|
IP,Hostname,Port,Port Protocol,CVSS,Severity,QoD,Solution Type,NVT Name,Summary,Specific Result,NVT OID,CVEs,Task ID,Task Name,Timestamp,Result ID,Impact,Solution,Affected Software/OS,Vulnerability Insight,Vulnerability Detection Method,Product Detection Result,BIDs,CERTs,Other References
|
|
10.15.81.50,,22,tcp,5.3,Medium,80,"Mitigation","Weak Host Key Algorithm(s) (SSH)","The remote SSH server is configured to allow / support weak host
|
|
key algorithm(s).","The remote SSH server supports the following weak host key algorithm(s):
|
|
|
|
host key algorithm | Description
|
|
-----------------------------------------------------------------------------------------
|
|
ssh-dss | Digital Signature Algorithm (DSA) / Digital Signature Standard (DSS)
|
|
",1.3.6.1.4.1.25623.1.0.117687,"",f6a187c7-eccc-4e84-9682-4dea7a8478fa,"15.81-2-2",2024-06-11T12:02:18+08:00,88b1b8d5-8aab-4a92-8fbd-9b844b2eb3a4,"","Disable the reported weak host key algorithm(s).","","","Checks the supported host key algorithms of the remote SSH
|
|
server.
|
|
|
|
Currently weak host key algorithms are defined as the following:
|
|
|
|
- ssh-dss: Digital Signature Algorithm (DSA) / Digital Signature Standard (DSS)
|
|
Details:
|
|
Weak Host Key Algorithm(s) (SSH)
|
|
(OID: 1.3.6.1.4.1.25623.1.0.117687)
|
|
Version used: 2023-10-12T13:05:32+08:00
|
|
","","","",""
|
|
10.15.81.50,,22,tcp,5.3,Medium,80,"Mitigation","Weak Key Exchange (KEX) Algorithm(s) Supported (SSH)","The remote SSH server is configured to allow / support weak key
|
|
exchange (KEX) algorithm(s).","The remote SSH server supports the following weak KEX algorithm(s):
|
|
|
|
KEX algorithm | Reason
|
|
-----------------------------------------------------------------------------------
|
|
diffie-hellman-group1-sha1 | Using Oakley Group 2 (a 1024-bit MODP group) and SHA-1
|
|
",1.3.6.1.4.1.25623.1.0.150713,"",f6a187c7-eccc-4e84-9682-4dea7a8478fa,"15.81-2-2",2024-06-11T12:02:18+08:00,cc4562e9-fe8a-4966-8db2-77a2c1023e41,"An attacker can quickly break individual connections.","Disable the reported weak KEX algorithm(s)
|
|
|
|
- 1024-bit MODP group / prime KEX algorithms:
|
|
|
|
Alternatively use elliptic-curve Diffie-Hellmann in general, e.g. Curve 25519.","","'- 1024-bit MODP group / prime KEX algorithms:
|
|
|
|
Millions of HTTPS, SSH, and VPN servers all use the same prime numbers for Diffie-Hellman key
|
|
exchange. Practitioners believed this was safe as long as new key exchange messages were generated
|
|
for every connection. However, the first step in the number field sieve-the most efficient
|
|
algorithm for breaking a Diffie-Hellman connection-is dependent only on this prime.
|
|
|
|
A nation-state can break a 1024-bit prime.","Checks the supported KEX algorithms of the remote SSH server.
