專案

一般

配置概況

下載 (107 KB)

一般 #791 » report-16f96d3b-75b8-4c3f-a524-3e62d3f3e2ae.csv

Joy Liao, 2024-06-25 09:58

 
IP,Hostname,Port,Port Protocol,CVSS,Severity,QoD,Solution Type,NVT Name,Summary,Specific Result,NVT OID,CVEs,Task ID,Task Name,Timestamp,Result ID,Impact,Solution,Affected Software/OS,Vulnerability Insight,Vulnerability Detection Method,Product Detection Result,BIDs,CERTs,Other References
192.168.0.5,,,,6.8,Medium,80,"VendorFix","Synology DiskStation Manager (DSM) < 7.2-64561 ACE Vulnerability (Synology-SA-24:01)","Synology DiskStation Manager (DSM) is prone to an arbitrary
code execution (ACE) vulnerability.","Installed version: 7.1.1-42962
Fixed version: 7.2-64561

",1.3.6.1.4.1.25623.1.0.151501,"",deea649d-88ab-4215-b42e-d8fd7e751c64,"0.0-5-1",2024-06-24T12:02:46+08:00,b2a60926-5d84-4e11-bac1-34dbc72a3642,"A vulnerability allows local users to execute arbitrary code via
a susceptible version of Synology DiskStation Manager (DSM).","Update to firmware version 7.2-64561 or later.","Synology DSM prior to version 7.2-64561.","","Checks if a vulnerable version is present on the target host.
Details:
Synology DiskStation Manager (DSM) < 7.2-64561 ACE Vulnerability (Synology-S...
(OID: 1.3.6.1.4.1.25623.1.0.151501)
Version used: 2024-03-13T13:05:57+08:00
","Product: cpe:/a:synology:diskstation_manager:7.1.1-42962
Method: Synology NAS / DiskStation Manager (DSM) Detection Consolidation
(OID: 1.3.6.1.4.1.25623.1.0.170202)
","","",""
192.168.0.5,,,,5.4,Medium,80,"VendorFix","Synology DiskStation Manager (DSM) < 7.2.1-69057-2 Open Redirect Vulnerability (Synology-SA-24:02) - Remote Known Vulnerable Versions Check","Synology DiskStation Manager (DSM) is prone to an open redirect
vulnerability.","Installed version: 7.1.1-42962
Fixed version: 7.2.1-69057-2

",1.3.6.1.4.1.25623.1.0.114304,"CVE-2024-0854",deea649d-88ab-4215-b42e-d8fd7e751c64,"0.0-5-1",2024-06-24T12:02:46+08:00,a5d7e3cc-a773-478b-8bf0-5de40199b978,"The flaw allows remote authenticated users to conduct phishing
attacks via unspecified vectors.","Update to firmware version 7.2.1-69057-2 or later.","Synology DSM prior to version 7.2.1-69057-2.","There is a URL redirection to untrusted site ('Open Redirect')
vulnerability in the file access component.","Checks if a vulnerable version is present on the target host.
Details:
Synology DiskStation Manager (DSM) < 7.2.1-69057-2 Open Redirect Vulnerabili...
(OID: 1.3.6.1.4.1.25623.1.0.114304)
Version used: 2024-03-13T13:05:57+08:00
","Product: cpe:/a:synology:diskstation_manager:7.1.1-42962
Method: Synology NAS / DiskStation Manager (DSM) Detection Consolidation
(OID: 1.3.6.1.4.1.25623.1.0.170202)
","","WID-SEC-2024-0189",""
192.168.0.231,,3718,tcp,5.3,Medium,80,"Mitigation","Weak Host Key Algorithm(s) (SSH)","The remote SSH server is configured to allow / support weak host
key algorithm(s).","The remote SSH server supports the following weak host key algorithm(s):

host key algorithm | Description
-----------------------------------------------------------------------------------------
ssh-dss | Digital Signature Algorithm (DSA) / Digital Signature Standard (DSS)
",1.3.6.1.4.1.25623.1.0.117687,"",deea649d-88ab-4215-b42e-d8fd7e751c64,"0.0-5-1",2024-06-24T12:02:46+08:00,ff61f5bc-efc0-4eb5-9107-8c53914692d9,"","Disable the reported weak host key algorithm(s).","","","Checks the supported host key algorithms of the remote SSH
server.

Currently weak host key algorithms are defined as the following:

- ssh-dss: Digital Signature Algorithm (DSA) / Digital Signature Standard (DSS)
Details:
Weak Host Key Algorithm(s) (SSH)
(OID: 1.3.6.1.4.1.25623.1.0.117687)
Version used: 2024-06-14T13:05:48+08:00
","Product: cpe:/a:ssh:ssh2
Method: SSH Protocol Algorithms Supported
(OID: 1.3.6.1.4.1.25623.1.0.105565)
","","",""
192.168.0.179,,135,tcp,5.0,Medium,80,"Mitigation","DCE/RPC and MSRPC Services Enumeration Reporting","Distributed Computing Environment / Remote Procedure Calls (DCE/RPC) or MSRPC services running
on the remote host can be enumerated by connecting on port 135 and doing the appropriate queries.","Here is the list of DCE/RPC or MSRPC services running on this host via the TCP protocol:

Port: 49664/tcp

UUID: 0b1c2170-5732-4e0e-8cd3-d9b16f3b84d7, version 0
Endpoint: ncacn_ip_tcp:192.168.0.179[49664]
Annotation: RemoteAccessCheck

UUID: 12345778-1234-abcd-ef00-0123456789ac, version 1
Endpoint: ncacn_ip_tcp:192.168.0.179[49664]
Named pipe : lsass
Win32 service or process : lsass.exe
Description : SAM access

UUID: 51a227ae-825b-41f2-b4a9-1ac9557a1018, version 1
Endpoint: ncacn_ip_tcp:192.168.0.179[49664]
Annotation: Ngc Pop Key Service

UUID: 8fb74744-b2ff-4c00-be0d-9ef9a191fe1b, version 1
Endpoint: ncacn_ip_tcp:192.168.0.179[49664]
Annotation: Ngc Pop Key Service

UUID: b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 2
Endpoint: ncacn_ip_tcp:192.168.0.179[49664]
Annotation: KeyIso

Port: 49665/tcp

UUID: d95afe70-a6d5-4259-822e-2c84da1ddb0d, version 1
Endpoint: ncacn_ip_tcp:192.168.0.179[49665]

Port: 49666/tcp

UUID: f6beaff7-1e19-4fbb-9f8f-b89e2018337c, version 1
Endpoint: ncacn_ip_tcp:192.168.0.179[49666]
Annotation: Event log TCPIP

Port: 49667/tcp

UUID: 3a9ef155-691d-4449-8d05-09ad57031823, version 1
Endpoint: ncacn_ip_tcp:192.168.0.179[49667]

UUID: 86d35949-83c9-4044-b424-db363231fd0c, version 1
Endpoint: ncacn_ip_tcp:192.168.0.179[49667]

Port: 49670/tcp

UUID: 0b6edbfa-4a24-4fc6-8a23-942b1eca65d1, version 1
Endpoint: ncacn_ip_tcp:192.168.0.179[49670]

UUID: 12345678-1234-abcd-ef00-0123456789ab, version 1
Endpoint: ncacn_ip_tcp:192.168.0.179[49670]
Named pipe : spoolss
Win32 service or process : spoolsv.exe
Description : Spooler service

UUID: 4a452661-8290-4b36-8fbe-7f4093a94978, version 1
Endpoint: ncacn_ip_tcp:192.168.0.179[49670]

UUID: 76f03f96-cdfd-44fc-a22c-64950a001209, version 1
Endpoint: ncacn_ip_tcp:192.168.0.179[49670]

UUID: ae33069b-a2a8-46ee-a235-ddfd339be281, version 1
Endpoint: ncacn_ip_tcp:192.168.0.179[49670]

Port: 49673/tcp

UUID: 0b1c2170-5732-4e0e-8cd3-d9b16f3b84d7, version 0
Endpoint: ncacn_ip_tcp:192.168.0.179[49673]
Annotation: RemoteAccessCheck

Port: 49718/tcp

UUID: 367abb81-9844-35f1-ad32-98f038001003, version 2
Endpoint: ncacn_ip_tcp:192.168.0.179[49718]

Note: DCE/RPC or MSRPC services running on this host locally were identified. Reporting this list is not enabled by default due to the possible large size of this list. See the script preferences to enable this reporting.
",1.3.6.1.4.1.25623.1.0.10736,"",deea649d-88ab-4215-b42e-d8fd7e751c64,"0.0-5-1",2024-06-24T12:02:46+08:00,d8688300-d398-4db7-8a26-d80fc41ec9b3,"An attacker may use this fact to gain more knowledge
about the remote host.","Filter incoming traffic to this ports.","","","
Details:
DCE/RPC and MSRPC Services Enumeration Reporting
(OID: 1.3.6.1.4.1.25623.1.0.10736)
Version used: 2022-06-03T18:17:07+08:00
","","","",""
192.168.0.107,wc960197.tahoho.com.tw,135,tcp,5.0,Medium,80,"Mitigation","DCE/RPC and MSRPC Services Enumeration Reporting","Distributed Computing Environment / Remote Procedure Calls (DCE/RPC) or MSRPC services running
on the remote host can be enumerated by connecting on port 135 and doing the appropriate queries.","Here is the list of DCE/RPC or MSRPC services running on this host via the TCP protocol:

Port: 49664/tcp

UUID: 0b1c2170-5732-4e0e-8cd3-d9b16f3b84d7, version 0
Endpoint: ncacn_ip_tcp:192.168.0.107[49664]
Annotation: RemoteAccessCheck

UUID: 12345778-1234-abcd-ef00-0123456789ac, version 1
Endpoint: ncacn_ip_tcp:192.168.0.107[49664]
Named pipe : lsass
Win32 service or process : lsass.exe
Description : SAM access

UUID: 51a227ae-825b-41f2-b4a9-1ac9557a1018, version 1
Endpoint: ncacn_ip_tcp:192.168.0.107[49664]
Annotation: Ngc Pop Key Service

UUID: 8fb74744-b2ff-4c00-be0d-9ef9a191fe1b, version 1
Endpoint: ncacn_ip_tcp:192.168.0.107[49664]
Annotation: Ngc Pop Key Service

UUID: b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 2
Endpoint: ncacn_ip_tcp:192.168.0.107[49664]
Annotation: KeyIso

Port: 49665/tcp

UUID: d95afe70-a6d5-4259-822e-2c84da1ddb0d, version 1
Endpoint: ncacn_ip_tcp:192.168.0.107[49665]

Port: 49666/tcp

UUID: f6beaff7-1e19-4fbb-9f8f-b89e2018337c, version 1
Endpoint: ncacn_ip_tcp:192.168.0.107[49666]
Annotation: Event log TCPIP

Port: 49667/tcp

UUID: 3a9ef155-691d-4449-8d05-09ad57031823, version 1
Endpoint: ncacn_ip_tcp:192.168.0.107[49667]

UUID: 86d35949-83c9-4044-b424-db363231fd0c, version 1
Endpoint: ncacn_ip_tcp:192.168.0.107[49667]

Port: 49668/tcp

UUID: 29770a8f-829b-4158-90a2-78cd488501f7, version 1
Endpoint: ncacn_ip_tcp:192.168.0.107[49668]

Port: 49680/tcp

UUID: 0b1c2170-5732-4e0e-8cd3-d9b16f3b84d7, version 0
Endpoint: ncacn_ip_tcp:192.168.0.107[49680]
Annotation: RemoteAccessCheck

Port: 49681/tcp

UUID: 0b6edbfa-4a24-4fc6-8a23-942b1eca65d1, version 1
Endpoint: ncacn_ip_tcp:192.168.0.107[49681]

UUID: 12345678-1234-abcd-ef00-0123456789ab, version 1
Endpoint: ncacn_ip_tcp:192.168.0.107[49681]
Named pipe : spoolss
Win32 service or process : spoolsv.exe
Description : Spooler service

UUID: 4a452661-8290-4b36-8fbe-7f4093a94978, version 1
Endpoint: ncacn_ip_tcp:192.168.0.107[49681]

UUID: 76f03f96-cdfd-44fc-a22c-64950a001209, version 1
Endpoint: ncacn_ip_tcp:192.168.0.107[49681]

UUID: ae33069b-a2a8-46ee-a235-ddfd339be281, version 1
Endpoint: ncacn_ip_tcp:192.168.0.107[49681]

Port: 49761/tcp

UUID: 367abb81-9844-35f1-ad32-98f038001003, version 2
Endpoint: ncacn_ip_tcp:192.168.0.107[49761]

Note: DCE/RPC or MSRPC services running on this host locally were identified. Reporting this list is not enabled by default due to the possible large size of this list. See the script preferences to enable this reporting.
",1.3.6.1.4.1.25623.1.0.10736,"",deea649d-88ab-4215-b42e-d8fd7e751c64,"0.0-5-1",2024-06-24T12:02:46+08:00,d5147128-7f6d-40b2-8857-d71db3c1a565,"An attacker may use this fact to gain more knowledge
about the remote host.","Filter incoming traffic to this ports.","","","
Details:
DCE/RPC and MSRPC Services Enumeration Reporting
(OID: 1.3.6.1.4.1.25623.1.0.10736)
Version used: 2022-06-03T18:17:07+08:00
","","","",""
192.168.0.166,,135,tcp,5.0,Medium,80,"Mitigation","DCE/RPC and MSRPC Services Enumeration Reporting","Distributed Computing Environment / Remote Procedure Calls (DCE/RPC) or MSRPC services running
on the remote host can be enumerated by connecting on port 135 and doing the appropriate queries.","Here is the list of DCE/RPC or MSRPC services running on this host via the TCP protocol:

Port: 49664/tcp

UUID: 12345778-1234-abcd-ef00-0123456789ac, version 1
Endpoint: ncacn_ip_tcp:192.168.0.166[49664]
Named pipe : lsass
Win32 service or process : lsass.exe
Description : SAM access

UUID: 51a227ae-825b-41f2-b4a9-1ac9557a1018, version 1
Endpoint: ncacn_ip_tcp:192.168.0.166[49664]
Annotation: Ngc Pop Key Service

UUID: 8fb74744-b2ff-4c00-be0d-9ef9a191fe1b, version 1
Endpoint: ncacn_ip_tcp:192.168.0.166[49664]
Annotation: Ngc Pop Key Service

UUID: b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 2
Endpoint: ncacn_ip_tcp:192.168.0.166[49664]
Annotation: KeyIso

Port: 49665/tcp

UUID: d95afe70-a6d5-4259-822e-2c84da1ddb0d, version 1
Endpoint: ncacn_ip_tcp:192.168.0.166[49665]

Port: 49666/tcp

UUID: 3a9ef155-691d-4449-8d05-09ad57031823, version 1
Endpoint: ncacn_ip_tcp:192.168.0.166[49666]

UUID: 86d35949-83c9-4044-b424-db363231fd0c, version 1
Endpoint: ncacn_ip_tcp:192.168.0.166[49666]

Port: 49667/tcp

UUID: f6beaff7-1e19-4fbb-9f8f-b89e2018337c, version 1
Endpoint: ncacn_ip_tcp:192.168.0.166[49667]
Annotation: Event log TCPIP

Port: 49668/tcp

UUID: 0b6edbfa-4a24-4fc6-8a23-942b1eca65d1, version 1
Endpoint: ncacn_ip_tcp:192.168.0.166[49668]

UUID: 12345678-1234-abcd-ef00-0123456789ab, version 1
Endpoint: ncacn_ip_tcp:192.168.0.166[49668]
Named pipe : spoolss
Win32 service or process : spoolsv.exe
Description : Spooler service

UUID: 4a452661-8290-4b36-8fbe-7f4093a94978, version 1
Endpoint: ncacn_ip_tcp:192.168.0.166[49668]

UUID: 76f03f96-cdfd-44fc-a22c-64950a001209, version 1
Endpoint: ncacn_ip_tcp:192.168.0.166[49668]

UUID: ae33069b-a2a8-46ee-a235-ddfd339be281, version 1
Endpoint: ncacn_ip_tcp:192.168.0.166[49668]

Port: 49671/tcp

UUID: 6b5bdd1e-528c-422c-af8c-a4079be4fe48, version 1
Endpoint: ncacn_ip_tcp:192.168.0.166[49671]
Annotation: Remote Fw APIs

Port: 49726/tcp

UUID: 367abb81-9844-35f1-ad32-98f038001003, version 2
Endpoint: ncacn_ip_tcp:192.168.0.166[49726]

