0% found this document useful (0 votes)

666 views

Taller

NESSUS REPORT the following plugin IDs have problems associated with them. Select the ID to review more detail.

Uploaded by

William Ruiz Carrillo

Available Formats

Download as RTF, PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

666 views

Taller

NESSUS REPORT the following plugin IDs have problems associated with them. Select the ID to review more detail.

Uploaded by

William Ruiz Carrillo

Available Formats

Download as RTF, PDF, TXT or read online on Scribd

You are on page 1/ 159

NESSUS REPORT

List of PlugIn IDs

The following plugin IDs have problems associated with them. Select the ID to review more detail. PLUGIN ID# # PLUGIN NAME SNMP Agent 41028 2 Default Community Name (public) Cisco IOS Software Network Address 56318 1 Translation Vulnerabilities Cisco Systems Cisco IOS Software Data-Link 56314 1 Switching Vulnerability Cisco Systems Cisco IOS Software Session Initiation 49648 1 Protocol Denial of Service Vulnerabilities Cisco Systems Cisco IOS Software H.323 Denial of 49647 1 Service Vulnerabilities Cisco Systems Cisco IOS Software 49048 1 Tunnels Vulnerability Cisco Systems Cisco IOS Software H.323 Denial of 49042 1 Service Vulnerability Cisco Systems 49040 1 Cisco IOS Software High Severity High Severity problem(s) found High Severity problem(s) found High Severity problem(s) found High Severity problem(s) found High Severity problem(s) found High Severity problem(s) found High Severity problem(s) found SEVERITY

Authentication Proxy Vulnerability Cisco Systems TCP State Manipulation Denial of Service 49038 1 Vulnerabilities in Multiple Cisco Products - Cisco Systems Cisco IOS Software WebVPN and 49036 1 SSLVPN Vulnerabilities Cisco Systems Cisco IOS Software Multiple Features 49035 1 Crafted UDP Packet Vulnerability Cisco Systems Cisco IOS Software Session Initiation 49033 1 Protocol Denial of Service Vulnerability Cisco Systems Cisco IOS Software Secure Copy 49032 1 Privilege Escalation Vulnerability Cisco Systems Cisco IOS Software Mobile IP and 49031 1 Mobile IPv6 Vulnerabilities Cisco Systems Cisco IOS Software 49030 1 Multiple Features IP Sockets Vulnerability 49026 1 Vulnerability in Cisco IOS While Processing SSL High Severity problem(s) found High Severity problem(s) found High Severity problem(s) found High Severity problem(s) found High Severity problem(s) found High Severity problem(s) found High Severity problem(s) found High Severity problem(s) found problem(s) found

Packet - Cisco Systems Multiple Cisco IOS Session Initiation 49025 1 Protocol Denial of Service Vulnerabilities Cisco IOS IPS 49019 1 Denial of Service Vulnerability Cisco Systems SNMP Version 3 49016 1 Authentication Vulnerabilities Cisco Systems Cisco IOS Secure Shell Denial of 49015 1 Service Vulnerabilities Cisco Systems Multiple 49003 1 Vulnerabilities in the IOS FTP Server Cisco IOS TCP 24744 1 Listener Crafted Packets Remote DoS (CSCek37177) Cisco IOS SIP 24740 1 Packet Handling Remote DoS (CSCsh58082) Cisco IOS System 20134 1 Timers Remote Overflow (CSCei61732) SNMP Agent 10264 1 Default Community Names SSL Certificate signed with an 51192 2 unknown Certificate Authority 10079 49017 2 1 Anonymous FTP Enabled Multiple Cisco Medium Severity problem(s) found Medium Severity Medium Severity problem(s) found High Severity problem(s) found High Severity problem(s) found High Severity problem(s) found High Severity problem(s) found High Severity problem(s) found High Severity problem(s) found High Severity problem(s) found High Severity problem(s) found High Severity problem(s) found

Products Vulnerable to DNS Cache Poisoning Attacks Cisco IOS Data-link Switching (DLSw) 24019 1 Capabilities Exchange Remote DoS (CSCsf28840) Cisco IOS MMP Stack Group Bidding Protocol 20744 1 (SGBP) Crafted UDP Packet Remote DoS (CSCsb11124) 12218 1 mDNS Detection HTTP TRACE / 11213 1 TRACK Methods Allowed 22964 54615 45590 28 7 7 Service Detection Device Type Common Platform Enumeration (CPE) HyperText 24260 7 Transfer Protocol (HTTP) Information 11936 10107 11002 10287 7 7 6 6 OS Identification HTTP Server Type and Version DNS Server Detection Traceroute Information HTTP Methods 43111 5 Allowed (per directory) TCP/IP 25220 10114 5 5 Timestamps Supported ICMP Timestamp Low Severity problem(s) found Low Severity problem(s) found Low Severity problem(s) found Low Severity problem(s) found Low Severity problem(s) found Low Severity problem(s) found Low Severity Low Severity problem(s) found Medium Severity problem(s) found Medium Severity problem(s) found Low Severity problem(s) found Low Severity problem(s) found Low Severity problem(s) found Medium Severity problem(s) found Medium Severity problem(s) found problem(s) found

Request Remote Date Disclosure 46180 4 Additional DNS Hostnames Network Time 10884 3 Protocol (NTP) Server Detection 53491 2 SSL / TLS Renegotiation DoS SNMP Supported 40448 2 Protocols Detection 35296 2 SNMP Protocol Version Detection FTP Supports 34324 2 Clear Text Authentication SNMP Query 34022 2 Routing Information Disclosure 21643 20870 20301 2 2 2 SSL Cipher Suites Supported LDAP Server Detection VMware ESX/GSX Server detection Web Server / 20108 2 Application favicon.ico Vendor Fingerprinting 20094 14274 10863 2 2 2 VMware Virtual Machine Detection Nessus SNMP Scanner SSL Certificate Information SNMP Query 10800 2 System Information Disclosure SNMP Request 10551 2 Network Interfaces Enumeration 10263 2 SMTP Server

problem(s) found Low Severity problem(s) found Low Severity problem(s) found Low Severity problem(s) found Low Severity problem(s) found Low Severity problem(s) found Low Severity problem(s) found

Low Severity problem(s) found Low Severity problem(s) found Low Severity problem(s) found Low Severity problem(s) found Low Severity problem(s) found Low Severity problem(s) found Low Severity problem(s) found Low Severity problem(s) found Low Severity problem(s) found

Low Severity problem(s) found Low Severity

Detection Quote of the Day 10198 2 (QOTD) Service Detection 10092 10061 10052 55472 50845 34220 2 2 2 1 1 1 FTP Server Detection Echo Service Detection Daytime Service Detection Device Hostname OpenSSL Detection Netstat Portscanner (WMI) Microsoft .NET 24242 1 Handlers Enumeration 22319 1 MSRPC Service Detection SNMP Query 19763 1 Installed Software Disclosure 11424 1 WebDAV Detection Web Server 11422 1 Unconfigured Default Install Page Present 11367 1 Discard Service Detection Unknown Service 11154 1 Detection: Banner Retrieval 11153 1 Service Detection (HELP Request) News Server 11033 1 (NNTP) Information Disclosure SNMP Request 10969 1 Cisco Router Information Disclosure 10550 1 SNMP Query

problem(s) found Low Severity problem(s) found Low Severity problem(s) found Low Severity problem(s) found Low Severity problem(s) found Low Severity problem(s) found Low Severity problem(s) found Low Severity problem(s) found Low Severity problem(s) found Low Severity problem(s) found Low Severity problem(s) found Low Severity problem(s) found Low Severity problem(s) found Low Severity problem(s) found Low Severity problem(s) found Low Severity problem(s) found Low Severity problem(s) found

Low Severity problem(s) found Low Severity

Running Process List Disclosure Microsoft Windows LAN Manager 10547 1 SNMP LanMan Services Disclosure Microsoft Windows 10546 1 LAN Manager SNMP LanMan Users Disclosure Web Server No 10386 1 404 Error Code Check 10281 10147 1 1 Telnet Server Detection Nessus Server Detection Microsoft 10077 1 FrontPage Extensions Check PORT (0/TCP)

problem(s) found

Low Severity problem(s) found

Low Severity problem(s) found Low Severity problem(s) found Low Severity problem(s) found Low Severity problem(s) found

Plugin ID: 45590 Common Platform Enumeration (CPE)

Synopsis It is possible to enumerate CPE names that matched on the remote\system. List of Hosts 192.168.80.9 Plugin Output
The remote operating system matched the following CPE :

cpe:/o:microsoft:windows_server_2008::sp1

Following application CPE matched on the remote system :

cpe:/a:microsoft:iis:7.0 -> Microsoft Internet Information Services (IIS) 7.0

192.168.80.8 Plugin Output

The remote operating system matched the following CPE :

cpe:/o:microsoft:windows_7:::starter

192.168.80.7 Plugin Output

The remote operating system matched the following CPE :

cpe:/o:microsoft:windows_2003_server::sp2 -> Microsoft Windows 2003 Server Service Pack 2

Following application CPE matched on the remote system :

cpe:/a:microsoft:iis:6.0 -> Microsoft Internet Information Services (IIS) 6.0

192.168.80.6 Plugin Output

The remote operating system matched the following CPE's :

cpe:/o:microsoft:windows_xp::sp2 -> Microsoft Windows XP Service Pack 2 cpe:/o:microsoft:windows_xp::sp3 -> Microsoft Windows XP Service Pack 3

Following application CPE matched on the remote system :

cpe:/a:microsoft:iis:5.1 -> Microsoft IIS 5.1

192.168.80.2 Plugin Output

The remote operating system matched the following CPE :

cpe:/o:microsoft:windows_2003_server::sp1 -> Microsoft Windows 2003 Server Service Pack 1

Following application CPE matched on the remote system :

cpe:/a:microsoft:iis:6.0 -> Microsoft Internet Information Services (IIS) 6.0

192.168.80.10 Plugin Output

The remote operating system matched the following CPE :

cpe:/o:microsoft:windows_7:::home

192.168.80.1 Plugin Output

The remote operating system matched the following CPE :

cpe:/o:cisco:ios:12.4 -> Cisco IOS 12.4

Description By using information obtained from a Nessus scan, this plugin reports CPE (Common Platform Enumeration) matches for various hardware and software products found on a host. Note that if an official CPE is not available for the product, this plugin computes the best possible CPE based on the information available from the scan.

