ASSESSMENT SUMMARY
Cyber Hygiene Assessment
CYHYNONE NUMBER
April 2, 2018 DATE Cyber Hygiene Assessment Sample Organization Contents
1 How To Use This Report 5
1.1 SAMPLE Points of Contact ...... 5
2 Report Card 6
3 Executive Summary 7
4 Sub-Organization Summary 10
5 Methodology 11
5.1 Background ...... 11
5.2 Process ...... 11
6 Approximate Host Locations 14
7 Vulnerability Scan Results 15
8 Results Trending 17
9 Conclusion 20
Appendices 21
Appendix A Vulnerability Summary 21
Appendix B Vulnerability Changes Since Last Report 23
B.1 Mitigated Vulnerabilities ...... 23
B.2 New Vulnerabilities Detected ...... 32
B.3 Re-Detected (Previously-Mitigated) Vulnerabilities ...... 32
B.4 Recently-Detected Vulnerabilities ...... 36
Appendix C Detailed Findings and Recommended Mitigations by Vulnerability 44
Appendix D Critical and High Vulnerability Mitigations by IP Address 69
2 April 2, 2018 Appendix E False Positive Findings 70
E.1 Expiring Soon False Positive Findings ...... 70
E.2 All False Positive Findings ...... 70
Appendix F Frequently Asked Questions 71
Appendix G Attachments 74
Appendix H Glossary and Acronyms 75
List of Figures
1 Top Vulnerabilities by Occurrence ...... 7
2 Top High-Risk Hosts ...... 7
3 Top Risk-Based Vulnerabilities ...... 7
4 Median Time in Days to Mitigate Vulnerabilities ...... 8
5 Median Age in Days of Active Vulnerabilities ...... 8
6 Critical Vulnerability Age Over Time ...... 9
7 Active Critical Vulnerability Age ...... 9
8 Approximate Host Locations ...... 14
9 Vulnerability Count per Host ...... 15
10 CVSS Histogram for Active Vulnerabilities ...... 15
11 Total Active Vulnerabilities Over Time ...... 17
12 Active Critical and High Vulnerabilities Over Time ...... 17
13 Active Medium and Low Vulnerabilities Over Time ...... 17
14 Vulnerable Hosts Over Time ...... 18
15 Distinct Services Over Time ...... 18
16 Distinct Vulnerabilities Over Time ...... 18
List of Tables
1 Number of Vulnerabilities by Severity Level ...... 7
3 April 2, 2018 2 Top Operating Systems Detected ...... 8
3 Top Services Detected ...... 8
4 Active Critical Vulnerability Age Summary ...... 9
5 Number of Vulnerabilities by Severity Level ...... 15
6 Top Vulnerabilities by Common Vulnerability Scoring System (CVSS) ...... 15
7 Top Hosts by Weighted Risk ...... 16
8 Risk Rating System ...... 16
9 Comparison with Previous Report ...... 19
4 April 2, 2018 1 How To Use This Report
Welcome to your Cyber Hygiene (CyHy) report. This document aims to be a comprehensive weekly snapshot of known vulnerabilities detected on Internet-facing hosts for Sample Organization (SAMPLE).
You may wonder what you’re supposed to do with all this information. While it’s not our intent to prescribe to you a particular process for remediating vulnerabilities, we hope you’ll use this report to strengthen your security posture. Here’s a basic flow:
1. Review the Cyber Hygiene Report Card for a high-level overview. This section gives a quick comparison of the problems we find week to week. If this is your first report, you should note that the Report Card will initially lack historical data to make comparisons against, though that data will exist in your next report.
2. See Appendix A: Vulnerability Summary for a list of unique vulnerabilities across all the systems we detect problems with. Appendix C: Detailed Findings and Recommended Mitigations by Vulnerability provides more information about each vulnerability and all the hosts that we detect are susceptible to a given vulnerability. You should focus on those vulnerabilities rated with the greatest severity, as well as those that impact your high-value assets, but don’t ignore the medium or low vulnerabilities. Recognize that a vulnerability’s rating tends to get worse with time.
3. If this report is not your first, review Appendix B: Vulnerability Changes Since Last Report for a breakdown of all the changes we detected in your scope in the last week.
4. If you’ve patched a vulnerability since your last report, verify it’s listed here. If it’s not present, there may still be an issue. It may also be possible that the issue was fixed after our latest scan, which was on April 2, 2018.
5. For additional analysis, see Appendix G: Attachments, which provides Comma-Separated Values (CSV) files for all findings, services, hosts, and the scope that we scan.
You should be aware that Cyber Hygiene does not scan your entire scope (all of the addresses your organization has sent us) every week, but does attempt to scan every host each week. For an explanation of how CyHy works, see the Methodology section.
As you review the report, you may have additional questions. Check out the answers we provide in the Frequently Asked Questions section. If you have any additional questions, email us at [email protected].
1.1 SAMPLE Points of Contact
SAMPLE has defined the following points-of-contact for Cyber Hygiene activities; if present, reports are emailed solely to distribution lists. If you receive this report through a distribution list, Department of Homeland Security (DHS) requests that you funnel your request through your technical POC(s).
Type Name Email Address Phone Number
Technical Technical POC 1 [email protected] 555-555-1111 Technical Technical POC 2 [email protected] 555-555-2222 Distribution List Distro POC 1 [email protected]
5 April 2, 2018 CYBER HYGIENE REPORT CARD
HIGH LEVEL FINDINGS
ADDRESSES OWNED ADDRESSES SCANNED LATEST SCANS
293,005⬌ 293,005⬌ Addresses: December 5, 2017 — April 4, 2018 no change no change Vulnerabilities: March 28, 2018 — April 4, 2018 100% of addresses scanned
HOSTS VULNERABLE HOSTS VULNERABILITIES SERVICES 3,986 393 1,159 8,724 38 decrease 44 decrease 192 decrease 196 decrease 10% of hosts vulnerable
VULNERABILITIES
CRITICAL HIGH MEDIUM LOW 10 4⬌ 1,044 101
2 resolved 1 resolved 258 resolved 53 resolved 0 new 1 new 108 new 13 new
PREVIOUS REPORT •resolved CURRENT REPORT •new
VULNERABILITY RESPONSE TIME (since April 2, 2017)
CRITICAL HIGH MEDIUM LOW Median Maximum Median Maximum Median Maximum Median Maximum DAYS TO MITIGATE 8 86 27 1,601 158 1,952 37 1,517 DAYS CURRENTLY ACTIVE 28 29 54 210 307 1,952 29 1,622
6 April 2, 2018 3 Executive Summary
This report provides the results of a DHS / National Cybersecurity Assessments and Technical Services (NCATS) CyHy assessment of SAM- PLE conducted from December 5, 2017 at 15:54 UTC through April 2, 2018 at 03:53 UTC. The Cyber Hygiene assessment includes network mapping and vulnerability scanning for Internet-accessible SAMPLE hosts. This report is intended to provide SAMPLE with enhanced under- standing of their cyber posture and to promote a secure and resilient Information Technology (IT) infrastructure across SAMPLE’s Internet- accessible networks and hosts.
For this reporting period, a total of 3,986 hosts were identified out of the 293,005 addresses provided to NCATS. The scanning revealed 1,159 total potential vulnerabilities on 393 vulnerable hosts, 10% of all SAMPLE hosts. 143 distinct open ports, 67 distinct services, and 132 operating systems were detected.
63 distinct types of potential vulnerabilities (3 critical, 3 high, 43 medium, and 14 low) were detected, as shown in Table 1. The vulnerabilities that were detected most frequently on SAMPLE hosts are displayed in Figure 1.
SAMPLE should review the potential vulnerabilities detected and report any false positives back to NCATS so they can be excluded from future reports. Please refer to Appendix A: Vulnerability Summary for an illustration of the breakdown of vulnerability occurrences over time.
Low Medium High Critical
319 Severity Distinct Vulnerabilities Total Vulnerabilities 73 65 Critical 5% 3 1% 10 180 114 High 5% 3 0% 4 Medium 68% 43 90% 1,044 Low 22% 14 9% 101
Total 63 1,159 Certificate SSL Self-Signed Be Trusted Cipher Suites Using Weak SSL Medium Strength SSL Certificate Expiry Table 1: Number of Vulnerabilities by Severity Level SSL Certificate Cannot SSL Certificate Signed
Figure 1: Top Vulnerabilities by Occurrence
Additionally, the top high-risk hosts and top risk-based vulnerabilities are displayed in Figure 2 and Figure 3. For more information about these risk calculations, refer to Table 8: Risk Rating System.
Low Medium High Critical
Low Medium High Critical x.x.192.34 6 2 319 x.x.157.83 4 3 2 180 4 3 3 x.x.105.90 2 1 2 x.x.194.150 1 3 1
x.x.196.96 Certificate 1 2 1 SSL Self-Signed Devices Be Trusted 6.41.3 SMB 0 2 4 6 8 10 MikroTik RouterOS < SSL Certificate Cannot Portable SDK for UPnP Server Arbitrary Vulnerabilities MikroTik RouterOS HTTP
Figure 2: Top High-Risk Hosts Figure 3: Top Risk-Based Vulnerabilities
7 April 2, 2018 The most frequently detected operating systems and services for SAMPLE are displayed in Table 2 and Table 3 respectively.
Operating System Detections Service Detections
unknown 70.3% 3,157 domain 0.3% 25 OpenBSD 4.0 6.1% 272 jetdirect 0.1% 8 F5 BIG-IP Edge Gateway 4.3% 195 pop3 0.0% 2 FreeBSD 6.2-RELEASE 3.7% 168 gw 0.0% 1 OpenBSD 4.3 2.6% 116 xmpp 0.0% 1 Other 12.9% 580 Other 99.6% 8,657
Table 2: Top Operating Systems Detected Table 3: Top Services Detected
The next two figures illustrate how quickly SAMPLE responds to vulnerabilities that have been identified. Figure 4 shows how long it has taken SAMPLE to mitigate vulnerabilities of each severity level (for vulnerabilities mitigated since April 2, 2017), while Figure 5 shows the median ages of current active vulnerabilities. Vulnerability age is based on the initial detection date by CyHy.
158
37 27 8
Critical High Medium Low
Figure 4: Median Time in Days to Mitigate Vulnerabilities
307
54 28 29
Critical High Medium Low
Figure 5: Median Age in Days of Active Vulnerabilities
8 April 2, 2018 Figure 6 displays the number of active critical vulnerabilities that were less than 30 days old and more than 30 days old, as of the date indicated on the graph. Vulnerability age is based on the initial detection date by CyHy.
Active Less Than 30 Days Active 30+ Days 16
14
12
10
8
6
4 Critical Vulnerabilities 2
0 2017-06-01 2017-08-01 2017-10-01 2017-12-01 2018-02-01 2018-04-01 Figure 6: Critical Vulnerability Age Over Time
Figure 7 and Table 4 provide an age breakdown of every currently active critical vulnerability for SAMPLE.
3.0
2.5 7 Days 14 Days 21 Days 30 Days 90 Days
2.0
1.5
1.0
0.5 Critical Vulnerabilities
0.0 0 20 40 60 80 100 120 140 160 180+ Age (Days) Figure 7: Active Critical Vulnerability Age
0-7 7-14 14-21 21-30 30-90 90+ Days Days Days Days Days Days
Active Critical Vulnerabilities 0 4 0 1 5 0
Table 4: Active Critical Vulnerability Age Summary
9 April 2, 2018 0 0 0 0 0 29 10 28 214 214 348 354 Low 1,349 1,272 Active 0 28 449 339 214 307 478 479 583 478 414 394 336 207 Med Currently 0 0 0 0 0 0 0 0 0 0 0 0 54 54 High Days 0 0 0 0 0 0 0 0 0 0 0 0 28 28 Median Critical 0 0 57 17 64 37 115 119 219 145 161 107 256 164 Low 59 55 21 16 Mitigate 110 147 340 272 158 234 179 227 214 100 Med Attachments. To 0 0 1 2 0 0 G: 27 39 15 31 16 55 108 189 Days High 0 0 4 0 0 8 0 0 1 0 11 83 12 10 Appendix Median in Critical 1 1 19 14 99 48 55 found 196 400 512 187 396 8,724 6,796 be Services Detected can 0 0 0 4 0 4 1 0 8 1 54 13 16 101 Low data 8 1 0 this 10 34 29 18 21 179 248 133 224 139 Med Detected 1,044 with 0 0 0 0 4 0 0 4 0 0 0 0 0 0 CSV High A 0 0 0 0 0 0 0 0 0 0 0 0 10 10 Vulnerabilities Critical SAMPLE. (0%) (3%) (10%) (69%) (19%) (83%) (42%) (44%) (10%) (50%) (52%) (69%) (52%) within 0 (100%) 8 5 5 9 97 64 12 1 57 44 79 12 393 Vulnerable Hosts 1 1 6 79 93 64 12 85 23 18 115 129 3,986 3,360 Detected sub-organization each 100% 100% 100% 100% 100% 100% 100% 100% 100% 100% 100% 100% 100% 100% for Scanned 6 28 Addresses 827 448 272 520 648 123 metrics 9,721 2,125 65,610 77,800 Owned 293,005 134,877 CyHy key the Total shows Org SAMPLE SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG Name SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG Sub-Organization Summary section 4 This
10 April 2, 2018 5 Methodology
5.1 Background
The NCATS team conducted a Cyber Hygiene assessment of SAMPLE’s Internet-facing networks and hosts from December 5, 2017 at 15:54 UTC through April 2, 2018 at 03:53 UTC. This report provides result summaries and detailed findings of the CyHy assessment activity for SAMPLE and its associated sub-organizations. All scan results are included in Appendix G: Attachments as CSV files.