Note: DCE/RPC or MSRPC services running on this host locally were identified. Reporting this list is not enabled by default due to the possible large size of this list. See the script preferences to enable this reporting.
",1.3.6.1.4.1.25623.1.0.10736,"",deea649d-88ab-4215-b42e-d8fd7e751c64,"0.0-5-1",2024-06-24T12:02:46+08:00,f990fdb6-afa5-4010-8ef5-e5954bb13a79,"An attacker may use this fact to gain more knowledge
about the remote host.","Filter incoming traffic to this ports.","","","
Details:
DCE/RPC and MSRPC Services Enumeration Reporting
(OID: 1.3.6.1.4.1.25623.1.0.10736)
Version used: 2022-06-03T18:17:07+08:00
","","","",""
192.168.0.123,wc871589.tahoho.com.tw,135,tcp,5.0,Medium,80,"Mitigation","DCE/RPC and MSRPC Services Enumeration Reporting","Distributed Computing Environment / Remote Procedure Calls (DCE/RPC) or MSRPC services running
on the remote host can be enumerated by connecting on port 135 and doing the appropriate queries.","Here is the list of DCE/RPC or MSRPC services running on this host via the TCP protocol:

Port: 49664/tcp

UUID: 0b1c2170-5732-4e0e-8cd3-d9b16f3b84d7, version 0
Endpoint: ncacn_ip_tcp:192.168.0.123[49664]
Annotation: RemoteAccessCheck

UUID: 12345778-1234-abcd-ef00-0123456789ac, version 1
Endpoint: ncacn_ip_tcp:192.168.0.123[49664]
Named pipe : lsass
Win32 service or process : lsass.exe
Description : SAM access

UUID: 51a227ae-825b-41f2-b4a9-1ac9557a1018, version 1
Endpoint: ncacn_ip_tcp:192.168.0.123[49664]
Annotation: Ngc Pop Key Service

UUID: 8fb74744-b2ff-4c00-be0d-9ef9a191fe1b, version 1
Endpoint: ncacn_ip_tcp:192.168.0.123[49664]
Annotation: Ngc Pop Key Service

UUID: b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 2
Endpoint: ncacn_ip_tcp:192.168.0.123[49664]
Annotation: KeyIso

Port: 49665/tcp

UUID: d95afe70-a6d5-4259-822e-2c84da1ddb0d, version 1
Endpoint: ncacn_ip_tcp:192.168.0.123[49665]

Port: 49666/tcp

UUID: f6beaff7-1e19-4fbb-9f8f-b89e2018337c, version 1
Endpoint: ncacn_ip_tcp:192.168.0.123[49666]
Annotation: Event log TCPIP

Port: 49667/tcp

UUID: 3a9ef155-691d-4449-8d05-09ad57031823, version 1
Endpoint: ncacn_ip_tcp:192.168.0.123[49667]

UUID: 86d35949-83c9-4044-b424-db363231fd0c, version 1
Endpoint: ncacn_ip_tcp:192.168.0.123[49667]

Port: 49668/tcp

UUID: 29770a8f-829b-4158-90a2-78cd488501f7, version 1
Endpoint: ncacn_ip_tcp:192.168.0.123[49668]

Port: 49671/tcp

UUID: 0b6edbfa-4a24-4fc6-8a23-942b1eca65d1, version 1
Endpoint: ncacn_ip_tcp:192.168.0.123[49671]

UUID: 12345678-1234-abcd-ef00-0123456789ab, version 1
Endpoint: ncacn_ip_tcp:192.168.0.123[49671]
Named pipe : spoolss
Win32 service or process : spoolsv.exe
Description : Spooler service

UUID: 4a452661-8290-4b36-8fbe-7f4093a94978, version 1
Endpoint: ncacn_ip_tcp:192.168.0.123[49671]

UUID: 76f03f96-cdfd-44fc-a22c-64950a001209, version 1
Endpoint: ncacn_ip_tcp:192.168.0.123[49671]

UUID: ae33069b-a2a8-46ee-a235-ddfd339be281, version 1
Endpoint: ncacn_ip_tcp:192.168.0.123[49671]

Port: 49673/tcp

UUID: 0b1c2170-5732-4e0e-8cd3-d9b16f3b84d7, version 0
Endpoint: ncacn_ip_tcp:192.168.0.123[49673]
Annotation: RemoteAccessCheck

UUID: 51a227ae-825b-41f2-b4a9-1ac9557a1018, version 1
Endpoint: ncacn_ip_tcp:192.168.0.123[49673]
Annotation: Ngc Pop Key Service

UUID: 8fb74744-b2ff-4c00-be0d-9ef9a191fe1b, version 1
Endpoint: ncacn_ip_tcp:192.168.0.123[49673]
Annotation: Ngc Pop Key Service

UUID: b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 2
Endpoint: ncacn_ip_tcp:192.168.0.123[49673]
Annotation: KeyIso

Port: 49723/tcp

UUID: 367abb81-9844-35f1-ad32-98f038001003, version 2
Endpoint: ncacn_ip_tcp:192.168.0.123[49723]

Note: DCE/RPC or MSRPC services running on this host locally were identified. Reporting this list is not enabled by default due to the possible large size of this list. See the script preferences to enable this reporting.
",1.3.6.1.4.1.25623.1.0.10736,"",deea649d-88ab-4215-b42e-d8fd7e751c64,"0.0-5-1",2024-06-24T12:02:46+08:00,192f426e-93a5-4c1a-a3e5-186633578a0b,"An attacker may use this fact to gain more knowledge
about the remote host.","Filter incoming traffic to this ports.","","","
Details:
DCE/RPC and MSRPC Services Enumeration Reporting
(OID: 1.3.6.1.4.1.25623.1.0.10736)
Version used: 2022-06-03T18:17:07+08:00
","","","",""
192.168.0.139,wca70111.tahoho.com.tw,135,tcp,5.0,Medium,80,"Mitigation","DCE/RPC and MSRPC Services Enumeration Reporting","Distributed Computing Environment / Remote Procedure Calls (DCE/RPC) or MSRPC services running
on the remote host can be enumerated by connecting on port 135 and doing the appropriate queries.","Here is the list of DCE/RPC or MSRPC services running on this host via the TCP protocol:

Port: 49664/tcp

UUID: 0b1c2170-5732-4e0e-8cd3-d9b16f3b84d7, version 0
Endpoint: ncacn_ip_tcp:192.168.0.139[49664]
Annotation: RemoteAccessCheck

UUID: 12345778-1234-abcd-ef00-0123456789ac, version 1
Endpoint: ncacn_ip_tcp:192.168.0.139[49664]
Named pipe : lsass
Win32 service or process : lsass.exe
Description : SAM access

UUID: 51a227ae-825b-41f2-b4a9-1ac9557a1018, version 1
Endpoint: ncacn_ip_tcp:192.168.0.139[49664]
Annotation: Ngc Pop Key Service

UUID: 8fb74744-b2ff-4c00-be0d-9ef9a191fe1b, version 1
Endpoint: ncacn_ip_tcp:192.168.0.139[49664]
Annotation: Ngc Pop Key Service

UUID: b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 2
Endpoint: ncacn_ip_tcp:192.168.0.139[49664]
Annotation: KeyIso

Port: 49665/tcp

UUID: d95afe70-a6d5-4259-822e-2c84da1ddb0d, version 1
Endpoint: ncacn_ip_tcp:192.168.0.139[49665]

Port: 49666/tcp

UUID: f6beaff7-1e19-4fbb-9f8f-b89e2018337c, version 1
Endpoint: ncacn_ip_tcp:192.168.0.139[49666]
Annotation: Event log TCPIP

Port: 49667/tcp

UUID: 3a9ef155-691d-4449-8d05-09ad57031823, version 1
Endpoint: ncacn_ip_tcp:192.168.0.139[49667]

UUID: 86d35949-83c9-4044-b424-db363231fd0c, version 1
Endpoint: ncacn_ip_tcp:192.168.0.139[49667]

Port: 49669/tcp

UUID: 29770a8f-829b-4158-90a2-78cd488501f7, version 1
Endpoint: ncacn_ip_tcp:192.168.0.139[49669]

Port: 49671/tcp

UUID: 0b6edbfa-4a24-4fc6-8a23-942b1eca65d1, version 1
Endpoint: ncacn_ip_tcp:192.168.0.139[49671]

UUID: 12345678-1234-abcd-ef00-0123456789ab, version 1
Endpoint: ncacn_ip_tcp:192.168.0.139[49671]
Named pipe : spoolss
Win32 service or process : spoolsv.exe
Description : Spooler service

UUID: 4a452661-8290-4b36-8fbe-7f4093a94978, version 1
Endpoint: ncacn_ip_tcp:192.168.0.139[49671]

UUID: 76f03f96-cdfd-44fc-a22c-64950a001209, version 1
Endpoint: ncacn_ip_tcp:192.168.0.139[49671]

UUID: ae33069b-a2a8-46ee-a235-ddfd339be281, version 1
Endpoint: ncacn_ip_tcp:192.168.0.139[49671]

Port: 49672/tcp

UUID: 0b1c2170-5732-4e0e-8cd3-d9b16f3b84d7, version 0
Endpoint: ncacn_ip_tcp:192.168.0.139[49672]
Annotation: RemoteAccessCheck

UUID: 51a227ae-825b-41f2-b4a9-1ac9557a1018, version 1
Endpoint: ncacn_ip_tcp:192.168.0.139[49672]
Annotation: Ngc Pop Key Service

UUID: 8fb74744-b2ff-4c00-be0d-9ef9a191fe1b, version 1
Endpoint: ncacn_ip_tcp:192.168.0.139[49672]
Annotation: Ngc Pop Key Service

UUID: b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 2
Endpoint: ncacn_ip_tcp:192.168.0.139[49672]
Annotation: KeyIso

Port: 49789/tcp

UUID: 367abb81-9844-35f1-ad32-98f038001003, version 2
Endpoint: ncacn_ip_tcp:192.168.0.139[49789]

Note: DCE/RPC or MSRPC services running on this host locally were identified. Reporting this list is not enabled by default due to the possible large size of this list. See the script preferences to enable this reporting.
",1.3.6.1.4.1.25623.1.0.10736,"",deea649d-88ab-4215-b42e-d8fd7e751c64,"0.0-5-1",2024-06-24T12:02:46+08:00,51deb83f-fded-4699-b60a-a5cf2a739e2a,"An attacker may use this fact to gain more knowledge
about the remote host.","Filter incoming traffic to this ports.","","","
Details:
DCE/RPC and MSRPC Services Enumeration Reporting
(OID: 1.3.6.1.4.1.25623.1.0.10736)
Version used: 2022-06-03T18:17:07+08:00
","","","",""
192.168.0.131,wc910187.tahoho.com.tw,135,tcp,5.0,Medium,80,"Mitigation","DCE/RPC and MSRPC Services Enumeration Reporting","Distributed Computing Environment / Remote Procedure Calls (DCE/RPC) or MSRPC services running
on the remote host can be enumerated by connecting on port 135 and doing the appropriate queries.","Here is the list of DCE/RPC or MSRPC services running on this host via the TCP protocol:

Port: 49664/tcp

UUID: 0b1c2170-5732-4e0e-8cd3-d9b16f3b84d7, version 0
Endpoint: ncacn_ip_tcp:192.168.0.131[49664]
Annotation: RemoteAccessCheck

UUID: 12345778-1234-abcd-ef00-0123456789ac, version 1
Endpoint: ncacn_ip_tcp:192.168.0.131[49664]
Named pipe : lsass
Win32 service or process : lsass.exe
Description : SAM access

UUID: 51a227ae-825b-41f2-b4a9-1ac9557a1018, version 1
Endpoint: ncacn_ip_tcp:192.168.0.131[49664]
Annotation: Ngc Pop Key Service

UUID: 8fb74744-b2ff-4c00-be0d-9ef9a191fe1b, version 1
Endpoint: ncacn_ip_tcp:192.168.0.131[49664]
Annotation: Ngc Pop Key Service

UUID: b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 2
Endpoint: ncacn_ip_tcp:192.168.0.131[49664]
Annotation: KeyIso

Port: 49665/tcp

UUID: d95afe70-a6d5-4259-822e-2c84da1ddb0d, version 1
Endpoint: ncacn_ip_tcp:192.168.0.131[49665]

Port: 49666/tcp

UUID: f6beaff7-1e19-4fbb-9f8f-b89e2018337c, version 1
Endpoint: ncacn_ip_tcp:192.168.0.131[49666]
Annotation: Event log TCPIP

Port: 49667/tcp

UUID: 3a9ef155-691d-4449-8d05-09ad57031823, version 1
Endpoint: ncacn_ip_tcp:192.168.0.131[49667]

UUID: 86d35949-83c9-4044-b424-db363231fd0c, version 1
Endpoint: ncacn_ip_tcp:192.168.0.131[49667]

Port: 49668/tcp

UUID: 29770a8f-829b-4158-90a2-78cd488501f7, version 1
Endpoint: ncacn_ip_tcp:192.168.0.131[49668]

Port: 49669/tcp

UUID: 0b1c2170-5732-4e0e-8cd3-d9b16f3b84d7, version 0
Endpoint: ncacn_ip_tcp:192.168.0.131[49669]
Annotation: RemoteAccessCheck

UUID: 51a227ae-825b-41f2-b4a9-1ac9557a1018, version 1
Endpoint: ncacn_ip_tcp:192.168.0.131[49669]
Annotation: Ngc Pop Key Service

UUID: 8fb74744-b2ff-4c00-be0d-9ef9a191fe1b, version 1
Endpoint: ncacn_ip_tcp:192.168.0.131[49669]
Annotation: Ngc Pop Key Service

UUID: b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 2
Endpoint: ncacn_ip_tcp:192.168.0.131[49669]
Annotation: KeyIso

Port: 49670/tcp

UUID: 0b6edbfa-4a24-4fc6-8a23-942b1eca65d1, version 1
Endpoint: ncacn_ip_tcp:192.168.0.131[49670]

UUID: 12345678-1234-abcd-ef00-0123456789ab, version 1
Endpoint: ncacn_ip_tcp:192.168.0.131[49670]
Named pipe : spoolss
Win32 service or process : spoolsv.exe
Description : Spooler service

UUID: 4a452661-8290-4b36-8fbe-7f4093a94978, version 1
Endpoint: ncacn_ip_tcp:192.168.0.131[49670]

UUID: 76f03f96-cdfd-44fc-a22c-64950a001209, version 1
Endpoint: ncacn_ip_tcp:192.168.0.131[49670]

UUID: ae33069b-a2a8-46ee-a235-ddfd339be281, version 1
Endpoint: ncacn_ip_tcp:192.168.0.131[49670]

Port: 49756/tcp

UUID: 367abb81-9844-35f1-ad32-98f038001003, version 2
Endpoint: ncacn_ip_tcp:192.168.0.131[49756]

Note: DCE/RPC or MSRPC services running on this host locally were identified. Reporting this list is not enabled by default due to the possible large size of this list. See the script preferences to enable this reporting.
",1.3.6.1.4.1.25623.1.0.10736,"",deea649d-88ab-4215-b42e-d8fd7e751c64,"0.0-5-1",2024-06-24T12:02:46+08:00,21645904-9433-464d-b10c-1f062dc9d8e7,"An attacker may use this fact to gain more knowledge
about the remote host.","Filter incoming traffic to this ports.","","","
Details:
DCE/RPC and MSRPC Services Enumeration Reporting
(OID: 1.3.6.1.4.1.25623.1.0.10736)
Version used: 2022-06-03T18:17:07+08:00
","","","",""
192.168.0.117,wca80111.tahoho.com.tw,135,tcp,5.0,Medium,80,"Mitigation","DCE/RPC and MSRPC Services Enumeration Reporting","Distributed Computing Environment / Remote Procedure Calls (DCE/RPC) or MSRPC services running
on the remote host can be enumerated by connecting on port 135 and doing the appropriate queries.","Here is the list of DCE/RPC or MSRPC services running on this host via the TCP protocol:

Port: 49664/tcp

UUID: 0b1c2170-5732-4e0e-8cd3-d9b16f3b84d7, version 0
Endpoint: ncacn_ip_tcp:192.168.0.117[49664]
Annotation: RemoteAccessCheck

UUID: 12345778-1234-abcd-ef00-0123456789ac, version 1
Endpoint: ncacn_ip_tcp:192.168.0.117[49664]
Named pipe : lsass
Win32 service or process : lsass.exe
Description : SAM access

UUID: 51a227ae-825b-41f2-b4a9-1ac9557a1018, version 1
Endpoint: ncacn_ip_tcp:192.168.0.117[49664]
Annotation: Ngc Pop Key Service

UUID: 8fb74744-b2ff-4c00-be0d-9ef9a191fe1b, version 1
Endpoint: ncacn_ip_tcp:192.168.0.117[49664]
Annotation: Ngc Pop Key Service

UUID: b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 2
Endpoint: ncacn_ip_tcp:192.168.0.117[49664]
Annotation: KeyIso

Port: 49665/tcp

UUID: d95afe70-a6d5-4259-822e-2c84da1ddb0d, version 1
Endpoint: ncacn_ip_tcp:192.168.0.117[49665]

Port: 49666/tcp

UUID: f6beaff7-1e19-4fbb-9f8f-b89e2018337c, version 1
Endpoint: ncacn_ip_tcp:192.168.0.117[49666]
Annotation: Event log TCPIP

Port: 49667/tcp

UUID: 3a9ef155-691d-4449-8d05-09ad57031823, version 1
Endpoint: ncacn_ip_tcp:192.168.0.117[49667]