Solution n/a See also http://cpe.mitre.org/ Risk Factor None Plugin publication date: 2010/04/21 Plugin last modification date: 2011/06/07 PORT SNMP (161/UDP) Plugin ID: 34022 SNMP Query Routing Information Disclosure

Synopsis The list of IP routes on the remote host can be obtained via SNMP. List of Hosts 192.168.80.6 Plugin Output
127.0.0.0/255.0.0.0 192.168.56.0/255.255.255.0 192.168.56.1/255.255.255.255 192.168.56.255/255.255.255.255 192.168.80.0/255.255.255.0 192.168.80.6/255.255.255.255 192.168.80.255/255.255.255.255 224.0.0.0/240.0.0.0 255.255.255.255/255.255.255.255

192.168.80.1 Plugin Output

192.168.80.0/255.255.255.0

Description It is possible to obtain the routing information on the remote host by sending SNMP requests with the OID 1.3.6.1.2.1.4.21 An attacker may use this information to gain more knowledge about the network topology. Solution Disable the SNMP service on the remote host if you do not use it, or filter incoming UDP packets going to this port. Risk Factor None Plugin publication date: 2008/08/21 Plugin last modification date: 2011/05/24 PORT (13/TCP) Plugin ID: 11154 Unknown Service Detection: Banner Retrieval

Synopsis There is an unknown service running on the remote host. List of Hosts 192.168.80.6 Plugin Output
If you know what this service is, please send a description along with the following output to [email protected] :

Port : Type : Banner : 0x00:

13 spontaneous

30 39 3A 33 33 3A 34 38 20 61 2E 6D 2E 20 30 38 0x10: 2F 31 30 2F 32 30 31 31 0A

09:33:48 a.m. 08 /10/2011.

Description Nessus was unable to identify a service on the remote host even though it returned a banner of some type. Solution N/A Risk Factor None Plugin publication date: 2002/11/18 Plugin last modification date: 2011/03/17 PORT QOTD (17/TCP) Plugin ID: 11153 Service Detection (HELP Request)

Synopsis The remote service could be identified. List of Hosts 192.168.80.6 Plugin Output
qotd (Quote of the Day) seems to be running on this port (misconfigured).

Description It was possible to identify the remote service by its banner or by looking at the error message it sends when it receives a 'HELP' request. Solution n/a Risk Factor None Plugin publication date: 2002/11/18 Plugin last modification date: 2011/09/14 PORT SNMP (161/UDP) Plugin ID: 20744 Cisco IOS MMP Stack Group Bidding Protocol (SGBP) Crafted UDP Packet Remote DoS (CSCsb11124)

Synopsis The remote router can be crashed remotely. List of Hosts 192.168.80.1

Description The remote host is a CISCO router containing a version of IOS which is prone to a denial of service vulnerability. An attacker may exploit this flaw to crash the remote device. Solution http://www.cisco.com/warp/public/707/cisco-sa-20060118-sgbp.shtml

Risk Factor Medium/ CVSS Base Score: 5.4 (CVSS2#AV:N/AC:H/Au:N/C:N/I:N/A:C) CVSS Temporal Score: 4.4(CVSS2#E:U/RL:W/RC:C) CVE CVE-2006-0340 Bugtraq ID 16303 Other References OSVDB:22624 CWE:20 Vulnerability publication date: 2006/01/18 Plugin publication date: 2006/01/19 Plugin last modification date: 2011/03/17 Ease of exploitability : No known exploits are available PORT (0/TCP) Plugin ID: 49042 Cisco IOS Software H.323 Denial of Service Vulnerability - Cisco Systems

Synopsis The remote device is missing a vendor-supplied security patch List of Hosts 192.168.80.1 Plugin Output
Update to 12.4(25b) or later

Description The H.323 implementation in Cisco IOS Software contains a vulnerability that can be exploited remotely to cause a device that is running Cisco IOS Software to reload.

Cisco has released free software updates that address this vulnerability. There are no workarounds to mitigate the vulnerability apart from disabling H.323 if the device that is running Cisco IOS Software does not need to run H.323 for VoIP services. Solution Apply the described patch (see plugin output). See also http://www.cisco.com/warp/public/707/cisco-sa-20090923h323.shtml http://www.cisco.com/en/US/products/products_security_adviso ry09186a0080af811a.shtml Risk Factor High/ CVSS Base Score: 7.8 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C) CVE CVE-2009-2866 Other References CISCO-BUG-ID:CSCsz38104 CISCO-SA:cisco-sa-20090923-h323http Plugin publication date: 2010/09/01 Plugin last modification date: 2011/03/30 PORT QOTD (17/TCP) Plugin ID: 10198 Quote of the Day (QOTD) Service Detection

Synopsis The quote service (qotd) is running on this host. List of Hosts 192.168.80.6

Description

A server listens for TCP connections on TCP port 17. Once a connection is established a short message is sent out the connection (and any data received is thrown away). The service closes the connection after sending the quote. Another quote of the day service is defined as a datagram based application on UDP. A server listens for UDP datagrams on UDP port 17. When a datagram is received, an answering datagram is sent containing a quote (the data in the received datagram is ignored). An easy attack is 'pingpong' which IP spoofs a packet between two machines running qotd. This will cause them to spew characters at each other, slowing the machines down and saturating the network. Solution - Under Unix systems, comment out the 'qotd' line in /etc/inetd.conf and restart the inetd process - Under Windows systems, set the following registry keys to 0 : HKLM\System\CurrentControlSet\Services\SimpTCP\Parameters\Enabl eTcpQotd HKLM\System\CurrentControlSet\Services\SimpTCP\Parameters\Enabl eUdpQotd Then launch cmd.exe and type : net stop simptcp net start simptcp To restart the service. Risk Factor None

CVE CVE-1999-0103 Other References OSVDB:150 Vulnerability publication date: 1996/02/08 Plugin publication date: 1999/11/30 Plugin last modification date: 2011/07/26 PORT TELNET (23/TCP) Plugin ID: 10281 Telnet Server Detection

Synopsis A Telnet server is listening on the remote port. List of Hosts 192.168.80.1 Plugin Output
Here is the banner from the remote Telnet server :

------------------------------ snip ------------------------------

User Access Verification

Password: ------------------------------ snip ------------------------------

Description The remote host is running a Telnet server, a remote terminal server. Solution Disable this service if you do not use it.

Risk Factor None Plugin publication date: 1999/10/12 Plugin last modification date: 2011/03/17 PORT (0/TCP) Plugin ID: 49025 Multiple Cisco IOS Session Initiation Protocol Denial of Service Vulnerabilities

Synopsis The remote device is missing a vendor-supplied security patch List of Hosts 192.168.80.1 Plugin Output
Update to 12.4(18c) or later

Description Multiple vulnerabilities exist in the Session Initiation Protocol (SIP) implementation in Cisco IOS that can be exploited remotely to trigger a memory leak or to cause a reload of the IOS device. Cisco has released free software updates that address these vulnerabilities. Fixed Cisco IOS software listed in the Software Versions and Fixes section contains fixes for all vulnerabilities addressed in this advisory. There are no workarounds available to mitigate the effects of any of the vulnerabilities apart from disabling the protocol or feature itself, if administrators do not require the Cisco IOS device to provide voice over IP services. Solution Apply the described patch (see plugin output).

See also http://www.cisco.com/warp/public/707/cisco-sa-20080924iosfw.shtml http://www.cisco.com/warp/public/707/cisco-sa-20080924mfi.shtml http://www.cisco.com/warp/public/707/cisco-sa-20080924iosips.shtml http://www.cisco.com/warp/public/707/cisco-sa-20080924vpn.shtml http://www.cisco.com/warp/public/707/cisco-sa-20080924cucm.shtml http://www.cisco.com/warp/public/707/cisco-sa-20080924ssl.shtml http://www.cisco.com/warp/public/707/cisco-sa-20080924cucm.shtml http://www.cisco.com/warp/public/707/cisco-sa-20080924l2tp.shtml http://www.cisco.com/warp/public/707/cisco-sa-20070131sip.shtml http://www.cisco.com/warp/public/707/cisco-sa-20080924sip.shtml http://www.cisco.com/warp/public/707/cisco-sa-20080924sccp.shtml http://www.cisco.com/warp/public/707/cisco-sa-20080924multicast.shtml http://www.cisco.com/warp/public/707/cisco-sa-20080924ubr.shtml http://www.cisco.com/warp/public/707/cisco-sa-20080924ipc.shtml http://www.cisco.com/en/US/products/products_security_adviso ry09186a0080a01562.shtml Risk Factor High/ CVSS Base Score: 7.8 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C) CVE CVE-2008-3799 CVE-2008-3800 CVE-2008-3801

CVE-2008-3802 Other References CWE:399 CISCO-BUG-ID:CSCsb25337 CISCO-BUG-ID:CSCse56800 CISCO-BUG-ID:CSCsg91306 CISCO-BUG-ID:CSCsk42759 CISCO-BUG-ID:CSCsl62609 CISCO-SA:cisco-sa-20080924-siphttp Plugin publication date: 2010/09/01 Plugin last modification date: 2011/03/30 PORT (0/TCP) Plugin ID: 49038 TCP State Manipulation Denial of Service Vulnerabilities in Multiple Cisco Products - Cisco Systems

Synopsis The remote device is missing a vendor-supplied security patch List of Hosts 192.168.80.1 Plugin Output
Update to 12.4(25b) or later