|
|
|
|
Currently weak KEX algorithms are defined as the following:
|
|
|
|
- non-elliptic-curve Diffie-Hellmann (DH) KEX algorithms with 1024-bit MODP group / prime
|
|
|
|
- ephemerally generated key exchange groups uses SHA-1
|
|
|
|
- using RSA 1024-bit modulus key
|
|
Details:
|
|
Weak Key Exchange (KEX) Algorithm(s) Supported (SSH)
|
|
(OID: 1.3.6.1.4.1.25623.1.0.150713)
|
|
Version used: 2023-10-12T13:05:32+08:00
|
|
","","","",""
|
|
10.15.81.58,,135,tcp,5.0,Medium,80,"Mitigation","DCE/RPC and MSRPC Services Enumeration Reporting","Distributed Computing Environment / Remote Procedure Calls (DCE/RPC) or MSRPC services running
|
|
on the remote host can be enumerated by connecting on port 135 and doing the appropriate queries.","Here is the list of DCE/RPC or MSRPC services running on this host via the TCP protocol:
|
|
|
|
Port: 49664/tcp
|
|
|
|
UUID: 0b1c2170-5732-4e0e-8cd3-d9b16f3b84d7, version 0
|
|
Endpoint: ncacn_ip_tcp:10.15.81.58[49664]
|
|
Annotation: RemoteAccessCheck
|
|
|
|
UUID: 12345778-1234-abcd-ef00-0123456789ac, version 1
|
|
Endpoint: ncacn_ip_tcp:10.15.81.58[49664]
|
|
Named pipe : lsass
|
|
Win32 service or process : lsass.exe
|
|
Description : SAM access
|
|
|
|
UUID: 51a227ae-825b-41f2-b4a9-1ac9557a1018, version 1
|
|
Endpoint: ncacn_ip_tcp:10.15.81.58[49664]
|
|
Annotation: Ngc Pop Key Service
|
|
|
|
UUID: 8fb74744-b2ff-4c00-be0d-9ef9a191fe1b, version 1
|
|
Endpoint: ncacn_ip_tcp:10.15.81.58[49664]
|
|
Annotation: Ngc Pop Key Service
|
|
|
|
UUID: b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 2
|
|
Endpoint: ncacn_ip_tcp:10.15.81.58[49664]
|
|
Annotation: KeyIso
|
|
|
|
Port: 49665/tcp
|
|
|
|
UUID: d95afe70-a6d5-4259-822e-2c84da1ddb0d, version 1
|
|
Endpoint: ncacn_ip_tcp:10.15.81.58[49665]
|
|
|
|
Port: 49666/tcp
|
|
|
|
UUID: f6beaff7-1e19-4fbb-9f8f-b89e2018337c, version 1
|
|
Endpoint: ncacn_ip_tcp:10.15.81.58[49666]
|
|
Annotation: Event log TCPIP
|
|
|
|
Port: 49667/tcp
|
|
|
|
UUID: 3a9ef155-691d-4449-8d05-09ad57031823, version 1
|
|
Endpoint: ncacn_ip_tcp:10.15.81.58[49667]
|
|
|
|
UUID: 86d35949-83c9-4044-b424-db363231fd0c, version 1
|
|
Endpoint: ncacn_ip_tcp:10.15.81.58[49667]
|
|
|
|
Port: 49669/tcp
|
|
|
|
UUID: 0b6edbfa-4a24-4fc6-8a23-942b1eca65d1, version 1
|
|
Endpoint: ncacn_ip_tcp:10.15.81.58[49669]
|
|
|
|
UUID: 12345678-1234-abcd-ef00-0123456789ab, version 1
|
|
Endpoint: ncacn_ip_tcp:10.15.81.58[49669]
|
|
Named pipe : spoolss
|
|
Win32 service or process : spoolsv.exe
|
|
Description : Spooler service
|
|
|
|
UUID: 4a452661-8290-4b36-8fbe-7f4093a94978, version 1
|
|
Endpoint: ncacn_ip_tcp:10.15.81.58[49669]
|
|
|
|
UUID: 76f03f96-cdfd-44fc-a22c-64950a001209, version 1
|
|
Endpoint: ncacn_ip_tcp:10.15.81.58[49669]
|
|
|
|
UUID: ae33069b-a2a8-46ee-a235-ddfd339be281, version 1
|
|
Endpoint: ncacn_ip_tcp:10.15.81.58[49669]
|
|
|
|
Port: 49671/tcp
|
|
|
|
UUID: 0b1c2170-5732-4e0e-8cd3-d9b16f3b84d7, version 0
|
|
Endpoint: ncacn_ip_tcp:10.15.81.58[49671]
|
|
Annotation: RemoteAccessCheck
|
|
|
|
UUID: 51a227ae-825b-41f2-b4a9-1ac9557a1018, version 1
|
|
Endpoint: ncacn_ip_tcp:10.15.81.58[49671]
|
|
Annotation: Ngc Pop Key Service
|
|
|
|
UUID: 8fb74744-b2ff-4c00-be0d-9ef9a191fe1b, version 1
|
|
Endpoint: ncacn_ip_tcp:10.15.81.58[49671]
|
|
Annotation: Ngc Pop Key Service
|
|
|
|
UUID: b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 2
|
|
Endpoint: ncacn_ip_tcp:10.15.81.58[49671]
|
|
Annotation: KeyIso
|
|
|
|
Port: 49705/tcp
|
|
|
|
UUID: 367abb81-9844-35f1-ad32-98f038001003, version 2
|
|
Endpoint: ncacn_ip_tcp:10.15.81.58[49705]
|
|
|
|
Note: DCE/RPC or MSRPC services running on this host locally were identified. Reporting this list is not enabled by default due to the possible large size of this list. See the script preferences to enable this reporting.