UUID: 86d35949-83c9-4044-b424-db363231fd0c, version 1
Endpoint: ncacn_ip_tcp:192.168.0.117[49667]

Port: 49668/tcp

UUID: 29770a8f-829b-4158-90a2-78cd488501f7, version 1
Endpoint: ncacn_ip_tcp:192.168.0.117[49668]

Port: 49669/tcp

UUID: 0b6edbfa-4a24-4fc6-8a23-942b1eca65d1, version 1
Endpoint: ncacn_ip_tcp:192.168.0.117[49669]

UUID: 12345678-1234-abcd-ef00-0123456789ab, version 1
Endpoint: ncacn_ip_tcp:192.168.0.117[49669]
Named pipe : spoolss
Win32 service or process : spoolsv.exe
Description : Spooler service

UUID: 4a452661-8290-4b36-8fbe-7f4093a94978, version 1
Endpoint: ncacn_ip_tcp:192.168.0.117[49669]

UUID: 76f03f96-cdfd-44fc-a22c-64950a001209, version 1
Endpoint: ncacn_ip_tcp:192.168.0.117[49669]

UUID: ae33069b-a2a8-46ee-a235-ddfd339be281, version 1
Endpoint: ncacn_ip_tcp:192.168.0.117[49669]

Port: 49670/tcp

UUID: 0b1c2170-5732-4e0e-8cd3-d9b16f3b84d7, version 0
Endpoint: ncacn_ip_tcp:192.168.0.117[49670]
Annotation: RemoteAccessCheck

UUID: 51a227ae-825b-41f2-b4a9-1ac9557a1018, version 1
Endpoint: ncacn_ip_tcp:192.168.0.117[49670]
Annotation: Ngc Pop Key Service

UUID: 8fb74744-b2ff-4c00-be0d-9ef9a191fe1b, version 1
Endpoint: ncacn_ip_tcp:192.168.0.117[49670]
Annotation: Ngc Pop Key Service

UUID: b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 2
Endpoint: ncacn_ip_tcp:192.168.0.117[49670]
Annotation: KeyIso

Port: 49733/tcp

UUID: 367abb81-9844-35f1-ad32-98f038001003, version 2
Endpoint: ncacn_ip_tcp:192.168.0.117[49733]

Note: DCE/RPC or MSRPC services running on this host locally were identified. Reporting this list is not enabled by default due to the possible large size of this list. See the script preferences to enable this reporting.
",1.3.6.1.4.1.25623.1.0.10736,"",deea649d-88ab-4215-b42e-d8fd7e751c64,"0.0-5-1",2024-06-24T12:02:46+08:00,99bb3700-ce52-4833-bbe9-0391add0ac72,"An attacker may use this fact to gain more knowledge
about the remote host.","Filter incoming traffic to this ports.","","","
Details:
DCE/RPC and MSRPC Services Enumeration Reporting
(OID: 1.3.6.1.4.1.25623.1.0.10736)
Version used: 2022-06-03T18:17:07+08:00
","","","",""
192.168.0.116,wc920434pc.tahoho.com.tw,135,tcp,5.0,Medium,80,"Mitigation","DCE/RPC and MSRPC Services Enumeration Reporting","Distributed Computing Environment / Remote Procedure Calls (DCE/RPC) or MSRPC services running
on the remote host can be enumerated by connecting on port 135 and doing the appropriate queries.","Here is the list of DCE/RPC or MSRPC services running on this host via the TCP protocol:

Port: 49664/tcp

UUID: 0b1c2170-5732-4e0e-8cd3-d9b16f3b84d7, version 0
Endpoint: ncacn_ip_tcp:192.168.0.116[49664]
Annotation: RemoteAccessCheck

UUID: 12345778-1234-abcd-ef00-0123456789ac, version 1
Endpoint: ncacn_ip_tcp:192.168.0.116[49664]
Named pipe : lsass
Win32 service or process : lsass.exe
Description : SAM access

UUID: 51a227ae-825b-41f2-b4a9-1ac9557a1018, version 1
Endpoint: ncacn_ip_tcp:192.168.0.116[49664]
Annotation: Ngc Pop Key Service

UUID: 8fb74744-b2ff-4c00-be0d-9ef9a191fe1b, version 1
Endpoint: ncacn_ip_tcp:192.168.0.116[49664]
Annotation: Ngc Pop Key Service

UUID: b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 2
Endpoint: ncacn_ip_tcp:192.168.0.116[49664]
Annotation: KeyIso

Port: 49665/tcp

UUID: d95afe70-a6d5-4259-822e-2c84da1ddb0d, version 1
Endpoint: ncacn_ip_tcp:192.168.0.116[49665]

Port: 49666/tcp

UUID: f6beaff7-1e19-4fbb-9f8f-b89e2018337c, version 1
Endpoint: ncacn_ip_tcp:192.168.0.116[49666]
Annotation: Event log TCPIP

Port: 49667/tcp

UUID: 3a9ef155-691d-4449-8d05-09ad57031823, version 1
Endpoint: ncacn_ip_tcp:192.168.0.116[49667]

UUID: 86d35949-83c9-4044-b424-db363231fd0c, version 1
Endpoint: ncacn_ip_tcp:192.168.0.116[49667]

Port: 49669/tcp

UUID: 29770a8f-829b-4158-90a2-78cd488501f7, version 1
Endpoint: ncacn_ip_tcp:192.168.0.116[49669]

Port: 49671/tcp

UUID: 0b6edbfa-4a24-4fc6-8a23-942b1eca65d1, version 1
Endpoint: ncacn_ip_tcp:192.168.0.116[49671]

UUID: 12345678-1234-abcd-ef00-0123456789ab, version 1
Endpoint: ncacn_ip_tcp:192.168.0.116[49671]
Named pipe : spoolss
Win32 service or process : spoolsv.exe
Description : Spooler service

UUID: 4a452661-8290-4b36-8fbe-7f4093a94978, version 1
Endpoint: ncacn_ip_tcp:192.168.0.116[49671]

UUID: 76f03f96-cdfd-44fc-a22c-64950a001209, version 1
Endpoint: ncacn_ip_tcp:192.168.0.116[49671]

UUID: ae33069b-a2a8-46ee-a235-ddfd339be281, version 1
Endpoint: ncacn_ip_tcp:192.168.0.116[49671]

Port: 49672/tcp

UUID: 0b1c2170-5732-4e0e-8cd3-d9b16f3b84d7, version 0
Endpoint: ncacn_ip_tcp:192.168.0.116[49672]
Annotation: RemoteAccessCheck

UUID: 51a227ae-825b-41f2-b4a9-1ac9557a1018, version 1
Endpoint: ncacn_ip_tcp:192.168.0.116[49672]
Annotation: Ngc Pop Key Service

UUID: 8fb74744-b2ff-4c00-be0d-9ef9a191fe1b, version 1
Endpoint: ncacn_ip_tcp:192.168.0.116[49672]
Annotation: Ngc Pop Key Service

UUID: b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 2
Endpoint: ncacn_ip_tcp:192.168.0.116[49672]
Annotation: KeyIso

Port: 49722/tcp

UUID: 367abb81-9844-35f1-ad32-98f038001003, version 2
Endpoint: ncacn_ip_tcp:192.168.0.116[49722]

Note: DCE/RPC or MSRPC services running on this host locally were identified. Reporting this list is not enabled by default due to the possible large size of this list. See the script preferences to enable this reporting.
",1.3.6.1.4.1.25623.1.0.10736,"",deea649d-88ab-4215-b42e-d8fd7e751c64,"0.0-5-1",2024-06-24T12:02:46+08:00,07f34fe7-31a0-4d7b-84ec-9982f5aef1f4,"An attacker may use this fact to gain more knowledge
about the remote host.","Filter incoming traffic to this ports.","","","
Details:
DCE/RPC and MSRPC Services Enumeration Reporting
(OID: 1.3.6.1.4.1.25623.1.0.10736)
Version used: 2022-06-03T18:17:07+08:00
","","","",""
192.168.0.119,wc871234.tahoho.com.tw,135,tcp,5.0,Medium,80,"Mitigation","DCE/RPC and MSRPC Services Enumeration Reporting","Distributed Computing Environment / Remote Procedure Calls (DCE/RPC) or MSRPC services running
on the remote host can be enumerated by connecting on port 135 and doing the appropriate queries.","Here is the list of DCE/RPC or MSRPC services running on this host via the TCP protocol:

Port: 49664/tcp

UUID: 0b1c2170-5732-4e0e-8cd3-d9b16f3b84d7, version 0
Endpoint: ncacn_ip_tcp:192.168.0.119[49664]
Annotation: RemoteAccessCheck

UUID: 12345778-1234-abcd-ef00-0123456789ac, version 1
Endpoint: ncacn_ip_tcp:192.168.0.119[49664]
Named pipe : lsass
Win32 service or process : lsass.exe
Description : SAM access

UUID: 51a227ae-825b-41f2-b4a9-1ac9557a1018, version 1
Endpoint: ncacn_ip_tcp:192.168.0.119[49664]
Annotation: Ngc Pop Key Service

UUID: 8fb74744-b2ff-4c00-be0d-9ef9a191fe1b, version 1
Endpoint: ncacn_ip_tcp:192.168.0.119[49664]
Annotation: Ngc Pop Key Service

UUID: b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 2
Endpoint: ncacn_ip_tcp:192.168.0.119[49664]
Annotation: KeyIso

Port: 49665/tcp

UUID: d95afe70-a6d5-4259-822e-2c84da1ddb0d, version 1
Endpoint: ncacn_ip_tcp:192.168.0.119[49665]

Port: 49666/tcp

UUID: f6beaff7-1e19-4fbb-9f8f-b89e2018337c, version 1
Endpoint: ncacn_ip_tcp:192.168.0.119[49666]
Annotation: Event log TCPIP

Port: 49667/tcp

UUID: 3a9ef155-691d-4449-8d05-09ad57031823, version 1
Endpoint: ncacn_ip_tcp:192.168.0.119[49667]

UUID: 86d35949-83c9-4044-b424-db363231fd0c, version 1
Endpoint: ncacn_ip_tcp:192.168.0.119[49667]

Port: 49669/tcp

UUID: 29770a8f-829b-4158-90a2-78cd488501f7, version 1
Endpoint: ncacn_ip_tcp:192.168.0.119[49669]

Port: 49673/tcp

UUID: 0b6edbfa-4a24-4fc6-8a23-942b1eca65d1, version 1
Endpoint: ncacn_ip_tcp:192.168.0.119[49673]

UUID: 12345678-1234-abcd-ef00-0123456789ab, version 1
Endpoint: ncacn_ip_tcp:192.168.0.119[49673]
Named pipe : spoolss
Win32 service or process : spoolsv.exe
Description : Spooler service

UUID: 4a452661-8290-4b36-8fbe-7f4093a94978, version 1
Endpoint: ncacn_ip_tcp:192.168.0.119[49673]

UUID: 76f03f96-cdfd-44fc-a22c-64950a001209, version 1
Endpoint: ncacn_ip_tcp:192.168.0.119[49673]

UUID: ae33069b-a2a8-46ee-a235-ddfd339be281, version 1
Endpoint: ncacn_ip_tcp:192.168.0.119[49673]

Port: 49674/tcp

UUID: 0b1c2170-5732-4e0e-8cd3-d9b16f3b84d7, version 0
Endpoint: ncacn_ip_tcp:192.168.0.119[49674]
Annotation: RemoteAccessCheck

UUID: 51a227ae-825b-41f2-b4a9-1ac9557a1018, version 1
Endpoint: ncacn_ip_tcp:192.168.0.119[49674]
Annotation: Ngc Pop Key Service

UUID: 8fb74744-b2ff-4c00-be0d-9ef9a191fe1b, version 1
Endpoint: ncacn_ip_tcp:192.168.0.119[49674]
Annotation: Ngc Pop Key Service

UUID: b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 2
Endpoint: ncacn_ip_tcp:192.168.0.119[49674]
Annotation: KeyIso

Port: 49782/tcp

UUID: 367abb81-9844-35f1-ad32-98f038001003, version 2
Endpoint: ncacn_ip_tcp:192.168.0.119[49782]

Note: DCE/RPC or MSRPC services running on this host locally were identified. Reporting this list is not enabled by default due to the possible large size of this list. See the script preferences to enable this reporting.
",1.3.6.1.4.1.25623.1.0.10736,"",deea649d-88ab-4215-b42e-d8fd7e751c64,"0.0-5-1",2024-06-24T12:02:46+08:00,94ba0c8a-a0c1-4ef5-a10f-c7803650ce06,"An attacker may use this fact to gain more knowledge
about the remote host.","Filter incoming traffic to this ports.","","","
Details:
DCE/RPC and MSRPC Services Enumeration Reporting
(OID: 1.3.6.1.4.1.25623.1.0.10736)
Version used: 2022-06-03T18:17:07+08:00
","","","",""
192.168.0.122,wca60103.tahoho.com.tw,135,tcp,5.0,Medium,80,"Mitigation","DCE/RPC and MSRPC Services Enumeration Reporting","Distributed Computing Environment / Remote Procedure Calls (DCE/RPC) or MSRPC services running
on the remote host can be enumerated by connecting on port 135 and doing the appropriate queries.","Here is the list of DCE/RPC or MSRPC services running on this host via the TCP protocol:

Port: 49664/tcp

UUID: 0b1c2170-5732-4e0e-8cd3-d9b16f3b84d7, version 0
Endpoint: ncacn_ip_tcp:192.168.0.122[49664]
Annotation: RemoteAccessCheck

UUID: 12345778-1234-abcd-ef00-0123456789ac, version 1
Endpoint: ncacn_ip_tcp:192.168.0.122[49664]
Named pipe : lsass
Win32 service or process : lsass.exe
Description : SAM access

UUID: 51a227ae-825b-41f2-b4a9-1ac9557a1018, version 1
Endpoint: ncacn_ip_tcp:192.168.0.122[49664]
Annotation: Ngc Pop Key Service

UUID: 8fb74744-b2ff-4c00-be0d-9ef9a191fe1b, version 1
Endpoint: ncacn_ip_tcp:192.168.0.122[49664]
Annotation: Ngc Pop Key Service

UUID: b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 2
Endpoint: ncacn_ip_tcp:192.168.0.122[49664]
Annotation: KeyIso

Port: 49665/tcp

UUID: d95afe70-a6d5-4259-822e-2c84da1ddb0d, version 1
Endpoint: ncacn_ip_tcp:192.168.0.122[49665]

Port: 49666/tcp

UUID: f6beaff7-1e19-4fbb-9f8f-b89e2018337c, version 1
Endpoint: ncacn_ip_tcp:192.168.0.122[49666]
Annotation: Event log TCPIP

Port: 49667/tcp

UUID: 3a9ef155-691d-4449-8d05-09ad57031823, version 1
Endpoint: ncacn_ip_tcp:192.168.0.122[49667]

UUID: 86d35949-83c9-4044-b424-db363231fd0c, version 1
Endpoint: ncacn_ip_tcp:192.168.0.122[49667]

Port: 49668/tcp

UUID: 29770a8f-829b-4158-90a2-78cd488501f7, version 1
Endpoint: ncacn_ip_tcp:192.168.0.122[49668]

Port: 49682/tcp

UUID: 0b6edbfa-4a24-4fc6-8a23-942b1eca65d1, version 1
Endpoint: ncacn_ip_tcp:192.168.0.122[49682]

UUID: 12345678-1234-abcd-ef00-0123456789ab, version 1
Endpoint: ncacn_ip_tcp:192.168.0.122[49682]
Named pipe : spoolss
Win32 service or process : spoolsv.exe
Description : Spooler service

UUID: 4a452661-8290-4b36-8fbe-7f4093a94978, version 1
Endpoint: ncacn_ip_tcp:192.168.0.122[49682]

UUID: 76f03f96-cdfd-44fc-a22c-64950a001209, version 1
Endpoint: ncacn_ip_tcp:192.168.0.122[49682]

UUID: ae33069b-a2a8-46ee-a235-ddfd339be281, version 1
Endpoint: ncacn_ip_tcp:192.168.0.122[49682]

Port: 49683/tcp

UUID: 0b1c2170-5732-4e0e-8cd3-d9b16f3b84d7, version 0
Endpoint: ncacn_ip_tcp:192.168.0.122[49683]
Annotation: RemoteAccessCheck

UUID: 51a227ae-825b-41f2-b4a9-1ac9557a1018, version 1
Endpoint: ncacn_ip_tcp:192.168.0.122[49683]
Annotation: Ngc Pop Key Service

UUID: 8fb74744-b2ff-4c00-be0d-9ef9a191fe1b, version 1
Endpoint: ncacn_ip_tcp:192.168.0.122[49683]
Annotation: Ngc Pop Key Service

UUID: b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 2
Endpoint: ncacn_ip_tcp:192.168.0.122[49683]
Annotation: KeyIso

Port: 49784/tcp

UUID: 367abb81-9844-35f1-ad32-98f038001003, version 2
Endpoint: ncacn_ip_tcp:192.168.0.122[49784]