Description Multiple Cisco products are affected by denial of service (DoS) vulnerabilities that manipulate the state of Transmission Control Protocol (TCP) connections. By manipulating the state of a TCP connection, an attacker could force the TCP connection to remain in a long-lived state, possibly indefinitely. If enough TCP connections are forced into a long-lived or indefinite state, resources on a system under attack may be consumed, preventing new TCP connections from being

accepted. In some cases, a system reboot may be necessary to recover normal system operation. To exploit these vulnerabilities, an attacker must be able to complete a TCP three-way handshake with a vulnerable system. In addition to these vulnerabilities, Cisco Nexus 5000 devices contain a TCP DoS vulnerability that may result in a system crash. This additional vulnerability was found as a result of testing the TCP state manipulation vulnerabilities. Cisco has released free software updates for download from the Cisco website that address these vulnerabilities. Workarounds that mitigate these vulnerabilities are available. Solution Apply the described patch (see plugin output). See also http://www.cisco.com/warp/public/707/cisco-sa-20090908tcp24.shtml http://www.cisco.com/en/US/products/products_security_adviso ry09186a0080af511d.shtml Risk Factor High/ CVSS Base Score: 7.8 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C) CVE CVE-2008-4609 CVE-2009-0627 Other References CWE:16 CISCO-BUG-ID:CSCsv02768 CISCO-BUG-ID:CSCsv04836 CISCO-BUG-ID:CSCsv07712 CISCO-BUG-ID:CSCsv08059 CISCO-BUG-ID:CSCsv08325 CISCO-BUG-ID:CSCsv08579 CISCO-BUG-ID:CSCsv66169

CISCO-SA:cisco-sa-20090908-tcp24http Plugin publication date: 2010/09/01 Plugin last modification date: 2011/03/30 PORT WWW (80/TCP) Plugin ID: 11213 HTTP TRACE / TRACK Methods Allowed

Synopsis Debugging functions are enabled on the remote web server. List of Hosts 192.168.80.6 Plugin Output
Use the URLScan tool to deny HTTP TRACE requests or to permit only the methods needed to meet site requirements and policy.

Nessus sent the following TRACE request :

------------------------------ snip -----------------------------TRACE /Nessus1064595757.html HTTP/1.1 Connection: Close Host: 192.168.80.6 Pragma: no-cache User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0) Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, */* Accept-Language: en Accept-Charset: iso-8859-1,*,utf-8

------------------------------ snip ------------------------------

and received the following response from the remote server :

------------------------------ snip -----------------------------HTTP/1.1 200 OK

Server: Microsoft-IIS/5.1 Date: Sat, 08 Oct 2011 14:35:41 GMT X-Powered-By: ASP.NET Content-Type: message/http Content-Length: 314

TRACE /Nessus1064595757.html HTTP/1.1 Connection: Keep-Alive Host: 192.168.80.6 Pragma: no-cache User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0) Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, */* Accept-Language: en Accept-Charset: iso-8859-1,*,utf-8

------------------------------ snip ------------------------------

Description The remote webserver supports the TRACE and/or TRACK methods. TRACE and TRACK are HTTP methods that are used to debug web server connections. Solution Disable these methods. Refer to the plugin output for more information. See also http://www.cgisecurity.com/whitehat-mirror/WHWhitePaper_XST_ebook.pdf http://www.apacheweek.com/issues/03-01-24 http://www.kb.cert.org/vuls/id/288308 http://www.kb.cert.org/vuls/id/867593 http://download.oracle.com/sunalerts/1000718.1.html

Risk Factor Medium/ CVSS Base Score: 4.3 (CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N) CVSS Temporal Score: 3.9(CVSS2#E:F/RL:W/RC:C) CVE CVE-2003-1567 CVE-2004-2320 CVE-2010-0386 Bugtraq ID 9506 9561 11604 33374 37995 Other References OSVDB:877 OSVDB:3726 OSVDB:5648 OSVDB:50485 CWE:16 Vulnerability publication date: 2003/01/20 Plugin publication date: 2003/01/23 Plugin last modification date: 2011/09/19 Ease of exploitability : Exploits are available PORT SNMP (161/UDP) Plugin ID: 10800 SNMP Query System Information Disclosure

Synopsis The System Information of the remote host can be obtained via SNMP. List of Hosts 192.168.80.6

Plugin Output
System information : sysDescr : Hardware: x86 Family 15 Model 76 Stepping 2 AT/AT COMPATIBLE -

Software: Windows 2000 Version 5.1 (Build 2600 Uniprocessor Free) sysObjectID sysUptime sysContact sysName sysLocation sysServices : 1.3.6.1.4.1.311.1.1.3.1.1 : 0d 0h 5m 54s : : HOGAR-86A6036CE : : 76

192.168.80.1 Plugin Output

System information : sysDescr : Cisco IOS Software, 1841 Software (C1841-IPBASE-M), Version

12.4(1c), RELEASE SOFTWARE (fc1) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2005 by Cisco Systems, Inc. Compiled Tue 25-Oct-05 17:10 by evmiller sysObjectID sysUptime sysContact sysName sysLocation sysServices : 1.3.6.1.4.1.9.1.620 : 0d 0h 5m 32s : : Seguridad2 : : 78

Description It is possible to obtain the system information about the remote host by sending SNMP requests with the OID 1.3.6.1.2.1.1.1. An attacker may use this information to gain more knowledge about the target host.

Solution Disable the SNMP service on the remote host if you do not use it, or filter incoming UDP packets going to this port. Risk Factor None Plugin publication date: 2001/11/06 Plugin last modification date: 2011/05/24 PORT WWW (8834/TCP) Plugin ID: 10107 HTTP Server Type and Version

Synopsis A web server is running on the remote host. List of Hosts 192.168.80.6 Plugin Output
The remote web server type is :

NessusWWW

Description This plugin attempts to determine the type and the version of the remote web server. Solution n/a Risk Factor None

Plugin publication date: 2000/01/04 Plugin last modification date: 2011/04/21 PORT (8197/TCP) Plugin ID: 10107 HTTP Server Type and Version

Synopsis A web server is running on the remote host. List of Hosts 192.168.80.7 Plugin Output
The remote web server type is :

Microsoft-IIS/6.0

Description This plugin attempts to determine the type and the version of the remote web server. Solution n/a Risk Factor None Plugin publication date: 2000/01/04 Plugin last modification date: 2011/04/21 PORT WWW (80/TCP) Plugin ID: 10107 HTTP Server Type and Version

Synopsis A web server is running on the remote host. List of Hosts 192.168.80.9 Plugin Output
The remote web server type is :

Microsoft-IIS/7.0

192.168.80.7 Plugin Output

The remote web server type is :

Microsoft-IIS/6.0

192.168.80.6 Plugin Output

The remote web server type is :

Microsoft-IIS/5.1

192.168.80.2 Plugin Output

The remote web server type is :

Microsoft-IIS/6.0

192.168.80.1 Plugin Output

The remote web server type is :

cisco-IOS

Description This plugin attempts to determine the type and the version of the

remote web server. Solution n/a Risk Factor None Plugin publication date: 2000/01/04 Plugin last modification date: 2011/04/21 PORT WWW (80/TCP) Plugin ID: 11424 WebDAV Detection

Synopsis The remote server is running with WebDAV enabled. List of Hosts 192.168.80.6

Description WebDAV is an industry standard extension to the HTTP specification. It adds a capability for authorized users to remotely add and manage the content of a web server. If you do not use this extension, you should disable it. Solution http://support.microsoft.com/default.aspx?kbid=241520 Risk Factor None Plugin publication date: 2003/03/20 Plugin last modification date: 2011/03/14

PORT SNMP (161/UDP) Plugin ID: 10551 SNMP Request Network Interfaces Enumeration

Synopsis The list of network interfaces cards of the remote host can be obtained via\SNMP. List of Hosts 192.168.80.6 Plugin Output
Interface 1 information : ifIndex ifDescr : 1 : MS TCP Loopback interface

192.168.80.1 Plugin Output

Interface 1 information : ifIndex ifDescr : 1 : FastEthernet0/0

ifPhysAddress : 001d7076c01e

Interface 2 information : ifIndex ifDescr : 2 : FastEthernet0/1

ifPhysAddress : 001d7076c01f

Interface 3 information : ifIndex ifDescr : 3 : Serial0/0/0

ifPhysAddress :

Interface 4 information : ifIndex ifDescr : 4 : Serial0/0/1

ifPhysAddress :

Interface 5 information : ifIndex ifDescr : 5 : Null0

ifPhysAddress :

Description It is possible to obtain the list of the network interfaces installed on the remote host by sending SNMP requests with the OID 1.3.6.1.2.1.2.1.0 An attacker may use this information to gain more knowledge about the target host. Solution Disable the SNMP service on the remote host if you do not use it, or filter incoming UDP packets going to this port. Risk Factor None Plugin publication date: 2000/11/13 Plugin last modification date: 2011/05/24 PORT NESSUS (1241/TCP) Plugin ID: 10147 Nessus Server Detection

Synopsis A Nessus daemon is listening on the remote port. List of Hosts 192.168.80.6

Description A Nessus daemon is listening on the remote port. It is not recommended to let anyone connect to this port. Also, make sure that the remote Nessus installation has been authorized. Solution Filter incoming traffic to this port. Risk Factor None Plugin publication date: 1999/10/12 Plugin last modification date: 2011/03/11 PORT SNMP (161/UDP) Plugin ID: 24740 Cisco IOS SIP Packet Handling Remote DoS (CSCsh58082)

Synopsis The remote CISCO device can be crashed remotely. List of Hosts 192.168.80.1

Description The remote version of IOS contains a flaw which may cause the remote router to crash when it receives a malicious SIP (Session Initiation

Protocol) packet. An attacker might use these flaws to disable this device remotely. Solution http://www.cisco.com/warp/public/707/cisco-sa-20070131-sip.shtml Risk Factor High/ CVSS Base Score: 7.8 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C) CVSS Temporal Score: 6.4(CVSS2#E:F/RL:OF/RC:C) CVE CVE-2007-0648 Bugtraq ID 22330 Other References OSVDB:33051 Vulnerability publication date: 2007/01/31 Plugin publication date: 2007/03/01 Plugin last modification date: 2011/03/11 Ease of exploitability : Exploits are available PORT (0/TCP) Plugin ID: 55472 Device Hostname

Synopsis It is possible to determine the remote system hostname. List of Hosts 192.168.80.7 Plugin Output
Hostname : HOGAR-1B0FB0481

Description This plugin reports a device's hostname collected via SSH or WMI. Solution n/a Risk Factor None Plugin publication date: 2011/06/30 Plugin last modification date: 2011/07/01 PORT WWW (10757/TCP) Plugin ID: 22964 Service Detection

Synopsis The remote service could be identified. List of Hosts 192.168.80.6 Plugin Output
A web server is running on this port.