|
|
",1.3.6.1.4.1.25623.1.0.10736,"",f6a187c7-eccc-4e84-9682-4dea7a8478fa,"15.81-2-2",2024-06-11T12:02:18+08:00,0b1e9ddc-b5b7-4962-ab9e-ae595cad0637,"An attacker may use this fact to gain more knowledge
|
|
about the remote host.","Filter incoming traffic to this ports.","","","
|
|
Details:
|
|
DCE/RPC and MSRPC Services Enumeration Reporting
|
|
(OID: 1.3.6.1.4.1.25623.1.0.10736)
|
|
Version used: 2022-06-03T18:17:07+08:00
|
|
","","","",""
|
|
10.15.81.54,,23,tcp,4.8,Medium,70,"Mitigation","Telnet Unencrypted Cleartext Login","The remote host is running a Telnet service that allows cleartext logins over
|
|
unencrypted connections.","Vulnerability was detected according to the Vulnerability Detection Method.",1.3.6.1.4.1.25623.1.0.108522,"",f6a187c7-eccc-4e84-9682-4dea7a8478fa,"15.81-2-2",2024-06-11T12:02:18+08:00,456d182f-e477-4c7c-9d01-e785fed8530a,"An attacker can uncover login names and passwords by sniffing traffic to the
|
|
Telnet service.","Replace Telnet with a protocol like SSH which supports encrypted connections.","","","
|
|
Details:
|
|
Telnet Unencrypted Cleartext Login
|
|
(OID: 1.3.6.1.4.1.25623.1.0.108522)
|
|
Version used: 2023-10-13T13:06:09+08:00
|
|
","","","",""
|
|
10.15.81.50,,22,tcp,4.3,Medium,80,"Mitigation","Weak Encryption Algorithm(s) Supported (SSH)","The remote SSH server is configured to allow / support weak
|
|
encryption algorithm(s).","The remote SSH server supports the following weak client-to-server encryption algorithm(s):
|
|
|
|
3des-cbc
|
|
aes128-cbc
|
|
aes256-cbc
|
|
twofish-cbc
|
|
twofish128-cbc
|
|
twofish256-cbc
|
|
|
|
|
|
The remote SSH server supports the following weak server-to-client encryption algorithm(s):
|
|
|
|
3des-cbc
|
|
aes128-cbc
|
|
aes256-cbc
|
|
twofish-cbc
|
|
twofish128-cbc
|
|
twofish256-cbc
|
|
",1.3.6.1.4.1.25623.1.0.105611,"",f6a187c7-eccc-4e84-9682-4dea7a8478fa,"15.81-2-2",2024-06-11T12:02:18+08:00,90ae6629-6cdc-4492-a1a8-ee6ba2912c9a,"","Disable the reported weak encryption algorithm(s).","","'- The 'arcfour' cipher is the Arcfour stream cipher with 128-bit
|
|
keys. The Arcfour cipher is believed to be compatible with the RC4 cipher [SCHNEIER]. Arcfour
|
|
(and RC4) has problems with weak keys, and should not be used anymore.
|
|
|
|
- The 'none' algorithm specifies that no encryption is to be done. Note that this method provides
|
|
no confidentiality protection, and it is NOT RECOMMENDED to use it.
|
|
|
|
- A vulnerability exists in SSH messages that employ CBC mode that may allow an attacker to
|
|
recover plaintext from a block of ciphertext.","Checks the supported encryption algorithms (client-to-server
|
|
and server-to-client) of the remote SSH server.