Note: DCE/RPC or MSRPC services running on this host locally were identified. Reporting this list is not enabled by default due to the possible large size of this list. See the script preferences to enable this reporting.
",1.3.6.1.4.1.25623.1.0.10736,"",deea649d-88ab-4215-b42e-d8fd7e751c64,"0.0-5-1",2024-06-24T12:02:46+08:00,9a2378d6-242c-445a-9ed4-746987695095,"An attacker may use this fact to gain more knowledge
about the remote host.","Filter incoming traffic to this ports.","","","
Details:
DCE/RPC and MSRPC Services Enumeration Reporting
(OID: 1.3.6.1.4.1.25623.1.0.10736)
Version used: 2022-06-03T18:17:07+08:00
","","","",""
192.168.0.119,wc871234.tahoho.com.tw,21,tcp,4.8,Medium,70,"Mitigation","FTP Unencrypted Cleartext Login","The remote host is running a FTP service that allows cleartext logins over
unencrypted connections.","The remote FTP service accepts logins without a previous sent 'AUTH TLS' command. Response(s):

Non-anonymous sessions: 331 Password required for openvasvt
Anonymous sessions: 331 Password required for anonymous
",1.3.6.1.4.1.25623.1.0.108528,"",deea649d-88ab-4215-b42e-d8fd7e751c64,"0.0-5-1",2024-06-24T12:02:46+08:00,d27fd79e-65a1-4d47-b4d0-21b668009eed,"An attacker can uncover login names and passwords by sniffing traffic to the
FTP service.","Enable FTPS or enforce the connection via the 'AUTH TLS' command. Please see
the manual of the FTP service for more information.","","","Tries to login to a non FTPS enabled FTP service without sending a
'AUTH TLS' command first and checks if the service is accepting the login without enforcing the use of
the 'AUTH TLS' command.
Details:
FTP Unencrypted Cleartext Login
(OID: 1.3.6.1.4.1.25623.1.0.108528)
Version used: 2023-12-20T13:05:58+08:00
","","","",""
192.168.0.123,wc871589.tahoho.com.tw,21,tcp,4.8,Medium,70,"Mitigation","FTP Unencrypted Cleartext Login","The remote host is running a FTP service that allows cleartext logins over
unencrypted connections.","The remote FTP service accepts logins without a previous sent 'AUTH TLS' command. Response(s):

Non-anonymous sessions: 331 Password required for openvasvt
Anonymous sessions: 331 Password required for anonymous
",1.3.6.1.4.1.25623.1.0.108528,"",deea649d-88ab-4215-b42e-d8fd7e751c64,"0.0-5-1",2024-06-24T12:02:46+08:00,63802ec1-1342-4c82-83f9-3e2cfd99dc08,"An attacker can uncover login names and passwords by sniffing traffic to the
FTP service.","Enable FTPS or enforce the connection via the 'AUTH TLS' command. Please see
the manual of the FTP service for more information.","","","Tries to login to a non FTPS enabled FTP service without sending a
'AUTH TLS' command first and checks if the service is accepting the login without enforcing the use of
the 'AUTH TLS' command.
Details:
FTP Unencrypted Cleartext Login
(OID: 1.3.6.1.4.1.25623.1.0.108528)
Version used: 2023-12-20T13:05:58+08:00
","","","",""
192.168.0.116,wc920434pc.tahoho.com.tw,21,tcp,4.8,Medium,70,"Mitigation","FTP Unencrypted Cleartext Login","The remote host is running a FTP service that allows cleartext logins over
unencrypted connections.","The remote FTP service accepts logins without a previous sent 'AUTH TLS' command. Response(s):

Non-anonymous sessions: 331 Password required for openvasvt
Anonymous sessions: 331 Password required for anonymous
",1.3.6.1.4.1.25623.1.0.108528,"",deea649d-88ab-4215-b42e-d8fd7e751c64,"0.0-5-1",2024-06-24T12:02:46+08:00,48877ba7-eedf-4862-b710-2c54d21d915c,"An attacker can uncover login names and passwords by sniffing traffic to the
FTP service.","Enable FTPS or enforce the connection via the 'AUTH TLS' command. Please see
the manual of the FTP service for more information.","","","Tries to login to a non FTPS enabled FTP service without sending a
'AUTH TLS' command first and checks if the service is accepting the login without enforcing the use of
the 'AUTH TLS' command.
Details:
FTP Unencrypted Cleartext Login
(OID: 1.3.6.1.4.1.25623.1.0.108528)
Version used: 2023-12-20T13:05:58+08:00
","","","",""
192.168.0.117,wca80111.tahoho.com.tw,21,tcp,4.8,Medium,70,"Mitigation","FTP Unencrypted Cleartext Login","The remote host is running a FTP service that allows cleartext logins over
unencrypted connections.","The remote FTP service accepts logins without a previous sent 'AUTH TLS' command. Response(s):

Non-anonymous sessions: 331 Password required for openvasvt
Anonymous sessions: 331 Password required for anonymous
",1.3.6.1.4.1.25623.1.0.108528,"",deea649d-88ab-4215-b42e-d8fd7e751c64,"0.0-5-1",2024-06-24T12:02:46+08:00,72610612-d5d6-4669-a804-31f52a10e48f,"An attacker can uncover login names and passwords by sniffing traffic to the
FTP service.","Enable FTPS or enforce the connection via the 'AUTH TLS' command. Please see
the manual of the FTP service for more information.","","","Tries to login to a non FTPS enabled FTP service without sending a
'AUTH TLS' command first and checks if the service is accepting the login without enforcing the use of
the 'AUTH TLS' command.
Details:
FTP Unencrypted Cleartext Login
(OID: 1.3.6.1.4.1.25623.1.0.108528)
Version used: 2023-12-20T13:05:58+08:00
","","","",""
192.168.0.131,wc910187.tahoho.com.tw,21,tcp,4.8,Medium,70,"Mitigation","FTP Unencrypted Cleartext Login","The remote host is running a FTP service that allows cleartext logins over
unencrypted connections.","The remote FTP service accepts logins without a previous sent 'AUTH TLS' command. Response(s):

Non-anonymous sessions: 331 Password required for openvasvt
Anonymous sessions: 331 Password required for anonymous
",1.3.6.1.4.1.25623.1.0.108528,"",deea649d-88ab-4215-b42e-d8fd7e751c64,"0.0-5-1",2024-06-24T12:02:46+08:00,b00b5b4f-3650-4831-a844-66b8d8add745,"An attacker can uncover login names and passwords by sniffing traffic to the
FTP service.","Enable FTPS or enforce the connection via the 'AUTH TLS' command. Please see
the manual of the FTP service for more information.","","","Tries to login to a non FTPS enabled FTP service without sending a
'AUTH TLS' command first and checks if the service is accepting the login without enforcing the use of
the 'AUTH TLS' command.
Details:
FTP Unencrypted Cleartext Login
(OID: 1.3.6.1.4.1.25623.1.0.108528)
Version used: 2023-12-20T13:05:58+08:00
","","","",""
192.168.0.139,wca70111.tahoho.com.tw,21,tcp,4.8,Medium,70,"Mitigation","FTP Unencrypted Cleartext Login","The remote host is running a FTP service that allows cleartext logins over
unencrypted connections.","The remote FTP service accepts logins without a previous sent 'AUTH TLS' command. Response(s):

Non-anonymous sessions: 331 Password required for openvasvt
Anonymous sessions: 331 Password required for anonymous
",1.3.6.1.4.1.25623.1.0.108528,"",deea649d-88ab-4215-b42e-d8fd7e751c64,"0.0-5-1",2024-06-24T12:02:46+08:00,acec1120-0997-478f-93f7-2a1a7d0e5423,"An attacker can uncover login names and passwords by sniffing traffic to the
FTP service.","Enable FTPS or enforce the connection via the 'AUTH TLS' command. Please see
the manual of the FTP service for more information.","","","Tries to login to a non FTPS enabled FTP service without sending a
'AUTH TLS' command first and checks if the service is accepting the login without enforcing the use of
the 'AUTH TLS' command.
Details:
FTP Unencrypted Cleartext Login
(OID: 1.3.6.1.4.1.25623.1.0.108528)
Version used: 2023-12-20T13:05:58+08:00
","","","",""
192.168.0.179,,21,tcp,4.8,Medium,70,"Mitigation","FTP Unencrypted Cleartext Login","The remote host is running a FTP service that allows cleartext logins over
unencrypted connections.","The remote FTP service accepts logins without a previous sent 'AUTH TLS' command. Response(s):

Non-anonymous sessions: 331 Password required for openvasvt
Anonymous sessions: 331 Password required for anonymous
",1.3.6.1.4.1.25623.1.0.108528,"",deea649d-88ab-4215-b42e-d8fd7e751c64,"0.0-5-1",2024-06-24T12:02:46+08:00,c730b132-78e9-4ade-8e87-335e424712a6,"An attacker can uncover login names and passwords by sniffing traffic to the
FTP service.","Enable FTPS or enforce the connection via the 'AUTH TLS' command. Please see
the manual of the FTP service for more information.","","","Tries to login to a non FTPS enabled FTP service without sending a
'AUTH TLS' command first and checks if the service is accepting the login without enforcing the use of
the 'AUTH TLS' command.
Details:
FTP Unencrypted Cleartext Login
(OID: 1.3.6.1.4.1.25623.1.0.108528)
Version used: 2023-12-20T13:05:58+08:00
","","","",""
192.168.0.122,wca60103.tahoho.com.tw,21,tcp,4.8,Medium,70,"Mitigation","FTP Unencrypted Cleartext Login","The remote host is running a FTP service that allows cleartext logins over
unencrypted connections.","The remote FTP service accepts logins without a previous sent 'AUTH TLS' command. Response(s):

Non-anonymous sessions: 331 Password required for openvasvt
Anonymous sessions: 331 Password required for anonymous
",1.3.6.1.4.1.25623.1.0.108528,"",deea649d-88ab-4215-b42e-d8fd7e751c64,"0.0-5-1",2024-06-24T12:02:46+08:00,4ede52e7-4f76-4eca-954e-553ce548924a,"An attacker can uncover login names and passwords by sniffing traffic to the
FTP service.","Enable FTPS or enforce the connection via the 'AUTH TLS' command. Please see
the manual of the FTP service for more information.","","","Tries to login to a non FTPS enabled FTP service without sending a
'AUTH TLS' command first and checks if the service is accepting the login without enforcing the use of
the 'AUTH TLS' command.
Details:
FTP Unencrypted Cleartext Login
(OID: 1.3.6.1.4.1.25623.1.0.108528)
Version used: 2023-12-20T13:05:58+08:00
","","","",""
192.168.0.123,wc871589.tahoho.com.tw,3389,tcp,4.3,Medium,98,"Mitigation","SSL/TLS: Deprecated TLSv1.0 and TLSv1.1 Protocol Detection","It was possible to detect the usage of the deprecated TLSv1.0
and/or TLSv1.1 protocol on this system.","In addition to TLSv1.2+ the service is also providing the deprecated TLSv1.0 and TLSv1.1 protocols and supports one or more ciphers. Those supported ciphers can be found in the 'SSL/TLS: Report Supported Cipher Suites' (OID: 1.3.6.1.4.1.25623.1.0.802067) VT.
",1.3.6.1.4.1.25623.1.0.117274,"CVE-2011-3389,CVE-2015-0204",deea649d-88ab-4215-b42e-d8fd7e751c64,"0.0-5-1",2024-06-24T12:02:46+08:00,94026874-b41f-467e-96a3-3aac5e41214a,"An attacker might be able to use the known cryptographic flaws
to eavesdrop the connection between clients and the service to get access to sensitive data
transferred within the secured connection.

Furthermore newly uncovered vulnerabilities in this protocols won't receive security updates
anymore.","It is recommended to disable the deprecated TLSv1.0 and/or
TLSv1.1 protocols in favor of the TLSv1.2+ protocols. Please see the references for more
information.","All services providing an encrypted communication using the
TLSv1.0 and/or TLSv1.1 protocols.","The TLSv1.0 and TLSv1.1 protocols contain known cryptographic
flaws like:

- CVE-2011-3389: Browser Exploit Against SSL/TLS (BEAST)

- CVE-2015-0204: Factoring Attack on RSA-EXPORT Keys Padding Oracle On Downgraded Legacy
Encryption (FREAK)","Check the used TLS protocols of the services provided by this
system.
Details:
SSL/TLS: Deprecated TLSv1.0 and TLSv1.1 Protocol Detection
(OID: 1.3.6.1.4.1.25623.1.0.117274)
Version used: 2024-06-14T13:05:48+08:00
","Product: cpe:/a:ietf:transport_layer_security:1.0
Method: SSL/TLS: Version Detection
(OID: 1.3.6.1.4.1.25623.1.0.105782)
","","DFN-CERT-2020-0177,DFN-CERT-2020-0111,DFN-CERT-2019-0068,DFN-CERT-2018-1441,DFN-CERT-2018-1408,DFN-CERT-2016-1372,DFN-CERT-2016-1164,DFN-CERT-2016-0388,DFN-CERT-2015-1853,DFN-CERT-2015-1332,DFN-CERT-2015-0884,DFN-CERT-2015-0800,DFN-CERT-2015-0758,DFN-CERT-2015-0567,DFN-CERT-2015-0544,DFN-CERT-2015-0530,DFN-CERT-2015-0396,DFN-CERT-2015-0375,DFN-CERT-2015-0374,DFN-CERT-2015-0305,DFN-CERT-2015-0199,DFN-CERT-2015-0079,DFN-CERT-2015-0021,DFN-CERT-2014-1414,DFN-CERT-2013-1847,DFN-CERT-2013-1792,DFN-CERT-2012-1979,DFN-CERT-2012-1829,DFN-CERT-2012-1530,DFN-CERT-2012-1380,DFN-CERT-2012-1377,DFN-CERT-2012-1292,DFN-CERT-2012-1214,DFN-CERT-2012-1213,DFN-CERT-2012-1180,DFN-CERT-2012-1156,DFN-CERT-2012-1155,DFN-CERT-2012-1039,DFN-CERT-2012-0956,DFN-CERT-2012-0908,DFN-CERT-2012-0868,DFN-CERT-2012-0867,DFN-CERT-2012-0848,DFN-CERT-2012-0838,DFN-CERT-2012-0776,DFN-CERT-2012-0722,DFN-CERT-2012-0638,DFN-CERT-2012-0627,DFN-CERT-2012-0451,DFN-CERT-2012-0418,DFN-CERT-2012-0354,DFN-CERT-2012-0234,DFN-CERT-2012-0221,DFN-CERT-2012-0177,DFN-CERT-2012-0170,DFN-CERT-2012-0146,DFN-CERT-2012-0142,DFN-CERT-2012-0126,DFN-CERT-2012-0123,DFN-CERT-2012-0095,DFN-CERT-2012-0051,DFN-CERT-2012-0047,DFN-CERT-2012-0021,DFN-CERT-2011-1953,DFN-CERT-2011-1946,DFN-CERT-2011-1844,DFN-CERT-2011-1826,DFN-CERT-2011-1774,DFN-CERT-2011-1743,DFN-CERT-2011-1738,DFN-CERT-2011-1706,DFN-CERT-2011-1628,DFN-CERT-2011-1627,DFN-CERT-2011-1619,DFN-CERT-2011-1482,WID-SEC-2023-1435,CB-K18/0799,CB-K16/1289,CB-K16/1096,CB-K15/1751,CB-K15/1266,CB-K15/0850,CB-K15/0764,CB-K15/0720,CB-K15/0548,CB-K15/0526,CB-K15/0509,CB-K15/0493,CB-K15/0384,CB-K15/0365,CB-K15/0364,CB-K15/0302,CB-K15/0192,CB-K15/0079,CB-K15/0016,CB-K14/1342,CB-K14/0231,CB-K13/0845,CB-K13/0796,CB-K13/0790",""
192.168.0.131,wc910187.tahoho.com.tw,3389,tcp,4.3,Medium,98,"Mitigation","SSL/TLS: Deprecated TLSv1.0 and TLSv1.1 Protocol Detection","It was possible to detect the usage of the deprecated TLSv1.0
and/or TLSv1.1 protocol on this system.","In addition to TLSv1.2+ the service is also providing the deprecated TLSv1.0 and TLSv1.1 protocols and supports one or more ciphers. Those supported ciphers can be found in the 'SSL/TLS: Report Supported Cipher Suites' (OID: 1.3.6.1.4.1.25623.1.0.802067) VT.
",1.3.6.1.4.1.25623.1.0.117274,"CVE-2011-3389,CVE-2015-0204",deea649d-88ab-4215-b42e-d8fd7e751c64,"0.0-5-1",2024-06-24T12:02:46+08:00,13c831ee-8559-49fe-a0be-e90a116e6dc8,"An attacker might be able to use the known cryptographic flaws
to eavesdrop the connection between clients and the service to get access to sensitive data
transferred within the secured connection.

