
XREF MSKB-5017903
Exploitable with
353
Plugin Information:
Ports


165077 - Security Updates for Microsoft .NET Core (September 2022)

Synopsis
The Microsoft .NET core installations on the remote host are affected by a denial of service vulnerability.
Description
A denial of service vulnerability exists in .NET core 6.0 < 6.0.9 and .NET Core 3.1 < 3.1.29. An unauthenticated,
remote attacker can exploit this, by sending a customized payload that is parsed during model binding, to cause a
stack overflow, which may cause the application to stop responding.
number.
See Also
http://www.nessus.org/u?cf2fdae6
http://www.nessus.org/u?775af4a9
Solution
Risk Factor
High
4.4
7.0 (E:F/RL:O/RC:C)
CVSS Base Score
CVSS Temporal Score
STIG Severity
354
I
References
CVE CVE-2022-38013
XREF MSKB-5017915
XREF MSKB-5017903
Exploitable with
Plugin Information:
Ports


Synopsis
Description
See Also
Solution
Risk Factor
High
8.9
7.5 (E:H/RL:O/RC:C)
CVSS Base Score
355
CVSS Temporal Score
STIG Severity
II
References
CVE CVE-2013-3900
Exploitable with
Plugin Information:
Ports

registry.
167250 - LDAP Active Directory - Person Enumeration

Synopsis
Nessus was able to gain identity information from the remote LDAP server.
Description
By using the search base gathered by plugin ID 25701 and the supplied credentials, Nessus was able to enumerate
person identity data from Active Directory.
Note: The Active Directory Identity scan template and associated plugins are intended to be used with smaller AD
deployments for purposes of preliminary analysis. Accurate preliminary analysis can be expected for AD deployments
with up to 5000 users, groups or machines and incomplete results will be returned for larger AD deployments with
Nessus, Security Center and Vulnerability Management.
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
Ports
[["objectClass",["top","person","organizationalPerson","user"]],["cn",["azadmin"]],
["description",["Built-in account for administering the computer/domain"]],["postalCode",
["azadmin"]],["distinguishedName",["CN=azadmin,CN=Users,DC=adl,DC=local"]],["instanceType",
["4"]],["whenCreated",["20211210051856.0Z"]],["whenChanged",["20230920005552.0Z"]],
["uSNCreated",["8196"]],["memberOf",["CN=Organization Management,OU=Microsoft Exchange
Security Groups,DC=adl,DC=local","CN=Netmon Users,CN=Users,DC=adl,DC=local","CN=MIHCM_All
Users,OU=Groups,DC=adl,DC=local","CN=MiHCM_Users,OU=Groups,DC=adl,DC=local","CN=Group
Policy Creator Owners,CN=Users,DC=adl,DC=local","CN=Domain
Admins,CN=Users,DC=adl,DC=local","CN=Enterprise Admins,CN=Users,DC=adl,DC=local","CN=Schema
Admins,CN=Users,DC=adl,DC=local","CN=Administrators,CN=Builtin,DC=adl,DC=local"]],["uSNChanged",
["4889809"]],["name",["azadmin"]],["objectGUID",["16985073c702914eb1d58cd7d02ce43f"]],
["userAccountControl",["66048"]],["badPwdCount",["0"]],["codePage",["0"]],
356
["countryCode",["0"]],["badPasswordTime",["133384468715982098"]],["lastLogoff",
["0"]],["lastLogon",["133384468778009953"]],["logonHours",["ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ"]],
["pwdLastSet",["132869748730484448"]],["primaryGroupID",["513"]],["objectSid",
["S-1-5-21-2016934633-2723708669-2290440068-500"]],["adminCount",["1"]],["accountExpires",
["0"]],["logonCount",["1212"]],["sAMAccountName",["azadmin"]],["sAMAccountType",["805306368"]],
["lockoutTime",["0"]],["objectCategory",["CN=Person,CN=Schema,CN=Configuration,DC=adl,DC=local"]],
["isCriticalSystemObject",["TRUE"]],["dSCorePropagationData",
["20230202102819.0Z","20221129062758.0Z","20221129054324.0Z","20221026042747.0Z","16010101000001.0Z"]],
["lastLogonTimestamp",["133396447408357706"]],["msDS-SupportedEncryptionTypes",["0"]]]
[["objectClass",["top","person","organizationalPerson","user"]],["cn",["lobby"]],["description",
["Built-in account for guest access to the [...]
167251 - LDAP Active Directory - Group Enumeration

Synopsis
Description
group identity data from Active Directory.
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
Ports
[["objectClass",["top","group"]],["cn",["Administrators"]],["description",["Administrators
have complete and unrestricted access to the computer/domain"]],["member",
["CN=MiHCM,CN=Users,DC=adl,DC=local","CN=Domain Admins,CN=Users,DC=adl,DC=local","CN=Enterprise
Admins,CN=Users,DC=adl,DC=local","CN=azadmin,CN=Users,DC=adl,DC=local"]],
["distinguishedName",["CN=Administrators,CN=Builtin,DC=adl,DC=local"]],["instanceType",
["uSNCreated",["8199"]],["uSNChanged",["2059432"]],["name",["Administrators"]],
["objectGUID",["41b8747e7cc8b648a3956925e6830a3c"]],["objectSid",["S-1-5-32-544"]],
["adminCount",["1"]],["sAMAccountName",["Administrators"]],["sAMAccountType",
["536870912"]],["systemFlags",["-1946157056"]],["groupType",["-2147483643"]],
["objectCategory",["CN=Group,CN=Schema,CN=Configuration,DC=adl,DC=local"]],
["isCriticalSystemObject",["TRUE"]],["dSCorePropagationData",
["20230202102816.0Z","20221129062758.0Z","20221129054323.0Z","20221026042747.0Z","16010101000001.0Z"]]]
[["objectClass",["top","group"]],["cn",["Users"]],["description",["Users are prevented from
making accidental or intentional system-wide changes and can run most applications"]],["member",
["CN=Domain [...]
167252 - LDAP Active Directory - Computer Enumeration

Synopsis
Description
computer identity data from Active Directory.
Solution
N/A
357
Risk Factor
None
Exploitable with
Plugin Information:
Ports
[["objectClass",["top","person","organizationalPerson","user","computer"]],["cn",["LKAZDC01"]],
["distinguishedName",["CN=LKAZDC01,OU=Domain Controllers,DC=adl,DC=local"]],["instanceType",
["4"]],["whenCreated",["20211210052038.0Z"]],["whenChanged",["20240115183137.0Z"]],["uSNCreated",
["12293"]],["memberOf",["CN=MDI-GMSA_Group,OU=Groups,DC=adl,DC=local"]],["uSNChanged",
["5866472"]],["name",["LKAZDC01"]],["objectGUID",["ed7daeeb8a667c4c8d6ccd7def755995"]],
["userAccountControl",["532480"]],["badPwdCount",["0"]],["codePage",["0"]],
["countryCode",["0"]],["badPasswordTime",["0"]],["lastLogoff",["0"]],["lastLogon",
["133499583902368134"]],["localPolicyFlags",["0"]],["pwdLastSet",["133498164002339304"]],
["primaryGroupID",["516"]],["objectSid",["S-1-5-21-2016934633-2723708669-2290440068-1000"]],
["accountExpires",["9223372036854775807"]],["logonCount",["11483"]],["sAMAccountName",
["LKAZDC01$"]],["sAMAccountType",["805306369"]],["operatingSystem",["Windows Server
2022 Datacenter"]],["operatingSystemVersion",["10.0 (20348)"]],["serverReferenceBL",
["CN=LKAZDC01,CN=Servers,CN=DRSite,CN=Sites,CN=Configuration,DC=adl,DC=local"]],["dNSHostName",
["LKAZDC01.adl.local"]],["rIDSetReferences",["CN=RID Set,CN=LKAZDC01,OU=Domain [...]
168747 - Security Updates for Microsoft .NET Core (December 2022)

