|
IP,Hostname,Port,Port Protocol,CVSS,Severity,QoD,Solution Type,NVT Name,Summary,Specific Result,NVT OID,CVEs,Task ID,Task Name,Timestamp,Result ID,Impact,Solution,Affected Software/OS,Vulnerability Insight,Vulnerability Detection Method,Product Detection Result,BIDs,CERTs,Other References
|
|
10.15.80.119,,135,tcp,5.0,Medium,80,"Mitigation","DCE/RPC and MSRPC Services Enumeration Reporting","Distributed Computing Environment / Remote Procedure Calls (DCE/RPC) or MSRPC services running
|
|
on the remote host can be enumerated by connecting on port 135 and doing the appropriate queries.","Here is the list of DCE/RPC or MSRPC services running on this host via the TCP protocol:
|
|
|
|
Port: 49664/tcp
|
|
|
|
UUID: 0b1c2170-5732-4e0e-8cd3-d9b16f3b84d7, version 0
|
|
Endpoint: ncacn_ip_tcp:10.15.80.119[49664]
|
|
Annotation: RemoteAccessCheck
|
|
|
|
UUID: 12345778-1234-abcd-ef00-0123456789ac, version 1
|
|
Endpoint: ncacn_ip_tcp:10.15.80.119[49664]
|
|
Named pipe : lsass
|
|
Win32 service or process : lsass.exe
|
|
Description : SAM access
|
|
|
|
UUID: 51a227ae-825b-41f2-b4a9-1ac9557a1018, version 1
|
|
Endpoint: ncacn_ip_tcp:10.15.80.119[49664]
|
|
Annotation: Ngc Pop Key Service
|
|
|
|
UUID: 8fb74744-b2ff-4c00-be0d-9ef9a191fe1b, version 1
|
|
Endpoint: ncacn_ip_tcp:10.15.80.119[49664]
|
|
Annotation: Ngc Pop Key Service
|
|
|
|
UUID: b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 2
|
|
Endpoint: ncacn_ip_tcp:10.15.80.119[49664]
|
|
Annotation: KeyIso
|
|
|
|
Port: 49665/tcp
|
|
|
|
UUID: d95afe70-a6d5-4259-822e-2c84da1ddb0d, version 1
|
|
Endpoint: ncacn_ip_tcp:10.15.80.119[49665]
|
|
|
|
Port: 49666/tcp
|
|
|
|
UUID: f6beaff7-1e19-4fbb-9f8f-b89e2018337c, version 1
|
|
Endpoint: ncacn_ip_tcp:10.15.80.119[49666]
|
|
Annotation: Event log TCPIP
|
|
|
|
Port: 49668/tcp
|
|
|
|
UUID: 3a9ef155-691d-4449-8d05-09ad57031823, version 1
|
|
Endpoint: ncacn_ip_tcp:10.15.80.119[49668]
|
|
|
|
UUID: 86d35949-83c9-4044-b424-db363231fd0c, version 1
|
|
Endpoint: ncacn_ip_tcp:10.15.80.119[49668]
|
|
|
|
Port: 49671/tcp
|
|
|
|
UUID: 0b6edbfa-4a24-4fc6-8a23-942b1eca65d1, version 1
|
|
Endpoint: ncacn_ip_tcp:10.15.80.119[49671]
|
|
|
|
UUID: 12345678-1234-abcd-ef00-0123456789ab, version 1
|
|
Endpoint: ncacn_ip_tcp:10.15.80.119[49671]
|
|
Named pipe : spoolss
|
|
Win32 service or process : spoolsv.exe
|
|
Description : Spooler service
|
|
|
|
UUID: 4a452661-8290-4b36-8fbe-7f4093a94978, version 1
|
|
Endpoint: ncacn_ip_tcp:10.15.80.119[49671]
|
|
|
|