Description It was possible to identify the remote service by its banner or by looking at the error message it sends when it receives an HTTP request. Solution n/a

Risk Factor None Plugin publication date: 2007/08/19 Plugin last modification date: 2011/09/20 PORT WWW (8834/TCP) Plugin ID: 22964 Service Detection

Synopsis The remote service could be identified. List of Hosts 192.168.80.6 Plugin Output
A web server is running on this port through TLSv1.

192.168.80.6 Plugin Output

A TLSv1 server answered on this port.

Plugin last modification date: 2011/09/20 PORT (8197/TCP) Plugin ID: 22964 Service Detection

Synopsis The remote service could be identified. List of Hosts 192.168.80.7 Plugin Output
A web server is running on this port.

Description It was possible to identify the remote service by its banner or by looking at the error message it sends when it receives an HTTP request. Solution n/a Risk Factor None Plugin publication date: 2007/08/19 Plugin last modification date: 2011/09/20 PORT (3300/TCP) Plugin ID: 22964 Service Detection

Synopsis The remote service could be identified.

List of Hosts 192.168.80.6 Plugin Output

The service closed the connection without sending any data. It might be protected by some sort of TCP wrapper.

Synopsis The remote service could be identified. List of Hosts 192.168.80.7 Plugin Output
The service closed the connection without sending any data. It might be protected by some sort of TCP wrapper.

Synopsis The remote service could be identified. List of Hosts 192.168.80.6 Plugin Output
A TLSv1 server answered on this port.

Description It was possible to identify the remote service by its banner or by looking at the error message it sends when it receives an HTTP request. Solution n/a

Risk Factor None Plugin publication date: 2007/08/19 Plugin last modification date: 2011/09/20 PORT DCE-RPC (1027/TCP) Plugin ID: 22964 Service Detection

Synopsis The remote service could be identified. List of Hosts 192.168.80.7 Plugin Output
An ncacn_http server is running on this port.

Service Detection

Synopsis The remote service could be identified. List of Hosts 192.168.80.8 Plugin Output
A VMware authentication daemon is running on this port.

192.168.80.10 Plugin Output

A VMware authentication daemon is running on this port.

Synopsis The remote service could be identified.

List of Hosts 192.168.80.7 Plugin Output

The service closed the connection without sending any data. It might be protected by some sort of TCP wrapper.

192.168.80.2 Plugin Output

The service closed the connection without sending any data. It might be protected by some sort of TCP wrapper.

Synopsis The remote service could be identified. List of Hosts 192.168.80.9

Plugin Output
An http-rpc-epmap is running on this port.

192.168.80.7 Plugin Output

An http-rpc-epmap is running on this port.

192.168.80.2 Plugin Output

An http-rpc-epmap is running on this port.

Synopsis The remote service could be identified. List of Hosts 192.168.80.2 Plugin Output

An NNTP server is running on this port.

Synopsis The remote service could be identified. List of Hosts 192.168.80.9 Plugin Output
A web server is running on this port.

192.168.80.7 Plugin Output

A web server is running on this port.

192.168.80.6 Plugin Output

A web server is running on this port.

192.168.80.2 Plugin Output

A web server is running on this port.

192.168.80.1 Plugin Output

A web server is running on this port.

Synopsis The remote service could be identified. List of Hosts 192.168.80.6 Plugin Output
An SMTP server is running on this port.

192.168.80.2

Plugin Output
An SMTP server is running on this port.

Synopsis The remote service could be identified. List of Hosts 192.168.80.1 Plugin Output
A telnet server is running on this port.

Description It was possible to identify the remote service by its banner or by looking

at the error message it sends when it receives an HTTP request. Solution n/a Risk Factor None Plugin publication date: 2007/08/19 Plugin last modification date: 2011/09/20 PORT FTP (21/TCP) Plugin ID: 22964 Service Detection

Synopsis The remote service could be identified. List of Hosts 192.168.80.6 Plugin Output
An FTP server is running on this port.

192.168.80.2 Plugin Output

An FTP server is running on this port.

Description It was possible to identify the remote service by its banner or by looking at the error message it sends when it receives an HTTP request. Solution n/a

Risk Factor None Plugin publication date: 2007/08/19 Plugin last modification date: 2011/09/20 PORT CHARGEN (19/TCP) Plugin ID: 22964 Service Detection

Synopsis The remote service could be identified. List of Hosts 192.168.80.6 Plugin Output
A chargen server is running on this port.

Synopsis The remote service could be identified. List of Hosts 192.168.80.6 Plugin Output
An echo server is running on this port.

Synopsis The remote device is missing a vendor-supplied security patch List of Hosts 192.168.80.1 Plugin Output

Update to 12.4(19a) or later

Description Multiple Cisco products are vulnerable to DNS cache poisoning attacks due to their use of insufficiently randomized DNS transaction IDs and UDP source ports in the DNS queries that they produce, which may allow an attacker to more easily forge DNS answers that can poison DNS caches. To exploit this vulnerability an attacker must be able to cause a vulnerable DNS server to perform recursive DNS queries. Therefore, DNS servers that are only authoritative, or servers where recursion is not allowed, are not affected. Cisco has released free software updates that address these vulnerabilities. Solution Apply the described patch (see plugin output). See also http://www.cisco.com/warp/public/707/cisco-sa-20080708dns.shtml http://www.cisco.com/en/US/products/products_security_adviso ry09186a00809c2168.shtml Risk Factor Medium/ CVSS Base Score: 6.4 (CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:P) CVE CVE-2008-1447 Other References CISCO-BUG-ID:CSCso81854 CISCO-BUG-ID:CSCsq01298 CISCO-BUG-ID:CSCsq21930 CISCO-BUG-ID:CSCsr28008

CISCO-BUG-ID:CSCsr28354 CISCO-BUG-ID:CSCsr29124 CISCO-BUG-ID:CSCsr29691 CISCO-BUG-ID:CSCsr61220 CISCO-BUG-ID:CSCsr98689 CISCO-BUG-ID:CSCsu10546 CISCO-SA:cisco-sa-20080708-dnshttp Plugin publication date: 2010/09/01 Plugin last modification date: 2011/03/30 PORT SNMP (161/UDP) Plugin ID: 24019 Cisco IOS Data-link Switching (DLSw) Capabilities Exchange Remote DoS (CSCsf28840)

Synopsis The remote router can be crashed remotely. List of Hosts 192.168.80.1

Description The remote host is a CISCO router containing a version of IOS that is affected by a denial of service vulnerability. An attacker may exploit this flaw to crash the remote device. Solution http://www.cisco.com/en/US/products/products_security_advisory09186 a00807bd128.shtml Risk Factor Medium/ CVSS Base Score: 5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)

CVSS Temporal Score: 4.1(CVSS2#E:F/RL:OF/RC:C) CVE CVE-2007-0199 Bugtraq ID 21990 Other References OSVDB:32683 Vulnerability publication date: 2007/01/10 Plugin publication date: 2007/01/17 Plugin last modification date: 2011/03/17 Ease of exploitability : Exploits are available PORT SNMP (161/UDP) Plugin ID: 14274 Nessus SNMP Scanner

Synopsis List of Hosts 192.168.80.6 Plugin Output

Nessus snmp scanner was able to retrieve the open port list with the community name: public It found 20 open TCP ports and 23 open UDP ports

192.168.80.6 192.168.80.1 Plugin Output

Nessus snmp scanner was able to retrieve the open port list with the community name: public It found 0 open TCP ports and 6 open UDP ports

192.168.80.1

Description

Solution

Risk Factor

PORT WWW (8834/TCP) Plugin ID: 21643 SSL Cipher Suites Supported

Synopsis The remote service encrypts communications using SSL. List of Hosts 192.168.80.6 Plugin Output
Here is the list of SSL ciphers supported by the remote server :

High Strength Ciphers (>= 112-bit key) SSLv3 DES-CBC3-SHA Mac=SHA1 RC4-MD5 Mac=MD5 RC4-SHA Mac=SHA1 TLSv1 Kx=RSA Au=RSA Enc=RC4(128) Kx=RSA Au=RSA Enc=RC4(128) Kx=RSA Au=RSA Enc=3DES(168)

DES-CBC3-SHA Mac=SHA1 AES128-SHA Mac=SHA1 AES256-SHA Mac=SHA1 RC4-MD5 Mac=MD5 RC4-SHA Mac=SHA1

Kx=RSA

Au=RSA

Enc=3DES(168)

Kx=RSA

Au=RSA

Enc=AES(128)

Kx=RSA

Au=RSA

Enc=AES(256)

Kx=RSA

Au=RSA

Enc=RC4(128)

Kx=RSA

Au=RSA

Enc=RC4(128)

The fields above are :

{OpenSSL ciphername} Kx={key exchange} Au={authentication} Enc={symmetric encryption method} Mac={message authentication code} {export flag}

Description This script detects which SSL ciphers are supported by the remote service for encrypting communications. Solution n/a See also http://www.openssl.org/docs/apps/ciphers.html Risk Factor None Plugin publication date: 2006/06/05 Plugin last modification date: 2011/06/07

