Vulnerability Report

Download as pdf or txt
Download as pdf or txt
You are on page 1of 23

Vulnerability Report

SETIS EVS 01
Prepared for SETIS Automação e Sistemas Ltda
Completed 2023-10-05 12:19:59 CDT
Job ID: 4350554

1
Table of Contents
1. Overview ........................................................................................................................................................................................................................ 3
2. Findings Summary ........................................................................................................................................................................................................ 4
3. Findings ......................................................................................................................................................................................................................... 5
4. Targets ........................................................................................................................................................................................................................... 20
5. Scan Inventory ............................................................................................................................................................................................................... 21
6. Exception Vulnerability & Policy Violations ................................................................................................................................................................. 22

2
Overview
Service: Internal/External Network Self-Service
Started 2023-10-05 11:41:55 CDT
Duration 0 days 0 hours 38 minutes

2 Live Hosts 33 Findings

3
Findings Summary
Severity Title KB ID Count Page

High SSL Certificate is Not Trusted (External Scan) SLID-2008-0150 1 assets / 1 instances / 0 excepted 5

Medium SSL Certificate Common Name Does Not Validate (External Scan) SLID-2008-0159 1 assets / 1 instances / 0 excepted 6

Info Enumerated Applications SLID-2011-0699 3 assets / 3 instances / 0 excepted 7

Info Enumerated Hostnames SLID-2011-0758 2 assets / 2 instances / 0 excepted 8

Info Enumerated SSL/TLS Cipher Suites SLID-2013-0102 2 assets / 2 instances / 0 excepted 9

Info Host Detected SLID-2018-0020 2 assets / 2 instances / 0 excepted 10

Info No Hostname Entered For This Web Server SLID-2010-0639 1 assets / 1 instances / 0 excepted 11

Info SSL Certificate Expiring Soon SLID-2008-0160 2 assets / 2 instances / 0 excepted 12

Info SSL Perfect Forward Secrecy Supported SLID-2008-0144 2 assets / 2 instances / 0 excepted 13

Info SSL-TLS Certificate Information SLID-2017-0430 2 assets / 2 instances / 0 excepted 14

Info Service Detected SLID-2018-0022 2 assets / 2 instances / 0 excepted 15

Info TLSv1.2 Supported SLID-2020-0032 2 assets / 2 instances / 0 excepted 16

Info Web Application Potentially Sensitive CGI Parameter Detection SLID-2010-0706 5 assets / 6 instances / 0 excepted 17

Info Website Detected SLID-2018-0024 3 assets / 3 instances / 0 excepted 18

Info Wildcard SSL Certificate Detected SLID-2008-0155 2 assets / 2 instances / 0 excepted 19

4
Findings
High SSL Certificate is Not Trusted (External Scan) 1 assets / 1 instances / 0 excepted
Authentication/Digital Certificate/Certificate Chain of Trust SLID-2008-0150

Description It was not possible to validate the SSL certificate, and thus it could not be trusted. Users may receive a security warning when
using this service. This occurs because either the certificate or a certificate in its chain has issues that prevent validation.
Some examples of these issues are, but not limited to, a certificate having expired, the hostname does not have match the
name on the certificate, or the certificate is not signed by a well-known Certificate Authority (CA).
CVE CVE-NO-MATCH
CVSS Vector CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
CVSS Score 7.3
Remediation Please refer to the evidence for more details as to why this finding has been flagged. In cases where there are validation errors
within the certificate chain, you will need to work with your certificate authority. A mismatch between the certificate common
name and the configured scan target can indicate an issue with the scan configuration. E.g. an IP address was provided when
it should have been a URL. Please check your scan configuration and ensure that the target has been set as a URL/domain. If
this digital (SSL) certificate is associated with a service accessible to the general public, you may want to consider acquiring a
digital (SSL) certificate from a well-known Certificate Authority (CA), keep it up to date and not let your certificate expire.
Consider buying a SecureTrust™ SSL certificate here: https://certs.securetrust.com For more information about digital (SSL)
certificates, visit https://www.trustwave.com/Resources/Trustwave-Blog/Secure-Websites-Are-Now-the-Norm--Is-Yours-
Trusted-/? Please note that other Approved Scanning Vendors (ASV), or other testing services may only look for this
vulnerability on port 443. Please refer to the "port" column to confirm which port we have identified this vulnerability on."

