Professional Documents
Culture Documents
Summary
This document reports on the results of an automatic security scan. All dates are
displayed using the timezone Coordinated Universal Time, which is abbreviated UTC.
The task was 6477196341da8cf01c6392ca-6477196441da8cf01c639305-712c2952. The scan
started at Wed May 31 09:56:00 2023 UTC and ended at Wed May 31 11:33:28 2023 UTC.
The report rst summarises the results found. Then, for each host, the report describes
every issue found. Please consider the advice given in each description, in order to rectify
the issue.
Contents
1 Result Overview 2
2 Results per Host 2
2.1 103.108.9.11 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2
2.1.1 High general/tcp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2
2.1.2 High 22/tcp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
2.1.3 Medium 22/tcp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
2.1.4 Low 22/tcp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
2.1.5 Log 2095/tcp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
2.1.6 Log 53/tcp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
2.1.7 Log 443/tcp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
2.1.8 Log general/tcp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
2.1.9 Log 80/tcp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28
2.1.10 Log general/CPE-T . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
2.1.11 Log 22/tcp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
1
2 RESULTS PER HOST 2
1 Result Overview
This report contains all 38 results selected by the ltering described above. Before ltering
there were 62 results.
Summary
The Operating System (OS) on the remote host has reached the End of Life (EOL) and should
not be used anymore.
Impact
An EOL version of an OS is not receiving any security updates from the vendor. Unxed security
vulnerabilities might be leveraged by an attacker to compromise the security of this host.
Solution:
Solution type: Mitigation
Upgrade the OS on the remote host to a version which is still supported and receiving security
updates by the vendor.
[ return to 103.108.9.11 ]
Summary
The remote Apache Karaf is using known default credentials.
Impact
This issue may be exploited by a remote attacker to gain access to sensitive information or modify
system conguration.
Solution:
Solution type: Workaround
Change the password.
Vulnerability Insight
It was possible to login with default credentials: 'karaf/karaf'.
Summary
The remote jailbroken Apple iOS device is using known default credentials for the SSH login.
Impact
This issue may be exploited by a remote attacker to gain access to sensitive information or modify
system conguration.
Solution:
Solution type: Mitigation
Change the password.
Aected Software/OS
All jailbroken Apple iOS devices with default credentials. Other devices or vendors might be
aected as well.
References
url: https://www.macworld.com/article/201053/iphone_password.html
url: https://blog.elcomsoft.com/2020/05/ios-jailbreaks-ssh-and-root-password/
Impact
Successful exploitation will allow attacker to gain unauthorized root access to aected devices
and completely compromise the devices.
Solution:
Solution type: WillNotFix
No known solution was made available for at least one year since the disclosure of this vulnera-
bility. Likely none will be provided anymore. General solution options are to upgrade to a newer
release, disable respective features, remove the product or replace the product by another one.
Aected Software/OS
Array Networks vxAG 9.2.0.34 and vAPV 8.3.2.17 appliances.
Vulnerability Insight
Multiple aws are due to
- The program using insecure world writable permissions for the '/ca/bin/monitor.sh' le.
- The 'mfg' account has a password of 'mfg' and the 'sync' account has a password of 'click1',
which is publicly known and documented.
- If a remote attacker has explicit knowledge of the SSH keys they can potentially gain privileged
access to the device.
References
url: http://packetstormsecurity.com/files/125761
url: http://www.securityfocus.com/bid/66299
Summary
The remote C.H.I.P. device is using known default credentials.
Impact
This issue may be exploited by a remote attacker to gain access to sensitive information or modify
system conguration.
Solution:
Solution type: Workaround
Change the password.
Summary
The remote device is using known default credentials.
Impact
This issue may be exploited by a remote attacker to gain access to sensitive information or modify
system conguration.
Solution:
Solution type: Workaround
Change the password.
Summary
The remote device is using known default credentials.
Impact
This issue may be exploited by a remote attacker to gain access to sensitive information or modify
system conguration.
Solution:
Solution type: Workaround
Change the password.
Summary
The remote host has the password 'avam@r' for the root account.
Impact
This issue may be exploited by a remote attacker to gain access to sensitive information or modify
system conguration.