UUID: 76f03f96-cdfd-44fc-a22c-64950a001209, version 1
|
|
Endpoint: ncacn_ip_tcp:10.15.80.119[49671]
|
|
|
|
UUID: ae33069b-a2a8-46ee-a235-ddfd339be281, version 1
|
|
Endpoint: ncacn_ip_tcp:10.15.80.119[49671]
|
|
|
|
Port: 49672/tcp
|
|
|
|
UUID: 0b1c2170-5732-4e0e-8cd3-d9b16f3b84d7, version 0
|
|
Endpoint: ncacn_ip_tcp:10.15.80.119[49672]
|
|
Annotation: RemoteAccessCheck
|
|
|
|
UUID: 51a227ae-825b-41f2-b4a9-1ac9557a1018, version 1
|
|
Endpoint: ncacn_ip_tcp:10.15.80.119[49672]
|
|
Annotation: Ngc Pop Key Service
|
|
|
|
UUID: 8fb74744-b2ff-4c00-be0d-9ef9a191fe1b, version 1
|
|
Endpoint: ncacn_ip_tcp:10.15.80.119[49672]
|
|
Annotation: Ngc Pop Key Service
|
|
|
|
UUID: b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 2
|
|
Endpoint: ncacn_ip_tcp:10.15.80.119[49672]
|
|
Annotation: KeyIso
|
|
|
|
Port: 49702/tcp
|
|
|
|
UUID: 367abb81-9844-35f1-ad32-98f038001003, version 2
|
|
Endpoint: ncacn_ip_tcp:10.15.80.119[49702]
|
|
|
|
Note: DCE/RPC or MSRPC services running on this host locally were identified. Reporting this list is not enabled by default due to the possible large size of this list. See the script preferences to enable this reporting.
|
|
",1.3.6.1.4.1.25623.1.0.10736,"",97d3b9c6-b7de-4565-aac1-3b93bde29055,"15.80-2-1",2024-06-10T12:02:22+08:00,5e99360c-809a-4f00-86cd-1313ea51353b,"An attacker may use this fact to gain more knowledge
|
|
about the remote host.","Filter incoming traffic to this ports.","","","
|
|
Details:
|
|
DCE/RPC and MSRPC Services Enumeration Reporting
|
|
(OID: 1.3.6.1.4.1.25623.1.0.10736)
|
|
Version used: 2022-06-03T18:17:07+08:00
|
|
","","","",""
|
|
10.15.80.136,,135,tcp,5.0,Medium,80,"Mitigation","DCE/RPC and MSRPC Services Enumeration Reporting","Distributed Computing Environment / Remote Procedure Calls (DCE/RPC) or MSRPC services running
|
|
on the remote host can be enumerated by connecting on port 135 and doing the appropriate queries.","Here is the list of DCE/RPC or MSRPC services running on this host via the TCP protocol:
|
|
|
|
Port: 49664/tcp
|
|
|
|
UUID: 0b1c2170-5732-4e0e-8cd3-d9b16f3b84d7, version 0
|
|
Endpoint: ncacn_ip_tcp:10.15.80.136[49664]
|
|
Annotation: RemoteAccessCheck
|
|
|
|
UUID: 12345778-1234-abcd-ef00-0123456789ac, version 1
|
|
Endpoint: ncacn_ip_tcp:10.15.80.136[49664]
|
|
Named pipe : lsass
|
|
Win32 service or process : lsass.exe
|
|
Description : SAM access
|
|
|
|
UUID: 51a227ae-825b-41f2-b4a9-1ac9557a1018, version 1
|
|
Endpoint: ncacn_ip_tcp:10.15.80.136[49664]
|
|