Asset Augusta1.setis.com.br (10246798:pci#DEVICE:AXXLORHjOVUyDD3HTyln)


Location 177.8.172.26:443/https/tcp
Finding Tags pci_external

Evidence Subject /CN=*.setis.com.br


Issuer
/C=BE/O=GlobalSign nv-sa/CN=AlphaSSL CA - SHA256 - G2

Certificate Chain Depth 0


Reason
The hostname on the certificate does not match any of the hostnames provided to the scanner.

5
Medium SSL Certificate Common Name Does Not Validate (External Scan) 1 assets / 1 instances / 0 excepted
Authentication/Digital Certificate/Certificate Mismatch SLID-2008-0159

Description This SSL certificate has a common name (CN) that does not appear to match the identity of the server. Modern browsers may
present a warning to users who attempt to browse this service as it is currently configured. Note that in some networks in
which load balancers are used, it may not be possible for the scanner to perform this test correctly.
CVE CVE-NO-MATCH
CVSS Vector AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSS Score 6.8
Remediation Check your certificate to ensure it is installed on the correct service. Verify that you have added the domain name or fully
qualified virtual host name of the system to your Network Questionnaire. Please refer to the evidence for more details as to
why this finding has been flagged. In cases where there are validation errors within the certificate chain, you will need to work
with your certificate authority. This finding often results when there is an issue with the scan configuration. E.g. an IP address
was provided when it should have been a URL. Please check your scan configuration and ensure that the scan target has been
set as a URL/domain. Additionally, check your DNS servers to ensure that the domain name is properly mapped to the correct
IP address. Please note the port associated with this finding. This finding may NOT be originating from port 443, which is what
most online testing tools check by default.

Asset Augusta1.setis.com.br (10246798:pci#DEVICE:AXXLORHjOVUyDD3HTyln)


Location 177.8.172.26:443/https/tcp
Finding Tags pci_external

Evidence Subject /CN=*.setis.com.br


Issuer
/C=BE/O=GlobalSign nv-sa/CN=AlphaSSL CA - SHA256 - G2

Certificate Chain Depth 0


Hostnames provided to scanner 177.8.172.26
Subject Name *.setis.com.br
Subject Alternative Name #<R509::ASN1::GeneralName:0x00007fd921427230>
Subject Alternative Name #<R509::ASN1::GeneralName:0x00007fd9214271e0>

6
Info Enumerated Applications 3 assets / 3 instances / 0 excepted
Information/Service Discovery SLID-2011-0699

Description The following applications have been enumerated on this device.


CVE CVE-NO-MATCH
CVSS Vector AV:N/AC:L/Au:N/C:N/I:N/A:N
CVSS Score 0.0
Remediation No remediation is required.

Asset https://177.8.172.26/ (10246798:DNA#WEBSITE:AXZeX843bxG7w_jApgWS)


Location /
Evidence CPE sonicwall:http_server
URI /
Version unknown

Asset https://augusta2.setis.com.br/ (10246798:DNA#WEBSITE:AYK3SBYqx44_zs7eJOgZ)


Location /
Evidence CPE sonicwall:http_server
URI /
Version unknown

Asset https://177.92.66.205/ (10246798:DNA#WEBSITE:AXvpsj_xidEtPu-XasDw)


Location /
Evidence CPE sonicwall:http_server
URI /
Version unknown

7
Info Enumerated Hostnames 2 assets / 2 instances / 0 excepted
Information SLID-2011-0758

Description This list contains all hostnames discovered during the scan that are believed to belong to this host.
CVE CVE-NO-MATCH
CVSS Vector AV:N/AC:L/Au:N/C:N/I:N/A:N
CVSS Score 0.0
Remediation No action is required.