|
|
|
|
Currently weak encryption algorithms are defined as the following:
|
|
|
|
- Arcfour (RC4) cipher based algorithms
|
|
|
|
- 'none' algorithm
|
|
|
|
- CBC mode cipher based algorithms
|
|
Details:
|
|
Weak Encryption Algorithm(s) Supported (SSH)
|
|
(OID: 1.3.6.1.4.1.25623.1.0.105611)
|
|
Version used: 2023-10-12T13:05:32+08:00
|
|
","","","",""
|
|
10.15.81.54,,,,2.6,Low,80,"Mitigation","TCP Timestamps Information Disclosure","The remote host implements TCP timestamps and therefore allows
|
|
to compute the uptime.","It was detected that the host implements RFC1323/RFC7323.
|
|
|
|
The following timestamps were retrieved with a delay of 1 seconds in-between:
|
|
Packet 1: 231579111
|
|
Packet 2: 231579224
|
|
",1.3.6.1.4.1.25623.1.0.80091,"",f6a187c7-eccc-4e84-9682-4dea7a8478fa,"15.81-2-2",2024-06-11T12:02:18+08:00,81de824f-d79f-4b35-b81d-9df2296eebe9,"A side effect of this feature is that the uptime of the remote
|
|
host can sometimes be computed.","To disable TCP timestamps on linux add the line
|
|
'net.ipv4.tcp_timestamps = 0' to /etc/sysctl.conf. Execute 'sysctl -p' to apply the settings at
|
|
runtime.
|
|
|
|
To disable TCP timestamps on Windows execute 'netsh int tcp set global timestamps=disabled'
|
|
|
|
Starting with Windows Server 2008 and Vista, the timestamp can not be completely disabled.
|
|
|
|
The default behavior of the TCP/IP stack on this Systems is to not use the Timestamp options when
|
|
initiating TCP connections, but use them if the TCP peer that is initiating communication includes
|
|
them in their synchronize (SYN) segment.
|
|
|
|
See the references for more information.","TCP implementations that implement RFC1323/RFC7323.","The remote host implements TCP timestamps, as defined by
|
|
RFC1323/RFC7323.","Special IP packets are forged and sent with a little delay in
|
|
between to the target IP. The responses are searched for a timestamps. If found, the timestamps
|
|
are reported.
|
|
Details:
|
|
TCP Timestamps Information Disclosure
|
|
(OID: 1.3.6.1.4.1.25623.1.0.80091)
|
|
Version used: 2023-12-16T00:10:08+08:00
|
|
","","","",""
|
|
10.15.81.254,,,,2.6,Low,80,"Mitigation","TCP Timestamps Information Disclosure","The remote host implements TCP timestamps and therefore allows
|
|
to compute the uptime.","It was detected that the host implements RFC1323/RFC7323.
|
|
|
|
The following timestamps were retrieved with a delay of 1 seconds in-between:
|
|
Packet 1: 231540858
|
|
Packet 2: 231540977
|
|
",1.3.6.1.4.1.25623.1.0.80091,"",f6a187c7-eccc-4e84-9682-4dea7a8478fa,"15.81-2-2",2024-06-11T12:02:18+08:00,85e421ec-6256-49c4-a495-ed2ed4086359,"A side effect of this feature is that the uptime of the remote
|
|
host can sometimes be computed.","To disable TCP timestamps on linux add the line
|
|
'net.ipv4.tcp_timestamps = 0' to /etc/sysctl.conf. Execute 'sysctl -p' to apply the settings at
|
|
runtime.
|
|
|
|
To disable TCP timestamps on Windows execute 'netsh int tcp set global timestamps=disabled'
|
|
|
|
Starting with Windows Server 2008 and Vista, the timestamp can not be completely disabled.
|
|
|
|
The default behavior of the TCP/IP stack on this Systems is to not use the Timestamp options when
|
|
initiating TCP connections, but use them if the TCP peer that is initiating communication includes
|
|
them in their synchronize (SYN) segment.
|
|
|
|
See the references for more information.","TCP implementations that implement RFC1323/RFC7323.","The remote host implements TCP timestamps, as defined by
|
|
RFC1323/RFC7323.","Special IP packets are forged and sent with a little delay in
|
|
between to the target IP. The responses are searched for a timestamps. If found, the timestamps
|
|
are reported.
