Security Assessment INTERNAL NETWORK VULNERABILITIES SUMMARY REPORT
Total Page:16
File Type:pdf, Size:1020Kb
Security Assessment INTERNAL NETWORK VULNERABILITIES SUMMARY REPORT CONFIDENTIALITY NOTE: The information contained in this report is for the exclusive use of the client specified above and may contain Prepared for: Your Customer / confidential, privileged, and non-disclosable information. If you are Prospect not the client or addressee, you are strictly prohibited from reading, photocopying, distributing, or otherwise using this report or its Prepared by: Your Company Name contents in any way. 23-Feb-2021 Scan Date: 12-Feb-2021 Your Company Name Prepared for: MSP WEBSITE URL Your Customer / Prospect MSP PHONE Scan Date: MSP EMAIL 12-Feb-2021 Internal Network Vulnerabilities Summary The Management Plan ranks individual issues based upon their potential risk to the network while providing guidance on which issues to address by priority. Fixing issues with lower Risk Scores will not lower the global Risk Score, but will reduce the global Issue Score. To mitigate global risk and improve the health of the network, address issues with higher Risk Scores first. Appliances Used: 1. NDA1-5488JF 2. NDA1-7584JY 3. NDA1-9644PG High Risk CVSS RECOMMENDATION 10 Trojan horses Summary An unknown service runs on this port. It is sometimes opened by Trojan horses. Unless you know for sure what is behind it, you'd better check your system. Solution If a trojan horse is running, run a good antivirus scanner. Affected Nodes 10.200.1.16(myco-bdr)1 10 IPMI Cipher Zero Authentication Bypass Vulnerability Summary Intelligent Platform Management Interface is prone to an authentication- bypass vulnerability. Solution Ask the Vendor for an update. Affected Nodes 10.1.1.82 (sourcesvr) 1 7.5 CERN httpd CGI name heap overflow Summary It was possible to kill the remote web server by requesting GET /cgi-bin/A.AAAA[...]A HTTP/1.0 This is known to trigger a heap overflow in some servers like CERN HTTPD. Solution Page 2 of 9 PROPRIETARY & CONFIDENTIAL Your Company Name Prepared for: MSP WEBSITE URL Your Customer / Prospect MSP PHONE Scan Date: MSP EMAIL 12-Feb-2021 CVSS RECOMMENDATION Ask your vendor for a patch or move to another server Affected Nodes 10.2.1.132 7.5 Lighttpd Multiple vulnerabilities Summary This host is running Lighttpd and is prone to multiple vulnerabilities Solution Upgrade to 1.4.35 or higher, For updates refer to http://www.lighttpd.net/download Affected Nodes 10.1.1.301, 10.1.1.311 7.5 Report default community names of the SNMP Agent Summary Simple Network Management Protocol (SNMP) is a protocol which can be used by administrators to remotely manage a computer or network device. There are typically 2 modes of remote SNMP monitoring. These modes are roughly 'READ' and 'WRITE' (or PUBLIC and PRIVATE). Solution Determine if the detected community string is a private community string. Determine whether a public community string exposes sensitive information. Disable the SNMP service if you don't use it or change the default community string. Affected Nodes 10.1.1.11, 10.1.1.41, 10.1.1.151, 10.1.1.301, 10.1.1.1902, 10.1.1.2502, 10.2.1.103, 10.2.1.1323 Medium Risk CVSS RECOMMENDATION 6.9 Format string on HTTP method name Summary The remote web server seems to be vulnerable to a format string attack on the method name. An attacker might use this flaw to make it crash or even execute arbitrary code on this host. Solution upgrade your software or contact your vendor and inform him of this vulnerability Affected Nodes 10.1.1.2422, 10.2.1.2542 Page 3 of 9 PROPRIETARY & CONFIDENTIAL Your Company Name Prepared for: MSP WEBSITE URL Your Customer / Prospect MSP PHONE Scan Date: MSP EMAIL 12-Feb-2021 CVSS RECOMMENDATION 6.8 SSL/TLS: OpenSSL CCS Man in the Middle Security Bypass Vulnerability Summary OpenSSL is prone to security-bypass vulnerability. Solution Updates are available. Affected Nodes 10.1.1.301, 10.1.1.311 6.4 SSL/TLS: Missing `secure` Cookie Attribute Summary The host is running a server with SSL/TLS and is prone to information disclosure vulnerability. Solution Set the 'secure' attribute for any cookies that are sent over a SSL/TLS connection. Affected Nodes 10.1.1.21, 10.1.1.51 5 Acme thttpd and mini_httpd Terminal Escape Sequence in Logs Command Injection Vulnerability Summary Acme 'thttpd' and 'mini_httpd' are prone to a command-injection vulnerability because they fail to adequately sanitize user-supplied input in logfiles. Attackers can exploit this issue to execute arbitrary commands in a terminal. This issue affects thttpd 2.25b and mini_httpd 1.19 other versions may also be affected. Solution Affected Nodes 