Furthermore newly uncovered vulnerabilities in this protocols won't receive security updates
anymore.","It is recommended to disable the deprecated TLSv1.0 and/or
TLSv1.1 protocols in favor of the TLSv1.2+ protocols. Please see the references for more
information.","All services providing an encrypted communication using the
TLSv1.0 and/or TLSv1.1 protocols.","The TLSv1.0 and TLSv1.1 protocols contain known cryptographic
flaws like:

- CVE-2011-3389: Browser Exploit Against SSL/TLS (BEAST)

- CVE-2015-0204: Factoring Attack on RSA-EXPORT Keys Padding Oracle On Downgraded Legacy
Encryption (FREAK)","Check the used TLS protocols of the services provided by this
system.
Details:
SSL/TLS: Deprecated TLSv1.0 and TLSv1.1 Protocol Detection
(OID: 1.3.6.1.4.1.25623.1.0.117274)
Version used: 2024-06-14T13:05:48+08:00
","Product: cpe:/a:ietf:transport_layer_security:1.0
Method: SSL/TLS: Version Detection
(OID: 1.3.6.1.4.1.25623.1.0.105782)
","","DFN-CERT-2020-0177,DFN-CERT-2020-0111,DFN-CERT-2019-0068,DFN-CERT-2018-1441,DFN-CERT-2018-1408,DFN-CERT-2016-1372,DFN-CERT-2016-1164,DFN-CERT-2016-0388,DFN-CERT-2015-1853,DFN-CERT-2015-1332,DFN-CERT-2015-0884,DFN-CERT-2015-0800,DFN-CERT-2015-0758,DFN-CERT-2015-0567,DFN-CERT-2015-0544,DFN-CERT-2015-0530,DFN-CERT-2015-0396,DFN-CERT-2015-0375,DFN-CERT-2015-0374,DFN-CERT-2015-0305,DFN-CERT-2015-0199,DFN-CERT-2015-0079,DFN-CERT-2015-0021,DFN-CERT-2014-1414,DFN-CERT-2013-1847,DFN-CERT-2013-1792,DFN-CERT-2012-1979,DFN-CERT-2012-1829,DFN-CERT-2012-1530,DFN-CERT-2012-1380,DFN-CERT-2012-1377,DFN-CERT-2012-1292,DFN-CERT-2012-1214,DFN-CERT-2012-1213,DFN-CERT-2012-1180,DFN-CERT-2012-1156,DFN-CERT-2012-1155,DFN-CERT-2012-1039,DFN-CERT-2012-0956,DFN-CERT-2012-0908,DFN-CERT-2012-0868,DFN-CERT-2012-0867,DFN-CERT-2012-0848,DFN-CERT-2012-0838,DFN-CERT-2012-0776,DFN-CERT-2012-0722,DFN-CERT-2012-0638,DFN-CERT-2012-0627,DFN-CERT-2012-0451,DFN-CERT-2012-0418,DFN-CERT-2012-0354,DFN-CERT-2012-0234,DFN-CERT-2012-0221,DFN-CERT-2012-0177,DFN-CERT-2012-0170,DFN-CERT-2012-0146,DFN-CERT-2012-0142,DFN-CERT-2012-0126,DFN-CERT-2012-0123,DFN-CERT-2012-0095,DFN-CERT-2012-0051,DFN-CERT-2012-0047,DFN-CERT-2012-0021,DFN-CERT-2011-1953,DFN-CERT-2011-1946,DFN-CERT-2011-1844,DFN-CERT-2011-1826,DFN-CERT-2011-1774,DFN-CERT-2011-1743,DFN-CERT-2011-1738,DFN-CERT-2011-1706,DFN-CERT-2011-1628,DFN-CERT-2011-1627,DFN-CERT-2011-1619,DFN-CERT-2011-1482,WID-SEC-2023-1435,CB-K18/0799,CB-K16/1289,CB-K16/1096,CB-K15/1751,CB-K15/1266,CB-K15/0850,CB-K15/0764,CB-K15/0720,CB-K15/0548,CB-K15/0526,CB-K15/0509,CB-K15/0493,CB-K15/0384,CB-K15/0365,CB-K15/0364,CB-K15/0302,CB-K15/0192,CB-K15/0079,CB-K15/0016,CB-K14/1342,CB-K14/0231,CB-K13/0845,CB-K13/0796,CB-K13/0790",""
192.168.0.107,wc960197.tahoho.com.tw,3389,tcp,4.3,Medium,98,"Mitigation","SSL/TLS: Deprecated TLSv1.0 and TLSv1.1 Protocol Detection","It was possible to detect the usage of the deprecated TLSv1.0
and/or TLSv1.1 protocol on this system.","In addition to TLSv1.2+ the service is also providing the deprecated TLSv1.0 and TLSv1.1 protocols and supports one or more ciphers. Those supported ciphers can be found in the 'SSL/TLS: Report Supported Cipher Suites' (OID: 1.3.6.1.4.1.25623.1.0.802067) VT.
",1.3.6.1.4.1.25623.1.0.117274,"CVE-2011-3389,CVE-2015-0204",deea649d-88ab-4215-b42e-d8fd7e751c64,"0.0-5-1",2024-06-24T12:02:46+08:00,3281e6b0-4808-4512-b3a8-f661c44bad93,"An attacker might be able to use the known cryptographic flaws
to eavesdrop the connection between clients and the service to get access to sensitive data
transferred within the secured connection.

Furthermore newly uncovered vulnerabilities in this protocols won't receive security updates
anymore.","It is recommended to disable the deprecated TLSv1.0 and/or
TLSv1.1 protocols in favor of the TLSv1.2+ protocols. Please see the references for more
information.","All services providing an encrypted communication using the
TLSv1.0 and/or TLSv1.1 protocols.","The TLSv1.0 and TLSv1.1 protocols contain known cryptographic
flaws like:

- CVE-2011-3389: Browser Exploit Against SSL/TLS (BEAST)

- CVE-2015-0204: Factoring Attack on RSA-EXPORT Keys Padding Oracle On Downgraded Legacy
Encryption (FREAK)","Check the used TLS protocols of the services provided by this
system.
Details:
SSL/TLS: Deprecated TLSv1.0 and TLSv1.1 Protocol Detection
(OID: 1.3.6.1.4.1.25623.1.0.117274)
Version used: 2024-06-14T13:05:48+08:00
","Product: cpe:/a:ietf:transport_layer_security:1.0
Method: SSL/TLS: Version Detection
(OID: 1.3.6.1.4.1.25623.1.0.105782)
","","DFN-CERT-2020-0177,DFN-CERT-2020-0111,DFN-CERT-2019-0068,DFN-CERT-2018-1441,DFN-CERT-2018-1408,DFN-CERT-2016-1372,DFN-CERT-2016-1164,DFN-CERT-2016-0388,DFN-CERT-2015-1853,DFN-CERT-2015-1332,DFN-CERT-2015-0884,DFN-CERT-2015-0800,DFN-CERT-2015-0758,DFN-CERT-2015-0567,DFN-CERT-2015-0544,DFN-CERT-2015-0530,DFN-CERT-2015-0396,DFN-CERT-2015-0375,DFN-CERT-2015-0374,DFN-CERT-2015-0305,DFN-CERT-2015-0199,DFN-CERT-2015-0079,DFN-CERT-2015-0021,DFN-CERT-2014-1414,DFN-CERT-2013-1847,DFN-CERT-2013-1792,DFN-CERT-2012-1979,DFN-CERT-2012-1829,DFN-CERT-2012-1530,DFN-CERT-2012-1380,DFN-CERT-2012-1377,DFN-CERT-2012-1292,DFN-CERT-2012-1214,DFN-CERT-2012-1213,DFN-CERT-2012-1180,DFN-CERT-2012-1156,DFN-CERT-2012-1155,DFN-CERT-2012-1039,DFN-CERT-2012-0956,DFN-CERT-2012-0908,DFN-CERT-2012-0868,DFN-CERT-2012-0867,DFN-CERT-2012-0848,DFN-CERT-2012-0838,DFN-CERT-2012-0776,DFN-CERT-2012-0722,DFN-CERT-2012-0638,DFN-CERT-2012-0627,DFN-CERT-2012-0451,DFN-CERT-2012-0418,DFN-CERT-2012-0354,DFN-CERT-2012-0234,DFN-CERT-2012-0221,DFN-CERT-2012-0177,DFN-CERT-2012-0170,DFN-CERT-2012-0146,DFN-CERT-2012-0142,DFN-CERT-2012-0126,DFN-CERT-2012-0123,DFN-CERT-2012-0095,DFN-CERT-2012-0051,DFN-CERT-2012-0047,DFN-CERT-2012-0021,DFN-CERT-2011-1953,DFN-CERT-2011-1946,DFN-CERT-2011-1844,DFN-CERT-2011-1826,DFN-CERT-2011-1774,DFN-CERT-2011-1743,DFN-CERT-2011-1738,DFN-CERT-2011-1706,DFN-CERT-2011-1628,DFN-CERT-2011-1627,DFN-CERT-2011-1619,DFN-CERT-2011-1482,WID-SEC-2023-1435,CB-K18/0799,CB-K16/1289,CB-K16/1096,CB-K15/1751,CB-K15/1266,CB-K15/0850,CB-K15/0764,CB-K15/0720,CB-K15/0548,CB-K15/0526,CB-K15/0509,CB-K15/0493,CB-K15/0384,CB-K15/0365,CB-K15/0364,CB-K15/0302,CB-K15/0192,CB-K15/0079,CB-K15/0016,CB-K14/1342,CB-K14/0231,CB-K13/0845,CB-K13/0796,CB-K13/0790",""
192.168.0.116,wc920434pc.tahoho.com.tw,3389,tcp,4.3,Medium,98,"Mitigation","SSL/TLS: Deprecated TLSv1.0 and TLSv1.1 Protocol Detection","It was possible to detect the usage of the deprecated TLSv1.0
and/or TLSv1.1 protocol on this system.","In addition to TLSv1.2+ the service is also providing the deprecated TLSv1.0 and TLSv1.1 protocols and supports one or more ciphers. Those supported ciphers can be found in the 'SSL/TLS: Report Supported Cipher Suites' (OID: 1.3.6.1.4.1.25623.1.0.802067) VT.
",1.3.6.1.4.1.25623.1.0.117274,"CVE-2011-3389,CVE-2015-0204",deea649d-88ab-4215-b42e-d8fd7e751c64,"0.0-5-1",2024-06-24T12:02:46+08:00,eef2888f-8e13-4484-a03f-08561d5443ac,"An attacker might be able to use the known cryptographic flaws
to eavesdrop the connection between clients and the service to get access to sensitive data
transferred within the secured connection.

Furthermore newly uncovered vulnerabilities in this protocols won't receive security updates
anymore.","It is recommended to disable the deprecated TLSv1.0 and/or
TLSv1.1 protocols in favor of the TLSv1.2+ protocols. Please see the references for more
information.","All services providing an encrypted communication using the
TLSv1.0 and/or TLSv1.1 protocols.","The TLSv1.0 and TLSv1.1 protocols contain known cryptographic
flaws like:

- CVE-2011-3389: Browser Exploit Against SSL/TLS (BEAST)

- CVE-2015-0204: Factoring Attack on RSA-EXPORT Keys Padding Oracle On Downgraded Legacy
Encryption (FREAK)","Check the used TLS protocols of the services provided by this
system.
Details:
SSL/TLS: Deprecated TLSv1.0 and TLSv1.1 Protocol Detection
(OID: 1.3.6.1.4.1.25623.1.0.117274)
Version used: 2024-06-14T13:05:48+08:00
","Product: cpe:/a:ietf:transport_layer_security:1.0
Method: SSL/TLS: Version Detection
(OID: 1.3.6.1.4.1.25623.1.0.105782)
","","DFN-CERT-2020-0177,DFN-CERT-2020-0111,DFN-CERT-2019-0068,DFN-CERT-2018-1441,DFN-CERT-2018-1408,DFN-CERT-2016-1372,DFN-CERT-2016-1164,DFN-CERT-2016-0388,DFN-CERT-2015-1853,DFN-CERT-2015-1332,DFN-CERT-2015-0884,DFN-CERT-2015-0800,DFN-CERT-2015-0758,DFN-CERT-2015-0567,DFN-CERT-2015-0544,DFN-CERT-2015-0530,DFN-CERT-2015-0396,DFN-CERT-2015-0375,DFN-CERT-2015-0374,DFN-CERT-2015-0305,DFN-CERT-2015-0199,DFN-CERT-2015-0079,DFN-CERT-2015-0021,DFN-CERT-2014-1414,DFN-CERT-2013-1847,DFN-CERT-2013-1792,DFN-CERT-2012-1979,DFN-CERT-2012-1829,DFN-CERT-2012-1530,DFN-CERT-2012-1380,DFN-CERT-2012-1377,DFN-CERT-2012-1292,DFN-CERT-2012-1214,DFN-CERT-2012-1213,DFN-CERT-2012-1180,DFN-CERT-2012-1156,DFN-CERT-2012-1155,DFN-CERT-2012-1039,DFN-CERT-2012-0956,DFN-CERT-2012-0908,DFN-CERT-2012-0868,DFN-CERT-2012-0867,DFN-CERT-2012-0848,DFN-CERT-2012-0838,DFN-CERT-2012-0776,DFN-CERT-2012-0722,DFN-CERT-2012-0638,DFN-CERT-2012-0627,DFN-CERT-2012-0451,DFN-CERT-2012-0418,DFN-CERT-2012-0354,DFN-CERT-2012-0234,DFN-CERT-2012-0221,DFN-CERT-2012-0177,DFN-CERT-2012-0170,DFN-CERT-2012-0146,DFN-CERT-2012-0142,DFN-CERT-2012-0126,DFN-CERT-2012-0123,DFN-CERT-2012-0095,DFN-CERT-2012-0051,DFN-CERT-2012-0047,DFN-CERT-2012-0021,DFN-CERT-2011-1953,DFN-CERT-2011-1946,DFN-CERT-2011-1844,DFN-CERT-2011-1826,DFN-CERT-2011-1774,DFN-CERT-2011-1743,DFN-CERT-2011-1738,DFN-CERT-2011-1706,DFN-CERT-2011-1628,DFN-CERT-2011-1627,DFN-CERT-2011-1619,DFN-CERT-2011-1482,WID-SEC-2023-1435,CB-K18/0799,CB-K16/1289,CB-K16/1096,CB-K15/1751,CB-K15/1266,CB-K15/0850,CB-K15/0764,CB-K15/0720,CB-K15/0548,CB-K15/0526,CB-K15/0509,CB-K15/0493,CB-K15/0384,CB-K15/0365,CB-K15/0364,CB-K15/0302,CB-K15/0192,CB-K15/0079,CB-K15/0016,CB-K14/1342,CB-K14/0231,CB-K13/0845,CB-K13/0796,CB-K13/0790",""
192.168.0.117,wca80111.tahoho.com.tw,3389,tcp,4.3,Medium,98,"Mitigation","SSL/TLS: Deprecated TLSv1.0 and TLSv1.1 Protocol Detection","It was possible to detect the usage of the deprecated TLSv1.0
and/or TLSv1.1 protocol on this system.","In addition to TLSv1.2+ the service is also providing the deprecated TLSv1.0 and TLSv1.1 protocols and supports one or more ciphers. Those supported ciphers can be found in the 'SSL/TLS: Report Supported Cipher Suites' (OID: 1.3.6.1.4.1.25623.1.0.802067) VT.
",1.3.6.1.4.1.25623.1.0.117274,"CVE-2011-3389,CVE-2015-0204",deea649d-88ab-4215-b42e-d8fd7e751c64,"0.0-5-1",2024-06-24T12:02:46+08:00,9138b1c1-77b0-4a56-a49a-feb8264e81b0,"An attacker might be able to use the known cryptographic flaws
to eavesdrop the connection between clients and the service to get access to sensitive data
transferred within the secured connection.