Annotation: Ngc Pop Key Service
|
|
|
|
UUID: 8fb74744-b2ff-4c00-be0d-9ef9a191fe1b, version 1
|
|
Endpoint: ncacn_ip_tcp:10.15.80.136[49664]
|
|
Annotation: Ngc Pop Key Service
|
|
|
|
UUID: b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 2
|
|
Endpoint: ncacn_ip_tcp:10.15.80.136[49664]
|
|
Annotation: KeyIso
|
|
|
|
Port: 49665/tcp
|
|
|
|
UUID: d95afe70-a6d5-4259-822e-2c84da1ddb0d, version 1
|
|
Endpoint: ncacn_ip_tcp:10.15.80.136[49665]
|
|
|
|
Port: 49666/tcp
|
|
|
|
UUID: 3a9ef155-691d-4449-8d05-09ad57031823, version 1
|
|
Endpoint: ncacn_ip_tcp:10.15.80.136[49666]
|
|
|
|
UUID: 86d35949-83c9-4044-b424-db363231fd0c, version 1
|
|
Endpoint: ncacn_ip_tcp:10.15.80.136[49666]
|
|
|
|
Port: 49667/tcp
|
|
|
|
UUID: f6beaff7-1e19-4fbb-9f8f-b89e2018337c, version 1
|
|
Endpoint: ncacn_ip_tcp:10.15.80.136[49667]
|
|
Annotation: Event log TCPIP
|
|
|
|
Port: 49669/tcp
|
|
|
|
UUID: 0b6edbfa-4a24-4fc6-8a23-942b1eca65d1, version 1
|
|
Endpoint: ncacn_ip_tcp:10.15.80.136[49669]
|
|
|
|
UUID: 12345678-1234-abcd-ef00-0123456789ab, version 1
|
|
Endpoint: ncacn_ip_tcp:10.15.80.136[49669]
|
|
Named pipe : spoolss
|
|
Win32 service or process : spoolsv.exe
|
|
Description : Spooler service
|
|
|
|
UUID: 4a452661-8290-4b36-8fbe-7f4093a94978, version 1
|
|
Endpoint: ncacn_ip_tcp:10.15.80.136[49669]
|
|
|
|
UUID: 76f03f96-cdfd-44fc-a22c-64950a001209, version 1
|
|
Endpoint: ncacn_ip_tcp:10.15.80.136[49669]
|
|
|
|
UUID: ae33069b-a2a8-46ee-a235-ddfd339be281, version 1
|
|
Endpoint: ncacn_ip_tcp:10.15.80.136[49669]
|
|
|
|
Port: 49670/tcp
|
|
|
|
UUID: 0b1c2170-5732-4e0e-8cd3-d9b16f3b84d7, version 0
|
|
Endpoint: ncacn_ip_tcp:10.15.80.136[49670]
|
|
Annotation: RemoteAccessCheck
|
|
|
|
UUID: 51a227ae-825b-41f2-b4a9-1ac9557a1018, version 1
|
|
Endpoint: ncacn_ip_tcp:10.15.80.136[49670]
|
|
Annotation: Ngc Pop Key Service
|
|
|
|
UUID: 8fb74744-b2ff-4c00-be0d-9ef9a191fe1b, version 1
|
|
Endpoint: ncacn_ip_tcp:10.15.80.136[49670]
|
|
Annotation: Ngc Pop Key Service
|
|
|
|
UUID: b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 2
|
|
Endpoint: ncacn_ip_tcp:10.15.80.136[49670]
|
|
Annotation: KeyIso
|
|
|
|
Port: 49703/tcp
|
|
|
|
UUID: 367abb81-9844-35f1-ad32-98f038001003, version 2
|
|
Endpoint: ncacn_ip_tcp:10.15.80.136[49703]
|
|
|
|
Note: DCE/RPC or MSRPC services running on this host locally were identified. Reporting this list is not enabled by default due to the possible large size of this list. See the script preferences to enable this reporting.