Synopsis
The Microsoft .NET core installations on the remote host are affected by remote code execution vulnerability.
Description
A remote code execution vulnerability exists in .NET Core 3.1, .NET 6.0, and .NET 7.0, where a malicious actor could
cause a user to run arbitrary code as a result of parsing maliciously crafted xps files.
number.
See Also
Solution
Update .NET Core Runtime to version 3.1.32 or 6.0.12 or 7.0.1.
Risk Factor
High
6.7
6.8 (E:U/RL:O/RC:C)
CVSS Base Score
CVSS Temporal Score
STIG Severity
I
358
References
CVE CVE-2022-41089
XREF MSKB-5021955
XREF MSKB-5021954
XREF MSKB-5021953
Exploitable with
Plugin Information:
Ports


Synopsis
The Microsoft ASP.NET core installations on the remote host are affected by remote code execution vulnerability.
Description
A remote code execution vulnerability exists in ASP.NET core 3.1, ASP.NET 6.0, and ASP.NET 7.0, where a
malicious actor could cause a user to run arbitrary code as a result of parsing maliciously crafted xps files.
number.
See Also
Solution
Update ASP.NET Core Runtime to version 3.1.32 or 6.0.12 or 7.0.1.
Risk Factor
High
6.7
6.8 (E:U/RL:O/RC:C)
CVSS Base Score
359
CVSS Temporal Score
STIG Severity
I
References
CVE CVE-2022-41089
XREF MSKB-5021955
XREF MSKB-5021954
XREF MSKB-5021953
Exploitable with
Plugin Information:
Ports



Synopsis
Description
Solution
Risk Factor
None
Exploitable with
Plugin Information:
Ports
C:\Windows\system32
360
C:\Windows
C:\Program Files\dotnet\
C:\Program Files (x86)\dotnet\
C:\Program Files\Microsoft Network Monitor 3\
C:\Users\vaadmin\AppData\Local\Microsoft\WindowsApps
169783 - Security Updates for Windows Malicious Software Removal Tool (January 2023)
Synopsis
The remote Windows host has an antimalware application that is affected by a privilege escalation vulnerability.
Description
The Windows Malicious Software Removal Tool installation on the remote host is missing a security update. It is,
therefore, affected by the following vulnerability:
- An elevation of privilege vulnerability. An attacker can exploit this to gain elevated privileges.
(CVE-2023-21725)
See Also
http://www.nessus.org/u?867b0b4e
Solution
Microsoft has released version 5.109 to address this issue.
Risk Factor
Medium
6.0
6.3 (AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H)
5.9 (E:F/RL:O/RC:C)
CVSS Base Score
5.5 (AV:L/AC:H/Au:S/C:N/I:C/A:C)
CVSS Temporal Score
References
CVE CVE-2023-21725
Exploitable with
Plugin Information:
Ports
Product : Microsoft Malicious Software Removal Tool


Synopsis
Description
361
- Domain Name
- Common Name
- samAccountName
- Domain Role
- DNS Name
- Record Name
See Also
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
Ports
Common Name : CN=LKAZDC01

SamAccountName : LKAZDC01$
Domain Role : BackupDomainController
Domain : adl.local
DNS Name : LKAZDC01
Distinguished Name : CN=LKAZDC01,OU=Domain Controllers,DC=adl,DC=local
Record Name : LKAZDC01

Synopsis
Description
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
Ports
+ IPv4
- Address : 127.0.0.1
+ IPv6
- Address : ::1
+ Ethernet
+ IPv4
- Address : 192.168.33.4
362
Synopsis
Description
See Also
https://curl.se/
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
Ports
Version : 8.4.0.0
Version : 8.4.0.0

Synopsis
Description
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
Ports
172178 - ASP.NET Core SEoL

Synopsis
An unsupported version of ASP.NET Core is installed on the remote host.
Description
363
According to its version, the ASP.NET Core installed on the remote host is no longer maintained by its vendor or
provider.
See Also
Solution
Upgrade to a version of ASP.NET Core that is currently supported.
Risk Factor
Critical
CVSS Base Score
Exploitable with
Plugin Information:
Ports

\5.0.11

\3.1.20


172179 - Microsoft .NET Core SEoL

Synopsis
An unsupported version of Microsoft .NET Core is installed on the remote host.
Description
According to its version, the Microsoft .NET Core installed on the remote host is no longer maintained by its vendor or
provider.
See Also
364
Solution
Upgrade to a version of Microsoft .NET Core that is currently supported.
Risk Factor
Critical
CVSS Base Score
Exploitable with
Plugin Information:
Ports

\5.0.11\

\3.1.20\
174736 - Netstat Ingress Connections

Synopsis
External connections are enumerated via the 'netstat' command.
Description
This plugin runs 'netstat' to enumerate any non-private connections to the scan target.
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
Ports
Netstat output indicated the following connections from non-private IP addresses:
20.198.162.76 connected to port 55890 on the scan target.
NOTE: This list may be truncated depending on the scan verbosity settings.
176212 - Microsoft Edge Add-on Enumeration (Windows)

Synopsis
One or more Microsoft Egde browser extensions are installed on the remote host.
365
Description
Nessus was able to enumerate Microsoft Edge browser extensions installed on the remote host.
See Also
https://microsoftedge.microsoft.com/addons
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
Ports
User : Thilaksha_106310a
Name : unknown
Version : 1.69.5
Path : C:\Users\Thilaksha_106310a\AppData\Local\Microsoft\Edge\User Data\Default\Extensions

Version : 1.2.0
Path : C:\Users\Thilaksha_106310a\AppData\Local\Microsoft\Edge\User Data\Default
\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha\1.2.0_0
User : azadmin

Version : 1.1.5
Path : C:\Users\azadmin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions
\jmjflgjpcpepeafmmgdpfkogkghcpiha\1.1.5_0

Version : 1.2.0
Path : C:\Users\azadmin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions
\jmjflgjpcpepeafmmgdpfkogkghcpiha\1.2.0_0
176549 - LDAP Active Directory - crossRef Enumeration