Solution:
Solution type: Workaround
Change the password.
Vulnerability Insight
It was possible to login with default credentials: 'root/avam@r'.
Summary
The remote iProtect server is using known default credentials.
Impact
This issue may be exploited by a remote attacker to gain access to sensitive information or modify
system conguration.
Solution:
Solution type: Workaround
Change the password.
References
url: http://www.keyprocessor.com/kennisbank/Zipfile/KP_iProtect_8_0.03%20Stand-b
,→y%20server_M_160523_EN
Summary
Multiple Barracuda products are prone to a security-bypass vulnerability and multiple
unauthorized-access vulnerabilities.
Impact
Attackers can exploit these issues to bypass certain security restrictions and gain unauthorized
access to the aected appliances. This may aid in further attacks.
Solution:
Solution type: VendorFix
Update to Security Denition 2.0.5.
Aected Software/OS
The following appliances are aected:
. . . continues on next page . . .
2 RESULTS PER HOST 11
References
url: http://www.securityfocus.com/bid/57537
url: https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/2013
,→0124-0_Barracuda_Appliances_Backdoor_wo_poc_v10.txt
Summary
OpenELEC is using known default credentials.
Impact
Successful exploitation will allow remote attackers to gain unauthorized root access to aected
devices and completely compromise the devices.
Solution:
Solution type: Mitigation
Information is available about a conguration or deployment scenario that helps to reduce the
risk of the vulnerability.
Aected Software/OS
OpenELEC devices.
Vulnerability Insight
The aw is due to the 'root' account has a password of 'openelec', which is publicly known and
documented.
References
cve: CVE-2016-2230
url: http://www.kb.cert.org/vuls/id/544527
url: https://github.com/RasPlex/RasPlex/issues/453
Summary
The remote OpenVPN Access Server is using known default credentials.
Impact
This issue may be exploited by a remote attacker to gain access to sensitive information or modify
system conguration.
Solution:
Solution type: Workaround
Change the password.
Vulnerability Insight
It was possible to login with default credentials: 'root/openvpnas'.
Summary
The remote Panopta OnSight is using known default credentials.
Impact
This issue may be exploited by a remote attacker to gain access to sensitive information or modify
system conguration.
Solution:
Solution type: Workaround
Change the password.
Vulnerability Insight
It was possible to login with default credentials: 'panopta.admin/rb2svin9bwx7'.
References
url: https://blogs.securiteam.com/index.php/archives/2475
Summary
The remote Raspberry Pi OS / Raspbian system is using known default credentials for the SSH
login.
Impact
This issue may be exploited by a remote attacker to gain access to sensitive information or modify
system conguration.
Solution:
Solution type: Mitigation
Change the default password.
Aected Software/OS
All Raspberry Pi OS / Raspbian systems using known default credentials. Other systems might
be aected as well.
References
cve: CVE-2021-38759
url: https://www.raspberrypi.com/documentation/computers/configuration.html#chan
,→ge-the-default-password
url: https://www.cnvd.org.cn/flaw/show/CNVD-2021-43968
Summary
Rasplex is using known default credentials.
Impact
. . . continues on next page . . .
2 RESULTS PER HOST 15
Solution:
Solution type: Mitigation
Information is available about a conguration or deployment scenario that helps to reduce the
risk of the vulnerability.
Aected Software/OS
Rasplex devices.
Vulnerability Insight
The aw is due to the 'root' account has a password of 'rasplex', which is publicly known and
documented.
References
cve: CVE-2016-2230
url: http://www.kb.cert.org/vuls/id/544527
url: https://github.com/RasPlex/RasPlex/issues/453
Summary
The remote Riello NetMan 204 network card is using known default credentials for the SSH login.
Impact
This issue may be exploited by a remote attacker to gain access to sensitive information or modify
system conguration.
Solution:
Solution type: Workaround
Change the password of the aected account(s).
References
url: https://www.exploit-db.com/exploits/41208
Summary
The remote Riverbed SteelCentral system is using known default credentials for the SSH login.
Impact
This issue may be exploited by a remote attacker to gain access to sensitive information or modify
system conguration.
Solution:
Solution type: Workaround
Change the password.
Summary
The remote host has set no password for the root account.