|
|
",1.3.6.1.4.1.25623.1.0.10736,"",97d3b9c6-b7de-4565-aac1-3b93bde29055,"15.80-2-1",2024-06-10T12:02:22+08:00,4113aca0-d2e8-4128-b9d4-9d703ac4eba8,"An attacker may use this fact to gain more knowledge
|
|
about the remote host.","Filter incoming traffic to this ports.","","","
|
|
Details:
|
|
DCE/RPC and MSRPC Services Enumeration Reporting
|
|
(OID: 1.3.6.1.4.1.25623.1.0.10736)
|
|
Version used: 2022-06-03T18:17:07+08:00
|
|
","","","",""
|
|
10.15.80.230,,80,tcp,4.8,Medium,80,"Workaround","Cleartext Transmission of Sensitive Information via HTTP","The host / application transmits sensitive information (username, passwords) in
|
|
cleartext via HTTP.","The following input fields were identified (URL:input name):
|
|
|
|
http://10.15.80.230/:PD
|
|
",1.3.6.1.4.1.25623.1.0.108440,"",97d3b9c6-b7de-4565-aac1-3b93bde29055,"15.80-2-1",2024-06-10T12:02:22+08:00,91a074d0-37bb-46e4-91e8-34fde407fe64,"An attacker could use this situation to compromise or eavesdrop on the
|
|
HTTP communication between the client and the server using a man-in-the-middle attack to get access to
|
|
sensitive data like usernames or passwords.","Enforce the transmission of sensitive data via an encrypted SSL/TLS connection.
|
|
Additionally make sure the host / application is redirecting all users to the secured SSL/TLS connection before
|
|
allowing to input sensitive data into the mentioned functions.","Hosts / applications which doesn't enforce the transmission of sensitive data via an
|
|
encrypted SSL/TLS connection.","","Evaluate previous collected information and check if the host / application is not
|
|
enforcing the transmission of sensitive data via an encrypted SSL/TLS connection.
|
|
|
|
The script is currently checking the following:
|
|
|
|
- HTTP Basic Authentication (Basic Auth)
|
|
|
|
- HTTP Forms (e.g. Login) with input field of type 'password'
|
|
Details:
|
|
Cleartext Transmission of Sensitive Information via HTTP
|
|
(OID: 1.3.6.1.4.1.25623.1.0.108440)
|
|
Version used: 2023-09-07T13:05:21+08:00
|
|
","","","",""
|
|
10.15.80.139,,,,2.6,Low,80,"Mitigation","TCP Timestamps Information Disclosure","The remote host implements TCP timestamps and therefore allows
|
|
to compute the uptime.","It was detected that the host implements RFC1323/RFC7323.
|
|
|
|
The following timestamps were retrieved with a delay of 1 seconds in-between:
|
|
Packet 1: 401070785
|
|
Packet 2: 401070895
|
|
",1.3.6.1.4.1.25623.1.0.80091,"",97d3b9c6-b7de-4565-aac1-3b93bde29055,"15.80-2-1",2024-06-10T12:02:22+08:00,a6de9a2d-afb0-4834-83fe-b4879c542a81,"A side effect of this feature is that the uptime of the remote
|
|
host can sometimes be computed.","To disable TCP timestamps on linux add the line
|
|
'net.ipv4.tcp_timestamps = 0' to /etc/sysctl.conf. Execute 'sysctl -p' to apply the settings at
|
|
runtime.
|
|
|
|
To disable TCP timestamps on Windows execute 'netsh int tcp set global timestamps=disabled'
|
|
|
|
Starting with Windows Server 2008 and Vista, the timestamp can not be completely disabled.
|
|
|
|
The default behavior of the TCP/IP stack on this Systems is to not use the Timestamp options when
|
|
initiating TCP connections, but use them if the TCP peer that is initiating communication includes
|
|
them in their synchronize (SYN) segment.
|
|
|
|
See the references for more information.","TCP implementations that implement RFC1323/RFC7323.","The remote host implements TCP timestamps, as defined by
|
|
RFC1323/RFC7323.","Special IP packets are forged and sent with a little delay in
|
|
between to the target IP. The responses are searched for a timestamps. If found, the timestamps
|
|
are reported.
|
|
Details:
|
|
TCP Timestamps Information Disclosure
|
|
(OID: 1.3.6.1.4.1.25623.1.0.80091)
|
|
Version used: 2023-12-16T00:10:08+08:00
|
|
","","","",""
|
|
10.15.80.254,,,,2.6,Low,80,"Mitigation","TCP Timestamps Information Disclosure","The remote host implements TCP timestamps and therefore allows
|
|
to compute the uptime.","It was detected that the host implements RFC1323/RFC7323.