Asset Augusta1.setis.com.br (10246798:pci#DEVICE:AXXLORHjOVUyDD3HTyln)


Location setis.com.br
Evidence Hostname
setis.com.br, Source: SSL Certificate Subject subjectAltName DNS

Asset augusta2.setis.com.br (10246798:DNA#DEVICE:AYK3SBTTdlLV8FYCmZZl)


Evidence Hostname
setis.com.br, Source: SSL Certificate Subject subjectAltName DNS

8
Info Enumerated SSL/TLS Cipher Suites 2 assets / 2 instances / 0 excepted
Information Leak/Host Fingerprinting SLID-2013-0102

Description The finding reports the SSL cipher suites for each SSL/TLS service version provided by the remote service. This finding does
not represent a vulnerability, but is only meant to provide visibility into the behavior and configuration of the remote SSL/TLS
service. The information provided as part of this finding includes the SSL version (ex: TLSv1) as well as the name of the cipher
suite (ex: RC4-SHA). A cipher suite is a set of cryptographic algorithms that provide authentication, encryption, and message
authentication code (MAC) as part of an SSL/TLS negotiation and through the lifetime of the SSL session. It is typical that an
SSL service would support multiple cipher suites. A cipher suite can be supported by across multiple SSL/TLS versions, so you
should be of no concern to see the same cipher name reported for multiple
CVE CVE-NO-MATCH
CVSS Vector AV:N/AC:L/Au:N/C:N/I:N/A:N
CVSS Score 0.0
Remediation No remediation is necessary.
References http://www.openssl.org/docs/apps/ciphers.html

Asset Augusta1.setis.com.br (10246798:pci#DEVICE:AXXLORHjOVUyDD3HTyln)


Location 177.8.172.26:443/https/tcp
Evidence Cipher Suite TLSv1_2 : ECDHE-RSA-AES256-GCM-SHA384
Cipher Suite TLSv1_2 : ECDHE-RSA-AES256-SHA384
Cipher Suite TLSv1_2 : ECDHE-RSA-AES256-SHA
Cipher Suite TLSv1_2 : AES256-GCM-SHA384
Cipher Suite TLSv1_2 : AES256-SHA256
Cipher Suite TLSv1_2 : AES256-SHA
Cipher Suite TLSv1_2 : ECDHE-RSA-AES128-GCM-SHA256
Cipher Suite TLSv1_2 : ECDHE-RSA-AES128-SHA256
Cipher Suite TLSv1_2 : ECDHE-RSA-AES128-SHA
Cipher Suite TLSv1_2 : AES128-GCM-SHA256
Cipher Suite TLSv1_2 : AES128-SHA256
Cipher Suite TLSv1_2 : AES128-SHA

Asset augusta2.setis.com.br (10246798:DNA#DEVICE:AYK3SBTTdlLV8FYCmZZl)


Location 443/https/tcp
Evidence Cipher Suite TLSv1_2 : ECDHE-RSA-AES256-GCM-SHA384
Cipher Suite TLSv1_2 : ECDHE-RSA-AES256-SHA384
Cipher Suite TLSv1_2 : ECDHE-RSA-AES256-SHA
Cipher Suite TLSv1_2 : AES256-GCM-SHA384
Cipher Suite TLSv1_2 : AES256-SHA256
Cipher Suite TLSv1_2 : AES256-SHA
Cipher Suite TLSv1_2 : ECDHE-RSA-AES128-GCM-SHA256
Cipher Suite TLSv1_2 : ECDHE-RSA-AES128-SHA256
Cipher Suite TLSv1_2 : ECDHE-RSA-AES128-SHA
Cipher Suite TLSv1_2 : AES128-GCM-SHA256
Cipher Suite TLSv1_2 : AES128-SHA256
Cipher Suite TLSv1_2 : AES128-SHA

9
Info Host Detected 2 assets / 2 instances / 0 excepted
Information/Service Discovery SLID-2018-0020

Description This host responded to network probes.