|
|
Details:
|
|
TCP Timestamps Information Disclosure
|
|
(OID: 1.3.6.1.4.1.25623.1.0.80091)
|
|
Version used: 2023-12-16T00:10:08+08:00
|
|
","","","",""
|
|
10.15.81.230,,,,2.6,Low,80,"Mitigation","TCP Timestamps Information Disclosure","The remote host implements TCP timestamps and therefore allows
|
|
to compute the uptime.","It was detected that the host implements RFC1323/RFC7323.
|
|
|
|
The following timestamps were retrieved with a delay of 1 seconds in-between:
|
|
Packet 1: 231604491
|
|
Packet 2: 231604606
|
|
",1.3.6.1.4.1.25623.1.0.80091,"",f6a187c7-eccc-4e84-9682-4dea7a8478fa,"15.81-2-2",2024-06-11T12:02:18+08:00,43e20170-4a97-455e-a918-e94283e4cd91,"A side effect of this feature is that the uptime of the remote
|
|
host can sometimes be computed.","To disable TCP timestamps on linux add the line
|
|
'net.ipv4.tcp_timestamps = 0' to /etc/sysctl.conf. Execute 'sysctl -p' to apply the settings at
|
|
runtime.
|
|
|
|
To disable TCP timestamps on Windows execute 'netsh int tcp set global timestamps=disabled'
|
|
|
|
Starting with Windows Server 2008 and Vista, the timestamp can not be completely disabled.
|
|
|
|
The default behavior of the TCP/IP stack on this Systems is to not use the Timestamp options when
|
|
initiating TCP connections, but use them if the TCP peer that is initiating communication includes
|
|
them in their synchronize (SYN) segment.
|
|
|
|
See the references for more information.","TCP implementations that implement RFC1323/RFC7323.","The remote host implements TCP timestamps, as defined by
|
|
RFC1323/RFC7323.","Special IP packets are forged and sent with a little delay in
|
|
between to the target IP. The responses are searched for a timestamps. If found, the timestamps
|
|
are reported.
|
|
Details:
|
|
TCP Timestamps Information Disclosure
|
|
(OID: 1.3.6.1.4.1.25623.1.0.80091)
|
|
Version used: 2023-12-16T00:10:08+08:00
|
|
","","","",""
|
|
10.15.81.55,,,,2.6,Low,80,"Mitigation","TCP Timestamps Information Disclosure","The remote host implements TCP timestamps and therefore allows
|
|
to compute the uptime.","It was detected that the host implements RFC1323/RFC7323.
|
|
|
|
The following timestamps were retrieved with a delay of 1 seconds in-between:
|
|
Packet 1: 231566105
|
|
Packet 2: 231566223
|
|
",1.3.6.1.4.1.25623.1.0.80091,"",f6a187c7-eccc-4e84-9682-4dea7a8478fa,"15.81-2-2",2024-06-11T12:02:18+08:00,3911b67e-cd8f-4a41-83af-46247a6cc8b4,"A side effect of this feature is that the uptime of the remote
|
|
host can sometimes be computed.","To disable TCP timestamps on linux add the line
|
|
'net.ipv4.tcp_timestamps = 0' to /etc/sysctl.conf. Execute 'sysctl -p' to apply the settings at
|
|
runtime.
|
|
|
|
To disable TCP timestamps on Windows execute 'netsh int tcp set global timestamps=disabled'
|
|
|
|
Starting with Windows Server 2008 and Vista, the timestamp can not be completely disabled.
|
|
|
|
The default behavior of the TCP/IP stack on this Systems is to not use the Timestamp options when
|
|
initiating TCP connections, but use them if the TCP peer that is initiating communication includes
|
|
them in their synchronize (SYN) segment.
|
|
|
|
See the references for more information.","TCP implementations that implement RFC1323/RFC7323.","The remote host implements TCP timestamps, as defined by
|
|
RFC1323/RFC7323.","Special IP packets are forged and sent with a little delay in
|
|
between to the target IP. The responses are searched for a timestamps. If found, the timestamps
|
|
are reported.