|
|
|
|
The following timestamps were retrieved with a delay of 1 seconds in-between:
|
|
Packet 1: 401096768
|
|
Packet 2: 401096880
|
|
",1.3.6.1.4.1.25623.1.0.80091,"",97d3b9c6-b7de-4565-aac1-3b93bde29055,"15.80-2-1",2024-06-10T12:02:22+08:00,f79b7fce-278a-4484-b81f-29f02ebad52f,"A side effect of this feature is that the uptime of the remote
|
|
host can sometimes be computed.","To disable TCP timestamps on linux add the line
|
|
'net.ipv4.tcp_timestamps = 0' to /etc/sysctl.conf. Execute 'sysctl -p' to apply the settings at
|
|
runtime.
|
|
|
|
To disable TCP timestamps on Windows execute 'netsh int tcp set global timestamps=disabled'
|
|
|
|
Starting with Windows Server 2008 and Vista, the timestamp can not be completely disabled.
|
|
|
|
The default behavior of the TCP/IP stack on this Systems is to not use the Timestamp options when
|
|
initiating TCP connections, but use them if the TCP peer that is initiating communication includes
|
|
them in their synchronize (SYN) segment.
|
|
|
|
See the references for more information.","TCP implementations that implement RFC1323/RFC7323.","The remote host implements TCP timestamps, as defined by
|
|
RFC1323/RFC7323.","Special IP packets are forged and sent with a little delay in
|
|
between to the target IP. The responses are searched for a timestamps. If found, the timestamps
|
|
are reported.
|
|
Details:
|
|
TCP Timestamps Information Disclosure
|
|
(OID: 1.3.6.1.4.1.25623.1.0.80091)
|
|
Version used: 2023-12-16T00:10:08+08:00
|
|
","","","",""
|
|
10.15.80.153,,,,2.6,Low,80,"Mitigation","TCP Timestamps Information Disclosure","The remote host implements TCP timestamps and therefore allows
|
|
to compute the uptime.","It was detected that the host implements RFC1323/RFC7323.
|
|
|
|
The following timestamps were retrieved with a delay of 1 seconds in-between:
|
|
Packet 1: 401071308
|
|
Packet 2: 401071421
|
|
",1.3.6.1.4.1.25623.1.0.80091,"",97d3b9c6-b7de-4565-aac1-3b93bde29055,"15.80-2-1",2024-06-10T12:02:22+08:00,fdc47cef-92b1-42c8-9291-ed90ef64adf6,"A side effect of this feature is that the uptime of the remote
|
|
host can sometimes be computed.","To disable TCP timestamps on linux add the line
|
|
'net.ipv4.tcp_timestamps = 0' to /etc/sysctl.conf. Execute 'sysctl -p' to apply the settings at
|
|
runtime.
|
|
|
|
To disable TCP timestamps on Windows execute 'netsh int tcp set global timestamps=disabled'
|
|
|
|
Starting with Windows Server 2008 and Vista, the timestamp can not be completely disabled.
|
|
|
|
The default behavior of the TCP/IP stack on this Systems is to not use the Timestamp options when
|
|
initiating TCP connections, but use them if the TCP peer that is initiating communication includes
|
|
them in their synchronize (SYN) segment.
|
|
|
|
See the references for more information.","TCP implementations that implement RFC1323/RFC7323.","The remote host implements TCP timestamps, as defined by
|
|
RFC1323/RFC7323.","Special IP packets are forged and sent with a little delay in
|
|
between to the target IP. The responses are searched for a timestamps. If found, the timestamps
|
|
are reported.
|
|
Details:
|
|
TCP Timestamps Information Disclosure
|
|
(OID: 1.3.6.1.4.1.25623.1.0.80091)
|
|
Version used: 2023-12-16T00:10:08+08:00
|
|
","","","",""
|
|
10.15.80.111,,,,2.6,Low,80,"Mitigation","TCP Timestamps Information Disclosure","The remote host implements TCP timestamps and therefore allows
|
|
to compute the uptime.","It was detected that the host implements RFC1323/RFC7323.