Furthermore newly uncovered vulnerabilities in this protocols won't receive security updates
anymore.","It is recommended to disable the deprecated TLSv1.0 and/or
TLSv1.1 protocols in favor of the TLSv1.2+ protocols. Please see the references for more
information.","All services providing an encrypted communication using the
TLSv1.0 and/or TLSv1.1 protocols.","The TLSv1.0 and TLSv1.1 protocols contain known cryptographic
flaws like:

- CVE-2011-3389: Browser Exploit Against SSL/TLS (BEAST)

- CVE-2015-0204: Factoring Attack on RSA-EXPORT Keys Padding Oracle On Downgraded Legacy
Encryption (FREAK)","Check the used TLS protocols of the services provided by this
system.
Details:
SSL/TLS: Deprecated TLSv1.0 and TLSv1.1 Protocol Detection
(OID: 1.3.6.1.4.1.25623.1.0.117274)
Version used: 2024-06-14T13:05:48+08:00
","Product: cpe:/a:ietf:transport_layer_security:1.0
Method: SSL/TLS: Version Detection
(OID: 1.3.6.1.4.1.25623.1.0.105782)
","","DFN-CERT-2020-0177,DFN-CERT-2020-0111,DFN-CERT-2019-0068,DFN-CERT-2018-1441,DFN-CERT-2018-1408,DFN-CERT-2016-1372,DFN-CERT-2016-1164,DFN-CERT-2016-0388,DFN-CERT-2015-1853,DFN-CERT-2015-1332,DFN-CERT-2015-0884,DFN-CERT-2015-0800,DFN-CERT-2015-0758,DFN-CERT-2015-0567,DFN-CERT-2015-0544,DFN-CERT-2015-0530,DFN-CERT-2015-0396,DFN-CERT-2015-0375,DFN-CERT-2015-0374,DFN-CERT-2015-0305,DFN-CERT-2015-0199,DFN-CERT-2015-0079,DFN-CERT-2015-0021,DFN-CERT-2014-1414,DFN-CERT-2013-1847,DFN-CERT-2013-1792,DFN-CERT-2012-1979,DFN-CERT-2012-1829,DFN-CERT-2012-1530,DFN-CERT-2012-1380,DFN-CERT-2012-1377,DFN-CERT-2012-1292,DFN-CERT-2012-1214,DFN-CERT-2012-1213,DFN-CERT-2012-1180,DFN-CERT-2012-1156,DFN-CERT-2012-1155,DFN-CERT-2012-1039,DFN-CERT-2012-0956,DFN-CERT-2012-0908,DFN-CERT-2012-0868,DFN-CERT-2012-0867,DFN-CERT-2012-0848,DFN-CERT-2012-0838,DFN-CERT-2012-0776,DFN-CERT-2012-0722,DFN-CERT-2012-0638,DFN-CERT-2012-0627,DFN-CERT-2012-0451,DFN-CERT-2012-0418,DFN-CERT-2012-0354,DFN-CERT-2012-0234,DFN-CERT-2012-0221,DFN-CERT-2012-0177,DFN-CERT-2012-0170,DFN-CERT-2012-0146,DFN-CERT-2012-0142,DFN-CERT-2012-0126,DFN-CERT-2012-0123,DFN-CERT-2012-0095,DFN-CERT-2012-0051,DFN-CERT-2012-0047,DFN-CERT-2012-0021,DFN-CERT-2011-1953,DFN-CERT-2011-1946,DFN-CERT-2011-1844,DFN-CERT-2011-1826,DFN-CERT-2011-1774,DFN-CERT-2011-1743,DFN-CERT-2011-1738,DFN-CERT-2011-1706,DFN-CERT-2011-1628,DFN-CERT-2011-1627,DFN-CERT-2011-1619,DFN-CERT-2011-1482,WID-SEC-2023-1435,CB-K18/0799,CB-K16/1289,CB-K16/1096,CB-K15/1751,CB-K15/1266,CB-K15/0850,CB-K15/0764,CB-K15/0720,CB-K15/0548,CB-K15/0526,CB-K15/0509,CB-K15/0493,CB-K15/0384,CB-K15/0365,CB-K15/0364,CB-K15/0302,CB-K15/0192,CB-K15/0079,CB-K15/0016,CB-K14/1342,CB-K14/0231,CB-K13/0845,CB-K13/0796,CB-K13/0790",""
192.168.0.139,wca70111.tahoho.com.tw,3389,tcp,4.3,Medium,98,"Mitigation","SSL/TLS: Deprecated TLSv1.0 and TLSv1.1 Protocol Detection","It was possible to detect the usage of the deprecated TLSv1.0
and/or TLSv1.1 protocol on this system.","In addition to TLSv1.2+ the service is also providing the deprecated TLSv1.0 and TLSv1.1 protocols and supports one or more ciphers. Those supported ciphers can be found in the 'SSL/TLS: Report Supported Cipher Suites' (OID: 1.3.6.1.4.1.25623.1.0.802067) VT.
",1.3.6.1.4.1.25623.1.0.117274,"CVE-2011-3389,CVE-2015-0204",deea649d-88ab-4215-b42e-d8fd7e751c64,"0.0-5-1",2024-06-24T12:02:46+08:00,9ee59a66-ccac-4f8a-8fcd-a51fa2e00ad4,"An attacker might be able to use the known cryptographic flaws
to eavesdrop the connection between clients and the service to get access to sensitive data
transferred within the secured connection.

Furthermore newly uncovered vulnerabilities in this protocols won't receive security updates
anymore.","It is recommended to disable the deprecated TLSv1.0 and/or
TLSv1.1 protocols in favor of the TLSv1.2+ protocols. Please see the references for more
information.","All services providing an encrypted communication using the
TLSv1.0 and/or TLSv1.1 protocols.","The TLSv1.0 and TLSv1.1 protocols contain known cryptographic
flaws like:

- CVE-2011-3389: Browser Exploit Against SSL/TLS (BEAST)

- CVE-2015-0204: Factoring Attack on RSA-EXPORT Keys Padding Oracle On Downgraded Legacy
Encryption (FREAK)","Check the used TLS protocols of the services provided by this
system.
Details:
SSL/TLS: Deprecated TLSv1.0 and TLSv1.1 Protocol Detection
(OID: 1.3.6.1.4.1.25623.1.0.117274)
Version used: 2024-06-14T13:05:48+08:00
","Product: cpe:/a:ietf:transport_layer_security:1.0
Method: SSL/TLS: Version Detection
(OID: 1.3.6.1.4.1.25623.1.0.105782)
","","DFN-CERT-2020-0177,DFN-CERT-2020-0111,DFN-CERT-2019-0068,DFN-CERT-2018-1441,DFN-CERT-2018-1408,DFN-CERT-2016-1372,DFN-CERT-2016-1164,DFN-CERT-2016-0388,DFN-CERT-2015-1853,DFN-CERT-2015-1332,DFN-CERT-2015-0884,DFN-CERT-2015-0800,DFN-CERT-2015-0758,DFN-CERT-2015-0567,DFN-CERT-2015-0544,DFN-CERT-2015-0530,DFN-CERT-2015-0396,DFN-CERT-2015-0375,DFN-CERT-2015-0374,DFN-CERT-2015-0305,DFN-CERT-2015-0199,DFN-CERT-2015-0079,DFN-CERT-2015-0021,DFN-CERT-2014-1414,DFN-CERT-2013-1847,DFN-CERT-2013-1792,DFN-CERT-2012-1979,DFN-CERT-2012-1829,DFN-CERT-2012-1530,DFN-CERT-2012-1380,DFN-CERT-2012-1377,DFN-CERT-2012-1292,DFN-CERT-2012-1214,DFN-CERT-2012-1213,DFN-CERT-2012-1180,DFN-CERT-2012-1156,DFN-CERT-2012-1155,DFN-CERT-2012-1039,DFN-CERT-2012-0956,DFN-CERT-2012-0908,DFN-CERT-2012-0868,DFN-CERT-2012-0867,DFN-CERT-2012-0848,DFN-CERT-2012-0838,DFN-CERT-2012-0776,DFN-CERT-2012-0722,DFN-CERT-2012-0638,DFN-CERT-2012-0627,DFN-CERT-2012-0451,DFN-CERT-2012-0418,DFN-CERT-2012-0354,DFN-CERT-2012-0234,DFN-CERT-2012-0221,DFN-CERT-2012-0177,DFN-CERT-2012-0170,DFN-CERT-2012-0146,DFN-CERT-2012-0142,DFN-CERT-2012-0126,DFN-CERT-2012-0123,DFN-CERT-2012-0095,DFN-CERT-2012-0051,DFN-CERT-2012-0047,DFN-CERT-2012-0021,DFN-CERT-2011-1953,DFN-CERT-2011-1946,DFN-CERT-2011-1844,DFN-CERT-2011-1826,DFN-CERT-2011-1774,DFN-CERT-2011-1743,DFN-CERT-2011-1738,DFN-CERT-2011-1706,DFN-CERT-2011-1628,DFN-CERT-2011-1627,DFN-CERT-2011-1619,DFN-CERT-2011-1482,WID-SEC-2023-1435,CB-K18/0799,CB-K16/1289,CB-K16/1096,CB-K15/1751,CB-K15/1266,CB-K15/0850,CB-K15/0764,CB-K15/0720,CB-K15/0548,CB-K15/0526,CB-K15/0509,CB-K15/0493,CB-K15/0384,CB-K15/0365,CB-K15/0364,CB-K15/0302,CB-K15/0192,CB-K15/0079,CB-K15/0016,CB-K14/1342,CB-K14/0231,CB-K13/0845,CB-K13/0796,CB-K13/0790",""
192.168.0.119,wc871234.tahoho.com.tw,3389,tcp,4.3,Medium,98,"Mitigation","SSL/TLS: Deprecated TLSv1.0 and TLSv1.1 Protocol Detection","It was possible to detect the usage of the deprecated TLSv1.0
and/or TLSv1.1 protocol on this system.","In addition to TLSv1.2+ the service is also providing the deprecated TLSv1.0 and TLSv1.1 protocols and supports one or more ciphers. Those supported ciphers can be found in the 'SSL/TLS: Report Supported Cipher Suites' (OID: 1.3.6.1.4.1.25623.1.0.802067) VT.
",1.3.6.1.4.1.25623.1.0.117274,"CVE-2011-3389,CVE-2015-0204",deea649d-88ab-4215-b42e-d8fd7e751c64,"0.0-5-1",2024-06-24T12:02:46+08:00,4deb1898-1286-45cb-b37a-f71e42e896cc,"An attacker might be able to use the known cryptographic flaws
to eavesdrop the connection between clients and the service to get access to sensitive data
transferred within the secured connection.

Furthermore newly uncovered vulnerabilities in this protocols won't receive security updates
anymore.","It is recommended to disable the deprecated TLSv1.0 and/or
TLSv1.1 protocols in favor of the TLSv1.2+ protocols. Please see the references for more
information.","All services providing an encrypted communication using the
TLSv1.0 and/or TLSv1.1 protocols.","The TLSv1.0 and TLSv1.1 protocols contain known cryptographic
flaws like:

- CVE-2011-3389: Browser Exploit Against SSL/TLS (BEAST)

- CVE-2015-0204: Factoring Attack on RSA-EXPORT Keys Padding Oracle On Downgraded Legacy
Encryption (FREAK)","Check the used TLS protocols of the services provided by this
system.
Details:
SSL/TLS: Deprecated TLSv1.0 and TLSv1.1 Protocol Detection
(OID: 1.3.6.1.4.1.25623.1.0.117274)
Version used: 2024-06-14T13:05:48+08:00
","Product: cpe:/a:ietf:transport_layer_security:1.0
Method: SSL/TLS: Version Detection
(OID: 1.3.6.1.4.1.25623.1.0.105782)
","","DFN-CERT-2020-0177,DFN-CERT-2020-0111,DFN-CERT-2019-0068,DFN-CERT-2018-1441,DFN-CERT-2018-1408,DFN-CERT-2016-1372,DFN-CERT-2016-1164,DFN-CERT-2016-0388,DFN-CERT-2015-1853,DFN-CERT-2015-1332,DFN-CERT-2015-0884,DFN-CERT-2015-0800,DFN-CERT-2015-0758,DFN-CERT-2015-0567,DFN-CERT-2015-0544,DFN-CERT-2015-0530,DFN-CERT-2015-0396,DFN-CERT-2015-0375,DFN-CERT-2015-0374,DFN-CERT-2015-0305,DFN-CERT-2015-0199,DFN-CERT-2015-0079,DFN-CERT-2015-0021,DFN-CERT-2014-1414,DFN-CERT-2013-1847,DFN-CERT-2013-1792,DFN-CERT-2012-1979,DFN-CERT-2012-1829,DFN-CERT-2012-1530,DFN-CERT-2012-1380,DFN-CERT-2012-1377,DFN-CERT-2012-1292,DFN-CERT-2012-1214,DFN-CERT-2012-1213,DFN-CERT-2012-1180,DFN-CERT-2012-1156,DFN-CERT-2012-1155,DFN-CERT-2012-1039,DFN-CERT-2012-0956,DFN-CERT-2012-0908,DFN-CERT-2012-0868,DFN-CERT-2012-0867,DFN-CERT-2012-0848,DFN-CERT-2012-0838,DFN-CERT-2012-0776,DFN-CERT-2012-0722,DFN-CERT-2012-0638,DFN-CERT-2012-0627,DFN-CERT-2012-0451,DFN-CERT-2012-0418,DFN-CERT-2012-0354,DFN-CERT-2012-0234,DFN-CERT-2012-0221,DFN-CERT-2012-0177,DFN-CERT-2012-0170,DFN-CERT-2012-0146,DFN-CERT-2012-0142,DFN-CERT-2012-0126,DFN-CERT-2012-0123,DFN-CERT-2012-0095,DFN-CERT-2012-0051,DFN-CERT-2012-0047,DFN-CERT-2012-0021,DFN-CERT-2011-1953,DFN-CERT-2011-1946,DFN-CERT-2011-1844,DFN-CERT-2011-1826,DFN-CERT-2011-1774,DFN-CERT-2011-1743,DFN-CERT-2011-1738,DFN-CERT-2011-1706,DFN-CERT-2011-1628,DFN-CERT-2011-1627,DFN-CERT-2011-1619,DFN-CERT-2011-1482,WID-SEC-2023-1435,CB-K18/0799,CB-K16/1289,CB-K16/1096,CB-K15/1751,CB-K15/1266,CB-K15/0850,CB-K15/0764,CB-K15/0720,CB-K15/0548,CB-K15/0526,CB-K15/0509,CB-K15/0493,CB-K15/0384,CB-K15/0365,CB-K15/0364,CB-K15/0302,CB-K15/0192,CB-K15/0079,CB-K15/0016,CB-K14/1342,CB-K14/0231,CB-K13/0845,CB-K13/0796,CB-K13/0790",""
192.168.0.122,wca60103.tahoho.com.tw,3389,tcp,4.3,Medium,98,"Mitigation","SSL/TLS: Deprecated TLSv1.0 and TLSv1.1 Protocol Detection","It was possible to detect the usage of the deprecated TLSv1.0
and/or TLSv1.1 protocol on this system.","In addition to TLSv1.2+ the service is also providing the deprecated TLSv1.0 and TLSv1.1 protocols and supports one or more ciphers. Those supported ciphers can be found in the 'SSL/TLS: Report Supported Cipher Suites' (OID: 1.3.6.1.4.1.25623.1.0.802067) VT.
",1.3.6.1.4.1.25623.1.0.117274,"CVE-2011-3389,CVE-2015-0204",deea649d-88ab-4215-b42e-d8fd7e751c64,"0.0-5-1",2024-06-24T12:02:46+08:00,37e0fae8-debb-406c-8233-dd9dfa63f5a5,"An attacker might be able to use the known cryptographic flaws
to eavesdrop the connection between clients and the service to get access to sensitive data
transferred within the secured connection.

Furthermore newly uncovered vulnerabilities in this protocols won't receive security updates
anymore.","It is recommended to disable the deprecated TLSv1.0 and/or
TLSv1.1 protocols in favor of the TLSv1.2+ protocols. Please see the references for more
information.","All services providing an encrypted communication using the
TLSv1.0 and/or TLSv1.1 protocols.","The TLSv1.0 and TLSv1.1 protocols contain known cryptographic
flaws like:

- CVE-2011-3389: Browser Exploit Against SSL/TLS (BEAST)

- CVE-2015-0204: Factoring Attack on RSA-EXPORT Keys Padding Oracle On Downgraded Legacy
Encryption (FREAK)","Check the used TLS protocols of the services provided by this
system.
Details:
SSL/TLS: Deprecated TLSv1.0 and TLSv1.1 Protocol Detection
(OID: 1.3.6.1.4.1.25623.1.0.117274)
Version used: 2024-06-14T13:05:48+08:00
","Product: cpe:/a:ietf:transport_layer_security:1.0
Method: SSL/TLS: Version Detection
(OID: 1.3.6.1.4.1.25623.1.0.105782)
","","DFN-CERT-2020-0177,DFN-CERT-2020-0111,DFN-CERT-2019-0068,DFN-CERT-2018-1441,DFN-CERT-2018-1408,DFN-CERT-2016-1372,DFN-CERT-2016-1164,DFN-CERT-2016-0388,DFN-CERT-2015-1853,DFN-CERT-2015-1332,DFN-CERT-2015-0884,DFN-CERT-2015-0800,DFN-CERT-2015-0758,DFN-CERT-2015-0567,DFN-CERT-2015-0544,DFN-CERT-2015-0530,DFN-CERT-2015-0396,DFN-CERT-2015-0375,DFN-CERT-2015-0374,DFN-CERT-2015-0305,DFN-CERT-2015-0199,DFN-CERT-2015-0079,DFN-CERT-2015-0021,DFN-CERT-2014-1414,DFN-CERT-2013-1847,DFN-CERT-2013-1792,DFN-CERT-2012-1979,DFN-CERT-2012-1829,DFN-CERT-2012-1530,DFN-CERT-2012-1380,DFN-CERT-2012-1377,DFN-CERT-2012-1292,DFN-CERT-2012-1214,DFN-CERT-2012-1213,DFN-CERT-2012-1180,DFN-CERT-2012-1156,DFN-CERT-2012-1155,DFN-CERT-2012-1039,DFN-CERT-2012-0956,DFN-CERT-2012-0908,DFN-CERT-2012-0868,DFN-CERT-2012-0867,DFN-CERT-2012-0848,DFN-CERT-2012-0838,DFN-CERT-2012-0776,DFN-CERT-2012-0722,DFN-CERT-2012-0638,DFN-CERT-2012-0627,DFN-CERT-2012-0451,DFN-CERT-2012-0418,DFN-CERT-2012-0354,DFN-CERT-2012-0234,DFN-CERT-2012-0221,DFN-CERT-2012-0177,DFN-CERT-2012-0170,DFN-CERT-2012-0146,DFN-CERT-2012-0142,DFN-CERT-2012-0126,DFN-CERT-2012-0123,DFN-CERT-2012-0095,DFN-CERT-2012-0051,DFN-CERT-2012-0047,DFN-CERT-2012-0021,DFN-CERT-2011-1953,DFN-CERT-2011-1946,DFN-CERT-2011-1844,DFN-CERT-2011-1826,DFN-CERT-2011-1774,DFN-CERT-2011-1743,DFN-CERT-2011-1738,DFN-CERT-2011-1706,DFN-CERT-2011-1628,DFN-CERT-2011-1627,DFN-CERT-2011-1619,DFN-CERT-2011-1482,WID-SEC-2023-1435,CB-K18/0799,CB-K16/1289,CB-K16/1096,CB-K15/1751,CB-K15/1266,CB-K15/0850,CB-K15/0764,CB-K15/0720,CB-K15/0548,CB-K15/0526,CB-K15/0509,CB-K15/0493,CB-K15/0384,CB-K15/0365,CB-K15/0364,CB-K15/0302,CB-K15/0192,CB-K15/0079,CB-K15/0016,CB-K14/1342,CB-K14/0231,CB-K13/0845,CB-K13/0796,CB-K13/0790",""
192.168.0.103,,,,2.6,Low,80,"Mitigation","TCP Timestamps Information Disclosure","The remote host implements TCP timestamps and therefore allows
to compute the uptime.","It was detected that the host implements RFC1323/RFC7323.