Cyber Hygiene is intended to improve your security posture by proactively identifying and reporting on vulnerabilities and configuration issues present on Internet-facing systems before those vulnerabilities can be exploited.
Cyber Hygiene is a service of NCATS, organized under the DHS National Protection and Programs Directorate (NPPD), Office of Cyberse- curity and Communications (CS&C), National Cybersecurity and Communications Integration Center (NCCIC).
DHS began Cyber Hygiene in January 2012 to assess, on a recurring basis, the “health” of unclassified federal civilian networks accessible via the Internet. Since then, the program has grown to provide a persistent scanning service to federal, state, local, tribal, and territorial governments and private sector organizations.
Upon submission of an Acceptance Letter, SAMPLE provided NCATS with their public network address information. SAMPLE and NCATS agreed on any time restrictions which would be imposed on the scanning activity.
5.2 Process
All Cyber Hygiene scanning activity originates from the 64.69.57.0/24 network.
CyHy uses a combination of scanning services for testing:
• Network Mapping
• Vulnerability Scanning
Network Mapping
Using Nmap [https://nmap.org], we attempt to determine what hosts are available, identify what services (application name and version) those hosts are offering, and what Operating System (OS) versions they are running. We first scan the most commonly detected 1,000 Transmission Control Protocol (TCP) ports of the addresses you’ve submitted to us to get a quick understanding of the active/dark landscape. An address that has a least one port open/listening service is considered a host and is then fully port-scanned (TCP) and included in the vulnerability scan. For the purposes of this report, tcpwrapped ports are not considered to be open; for more information on tcpwrapped ports, refer to the Frequently Asked Questions section.
If no services are detected in the most common 1,000 ports on a given Internet Protocol (IP) address, that address is considered “dark” in CyHy and will be re-scanned after at least 90 days to check for change. Addresses marked dark are not included in the host count of the weekly report. Understand that CyHy is not attempting to make a judgment call about why an address is unresponsive. If there’s not a port open, it’s not a host in the language of CyHy.
11 April 2, 2018 Vulnerability Scanning
Using Nessus, a commercial vulnerability scanner, each host is evaluated against a library of vulnerabilities that an Internet-based actor could exploit. Vulnerabilities are reported with a severity of critical, high, medium, or low to facilitate prioritization of remediation efforts. We enable all Nessus Plugins [https://www.tenable.com/plugins/] except those in the “Denial of Service” family.
Scanning Frequency
Scanning occurs continuously between each weekly report. All hosts are scanned for vulnerabilities at least once every two weeks; hosts with vulnerabilities are scanned more frequently.
Cyber Hygiene’s scan prioritization is as follows:
• Addresses with no running services detected (dark space) are rescanned after at least 90 days.
• Hosts with no vulnerabilities detected are rescanned every 7 days.
• Hosts with low-severity vulnerabilities are rescanned every 6 days.
• Hosts with medium-severity vulnerabilities are rescanned every 4 days.
• Hosts with high-severity vulnerabilities are rescanned every 24 hours.
• Hosts with critical-severity vulnerabilities are rescanned every 12 hours.
You should understand that a single host may have multiple vulnerabilities of varying severity, which impacts the frequency that the host is scanned.
To be clear, it is not the case that we scan your entire address scope for vulnerabilities each week (unless each address you’ve provided to us has a responsive host). It is the case, though, that each host will get vulnerability scanned at least once per week.
Recurring Vulnerabilities
After you’ve remediated a vulnerability (and it remains resolved for a period of 90 days), the host’s scan priority will drop. This approach allows the NCATS team to focus on the areas of importance and give more attention to the hosts that need it.
Vulnerabilities are assigned an age in order to track timeliness of remediation. Vulnerability age is determined by when it was first detected on a host, not from when it first appeared on a report. As scanning occurs continuously between weekly reports, it is possible to have “new” vulnerabilities appear on a report that are already days old. It is also possible for a vulnerability to fluctuate between being detected and not detected during mid-week scans and then at a future time appear in a report as many days old. If a mitigated vulnerability is re-detected less than 90 days after the date of non-detection, it will be considered to be the same vulnerability with the same “initial detection date” as previously recorded. If it is re-detected more than 90 days after the date of non-detection, it will be treated as a new vulnerability with a new “initial detection date”.
12 April 2, 2018 Vulnerability Scoring
The Nessus vulnerability scanner references the National Vulnerability Database (NVD) [https://nvd.nist.gov/] for its vulnerability information. The NVD provides CVSS scores for many known vulnerabilities. In particular, NVD supports the CVSS version standard for all Common Vulnerabilities and Exposures (CVE) vulnerabilities.
The CVSS is a free and open industry standard for assessing the severity of computer system security vulnerabilities. CVSS attempts to assign severity scores to vulnerabilities, allowing responders to prioritize responses and resources according to threat. The NVD uses severity rankings of “Low,” “Medium,” and “High” in addition to the numeric CVSS scores, but these qualitative rankings are simply mapped from the numeric CVSS base scores:
• Vulnerabilities are labeled “Low” severity if they have a CVSS base score of 0.0-3.9.
• Vulnerabilities will be labeled “Medium” severity if they have a base CVSS score of 4.0-6.9.
• Vulnerabilities will be labeled “High” severity if they have a CVSS base score of 7.0-10.0.
Nessus has a “critical” rating which it uses for CVSS 10 vulnerabilities. Where the NVD has not provided a CVE severity rating, the Nessus scanner relies on its own rankings.
What’s In The Report?
Though Cyber Hygiene initiates multiple scans between reports, only the latest scan data for each host is used to determine current vulnerability. This is the data that appears in the main body of the report and in Appendix A: Vulnerability Summary, Appendix B.2: New Vulnerabilities Detected and Appendix B.3: Re-Detected (Previously-Mitigated) Vulnerabilities.
If a vulnerability was detected since that last report (e.g., it wasn’t in the previous report’s findings, though CyHy saw it mid-week) but it was not in the latest scan, we include it in Appendix B.4: Recently-Detected Vulnerabilities.
If a vulnerability that was previously reported to you is no longer detected by the latest scan, the vulnerability and host will be listed in Appendix B.1: Mitigated Vulnerabilities.
We encourage you to validate the status of vulnerabilities in both Appendix B.1: Mitigated Vulnerabilities and Appendix B.4: Recently- Detected Vulnerabilities against your change control register. This will help to ensure that the vulnerability we detected has actually been remediated and is not simply unresponsive to our scans.
13 April 2, 2018 6 Approximate Host Locations
The map below shows the approximate locations of detected hosts as listed in a geo-location database. This map is provided as a tool to identify hosts that may have been mistakenly added in to, or removed from scope. The map is scaled to include all known SAMPLE host locations.
Figure 8: Approximate Host Locations
14 April 2, 2018 7 Vulnerability Scan Results
For this period, CyHy detected 1,159 occurrences of 63 distinct vulnerabilities (10 critical, 4 high, 1,044 medium, and 101 low). SAMPLE should review the vulnerabilities detected and report any false positives back to NCATS so these can be excluded from future reports (see the Frequently Asked Questions section for more about false positives).
The scanning detected 393 vulnerable hosts—364 hosts with one to five vulnerabilities were identified; 24 hosts had between six and nine vulnerabilities; 4 hosts had ten or more vulnerabilities identified.
Severity Distinct Vulnerabilities Total Vulnerabilities Critical 5% 3 1% 10 364 High 5% 3 0% 4 Medium 68% 43 90% 1,044 Low 22% 14 9% 101 24 4
Total 63 1,159 1-5 6-9 10+
Table 5: Number of Vulnerabilities by Severity Level Figure 9: Vulnerability Count per Host
The CVSS scores for all active vulnerabilities can be found in Figure 10.
600
500
400
300
200
100 Active Vulnerabilities 0 0.0 0.5 1.0 1.5 2.0 2.5 3.0 3.5 4.0 4.5 5.0 5.5 6.0 6.5 7.0 7.5 8.0 8.5 9.0 9.5 10.0 CVSS Figure 10: CVSS Histogram for Active Vulnerabilities
The top vulnerabilities according to CVSS score are represented in Table 6.
Vulnerability Name Severity Hosts CVSS Score
MikroTik RouterOS < 6.41.3 SMB Buffer Overflow Critical 4 10.0 MikroTik RouterOS HTTP Server Arbitrary Write RCE (ChimayRed) Critical 3 10.0 Portable SDK for UPnP Devices (libupnp) < 1.6.18 Multiple Stack-based Buffer Overflows RCE Critical 3 10.0 PHP 5.6.x < 5.6.34 Stack Buffer Overflow High 2 7.5 FTP Privileged Port Bounce Scan High 1 7.5 SNMP Agent Default Community Name (public) High 1 7.5 Apache Tomcat Default Files Medium 2 6.8 AXIS gSOAP Message Handling RCE (ACV-116267) (Devil’s Ivy) Medium 1 6.8 SSL Certificate Cannot Be Trusted Medium 319 6.4 SSL Self-Signed Certificate Medium 180 6.4
Table 6: Top Vulnerabilities by CVSS
15 April 2, 2018 A complete list of distinct vulnerabilities detected, including severity level and number of hosts having the vulnerability can be found in Appendix A: Vulnerability Summary. Full details on every detected vulnerability can be found in Appendix C: Detailed Findings and Recommended Mitigations by Vulnerability. Every critical and high finding detected, along with the hosts that have these findings, are listed in Appendix D: Critical and High Vulnerability Mitigations by IP Address.
The top high-risk hosts are identified in Table 7 by combining the total number of vulnerabilities, the severity of the vulnerabilities, and a weighted CVSS score for vulnerabilities detected. For more information on the formula, please refer to Table 8: Risk Rating System.
IP Address Critical High Medium Low Total
x.x.192.34 2 0 6 0 8 x.x.157.83 2 0 3 4 9 x.x.105.90 2 0 1 2 5 x.x.194.150 1 0 3 1 5 x.x.196.96 1 0 2 1 4 x.x.196.200 1 0 2 1 4 x.x.236.156 1 0 0 3 4 x.x.124.231 0 2 10 2 14 x.x.59.83 0 0 9 1 10 x.x.124.236 0 1 9 1 11
Table 7: Top Hosts by Weighted Risk
The Risk Rating System (RRS) emphasizes higher-rated CVSS scores to ensure that hosts with a large number of lower-risk vulnerabilities do not outweigh hosts with a smaller number of high-risk vulnerabilities, while ensuring that hosts with an extreme number of low-risk vulnerabilities are not overshadowed by hosts with a single higher-risk issue. The RRS also ensures that hosts with a significant number of high-risk vulnerabilities will not be overshadowed by a host with only a single critical vulnerability.
Table 8 illustrates the base and weighted CVSS scores and shows the equivalent number of lower-risk vulnerabilities to weigh evenly with a single critical (CVSS score of 10) vulnerability.
