Information Security And Risk Management

Information Security And Risk Management

Lab 5 Nessus Vulnerability Scan Report

© 2015 by Jones & Bartlett Learning, LLC, an Ascend Learning Company. All rights reserved. www.jblearning.com

This handout is a printout of the results of a Nessus vulnerability scan. The scan was performed

on the mock IT infrastructure in the lab environment for the Jones & Bartlett Learning Managing

Risk in Information Systems course.

Source: Lab environment

Content Last Verified: 2014-7-25

List of hosts 172.16.20.1 Low Severity problem(s) found

172.17.20.1 High Severity problem(s) found

172.18.20.1 High Severity problem(s) found

172.19.20.1 Low Severity problem(s) found

172.20.20.1 High Severity problem(s) found

172.30.0.10 High Severity problem(s) found

172.30.0.66 High Severity problem(s) found

[^] Back

172.16.20.1 Scan Time

Start time : Thu Aug 05 11:34:38 2010

End time : Thu Aug 05 11:36:50 2010

Number of vulnerabilities

Open ports : 2

High : 0

Medium : 0

Low : 2

Remote host information

Operating System :

NetBIOS name :

DNS name :

[^] Back to 172.16.20.1

Port general (0/icmp) [-/+]

ICMP Timestamp Request Remote Date Disclosure

Synopsis: It is possible to determine the exact time set on the remote host.

Description: The remote host answers to an ICMP timestamp request. This allows an attacker to know the date which is set on your machine. This may help him to defeat all your time based authentication protocols. Risk factor: None Solution: Filter out the ICMP timestamp requests (13), and the outgoing ICMP timestamp replies (14). Plugin output: This host returns non-standard timestamps (high bit is set) Plugin ID: 10114

Page 1 of 76Nessus Scan Report

8/5/2010mhtml:file://C:Documents and SettingsacaballeroDesktopnessus_MockITScan.mht

CVE: CVE-1999-0524 Other references: OSVDB:94

Nessus Scan Information

Information about this scan : Nessus version : 4.2.2 (Build 9129) Plugin feed version : 201007191034

Type of plugin feed : HomeFeed (Non-commercial use only) Scanner IP : 172.30.0.67 Port scanner(s) : nessus_syn_scanner Port range : default Thorough tests : no Experimental tests : no Paranoia level : 1 Report Verbosity : 1 Safe checks : no Optimize the test : yes CGI scanning : disabled Web application tests : disabled Max hosts : 80 Max checks : 5 Recv timeout : 5 Backports : None Scan Start Date : 2010/8/5 11:34 Scan duration : 132 sec Plugin ID: 19506

[^] Back to 172.16.20.1

[^] Back

172.17.20.1 Scan Time

Start time : Thu Aug 05 11:34:38 2010

End time : Thu Aug 05 11:37:36 2010

Number of vulnerabilities

Open ports : 5

High : 1

Medium : 0

Low : 8

Remote host information

Operating System : KYOCERA Printer

NetBIOS name :

DNS name :

[^] Back to 172.17.20.1

Port general (0/icmp) [-/+]

ICMP Timestamp Request Remote Date Disclosure

Synopsis: It is possible to determine the exact time set on the remote host. Description: The remote host answers to an ICMP timestamp request. This allows an attacker to know the date which is set on your machine. This may help him to defeat all your time based authentication protocols. Risk factor: None Solution:

Page 2 of 76Nessus Scan Report

8/5/2010mhtml:file://C:Documents and SettingsacaballeroDesktopnessus_MockITScan.mht

Filter out the ICMP timestamp requests (13), and the outgoing ICMP timestamp replies (14). Plugin output: This host returns non-standard timestamps (high bit is set) Plugin ID: 10114

CVE: CVE-1999-0524 Other references: OSVDB:94

OS Identification

Remote operating system : KYOCERA Printer Confidence Level : 65 Method : SinFP Not all fingerprints could give a match – please email the following to os-signatures@nessus.org : NTP:!:UNIX SinFP: P1:B11013:F0x12:W4128:O0204ffff:M536: P2:B11013:F0x12:W4128:O0204ffff:M536: P3:B01023:F0x14:W5840:O0:M0 P4:4202_7_p=23R The remote host is running KYOCERA Printer Plugin ID: 11936