The following timestamps were retrieved with a delay of 1 seconds in-between:
Packet 1: 775992953
Packet 2: 775993076
",1.3.6.1.4.1.25623.1.0.80091,"",deea649d-88ab-4215-b42e-d8fd7e751c64,"0.0-5-1",2024-06-24T12:02:46+08:00,6fc9231d-f7a0-4487-8664-2e05c751226b,"A side effect of this feature is that the uptime of the remote
host can sometimes be computed.","To disable TCP timestamps on linux add the line
'net.ipv4.tcp_timestamps = 0' to /etc/sysctl.conf. Execute 'sysctl -p' to apply the settings at
runtime.

To disable TCP timestamps on Windows execute 'netsh int tcp set global timestamps=disabled'

Starting with Windows Server 2008 and Vista, the timestamp can not be completely disabled.

The default behavior of the TCP/IP stack on this Systems is to not use the Timestamp options when
initiating TCP connections, but use them if the TCP peer that is initiating communication includes
them in their synchronize (SYN) segment.

See the references for more information.","TCP implementations that implement RFC1323/RFC7323.","The remote host implements TCP timestamps, as defined by
RFC1323/RFC7323.","Special IP packets are forged and sent with a little delay in
between to the target IP. The responses are searched for a timestamps. If found, the timestamps
are reported.
Details:
TCP Timestamps Information Disclosure
(OID: 1.3.6.1.4.1.25623.1.0.80091)
Version used: 2023-12-16T00:10:08+08:00
","","","",""
192.168.0.105,,,,2.6,Low,80,"Mitigation","TCP Timestamps Information Disclosure","The remote host implements TCP timestamps and therefore allows
to compute the uptime.","It was detected that the host implements RFC1323/RFC7323.

The following timestamps were retrieved with a delay of 1 seconds in-between:
Packet 1: 776007458
Packet 2: 776007575
",1.3.6.1.4.1.25623.1.0.80091,"",deea649d-88ab-4215-b42e-d8fd7e751c64,"0.0-5-1",2024-06-24T12:02:46+08:00,5cc573b9-8e4f-4b90-a916-a68ddbcda0a9,"A side effect of this feature is that the uptime of the remote
host can sometimes be computed.","To disable TCP timestamps on linux add the line
'net.ipv4.tcp_timestamps = 0' to /etc/sysctl.conf. Execute 'sysctl -p' to apply the settings at
runtime.

To disable TCP timestamps on Windows execute 'netsh int tcp set global timestamps=disabled'

Starting with Windows Server 2008 and Vista, the timestamp can not be completely disabled.

The default behavior of the TCP/IP stack on this Systems is to not use the Timestamp options when
initiating TCP connections, but use them if the TCP peer that is initiating communication includes
them in their synchronize (SYN) segment.

See the references for more information.","TCP implementations that implement RFC1323/RFC7323.","The remote host implements TCP timestamps, as defined by
RFC1323/RFC7323.","Special IP packets are forged and sent with a little delay in
between to the target IP. The responses are searched for a timestamps. If found, the timestamps
are reported.
Details:
TCP Timestamps Information Disclosure
(OID: 1.3.6.1.4.1.25623.1.0.80091)
Version used: 2023-12-16T00:10:08+08:00
","","","",""
192.168.0.5,,,,2.6,Low,80,"Mitigation","TCP Timestamps Information Disclosure","The remote host implements TCP timestamps and therefore allows
to compute the uptime.","It was detected that the host implements RFC1323/RFC7323.

The following timestamps were retrieved with a delay of 1 seconds in-between:
Packet 1: 1279988101
Packet 2: 1279989303
",1.3.6.1.4.1.25623.1.0.80091,"",deea649d-88ab-4215-b42e-d8fd7e751c64,"0.0-5-1",2024-06-24T12:02:46+08:00,b1b43f78-0380-4753-ac12-ac6589257626,"A side effect of this feature is that the uptime of the remote
host can sometimes be computed.","To disable TCP timestamps on linux add the line
'net.ipv4.tcp_timestamps = 0' to /etc/sysctl.conf. Execute 'sysctl -p' to apply the settings at
runtime.

To disable TCP timestamps on Windows execute 'netsh int tcp set global timestamps=disabled'

Starting with Windows Server 2008 and Vista, the timestamp can not be completely disabled.

The default behavior of the TCP/IP stack on this Systems is to not use the Timestamp options when
initiating TCP connections, but use them if the TCP peer that is initiating communication includes
them in their synchronize (SYN) segment.

See the references for more information.","TCP implementations that implement RFC1323/RFC7323.","The remote host implements TCP timestamps, as defined by
RFC1323/RFC7323.","Special IP packets are forged and sent with a little delay in
between to the target IP. The responses are searched for a timestamps. If found, the timestamps
are reported.
Details:
TCP Timestamps Information Disclosure
(OID: 1.3.6.1.4.1.25623.1.0.80091)
Version used: 2023-12-16T00:10:08+08:00
","","","",""
192.168.0.231,,,,2.6,Low,80,"Mitigation","TCP Timestamps Information Disclosure","The remote host implements TCP timestamps and therefore allows
to compute the uptime.","It was detected that the host implements RFC1323/RFC7323.

The following timestamps were retrieved with a delay of 1 seconds in-between:
Packet 1: 775994056
Packet 2: 775994173
",1.3.6.1.4.1.25623.1.0.80091,"",deea649d-88ab-4215-b42e-d8fd7e751c64,"0.0-5-1",2024-06-24T12:02:46+08:00,7df29d26-8919-4f29-af10-c9a6aa5ddc71,"A side effect of this feature is that the uptime of the remote
host can sometimes be computed.","To disable TCP timestamps on linux add the line
'net.ipv4.tcp_timestamps = 0' to /etc/sysctl.conf. Execute 'sysctl -p' to apply the settings at
runtime.

To disable TCP timestamps on Windows execute 'netsh int tcp set global timestamps=disabled'

Starting with Windows Server 2008 and Vista, the timestamp can not be completely disabled.

The default behavior of the TCP/IP stack on this Systems is to not use the Timestamp options when
initiating TCP connections, but use them if the TCP peer that is initiating communication includes
them in their synchronize (SYN) segment.

See the references for more information.","TCP implementations that implement RFC1323/RFC7323.","The remote host implements TCP timestamps, as defined by
RFC1323/RFC7323.","Special IP packets are forged and sent with a little delay in
between to the target IP. The responses are searched for a timestamps. If found, the timestamps
are reported.
Details:
TCP Timestamps Information Disclosure
(OID: 1.3.6.1.4.1.25623.1.0.80091)
Version used: 2023-12-16T00:10:08+08:00
","","","",""
192.168.0.102,,,,2.6,Low,80,"Mitigation","TCP Timestamps Information Disclosure","The remote host implements TCP timestamps and therefore allows
to compute the uptime.","It was detected that the host implements RFC1323/RFC7323.

The following timestamps were retrieved with a delay of 1 seconds in-between:
Packet 1: 776001490
Packet 2: 776001612
",1.3.6.1.4.1.25623.1.0.80091,"",deea649d-88ab-4215-b42e-d8fd7e751c64,"0.0-5-1",2024-06-24T12:02:46+08:00,bcea2264-e72b-4ef7-812c-5499a722a308,"A side effect of this feature is that the uptime of the remote
host can sometimes be computed.","To disable TCP timestamps on linux add the line
'net.ipv4.tcp_timestamps = 0' to /etc/sysctl.conf. Execute 'sysctl -p' to apply the settings at
runtime.

To disable TCP timestamps on Windows execute 'netsh int tcp set global timestamps=disabled'

Starting with Windows Server 2008 and Vista, the timestamp can not be completely disabled.

The default behavior of the TCP/IP stack on this Systems is to not use the Timestamp options when
initiating TCP connections, but use them if the TCP peer that is initiating communication includes
them in their synchronize (SYN) segment.

See the references for more information.","TCP implementations that implement RFC1323/RFC7323.","The remote host implements TCP timestamps, as defined by
RFC1323/RFC7323.","Special IP packets are forged and sent with a little delay in
between to the target IP. The responses are searched for a timestamps. If found, the timestamps
are reported.
Details:
TCP Timestamps Information Disclosure
(OID: 1.3.6.1.4.1.25623.1.0.80091)
Version used: 2023-12-16T00:10:08+08:00
","","","",""
192.168.0.254,,,,2.6,Low,80,"Mitigation","TCP Timestamps Information Disclosure","The remote host implements TCP timestamps and therefore allows
to compute the uptime.","It was detected that the host implements RFC1323/RFC7323.

The following timestamps were retrieved with a delay of 1 seconds in-between:
Packet 1: 775998186
Packet 2: 775998305
",1.3.6.1.4.1.25623.1.0.80091,"",deea649d-88ab-4215-b42e-d8fd7e751c64,"0.0-5-1",2024-06-24T12:02:46+08:00,0cde6eee-28c2-4b36-8685-bc597762aa23,"A side effect of this feature is that the uptime of the remote
host can sometimes be computed.","To disable TCP timestamps on linux add the line
'net.ipv4.tcp_timestamps = 0' to /etc/sysctl.conf. Execute 'sysctl -p' to apply the settings at
runtime.

To disable TCP timestamps on Windows execute 'netsh int tcp set global timestamps=disabled'

Starting with Windows Server 2008 and Vista, the timestamp can not be completely disabled.

The default behavior of the TCP/IP stack on this Systems is to not use the Timestamp options when
initiating TCP connections, but use them if the TCP peer that is initiating communication includes
them in their synchronize (SYN) segment.

See the references for more information.","TCP implementations that implement RFC1323/RFC7323.","The remote host implements TCP timestamps, as defined by
RFC1323/RFC7323.","Special IP packets are forged and sent with a little delay in
between to the target IP. The responses are searched for a timestamps. If found, the timestamps
are reported.
Details:
TCP Timestamps Information Disclosure
(OID: 1.3.6.1.4.1.25623.1.0.80091)
Version used: 2023-12-16T00:10:08+08:00
","","","",""
192.168.0.113,,,,2.6,Low,80,"Mitigation","TCP Timestamps Information Disclosure","The remote host implements TCP timestamps and therefore allows
to compute the uptime.","It was detected that the host implements RFC1323/RFC7323.

The following timestamps were retrieved with a delay of 1 seconds in-between:
Packet 1: 775995210
Packet 2: 775995330
",1.3.6.1.4.1.25623.1.0.80091,"",deea649d-88ab-4215-b42e-d8fd7e751c64,"0.0-5-1",2024-06-24T12:02:46+08:00,9153ec98-2378-4919-8802-b976918f73fd,"A side effect of this feature is that the uptime of the remote
host can sometimes be computed.","To disable TCP timestamps on linux add the line
'net.ipv4.tcp_timestamps = 0' to /etc/sysctl.conf. Execute 'sysctl -p' to apply the settings at
runtime.

To disable TCP timestamps on Windows execute 'netsh int tcp set global timestamps=disabled'

Starting with Windows Server 2008 and Vista, the timestamp can not be completely disabled.

The default behavior of the TCP/IP stack on this Systems is to not use the Timestamp options when
initiating TCP connections, but use them if the TCP peer that is initiating communication includes
them in their synchronize (SYN) segment.

See the references for more information.","TCP implementations that implement RFC1323/RFC7323.","The remote host implements TCP timestamps, as defined by
RFC1323/RFC7323.","Special IP packets are forged and sent with a little delay in
between to the target IP. The responses are searched for a timestamps. If found, the timestamps
are reported.
Details:
TCP Timestamps Information Disclosure
(OID: 1.3.6.1.4.1.25623.1.0.80091)
Version used: 2023-12-16T00:10:08+08:00
","","","",""
192.168.0.251,,,,2.6,Low,80,"Mitigation","TCP Timestamps Information Disclosure","The remote host implements TCP timestamps and therefore allows
to compute the uptime.","It was detected that the host implements RFC1323/RFC7323.

The following timestamps were retrieved with a delay of 1 seconds in-between:
Packet 1: 776017435
Packet 2: 776017553
",1.3.6.1.4.1.25623.1.0.80091,"",deea649d-88ab-4215-b42e-d8fd7e751c64,"0.0-5-1",2024-06-24T12:02:46+08:00,d198d08d-429f-4c1b-a572-2adcc2bf3aba,"A side effect of this feature is that the uptime of the remote
host can sometimes be computed.","To disable TCP timestamps on linux add the line
'net.ipv4.tcp_timestamps = 0' to /etc/sysctl.conf. Execute 'sysctl -p' to apply the settings at
runtime.

To disable TCP timestamps on Windows execute 'netsh int tcp set global timestamps=disabled'

Starting with Windows Server 2008 and Vista, the timestamp can not be completely disabled.

The default behavior of the TCP/IP stack on this Systems is to not use the Timestamp options when
initiating TCP connections, but use them if the TCP peer that is initiating communication includes
them in their synchronize (SYN) segment.

See the references for more information.","TCP implementations that implement RFC1323/RFC7323.","The remote host implements TCP timestamps, as defined by
RFC1323/RFC7323.","Special IP packets are forged and sent with a little delay in
between to the target IP. The responses are searched for a timestamps. If found, the timestamps
are reported.
Details:
TCP Timestamps Information Disclosure
(OID: 1.3.6.1.4.1.25623.1.0.80091)
Version used: 2023-12-16T00:10:08+08:00
","","","",""
192.168.0.30,,,,2.6,Low,80,"Mitigation","TCP Timestamps Information Disclosure","The remote host implements TCP timestamps and therefore allows
to compute the uptime.","It was detected that the host implements RFC1323/RFC7323.

The following timestamps were retrieved with a delay of 1 seconds in-between:
Packet 1: 776010929
Packet 2: 776011049
",1.3.6.1.4.1.25623.1.0.80091,"",deea649d-88ab-4215-b42e-d8fd7e751c64,"0.0-5-1",2024-06-24T12:02:46+08:00,5d978aad-4727-47d6-a08d-0263dd623b7c,"A side effect of this feature is that the uptime of the remote
host can sometimes be computed.","To disable TCP timestamps on linux add the line
'net.ipv4.tcp_timestamps = 0' to /etc/sysctl.conf. Execute 'sysctl -p' to apply the settings at
runtime.

To disable TCP timestamps on Windows execute 'netsh int tcp set global timestamps=disabled'

Starting with Windows Server 2008 and Vista, the timestamp can not be completely disabled.

The default behavior of the TCP/IP stack on this Systems is to not use the Timestamp options when
initiating TCP connections, but use them if the TCP peer that is initiating communication includes
them in their synchronize (SYN) segment.

See the references for more information.","TCP implementations that implement RFC1323/RFC7323.","The remote host implements TCP timestamps, as defined by
RFC1323/RFC7323.","Special IP packets are forged and sent with a little delay in
between to the target IP. The responses are searched for a timestamps. If found, the timestamps
are reported.
Details:
TCP Timestamps Information Disclosure
(OID: 1.3.6.1.4.1.25623.1.0.80091)
Version used: 2023-12-16T00:10:08+08:00
","","","",""
192.168.0.111,,,,2.6,Low,80,"Mitigation","TCP Timestamps Information Disclosure","The remote host implements TCP timestamps and therefore allows
to compute the uptime.","It was detected that the host implements RFC1323/RFC7323.