Base CVSS Score Weighted CVSS Score Equivalent to CVSS Score 10 − 1.0 1 × 10 06 10,000,000.0 2.0 0.000,128 78,125.0 3.0 0.002,187 4,572.47 4.0 0.016,384 610.35 5.0 0.078,125 128.0 6.0 0.279,936 35.72 7.0 0.823,543 12.14 8.0 2.097,152 4.77 9.0 4.782,969 2.09 10.0 10.0 1.0
Table 8: Risk Rating System
− As an example, a host having 400 vulnerabilities with a base CVSS score of 1.0 would get a weighted RRS score of 4 × 10 04, which is considered lower-risk than a host with a single critical vulnerability (RRS score of 10.0). Similarly, a host having 4 vulnerabilities with a base CVSS score of 8 would get a RRS score of 8.39 and still be considered a lower risk than a host with a single critical vulnerability (RRS score of 10.0).
16 April 2, 2018 8 Results Trending
To help decision-makers, this section provides a comparison of the current data against similar CyHy scans conducted over time.
1400 Total
1200
1000
800
600
Vulnerabilities 400
200
0
Oct 2017 Nov 2017 Dec 2017 Jan 2018 Feb 2018 Mar 2018 Apr 2018 Figure 11: Total Active Vulnerabilities Over Time
12 Critical 10 High
8
6
4 Vulnerabilities 2
0
Oct 2017 Nov 2017 Dec 2017 Jan 2018 Feb 2018 Mar 2018 Apr 2018 Figure 12: Active Critical and High Vulnerabilities Over Time
1400
1200
1000
800 Medium Low 600
400 Vulnerabilities
200
0
Oct 2017 Nov 2017 Dec 2017 Jan 2018 Feb 2018 Mar 2018 Apr 2018 Figure 13: Active Medium and Low Vulnerabilities Over Time
17 April 2, 2018 SAMPLE vulnerability profile over time, reporting on the total hosts detected, number of hosts with vulnerabilities, number of distinct services, and the number of distinct vulnerabilities detected can be found in Figure 14, Figure 15, and Figure 16 respectively.
4500 4000 3500 3000
2500 Hosts 2000 Vulnerable Hosts Hosts 1500 1000 500 0
Oct 2017 Nov 2017 Dec 2017 Jan 2018 Feb 2018 Mar 2018 Apr 2018 Figure 14: Vulnerable Hosts Over Time
Distinct Services 80
60
40 Services
20
0
Oct 2017 Nov 2017 Dec 2017 Jan 2018 Feb 2018 Mar 2018 Apr 2018 Figure 15: Distinct Services Over Time
80
70
60
50
40
30
Vulnerabilities 20
10 Distinct Vulnerabilities 0
Oct 2017 Nov 2017 Dec 2017 Jan 2018 Feb 2018 Mar 2018 Apr 2018 Figure 16: Distinct Vulnerabilities Over Time
18 April 2, 2018 Previous Report Current Report % Change
Hosts 4,024 3,986 -1.0% Vulnerable Hosts 437 393 -11.0% Distinct Services 78 67 -15.0% Distinct Vulnerabilities 72 63 -13.0% Distinct Operating Systems 132 132 0.0%
Table 9: Comparison with Previous Report
Overall, for all hosts identified, SAMPLE averaged 0.29 vulnerabilities per host. For vulnerable hosts, SAMPLE averaged 2.95 total vulner- abilities per host. By severity, vulnerable hosts averaged 0.03 critical, 0.01 high, 2.66 medium, and 0.26 low vulnerabilities per host.
19 April 2, 2018 9 Conclusion
SAMPLE should use the data provided in this report to correct any identified vulnerabilities, configuration errors, and security concerns in your external network perimeter. If SAMPLE has questions, comments, or concerns about the findings or data contained in this report, please work with your designated technical point of contact when requesting assistance from NCATS at [email protected].
20 April 2, 2018 Appendix A Vulnerability Summary
This section presents counts of all distinct vulnerabilities that were detected in the latest scans. It shows the name of the vulnerability, the severity level of the vulnerability, and the number of vulnerability detections in the previous report vs. this report. Low, medium, high, and critical vulnerabilities are displayed.
Vulnerability Severity Previous Current Change
MikroTik RouterOS < 6.41.3 SMB Buffer Overflow Critical 4 4 0.0% MikroTik RouterOS HTTP Server Arbitrary Write RCE (ChimayRed) Critical 3 3 0.0% Portable SDK for UPnP Devices (libupnp) < 1.6.18 Multiple Stack-based Buffer Critical 4 3 -25.0% Overflows RCE OpenSSL Unsupported Critical 1 0 -100.0% FTP Privileged Port Bounce Scan High 0 1 -% PHP 5.6.x < 5.6.34 Stack Buffer Overflow High 2 2 0.0% SNMP Agent Default Community Name (public) High 1 1 0.0% Apache 2.2.x < 2.2.33-dev / 2.4.x < 2.4.26 Multiple Vulnerabilities High 1 0 -100.0% Apache .htaccess and .htpasswd Disclosure Medium 0 2 -% Multiple Vendor DNS Query ID Field Prediction Cache Poisoning Medium 0 1 -% Web Server Uses Non Random Session IDs Medium 0 1 -% Web Server Generic Cookie Injection Medium 1 2 100.0% DNS Server Cache Snooping Remote Information Disclosure Medium 1 2 100.0% DNS Server Recursive Query Cache Poisoning Weakness Medium 1 2 100.0% DNS Server Spoofed Request Amplification DDoS Medium 1 2 100.0% OpenSSL 1.1.0 < 1.1.0g RSA/DSA Unspecified Carry Issue Medium 1 1 0.0% TLS Padding Oracle Information Disclosure Vulnerability (TLS POODLE) Medium 2 2 0.0% Terminal Services Doesn’t Use Network Level Authentication (NLA) Only Medium 1 1 0.0% Terminal Services Encryption Level is Medium or Low Medium 1 1 0.0% ASP.NET DEBUG Method Enabled Medium 1 1 0.0% Multiple Vendor Embedded FTP Service Any Username Authentication Bypass Medium 1 1 0.0% Network Time Protocol (NTP) Mode 6 Scanner Medium 1 1 0.0% PHP 5.6.x < 5.6.31 Multiple Vulnerabilities Medium 2 2 0.0% PHP 5.6.x < 5.6.32 Multiple Vulnerabilities Medium 2 2 0.0% PHP 5.6.x < 5.6.33 Multiple Vulnerabilities Medium 2 2 0.0% Microsoft Windows Remote Desktop Protocol Server Man-in-the-Middle Weak- Medium 1 1 0.0% ness SSL Certificate Expiry Medium 69 65 -5.8% SSL Certificate Signed Using Weak Hashing Algorithm Medium 79 73 -7.6% SSL Certificate Cannot Be Trusted Medium 350 319 -8.9% Return Of Bleichenbacher’s Oracle Threat (ROBOT) Information Disclosure Medium 52 47 -9.6% SSL/TLS Diffie-Hellman Modulus <= 1024 Bits (Logjam) Medium 36 32 -11.1% SSLv3 Padding Oracle On Downgraded Legacy Encryption Vulnerability (POO- Medium 9 8 -11.1% DLE) SSL Self-Signed Certificate Medium 203 180 -11.3% SSL Medium Strength Cipher Suites Supported Medium 131 114 -13.0% SSL RC4 Cipher Suites Supported (Bar Mitzvah) Medium 73 61 -16.4% Cisco IOS IKEv1 Packet Handling Remote Information Disclosure (cisco-sa- Medium 6 5 -16.7% 20160916-ikev1) (BENIGNCERTAIN) (uncredentialed check) HTTP TRACE / TRACK Methods Allowed Medium 5 4 -20.0% Internet Key Exchange (IKE) Aggressive Mode with Pre-Shared Key Medium 15 12 -20.0% SSL Version 2 and 3 Protocol Detection Medium 14 11 -21.4% SSL Weak Cipher Suites Supported Medium 40 31 -22.5% Unencrypted Telnet Server Medium 16 12 -25.0% SSL/TLS EXPORT_RSA <= 512-bit Cipher Suites Supported (FREAK) Medium 26 19 -26.9% Web Application Potentially Vulnerable to Clickjacking Medium 16 11 -31.2% Web Server Generic XSS Medium 6 4 -33.3% Apache Tomcat Default Files Medium 3 2 -33.3%
21 April 2, 2018 Vulnerability Severity Previous Current Change
Apache Server ETag Header Information Disclosure Medium 2 1 -50.0% OpenSSL SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG Session Medium 2 1 -50.0% Resume Ciphersuite Downgrade Issue SSH Weak Algorithms Supported Medium 4 2 -50.0% SSL/TLS EXPORT_DHE <= 512-bit Export Cipher Suites Supported (Logjam) Medium 2 1 -50.0% AXIS gSOAP Message Handling RCE (ACV-116267) (Devil’s Ivy) Medium 2 1 -50.0% mDNS Detection (Remote Network) Medium 3 1 -66.7% Apache 2.4.x < 2.4.12 Multiple Vulnerabilities Medium 1 0 -100.0% Apache 2.4.x < 2.4.16 Multiple Vulnerabilities Medium 1 0 -100.0% OpenSSL 0.9.8 < 0.9.8zd Multiple Vulnerabilities (FREAK) Medium 1 0 -100.0% OpenSSL 0.9.8 < 0.9.8zf Multiple Vulnerabilities Medium 1 0 -100.0% Apache 2.4.x < 2.4.25 Multiple Vulnerabilities (httpoxy) Medium 1 0 -100.0% Apache 2.4.x < 2.4.27 Multiple Vulnerabilities Medium 1 0 -100.0% Apache 2.4.x < 2.4.28 HTTP Vulnerability (OptionsBleed) Medium 1 0 -100.0% Microsoft Exchange Client Access Server Information Disclosure Medium 1 0 -100.0% OpenSSL 0.9.8 < 0.9.8zg Multiple Vulnerabilities Medium 1 0 -100.0% OpenSSL 0.9.8 < 0.9.8zh X509_ATTRIBUTE Memory Leak DoS Medium 1 0 -100.0% SSL / TLS Renegotiation Handshakes MiTM Plaintext Data Injection Medium 1 0 -100.0% Web Server Load Balancer Detection Low 0 1 -% Anonymous FTP Enabled Low 2 2 0.0% SSL Certificate Chain Contains RSA Keys Less Than 2048 bits Low 24 24 0.0% POP3 Cleartext Logins Permitted Low 1 1 0.0% Terminal Services Encryption Level is not FIPS-140 Compliant Low 1 1 0.0% MikroTik RouterOS < 6.39.3 / 6.40.4 / 6.41rc (KRACK) Low 1 1 0.0% FTP Supports Cleartext Authentication Low 4 3 -25.0% Web Server Uses Basic Authentication Without HTTPS Low 8 6 -25.0% Web Server Transmits Cleartext Credentials Low 55 38 -30.9% SSH Server CBC Mode Ciphers Enabled Low 18 11 -38.9% SSH Weak MAC Algorithms Enabled Low 15 9 -40.0% OpenSSL AES-NI Padding Oracle MitM Information Disclosure Low 2 1 -50.0% Web Server HTTP Header Internal IP Disclosure Low 4 2 -50.0% Dropbear SSH Server < 2016.72 Multiple Vulnerabilities Low 3 1 -66.7% SSL Anonymous Cipher Suites Supported Low 3 0 -100.0%