Synopsis
Description
crossRef identity data from Active Directory.
Solution
N/A
366
Risk Factor
None
Exploitable with
Plugin Information:
Ports
[["objectClass",["top","crossRef"]],["cn",["Enterprise Configuration"]],["distinguishedName",
["CN=Enterprise Configuration,CN=Partitions,CN=Configuration,DC=adl,DC=local"]],["instanceType",
["nCName",["CN=Configuration,DC=adl,DC=local"]],["uSNCreated",["4117"]],["uSNChanged",
["4117"]],["showInAdvancedViewOnly",["TRUE"]],["name",["Enterprise Configuration"]],
["objectGUID",["c907ca407622c64f85dec923cd0ccc16"]],["dnsRoot",["adl.local"]],["systemFlags",
["1"]],["objectCategory",["CN=Cross-Ref,CN=Schema,CN=Configuration,DC=adl,DC=local"]],
["dSCorePropagationData",["16010101000000.0Z"]]]
[["objectClass",["top","crossRef"]],["cn",["ADL"]],["distinguishedName",
["CN=ADL,CN=Partitions,CN=Configuration,DC=adl,DC=local"]],["instanceType",["4"]],["whenCreated",
["20211210051849.0Z"]],["whenChanged",["20211210052151.0Z"]],["nCName",["DC=adl,DC=local"]],
["uSNCreated",["4118"]],["uSNChanged",["12719"]],["showInAdvancedViewOnly",["TRUE"]],["name",
["ADL"]],["objectGUID",["2f1cf247335e714eb1d5feb0c80c17db"]],["dnsRoot",["adl.local"]],
["nETBIOSName",["ADL"]],["nTMixedDomain",["0"]],["systemFlags",["3"]],["objectCategory",
["CN=Cross-Ref,CN=Schema,CN=Configuration,DC=adl,DC=local"]],["dSCorePropagationData",
["16010101000000.0Z"]],["msDS-Behavior-Version",["7"]]]
[["objectClass",["top","crossRef"]],["cn",["Enterprise Schema"]],["distinguishedName",
["CN=Enterprise Schema,CN=Partitions,CN=Configuration,DC=adl,DC=local"]],["instanceType",
["4"]],["whenCreated",["20211210051849.0Z"]],["whenChanged",["20211210051849.0Z"]],["nCName",
["CN=Schema,CN=Configuration,DC=adl,DC=local"]],["uSNCreated",["4119"]],["uSNChanged",["4119"]],
["showInAdvancedViewOnly",["TRUE"]],["name",["Enterprise [...]
177450 - LDAP Active Directory - domainDNS Enumeration

Synopsis
Description
domainDNS identity data from Active Directory.
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
Ports
[["objectClass",["top","domain","domainDNS"]],["distinguishedName",
["DC=adl,DC=local"]],["instanceType",["5"]],["whenCreated",
["20211210051848.0Z"]],["whenChanged",["20240116193959.0Z"]],["subRefs",
["DC=ForestDnsZones,DC=adl,DC=local","DC=DomainDnsZones,DC=adl,DC=local","CN=Configuration,DC=adl,DC=local"]],
["uSNCreated",["4099"]],["dSASignature",["\u0001"]],["repsFrom",["\u0002"]],["uSNChanged",
["5875345"]],["name",["adl"]],["objectGUID",["9218497fa256134ab96061806c28a91f"]],
["replUpToDateVector",["\u0002"]],["creationTime",["133482453656155962"]],["forceLogoff",
["-9223372036854775808"]],["lockoutDuration",["-18000000000"]],["lockOutObservationWindow",
["-18000000000"]],["lockoutThreshold",["5"]],["maxPwdAge",["-51840000000000"]],
["minPwdAge",["-864000000000"]],["minPwdLength",["10"]],["modifiedCountAtLastProm",
367
["0"]],["nextRid",["1000"]],["pwdProperties",["1"]],["pwdHistoryLength",["24"]],
["objectSid",["S-1-5-21-2016934633-2723708669-2290440068"]],["serverState",["1"]],
["uASCompat",["0"]],["modifiedCount",["1"]],["auditingPolicy",[""]],["nTMixedDomain",["0"]],
["rIDManagerReference",["CN=RID Manager$,CN=System,DC=adl,DC=local"]],["fSMORoleOwner",["CN=NTDS
Settings,CN=LKPDC,CN=Servers,CN=PrimarySite,CN=Sites,CN=Configuration,DC=adl,DC=local"]],
["systemFlags",["-1946157056"]],["wellKnownObjects",
["B:32:AA312825768811D1ADED00C04FD8D5CD:OU=Workstations,DC=adl,DC=local","B:32:6227F0AF1FC2410D8E3BB10615BB5B0
Quotas,DC=adl,DC=local","B:32:F4BE92A4C777485E878E9421D53087DB:CN=Microsoft,CN=Program
Data,DC=adl,DC=local","B:32:09460C08AE1E4A4EA0F64AEE7DAA1E5A:CN=Program
Data,DC=adl,DC=local","B:32:22B70C67D56E4EFB91E9300FCA3DC1AA:CN=ForeignSecurityPrincipals,DC=adl,DC=local","B
Objects,DC=adl,DC=local","B:32:2FBAC1870ADE11D297C400C04FD8D5CD:CN=Infrastructure,DC=adl,DC=local","B:32:AB81
[...]

Synopsis
Description
version.
Solution
Risk Factor
None
Exploitable with
Plugin Information:
Ports
- Microsoft .NET Host FX Resolver - 5.0.11 (x64)

Best Confidence Version : 40.44.30523
All Possible Versions : 40.44.30523
Other Version Data
[VersionMajor] :
Raw Value : 40
[Version] :
Raw Value : 674002747
[DisplayName] :
Raw Value : Microsoft .NET Host FX Resolver - 5.0.11 (x64)
[UninstallString] :
Raw Value : MsiExec.exe /X{303BF805-644E-4A76-8964-B39786190EAC}
[InstallDate] :
Raw Value : 2021/11/03
[DisplayVersion] :
Raw Value : 40.44.30523
[VersionMinor] :
Raw Value : 44
- Microsoft ASP.NET Core 5.0.11 - Shared Framework (x64)

Other Version Data
[VersionMajor] :
Raw Value : 5
[DisplayName] :
Raw Value : Microsoft ASP.NET Core 5.0.11 - Shared Framework (x64)
368
[UninstallString] :
Raw Value : "C:\ProgramData\Package Cache\{25bd12e2-e68f-4a4e-8534-
e1c2889ae5a9}\AspNetCoreSharedFrameworkBundle-x64.exe" /uninstall
Parsed File Path : C:\ProgramData\Package Cache\{25bd12e2-e68f-4a4e-8534-
e1c2889ae5a9}\AspNetCoreSharedFrameworkBundle-x64.exe
[DisplayVersion] :
Raw Value : 5.0.11.21476
[VersionMinor] :
Raw Value : 0
[DisplayIcon] :
Raw Value : C:\ProgramData\Package Cache\{25bd12e2-e68f-4a4e-8534-
e1c2889ae5a9}\AspNetCoreSharedFrameworkBundle-x64.exe,0
Parsed File Path : C:\ProgramData\Package Cache\{25bd12e2-e68f-4a4e-8534-
e1c2889ae5a9}\AspNetCoreSharedFrameworkBundle-x64.exe
Parsed File Version : [...]