CVE CVE-NO-MATCH
CVSS Vector CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
CVSS Score 0.0

Asset Augusta1.setis.com.br (10246798:pci#DEVICE:AXXLORHjOVUyDD3HTyln)


Location setis.com.br
Evidence cpe cpe:/h:cisco:7206vxr_router
hostname setis.com.br
ip_address 177.8.172.26
os_name FreeBSD
os_version 10.X

Asset augusta2.setis.com.br (10246798:DNA#DEVICE:AYK3SBTTdlLV8FYCmZZl)


Evidence cpe cpe:/h:cisco:7206vxr_router
hostname augusta2.setis.com.br
ip_address 177.92.66.205
os_name FreeBSD
os_version 10.X

10
Info No Hostname Entered For This Web Server 1 assets / 1 instances / 0 excepted
Information/Service Configuration SLID-2010-0639

Description This host is running a web server and does not have a fully-qualified domain name (i.e. www.example.com) associated with it.
CVE CVE-NO-MATCH
CVSS Vector CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
CVSS Score 0.0
Remediation If your organization owns a domain name that corresponds to this web server, add it to the scan parameters from within the
TrustKeeper portal.

Asset Augusta1.setis.com.br (10246798:pci#DEVICE:AXXLORHjOVUyDD3HTyln)


Location 177.8.172.26:443/https/tcp

11
Info SSL Certificate Expiring Soon 2 assets / 2 instances / 0 excepted
Authentication/Digital Certificate/Certificate Expiration SLID-2008-0160

Description This SSL certificate is currently valid; however, it is set to expire in the near future.
CVE CVE-NO-MATCH
CVSS Vector AV:N/AC:L/Au:N/C:N/I:N/A:N
CVSS Score 0.0
Remediation Contact your Certificate Authority (CA) to have a new certificate issued prior to the expiration date. Please note the port
associated with this finding. This finding may NOT be originating from port 443, which is what most online testing tools check
by default.

Asset Augusta1.setis.com.br (10246798:pci#DEVICE:AXXLORHjOVUyDD3HTyln)


Location 177.8.172.26:443/https/tcp
Evidence Subject /CN=*.setis.com.br
Issuer
/C=BE/O=GlobalSign nv-sa/CN=AlphaSSL CA - SHA256 - G2

Certificate Chain Depth 0


Expiration Date 2023-10-30 19:11:47 UTC
Days to expiration 25

Asset augusta2.setis.com.br (10246798:DNA#DEVICE:AYK3SBTTdlLV8FYCmZZl)


Location 443/https/tcp
Evidence Subject /CN=*.setis.com.br
Issuer
/C=BE/O=GlobalSign nv-sa/CN=AlphaSSL CA - SHA256 - G2

Certificate Chain Depth 0


Expiration Date 2023-10-30 19:11:47 UTC
Days to expiration 25

12
Info SSL Perfect Forward Secrecy Supported 2 assets / 2 instances / 0 excepted
Information/Service Configuration SLID-2008-0144

Description The server supports Ephemeral Diffie-Hellman ciphers for the SSL/TLS key exchange phase. Using this algorithm enforces
Forward Secrecy for secure communications with the server.
CVE CVE-NO-MATCH
CVSS Vector AV:N/AC:L/Au:N/C:N/I:N/A:N
CVSS Score 0.0
Remediation No remediation is necessary.