PORT NESSUS (1241/TCP) Plugin ID: 21643 SSL Cipher Suites Supported

Synopsis The remote service encrypts communications using SSL. List of Hosts 192.168.80.6 Plugin Output
Here is the list of SSL ciphers supported by the remote server :

High Strength Ciphers (>= 112-bit key) TLSv1 DES-CBC3-SHA Mac=SHA1 AES128-SHA Mac=SHA1 AES256-SHA Mac=SHA1 RC4-MD5 Mac=MD5 RC4-SHA Mac=SHA1 Kx=RSA Au=RSA Enc=RC4(128) Kx=RSA Au=RSA Enc=RC4(128) Kx=RSA Au=RSA Enc=AES(256) Kx=RSA Au=RSA Enc=AES(128) Kx=RSA Au=RSA Enc=3DES(168)

The fields above are :

{OpenSSL ciphername} Kx={key exchange} Au={authentication} Enc={symmetric encryption method} Mac={message authentication code} {export flag}

Synopsis The list of processes running on the remote host can be obtained via SNMP. List of Hosts 192.168.80.6 Plugin Output
PID 1 4 112 432 460 476 CPU 3108 17 0 0 MEM COMMAND ARGS

28 System Idle Process 244 System 6436 btdna.exe 3836 svchost.exe -k LocalService -service

26 29536 lnssatt.exe 0 1392 agrsmsvc.exe

492 496 560

0 0 7

3688 alg.exe 8556 CTserv.exe 1412 jqs.exe -service -config "C:\Archivos de

programa\Java\jre7\lib\deploy\jqs\jqs.conf" 608 628 632 672 25 69968 ekrn.exe 1 26072 Syslogd_Manager.exe 41 32620 lnssatt.exe 0 8476 dllhost.exe -service /Processid:{3D14228D-FBE1-11D0-995D-

00C04FD919C1} 720 728 764 816 0 23176 Syslogd_Service.exe 0 0 0 2892 acrotray.exe 432 smss.exe 3500 rundll32.exe

C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit 824 868 900 920 936 944 972 1024 1060 1064 1072 1076 1 22932 RTHDCPL.exe 10 30312 svchost.exe 0 1 0 0 -k netsvcs

9744 SolarWinds-Toolbar.exe 7896 iexplore.exe -Embedding

3680 RIMBBLaunchAgent.exe 5272 GrooveMonitor.exe

1 16112 nessussvrmanager.exe 0 16748 facemoodssrv.exe 6 27984 explorer.exe 0 0 9 2888 GoogleToolbarNotifier.exe 3444 ctfmon.exe 2616 csrss.exe ObjectDirectory=\Windows /md I

SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserS 1108 1152 1164 1324 1460 1516 1596 1616 1812 1900 0 4708 winlogon.exe

5 18436 services.exe 0 0 0 0 0 0 0 3300 lsass.exe 3764 svchost.exe 5604 svchost.exe 5148 svchost.exe 4044 svchost.exe 6616 spoolsv.exe 3340 mdm.exe -k NetworkService -k DcomLaunch -k rpcss -k LocalService

3 13516 inetinfo.exe

2112 2132 2180 2356 2408 2464 2652

4240 nvsvc32.exe

1 24436 VirtualBox.exe 3 29216 statusmonitor.exe 0 0 0 0 3568 tcpsvcs.exe 4376 snmp.exe 4788 svchost.exe 5080 dumpcap.exe -k imgsvc -i \Device\NPF_{26B65165-7CA2-4A05-8A3A-

B6C21F640607} -Z 3620 -B 1 2688 0 8512 dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-

00805FC79235} 2836 2936 0 5156 msdtc.exe --comment Server2003 --startvm aa7f5fd0-

80 38992 VirtualBox.exe

f4e1-4f97-8c11-56dc1e8c66c0 --no-startvm-errormsgbox 3252 3516 3612 3620 3948 3984 4012 56 115464 iexplore.exe 33 54292 nessusd.exe 0 1268 nessus-service.exe SCODEF:920 CREDAT:79873

58 70736 wireshark.exe 0 0 956 cmd.exe 3316 WZQKPICK.EXE -Embedding

2 12192 VBoxSVC.exe

Description It is possible to obtain the list of running processes on the remote host by sending SNMP requests with the OID 1.3.6.1.2.1.25.4.2.1.2 An attacker may use this information to gain more knowledge about the target host. Solution Disable the SNMP service on the remote host if you do not use it, or filter incoming UDP packets going to this port. Risk Factor None

Plugin publication date: 2000/11/13 Plugin last modification date: 2011/05/24 PORT SNMP (161/UDP) Plugin ID: 10546 Microsoft Windows LAN Manager SNMP LanMan Users Disclosure

Synopsis The list of LanMan users of the remote host can be obtained via SNMP. List of Hosts 192.168.80.6 Plugin Output
ASPNET william Invitado Administrador LANGUARD_10_USER LNSS_MONITOR_USR SUPPORT_388945a0 Asistente de ayuda IUSR_HOGAR-86A6036CE IWAM_HOGAR-86A6036CE

Description It is possible to obtain the list of LanMan users on the remote host by sending SNMP requests with the OID 1.3.6.1.4.1.77.1.2.25.1.1 An attacker may use this information to gain more knowledge about the target host. Solution

Disable the SNMP service on the remote host if you do not use it, or filter incoming UDP packets going to this port. Risk Factor None CVE CVE-1999-0499 Other References OSVDB:445 Vulnerability publication date: 1999/06/07 Plugin publication date: 2000/11/10 Plugin last modification date: 2011/05/24 PORT SNMP (161/UDP) Plugin ID: 10547 Microsoft Windows LAN Manager SNMP LanMan Services Disclosure

Synopsis The list of LanMan services running on the remote host can be obtained\via SNMP. List of Hosts 192.168.80.6 Plugin Output
Temas Servidor Telefon a

Cliente DNS Cliente Web Cliente DHCP ESET Service Plug and Play Servicio SNMP Escucha de RIP Tenable Nessus

Registro remoto Servicios IPSEC Audio de Windows Conexiones de red HID Input Service Cola de impresi n

Horario de Windows Java Quick Starter Kiwi Syslog Server Centro de seguridad CommTraffic Service Publicaci n en FTP

Registro de sucesos Estaci n de trabajo

Servicios de cifrado Examinador de equipos Machine Debug Manager Programador de tareas Administraci n de IIS

Sistema de sucesos COM+ Almacenamiento protegido Ayuda y soporte t cnico

Servicio de ayuda de IPv6 Servicios simples de TCP/IP Actualizaciones autom Aplicaci Detecci ticas

n del sistema COM+ n de hardware shell n secundario

Inicio de sesi

Servicios de Terminal Server Ayuda de NetBIOS sobre TCP/IP NVIDIA Display Driver Service Publicaci n en World Wide Web

Servicio de informe de errores Agere Modem Call Progress Audio Administrador de discos l gicos

NLA (Network Location Awareness) Servicio de descubrimientos SSDP GFI LanGuard 10 Attendant Service

Configuraci

n inal

mbrica r

pida

Llamada a procedimiento remoto (RPC) Notificaci n de sucesos del sistema n de sistema

Servicio de restauraci

Administrador de cuentas de seguridad Iniciador de procesos de servidor DCOM GFI LANguard N.S.S. 8.0 Attendant Service Adquisici n de im genes de Windows (WIA) n de Windows

Instrumental de administraci Administrador de conexi

n de acceso remoto pido de usuario

Compatibilidad de cambio r

Cliente de seguimiento de vinculos distribuidos Protocolo simple de transferencia de correo (SMTP) Servicio de puerta de enlace de capa de aplicaci n

Coordinador de transacciones distribuidas de Microsoft Servicio de transferencia inteligente en segundo plano Firewall de Windows/Conexi n compartida a Internet (ICS)

Description It is possible to obtain the list of LanMan services on the remote host by sending SNMP requests with the OID 1.3.6.1.4.1.77.1.2.3.1.1 An attacker may use this information to gain more knowledge about the target host. Solution Disable the SNMP service on the remote host if you do not use it, or filter incoming UDP packets going to this port. Risk Factor Low CVE CVE-1999-0499 Other References OSVDB:445

Vulnerability publication date: 1999/06/07 Plugin publication date: 2000/11/10 Plugin last modification date: 2011/05/24 PORT (0/ICMP) Plugin ID: 10114 ICMP Timestamp Request Remote Date Disclosure

Synopsis It is possible to determine the exact time set on the remote host. List of Hosts 192.168.80.8 Plugin Output
The ICMP timestamps seem to be in little endian format (not in network format) The difference between the local and remote clocks is -868 seconds.

192.168.80.7 Plugin Output

This host returns non-standard timestamps (high bit is set) The ICMP timestamps might be in little endian format (not in network format) The difference between the local and remote clocks is 2 seconds.

192.168.80.2 Plugin Output

192.168.80.10 Plugin Output

The ICMP timestamps seem to be in little endian format (not in network format) The difference between the local and remote clocks is -767 seconds.