Impact
This issue may be exploited by a remote attacker to gain access to sensitive information or modify
system conguration.
Solution:
Solution type: Workaround
- Set a password for the 'root' account
- For the Alpine Linux Docker image update to one of the following image releases:
edge (20190228 snapshot), v3.9.2, v3.8.4, v3.7.3, v3.6.5
- For other products / devices / images either see the 'aected' tag for xed releases or contact
the vendor for more information
Aected Software/OS
The following ocial docker images are known to be aected:
- Alpine Linux since version 3.3
- haproxy before version 1.8.18-alpine
- rabbitmq before version 3.7.13-beta.1-management-alpine
- memcached before version 1.5.11-alpine
- inuxdb before version 1.7.3-meta-alpine
- vault before version 0.11.6
- drupal before version 8.5.10-fpm-alpine
- plone before version of 4.3.18-alpine
- kong before version 1.0.2-alpine
- chronograf before version 1.7.7-alpine
- telegraf before version 1.9.4-alpine
- ghost before version 2.16.1-alpine
- adminer before version 4.7.0-fastcgi
- composer before version 1.8.3
- sonarqube
- irssi before version 1.1-alpine
- notary before version signer-0.6.1-1
- spiped before version 1.5-alpine
- Express Gateway before version 1.14.0
- storm before version 1.2.1
- piwik
- znc before version 1.7.1-slim
- elixir before version 1.8.0-alpine
- eggdrop before version 1.8.4rc2
- Consul versions 0.7.1 through 1.4.2
- Crux Linux versions 3.0 through 3.4
- Software AG Terracotta Server OSS version 5.4.1
- Appbase streams version 2.1.2
- Docker Docs versions through 2020-12-14
- Blackre versions through 2020-12-14
. . . continues on next page . . .
2 RESULTS PER HOST 19
Vulnerability Insight
It was possible to login with the 'root' username and without passing a password.
References
cve: CVE-1999-0501
cve: CVE-1999-0502
cve: CVE-2019-5021
cve: CVE-2020-35195
cve: CVE-2020-35196
cve: CVE-2020-35197
cve: CVE-2020-35194
cve: CVE-2020-35192
cve: CVE-2020-35191
cve: CVE-2020-35189
cve: CVE-2020-35190
cve: CVE-2020-35188
cve: CVE-2020-35187
cve: CVE-2020-35185
cve: CVE-2020-35186
cve: CVE-2020-35184
cve: CVE-2020-35193
cve: CVE-2020-29602
cve: CVE-2020-29601
cve: CVE-2020-29581
cve: CVE-2020-29579
cve: CVE-2020-29580
cve: CVE-2020-29578
cve: CVE-2020-29577
cve: CVE-2020-29575
cve: CVE-2020-29576
cve: CVE-2020-29564
cve: CVE-2020-29389
cve: CVE-2020-35469
. . . continues on next page . . .
2 RESULTS PER HOST 20
Summary
The remote VyOS system is using known default credentials for the SSH login.
Impact
This issue may be exploited by a remote attacker to gain access to sensitive information or modify
system conguration.
Solution:
Solution type: Mitigation
Change the default password.
Aected Software/OS
All VyOS systems using known default credentials.
References
url: https://support.vyos.io/en/kb/articles/default-user-password-for-vyos-2
[ return to 103.108.9.11 ]
Summary
The remote Cisco Mobility Services Engine is prone to an insecure default-password vulnerability.
Impact
Remote attackers with knowledge of the default credentials may exploit this vulnerability to gain
unauthorized access and perform unauthorized actions. This may aid in further attacks.
Solution:
Solution type: VendorFix
Updates are available. Please see the references for more information.
Aected Software/OS
Cisco Mobility Services Engine (MSE) versions 8.0.120.7 and earlier are vulnerable.
Vulnerability Insight
This issue is being tracked by Cisco Bug ID CSCuv40501 and CSCuv40504.
References
cve: CVE-2015-6316
url: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-
,→sa-20151104-mse-cred
url: http://www.securityfocus.com/bid/77432
cert-bund: CB-K15/1620
dfn-cert: DFN-CERT-2015-1717
Summary
The remote SSH server is congured to allow / support weak encryption algorithm(s).