|
|
Details:
|
|
TCP Timestamps Information Disclosure
|
|
(OID: 1.3.6.1.4.1.25623.1.0.80091)
|
|
Version used: 2023-12-16T00:10:08+08:00
|
|
","","","",""
|
|
10.15.81.50,,,,2.6,Low,80,"Mitigation","TCP Timestamps Information Disclosure","The remote host implements TCP timestamps and therefore allows
|
|
to compute the uptime.","It was detected that the host implements RFC1323/RFC7323.
|
|
|
|
The following timestamps were retrieved with a delay of 1 seconds in-between:
|
|
Packet 1: 578850669
|
|
Packet 2: 578850963
|
|
",1.3.6.1.4.1.25623.1.0.80091,"",f6a187c7-eccc-4e84-9682-4dea7a8478fa,"15.81-2-2",2024-06-11T12:02:18+08:00,4fffd4cd-0275-4998-99f6-10671d2921a5,"A side effect of this feature is that the uptime of the remote
|
|
host can sometimes be computed.","To disable TCP timestamps on linux add the line
|
|
'net.ipv4.tcp_timestamps = 0' to /etc/sysctl.conf. Execute 'sysctl -p' to apply the settings at
|
|
runtime.
|
|
|
|
To disable TCP timestamps on Windows execute 'netsh int tcp set global timestamps=disabled'
|
|
|
|
Starting with Windows Server 2008 and Vista, the timestamp can not be completely disabled.
|
|
|
|
The default behavior of the TCP/IP stack on this Systems is to not use the Timestamp options when
|
|
initiating TCP connections, but use them if the TCP peer that is initiating communication includes
|
|
them in their synchronize (SYN) segment.
|
|
|
|
See the references for more information.","TCP implementations that implement RFC1323/RFC7323.","The remote host implements TCP timestamps, as defined by
|
|
RFC1323/RFC7323.","Special IP packets are forged and sent with a little delay in
|
|
between to the target IP. The responses are searched for a timestamps. If found, the timestamps
|
|
are reported.
|
|
Details:
|
|
TCP Timestamps Information Disclosure
|
|
(OID: 1.3.6.1.4.1.25623.1.0.80091)
|
|
Version used: 2023-12-16T00:10:08+08:00
|
|
","","","",""
|
|
10.15.81.50,,22,tcp,2.6,Low,80,"Mitigation","Weak MAC Algorithm(s) Supported (SSH)","The remote SSH server is configured to allow / support weak MAC
|
|
algorithm(s).","The remote SSH server supports the following weak client-to-server MAC algorithm(s):
|
|
|
|
hmac-md5
|
|
hmac-sha1-96
|
|
|
|
|
|
The remote SSH server supports the following weak server-to-client MAC algorithm(s):
|
|
|
|
hmac-md5
|
|
hmac-sha1-96
|
|
",1.3.6.1.4.1.25623.1.0.105610,"",f6a187c7-eccc-4e84-9682-4dea7a8478fa,"15.81-2-2",2024-06-11T12:02:18+08:00,9a947b43-a497-4378-b4e5-cd8c6e81f669,"","Disable the reported weak MAC algorithm(s).","","","Checks the supported MAC algorithms (client-to-server and
|
|
server-to-client) of the remote SSH server.
|
|
|
|
Currently weak MAC algorithms are defined as the following:
|
|
|
|
- MD5 based algorithms
|
|
|
|
- 96-bit based algorithms
|
|
|
|
- 64-bit based algorithms
|
|
|
|
- 'none' algorithm
|
|
Details:
|
|
Weak MAC Algorithm(s) Supported (SSH)
|
|
(OID: 1.3.6.1.4.1.25623.1.0.105610)
|
|
Version used: 2023-10-12T13:05:32+08:00
|
|
","","","",""
|
|
10.15.81.254,,,,2.1,Low,80,"Mitigation","ICMP Timestamp Reply Information Disclosure","The remote host responded to an ICMP timestamp request.","The following response / ICMP packet has been received:
|
|
- ICMP Type: 14
|
|
- ICMP Code: 0
|
|
",1.3.6.1.4.1.25623.1.0.103190,"CVE-1999-0524",f6a187c7-eccc-4e84-9682-4dea7a8478fa,"15.81-2-2",2024-06-11T12:02:18+08:00,4cf696a8-6649-4c54-add1-e5cf3b87dc61,"This information could theoretically be used to exploit weak
|
|
time-based random number generators in other services.","Various mitigations are possible:
|
|
|
|
- Disable the support for ICMP timestamp on the remote host completely
|
|
|
|
- Protect the remote host by a firewall, and block ICMP packets passing through the firewall in
|
|
either direction (either completely or only for untrusted networks)","","The Timestamp Reply is an ICMP message which replies to a
|
|
Timestamp message. It consists of the originating timestamp sent by the sender of the Timestamp as
|
|
well as a receive timestamp and a transmit timestamp.","Sends an ICMP Timestamp (Type 13) request and checks if a
|
|
Timestamp Reply (Type 14) is received.