192.168.80.1 Plugin Output

This host returns non-standard timestamps (high bit is set)

Description The remote host answers to an ICMP timestamp request. This allows an attacker to know the date that is set on the targeted machine. This may help an attacker to defeat all time-based authentication protocols. Solution Filter out the ICMP timestamp requests (13), and the outgoing ICMP timestamp replies (14). Risk Factor None CVE CVE-1999-0524 Other References OSVDB:94 CWE:200 Vulnerability publication date: 1995/01/01 Plugin publication date: 1999/08/01 Plugin last modification date: 2011/08/19 PORT SMTP (25/TCP) Plugin ID: 10263 SMTP Server Detection

Synopsis An SMTP server is listening on the remote port. List of Hosts 192.168.80.6 Plugin Output
Remote SMTP server banner :

220 hogar-86a6036ce Microsoft ESMTP MAIL Service, Version: 6.0.2600.5949 ready at Sat, 8 Oct 2011 09:33:50 -0500

192.168.80.2 Plugin Output

Remote SMTP server banner :

220 familiar-ctue30.GRUPO1.COM Microsoft ESMTP MAIL Service, Version: 6.0.3790.1830 ready at Sat, 8 Oct 2011 10:35:22 -0400

Description The remote host is running a mail (SMTP) server on this port. Since SMTP servers are the targets of spammers, it is recommended you disable it if you do not use it. Solution Disable this service if you do not use it, or filter incoming traffic to this port. Risk Factor None

Plugin publication date: 1999/10/12 Plugin last modification date: 2011/03/11 PORT WWW (8834/TCP) Plugin ID: 10863 SSL Certificate Information

Synopsis This plugin displays the SSL certificate. List of Hosts 192.168.80.6 Plugin Output
Subject Name:

Organization: independiente Organization Unit: Nessus Server Locality: town Country: us State/Province: ohio Common Name: hogar-86a6036ce

Issuer Name:

Organization: independiente Organization Unit: Nessus Certification Authority Locality: town Country: us State/Province: ohio Common Name: Nessus Certification Authority

Serial Number: 30 F1

Version: 3

Signature Algorithm: SHA-1 With RSA Encryption

Not Valid Before: Oct 02 01:37:26 2011 GMT Not Valid After: Oct 01 01:37:26 2012 GMT

Public Key Info:

Algorithm: RSA Encryption Public Key: 00 B5 16 E6 70 30 CF F4 FB 12 B0 B4 41 ED 15 BD C1 F2 F1 E5 F1 B3 38 5A 48 45 F8 2F D3 AC F6 B7 92 D4 4A 33 07 30 EC C1 A5 42 56 51 11 A5 38 96 99 4D C8 BA EA 35 6E 2C 0B B8 DF BB 8B EA CE FA D5 3C B7 BC 0B 86 83 9A 11 39 88 D5 9E 6C 37 40 76 56 6D 7C 72 7B 6D C9 38 AE E5 E5 84 14 3E 91 48 B8 7B 3D E4 58 69 A8 2F 0A 8B D2 1E 74 B1 87 D3 DE 9F 6A D7 B7 1D 4D 0B FB 59 E8 B7 2B 25 0A 5D Exponent: 01 00 01

Signature: 00 14 60 84 7F 4C 02 E9 95 DD 06 3E 10 28 21 59 E2 3D 83 F6 3F B5 92 9C 12 78 F0 72 56 1D 87 59 D7 A3 27 43 61 8B F6 8C 55 C0 D6 34 11 50 D9 6C 42 5D 7A 2D 39 89 17 65 95 83 D6 0B E6 4C 58 FB 2D E2 6F 79 D7 C5 FF 87 86 EA 18 95 C8 E9 DC CB BC F0 8D 99 A8 CD B0 BB 82 C2 0E 10 77 88 63 E5 65 23 F4 17 89 92 B3 DD 68 2F 18 35 39 15 4F E3 0E CB DA 85 6B 16 5C 51 0A C1 28 43 15 4B DE AE 35

Extension: 2.16.840.1.113730.1.1 Critical: 0 Data: 03 02 06 40

Extension: Key Usage (2.5.29.15) Critical: 1 Key Usage: Digital Signature, Non Repudiation, Key Encipherment

Description

This plugin connects to every SSL-related port and attempts to extract and dump the X.509 certificate. Solution n/a Risk Factor None Plugin publication date: 2008/05/19 Plugin last modification date: 2011/09/14 PORT NESSUS (1241/TCP) Plugin ID: 10863 SSL Certificate Information

Synopsis This plugin displays the SSL certificate. List of Hosts 192.168.80.6 Plugin Output
Subject Name:

Organization: independiente Organization Unit: Nessus Server Locality: town Country: us State/Province: ohio Common Name: hogar-86a6036ce

Issuer Name:

Organization: independiente Organization Unit: Nessus Certification Authority Locality: town Country: us

State/Province: ohio Common Name: Nessus Certification Authority

Serial Number: 30 F1

Version: 3

Signature Algorithm: SHA-1 With RSA Encryption

Not Valid Before: Oct 02 01:37:26 2011 GMT Not Valid After: Oct 01 01:37:26 2012 GMT

Public Key Info:

Algorithm: RSA Encryption Public Key: 00 B5 16 E6 70 30 CF F4 FB 12 B0 B4 41 ED 15 BD C1 F2 F1 E5 F1 B3 38 5A 48 45 F8 2F D3 AC F6 B7 92 D4 4A 33 07 30 EC C1 A5 42 56 51 11 A5 38 96 99 4D C8 BA EA 35 6E 2C 0B B8 DF BB 8B EA CE FA D5 3C B7 BC 0B 86 83 9A 11 39 88 D5 9E 6C 37 40 76 56 6D 7C 72 7B 6D C9 38 AE E5 E5 84 14 3E 91 48 B8 7B 3D E4 58 69 A8 2F 0A 8B D2 1E 74 B1 87 D3 DE 9F 6A D7 B7 1D 4D 0B FB 59 E8 B7 2B 25 0A 5D Exponent: 01 00 01

Extension: 2.16.840.1.113730.1.1 Critical: 0 Data: 03 02 06 40

Extension: Key Usage (2.5.29.15)

Critical: 1 Key Usage: Digital Signature, Non Repudiation, Key Encipherment

Description This plugin connects to every SSL-related port and attempts to extract and dump the X.509 certificate. Solution n/a Risk Factor None Plugin publication date: 2008/05/19 Plugin last modification date: 2011/09/14 PORT SNMP (161/UDP) Plugin ID: 24744 Cisco IOS TCP Listener Crafted Packets Remote DoS (CSCek37177)

Synopsis It is possible to crash the remote device remotely. List of Hosts 192.168.80.1

Description The remote CISCO switch runs a version of IOS contains a flaw which may cause the remote router to crash when processing specially malformed TCP packets.

An attacker might use these flaws to crash this router remotely. Solution http://www.nessus.org/u?1885e120 Risk Factor High/ CVSS Base Score: 7.8 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C) CVSS Temporal Score: 6.4(CVSS2#E:F/RL:OF/RC:C) CVE CVE-2007-0479 Bugtraq ID 22208 Other References OSVDB:32093 Vulnerability publication date: 2007/01/24 Plugin publication date: 2007/03/01 Plugin last modification date: 2011/03/17 Ease of exploitability : Exploits are available PORT WWW (8834/TCP) Plugin ID: 53491 SSL / TLS Renegotiation DoS

Synopsis The remote service allows repeated renegotiation of TLS / SSL\connections. List of Hosts 192.168.80.6

Description The remote service encrypts traffic using TLS / SSL and permits

clients to renegotiate connections. The computational requirements for renegotiating a connection are asymmetrical between the client and the server, with the server performing several times more work. Since the remote host does not appear to limit the number of renegotiations for a single TLS / SSL connection, this permits a client to open several simultaneous connections and repeatedly renegotiate them, possibly leading to a denial of service condition. Solution Contact the vendor for specific patch information. See also http://orchilles.com/2011/03/ssl-renegotiation-dos.html http://www.ietf.org/mailarchive/web/tls/current/msg07553.html Risk Factor Low/ CVSS Base Score: 2.6 (CVSS2#AV:N/AC:H/Au:N/C:N/I:N/A:P) CVE CVE-2011-1473 Bugtraq ID 48626 Other References OSVDB:73894 Vulnerability publication date: 2011/03/13 Plugin publication date: 2011/05/04 Plugin last modification date: 2011/07/25 PORT NESSUS (1241/TCP) Plugin ID: 53491 SSL / TLS Renegotiation DoS

Synopsis

The remote service allows repeated renegotiation of TLS / SSL\connections. List of Hosts 192.168.80.6

Description The remote service encrypts traffic using TLS / SSL and permits clients to renegotiate connections. The computational requirements for renegotiating a connection are asymmetrical between the client and the server, with the server performing several times more work. Since the remote host does not appear to limit the number of renegotiations for a single TLS / SSL connection, this permits a client to open several simultaneous connections and repeatedly renegotiate them, possibly leading to a denial of service condition. Solution Contact the vendor for specific patch information. See also http://orchilles.com/2011/03/ssl-renegotiation-dos.html http://www.ietf.org/mailarchive/web/tls/current/msg07553.html Risk Factor Low/ CVSS Base Score: 2.6 (CVSS2#AV:N/AC:H/Au:N/C:N/I:N/A:P) CVE CVE-2011-1473 Bugtraq ID 48626 Other References OSVDB:73894 Vulnerability publication date: 2011/03/13

Plugin publication date: 2011/05/04 Plugin last modification date: 2011/07/25 PORT VMWARE_AUTH (912/TCP) Plugin ID: 20301 VMware ESX/GSX Server detection

Synopsis The remote host appears to be running VMware Server, ESX Server, or\GSX Server. List of Hosts 192.168.80.8 192.168.80.10

Description According to its banner, the remote host appears to be running a VMware server authentication daemon, which likely indicates the remote host is running VMware Server, ESX Server, or GSX Server. Solution n/a See also http://www.vmware.com/ Risk Factor None Plugin publication date: 2005/12/14 Plugin last modification date: 2011/03/17 PORT (8197/TCP) Plugin ID: 43111 HTTP Methods Allowed (per directory)

Synopsis This plugin determines which HTTP methods are allowed on various CGI\directories. List of Hosts 192.168.80.7 Plugin Output
Based on the response to an OPTIONS request :

- HTTP methods

GET

HEAD

TRACE OPTIONS are allowed on :

Description By calling the OPTIONS method, it is possible to determine which HTTP methods are allowed on each directory. As this list may be incomplete, the plugin also tests - if 'Thorough tests' are enabled or 'Enable web applications tests' is set to 'yes' in the scan policy - various known HTTP methods on each directory and considers them as unsupported if it receives a response code of 400, 403, 405, or 501. Note that the plugin output is only informational and does not necessarily indicate the presence of any security vulnerabilities. Solution n/a Risk Factor None

Plugin publication date: 2009/12/10 Plugin last modification date: 2011/07/08 PORT WWW (80/TCP) Plugin ID: 43111 HTTP Methods Allowed (per directory)

Synopsis This plugin determines which HTTP methods are allowed on various CGI\directories. List of Hosts 192.168.80.9 Plugin Output
Based on the response to an OPTIONS request :

- HTTP methods

GET

HEAD

POST

TRACE OPTIONS are allowed on :

192.168.80.7 Plugin Output

Based on the response to an OPTIONS request :

- HTTP methods

GET

HEAD

TRACE OPTIONS are allowed on :

192.168.80.6 Plugin Output

Based on the response to an OPTIONS request :

- HTTP methods

COPY

GET

HEAD

LOCK

PROPFIND

TRACE

UNLOCK OPTIONS are allowed on :

192.168.80.2 Plugin Output

Based on the response to an OPTIONS request :

- HTTP methods

GET

HEAD

TRACE OPTIONS are allowed on :

Plugin last modification date: 2011/07/08 PORT MDNS (5353/UDP) Plugin ID: 12218 mDNS Detection

Synopsis It is possible to obtain information about the remote host. List of Hosts 192.168.80.8 Plugin Output
Nessus was able to extract the following information :

- mDNS hostname

: JHON-PC.local.