Solution:
. . . continues on next page . . .
2 RESULTS PER HOST 23
Vulnerability Insight
- The 'arcfour' cipher is the Arcfour stream cipher with 128-bit keys. The Arcfour cipher is
believed to be compatible with the RC4 cipher [SCHNEIER]. Arcfour (and RC4) has problems
with weak keys, and should not be used anymore.
- The 'none' algorithm species that no encryption is to be done. Note that this method provides
no condentiality protection, and it is NOT RECOMMENDED to use it.
- A vulnerability exists in SSH messages that employ CBC mode that may allow an attacker to
recover plaintext from a block of ciphertext.
References
url: https://www.rfc-editor.org/rfc/rfc4253#section-6.3
url: https://www.kb.cert.org/vuls/id/958563
[ return to 103.108.9.11 ]
Summary
The remote SSH server is congured to allow / support weak MAC algorithm(s).
Solution:
Solution type: Mitigation
Disable the reported weak MAC algorithm(s).
[ return to 103.108.9.11 ]
Summary
This plugin checks if the port scanners did not kill a service.
Solution:
Log Method
Details: Check open ports
OID:1.3.6.1.4.1.25623.1.0.10919
Version used: 2022-07-27T10:11:28Z
[ return to 103.108.9.11 ]
Summary
This plugin checks if the port scanners did not kill a service.
Solution:
Log Method
Details: Check open ports
OID:1.3.6.1.4.1.25623.1.0.10919
Version used: 2022-07-27T10:11:28Z
[ return to 103.108.9.11 ]
Summary
This plugin checks if the port scanners did not kill a service.
Solution:
Log Method
Details: Check open ports
OID:1.3.6.1.4.1.25623.1.0.10919
Version used: 2022-07-27T10:11:28Z
[ return to 103.108.9.11 ]
Summary
The script reports information on how the hostname of the target was determined.
Solution:
Log Method
Details: Hostname Determination Reporting
OID:1.3.6.1.4.1.25623.1.0.108449
Version used: 2022-07-27T10:11:28Z
Summary
Consolidation of OpenSSH detections.
Solution:
Log Method
Details: OpenSSH Detection Consolidation
OID:1.3.6.1.4.1.25623.1.0.108577
Version used: 2022-03-28T10:48:38Z
References
url: https://www.openssh.com/
Summary
This script consolidates the OS information detected by several VTs and tries to nd the best
matching OS.
Furthermore it reports all previously collected information leading to this best matching OS. It
also reports possible additional information which might help to improve the OS detection.
If any of this information is wrong or could be improved please consider to report these to the
referenced community forum.
Solution:
Log Method
Details: OS Detection Consolidation and Reporting
OID:1.3.6.1.4.1.25623.1.0.105937
Version used: 2023-05-25T09:08:46Z
References
url: https://forum.greenbone.net/c/vulnerability-tests/7
Summary
Collect information about the network route and network distance between the scanner host and
the target host.
Solution:
Vulnerability Insight
For internal networks, the distances are usually small, often less than 4 hosts between scanner
and target. For public targets the distance is greater and might be 10 hosts or more.
Log Method
A combination of the protocols ICMP and TCP is used to determine the route. This method is
applicable for IPv4 only and it is also known as 'traceroute'.
Details: Traceroute
OID:1.3.6.1.4.1.25623.1.0.51662
Version used: 2022-10-17T11:13:19Z
[ return to 103.108.9.11 ]
Summary
The script consolidates various information for CGI scanning.
This information is based on the following scripts / settings:
- HTTP-Version Detection (OID: 1.3.6.1.4.1.25623.1.0.100034)
- No 404 check (OID: 1.3.6.1.4.1.25623.1.0.10386)
- Web mirroring / webmirror.nasl (OID: 1.3.6.1.4.1.25623.1.0.10662)
- Directory Scanner / DDI_Directory_Scanner.nasl (OID: 1.3.6.1.4.1.25623.1.0.11032)
- The congured 'cgi_path' within the 'Scanner Preferences' of the scan cong in use
- The congured 'Enable CGI scanning', 'Enable generic web application scanning' and 'Add
historic /scripts and /cgi-bin to directories for CGI scanning' within the 'Global variable settings'
of the scan cong in use
If you think any of this information is wrong please report it to the referenced community forum.