10.1.1.151 5 SSL/TLS: Certificate Expired Summary The remote server's SSL/TLS certificate has already expired. Solution Replace the SSL/TLS certificate by a new one. Affected Nodes 10.1.1.101, 10.1.1.221, 10.1.1.2501, 10.2.1.2532, 10.2.1.254 10.2.1.2542 Page 4 of 9 PROPRIETARY & CONFIDENTIAL Your Company Name Prepared for: MSP WEBSITE URL Your Customer / Prospect MSP PHONE Scan Date: MSP EMAIL 12-Feb-2021 CVSS RECOMMENDATION 5 BrowseGate HTTP headers overflows Summary It was possible to kill the BrowseGate proxy by sending it an invalid request with too long HTTP headers (Authorization and Referer) A cracker may exploit this vulnerability to make your web server crash continually or even execute arbirtray code on your system. Solution upgrade your software or protect it with a filtering reverse proxy Affected Nodes 10.1.1.82 5 Missing `httpOnly` Cookie Attribute Summary The application is missing the 'httpOnly' cookie attribute Solution Set the 'httpOnly' attribute for any session cookie. Affected Nodes 10.1.1.21, 10.1.1.51 5 SSL/TLS: Report Vulnerable Cipher Suites for HTTPS Summary This routine reports all SSL/TLS cipher suites accepted by a service where attack vectors exists only on HTTPS services. Solution The configuration of this services should be changed so that it does not accept the listed cipher suites anymore. Please see the references for more resources supporting you with this task. Affected Nodes 10.1.1.21, 10.1.1.51, 10.1.1.101, 10.1.1.301, 10.1.1.311, 10.1.1.1712, 10.1.1.2502, 10.2.1.2532, 10.2.1.2541 5 SSL/TLS: Untrusted Certificate Authorities Summary The service is using a SSL/TLS certificate from a known untrusted certificate authority. An attacker could use this for MitM attacks, accessing sensible data and other attacks. Solution Replace the SSL/TLS certificate with one signed by a trusted certificate authority. Affected Nodes 10.1.1.5 Page 5 of 9 PROPRIETARY & CONFIDENTIAL Your Company Name Prepared for: MSP WEBSITE URL Your Customer / Prospect MSP PHONE Scan Date: MSP EMAIL 12-Feb-2021 CVSS RECOMMENDATION 5 Mongoose Content-Length HTTP Header Remote Denial Of Service Vulnerability Summary Mongoose is prone to a remote denial-of-service vulnerability because it fails to handle specially crafted input. Solution Affected Nodes 10.1.1.151 4.8 Cleartext Transmission of Sensitive Information via HTTP Summary The host / application transmits sensitive information (username, passwords) in cleartext via HTTP. Solution Enforce the transmission of sensitive data via an encrypted SSL/TLS connection. Additionally make sure the host / application is redirecting all users to the secured SSL/TLS connection before allowing to input sensitive data into the mentioned functions. Affected Nodes 10.1.1.21, 10.1.1.51, 10.1.1.1901, 10.1.1.2422, 10.1.1.2502, 10.2.1.2532 4.3 SSL/TLS: Deprecated SSLv2 and SSLv3 Protocol Detection Summary It was possible to detect the usage of the deprecated SSLv2 and/or SSLv3 protocol on this system. Solution It is recommended to disable the deprecated SSLv2 and/or SSLv3 protocols in favor of the TLSv1+ protocols. Please see the references for more information. Affected Nodes 10.1.1.301, 10.1.1.311, 10.2.1.2532, 10.2.1.2542 4.3 SSL/TLS: Report Weak Cipher Suites Summary This routine reports all Weak SSL/TLS cipher suites accepted by a service. NOTE: No severity for SMTP services with 'Opportunistic TLS' and weak cipher suites on port 25/tcp is reported. If too strong cipher suites are configured for this service the alternative would be to fall back to an even more insecure cleartext communication. Solution The configuration of this services should be changed so that it does not accept the listed weak cipher suites anymore. Please see the references for more resources supporting you with this task. Affected Nodes Page 6 of 9 PROPRIETARY & CONFIDENTIAL Your Company Name Prepared for: MSP WEBSITE URL Your Customer / Prospect MSP PHONE Scan Date: MSP EMAIL 12-Feb-2021 CVSS RECOMMENDATION 10.1.1.301, 10.1.1.311, 10.1.1.1202, 10.1.1.2502, 10.2.1.2532, 10.2.1.2542, 10.200.1.12(dc01.myco-bdr) 2, 10.200.1.13(dc02.myco-bdr) 2, 10.200.1.14(app01.myco-bdr) 2, 10.200.1.15(exch01.myco-bdr) 2, 10.200.1.16(myco-bdr) 2, 10.200.1.17(sql01.myco-bdr) 2 4.3 SSH Weak Encryption Algorithms Supported Summary The remote SSH server is configured to allow weak encryption algorithms. Solution Disable the weak encryption algorithms. Affected Nodes 10.1.1.22, 10.1.1.302, 10.1.1.312, 10.1.1.822, 10.1.1.1442, 10.1.1.1681, 10.1.1.1712, 10.1.1.2502 4.3 SSL/TLS: SSLv3 Protocol CBC Cipher Suites Information Disclosure Vulnerability (POODLE) Summary This host is prone to an information disclosure vulnerability.