Description The remote service understands the Bonjour (also known as ZeroConf or mDNS) protocol, which allows anyone to uncover information from the remote host such as its operating system type and exact version, its hostname, and the list of services it is running. Solution Filter incoming traffic to UDP port 5353 if desired. Risk Factor Medium/ CVSS Base Score: 5.0 (CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N) Plugin publication date: 2004/04/28 Plugin last modification date: 2011/03/11

PORT (0/TCP) Plugin ID: 49032 Cisco IOS Software Secure Copy Privilege Escalation Vulnerability - Cisco Systems

Synopsis The remote device is missing a vendor-supplied security patch List of Hosts 192.168.80.1 Plugin Output
Update to 12.4(18e) or later

Description The server side of the Secure Copy (SCP) implementation in Cisco IOS software contains a vulnerability that could allow authenticated users with an attached command-line interface (CLI) view to transfer files to and from a Cisco IOS device that is configured to be an SCP server, regardless of what users are authorized to do, per the CLI view configuration. This vulnerability could allow valid users to retrieve or write to any file on the device's file system, including the device's saved configuration and Cisco IOS image files, even if the CLI view attached to the user does not allow it. This configuration file may include passwords or other sensitive information. The Cisco IOS SCP server is an optional service that is disabled by default. CLI views are a fundamental component of the Cisco IOS Role-Based CLI Access feature, which is also disabled by default. Devices that are not specifically configured to enable the Cisco IOS SCP server, or that are configured to use it but do not use role-based CLI access, are not affected by this vulnerability. This vulnerability does not apply to the Cisco IOS SCP client feature. Cisco has released free software updates that address this vulnerability. There are no workarounds available for this vulnerability apart from

disabling either the SCP server or the CLI view feature if these services are not required by administrators. Solution Apply the described patch (see plugin output). See also http://www.cisco.com/warp/public/707/cisco-sa-20090325tcp.shtml http://www.cisco.com/warp/public/707/cisco-sa-20090325ip.shtml http://www.cisco.com/warp/public/707/cisco-sa-20090325ctcp.shtml http://www.cisco.com/warp/public/707/cisco-sa-20090325scp.shtml http://www.cisco.com/warp/public/707/cisco-sa-20090325udp.shtml http://www.cisco.com/warp/public/707/cisco-sa-20090325mobileip.shtml http://www.cisco.com/warp/public/707/cisco-sa-20090325webvpn.shtml http://www.cisco.com/warp/public/707/cisco-sa-20090325sip.shtml http://www.cisco.com/en/US/products/products_security_adviso ry09186a0080a96c22.shtml Risk Factor High/ CVSS Base Score: 9.0 (CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C) CVE CVE-2009-0637 Other References CISCO-BUG-ID:CSCsv38166 CISCO-SA:cisco-sa-20090325-scphttp Plugin publication date: 2010/09/01 Plugin last modification date: 2011/03/30 PORT (0/TCP)

Plugin ID: 49015 Cisco IOS Secure Shell Denial of Service Vulnerabilities - Cisco Systems

Synopsis The remote device is missing a vendor-supplied security patch List of Hosts 192.168.80.1 Plugin Output
Update to 12.4(18b) or later

Description The Secure Shell server (SSH) implementation in Cisco IOS contains multiple vulnerabilities that allow unauthenticated users the ability to generate a spurious memory access error or, in certain cases, reload the device. The IOS SSH server is an optional service that is disabled by default, but its use is highly recommended as a security best practice for management of Cisco IOS devices. SSH can be configured as part of the AutoSecure feature in the initial configuration of IOS devices, AutoSecure run after initial configuration, or manually. SSH is enabled any time RSA keys are generated such as when a http secure-server or trust points for digital certificates are configured. Devices that are not configured to accept SSH connections are not affected by these vulnerabilities. Common Vulnerabilities and Exposures (CVE) identifier CVE-2008-1159 has been assigned to this vulnerability. Solution Apply the described patch (see plugin output). See also

http://www.cisco.com/warp/public/707/cisco-sa-20080521ssh.shtml http://www.cisco.com/en/US/products/products_security_adviso ry09186a008099567f.shtml Risk Factor High/ CVSS Base Score: 7.5 (CVSS2#AV:N/AC:M/Au:S/C:P/I:C/A:P) CVE CVE-2008-1159 Other References CISCO-BUG-ID:CSCsh51293 CISCO-BUG-ID:CSCsk42419 CISCO-BUG-ID:CSCsk60020 CISCO-SA:cisco-sa-20080521-sshhttp Plugin publication date: 2010/09/01 Plugin last modification date: 2011/03/30 PORT (0/TCP) Plugin ID: 49030 Cisco IOS Software Multiple Features IP Sockets Vulnerability

Synopsis The remote device is missing a vendor-supplied security patch List of Hosts 192.168.80.1 Plugin Output
Update to 12.4(18e) or later

Description A vulnerability in the handling of IP sockets can cause devices to be vulnerable to a denial of service attack when any of several features of Cisco IOS Software are enabled. A sequence of specially crafted

TCP/IP packets could cause any of the following results: Cisco has released free software updates that address this vulnerability. Several mitigation strategies are outlined in the "Workarounds" section of this advisory. Solution Apply the described patch (see plugin output). See also http://www.cisco.com/warp/public/707/cisco-sa-20090325tcp.shtml http://www.cisco.com/warp/public/707/cisco-sa-20090325ip.shtml http://www.cisco.com/warp/public/707/cisco-sa-20090325ctcp.shtml http://www.cisco.com/warp/public/707/cisco-sa-20090325scp.shtml http://www.cisco.com/warp/public/707/cisco-sa-20090325udp.shtml http://www.cisco.com/warp/public/707/cisco-sa-20090325mobileip.shtml http://www.cisco.com/warp/public/707/cisco-sa-20090325webvpn.shtml http://www.cisco.com/warp/public/707/cisco-sa-20090325sip.shtml http://www.cisco.com/en/US/products/products_security_adviso ry09186a0080a96478.shtml Risk Factor High/ CVSS Base Score: 7.8 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C) CVE CVE-2009-0630 Other References CISCO-BUG-ID:CSCsm27071 CISCO-SA:cisco-sa-20090325-iphttp

Plugin publication date: 2010/09/01 Plugin last modification date: 2011/03/30 PORT WWW (80/TCP) Plugin ID: 11422 Web Server Unconfigured - Default Install Page Present

Synopsis The remote web server is not configured or is not properly configured. List of Hosts 192.168.80.9 Plugin Output
The default welcome page is from IIS.

Description The remote web server uses its default welcome page. It probably means that this server is not used at all or is serving content that is meant to be hidden. Solution Disable this service if you do not use it. Risk Factor None Other References OSVDB:2117 Vulnerability publication date: 1994/01/01 Plugin publication date: 2003/03/20 Plugin last modification date: 2011/08/12 PORT WWW (10757/TCP)

Plugin ID: 24260 HyperText Transfer Protocol (HTTP) Information

Synopsis Some information about the remote HTTP configuration can be extracted. List of Hosts 192.168.80.6 Plugin Output
Protocol version : HTTP/1.1 SSL : no Keep-Alive : no Headers :

Connection: keep-alive Content-Length: 15 Content-Type: text/html

None Plugin publication date: 2007/01/30 Plugin last modification date: 2011/05/31 PORT WWW (8834/TCP) Plugin ID: 24260 HyperText Transfer Protocol (HTTP) Information

Synopsis Some information about the remote HTTP configuration can be extracted. List of Hosts 192.168.80.6 Plugin Output
Protocol version : HTTP/1.1 SSL : yes Keep-Alive : no Options allowed : (Not implemented) Headers :

Date: Sat, 08 Oct 2011 14:35:48 GMT Server: NessusWWW Connection: close Expires: Sat, 08 Oct 2011 14:35:48 GMT Content-Length: 6518 Content-Type: text/html Cache-Control: Expires: 0 Pragma :

Description

This test gives some information about the remote HTTP protocol - the version used, whether HTTP Keep-Alive and HTTP pipelining are enabled, etc... This test is informational only and does not denote any security problem. Solution n/a Risk Factor None Plugin publication date: 2007/01/30 Plugin last modification date: 2011/05/31 PORT (8197/TCP) Plugin ID: 24260 HyperText Transfer Protocol (HTTP) Information

Synopsis Some information about the remote HTTP configuration can be extracted. List of Hosts 192.168.80.7 Plugin Output
Protocol version : HTTP/1.1 SSL : no Keep-Alive : no Options allowed : OPTIONS, TRACE, GET, HEAD, POST Headers :