|
|
|
|
The following timestamps were retrieved with a delay of 1 seconds in-between:
|
|
Packet 1: 401074197
|
|
Packet 2: 401074309
|
|
",1.3.6.1.4.1.25623.1.0.80091,"",97d3b9c6-b7de-4565-aac1-3b93bde29055,"15.80-2-1",2024-06-10T12:02:22+08:00,9fef6b2b-9e0e-4ab7-adc2-1d474a359e62,"A side effect of this feature is that the uptime of the remote
|
|
host can sometimes be computed.","To disable TCP timestamps on linux add the line
|
|
'net.ipv4.tcp_timestamps = 0' to /etc/sysctl.conf. Execute 'sysctl -p' to apply the settings at
|
|
runtime.
|
|
|
|
To disable TCP timestamps on Windows execute 'netsh int tcp set global timestamps=disabled'
|
|
|
|
Starting with Windows Server 2008 and Vista, the timestamp can not be completely disabled.
|
|
|
|
The default behavior of the TCP/IP stack on this Systems is to not use the Timestamp options when
|
|
initiating TCP connections, but use them if the TCP peer that is initiating communication includes
|
|
them in their synchronize (SYN) segment.
|
|
|
|
See the references for more information.","TCP implementations that implement RFC1323/RFC7323.","The remote host implements TCP timestamps, as defined by
|
|
RFC1323/RFC7323.","Special IP packets are forged and sent with a little delay in
|
|
between to the target IP. The responses are searched for a timestamps. If found, the timestamps
|
|
are reported.
|
|
Details:
|
|
TCP Timestamps Information Disclosure
|
|
(OID: 1.3.6.1.4.1.25623.1.0.80091)
|
|
Version used: 2023-12-16T00:10:08+08:00
|
|
","","","",""
|
|
10.15.80.120,,,,2.6,Low,80,"Mitigation","TCP Timestamps Information Disclosure","The remote host implements TCP timestamps and therefore allows
|
|
to compute the uptime.","It was detected that the host implements RFC1323/RFC7323.
|
|
|
|
The following timestamps were retrieved with a delay of 1 seconds in-between:
|
|
Packet 1: 401084095
|
|
Packet 2: 401084207
|
|
",1.3.6.1.4.1.25623.1.0.80091,"",97d3b9c6-b7de-4565-aac1-3b93bde29055,"15.80-2-1",2024-06-10T12:02:22+08:00,21031af7-20cf-4dad-b982-47f84ac39455,"A side effect of this feature is that the uptime of the remote
|
|
host can sometimes be computed.","To disable TCP timestamps on linux add the line
|
|
'net.ipv4.tcp_timestamps = 0' to /etc/sysctl.conf. Execute 'sysctl -p' to apply the settings at
|
|
runtime.
|
|
|
|
To disable TCP timestamps on Windows execute 'netsh int tcp set global timestamps=disabled'
|
|
|
|
Starting with Windows Server 2008 and Vista, the timestamp can not be completely disabled.
|
|
|
|
The default behavior of the TCP/IP stack on this Systems is to not use the Timestamp options when
|
|
initiating TCP connections, but use them if the TCP peer that is initiating communication includes
|
|
them in their synchronize (SYN) segment.
|
|
|
|
See the references for more information.","TCP implementations that implement RFC1323/RFC7323.","The remote host implements TCP timestamps, as defined by
|
|
RFC1323/RFC7323.","Special IP packets are forged and sent with a little delay in
|
|
between to the target IP. The responses are searched for a timestamps. If found, the timestamps
|
|
are reported.
|
|
Details:
|
|
TCP Timestamps Information Disclosure
|
|
(OID: 1.3.6.1.4.1.25623.1.0.80091)
|
|
Version used: 2023-12-16T00:10:08+08:00
|
|
","","","",""
|
|
10.15.80.230,,,,2.6,Low,80,"Mitigation","TCP Timestamps Information Disclosure","The remote host implements TCP timestamps and therefore allows
|
|
to compute the uptime.","It was detected that the host implements RFC1323/RFC7323.