Synopsis
Description
See Also
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
Ports
186777 - KB5033118: Windows 2022 / Azure Stack HCI 22H2 Security Update (December 2023)
Synopsis
Description
The remote Windows host is missing security update 5033118 or Azure HotPatch 5033464. It is, therefore, affected by
multiple vulnerabilities
number.
See Also
Solution
Apply Security Update 5033118 or Azure HotPatch 5033464
Risk Factor
Critical
369
8.4
7.9 (E:P/RL:O/RC:C)
CVSS Base Score
CVSS Temporal Score
STIG Severity
I
References
CVE CVE-2023-36696
CVE CVE-2023-36012
CVE CVE-2023-36011
CVE CVE-2023-36006
CVE CVE-2023-36005
CVE CVE-2023-36004
CVE CVE-2023-36003
CVE CVE-2023-35644
CVE CVE-2023-35643
CVE CVE-2023-35642
CVE CVE-2023-35641
CVE CVE-2023-35639
CVE CVE-2023-35638
CVE CVE-2023-35630
CVE CVE-2023-35628
CVE CVE-2023-35622
CVE CVE-2023-21740
CVE CVE-2023-20588
XREF MSKB-5033464
370
XREF MSKB-5033118
Exploitable with
Plugin Information:
Ports

- 5033118
- 5033464

Should be : 10.0.20348.2141

Synopsis
Description
See Also
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
Ports
OS Name : Microsoft Windows Server 2022 21H2

Vendor : Microsoft
Release : 2022 21H2
Version : 10.0.20348.2113
Role : server
Architecture : x64
CPE v2.3 :
Type : local
Method : SMB
Confidence : 100
187790 - KB5034129: Windows 2022 / Azure Stack HCI 22H2 Security Update (January 2024)
Synopsis
Description
371
number.
See Also
Solution
Risk Factor
High
8.4
7.2 (E:P/RL:O/RC:C)
CVSS Base Score
CVSS Temporal Score
STIG Severity
I
References
CVE CVE-2024-21320
CVE CVE-2024-21316
CVE CVE-2024-21314
CVE CVE-2024-21313
CVE CVE-2024-21311
CVE CVE-2024-21310
CVE CVE-2024-21309
CVE CVE-2024-21307
CVE CVE-2024-21306
CVE CVE-2024-21305
CVE CVE-2024-20700
CVE CVE-2024-20699
CVE CVE-2024-20698
CVE CVE-2024-20696
CVE CVE-2024-20694
372
CVE CVE-2024-20692
CVE CVE-2024-20691
CVE CVE-2024-20687
CVE CVE-2024-20683
CVE CVE-2024-20682
CVE CVE-2024-20681
CVE CVE-2024-20680
CVE CVE-2024-20674
CVE CVE-2024-20666
CVE CVE-2024-20664
CVE CVE-2024-20663
CVE CVE-2024-20662
CVE CVE-2024-20661
CVE CVE-2024-20660
CVE CVE-2024-20658
CVE CVE-2024-20657
CVE CVE-2024-20655
CVE CVE-2024-20654
CVE CVE-2024-20653
CVE CVE-2024-20652
CVE CVE-2022-35737
XREF MSKB-5034129
Exploitable with
Plugin Information:
Ports

- 5034129

373
Should be : 10.0.20348.2227

Synopsis
Description
See Also
374
Solution
Risk Factor
High
7.1
7.9 (E:U/RL:O/RC:C)
CVSS Base Score
CVSS Temporal Score
STIG Severity
I
References
CVE CVE-2024-21312
CVE CVE-2024-0057
CVE CVE-2024-0056
CVE CVE-2023-36042
375
XREF MSKB-5033948
XREF MSKB-5033947
XREF MSKB-5033946
XREF MSKB-5033945
XREF MSKB-5033922
XREF MSKB-5033920
XREF MSKB-5033919
XREF MSKB-5033918
XREF MSKB-5033917
XREF MSKB-5033916
XREF MSKB-5033914
XREF MSKB-5033912
XREF MSKB-5033911
XREF MSKB-5033910
XREF MSKB-5033909
XREF MSKB-5033907
XREF MSKB-5033904
XREF MSKB-5033899
XREF MSKB-5033898
Exploitable with
Plugin Information:
Ports
Microsoft .NET Framework 4.8

Cumulative
- 5033914
376
Should be : 4.8.4690.0
187966 - Microsoft Edge (Chromium) < 120.0.2336.0 Multiple Vulnerabilities

Synopsis
The remote host has an web browser installed that is affected by multiple vulnerabilities.
Description
The version of Microsoft Edge installed on the remote Windows host is prior to 120.0.2336.0. It is, therefore, affected
by multiple vulnerabilities as referenced in the January 11, 2024 advisory.
- Insufficient data validation in Extensions in Google Chrome prior to 120.0.6099.216 allowed an attacker in a
privileged network position to install a malicious extension via a crafted HTML page. (Chromium security severity:
High) (CVE-2024-0333)
- Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability (CVE-2024-20675)
- Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability (CVE-2024-21337)
number.
See Also
http://www.nessus.org/u?3844aad0
Solution
Upgrade to Microsoft Edge version 120.0.2336.0 or later.
Risk Factor
High
7.4
6.3 (AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L)
5.5 (E:U/RL:O/RC:C)
CVSS Base Score
CVSS Temporal Score
References
CVE CVE-2024-21337
CVE CVE-2024-20721
CVE CVE-2024-20709
CVE CVE-2024-20675
377
CVE CVE-2024-0333
Exploitable with
Plugin Information:
Ports


Synopsis
Description
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
Ports
Subject Name:
Issuer Name:

Version: 3

Public Key Info:

4F 76 F8 C5 74 48 E7 6A 54 05 AD A2 6A 5B 32 9B 47 3B A3 96
33 18 87 62 CC 9E 26 CC B5 0F 25 16 EF C1 F8 B7 B9 63 03 03
30 70 DE 78 B9 D1 2F 91 95 58 15 87 A1 BB E2 2E 25 05 AB 18
378
EB 9F 81 32 01 41 F0 25 1F 0D 78 58 79 50 6D 8D B7 84 57 14
9B 13 FF 3C 59 88 2E 2D 59 81 AC 11 87 6E B4 D9 8C 33 53 5D
13 9C 6D A0 8A 15 05 B9 86 72 90 BD 13 1A FE 8D 7B C9 A0 18
8A B4 43 96 54 60 83 73 5B 13 D7 94 9D 25 93 D2 A6 87 B9 B4
E6 11 CA 7D 86 F7 F1 65 44 BE EC [...]