Connection: close

Date: Sat, 08 Oct 2011 14:36:06 GMT Server: Microsoft-IIS/6.0 WWW-Authenticate: Negotiate WWW-Authenticate: NTLM X-Powered-By: ASP.NET Content-type: text/html

Description This test gives some information about the remote HTTP protocol - the version used, whether HTTP Keep-Alive and HTTP pipelining are enabled, etc... This test is informational only and does not denote any security problem. Solution n/a Risk Factor None Plugin publication date: 2007/01/30 Plugin last modification date: 2011/05/31 PORT WWW (80/TCP) Plugin ID: 24260 HyperText Transfer Protocol (HTTP) Information

Synopsis Some information about the remote HTTP configuration can be extracted. List of Hosts

192.168.80.9 Plugin Output

Protocol version : HTTP/1.1 SSL : no Keep-Alive : no Options allowed : OPTIONS, TRACE, GET, HEAD, POST Headers :

Content-Type: text/html Last-Modified: Sat, 24 Sep 2011 21:09:24 GMT Accept-Ranges: bytes ETag: "291b63cfe7acc1:0" Server: Microsoft-IIS/7.0 X-Powered-By: ASP.NET Date: Sat, 08 Oct 2011 13:42:09 GMT Content-Length: 689

192.168.80.7 Plugin Output

Protocol version : HTTP/1.1 SSL : no Keep-Alive : no Options allowed : OPTIONS, TRACE, GET, HEAD, POST Headers :

Content-Length: 1433 Content-Type: text/html Content-Location: http://192.168.80.7/iisstart.htm Last-Modified: Fri, 21 Feb 2003 23:48:30 GMT Accept-Ranges: bytes ETag: "09b60bc3dac21:277" Server: Microsoft-IIS/6.0 MicrosoftOfficeWebServer: 5.0_Pub

X-Powered-By: ASP.NET Date: Sat, 08 Oct 2011 14:36:06 GMT

192.168.80.6 Plugin Output

Protocol version : HTTP/1.1 SSL : no Keep-Alive : no Options allowed : OPTIONS, TRACE, GET, HEAD, DELETE, PUT, POST, COPY, MOVE, MKCOL, PROPFIND, PROPPATCH, LOCK, UNLOCK, SEARCH Headers :

Server: Microsoft-IIS/5.1 Date: Sat, 08 Oct 2011 14:35:47 GMT X-Powered-By: ASP.NET Location: localstart.asp Content-Length: 121 Content-Type: text/html Cache-control: private

192.168.80.2 Plugin Output

Protocol version : HTTP/1.1 SSL : no Keep-Alive : no Options allowed : OPTIONS, TRACE, GET, HEAD, POST Headers :

Content-Length: 141 Content-Type: text/html Content-Location: http://192.168.80.2/index.htm Last-Modified: Thu, 15 Sep 2011 01:05:20 GMT

Accept-Ranges: bytes ETag: "84dff6894373cc1:72e" Server: Microsoft-IIS/6.0 Date: Sat, 08 Oct 2011 14:36:39 GMT

Description This test gives some information about the remote HTTP protocol - the version used, whether HTTP Keep-Alive and HTTP pipelining are enabled, etc... This test is informational only and does not denote any security problem. Solution n/a Risk Factor None Plugin publication date: 2007/01/30 Plugin last modification date: 2011/05/31 PORT (0/TCP) Plugin ID: 49036 Cisco IOS Software WebVPN and SSLVPN Vulnerabilities - Cisco Systems

Synopsis The remote device is missing a vendor-supplied security patch List of Hosts 192.168.80.1

Plugin Output
Update to 12.4(18e) or later

Description Cisco IOS software contains two vulnerabilities within the Cisco IOS WebVPN or Cisco IOS SSLVPN feature (SSLVPN) that can be remotely exploited without authentication to cause a denial of service condition. Both vulnerabilities affect both Cisco IOS WebVPN and Cisco IOS SSLVPN features: Cisco has released free software updates that address these vulnerabilities. There are no workarounds that mitigate these vulnerabilities. Solution Apply the described patch (see plugin output). See also http://www.cisco.com/warp/public/707/cisco-sa-20090325tcp.shtml http://www.cisco.com/warp/public/707/cisco-sa-20090325ip.shtml http://www.cisco.com/warp/public/707/cisco-sa-20090325ctcp.shtml http://www.cisco.com/warp/public/707/cisco-sa-20090325scp.shtml http://www.cisco.com/warp/public/707/cisco-sa-20090325udp.shtml http://www.cisco.com/warp/public/707/cisco-sa-20090325mobileip.shtml http://www.cisco.com/warp/public/707/cisco-sa-20090325sip.shtml http://www.cisco.com/warp/public/707/cisco-sa-20090325webvpn.shtml http://www.cisco.com/en/US/products/products_security_adviso ry09186a0080a96c1f.shtml

Risk Factor High/ CVSS Base Score: 7.8 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C) CVE CVE-2009-0626 CVE-2009-0628 Other References CWE:200 CISCO-BUG-ID:CSCsk62253 CISCO-BUG-ID:CSCsw24700 CISCO-SA:cisco-sa-20090325-webvpnhttp Plugin publication date: 2010/09/01 Plugin last modification date: 2011/03/30 PORT (0/TCP) Plugin ID: 49016 SNMP Version 3 Authentication Vulnerabilities - Cisco Systems

Synopsis The remote device is missing a vendor-supplied security patch List of Hosts 192.168.80.1 Plugin Output
Update to 12.4(18b) or later

Description Multiple Cisco products contain either of two authentication vulnerabilities in the Simple Network Management Protocol version 3 (SNMPv3) feature. These vulnerabilities can be exploited when processing a malformed SNMPv3 message. These vulnerabilities could allow the disclosure of network information or may enable an attacker to perform configuration changes to vulnerable devices. The SNMP server

is an optional service that is disabled by default in Cisco products. Only SNMPv3 is impacted by these vulnerabilities. Workarounds are available for mitigating the impact of the vulnerabilities described in this document. Note:? SNMP versions 1, 2 and 2c are not impacted by these vulnerabilities. The United States Computer Emergency Response Team (US-CERT) has assigned Vulnerability Note VU#878044 to these vulnerabilities. Common Vulnerabilities and Exposures (CVE) identifier CVE-2008-0960 has also been assigned to these vulnerabilities. Solution Apply the described patch (see plugin output). See also http://www.cisco.com/warp/public/707/cisco-sa-20080610snmpv3.shtml http://www.cisco.com/en/US/products/products_security_adviso ry09186a00809ac83b.shtml Risk Factor High CVE CVE-2008-0960 Other References CWE:287 CISCO-BUG-ID:CSCsf04754 CISCO-BUG-ID:CSCsf29976 CISCO-BUG-ID:CSCsf30109 CISCO-BUG-ID:CSCsf301093 CISCO-BUG-ID:CSCsq60582 CISCO-BUG-ID:CSCsq60664 CISCO-BUG-ID:CSCsq60695 CISCO-BUG-ID:CSCsq62662 CISCO-BUG-ID:CSCsq77604 CISCO-BUG-ID:CSCsv79388 CISCO-BUG-ID:CSCsv82725

CISCO-BUG-ID:CSCte57592 CISCO-BUG-ID:CSCti05966 CISCO-SA:cisco-sa-20080610-snmpv3http Plugin publication date: 2010/09/01 Plugin last modification date: 2011/03/30 Ease of exploitability : Exploits are available Exploitable with: Canvas (D2ExploitPack) PORT (0/TCP) Plugin ID: 49035 Cisco IOS Software Multiple Features Crafted UDP Packet Vulnerability - Cisco Systems

Synopsis The remote device is missing a vendor-supplied security patch List of Hosts 192.168.80.1 Plugin Output
Update to 12.4(18e) or later

Description Several features within Cisco IOS Software are affected by a crafted UDP packet vulnerability. If any of the affected features are enabled, a successful attack will result in a blocked input queue on the inbound interface. Only crafted UDP packets destined for the device could result in the interface being blocked, transit traffic will not block the interface. Cisco has released free software updates that address this vulnerability. Workarounds that mitigate this vulnerability are available. Solution Apply the described patch (see plugin output).

See also http://www.cisco.com/warp/public/707/cisco-sa-20090325tcp.shtml http://www.cisco.com/warp/public/707/cisco-sa-20090325ip.shtml http://www.cisco.com/warp/public/707/cisco-sa-20090325ctcp.shtml http://www.cisco.com/warp/public/707/cisco-sa-20090325scp.shtml http://www.cisco.com/warp/public/707/cisco-sa-20070131sip.shtml http://www.cisco.com/warp/public/707/cisco-sa-20090325udp.shtml http://www.cisco.com/warp/public/707/cisco-sa-20090325mobileip.shtml http://www.cisco.com/warp/public/707/cisco-sa-20090325webvpn.shtml http://www.cisco.com/warp/public/707/cisco-sa-20090325sip.shtml http://www.cisco.com/en/US/products/products_security_adviso ry09186a0080a9648d.shtml Risk Factor High/ CVSS Base Score: 7.8 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C) CVE CVE-2009-0631 Other References CISCO-BUG-ID:CSCsb25337 CISCO-BUG-ID:CSCsi34903 CISCO-BUG-ID:CSCsk64158 CISCO-SA:cisco-sa-20090325-udphttp Plugin publication date: 2010/09/01 Plugin last modification date: 2011/03/30 PORT DNS (53/TCP)

Plugin ID: 11002 DNS Server Detection

Synopsis A DNS server is listening on the remote host. List of Hosts 192.168.80.9 192.168.80.7 192.168.80.2

Description The remote service is a Domain Name System (DNS) server, which provides a mapping between hostnames and IP addresses. Solution Disable this service if it is not needed or restrict access to internal hosts only if the service is available externally. See also http://en.wikipedia.org/wiki/Domain_Name_System Risk Factor None Plugin publication date: 2003/02/13 Plugin last modification date: 2011/03/11 PORT (0/TCP) Plugin ID: 54615 Device Type