|
|
|
|
The following timestamps were retrieved with a delay of 1 seconds in-between:
|
|
Packet 1: 401221408
|
|
Packet 2: 401221518
|
|
",1.3.6.1.4.1.25623.1.0.80091,"",97d3b9c6-b7de-4565-aac1-3b93bde29055,"15.80-2-1",2024-06-10T12:02:22+08:00,3b3f9c12-24a5-4c2a-9901-6727f032f2af,"A side effect of this feature is that the uptime of the remote
|
|
host can sometimes be computed.","To disable TCP timestamps on linux add the line
|
|
'net.ipv4.tcp_timestamps = 0' to /etc/sysctl.conf. Execute 'sysctl -p' to apply the settings at
|
|
runtime.
|
|
|
|
To disable TCP timestamps on Windows execute 'netsh int tcp set global timestamps=disabled'
|
|
|
|
Starting with Windows Server 2008 and Vista, the timestamp can not be completely disabled.
|
|
|
|
The default behavior of the TCP/IP stack on this Systems is to not use the Timestamp options when
|
|
initiating TCP connections, but use them if the TCP peer that is initiating communication includes
|
|
them in their synchronize (SYN) segment.
|
|
|
|
See the references for more information.","TCP implementations that implement RFC1323/RFC7323.","The remote host implements TCP timestamps, as defined by
|
|
RFC1323/RFC7323.","Special IP packets are forged and sent with a little delay in
|
|
between to the target IP. The responses are searched for a timestamps. If found, the timestamps
|
|
are reported.
|
|
Details:
|
|
TCP Timestamps Information Disclosure
|
|
(OID: 1.3.6.1.4.1.25623.1.0.80091)
|
|
Version used: 2023-12-16T00:10:08+08:00
|
|
","","","",""
|
|
10.15.80.139,,,,2.1,Low,80,"Mitigation","ICMP Timestamp Reply Information Disclosure","The remote host responded to an ICMP timestamp request.","The following response / ICMP packet has been received:
|
|
- ICMP Type: 14
|
|
- ICMP Code: 0
|
|
",1.3.6.1.4.1.25623.1.0.103190,"CVE-1999-0524",97d3b9c6-b7de-4565-aac1-3b93bde29055,"15.80-2-1",2024-06-10T12:02:22+08:00,4b9add95-cb58-4871-850a-4d5d1efaca85,"This information could theoretically be used to exploit weak
|
|
time-based random number generators in other services.","Various mitigations are possible:
|
|
|
|
- Disable the support for ICMP timestamp on the remote host completely
|
|
|
|
- Protect the remote host by a firewall, and block ICMP packets passing through the firewall in
|
|
either direction (either completely or only for untrusted networks)","","The Timestamp Reply is an ICMP message which replies to a
|
|
Timestamp message. It consists of the originating timestamp sent by the sender of the Timestamp as
|
|
well as a receive timestamp and a transmit timestamp.","Sends an ICMP Timestamp (Type 13) request and checks if a
|
|
Timestamp Reply (Type 14) is received.
|
|
Details:
|
|
ICMP Timestamp Reply Information Disclosure
|
|
(OID: 1.3.6.1.4.1.25623.1.0.103190)
|
|
Version used: 2023-05-11T17:09:33+08:00
|
|
","","","DFN-CERT-2014-0658,CB-K15/1514,CB-K14/0632",""
|
|
10.15.80.254,,,,2.1,Low,80,"Mitigation","ICMP Timestamp Reply Information Disclosure","The remote host responded to an ICMP timestamp request.","The following response / ICMP packet has been received:
|
|
- ICMP Type: 14
|
|
- ICMP Code: 0
|
|
",1.3.6.1.4.1.25623.1.0.103190,"CVE-1999-0524",97d3b9c6-b7de-4565-aac1-3b93bde29055,"15.80-2-1",2024-06-10T12:02:22+08:00,3ffaedaa-5437-47a8-9730-a2faad663d79,"This information could theoretically be used to exploit weak
|
|
time-based random number generators in other services.","Various mitigations are possible:
|
|
|
|
- Disable the support for ICMP timestamp on the remote host completely
|
|
|
|
- Protect the remote host by a firewall, and block ICMP packets passing through the firewall in
|
|
either direction (either completely or only for untrusted networks)","","The Timestamp Reply is an ICMP message which replies to a
|
|
Timestamp message. It consists of the originating timestamp sent by the sender of the Timestamp as
|
|
well as a receive timestamp and a transmit timestamp.","Sends an ICMP Timestamp (Type 13) request and checks if a
|
|
Timestamp Reply (Type 14) is received.