Asset Augusta1.setis.com.br (10246798:pci#DEVICE:AXXLORHjOVUyDD3HTyln)


Location 177.8.172.26:443/https/tcp
Evidence Cipher Suite TLSv1_2 : ECDHE-RSA-AES256-GCM-SHA384
Cipher Suite TLSv1_2 : ECDHE-RSA-AES256-SHA384
Cipher Suite TLSv1_2 : ECDHE-RSA-AES256-SHA
Cipher Suite TLSv1_2 : ECDHE-RSA-AES128-GCM-SHA256
Cipher Suite TLSv1_2 : ECDHE-RSA-AES128-SHA256
Cipher Suite TLSv1_2 : ECDHE-RSA-AES128-SHA

Asset augusta2.setis.com.br (10246798:DNA#DEVICE:AYK3SBTTdlLV8FYCmZZl)


Location 443/https/tcp
Evidence Cipher Suite TLSv1_2 : ECDHE-RSA-AES256-GCM-SHA384
Cipher Suite TLSv1_2 : ECDHE-RSA-AES256-SHA384
Cipher Suite TLSv1_2 : ECDHE-RSA-AES256-SHA
Cipher Suite TLSv1_2 : ECDHE-RSA-AES128-GCM-SHA256
Cipher Suite TLSv1_2 : ECDHE-RSA-AES128-SHA256
Cipher Suite TLSv1_2 : ECDHE-RSA-AES128-SHA

13
Info SSL-TLS Certificate Information 2 assets / 2 instances / 0 excepted
Information/Service Discovery SLID-2017-0430

Description Information extracted from a certificate discovered on a TLS or SSL wrapped service.
CVE CVE-NO-MATCH
CVSS Vector AV:N/AC:L/Au:N/C:N/I:N/A:N
CVSS Score 0.0

Asset Augusta1.setis.com.br (10246798:pci#DEVICE:AXXLORHjOVUyDD3HTyln)


Location 177.8.172.26:443/https/tcp
Evidence Verified false
Today 2023-10-05 17:08:00 +0000
Start date 2022-09-28 19:11:48 UTC
End date 2023-10-30 19:11:47 UTC
Expired false
Fingerprint 59:78:06:6C:81:D6:83:9C:81:B3:DA:CA:88:5D:72:EC
Subject /CN=*.setis.com.br
Common name *.setis.com.br
Issuer
/C=BE/O=GlobalSign nv-sa/CN=AlphaSSL CA - SHA256 - G2

Signature Algorithm sha256WithRSAEncryption


Version 2

Asset augusta2.setis.com.br (10246798:DNA#DEVICE:AYK3SBTTdlLV8FYCmZZl)


Location 443/https/tcp
Evidence Verified true
Today 2023-10-05 17:08:26 +0000
Start date 2022-09-28 19:11:48 UTC
End date 2023-10-30 19:11:47 UTC
Expired false
Fingerprint 59:78:06:6C:81:D6:83:9C:81:B3:DA:CA:88:5D:72:EC
Subject /CN=*.setis.com.br
Common name *.setis.com.br
Issuer
/C=BE/O=GlobalSign nv-sa/CN=AlphaSSL CA - SHA256 - G2

Signature Algorithm sha256WithRSAEncryption


Version 2

14
Info Service Detected 2 assets / 2 instances / 0 excepted
Information/Service Discovery SLID-2018-0022

Description This service responded to network probes.


CVE CVE-NO-MATCH
CVSS Vector CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
CVSS Score 0.0

Asset Augusta1.setis.com.br (10246798:pci#DEVICE:AXXLORHjOVUyDD3HTyln)


Location 177.8.172.26:443/https/tcp
Evidence application_protocol https
ip_address 177.8.172.26
port_number 443
ssl_enabled true
transport_protocol tcp

Asset augusta2.setis.com.br (10246798:DNA#DEVICE:AYK3SBTTdlLV8FYCmZZl)


Location 443/https/tcp
Evidence application_protocol https
ip_address 177.92.66.205
port_number 443
ssl_enabled true
transport_protocol tcp

15
Info TLSv1.2 Supported 2 assets / 2 instances / 0 excepted
Cryptography SLID-2020-0032

Description This service supports the use of the TLSv1.2 protocol.