Nessus Scan Information

Information about this scan : Nessus version : 4.2.2 (Build 9129) Plugin feed version : 201007191034 Type of plugin feed : HomeFeed (Non-commercial use only) Scanner IP : 172.30.0.67 Port scanner(s) : nessus_syn_scanner Port range : default Thorough tests : no Experimental tests : no Paranoia level : 1 Report Verbosity : 1 Safe checks : no Optimize the test : yes CGI scanning : disabled Web application tests : disabled Max hosts : 80 Max checks : 5 Recv timeout : 5 Backports : None Scan Start Date : 2010/8/5 11:34 Scan duration : 178 sec Plugin ID: 19506

Traceroute Information

Synopsis: It was possible to obtain traceroute information. Description: Makes a traceroute to the remote host.

Risk factor: None Solution: n/a Plugin output: For your information, here is the traceroute from 172.30.0.67 to 172.17.20.1 : 172.30.0.67 172.20.20.1 172.20.0.2 172.17.20.1 Plugin ID: 10287

Port ntp (123/udp) [-/+]

Network Time Protocol (NTP) Server Detection

Page 3 of 76Nessus Scan Report

8/5/2010mhtml:file://C:Documents and SettingsacaballeroDesktopnessus_MockITScan.mht

Synopsis: An NTP server is listening on the remote host. Description: An NTP (Network Time Protocol) server is listening on this port. It provides information about the current date and time of the remote system and may provide system information. Risk factor: None Solution: n/a Plugin output: It was possible to gather the following information from the remote NTP host : version=’4′, processor=’unknown’, system=’UNIX’, leap=3, stratum=16, precision=-24, rootdelay=0.000, rootdispersion=44898.809, peer=0, refid=INIT, reftime=0x00000000.00000000, poll=6, clock=0xD00558E5.B0D6A347, state=1, offset=0.000, frequency=0.000, jitter=0.000, noise=0.000, stability=0.000 Plugin ID:

10884

Port telnet (23/tcp) [-/+]

Cisco Device Default Password

Synopsis: The remote device has a factory password set. Description: The remote CISCO router has a default password set. This allows an attacker to get a lot information about the network, and possibly to shut it down if the ‘enable’ password is not set either or is also a default password. Risk factor: Critical CVSS Base Score:10.0 CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C Solution: Access this device and set a password using ‘enable secret’ Plugin output: Plugin Output : It was possible to log in as ‘cisco’/’cisco’ Plugin ID: 23938 CVE: CVE-1999-0508

Service Detection

A telnet server is running on this port.

Page 4 of 76Nessus Scan Report

8/5/2010mhtml:file://C:Documents and SettingsacaballeroDesktopnessus_MockITScan.mht

Plugin ID: 22964

Unencrypted Telnet Server

Synopsis: The remote Telnet server transmits traffic in cleartext. Description:

The remote host is running a Telnet server over an unencrypted channel. Using Telnet over an unencrypted channel is not recommended as logins, passwords and commands are transferred in cleartext. An attacker may eavesdrop on a Telnet session and obtain credentials or other sensitive information. Use of SSH is prefered nowadays as it protects credentials from eavesdropping and can tunnel additional data streams such as the X11 session. Risk factor: Low CVSS Base Score:2.6 CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N Solution: Disable this service and use SSH instead. Plugin ID: 42263

Telnet Server Detection

Synopsis: A Telnet server is listening on the remote port. Description: The remote host is running a Telnet server, a remote terminal server. Risk factor: None Solution: Disable this service if you do not use it.

Plugin output: Here is the banner from the remote Telnet server : —————————— snip ————————— — User Access Verification Username: —————————— snip —————————— Plugin ID: 10281

[^] Back to 172.17.20.1

[^] Back

172.18.20.1 Scan Time

Start time : Thu Aug 05 11:34:38 2010

End time : Thu Aug 05 11:37:35 2010

Number of vulnerabilities

Page 5 of 76Nessus Scan Report

8/5/2010mhtml:file://C:Documents and SettingsacaballeroDesktopnessus_MockITScan.mht

Open ports : 5

High : 1

Medium : 0

Low : 8

Remote host information

Operating System : KYOCERA Printer

NetBIOS name :

DNS name :

[^] Back to 172.18.20.1

Port general (0/icmp) [-/+]

ICMP Timestamp Request Remote Date Disclosure

Synopsis: It is possible to determine the exact time set on the remote host. Description: The remote host answers to an ICMP timestamp request. This allows an attacker to know the date which is set on your machine. This may help him to defeat all your time based authentication protocols.