Subject Name:
Issuer Name:
Serial Number: 4C 13 5B 7B F5 BD 4A B2 41 13 F5 57 08 A5 E6 6E
Version: 3

Public Key Info:

Public Key: 00 C0 99 F9 3B D3 9E 14 FC B9 25 8D 2D DE 31 D5 4C F3 3D 0F
46 B0 BF C9 86 F9 2B AB 8E 8B 01 1B 89 07 07 D1 0A C8 40 9D
94 80 28 94 C5 20 58 BB 82 1B CE 2F CF 3C EC 9D E6 3C 71 86
24 4C 4F FE A2 8F 37 D8 85 A0 92 50 D7 D8 39 D6 75 22 29 5B
18 82 7A 85 89 5F 8D D2 6D 04 3E 48 B9 A5 30 E9 CF BB 46 4A
C1 B9 5C 94 DE 2C A2 62 D0 B9 61 29 3D 0A 25 3A D6 DF A2 24
03 73 2A A2 8D 72 CF A3 E3 86 3C 2A 8D 7D 0F 3E 0E 55 56 DC
64 30 94 AA BB 37 91 C9 6F 86 8F DC 38 D5 01 41 9E BF D9 22
84 30 A0 97 8E EB 95 7E DB 50 C8 E4 E1 11 EF E2 8A 91 87 D6
74 C8 3C F0 81 C2 BD 77 5C D8 EE 55 FF 26 04 B5 C1 C4 D9 E7
1B E2 72 DF A6 04 BF AD 94 71 D0 58 7E 1D 0F B0 1B 14 48 18
F7 23 9A A2 47 BB AD 25 6D AB E6 20 EB 42 E9 BA 78 FB 13 02
5D 2E BE A9 1F F5 08 07 AC A3 F0 3D 1D 82 E1 D1 15
Exponent: 01 00 01

Signature: 00 03 DE CD 4B DA 2C 03 CE D9 B5 78 EB 57 27 2C AD 32 15 34
59 A8 47 E3 49 E7 51 AA A4 1C B0 1C 2B C7 D6 7C D6 02 D0 D4
07 E8 04 C9 C7 6B A0 32 35 29 0B B7 78 FD 6B 73 F6 07 CB 17
AE 17 FD 01 C3 6B F1 B6 65 CE 3A 3C 62 91 F3 34 AC 20 00 BC
85 F3 B4 EF E5 E3 62 8A C0 23 06 9F 6D D6 F9 A4 87 42 54 AC
FD 1F 11 61 89 C3 FC 13 BC 67 89 15 AA BD 08 A7 1C 6B 05 01
9A 66 CE 49 BE 92 D6 07 08 A2 B6 A2 2A A5 54 EB A9 56 C1 51
5A D8 29 C8 E8 3B B7 01 87 23 1E 6C 1B 02 2C EF 5F 93 FB 2F
09 9D 50 CA 44 7E 50 8B 45 28 6B 96 0C 50 EF BF F8 28 C6 37
7B 60 66 [...]

Subject Name:
Issuer Name:

Version: 3
379

Public Key Info:

4F 76 F8 C5 74 48 E7 6A 54 05 AD A2 6A 5B 32 9B 47 3B A3 96
33 18 87 62 CC 9E 26 CC B5 0F 25 16 EF C1 F8 B7 B9 63 03 03
30 70 DE 78 B9 D1 2F 91 95 58 15 87 A1 BB E2 2E 25 05 AB 18
EB 9F 81 32 01 41 F0 25 1F 0D 78 58 79 50 6D 8D B7 84 57 14
9B 13 FF 3C 59 88 2E 2D 59 81 AC 11 87 6E B4 D9 8C 33 53 5D
13 9C 6D A0 8A 15 05 B9 86 72 90 BD 13 1A FE 8D 7B C9 A0 18
8A B4 43 96 54 60 83 73 5B 13 D7 94 9D 25 93 D2 A6 87 B9 B4
E6 11 CA 7D 86 F7 F1 65 44 BE EC [...]
10884 - Network Time Protocol (NTP) Server Detection

Synopsis
An NTP server is listening on the remote host.
Description
An NTP server is listening on port 123. If not securely configured, it may provide information about its version, current
date, current time, and possibly system information.
See Also
http://www.ntp.org
Solution
N/A
Risk Factor
None
References
Exploitable with
Plugin Information:
Ports
An NTP service has been discovered, listening on port 123.
No sensitive information has been disclosed.
Version : unknown

Synopsis
380
Description
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
Ports

Release date : 20230712000000.000000+000
UUID : B1A6549D-6AF1-4527-BBDC-176D06588D46

Synopsis
Description
host.
See Also
Solution
N/A
Risk Factor
None
References
Exploitable with
Plugin Information:
Ports
Version : 4.8
Install Type : Full
Release : 528449
Version : 4.8
381
Release : 528449
54615 - Device Type

Synopsis
Description
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
Ports

Synopsis
Description
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
Ports
20240105071606.236433+330

Synopsis
Description
Solution
N/A
Risk Factor
382
None
Exploitable with
Plugin Information:
Ports

Nessus

Synopsis
Description
list.
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
Ports
- 00:0D:3A:A3:A4:F2

Synopsis
Description
attachment.
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
Ports
Time
383
00000000000000000000000000000000
00000000000000000000000000000000

Synopsis
Description
See Also
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
Ports
C:\\Users\vaadmin\AppData\Roaming\Microsoft\Windows\Recent\Windows Defender Firewall.lnk

Synopsis
Description
See Also
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
Ports
[...]
384
Synopsis
Description
See Also
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
Ports
Version : 10.0.20348.1850

Synopsis
Description
Solution
Risk Factor
None
Exploitable with
Plugin Information:
Ports
161167 - Security Updates for Microsoft .NET core (May 2022)

Synopsis
Description
multiple denial of service vulnerabilities:
- A vulnerability where a malicious client can cause a denial of service via excess memory allocations through
HttpClient. (CVE-2022-23267)
- A vulnerability where a malicious client can manipulate cookies and cause a denial of service. (CVE-2022-29117)
- A vulnerability where a malicious client can cause a denial of service when HTML forms are parsed.
(CVE-2022-29145)
385
number.
See Also
http://www.nessus.org/u?3b99f604
http://www.nessus.org/u?b1b0aff4
http://www.nessus.org/u?39d07c32
Solution
Risk Factor
Medium
4.4
7.0 (E:F/RL:O/RC:C)
CVSS Base Score
5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVSS Temporal Score
STIG Severity
I
References
CVE CVE-2022-29145
CVE CVE-2022-29117
CVE CVE-2022-23267
Exploitable with
Plugin Information:
Ports

386

Synopsis
Description
Solution
N/A
Risk Factor
None
Exploitable with
Plugin Information:
Ports
Logged on users :
- S-1-5-21-2016934633-2723708669-2290440068-7560
Domain : ADL
Username : Thilaksha_106310a
166054 - Security Updates for Microsoft .NET Core (October 2022)

Synopsis
The Microsoft .NET core installations on the remote host are affected by a privilege escalation vulnerability.
Description
A privilege escalation vulnerability exists in .NET core 6.0 < 6.0.10 and .NET Core 3.1 < 3.1.30. An authenticated,
local attacker can exploit this, via the NuGet client, to cause the user to execute arbitrary code.
number.
See Also
http://www.nessus.org/u?1a5250e3
http://www.nessus.org/u?0eafd070
Solution
Risk Factor
Medium
7.4
7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
387
7.2 (E:F/RL:O/RC:C)
CVSS Base Score
6.8 (AV:L/AC:L/Au:S/C:C/I:C/A:C)
CVSS Temporal Score
STIG Severity
I
References
CVE CVE-2022-41032
XREF MSKB-5019351
XREF MSKB-5019349
Exploitable with
Plugin Information:
Ports