|
|
Details:
|
|
ICMP Timestamp Reply Information Disclosure
|
|
(OID: 1.3.6.1.4.1.25623.1.0.103190)
|
|
Version used: 2023-05-11T17:09:33+08:00
|
|
","","","DFN-CERT-2014-0658,CB-K15/1514,CB-K14/0632",""
|
|
10.15.80.120,,,,2.1,Low,80,"Mitigation","ICMP Timestamp Reply Information Disclosure","The remote host responded to an ICMP timestamp request.","The following response / ICMP packet has been received:
|
|
- ICMP Type: 14
|
|
- ICMP Code: 0
|
|
",1.3.6.1.4.1.25623.1.0.103190,"CVE-1999-0524",97d3b9c6-b7de-4565-aac1-3b93bde29055,"15.80-2-1",2024-06-10T12:02:22+08:00,6d6f5618-0700-43c0-a292-11f7621745b8,"This information could theoretically be used to exploit weak
|
|
time-based random number generators in other services.","Various mitigations are possible:
|
|
|
|
- Disable the support for ICMP timestamp on the remote host completely
|
|
|
|
- Protect the remote host by a firewall, and block ICMP packets passing through the firewall in
|
|
either direction (either completely or only for untrusted networks)","","The Timestamp Reply is an ICMP message which replies to a
|
|
Timestamp message. It consists of the originating timestamp sent by the sender of the Timestamp as
|
|
well as a receive timestamp and a transmit timestamp.","Sends an ICMP Timestamp (Type 13) request and checks if a
|
|
Timestamp Reply (Type 14) is received.
|
|
Details:
|
|
ICMP Timestamp Reply Information Disclosure
|
|
(OID: 1.3.6.1.4.1.25623.1.0.103190)
|
|
Version used: 2023-05-11T17:09:33+08:00
|
|
","","","DFN-CERT-2014-0658,CB-K15/1514,CB-K14/0632",""
|
|
10.15.80.153,,,,2.1,Low,80,"Mitigation","ICMP Timestamp Reply Information Disclosure","The remote host responded to an ICMP timestamp request.","The following response / ICMP packet has been received:
|
|
- ICMP Type: 14
|
|
- ICMP Code: 0
|
|
",1.3.6.1.4.1.25623.1.0.103190,"CVE-1999-0524",97d3b9c6-b7de-4565-aac1-3b93bde29055,"15.80-2-1",2024-06-10T12:02:22+08:00,53093a23-265e-430e-9a02-94fffcaf9a05,"This information could theoretically be used to exploit weak
|
|
time-based random number generators in other services.","Various mitigations are possible:
|
|
|
|
- Disable the support for ICMP timestamp on the remote host completely
|
|
|
|
- Protect the remote host by a firewall, and block ICMP packets passing through the firewall in
|
|
either direction (either completely or only for untrusted networks)","","The Timestamp Reply is an ICMP message which replies to a
|
|
Timestamp message. It consists of the originating timestamp sent by the sender of the Timestamp as
|
|
well as a receive timestamp and a transmit timestamp.","Sends an ICMP Timestamp (Type 13) request and checks if a
|
|
Timestamp Reply (Type 14) is received.
|
|
Details:
|
|
ICMP Timestamp Reply Information Disclosure
|
|
(OID: 1.3.6.1.4.1.25623.1.0.103190)
|
|
Version used: 2023-05-11T17:09:33+08:00
|
|
","","","DFN-CERT-2014-0658,CB-K15/1514,CB-K14/0632",""
|