CVE CVE-NO-MATCH
CVSS Vector AV:N/AC:H/Au:M/C:N/I:N/A:N
CVSS Score 0.0

Asset Augusta1.setis.com.br (10246798:pci#DEVICE:AXXLORHjOVUyDD3HTyln)


Location 177.8.172.26:443/https/tcp
Evidence Cipher Suite TLSv1_2 : ECDHE-RSA-AES256-GCM-SHA384
Cipher Suite TLSv1_2 : ECDHE-RSA-AES256-SHA384
Cipher Suite TLSv1_2 : ECDHE-RSA-AES256-SHA
Cipher Suite TLSv1_2 : AES256-GCM-SHA384
Cipher Suite TLSv1_2 : AES256-SHA256
Cipher Suite TLSv1_2 : AES256-SHA
Cipher Suite TLSv1_2 : ECDHE-RSA-AES128-GCM-SHA256
Cipher Suite TLSv1_2 : ECDHE-RSA-AES128-SHA256
Cipher Suite TLSv1_2 : ECDHE-RSA-AES128-SHA
Cipher Suite TLSv1_2 : AES128-GCM-SHA256
Cipher Suite TLSv1_2 : AES128-SHA256
Cipher Suite TLSv1_2 : AES128-SHA

Asset augusta2.setis.com.br (10246798:DNA#DEVICE:AYK3SBTTdlLV8FYCmZZl)


Location 443/https/tcp
Evidence Cipher Suite TLSv1_2 : ECDHE-RSA-AES256-GCM-SHA384
Cipher Suite TLSv1_2 : ECDHE-RSA-AES256-SHA384
Cipher Suite TLSv1_2 : ECDHE-RSA-AES256-SHA
Cipher Suite TLSv1_2 : AES256-GCM-SHA384
Cipher Suite TLSv1_2 : AES256-SHA256
Cipher Suite TLSv1_2 : AES256-SHA
Cipher Suite TLSv1_2 : ECDHE-RSA-AES128-GCM-SHA256
Cipher Suite TLSv1_2 : ECDHE-RSA-AES128-SHA256
Cipher Suite TLSv1_2 : ECDHE-RSA-AES128-SHA
Cipher Suite TLSv1_2 : AES128-GCM-SHA256
Cipher Suite TLSv1_2 : AES128-SHA256
Cipher Suite TLSv1_2 : AES128-SHA

16
Info Web Application Potentially Sensitive CGI Parameter Detection 5 assets / 6 instances / 0 excepted
Information Leak/Exposed Data/Sensitive Information SLID-2010-0706

Description According to their names, some CGI parameters may control sensitive data (e.g., ID, privileges, commands, prices, credit card
data, etc.). In the course of using an application, these variables may disclose sensitive data or be prone to tampering that
could result in privilege escalation.
CVE CVE-NO-MATCH
CVSS Vector AV:N/AC:L/Au:N/C:N/I:N/A:N
CVSS Score 0.0
Remediation The parameters for this server should be examined to determine what type of data is controlled and if it poses a security risk.

Asset Augusta1.setis.com.br (10246798:pci#DEVICE:AXXLORHjOVUyDD3HTyln)


Location https://177.8.172.26/
Evidence Location https://177.8.172.26/

Asset https://177.8.172.26/ (10246798:DNA#WEBSITE:AXZeX843bxG7w_jApgWS)


Location /
Evidence Location https://177.8.172.26/

Asset augusta2.setis.com.br (10246798:DNA#DEVICE:AYK3SBTTdlLV8FYCmZZl)


Location https://177.92.66.205/
Evidence Location https://177.92.66.205/

Asset augusta2.setis.com.br (10246798:DNA#DEVICE:AYK3SBTTdlLV8FYCmZZl)