Risk factor: None Solution: Filter out the ICMP timestamp requests (13), and the outgoing ICMP timestamp replies (14). Plugin output: This host returns non-standard timestamps (high bit is set) Plugin ID: 10114 CVE: CVE-1999-0524 Other references: OSVDB:94

OS Identification

Remote operating system : KYOCERA Printer Confidence Level : 65 Method : SinFP Not all fingerprints could give a match – please email the following to os-signatures@nessus.org : NTP:!:UNIX SinFP: P1:B11013:F0x12:W4128:O0204ffff:M536: P2:B11013:F0x12:W4128:O0204ffff:M536: P3:B01023:F0x14:W5840:O0:M0 P4:4202_7_p=23R The remote host is running KYOCERA Printer Plugin ID: 11936

Nessus Scan Information

Information about this scan : Nessus version : 4.2.2 (Build 9129) Plugin feed version : 201007191034 Type of plugin feed : HomeFeed (Non-commercial use only) Scanner IP : 172.30.0.67 Port scanner(s) : nessus_syn_scanner Port range : default Thorough tests : no Experimental tests : no Paranoia level : 1 Report Verbosity : 1 Safe checks : no Optimize the test : yes CGI scanning : disabled Web application

tests : disabled Max hosts : 80 Max checks : 5 Recv timeout : 5 Backports : None Scan Start Date :

Page 6 of 76Nessus Scan Report

8/5/2010mhtml:file://C:Documents and SettingsacaballeroDesktopnessus_MockITScan.mht

2010/8/5 11:34 Scan duration : 177 sec Plugin ID: 19506

Traceroute Information

Synopsis: It was possible to obtain traceroute information.

Description: Makes a traceroute to the remote host. Risk factor: None Solution: n/a Plugin output: For your information, here is the traceroute from 172.30.0.67 to 172.18.20.1 : 172.30.0.67 172.20.20.1 172.19.0.1 172.18.20.1 Plugin ID: 10287

Port ntp (123/udp) [-/+]

Network Time Protocol (NTP) Server Detection

Synopsis: An NTP server is listening on the remote host. Description: An NTP (Network Time Protocol) server is listening on this port. It provides information about the current date and time of the remote system and may provide system information. Risk factor: None Solution:

n/a Plugin output: It was possible to gather the following information from the remote NTP host : version=’4′, processor=’unknown’, system=’UNIX’, leap=3, stratum=16, precision=-24, rootdelay=0.000, rootdispersion=45905.189, peer=0, refid=INIT, reftime=0x00000000.00000000, poll=6, clock=0xD00558EA.EFBD9427, state=1, offset=0.000, frequency=0.000, jitter=0.000, noise=0.000, stability=0.000 Plugin ID: 10884

Port telnet (23/tcp) [-/+]

Cisco Device Default Password

Page 7 of 76Nessus Scan Report

8/5/2010mhtml:file://C:Documents and SettingsacaballeroDesktopnessus_MockITScan.mht

Synopsis: The remote device has a factory password set. Description: The remote CISCO router has a default password set. This allows an attacker to get a lot information about the network, and possibly to shut it down if the ‘enable’ password is not set either or is also a default password. Risk factor: Critical CVSS Base Score:10.0 CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C Solution: Access this device and set a password using ‘enable secret’ Plugin output: Plugin Output : It was possible to log in as ‘cisco’/’cisco’ Plugin ID:

23938 CVE: CVE-1999-0508

Service Detection

A telnet server is running on this port. Plugin ID: 22964

Unencrypted Telnet Server

Synopsis: The remote Telnet server transm
Information Security And Risk Management

CLICK HERE TO ORDER NOW!!

Image result for Order Now images

Leave a Reply

Your email address will not be published. Required fields are marked *