. . . continues on next page . . .
2 RESULTS PER HOST 29
Solution:
Log Method
Details: CGI Scanning Consolidation
OID:1.3.6.1.4.1.25623.1.0.111038
Version used: 2023-03-06T10:19:58Z
References
url: https://forum.greenbone.net/c/vulnerability-tests/7
Summary
All known security headers are being checked on the remote web server.
On completion a report will hand back whether a specic security header has been implemented
(including its value and if it is deprecated) or is missing on the target.
Solution:
Log Method
. . . continues on next page . . .
2 RESULTS PER HOST 31
References
url: https://owasp.org/www-project-secure-headers/
url: https://owasp.org/www-project-secure-headers/#div-headers
url: https://securityheaders.com/
Summary
This VT tests if the remote web server does not reply with a 404 error code and checks if it is
replying to the scanners requests in a reasonable amount of time.
Solution:
Vulnerability Insight
This web server might show the following issues:
- it is [mis]congured in that it does not return '404 Not Found' error codes when a non-existent
le is requested, perhaps returning a site map, search page, authentication page or redirect
instead.
The Scanner might enabled some counter measures for that, however they might be insucient.
If a great number of security issues are reported for this port, they might not all be accurate.
- it doesn't response in a reasonable amount of time to various HTTP requests sent by this VT.
In order to keep the scan total time to a reasonable amount, the remote web server might not be
tested. If the remote server should be tested it has to be xed to have it reply to the scanners
requests in a reasonable amount of time.
Alternatively the 'Maximum response time (in seconds)' preference could be raised to a higher
value if longer scan times are accepted.
Log Method
Details: Response Time / No 404 Error Code Check
OID:1.3.6.1.4.1.25623.1.0.10386
Version used: 2023-05-12T09:09:03Z
2 RESULTS PER HOST 32
Summary
This routine attempts to guess which service is running on the remote ports. For instance, it
searches for a web server which could listen on another port than 80 or 443 and makes this
information available for other check routines.
Solution:
Log Method
Details: Services
OID:1.3.6.1.4.1.25623.1.0.10330
Version used: 2021-03-15T10:42:03Z
[ return to 103.108.9.11 ]
Summary
This routine uses information collected by other routines about CPE identities of operating
systems, services and applications detected during the scan.
Note: Some CPEs for specic products might show up twice or more in the output. Background:
After a product got renamed or a specic vendor was acquired by another one it might happen
that a product gets a new CPE within the NVD CPE Dictionary but older entries are kept with
the older CPE.
Solution:
Log Method
Details: CPE Inventory
OID:1.3.6.1.4.1.25623.1.0.810002
Version used: 2022-07-27T10:11:28Z
References
. . . continues on next page . . .
2 RESULTS PER HOST 33
[ return to 103.108.9.11 ]
Summary
This routine attempts to guess which service is running on the remote ports. For instance, it
searches for a web server which could listen on another port than 80 or 443 and makes this
information available for other check routines.
Solution:
Log Method
Details: Services
OID:1.3.6.1.4.1.25623.1.0.10330
Version used: 2021-03-15T10:42:03Z
Summary
This script detects which algorithms are supported by the remote SSH Service.
Solution:
Log Method
Details: SSH Protocol Algorithms Supported
OID:1.3.6.1.4.1.25623.1.0.105565
Version used: 2020-08-24T08:40:10Z
Summary
Identication of SSH protocol versions supported by the remote SSH Server. Also reads the
corresponding ngerprints from the service.
The following versions are tried: 1.33, 1.5, 1.99 and 2.0
Solution:
Log Method
Details: SSH Protocol Versions Supported
OID:1.3.6.1.4.1.25623.1.0.100259
Version used: 2020-08-24T08:40:10Z
Summary
. . . continues on next page . . .
2 RESULTS PER HOST 35
Solution:
Log Method
Details: SSH Server type and version
OID:1.3.6.1.4.1.25623.1.0.10267
Version used: 2023-03-31T10:19:34Z
[ return to 103.108.9.11 ]