|
|
Details:
|
|
ICMP Timestamp Reply Information Disclosure
|
|
(OID: 1.3.6.1.4.1.25623.1.0.103190)
|
|
Version used: 2023-05-11T17:09:33+08:00
|
|
","","","DFN-CERT-2014-0658,CB-K15/1514,CB-K14/0632",""
|
|
10.15.81.54,,,,2.1,Low,80,"Mitigation","ICMP Timestamp Reply Information Disclosure","The remote host responded to an ICMP timestamp request.","The following response / ICMP packet has been received:
|
|
- ICMP Type: 14
|
|
- ICMP Code: 0
|
|
",1.3.6.1.4.1.25623.1.0.103190,"CVE-1999-0524",f6a187c7-eccc-4e84-9682-4dea7a8478fa,"15.81-2-2",2024-06-11T12:02:18+08:00,3acd7b60-2c98-43b7-ab0c-9f9e907745f5,"This information could theoretically be used to exploit weak
|
|
time-based random number generators in other services.","Various mitigations are possible:
|
|
|
|
- Disable the support for ICMP timestamp on the remote host completely
|
|
|
|
- Protect the remote host by a firewall, and block ICMP packets passing through the firewall in
|
|
either direction (either completely or only for untrusted networks)","","The Timestamp Reply is an ICMP message which replies to a
|
|
Timestamp message. It consists of the originating timestamp sent by the sender of the Timestamp as
|
|
well as a receive timestamp and a transmit timestamp.","Sends an ICMP Timestamp (Type 13) request and checks if a
|
|
Timestamp Reply (Type 14) is received.
|
|
Details:
|
|
ICMP Timestamp Reply Information Disclosure
|
|
(OID: 1.3.6.1.4.1.25623.1.0.103190)
|
|
Version used: 2023-05-11T17:09:33+08:00
|
|
","","","DFN-CERT-2014-0658,CB-K15/1514,CB-K14/0632",""
|
|
10.15.81.50,,,,2.1,Low,80,"Mitigation","ICMP Timestamp Reply Information Disclosure","The remote host responded to an ICMP timestamp request.","The following response / ICMP packet has been received:
|
|
- ICMP Type: 14
|
|
- ICMP Code: 0
|
|
",1.3.6.1.4.1.25623.1.0.103190,"CVE-1999-0524",f6a187c7-eccc-4e84-9682-4dea7a8478fa,"15.81-2-2",2024-06-11T12:02:18+08:00,75845cf2-fb43-4c79-a9eb-f7172c799dbc,"This information could theoretically be used to exploit weak
|
|
time-based random number generators in other services.","Various mitigations are possible:
|
|
|
|
- Disable the support for ICMP timestamp on the remote host completely
|
|
|
|
- Protect the remote host by a firewall, and block ICMP packets passing through the firewall in
|
|
either direction (either completely or only for untrusted networks)","","The Timestamp Reply is an ICMP message which replies to a
|
|
Timestamp message. It consists of the originating timestamp sent by the sender of the Timestamp as
|
|
well as a receive timestamp and a transmit timestamp.","Sends an ICMP Timestamp (Type 13) request and checks if a
|
|
Timestamp Reply (Type 14) is received.
|
|
Details:
|
|
ICMP Timestamp Reply Information Disclosure
|
|
(OID: 1.3.6.1.4.1.25623.1.0.103190)
|
|
Version used: 2023-05-11T17:09:33+08:00
|
|
","","","DFN-CERT-2014-0658,CB-K15/1514,CB-K14/0632",""
|