388
Assets Summary (Executive)
lkazadconnect
Summary
3 9 9 0 148 169
Details
Severity Plugin Id Name
Critical 172178 ASP.NET Core SEoL
Critical 172179 Microsoft .NET Core SEoL
Critical 186777 KB5033118: Windows 2022 / Azure Stack HCI 22H2 Security Update
(December 2023)
High 187790 KB5034129: Windows 2022 / Azure Stack HCI 22H2 Security Update
(January 2024)
High 166555 WinVerifyTrust Signature Validation CVE-2013-3900 Mitigation

(EnableCertPaddingCheck)
High 165076 Security Updates for Microsoft ASP.NET Core (September 2022)
High 187966 Microsoft Edge (Chromium) < 120.0.2336.0 Multiple Vulnerabilities
High 168826 Security Updates for Microsoft ASP.NET Core (December 2022)
High 187901 Security Updates for Microsoft .NET Framework (January 2024)
High 168747 Security Updates for Microsoft .NET Core (December 2022)
High 165077 Security Updates for Microsoft .NET Core (September 2022)
High 187859 Security Update for Microsoft .NET Core (January 2024)
Medium 166054 Security Updates for Microsoft .NET Core (October 2022)
Medium 57608 SMB Signing not required
Medium 157879 Security Update for .NET Core (February 2022)
Medium 158744 Security Updates for Microsoft .NET core (March 2022)
Medium 162314 Security Updates for Microsoft .NET core (June 2022)
Medium 169783 Security Updates for Windows Malicious Software Removal Tool (January
2023)
Medium 163974 Security Updates for Microsoft .NET Core (August 2022)
Medium 161167 Security Updates for Microsoft .NET core (May 2022)
Medium 156227 Security Updates for Microsoft ASP.NET Core (December 2021)
Info 92369 Microsoft Windows Time Zone Information
Info 24269 WMI Available
Info 11011 Microsoft Windows SMB Service Detection
390
Info 92421 Internet Explorer Typed URLs
Info 24270 Computer Manufacturer Information (WMI)
Info 22964 Service Detection
Info 174405 Microsoft OLE DB Driver for SQL Server Installed (Windows)
Info 171860 Curl Installed (Windows)
Info 168980 Enumerate the PATH Variables
Info 72482 Windows Display Driver Enumeration
Info 161691 The Microsoft Windows Support Diagnostic Tool (MSDT) RCE Workaround
Detection (CVE-2022-30190)
Info 92373 Microsoft Windows SMB Sessions
Info 17651 Microsoft Windows SMB : Obtains the Password Policy
Info 56468 Time of Last System Startup
Info 24260 HyperText Transfer Protocol (HTTP) Information
Info 161502 Microsoft Windows Logged On Users
Info 92371 Microsoft Windows DNS Cache
Info 52001 WMI QuickFixEngineering (QFE) Enumeration
Info 104667 Microsoft ASP .NET Core for Windows
Info 136969 Microsoft Edge Chromium Installed
Info 106716 Microsoft Windows SMB2 and SMB3 Dialects Supported (remote check)
Info 48763 Microsoft Windows 'CWDIllegalInDllSearch' Registry Setting
Info 100871 Microsoft Windows SMB Versions Supported (remote check)
Info 155470 Oracle Cloud Infrastructure Instance Metadata Enumeration (Windows)
Info 38689 Microsoft Windows SMB Last Logged On User Disclosure
Info 58181 Windows DNS Server Enumeration
Info 11936 OS Identification
Info 21643 SSL Cipher Suites Supported
Info 104668 Microsoft .NET Core for Windows
Info 171410 IP Assignment Method Detection
Info 70329 Microsoft Windows Process Information
Info 51187 WMI Encryptable Volume Enumeration
Info 92368 Microsoft Windows Scripting Host Settings
Info 51192 SSL Certificate Cannot Be Trusted
391
Info 33139 WS-Management Server Detection
Info 71246 Enumerate Local Group Memberships
Info 112279 Windows Defender Advanced Threat Protection Installed (Windows)
Info 156899 SSL/TLS Recommended Cipher Suites
Info 11457 Microsoft Windows SMB Registry : Winlogon Cached Password Weakness
Info 141118 Target Credential Status by Authentication Protocol - Valid Credentials

Provided
Info 160486 Server Message Block (SMB) Protocol Version Detection
Info 66334 Patch Report
Info 10395 Microsoft Windows SMB Shares Enumeration
Info 108712 Microsoft .NET Core SDK for Windows
Info 92428 Recent File History
Info 92434 User Download Folder Files
Info 10785 Microsoft Windows SMB NativeLanManager Remote System Information

Disclosure
Info 50346 Microsoft Update Installed
Info 50859 Microsoft Windows SMB : WSUS Client Configured
Info 56984 SSL / TLS Versions Supported
Info 64582 Netstat Connection Information
Info 10150 Windows NetBIOS / SMB Remote Host Information Disclosure
Info 160301 Link-Local Multicast Name Resolution (LLMNR) Service Detection
Info 48942 Microsoft Windows SMB Registry : OS Version and Processor Architecture
Info 48337 Windows ComputerSystemProduct Enumeration (WMI)
Info 103871 Microsoft Windows Network Adapters
Info 58452 Microsoft Windows Startup Software Enumeration
Info 187318 Microsoft Windows Installed
Info 99364 Microsoft .NET Security Rollup Enumeration
Info 10898 Microsoft Windows - Users Information : Never Changed Password
Info 72879 Microsoft Internet Explorer Enhanced Security Configuration Detection
Info 10398 Microsoft Windows SMB LsaQueryInformationPolicy Function NULL

Session Domain SID Enumeration
Info 57582 SSL Self-Signed Certificate
Info 10902 Microsoft Windows 'Administrators' Group User List
392
Info 179947 Intel CPUID detection
Info 160576 Windows Services Registry ACL
Info 42898 SMB Registry : Stop the Registry Service after the scan (WMI)
Info 162174 Windows Always Installed Elevated Status
Info 10287 Traceroute Information
Info 44871 WMI Windows Feature Enumeration
Info 63620 Windows Product Key Retrieval
Info 10114 ICMP Timestamp Request Remote Date Disclosure
Info 20811 Microsoft Windows Installed Software Enumeration (credentialed check)
Info 34252 Microsoft Windows Remote Listeners Enumeration (WMI)
Info 92435 UserAssist Execution History
Info 92372 Microsoft Windows NetBIOS over TCP/IP Info
Info 10899 Microsoft Windows - Users Information : User Has Never Logged In
Info 164690 Windows Disabled Command Prompt Enumeration
Info 10940 Remote Desktop Protocol Service Detection
Info 34096 BIOS Info (WMI)
Info 11217 Microsoft SQL Server Detection (credentialed check)
Info 126527 Microsoft Windows SAM user enumeration
Info 23974 Microsoft Windows SMB Share Hosting Office Files
Info 92415 Application Compatibility Cache
Info 10897 Microsoft Windows - Users Information : Disabled Accounts
Info 10456 Microsoft Windows SMB Service Enumeration
Info 131023 Windows Defender Installed
Info 176212 Microsoft Edge Add-on Enumeration (Windows)
Info 92370 Microsoft Windows ARP Table
Info 10400 Microsoft Windows SMB Registry Remotely Accessible
Info 70331 Microsoft Windows Process Module Information
Info 57041 SSL Perfect Forward Secrecy Cipher Suites Supported
Info 62042 SMB QuickFixEngineering (QFE) Enumeration
Info 10107 HTTP Server Type and Version
Info 10396 Microsoft Windows SMB Shares Access
393
Info 63080 Microsoft Windows Mounted Devices
Info 70544 SSL Cipher Block Chaining Cipher Suites Supported
Info 10859 Microsoft Windows SMB LsaQueryInformationPolicy Function SID