The following timestamps were retrieved with a delay of 1 seconds in-between:
Packet 1: 776494017
Packet 2: 776494133
",1.3.6.1.4.1.25623.1.0.80091,"",deea649d-88ab-4215-b42e-d8fd7e751c64,"0.0-5-1",2024-06-24T13:23:15+08:00,72234b38-3655-4317-99b2-13af5f1dca3e,"A side effect of this feature is that the uptime of the remote
host can sometimes be computed.","To disable TCP timestamps on linux add the line
'net.ipv4.tcp_timestamps = 0' to /etc/sysctl.conf. Execute 'sysctl -p' to apply the settings at
runtime.

To disable TCP timestamps on Windows execute 'netsh int tcp set global timestamps=disabled'

Starting with Windows Server 2008 and Vista, the timestamp can not be completely disabled.

The default behavior of the TCP/IP stack on this Systems is to not use the Timestamp options when
initiating TCP connections, but use them if the TCP peer that is initiating communication includes
them in their synchronize (SYN) segment.

See the references for more information.","TCP implementations that implement RFC1323/RFC7323.","The remote host implements TCP timestamps, as defined by
RFC1323/RFC7323.","Special IP packets are forged and sent with a little delay in
between to the target IP. The responses are searched for a timestamps. If found, the timestamps
are reported.
Details:
TCP Timestamps Information Disclosure
(OID: 1.3.6.1.4.1.25623.1.0.80091)
Version used: 2023-12-16T00:10:08+08:00
","","","",""
192.168.0.106,,,,2.6,Low,80,"Mitigation","TCP Timestamps Information Disclosure","The remote host implements TCP timestamps and therefore allows
to compute the uptime.","It was detected that the host implements RFC1323/RFC7323.

The following timestamps were retrieved with a delay of 1 seconds in-between:
Packet 1: 776489682
Packet 2: 776489797
",1.3.6.1.4.1.25623.1.0.80091,"",deea649d-88ab-4215-b42e-d8fd7e751c64,"0.0-5-1",2024-06-24T13:22:07+08:00,a715aad6-d0e7-4afe-8644-e2789dacb53b,"A side effect of this feature is that the uptime of the remote
host can sometimes be computed.","To disable TCP timestamps on linux add the line
'net.ipv4.tcp_timestamps = 0' to /etc/sysctl.conf. Execute 'sysctl -p' to apply the settings at
runtime.

To disable TCP timestamps on Windows execute 'netsh int tcp set global timestamps=disabled'

Starting with Windows Server 2008 and Vista, the timestamp can not be completely disabled.

The default behavior of the TCP/IP stack on this Systems is to not use the Timestamp options when
initiating TCP connections, but use them if the TCP peer that is initiating communication includes
them in their synchronize (SYN) segment.

See the references for more information.","TCP implementations that implement RFC1323/RFC7323.","The remote host implements TCP timestamps, as defined by
RFC1323/RFC7323.","Special IP packets are forged and sent with a little delay in
between to the target IP. The responses are searched for a timestamps. If found, the timestamps
are reported.
Details:
TCP Timestamps Information Disclosure
(OID: 1.3.6.1.4.1.25623.1.0.80091)
Version used: 2023-12-16T00:10:08+08:00
","","","",""
192.168.0.101,,,,2.6,Low,80,"Mitigation","TCP Timestamps Information Disclosure","The remote host implements TCP timestamps and therefore allows
to compute the uptime.","It was detected that the host implements RFC1323/RFC7323.

The following timestamps were retrieved with a delay of 1 seconds in-between:
Packet 1: 776007565
Packet 2: 776007682
",1.3.6.1.4.1.25623.1.0.80091,"",deea649d-88ab-4215-b42e-d8fd7e751c64,"0.0-5-1",2024-06-24T12:02:46+08:00,525e6990-8c1a-4cb1-96cf-031f77d8ddfe,"A side effect of this feature is that the uptime of the remote
host can sometimes be computed.","To disable TCP timestamps on linux add the line
'net.ipv4.tcp_timestamps = 0' to /etc/sysctl.conf. Execute 'sysctl -p' to apply the settings at
runtime.

To disable TCP timestamps on Windows execute 'netsh int tcp set global timestamps=disabled'

Starting with Windows Server 2008 and Vista, the timestamp can not be completely disabled.

The default behavior of the TCP/IP stack on this Systems is to not use the Timestamp options when
initiating TCP connections, but use them if the TCP peer that is initiating communication includes
them in their synchronize (SYN) segment.

See the references for more information.","TCP implementations that implement RFC1323/RFC7323.","The remote host implements TCP timestamps, as defined by
RFC1323/RFC7323.","Special IP packets are forged and sent with a little delay in
between to the target IP. The responses are searched for a timestamps. If found, the timestamps
are reported.
Details:
TCP Timestamps Information Disclosure
(OID: 1.3.6.1.4.1.25623.1.0.80091)
Version used: 2023-12-16T00:10:08+08:00
","","","",""
192.168.0.106,,,,2.1,Low,80,"Mitigation","ICMP Timestamp Reply Information Disclosure","The remote host responded to an ICMP timestamp request.","The following response / ICMP packet has been received:
- ICMP Type: 14
- ICMP Code: 0
",1.3.6.1.4.1.25623.1.0.103190,"CVE-1999-0524",deea649d-88ab-4215-b42e-d8fd7e751c64,"0.0-5-1",2024-06-24T13:22:07+08:00,2b3f8e70-cc51-470e-811e-d1356a579fca,"This information could theoretically be used to exploit weak
time-based random number generators in other services.","Various mitigations are possible:

- Disable the support for ICMP timestamp on the remote host completely

- Protect the remote host by a firewall, and block ICMP packets passing through the firewall in
either direction (either completely or only for untrusted networks)","","The Timestamp Reply is an ICMP message which replies to a
Timestamp message. It consists of the originating timestamp sent by the sender of the Timestamp as
well as a receive timestamp and a transmit timestamp.","Sends an ICMP Timestamp (Type 13) request and checks if a
Timestamp Reply (Type 14) is received.
Details:
ICMP Timestamp Reply Information Disclosure
(OID: 1.3.6.1.4.1.25623.1.0.103190)
Version used: 2023-05-11T17:09:33+08:00
","","","DFN-CERT-2014-0658,CB-K15/1514,CB-K14/0632",""
192.168.0.231,,,,2.1,Low,80,"Mitigation","ICMP Timestamp Reply Information Disclosure","The remote host responded to an ICMP timestamp request.","The following response / ICMP packet has been received:
- ICMP Type: 14
- ICMP Code: 0
",1.3.6.1.4.1.25623.1.0.103190,"CVE-1999-0524",deea649d-88ab-4215-b42e-d8fd7e751c64,"0.0-5-1",2024-06-24T12:02:46+08:00,884742cb-f351-4b21-be02-b52d1e906b37,"This information could theoretically be used to exploit weak
time-based random number generators in other services.","Various mitigations are possible:

- Disable the support for ICMP timestamp on the remote host completely

- Protect the remote host by a firewall, and block ICMP packets passing through the firewall in
either direction (either completely or only for untrusted networks)","","The Timestamp Reply is an ICMP message which replies to a
Timestamp message. It consists of the originating timestamp sent by the sender of the Timestamp as
well as a receive timestamp and a transmit timestamp.","Sends an ICMP Timestamp (Type 13) request and checks if a
Timestamp Reply (Type 14) is received.
Details:
ICMP Timestamp Reply Information Disclosure
(OID: 1.3.6.1.4.1.25623.1.0.103190)
Version used: 2023-05-11T17:09:33+08:00
","","","DFN-CERT-2014-0658,CB-K15/1514,CB-K14/0632",""
192.168.0.254,,,,2.1,Low,80,"Mitigation","ICMP Timestamp Reply Information Disclosure","The remote host responded to an ICMP timestamp request.","The following response / ICMP packet has been received:
- ICMP Type: 14
- ICMP Code: 0
",1.3.6.1.4.1.25623.1.0.103190,"CVE-1999-0524",deea649d-88ab-4215-b42e-d8fd7e751c64,"0.0-5-1",2024-06-24T12:02:46+08:00,bf32c606-4a45-4ca8-b577-432f61f925df,"This information could theoretically be used to exploit weak
time-based random number generators in other services.","Various mitigations are possible:

- Disable the support for ICMP timestamp on the remote host completely

- Protect the remote host by a firewall, and block ICMP packets passing through the firewall in
either direction (either completely or only for untrusted networks)","","The Timestamp Reply is an ICMP message which replies to a
Timestamp message. It consists of the originating timestamp sent by the sender of the Timestamp as
well as a receive timestamp and a transmit timestamp.","Sends an ICMP Timestamp (Type 13) request and checks if a
Timestamp Reply (Type 14) is received.
Details:
ICMP Timestamp Reply Information Disclosure
(OID: 1.3.6.1.4.1.25623.1.0.103190)
Version used: 2023-05-11T17:09:33+08:00
","","","DFN-CERT-2014-0658,CB-K15/1514,CB-K14/0632",""
192.168.0.102,,,,2.1,Low,80,"Mitigation","ICMP Timestamp Reply Information Disclosure","The remote host responded to an ICMP timestamp request.","The following response / ICMP packet has been received:
- ICMP Type: 14
- ICMP Code: 0
",1.3.6.1.4.1.25623.1.0.103190,"CVE-1999-0524",deea649d-88ab-4215-b42e-d8fd7e751c64,"0.0-5-1",2024-06-24T12:02:46+08:00,5444cfb2-ae45-4598-98f1-23b206017a36,"This information could theoretically be used to exploit weak
time-based random number generators in other services.","Various mitigations are possible:

- Disable the support for ICMP timestamp on the remote host completely

- Protect the remote host by a firewall, and block ICMP packets passing through the firewall in
either direction (either completely or only for untrusted networks)","","The Timestamp Reply is an ICMP message which replies to a
Timestamp message. It consists of the originating timestamp sent by the sender of the Timestamp as
well as a receive timestamp and a transmit timestamp.","Sends an ICMP Timestamp (Type 13) request and checks if a
Timestamp Reply (Type 14) is received.
Details:
ICMP Timestamp Reply Information Disclosure
(OID: 1.3.6.1.4.1.25623.1.0.103190)
Version used: 2023-05-11T17:09:33+08:00
","","","DFN-CERT-2014-0658,CB-K15/1514,CB-K14/0632",""
192.168.0.5,,,,2.1,Low,80,"Mitigation","ICMP Timestamp Reply Information Disclosure","The remote host responded to an ICMP timestamp request.","The following response / ICMP packet has been received:
- ICMP Type: 14
- ICMP Code: 0
",1.3.6.1.4.1.25623.1.0.103190,"CVE-1999-0524",deea649d-88ab-4215-b42e-d8fd7e751c64,"0.0-5-1",2024-06-24T12:02:46+08:00,aff5e5d1-2366-4789-9819-f26abe9421ff,"This information could theoretically be used to exploit weak
time-based random number generators in other services.","Various mitigations are possible:

- Disable the support for ICMP timestamp on the remote host completely

- Protect the remote host by a firewall, and block ICMP packets passing through the firewall in
either direction (either completely or only for untrusted networks)","","The Timestamp Reply is an ICMP message which replies to a
Timestamp message. It consists of the originating timestamp sent by the sender of the Timestamp as
well as a receive timestamp and a transmit timestamp.","Sends an ICMP Timestamp (Type 13) request and checks if a
Timestamp Reply (Type 14) is received.
Details:
ICMP Timestamp Reply Information Disclosure
(OID: 1.3.6.1.4.1.25623.1.0.103190)
Version used: 2023-05-11T17:09:33+08:00
","","","DFN-CERT-2014-0658,CB-K15/1514,CB-K14/0632",""
192.168.0.166,,,,2.1,Low,80,"Mitigation","ICMP Timestamp Reply Information Disclosure","The remote host responded to an ICMP timestamp request.","The following response / ICMP packet has been received:
- ICMP Type: 14
- ICMP Code: 0
",1.3.6.1.4.1.25623.1.0.103190,"CVE-1999-0524",deea649d-88ab-4215-b42e-d8fd7e751c64,"0.0-5-1",2024-06-24T12:02:46+08:00,266cc269-c26f-4aa7-8c69-ebc4ff6f5ea2,"This information could theoretically be used to exploit weak
time-based random number generators in other services.","Various mitigations are possible:

- Disable the support for ICMP timestamp on the remote host completely

- Protect the remote host by a firewall, and block ICMP packets passing through the firewall in
either direction (either completely or only for untrusted networks)","","The Timestamp Reply is an ICMP message which replies to a
Timestamp message. It consists of the originating timestamp sent by the sender of the Timestamp as
well as a receive timestamp and a transmit timestamp.","Sends an ICMP Timestamp (Type 13) request and checks if a
Timestamp Reply (Type 14) is received.
Details:
ICMP Timestamp Reply Information Disclosure
(OID: 1.3.6.1.4.1.25623.1.0.103190)
Version used: 2023-05-11T17:09:33+08:00
","","","DFN-CERT-2014-0658,CB-K15/1514,CB-K14/0632",""
192.168.0.105,,,,2.1,Low,80,"Mitigation","ICMP Timestamp Reply Information Disclosure","The remote host responded to an ICMP timestamp request.","The following response / ICMP packet has been received:
- ICMP Type: 14
- ICMP Code: 0
",1.3.6.1.4.1.25623.1.0.103190,"CVE-1999-0524",deea649d-88ab-4215-b42e-d8fd7e751c64,"0.0-5-1",2024-06-24T12:02:46+08:00,7a002efc-41b3-4f31-975c-e9680c8e3650,"This information could theoretically be used to exploit weak
time-based random number generators in other services.","Various mitigations are possible:

- Disable the support for ICMP timestamp on the remote host completely

- Protect the remote host by a firewall, and block ICMP packets passing through the firewall in
either direction (either completely or only for untrusted networks)","","The Timestamp Reply is an ICMP message which replies to a
Timestamp message. It consists of the originating timestamp sent by the sender of the Timestamp as
well as a receive timestamp and a transmit timestamp.","Sends an ICMP Timestamp (Type 13) request and checks if a
Timestamp Reply (Type 14) is received.
Details:
ICMP Timestamp Reply Information Disclosure
(OID: 1.3.6.1.4.1.25623.1.0.103190)
Version used: 2023-05-11T17:09:33+08:00
","","","DFN-CERT-2014-0658,CB-K15/1514,CB-K14/0632",""
192.168.0.111,,,,2.1,Low,80,"Mitigation","ICMP Timestamp Reply Information Disclosure","The remote host responded to an ICMP timestamp request.","The following response / ICMP packet has been received:
- ICMP Type: 14
- ICMP Code: 0
",1.3.6.1.4.1.25623.1.0.103190,"CVE-1999-0524",deea649d-88ab-4215-b42e-d8fd7e751c64,"0.0-5-1",2024-06-24T13:23:15+08:00,25701d12-d40c-4435-a4aa-f23946656ba6,"This information could theoretically be used to exploit weak
time-based random number generators in other services.","Various mitigations are possible:

- Disable the support for ICMP timestamp on the remote host completely

- Protect the remote host by a firewall, and block ICMP packets passing through the firewall in
either direction (either completely or only for untrusted networks)","","The Timestamp Reply is an ICMP message which replies to a
Timestamp message. It consists of the originating timestamp sent by the sender of the Timestamp as
well as a receive timestamp and a transmit timestamp.","Sends an ICMP Timestamp (Type 13) request and checks if a
Timestamp Reply (Type 14) is received.
Details:
ICMP Timestamp Reply Information Disclosure
(OID: 1.3.6.1.4.1.25623.1.0.103190)
Version used: 2023-05-11T17:09:33+08:00
","","","DFN-CERT-2014-0658,CB-K15/1514,CB-K14/0632",""
192.168.0.103,,,,2.1,Low,80,"Mitigation","ICMP Timestamp Reply Information Disclosure","The remote host responded to an ICMP timestamp request.","The following response / ICMP packet has been received:
- ICMP Type: 14
- ICMP Code: 0
",1.3.6.1.4.1.25623.1.0.103190,"CVE-1999-0524",deea649d-88ab-4215-b42e-d8fd7e751c64,"0.0-5-1",2024-06-24T12:02:46+08:00,402ecb46-9801-4363-90b7-92879205cf90,"This information could theoretically be used to exploit weak
time-based random number generators in other services.","Various mitigations are possible:

- Disable the support for ICMP timestamp on the remote host completely

- Protect the remote host by a firewall, and block ICMP packets passing through the firewall in
either direction (either completely or only for untrusted networks)","","The Timestamp Reply is an ICMP message which replies to a
Timestamp message. It consists of the originating timestamp sent by the sender of the Timestamp as
well as a receive timestamp and a transmit timestamp.","Sends an ICMP Timestamp (Type 13) request and checks if a
Timestamp Reply (Type 14) is received.
Details:
ICMP Timestamp Reply Information Disclosure
(OID: 1.3.6.1.4.1.25623.1.0.103190)
Version used: 2023-05-11T17:09:33+08:00
","","","DFN-CERT-2014-0658,CB-K15/1514,CB-K14/0632",""
(2-2/2)