Location https://augusta2.setis.com.br/
Evidence Location https://augusta2.setis.com.br/

Asset https://augusta2.setis.com.br/ (10246798:DNA#WEBSITE:AYK3SBYqx44_zs7eJOgZ)


Location /
Evidence Location https://augusta2.setis.com.br/

Asset https://177.92.66.205/ (10246798:DNA#WEBSITE:AXvpsj_xidEtPu-XasDw)


Location /
Evidence Location https://177.92.66.205/

17
Info Website Detected 3 assets / 3 instances / 0 excepted
Information/Service Discovery SLID-2018-0024

Description This website was detected.


CVE CVE-NO-MATCH
CVSS Vector AV:N/AC:L/Au:N/C:N/I:N/A:N
CVSS Score 0.0

Asset https://177.8.172.26/ (10246798:DNA#WEBSITE:AXZeX843bxG7w_jApgWS)


Location /
Evidence application_name sonicwall:http_server
path /
potential_custom_web_app false

Asset https://augusta2.setis.com.br/ (10246798:DNA#WEBSITE:AYK3SBYqx44_zs7eJOgZ)


Location /
Evidence application_name sonicwall:http_server
path /
potential_custom_web_app false

Asset https://177.92.66.205/ (10246798:DNA#WEBSITE:AXvpsj_xidEtPu-XasDw)


Location /
Evidence application_name sonicwall:http_server
path /
potential_custom_web_app false

18
Info Wildcard SSL Certificate Detected 2 assets / 2 instances / 0 excepted
Authentication/Digital Certificate SLID-2008-0155

Description An SSL certificate with a wildcarded common name (CN) record (e.g., *.mydomain.com) was detected on this service.
CVE CVE-NO-MATCH
CVSS Vector AV:N/AC:L/Au:N/C:N/I:N/A:N
CVSS Score 0.0
Remediation Review your certificate configurations to assure that wildcard certificates are suitable for your application.

Asset Augusta1.setis.com.br (10246798:pci#DEVICE:AXXLORHjOVUyDD3HTyln)


Location 177.8.172.26:443/https/tcp
Evidence Subject /CN=*.setis.com.br
Issuer
/C=BE/O=GlobalSign nv-sa/CN=AlphaSSL CA - SHA256 - G2

Certificate Chain Depth 0


Wildcard Subject Name *.setis.com.br

Asset augusta2.setis.com.br (10246798:DNA#DEVICE:AYK3SBTTdlLV8FYCmZZl)


Location 443/https/tcp
Evidence Subject /CN=*.setis.com.br
Issuer
/C=BE/O=GlobalSign nv-sa/CN=AlphaSSL CA - SHA256 - G2

Certificate Chain Depth 0


Wildcard Subject Name *.setis.com.br

19
Targets
Augusta1.setis.com.br
augusta2.setis.com.br

20
Scan Inventory
Asset Domain OS Location Application

177.8.172.26 setis.com.br FreeBSD 10.X


(Augusta1.setis. cpe:/h:cisco:7206vxr_router
com.br)

177.8.172.26:443/https/tcp

177.92.66.205 augusta2.setis.com. FreeBSD 10.X


(augusta2.setis.com. br cpe:/h:cisco:7206vxr_router
br)

443/https/tcp

21
Exception Vulnerability & Policy Violations
None

22
CONFIDENTIAL INFORMATION - FOR INTERNAL USE ONLY

This document is the property of SETIS Automação e Sistemas Ltda ; it contains information that is proprietary, confidential or otherwise restricted
from disclosure. If you are not an authorized recipient, please return this document to the above-named owner. Dissemination, distribution copying or
use of this document in whole or in part by anyone other than the intended recipient is strictly prohibited without prior written permission of SETIS
Automação e Sistemas Ltda and Trustwave.

www.trustwave.com

Copyright © 2023 Trustwave Holdings, Inc. All rights reserved.

23

You might also like