Enumeration
Info 54615 Device Type
Info 55472 Device Hostname
Info 24272 Network Interfaces Enumeration (WMI)
Info 42897 SMB Registry : Start the Registry Service during the scan (WMI)
Info 170631 Host Active Directory Configuration (Windows)
Info 34220 Netstat Portscanner (WMI)
Info 159817 Windows Credential Guard Status
Info 162560 Microsoft Internet Explorer Installed
Info 35716 Ethernet Card Manufacturer Detection
Info 16193 Antivirus Software Check
Info 10736 DCE Services Enumeration
Info 12053 Host Fully Qualified Domain Name (FQDN) Resolution
Info 92366 Microsoft Windows Last Boot Time
Info 73149 Windows AppLocker Installed
Info 72367 Microsoft Internet Explorer Version Detection
Info 92364 Microsoft Windows Environment Variables
Info 44401 Microsoft Windows SMB Service Config Enumeration
Info 92367 Microsoft Windows PowerShell Execution Policy
Info 19506 Nessus Scan Information
Info 10863 SSL Certificate Information
Info 57033 Microsoft Patch Bulletin Feasibility Check
Info 66424 Microsoft Malicious Software Removal Tool Installed
Info 92365 Microsoft Windows Hosts File
Info 174413 Microsoft ODBC Driver for SQL Server Installed (Windows)
Info 110095 Target Credential Issues by Authentication Protocol - No Issues Found
Info 51351 Microsoft .NET Framework Detection
Info 92362 Microsoft Windows AppLocker Configuration
Info 86420 Ethernet MAC Addresses
394
Info 92424 MUICache Program Execution History
Info 72684 Enumerate Users via WMI
Info 38153 Microsoft Windows Summary of Missing Patches
Info 10394 Microsoft Windows SMB Log In Possible
Info 159929 Windows LSA Protection Status
Info 63418 Microsoft System Center Operations Manager Component Installed
Info 101114 Microsoft Azure AD Connect Installed
Info 117887 OS Security Patch Assessment Available
Info 45590 Common Platform Enumeration (CPE)
Info 92431 User Shell Folders Settings
Info 25220 TCP/IP Timestamps Supported
Info 136318 TLS Version 1.2 Protocol Detection
Info 139785 DISM Package List (Windows)
Info 93962 Microsoft Security Rollup Enumeration
Info 151440 Microsoft Windows Print Spooler Service Enabled
Info 125835 Microsoft Remote Desktop Connection Installed
Info 64814 Terminal Services Use SSL/TLS
Info 92429 Recycle Bin Files
Info 171956 Windows Enumerate Accounts
Info 148541 Windows Language Settings Detection
Info 155963 Windows Printer Driver Enumeration
Info 178102 Microsoft Windows Installed Software Version Enumeration
395
lkazbackupresto
Summary
3 5 3 0 145 156
Details
Critical 185887 Security Updates for Microsoft .NET Framework (November 2023)
Critical 186789 KB5033371: Windows 10 version 1809 / Windows Server 2019 Security
Update (December 2023)
Critical 185579 KB5032196: Windows 10 version 1809 / Windows Server 2019 Security
Update (November 2023)
High 187803 KB5034127: Windows 10 version 1809 / Windows Server 2019 Security
Update (January 2024)

High 181409 Curl 7.84 <= 8.2.1 Header DoS (CVE-2023-38039)
High 188161 Google Chrome < 120.0.6099.225 Multiple Vulnerabilities
Medium 57608 SMB Signing not required
Medium 132101 Windows Speculative Execution Configuration Check
Medium 42873 SSL Medium Strength Cipher Suites Supported (SWEET32)
Info 92433 Terminal Services History
396
Info 10900 Microsoft Windows - Users Information : Passwords Never Expire

Provided

Disclosure
397
Info 168008 Qualys Cloud Security Agent Installed (Windows)

Info 42898 SMB Registry : Stop the Registry Service after the scan (WMI)
Info 34196 Google Chrome Detection (Windows)
Info 10919 Open Port Re-check
398
Info 164690 Windows Disabled Command Prompt Enumeration
Info 60119 Microsoft Windows SMB Share Permissions Enumeration
Info 43815 NetBIOS Multiple IP Address Enumeration

Enumeration
Info 157288 TLS Version 1.1 Protocol Deprecated
399
Info 96533 Chrome Browser Extension Enumeration
Info 151440 Microsoft Windows Print Spooler Service Enabled
400
Info 155963 Windows Printer Driver Enumeration
401
lkazdc01
Summary
3 8 10 0 162 183
Details
Critical 172178 ASP.NET Core SEoL
Critical 172179 Microsoft .NET Core SEoL
Critical 186777 KB5033118: Windows 2022 / Azure Stack HCI 22H2 Security Update
(December 2023)
High 187790 KB5034129: Windows 2022 / Azure Stack HCI 22H2 Security Update
(January 2024)

High 165076 Security Updates for Microsoft ASP.NET Core (September 2022)
High 187966 Microsoft Edge (Chromium) < 120.0.2336.0 Multiple Vulnerabilities
High 168826 Security Updates for Microsoft ASP.NET Core (December 2022)
High 168747 Security Updates for Microsoft .NET Core (December 2022)
High 165077 Security Updates for Microsoft .NET Core (September 2022)
Medium 166054 Security Updates for Microsoft .NET Core (October 2022)
Medium 157879 Security Update for .NET Core (February 2022)
Medium 150484 AD Starter Scan - Kerberos Krbtgt
Medium 158744 Security Updates for Microsoft .NET core (March 2022)
Medium 162314 Security Updates for Microsoft .NET core (June 2022)
Medium 169783 Security Updates for Windows Malicious Software Removal Tool (January
2023)
Medium 150483 AD Starter Scan - Non-Expiring Account Password
Medium 163974 Security Updates for Microsoft .NET Core (August 2022)
Medium 161167 Security Updates for Microsoft .NET core (May 2022)
Medium 156227 Security Updates for Microsoft ASP.NET Core (December 2021)
Info 121509 DHCP Server Detection (Windows)
402
Info 159544 SSL Certificate with no Common Name
Info 52001 WMI QuickFixEngineering (QFE) Enumeration
Info 104667 Microsoft ASP .NET Core for Windows
Info 136969 Microsoft Edge Chromium Installed
Info 155470 Oracle Cloud Infrastructure Instance Metadata Enumeration (Windows)
Info 10900 Microsoft Windows - Users Information : Passwords Never Expire
Info 104668 Microsoft .NET Core for Windows
403
Info 174736 Netstat Ingress Connections
Info 11002 DNS Server Detection
Info 20870 LDAP Server Detection
Info 10413 Microsoft Windows SMB Registry : Remote PDC/BDC Detection

Provided
Info 167252 LDAP Active Directory - Computer Enumeration
Info 35706 SMB Registry : Stopping the Registry Service after the scan failed

Disclosure
404
Info 10908 Microsoft Windows 'Domain Administrators' Group User List

Info 176549 LDAP Active Directory - crossRef Enumeration
Info 167251 LDAP Active Directory - Group Enumeration
Info 60119 Microsoft Windows SMB Share Permissions Enumeration
Info 25701 LDAP Crafted Search Request Server Information Disclosure
Info 10761 COM+ Internet Services (CIS) Server Detection
405
Info 176212 Microsoft Edge Add-on Enumeration (Windows)
Info 10884 Network Time Protocol (NTP) Server Detection

Enumeration
Info 43829 Kerberos Information Disclosure
Info 167250 LDAP Active Directory - Person Enumeration
406
Info 66424 Microsoft Malicious Software Removal Tool Installed
Info 159545 SSL Certificate with no Subject
Info 35297 SSL Service Requests Client Certificate
Info 177450 LDAP Active Directory - domainDNS Enumeration
Info 25220 TCP/IP Timestamps Supported
Info 10895 Microsoft Windows - Users Information : Automatically Disabled Accounts
407
Info 92423 Windows Explorer Recently Executed Programs
408
Remediations
Suggested Remediations
Taking the following actions across 3 hosts would resolve 16% of the vulnerabilities on the network:
Action to take Vulns Assets
Security Update for Microsoft .NET Core (January 2024): Update .NET Core, remove vulnerable 14 1
packages and refer to vendor advisory.
Security Updates for Microsoft .NET Core (December 2022): Update .NET Core Runtime to version 3.1.32 12 1
or 6.0.12 or 7.0.1.
Microsoft Edge (Chromium) < 120.0.2336.0 Multiple Vulnerabilities: Upgrade to Microsoft Edge version 10 2
120.0.2336.0 or later.
Install KB5034129 4 2
Google Chrome < 120.0.6099.225 Multiple Vulnerabilities: Upgrade to Google Chrome version 3 1
120.0.6099.225 or later.
Install KB5034127 3 1
Security Updates for Microsoft ASP.NET Core (December 2021): Update ASP.NET Core, remove 2 2
vulnerable packages and refer to vendor advisory.
Security Updates for Windows Malicious Software Removal Tool (January 2023): Microsoft has released 0 2
version 5.109 to address this issue.
410

Azure - Windows Server - Host Scan - 2024 Jan q5trvk

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Azure - Windows Server - Host Scan - 2024 Jan q5trvk

Uploaded by

Copyright:

Available Formats

Tenable Vulnerability Management

End time: 2024/01/17 11:04

Netbios Name: LKAZADCONNECT

OS: Microsoft Windows Server 2022 Datacenter Build 20348

lkazadconnect (TCP/5985) Vulnerability State: Active

10114 - ICMP Timestamp Request Remote Date Disclosure

10150 - Windows NetBIOS / SMB Remote Host Information Disclosure

LKAZADCONNECT = Computer name

10287 - Traceroute Information

10394 - Microsoft Windows SMB Log In Possible

10395 - Microsoft Windows SMB Shares Enumeration

10396 - Microsoft Windows SMB Shares Access

The following shares can be accessed as vaadmin :

10400 - Microsoft Windows SMB Registry Remotely Accessible

Microsoft Azure AD Sync [ ADSync ]

10736 - DCE Services Enumeration

The following DCERPC services are available on TCP port 49670 :

Object UUID : 00000000-0000-0000-0000-000000000000

lkazadconnect (TCP/49667) Vulnerability State: Active

The following DCERPC services are available on TCP port 49667 :

Object UUID : 00000000-0000-0000-0000-000000000000

Object UUID : 00000000-0000-0000-0000-000000000000

lkazadconnect (TCP/49665) Vulnerability State: Active

The following DCERPC services are available on TCP port 49665 :

Object UUID : 765294ba-60bc-48b8-92e9-89fd77769d91

The following DCERPC services are available on TCP port 49673 :

Object UUID : 00000000-0000-0000-0000-000000000000

Object UUID : 00000000-0000-0000-0000-000000000000

Object UUID : 00000000-0000-0000-0000-000000000000

Object UUID : 00000000-0000-0000-0000-000000000000

Object UUID : 00000000-0000-0000-0000-000000000000

lkazadconnect (TCP/445) Vulnerability State: Active

The following DCERPC services are available remotely :

Object UUID : 00000000-0000-0000-0000-000000000000

Object UUID : 00000000-0000-0000-0000-000000000000

Object UUID : 00000000-0000-0000-0000-000000000000

Object UUID : 00000000-0000-0000-0000-000000000000

Object UUID : 00000000-0000-0000-0000-000000000000

Object UUID : 00000000-0000-0000-0000-000000000000

Object UUID : 00000000-0000-0000-0000-000000000000

Object UUID : 00000000-0000-0000-0000-000000000000

Object UUID : 00000000-0000-0000-0000-000000000000

lkazadconnect (TCP/49672) Vulnerability State: Active

The following DCERPC services are available on TCP port 49672 :

Object UUID : 00000000-0000-0000-0000-000000000000

Object UUID : 5fc860e0-6f6e-4fc2-83cd-46324f25e90b

Object UUID : 9a81c2bd-a525-471d-a4ed-49907c0b23da

Object UUID : 00000000-0000-0000-0000-000000000000

Object UUID : 00000000-0000-0000-0000-000000000000

lkazadconnect (TCP/135) Vulnerability State: Active

The following DCERPC services are available locally :

Object UUID : 00000000-0000-0000-0000-000000000000

Object UUID : 00000000-0000-0000-0000-000000000000

Object UUID : 00000000-0000-0000-0000-000000000000

Object UUID : 00000000-0000-0000-0000-000000000000

Object UUID : 00000000-0000-0000-0000-000000000000

Object UUID : 00000000-0000-0000-0000-000000000000

Object UUID : 00000000-0000-0000-0000-000000000000

Object UUID : 00000000-0000-0000-0000-000000000000

Object UUID : 00000000-0000-0000-0000-000000000000

lkazadconnect (TCP/49664) Vulnerability State: Active

The following DCERPC services are available on TCP port 49664 :

Object UUID : 00000000-0000-0000-0000-000000000000

Object UUID : 00000000-0000-0000-0000-000000000000