22 April 2, 2018 dates, To 21 23 21 21 21 21 21 21 NA NA NA NA NA NA NA NA 209 133 765 detection Mitigate Days mitigation NA NA NA NA NA NA NA NA 16:50 14:37 06:17 14:37 14:37 14:37 14:37 05:44 14:37 14:37 03:54 (UTC) and Mitigation Detected detection 2018-03-27 2018-04-03 2018-03-28 2018-04-03 2018-04-03 2018-04-03 2018-04-03 2018-03-27 2018-04-03 2018-04-03 2018-03-31 initial the Initial Detection 2012-11-27 2012-11-27 2017-11-14 2017-08-30 2017-08-30 2018-03-13 2018-03-05 2018-03-13 2017-04-20 2018-03-13 2018-03-13 2018-03-13 2018-03-13 2018-03-13 2018-03-13 2016-02-25 2018-02-02 2017-02-02 2017-02-02 provides NA 443 443 500 500 500 500 443 443 500 500 Port table 8100 8100 8100 8100 8100 8100 8100 49152 The Host scans. x.x.105.72 x.x.195.86 x.x.80.229 x.x.80.232 x.x.80.237 x.x.80.153 x.x.105.72 x.x.89.138 x.x.109.181 x.x.194.153 x.x.194.153 x.x.194.153 x.x.147.214 x.x.194.153 x.x.194.153 x.x.194.153 x.x.194.153 x.x.241.186 x.x.109.141 latest the High by Critical Critical Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Severity detected Dis- Dis- not (uncre - (uncre - (Devil’s Multiple Vulnerabili- were Pre-Shared Pre-Shared Pre-Shared Pre-Shared 1.6.18 but with with with with Information Information (httpoxy) < Multiple (OptionsBleed) Disclosure Mode Mode Mode Mode report, (ACV-116267) Remote Remote 2.4.26 (libupnp) (BENIGNCERTAIN) (BENIGNCERTAIN) RCE < Allowed Allowed previous Vulnerabilities Vulnerabilities Vulnerabilities Vulnerabilities RCE Information Vulnerability Aggressive Aggressive Aggressive Aggressive 2.4.x the / Handling Handling Devices on Handling Methods Methods Files (IKE) (IKE) (IKE) (IKE) Multiple Multiple Multiple Multiple HTTP Header Overflows vulnerability. UPnP Packet Packet Default TRACK TRACK 2.2.33-dev included 2.4.12 2.4.16 2.4.25 2.4.27 2.4.28 ETag for / / Message Changes Since Last Report < < < < < < each Buffer Exchange Exchange Exchange Exchange IKEv1 IKEv1 Unsupported were check) check) SDK 2.2.x 2.4.x 2.4.x 2.4.x 2.4.x 2.4.x Server Tomcat Key Key Key Key (cisco-sa-20160916-ikev1) (cisco-sa-20160916-ikev1) IOS IOS TRACE TRACE gSOAP that mitigate to HTTP Vulnerability OpenSSL Internet Portable Key Internet Stack-based Apache ties AXIS Key Internet Ivy) Apache Apache Key Internet Apache Apache Key Apache Apache Apache Cisco closure dentialed Cisco closure dentialed HTTP took it Vulnerabilities Vulnerability vulnerabilities days the of lists Owner SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG number Mitigated section the Appendix B B.1 This plus
23 April 2, 2018 To 83 12 23 21 21 21 21 95 82 89 86 90 NA NA NA NA NA NA NA NA NA 210 446 214 214 Mitigate Days NA NA NA NA NA NA NA NA NA 11:57 02:11 02:11 10:11 00:34 14:27 22:05 17:59 14:37 14:37 14:37 14:37 02:32 04:54 14:40 12:52 (UTC) Mitigation Detected 2018-03-27 2018-04-02 2018-04-02 2018-03-31 2018-03-29 2018-03-28 2018-03-29 2018-03-27 2018-04-03 2018-04-03 2018-04-03 2018-04-03 2018-04-01 2018-03-29 2018-03-31 2018-03-30 Initial Detection 2012-11-27 2016-11-30 2017-12-29 2018-01-03 2017-08-30 2018-03-04 2014-07-26 2017-08-30 2017-01-06 2018-03-17 2018-03-04 2018-03-13 2017-08-30 2017-08-30 2018-03-13 2017-08-30 2018-03-13 2017-09-18 2018-03-13 2017-12-27 2018-01-06 2018-01-01 2018-01-01 2018-01-04 2017-12-30 22 22 21 443 443 500 500 443 443 443 443 443 443 443 443 443 443 443 443 Port 9443 9443 8100 8100 8100 8100 Host x.x.5.195 x.x.80.10 x.x.84.115 x.x.84.117 x.x.83.162 x.x.192.34 x.x.89.138 x.x.105.92 x.x.151.98 x.x.84.104 x.x.77.138 x.x.77.140 x.x.81.124 x.x.84.103 x.x.84.104 x.x.124.226 x.x.124.236 x.x.109.121 x.x.194.153 x.x.109.228 x.x.194.153 x.x.124.226 x.x.124.226 x.x.194.153 x.x.194.153 Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Severity In- DoS Disclo- Data Informa- Informa- Informa- Informa- Informa- Informa- Informa- Informa- Leak Pre-Shared Pre-Shared Downgrade (FREAK) with with Plaintext Memory (ROBOT) (ROBOT) (ROBOT) (ROBOT) (ROBOT) (ROBOT) (ROBOT) (ROBOT) Information Mode Mode MiTM Ciphersuite Threat Threat Threat Threat Threat Threat Threat Threat Server Vulnerabilities Vulnerabilities Vulnerabilities Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Aggressive Aggressive Access Resume Trusted Trusted Trusted Trusted Trusted Trusted Multiple Multiple Handshakes Multiple X509_ATTRIBUTE Be Be Be Be Be Be (IKE) (IKE) Supported Supported Client SSL_OP_NETSCAPE_REUSE_CIPHER_ 0.9.8zd 0.9.8zf 0.9.8zg Session 0.9.8zh < < < Cannot Cannot Cannot Cannot Cannot Cannot < Exchange Exchange Algorithms Algorithms Renegotiation Bleichenbacher’s Bleichenbacher’s Bleichenbacher’s Bleichenbacher’s Bleichenbacher’s Bleichenbacher’s Bleichenbacher’s Bleichenbacher’s 0.9.8 0.9.8 0.9.8 0.9.8 Exchange Key Key Of Of Of Of Of Of Of Of TLS Weak Weak / Certificate Certificate Certificate Certificate Certificate Certificate Disclosure Disclosure Disclosure Disclosure Disclosure Disclosure Disclosure Disclosure Return tion Vulnerability tion Return Internet tion SSH SSH Key Internet SSL Key Microsoft jection SSL sure OpenSSL SSL SSL OpenSSL SSL SSL OpenSSL SSL OpenSSL OpenSSL CHANGE_BUG Issue Return tion Return tion Return tion Return tion Return tion Return Owner SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG
24 April 2, 2018 4 4 To 17 57 25 28 25 23 21 26 25 25 21 27 29 26 25 26 25 74 25 25 NA NA NA NA NA NA NA NA NA 165 342 123 341 716 213 573 1951 Mitigate Days NA NA NA NA NA NA NA NA NA 11:57 04:11 03:01 22:06 17:35 04:48 19:09 02:40 06:17 14:08 04:40 05:56 00:21 20:04 02:21 23:15 22:52 04:57 03:54 10:51 05:16 14:50 13:56 02:32 06:06 09:35 13:57 03:37 04:57 08:28 (UTC) Mitigation Detected 2018-03-27 2018-03-31 2018-03-29 2018-03-29 2018-04-01 2018-03-29 2018-03-29 2018-04-02 2018-03-28 2018-03-27 2018-04-01 2018-04-01 2018-04-02 2018-03-31 2018-03-29 2018-03-29 2018-03-26 2018-04-01 2018-04-02 2018-03-31 2018-03-29 2018-04-01 2018-03-31 2018-04-01 2018-03-29 2018-03-26 2018-03-31 2018-03-28 2018-03-29 2018-03-29 Initial Detection 2017-11-29 2018-03-11 2012-11-27 2018-03-10 2018-01-30 2018-03-04 2017-05-04 2018-03-05 2018-03-04 2018-03-25 2017-10-19 2018-03-05 2017-04-19 2016-09-10 2016-09-06 2017-04-25 2018-03-04 2018-03-05 2018-03-04 2018-03-05 2017-10-23 2018-03-05 2018-03-05 2018-03-04 2018-03-04 2018-03-05 2018-03-04 2018-03-04 2016-04-15 2018-03-05 2017-08-30 2018-03-04 2018-03-22 2018-01-13 2017-09-15 2017-05-01 2016-09-03 2018-03-04 2018-03-04 443 443 443 443 443 443 443 443 443 443 443 443 443 443 443 443 443 443 443 Port 9443 9443 9443 9443 9443 9443 9443 9443 9443 9443 9443 9443 9443 9443 9443 9443 9443 9443 9443 9443 Host x.x.85.58 x.x.85.70 x.x.69.14 x.x.83.93 x.x.83.72 x.x.83.87 x.x.81.67 x.x.80.40 x.x.84.117 x.x.191.11 x.x.85.156 x.x.195.78 x.x.85.194 x.x.153.60 x.x.195.85 x.x.85.204 x.x.158.35 x.x.195.86 x.x.85.205 x.x.158.37 x.x.196.45 x.x.41.176 x.x.194.92 x.x.41.185 x.x.52.235 x.x.77.138 x.x.195.17 x.x.80.168 x.x.195.19 x.x.195.68 x.x.195.115 x.x.196.166 x.x.163.121 x.x.192.229 x.x.193.151 x.x.208.143 x.x.194.154 x.x.195.101 x.x.195.146 Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Severity Trusted Trusted Trusted Trusted Trusted Trusted Trusted Trusted Trusted Trusted Trusted Trusted Trusted Trusted Trusted Trusted Trusted Trusted Trusted Trusted Trusted Trusted Trusted Trusted Trusted Trusted Trusted Trusted Trusted Trusted Trusted Trusted Trusted Trusted Trusted Trusted Trusted Trusted Trusted Be Be Be Be Be Be Be Be Be Be Be Be Be Be Be Be Be Be Be Be Be Be Be Be Be Be Be Be Be Be Be Be Be Be Be Be Be Be Be Cannot Cannot Cannot Cannot Cannot Cannot Cannot Cannot Cannot Cannot Cannot Cannot Cannot Cannot Cannot Cannot Cannot Cannot Cannot Cannot Cannot Cannot Cannot Cannot Cannot Cannot Cannot Cannot Cannot Cannot Cannot Cannot Cannot Cannot Cannot Cannot Cannot Cannot Cannot Certificate Certificate Certificate Certificate Certificate Certificate Certificate Certificate Certificate Certificate Certificate Certificate Certificate Certificate Certificate Certificate Certificate Certificate Certificate Certificate Certificate Certificate Certificate Certificate Certificate Certificate Certificate Certificate Certificate Certificate Certificate Certificate Certificate Certificate Certificate Certificate Certificate Certificate Certificate SSL SSL Vulnerability SSL SSL SSL SSL SSL SSL SSL SSL SSL SSL SSL SSL SSL SSL SSL SSL SSL SSL SSL SSL SSL SSL SSL SSL SSL SSL SSL SSL SSL SSL SSL SSL SSL SSL SSL SSL SSL Owner SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG
25 April 2, 2018 4 8 To 57 33 NA NA NA NA NA NA NA NA NA NA NA NA NA NA NA NA NA NA NA 207 193 614 192 214 214 213 620 214 214 124 618 294 209 701 888 Mitigate Days NA NA NA NA NA NA NA NA NA NA NA NA NA NA NA NA NA NA NA 11:06 02:11 02:11 11:38 02:11 02:11 22:11 13:01 22:59 18:34 21:27 03:37 09:22 03:01 17:19 13:57 16:50 23:25 06:21 13:02 (UTC) Mitigation Detected 2018-03-26 2018-04-02 2018-04-02 2018-03-31 2018-04-02 2018-04-02 2018-04-01 2018-04-01 2018-04-01 2018-03-31 2018-03-31 2018-03-28 2018-03-31 2018-03-29 2018-03-27 2018-03-31 2018-03-27 2018-03-26 2018-03-27 2018-03-31 Initial Detection 2017-11-28 2017-11-28 2017-10-10 2017-10-09 2017-09-06 2016-08-14 2017-09-20 2016-07-20 2016-08-13 2017-09-20 2016-08-14 2016-08-13 2017-08-30 2017-08-30 2017-08-30 2016-07-19 2017-08-30 2017-08-30 2017-02-15 2017-09-18 2018-03-24 2016-07-21 2018-01-30 2018-01-16 2016-07-21 2018-01-14 2018-01-13 2018-02-22 2017-01-22 2017-06-10 2017-04-22 2017-09-07 2015-04-09 2017-08-30 2016-08-13 2016-04-24 2015-10-20 2018-03-23 2017-08-30 21 21 443 443 443 443 443 443 443 443 443 443 443 443 443 443 443 443 443 443 443 443 443 443 443 443 443 443 443 443 443 443 443 Port 2010 2010 2010 2010 2010 2010 Host x.x.95.1 x.x.85.93 x.x.85.70 x.x.83.72 x.x.85.70 x.x.92.93 x.x.92.39 x.x.92.93 x.x.95.30 x.x.99.37 x.x.80.15 x.x.87.227 x.x.87.226 x.x.95.101 x.x.87.227 x.x.95.102 x.x.91.160 x.x.91.161 x.x.151.98 x.x.158.10 x.x.91.173 x.x.85.156 x.x.91.195 x.x.91.195 x.x.91.224 x.x.95.101 x.x.95.102 x.x.109.219 x.x.109.220 x.x.109.221 x.x.109.222 x.x.124.226 x.x.124.226 x.x.124.226 x.x.124.226 x.x.109.141 x.x.109.181 x.x.109.204 x.x.109.228 Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Severity Algorithm Algorithm Algorithm Algorithm Algorithm Algorithm Algorithm Algorithm Algorithm Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Hashing Hashing Hashing Hashing Hashing Hashing Hashing Hashing Hashing Suites Suites Suites Suites Suites Suites Suites Suites Suites Suites Weak Weak Weak Weak Weak Weak Weak Weak Weak Trusted Trusted Trusted Trusted Trusted Trusted Trusted Trusted Trusted Trusted Trusted Trusted Trusted Be Be Be Be Be Be Be Be Be Be Be Be Be Using Using Using Using Using Using Using Using Using Cipher Cipher Cipher Cipher Cipher Cipher Cipher Cipher Cipher Cipher Expiry Expiry Cannot Expiry Cannot Expiry Cannot Signed Signed Cannot Signed Cannot Signed Signed Cannot Signed Signed Cannot Signed Signed Cannot Cannot Cannot Cannot Cannot Cannot Expiry Expiry Expiry Strength Strength Strength Strength Strength Strength Strength Strength Strength Strength Medium Certificate Certificate Medium Certificate Certificate Medium Certificate Certificate Medium Certificate Certificate Certificate Medium Medium Certificate Certificate Medium Certificate Certificate Certificate Certificate Certificate Certificate Certificate Certificate Certificate Medium Certificate Certificate Certificate Medium Certificate Medium Certificate Certificate Certificate Certificate Certificate SSL Vulnerability SSL SSL SSL SSL SSL SSL SSL SSL SSL SSL SSL SSL SSL SSL SSL SSL SSL SSL SSL SSL SSL SSL SSL SSL SSL SSL SSL SSL SSL SSL SSL SSL SSL SSL SSL SSL SSL SSL Owner SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG
26 April 2, 2018 To 21 NA NA NA NA NA NA NA NA NA NA NA NA NA NA NA NA NA NA NA NA NA NA 124 165 468 123 472 196 475 477 474 476 472 209 207 193 192 213 Mitigate Days NA NA NA NA NA NA NA NA NA NA NA NA NA NA NA NA NA NA NA NA NA NA 22:11 04:11 04:11 02:40 04:40 20:14 14:49 04:14 10:21 13:57 02:54 03:51 16:50 13:01 22:59 18:34 21:27 (UTC) Mitigation Detected 2018-04-01 2018-03-31 2018-03-31 2018-04-02 2018-04-01 2018-03-26 2018-03-28 2018-03-31 2018-03-31 2018-03-31 2018-03-31 2018-03-27 2018-03-27 2018-04-01 2018-04-01 2018-03-31 2018-03-31 Initial Detection 2017-11-28 2017-11-29 2016-12-11 2016-12-11 2016-12-11 2017-11-28 2017-09-18 2016-12-08 2017-04-13 2017-04-13 2017-04-13 2017-03-03 2017-04-13 2017-10-19 2016-12-08 2016-12-17 2016-12-10 2017-04-13 2017-04-13 2017-04-13 2017-04-13 2017-09-13 2016-12-10 2018-03-10 2017-09-15 2016-12-09 2017-05-16 2017-05-01 2016-12-09 2016-12-09 2017-01-03 2016-12-09 2017-01-22 2017-09-07 2017-08-30 2017-09-06 2017-09-20 2017-09-20 2017-08-30 25 25 443 443 143 465 993 443 443 443 443 443 443 993 465 143 443 443 443 443 443 443 443 443 443 443 443 443 443 443 443 443 443 443 443 443 443 443 Port 2010 Host x.x.59.83 x.x.59.83 x.x.59.83 x.x.80.21 x.x.59.83 x.x.85.58 x.x.59.83 x.x.59.83 x.x.59.83 x.x.59.83 x.x.83.87 x.x.81.67 x.x.80.45 x.x.80.40 x.x.80.29 x.x.81.118 x.x.151.98 x.x.84.104 x.x.158.10 x.x.158.35 x.x.85.121 x.x.158.37 x.x.87.227 x.x.88.181 x.x.80.157 x.x.88.182 x.x.80.168 x.x.90.196 x.x.90.202 x.x.91.169 x.x.91.224 x.x.255.143 x.x.109.141 x.x.109.181 x.x.109.204 x.x.109.219 x.x.109.220 x.x.109.221 x.x.109.222 Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Severity Mitzvah) Mitzvah) Mitzvah) Mitzvah) Mitzvah) Mitzvah) Mitzvah) Mitzvah) Mitzvah) Mitzvah) Mitzvah) Mitzvah) Mitzvah) Mitzvah) Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported (Bar (Bar (Bar (Bar (Bar (Bar (Bar (Bar (Bar (Bar (Bar (Bar (Bar (Bar Suites Suites Suites Suites Suites Suites Suites Suites Suites Suites Suites Suites Suites Suites Suites Suites Suites Suites Suites Suites Suites Suites Suites Suites Suites Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Cipher Cipher Cipher Cipher Cipher Cipher Cipher Cipher Cipher Cipher Cipher Cipher Cipher Cipher Cipher Cipher Cipher Cipher Cipher Cipher Cipher Cipher Cipher Cipher Cipher Suites Suites Suites Suites Suites Suites Suites Suites Suites Suites Suites Suites Suites Suites Strength Strength Strength Strength Strength Strength Strength Strength Strength Strength Strength Strength Strength Strength Strength Strength Strength Strength Strength Strength Strength Strength Strength Strength Strength Cipher Cipher Cipher Cipher Cipher Cipher Cipher Cipher Cipher Cipher Cipher Cipher Cipher Cipher RC4 RC4 Medium Medium RC4 RC4 RC4 RC4 RC4 Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium RC4 RC4 RC4 RC4 RC4 RC4 RC4 SSL Vulnerability SSL SSL SSL SSL SSL SSL SSL SSL SSL SSL SSL SSL SSL SSL SSL SSL SSL SSL SSL SSL SSL SSL SSL SSL SSL SSL SSL SSL SSL SSL SSL SSL SSL SSL SSL SSL SSL SSL Owner SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG
27 April 2, 2018 4 To 25 27 21 29 21 26 25 12 21 23 57 26 25 26 28 25 25 25 25 25 23 NA NA NA NA NA NA NA NA NA 165 704 123 943 807 190 214 214 Mitigate Days NA NA NA NA NA NA NA NA NA 04:11 04:11 02:11 02:11 02:40 02:21 04:40 04:57 20:14 05:56 04:14 03:54 10:21 20:04 23:15 22:05 22:52 03:37 17:59 03:01 10:51 05:16 13:56 17:35 06:06 04:57 08:28 22:06 04:48 06:17 (UTC) Mitigation Detected 2018-03-31 2018-03-31 2018-04-02 2018-04-02 2018-04-02 2018-03-29 2018-04-01 2018-04-01 2018-03-26 2018-04-01 2018-03-31 2018-04-02 2018-03-31 2018-03-31 2018-03-29 2018-03-29 2018-03-26 2018-03-28 2018-03-27 2018-03-29 2018-03-31 2018-03-29 2018-03-31 2018-04-01 2018-03-29 2018-03-29 2018-03-29 2018-03-29 2018-03-29 2018-03-28 Initial Detection 2016-11-30 2017-11-29 2018-03-11 2017-09-15 2016-07-19 2017-10-19 2018-03-04 2016-04-25 2018-03-05 2015-08-27 2016-01-13 2018-03-04 2018-03-10 2018-03-05 2016-08-19 2018-03-04 2017-01-22 2018-03-05 2017-09-22 2018-03-17 2018-03-05 2018-03-24 2018-03-04 2018-03-04 2018-01-30 2017-08-30 2018-03-05 2017-08-30 2018-03-04 2017-09-18 2018-03-05 2018-03-05 2018-03-04 2018-03-04 2018-03-04 2018-03-04 2018-03-04 2018-03-05 2018-03-04 21 443 443 443 443 443 443 443 443 443 443 443 443 443 443 443 Port 9443 9443 2010 9443 9443 9443 9443 9443 9443 9443 9443 9443 9443 9443 9443 9443 9443 9443 9443 9443 9443 9443 9443 Host x.x.83.87 x.x.80.29 x.x.83.72 x.x.158.35 x.x.196.45 x.x.84.104 x.x.85.121 x.x.158.37 x.x.41.176 x.x.87.227 x.x.88.181 x.x.41.185 x.x.88.182 x.x.91.169 x.x.52.235 x.x.91.224 x.x.80.168 x.x.105.92 x.x.194.92 x.x.85.156 x.x.151.98 x.x.153.60 x.x.195.17 x.x.195.19 x.x.195.68 x.x.195.78 x.x.195.85 x.x.195.86 x.x.195.115 x.x.163.121 x.x.192.229 x.x.193.151 x.x.194.154 x.x.109.121 x.x.124.226 x.x.195.101 x.x.124.226 x.x.195.146 x.x.196.166 Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Severity Mitzvah) Mitzvah) Mitzvah) Mitzvah) Mitzvah) Mitzvah) Mitzvah) Mitzvah) Mitzvah) (Bar (Bar (Bar (Bar (Bar (Bar (Bar (Bar (Bar Supported Supported Supported Supported Supported Supported Supported Supported Supported Suites Suites Suites Suites Suites Suites Suites Suites Suites Certificate Certificate Certificate Certificate Certificate Certificate Certificate Certificate Certificate Certificate Certificate Certificate Certificate Certificate Certificate Certificate Certificate Certificate Certificate Certificate Certificate Certificate Certificate Certificate Certificate Certificate Certificate Certificate Certificate Certificate Cipher Cipher Cipher Cipher Cipher Cipher Cipher Cipher Cipher Self-Signed RC4 RC4 RC4 Self-Signed Self-Signed RC4 RC4 Self-Signed Self-Signed RC4 Self-Signed RC4 Self-Signed RC4 Self-Signed RC4 Self-Signed Self-Signed Self-Signed Self-Signed Self-Signed Self-Signed Self-Signed Self-Signed Self-Signed Self-Signed Self-Signed Self-Signed Self-Signed Self-Signed Self-Signed Self-Signed Self-Signed Self-Signed Self-Signed Self-Signed Self-Signed Self-Signed SSL Vulnerability SSL SSL SSL SSL SSL SSL SSL SSL SSL SSL SSL SSL SSL SSL SSL SSL SSL SSL SSL SSL SSL SSL SSL SSL SSL SSL SSL SSL SSL SSL SSL SSL SSL SSL SSL SSL SSL SSL Owner SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG
28 April 2, 2018 To 21 NA NA NA NA NA NA NA NA NA NA NA NA NA NA NA NA NA 213 124 943 888 807 336 209 199 207 120 193 209 192 209 213 207 193 192 Mitigate Days NA NA NA NA NA NA NA NA NA NA NA NA NA NA NA NA NA 22:11 21:27 20:14 06:21 04:14 10:21 03:04 16:50 19:52 13:01 09:49 22:59 13:33 18:34 16:50 21:27 13:01 22:59 18:34 (UTC) Mitigation Detected 2018-04-01 2018-03-31 2018-03-26 2018-03-27 2018-03-31 2018-03-31 2018-03-27 2018-03-27 2018-04-01 2018-04-01 2018-03-28 2018-04-01 2018-03-27 2018-03-31 2018-03-27 2018-03-31 2018-04-01 2018-04-01 2018-03-31 Initial Detection 2016-11-30 2017-11-28 2016-11-30 2016-11-30 2017-11-28 2017-11-28 2017-11-28 2016-07-19 2017-09-15 2017-08-30 2016-09-10 2016-09-06 2016-07-21 2015-08-27 2016-07-19 2017-04-22 2015-10-20 2016-01-13 2017-09-18 2015-02-19 2018-03-10 2016-08-19 2017-09-07 2017-04-25 2017-08-30 2017-09-07 2017-09-14 2017-09-06 2017-09-20 2017-08-30 2017-09-20 2017-08-30 2017-08-30 2017-09-06 2017-09-20 2017-09-20 443 443 443 443 443 443 443 443 443 443 443 443 443 443 443 443 443 443 443 443 443 443 443 443 443 443 443 443 443 443 443 443 443 443 443 Port 2010 Host x.x.80.29 x.x.83.87 x.x.85.58 x.x.85.70 x.x.80.29 x.x.92.93 x.x.99.37 x.x.84.104 x.x.158.10 x.x.84.104 x.x.91.195 x.x.87.227 x.x.88.181 x.x.151.98 x.x.80.157 x.x.88.182 x.x.84.104 x.x.91.169 x.x.91.224 x.x.109.222 x.x.109.141 x.x.109.181 x.x.109.141 x.x.109.204 x.x.109.142 x.x.109.219 x.x.109.143 x.x.109.220 x.x.109.151 x.x.109.221 x.x.109.181 x.x.109.222 x.x.109.204 x.x.109.219 x.x.109.220 x.x.109.221 Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Severity Sup- Supported Suites (Logjam) (Logjam) (Logjam) (Logjam) (Logjam) (Logjam) (Logjam) (Logjam) (Logjam) (Logjam) (Logjam) Suites Cipher Bits Bits Bits Bits Bits Bits Bits Bits Bits Bits Bits Cipher 1024 1024 1024 1024 1024 1024 1024 1024 1024 1024 1024 Export <= <= <= <= <= <= <= <= <= <= <= Detection Detection Detection 512-bit 512-bit <= <= Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Modulus Modulus Modulus Modulus Modulus Modulus Modulus Modulus Modulus Modulus Modulus Protocol Protocol Protocol 3 3 3 Suites Suites Suites Suites Suites Suites Suites Suites Suites Suites Suites Suites Suites Suites Suites Certificate Certificate Certificate Certificate Certificate and and and 2 2 2 Cipher Cipher Cipher Cipher Cipher Cipher Cipher Cipher Cipher Cipher Cipher Cipher Cipher Cipher Cipher EXPORT_RSA EXPORT_DHE Diffie-Hellman Diffie-Hellman Diffie-Hellman Diffie-Hellman Diffie-Hellman Diffie-Hellman Diffie-Hellman Diffie-Hellman Diffie-Hellman Diffie-Hellman Diffie-Hellman (Logjam) Weak Self-Signed Weak Self-Signed Self-Signed Weak Self-Signed Weak Self-Signed Version Weak Version Version Weak Weak Weak Weak Weak Weak Weak Weak Weak Weak SSL/TLS Vulnerability SSL SSL SSL SSL/TLS SSL SSL SSL SSL/TLS ported SSL/TLS SSL SSL (FREAK) SSL SSL SSL SSL SSL SSL SSL SSL SSL SSL/TLS SSL SSL/TLS SSL SSL/TLS SSL SSL/TLS SSL SSL/TLS SSL SSL/TLS SSL SSL/TLS SSL/TLS SSL/TLS Owner SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG
29 April 2, 2018 4 4 To 23 74 74 21 25 25 25 25 23 21 25 23 NA NA NA NA NA NA 199 193 194 162 943 807 180 336 214 192 1514 Mitigate Days NA NA NA NA NA NA 02:11 13:01 22:59 15:08 12:48 04:12 20:14 16:34 04:14 16:34 10:21 02:07 03:28 03:04 05:08 23:15 08:28 06:17 22:13 04:43 23:41 05:56 08:18 06:17 13:33 (UTC) Mitigation Detected 2018-04-02 2018-04-01 2018-04-01 2018-04-01 2018-03-28 2018-03-28 2018-03-26 2018-03-27 2018-03-31 2018-03-27 2018-03-31 2018-03-31 2018-03-29 2018-03-27 2018-03-29 2018-03-29 2018-03-29 2018-03-28 2018-03-29 2018-03-30 2018-03-27 2018-04-01 2018-03-30 2018-03-28 2018-03-27 Initial Detection 2016-11-30 2016-11-30 2018-03-11 2017-09-14 2017-09-15 2017-09-20 2017-09-20 2017-09-18 2017-10-17 2018-03-04 2015-08-27 2018-01-13 2016-01-13 2018-01-13 2018-03-10 2017-10-01 2016-08-19 2018-03-04 2017-04-25 2018-03-04 2018-03-05 2018-03-04 2018-03-05 2017-08-30 2018-03-25 2014-02-05 2018-03-04 2018-03-23 2018-03-05 2018-03-05 2017-09-16 80 80 22 22 21 21 23 22 22 443 443 443 443 443 443 443 443 443 443 443 Port 9191 2010 7547 9091 5353 5353 2131 2332 2332 2332 65000 Host x.x.83.87 x.x.81.118 x.x.12.165 x.x.84.104 x.x.226.86 x.x.87.227 x.x.175.46 x.x.88.181 x.x.175.46 x.x.88.182 x.x.91.169 x.x.91.224 x.x.195.68 x.x.84.104 x.x.195.86 x.x.105.72 x.x.192.34 x.x.136.93 x.x.195.57 x.x.195.86 x.x.109.219 x.x.109.220 x.x.143.101 x.x.143.101 x.x.195.121 x.x.195.124 x.x.193.151 x.x.124.226 x.x.127.185 x.x.163.121 x.x.109.151 Low Low Low Low Low Low Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Severity Vul- Supported Supported Supported Supported Supported Supported Supported Disclosure Encryption Suites Suites Suites Suites Suites Suites Suites Clickjacking Clickjacking Clickjacking Clickjacking Clickjacking Clickjacking Clickjacking Vulnerabilities Vulnerabilities Information Legacy to to to to to to to Cipher Cipher Cipher Cipher Cipher Cipher Cipher MitM Multiple Multiple Enabled Enabled 512-bit 512-bit 512-bit 512-bit 512-bit 512-bit 512-bit Vulnerable Vulnerable Vulnerable Vulnerable Vulnerable Vulnerable Vulnerable Oracle Network) Network) Downgraded <= <= <= <= <= <= <= 2016.72 2016.72 Authentication Ciphers Ciphers On < < XSS XSS XSS Server Server Server Server Server Padding Mode Mode (Remote (Remote Potentially Potentially Potentially Potentially Potentially Potentially Potentially Oracle Server Server Cleartext Telnet Telnet Telnet Telnet Telnet CBC CBC Generic Generic Generic AES-NI SSH SSH EXPORT_RSA EXPORT_RSA EXPORT_RSA EXPORT_RSA EXPORT_RSA EXPORT_RSA EXPORT_RSA (POODLE) Detection Detection Padding Server Server Application Application Application Application Application Server Server Server Application Application Supports Vulnerability SSL/TLS Web (FREAK) SSL/TLS Web Web Web (FREAK) SSL/TLS Web Web (FREAK) SSL/TLS Web (FREAK) SSL/TLS Web (FREAK) SSL/TLS mDNS (FREAK) SSL/TLS mDNS (FREAK) SSLv3 Dropbear Dropbear FTP nerability Unencrypted SSH OpenSSL Unencrypted SSH Unencrypted Unencrypted Unencrypted Web Web Owner SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG
30 April 2, 2018 To 21 25 21 24 25 25 25 28 21 23 18 17 25 21 25 12 25 20 16 25 21 NA NA NA NA NA NA NA NA NA NA NA 194 213 1516 1517 1514 1516 1517 Mitigate Days NA NA NA NA NA NA NA NA NA NA NA 02:11 08:18 23:15 14:37 22:31 08:28 22:06 00:28 04:48 21:43 17:35 05:56 06:17 04:43 20:04 21:27 23:15 22:29 08:28 06:52 00:28 23:15 21:43 15:46 14:37 10:51 05:16 04:57 (UTC) Mitigation Detected 2018-04-02 2018-03-30 2018-03-29 2018-04-03 2018-03-28 2018-03-29 2018-03-29 2018-04-02 2018-03-29 2018-04-01 2018-04-01 2018-04-01 2018-03-28 2018-03-30 2018-03-31 2018-03-30 2018-03-29 2018-03-29 2018-03-29 2018-03-27 2018-04-02 2018-03-29 2018-04-01 2018-03-31 2018-04-03 2018-03-31 2018-03-29 2018-03-29 Initial Detection 2018-03-11 2018-03-09 2018-03-05 2018-03-13 2018-03-04 2018-03-04 2018-03-04 2016-02-28 2017-09-18 2018-03-04 2014-02-05 2018-03-05 2018-03-04 2014-02-05 2018-03-05 2018-03-05 2014-02-05 2018-03-14 2018-03-13 2018-03-04 2018-03-05 2018-03-08 2018-03-04 2018-03-04 2018-03-14 2018-03-04 2014-02-05 2018-03-05 2017-04-13 2017-04-13 2014-02-05 2017-09-20 2018-03-04 2017-08-30 2018-03-14 2018-03-05 2018-03-14 2018-03-04 2018-03-08 22 22 22 22 22 22 22 22 22 25 22 21 465 443 Port 9191 8100 9191 9191 9191 9191 9191 9191 9191 9191 9191 9191 9191 9191 9191 9191 9191 9191 9191 9191 9191 9191 9191 33001 65000 Host x.x.59.83 x.x.59.83 x.x.81.118 x.x.195.57 x.x.195.69 x.x.195.68 x.x.12.165 x.x.195.78 x.x.89.178 x.x.195.85 x.x.89.198 x.x.153.60 x.x.195.86 x.x.105.72 x.x.196.13 x.x.192.34 x.x.192.24 x.x.195.68 x.x.192.34 x.x.89.178 x.x.89.198 x.x.195.19 x.x.109.115 x.x.193.113 x.x.195.115 x.x.194.153 x.x.193.151 x.x.147.214 x.x.163.121 x.x.192.229 x.x.196.137 x.x.193.151 x.x.193.151 x.x.193.205 x.x.109.151 x.x.124.226 x.x.194.153 x.x.194.233 x.x.195.101 Low Low Low Low Low Low Low Low Low Low Low Low Low Low Low Low Low Low Low Low Low Low Low Low Low Low Low Low Low Low Low Low Low Low Low Low Low Low Low Severity Disclosure Disclosure IP IP Credentials Credentials Enabled Enabled Credentials Credentials Credentials Enabled Enabled Credentials Credentials Enabled Credentials Credentials Credentials Credentials Credentials Credentials Credentials Credentials Credentials Credentials Credentials Credentials Credentials Credentials Credentials Credentials Supported Supported Supported Enabled Enabled Enabled Enabled Enabled Enabled Internal Internal Suites Suites Suites Ciphers Ciphers Ciphers Ciphers Ciphers Cleartext Cleartext Cleartext Cleartext Cleartext Cleartext Cleartext Cleartext Cleartext Cleartext Cleartext Cleartext Cleartext Cleartext Cleartext Cleartext Cleartext Cleartext Cleartext Cleartext Cleartext Cleartext Cleartext Header Header Mode Mode Mode Mode Mode Cipher Cipher Cipher Algorithms Algorithms Algorithms Algorithms Algorithms Algorithms CBC CBC CBC CBC CBC Transmits Transmits Transmits Transmits Transmits Transmits Transmits Transmits Transmits Transmits Transmits Transmits Transmits Transmits Transmits Transmits Transmits Transmits HTTP Transmits HTTP Transmits Transmits Transmits Transmits MAC MAC MAC MAC MAC MAC Server Server Server Server Server Weak Weak Weak Weak Weak Weak Server Server Server Server Server Server Server Server Server Server Server Server Server Server Server Server Server Server Server Server Server Server Server Server Server Anonymous Anonymous Anonymous Web Vulnerability Web SSH SSH Web Web Web SSH SSH Web Web SSH Web Web SSH Web Web Web SSH Web Web SSH SSH Web SSH Web Web SSH Web SSL SSL Web SSL Web Web Web Web Web Web Owner SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG
31 April 2, 2018 dates To 25 23 27 25 25 25 22 61 30 61 30 detection 197 423 212 Age 08:06 07:40 Days vulnerabilty. (UTC) Mitigate Days latest Detection each and for 06:46 09:41 07:20 08:21 14:02 07:20 (UTC) Latest 02:21 04:12 04:57 01:51 22:05 04:57 21:23 02:07 (UTC) 2018-03-29 2018-03-29 Detection dates Mitigation detection Latest 08:06 07:40 2018-04-03 2018-04-02 2018-04-04 2018-04-04 2018-04-01 2018-04-04 Detected (UTC) 2018-03-29 2018-03-28 2018-04-01 2018-03-29 2018-03-29 2018-03-29 2018-03-26 2018-03-31 initial detection Detection the 22:11 03:50 12:34 19:19 23:31 12:34 (UTC) Initial latest Initial 2018-03-29 2018-03-29 Detection and Detection provides 2018-03-04 2018-03-04 2018-03-05 2018-03-04 2018-03-04 2018-03-04 2018-03-05 2017-09-15 Initial 443 Port 8080 table 2018-01-31 2017-02-03 2018-03-04 2017-09-03 2018-01-29 2018-03-04 detection Port The 9191 9191 9191 9191 8000 8000 9091 8000 53 21 53 443 500 443 Host Port initial scans. x.x.83.76 the Host x.x.194.196 Host latest x.x.81.118 x.x.196.45 x.x.226.86 x.x.41.176 x.x.41.185 x.x.105.92 x.x.195.19 x.x.41.166 x.x.80.27 x.x.80.26 the provides Low x.x.250.84 x.x.192.34 x.x.192.34 x.x.124.236 in Medium Severity table Low Low Low Low Low Low Low Low High The Severity Medium Medium Medium Medium Medium Severity re-detected scans. were Disclo- latest and the Weakness Information HTTPS HTTPS HTTPS HTTPS HTTPS in mitigated, time IDs Information (BENIGNCERTAIN) Without Without Without Without Without Remote Poisoning first then Disclosure Disclosure the Credentials Credentials Credentials Credentials Session Remote Cache for Scan Vulnerabilities Handling detected, Authentication Authentication Authentication Authentication Authentication Query .htpasswd .htpasswd Random Cleartext Cleartext Cleartext Cleartext Snooping detected Bounce Packet and and Basic Non Basic Basic Basic Basic check) Port previously were Cache Recursive IKEv1 Uses Uses Transmits Transmits Transmits Transmits Uses Uses Uses Uses (cisco-sa-20160916-ikev1) that were .htaccess .htaccess IOS Detected Server that Server Privileged Server Server Server Server Server Server Server Server Server Server Apache Cisco DNS (uncredentialed Disclosure FTP Vulnerability sure DNS Apache Vulnerability Web Web Vulnerability Web Web Web Web Web Web Web Web (Previously-Mitigated) vulnerabilities new vulnerabilities the the Vulnerabilities Owner SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG lists lists Owner Owner SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG vulnerabilty. New Re-Detected section section each B.2 This B.3 This for
32 April 2, 2018 29 27 30 28 49 30 25 31 30 90 96 90 30 29 71 24 711 578 387 705 705 316 102 212 215 575 125 576 386 309 133 Age 1847 Days 11:02 11:22 11:50 11:57 11:27 11:26 15:53 06:12 07:20 10:16 21:03 02:15 10:16 10:16 09:41 15:34 12:13 16:14 17:00 12:59 17:08 00:14 05:53 09:50 04:50 02:46 18:00 12:12 07:30 18:26 12:59 19:36 (UTC) Detection Latest 2018-04-02 2018-04-02 2018-04-04 2018-03-31 2018-04-03 2018-04-03 2018-04-03 2018-04-01 2018-04-04 2018-04-02 2018-03-29 2018-04-04 2018-04-02 2018-04-02 2018-04-02 2018-03-31 2018-04-04 2018-04-03 2018-04-01 2018-04-03 2018-03-31 2018-04-04 2018-04-01 2018-03-31 2018-04-03 2018-04-01 2018-03-31 2018-04-01 2018-04-03 2018-04-03 2018-04-03 2018-04-01 11:02 15:11 11:00 14:24 09:46 12:34 12:09 10:17 23:16 02:55 02:55 04:09 17:07 20:27 10:51 12:34 03:51 21:14 16:58 17:22 12:18 02:17 18:55 19:05 12:02 21:21 04:16 19:15 02:51 08:44 01:00 01:20 (UTC) Detection Initial 2017-03-11 2018-03-04 2018-03-04 2017-11-28 2018-03-02 2017-11-19 2016-09-02 2018-03-04 2018-03-04 2018-02-08 2018-03-04 2016-04-27 2016-04-27 2013-03-12 2018-03-05 2017-05-22 2018-03-04 2018-03-04 2016-04-20 2017-12-27 2017-12-31 2018-03-04 2017-12-30 2017-12-20 2017-08-30 2017-08-30 2016-09-04 2016-09-01 2018-01-19 2017-03-13 2017-05-29 2018-03-10 25 53 53 25 25 443 443 500 443 500 500 443 443 443 443 443 443 443 443 443 443 443 443 443 443 Port 9443 9443 9443 9443 9443 9443 9443 Host x.x.85.55 x.x.85.80 x.x.80.16 x.x.18.40 x.x.80.58 x.x.84.114 x.x.84.114 x.x.191.40 x.x.192.34 x.x.193.12 x.x.250.84 x.x.196.94 x.x.80.231 x.x.196.96 x.x.192.34 x.x.81.123 x.x.162.12 x.x.79.162 x.x.165.65 x.x.80.177 x.x.191.38 x.x.81.150 x.x.85.165 x.x.109.115 x.x.193.149 x.x.194.196 x.x.109.139 x.x.195.245 x.x.196.130 x.x.196.130 x.x.208.141 x.x.241.232 Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Severity Poi- Pre- Pre- Pre- Infor- Infor- Infor- with with with Cache DDoS (ROBOT) (ROBOT) (ROBOT) Mode Mode Mode Prediction Threat Threat Threat Allowed Field Aggressive Aggressive Aggressive Amplification Oracle Oracle Oracle ID Trusted Trusted Trusted Trusted Trusted Trusted Trusted Trusted Trusted Trusted Trusted Trusted Trusted Trusted Trusted Trusted Trusted Trusted Trusted Trusted Trusted Trusted Trusted (IKE) (IKE) (IKE) Methods Be Be Be Be Be Be Be Be Be Be Be Be Be Be Be Be Be Be Be Be Be Be Be Request Query DNS TRACK Cannot Cannot Cannot Cannot Cannot Cannot Cannot Cannot Cannot Cannot Cannot Cannot Cannot Cannot Cannot Cannot Cannot Cannot Cannot Cannot Cannot Cannot Cannot / Exchange Exchange Exchange Spoofed Bleichenbacher’s Bleichenbacher’s Bleichenbacher’s Key Key Key Vendor Key Key Key Of Of Of Disclosure Disclosure Disclosure TRACE Server Certificate Certificate Certificate Certificate Certificate Certificate Certificate Certificate Certificate Certificate Certificate Certificate Certificate Certificate Certificate Certificate Certificate Certificate Certificate Certificate Certificate Certificate Certificate SSL DNS Vulnerability SSL SSL SSL HTTP SSL Internet SSL Shared Internet SSL Shared Internet SSL Shared Multiple SSL soning Return SSL mation Return mation Return mation SSL SSL SSL SSL SSL SSL SSL SSL SSL SSL SSL SSL SSL Owner SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG
33 April 2, 2018 63 79 49 49 49 574 196 421 199 207 504 196 121 102 175 207 989 131 216 212 421 215 478 121 322 322 478 131 471 473 474 421 192 322 209 209 193 193 199 Age Days 11:26 11:27 11:26 11:40 11:40 16:03 13:30 01:44 12:36 12:54 09:43 05:04 01:44 05:53 16:03 09:43 18:00 21:50 05:04 09:50 12:36 04:50 16:03 12:35 18:29 18:29 02:04 21:50 15:53 18:00 16:19 12:36 08:27 18:29 22:09 22:09 14:43 14:43 12:54 (UTC) Detection Latest 2018-04-03 2018-04-03 2018-04-03 2018-04-04 2018-04-04 2018-04-03 2018-03-30 2018-03-29 2018-04-01 2018-04-01 2018-04-02 2018-04-01 2018-03-29 2018-04-01 2018-04-03 2018-04-02 2018-03-31 2018-04-02 2018-04-01 2018-03-31 2018-04-01 2018-04-03 2018-04-03 2018-04-03 2018-03-31 2018-03-31 2018-04-01 2018-04-02 2018-04-03 2018-03-31 2018-04-01 2018-04-01 2018-04-01 2018-03-31 2018-04-02 2018-04-02 2018-04-02 2018-04-02 2018-04-01 11:52 11:52 08:11 05:50 13:16 21:15 06:44 21:54 19:06 22:58 21:15 23:15 02:17 14:16 19:06 14:15 20:16 18:55 06:44 19:05 17:26 07:21 12:15 23:15 08:21 08:21 21:01 14:47 05:10 06:44 21:54 08:21 13:18 13:18 19:08 19:08 22:49 22:49 21:54 (UTC) Detection Initial 2017-11-22 2017-11-22 2016-11-12 2016-12-13 2016-09-06 2018-01-26 2017-09-13 2017-02-04 2017-09-13 2017-09-06 2017-09-13 2017-12-02 2017-12-20 2017-10-10 2017-09-06 2015-07-16 2017-08-27 2017-08-30 2017-02-04 2017-08-30 2018-01-13 2018-02-13 2016-12-10 2017-12-02 2017-05-13 2017-05-13 2016-12-08 2016-12-18 2016-12-13 2017-02-04 2017-09-20 2017-05-13 2018-02-12 2018-02-12 2017-09-06 2017-09-06 2017-09-20 2017-09-20 2017-09-13 25 443 443 443 443 443 443 443 443 443 443 443 443 443 443 443 443 443 443 443 443 443 443 443 443 443 443 443 443 443 443 443 443 443 443 443 443 443 443 Port Host x.x.85.95 x.x.87.20 x.x.85.95 x.x.85.95 x.x.80.12 x.x.80.16 x.x.85.55 x.x.85.112 x.x.88.224 x.x.91.200 x.x.165.65 x.x.80.177 x.x.91.200 x.x.162.12 x.x.85.204 x.x.88.224 x.x.79.162 x.x.165.65 x.x.91.249 x.x.91.249 x.x.80.177 x.x.85.204 x.x.88.224 x.x.91.249 x.x.109.217 x.x.109.209 x.x.109.224 x.x.109.217 x.x.241.232 x.x.109.224 x.x.100.234 x.x.109.131 x.x.109.139 x.x.109.139 x.x.109.201 x.x.109.201 x.x.109.203 x.x.109.203 x.x.109.209 Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Severity Algorithm Algorithm Algorithm Mitzvah) Mitzvah) Mitzvah) Mitzvah) Mitzvah) Mitzvah) Mitzvah) Mitzvah) Mitzvah) Mitzvah) Mitzvah) Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Hashing Hashing Hashing (Bar (Bar (Bar (Bar (Bar (Bar (Bar (Bar (Bar (Bar (Bar Suites Suites Suites Suites Suites Suites Suites Suites Suites Suites Suites Suites Suites Suites Suites Suites Suites Suites Weak Weak Weak Trusted Trusted Trusted Trusted Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Be Be Be Be Using Using Using Cipher Cipher Cipher Cipher Cipher Cipher Cipher Cipher Cipher Cipher Cipher Cipher Cipher Cipher Cipher Cipher Cipher Cipher Suites Suites Suites Suites Suites Suites Suites Suites Suites Suites Suites Cannot Cannot Cannot Cannot Expiry Expiry Expiry Signed Signed Signed Strength Strength Strength Strength Strength Strength Strength Strength Strength Strength Strength Strength Strength Strength Strength Strength Strength Strength Cipher Cipher Cipher Cipher Cipher Cipher Cipher Cipher Cipher Cipher Cipher RC4 Certificate Certificate Certificate RC4 Certificate Medium RC4 Certificate Medium RC4 Certificate Certificate Medium RC4 RC4 Certificate Medium RC4 Certificate Certificate Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium RC4 Medium RC4 Medium RC4 Medium RC4 SSL SSL Vulnerability SSL SSL SSL SSL SSL SSL SSL SSL SSL SSL SSL SSL SSL SSL SSL SSL SSL SSL SSL SSL SSL SSL SSL SSL SSL SSL SSL SSL SSL SSL SSL SSL SSL SSL SSL SSL SSL Owner SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG
34 April 2, 2018 30 29 27 17 29 27 28 28 30 28 28 25 49 31 57 49 196 207 705 322 209 215 578 574 193 196 209 621 187 207 193 322 298 192 195 391 197 Age 1088 Days 11:22 11:22 11:50 11:40 11:40 00:14 06:12 08:38 06:12 10:16 01:44 00:17 02:15 09:43 12:34 10:16 18:29 15:13 15:34 22:09 04:50 12:12 15:53 16:03 14:43 22:09 01:44 02:04 20:23 09:43 14:43 18:29 09:41 01:44 22:48 12:39 12:39 13:17 (UTC) Detection Latest 2018-04-02 2018-04-02 2018-04-04 2018-04-04 2018-04-04 2018-04-04 2018-04-01 2018-04-01 2018-04-01 2018-04-02 2018-03-29 2018-04-03 2018-04-04 2018-04-02 2018-04-02 2018-04-02 2018-03-31 2018-04-02 2018-03-31 2018-04-02 2018-04-03 2018-04-01 2018-04-03 2018-04-03 2018-04-02 2018-04-02 2018-03-29 2018-04-01 2018-04-03 2018-04-02 2018-04-02 2018-03-31 2018-04-02 2018-03-29 2018-03-30 2018-04-01 2018-04-01 2018-03-31 11:02 15:11 11:02 15:11 17:22 23:28 12:09 21:15 14:26 23:16 19:06 17:51 02:55 08:21 03:31 17:07 13:18 10:51 19:08 19:05 22:10 14:24 05:50 22:49 13:18 21:15 19:08 15:44 23:43 19:06 22:49 08:21 01:00 22:41 13:21 16:01 19:49 08:54 (UTC) Detection Initial 2018-03-04 2018-03-04 2018-03-04 2018-03-04 2018-03-04 2018-03-14 2018-03-04 2017-09-13 2018-03-05 2018-03-04 2017-09-06 2018-03-04 2016-04-27 2017-05-13 2018-03-05 2018-03-05 2018-02-12 2018-03-04 2017-09-06 2017-08-30 2018-02-02 2016-09-02 2016-09-06 2017-09-20 2018-02-12 2017-09-13 2017-09-06 2016-07-18 2017-09-27 2017-09-06 2017-09-20 2017-05-13 2017-06-08 2017-09-17 2017-09-16 2017-03-05 2017-09-15 2015-04-08 25 80 80 443 443 443 443 443 443 443 443 443 443 443 443 443 443 443 443 443 443 443 443 443 Port 9443 9191 9443 9443 9443 9191 9191 9191 9443 9191 9191 9443 9443 6002 Host x.x.80.58 x.x.85.55 x.x.85.95 x.x.45.66 x.x.85.112 x.x.192.16 x.x.193.12 x.x.193.12 x.x.91.249 x.x.196.94 x.x.196.96 x.x.79.162 x.x.91.249 x.x.250.84 x.x.81.126 x.x.87.205 x.x.87.205 x.x.93.146 x.x.109.115 x.x.193.149 x.x.194.196 x.x.109.217 x.x.193.149 x.x.194.150 x.x.195.245 x.x.109.224 x.x.196.134 x.x.196.130 x.x.196.200 x.x.109.139 x.x.109.201 x.x.109.203 x.x.109.139 x.x.109.217 x.x.109.201 x.x.109.224 x.x.109.203 x.x.109.217 Low Low Low Low Low Low Low Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Severity Sup- (Logjam) (Logjam) (Logjam) (Logjam) (Logjam) (Logjam) (Logjam) Suites Bits Bits Bits Bits Bits Bits Bits Clickjacking Clickjacking to to Cipher 1024 1024 1024 1024 1024 1024 1024 <= <= <= <= <= <= <= Credentials Credentials Credentials Credentials Credentials Credentials 512-bit Injection Vulnerable Vulnerable Detection <= Supported Supported Supported Supported Supported Supported Modulus Modulus Modulus Modulus Modulus Modulus Modulus Cleartext Cleartext Cleartext Cleartext Cleartext Cleartext Cookie XSS Server Suites Suites Suites Suites Suites Suites Balancer Certificate Certificate Certificate Certificate Certificate Certificate Certificate Certificate Certificate Certificate Certificate Certificate Potentially Potentially Telnet Transmits Transmits Transmits Transmits Transmits Transmits Generic Generic Load Cipher Cipher Cipher Cipher Cipher Cipher EXPORT_RSA Diffie-Hellman Diffie-Hellman Diffie-Hellman Diffie-Hellman Diffie-Hellman Diffie-Hellman Diffie-Hellman (FREAK) Server Server Server Server Server Server Application Application Server Server Server Self-Signed Self-Signed Self-Signed Self-Signed Self-Signed Weak Self-Signed Weak Self-Signed Self-Signed Self-Signed Self-Signed Self-Signed Self-Signed Weak Weak Weak Weak Web SSL SSL SSL SSL Vulnerability Web Web Web SSL SSL Web SSL SSL Web SSL SSL/TLS SSL SSL/TLS SSL SSL/TLS SSL SSL SSL SSL SSL/TLS SSL SSL/TLS SSL SSL/TLS SSL/TLS SSL/TLS SSL ported Unencrypted Web Web Web Web Web Owner SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG
35 April 2, 2018 be each will for 0 0 0 0 0 0 0 0 20 21 20 62 999 999 902 815 803 193 Age dates 1950 1946 29 25 30 25 24 Days Age Days vulnerabilities 11:42 01:30 02:24 02:24 02:24 02:24 16:08 03:55 01:30 02:39 02:39 02:24 03:21 02:24 04:55 02:24 02:15 02:24 02:24 00:20 detection (UTC) 10:41 15:34 13:35 10:47 00:51 these (UTC) Detection latest Detection likely and Latest 2018-03-27 2018-04-03 2018-03-31 2018-03-31 2018-03-31 2018-03-31 2018-03-27 2018-03-31 2018-04-03 2018-03-31 2018-03-31 2018-03-31 2018-03-31 2018-03-31 2018-03-29 2018-03-31 2018-03-27 2018-03-31 2018-03-31 2018-04-01 Latest 2018-04-04 2018-03-31 2018-04-04 2018-03-30 2018-04-03 highly is it detection 00:11 00:11 12:30 02:24 02:24 02:24 02:24 18:15 22:43 01:41 12:30 02:24 22:55 02:24 16:34 02:24 22:23 02:24 15:45 04:02 (UTC) 12:17 17:07 20:48 14:46 02:53 (UTC) not, Detection initial Detection were the Initial 2012-11-26 2012-11-27 2015-07-06 2015-07-06 2018-03-13 2018-03-31 2018-03-31 2018-03-31 2018-03-31 2018-03-05 2018-03-13 2018-03-31 2015-10-10 2018-03-31 2016-01-03 2018-03-31 2016-01-13 2018-03-31 2017-09-18 2018-01-28 Initial they 2018-03-05 2018-03-05 2018-03-04 2018-03-04 2018-03-09 If 21 21 21 21 21 21 21 21 21 22 provides 443 500 443 443 443 443 Port 8100 8100 8443 49152 Port 9191 9191 9191 9191 8080 table The Host organization. Host x.x.81.67 your x.x.90.211 x.x.90.211 x.x.195.86 x.x.83.163 x.x.80.153 x.x.90.183 x.x.88.181 x.x.105.72 x.x.9.184 scans. x.x.194.153 x.x.124.236 x.x.124.236 x.x.124.236 x.x.124.236 x.x.194.153 x.x.124.236 x.x.124.236 x.x.124.236 x.x.124.236 x.x.124.236 x.x.196.94 x.x.197.47 x.x.196.250 x.x.195.142 by latest High High High High High High High Low Low Low Low Low the Critical Critical Critical Critical Critical Critical Medium Medium Medium Medium Medium Medium Medium Severity in mitigated Severity actively detected Multiple not were Vulnerabili- Pre-Shared HTTPS but 1.6.18 with below < Multiple Credentials Password Without report, Mode Mitzvah) Mitzvah) Mitzvah) last 2.4.26 Account (libupnp) (Bar (Bar (Bar Credentials Credentials Credentials Credentials Default Account < the FTP vulnerabilities RCE Account Account Aggressive 2.4.x Detection Administrator Server since / Authentication Trusted Trusted the ’admin’ Devices Password Cleartext Cleartext Cleartext Cleartext if Supported Supported Supported Be Be Default (IKE) FTP Guest NULL FTP Account Basic FTP Overflows UPnP verify detected for Backdoor Suites Suites Suites Certificate Key FTP to 2.2.33-dev Cannot Cannot for Transmits Transmits Transmits Transmits Uses Server Unpassworded < Manager Buffer were Exchange RSA Server Unsupported Cipher Cipher Cipher FTP SM-Ethernet SDK Default that 2.2.x Key Server Server Server Server Server Hard-Coded Password Vulnerabilities Unpassworded Default SSH Device FTP Self-Signed Certificate RC4 Certificate RC4 RC4 Web Vulnerability Web Web Web Web recommended Portable Vulnerability Janitza Wyse PFTP Internet ties Emerson Stack-based OpenSSL SSL Key SSL Linux SSL SSL Default SSL WFTP SSL Windows XAMPP Small Apache scans. vulnerabilities future strongly the by is Owner It lists SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG Owner SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG again Recently-Detected section B.4 This detected vulnerabilty.
36 April 2, 2018 411 411 472 476 803 476 476 803 476 712 760 476 700 476 615 613 476 609 476 574 476 475 574 470 470 569 464 472 476 570 451 476 Age Days 11:42 00:47 02:39 13:07 02:15 09:53 09:53 02:15 09:53 12:48 23:59 09:53 00:43 09:53 07:20 01:48 09:53 01:41 09:53 04:55 09:53 01:41 04:55 02:15 00:53 00:47 00:43 03:50 09:53 04:55 03:21 13:07 (UTC) Detection Latest 2018-03-27 2018-03-27 2018-03-31 2018-03-30 2018-03-27 2018-03-31 2018-03-31 2018-03-27 2018-03-31 2018-03-28 2018-03-26 2018-03-31 2018-03-27 2018-03-31 2018-03-27 2018-03-27 2018-03-31 2018-03-31 2018-03-31 2018-03-29 2018-03-31 2018-03-31 2018-03-29 2018-03-27 2018-03-27 2018-03-27 2018-03-27 2018-03-31 2018-03-31 2018-03-29 2018-03-31 2018-03-30 11:28 21:11 21:36 23:38 21:46 22:23 06:17 06:17 22:23 06:17 13:44 06:17 22:27 06:17 22:26 18:50 06:17 20:55 06:17 03:36 06:17 16:10 03:36 10:30 18:43 20:55 13:01 10:02 10:57 18:28 13:49 21:46 (UTC) Detection Initial 2017-02-11 2016-04-15 2016-12-11 2016-12-11 2016-09-03 2017-02-11 2016-12-09 2016-12-09 2016-01-13 2016-12-10 2016-12-10 2016-01-13 2016-12-10 2016-02-25 2016-12-10 2016-04-25 2016-12-10 2016-07-19 2016-07-21 2016-12-10 2016-07-29 2016-12-10 2016-09-01 2016-12-10 2016-12-10 2016-09-01 2016-12-17 2016-12-09 2016-12-09 2016-09-06 2017-01-01 2016-12-09 443 443 443 443 443 443 443 443 443 443 443 443 443 443 443 443 443 443 443 443 443 443 443 443 443 443 443 443 443 Port 8443 8443 8443 Host x.x.69.14 x.x.81.67 x.x.83.35 x.x.90.211 x.x.81.118 x.x.80.168 x.x.88.188 x.x.88.181 x.x.84.103 x.x.84.103 x.x.88.181 x.x.84.103 x.x.80.153 x.x.84.103 x.x.85.121 x.x.84.103 x.x.91.160 x.x.91.173 x.x.84.103 x.x.82.146 x.x.84.103 x.x.90.183 x.x.84.103 x.x.82.146 x.x.90.183 x.x.88.181 x.x.80.168 x.x.85.121 x.x.84.103 x.x.90.183 x.x.80.153 x.x.88.188 Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Severity Vul- Sup- Supported Supported Supported Downgrade Suites Encryption (Logjam) Suites Suites Suites Cipher Bits Disclosure Mitzvah) Mitzvah) Legacy Ciphersuite Cipher Cipher Cipher Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported 1024 Export (Bar (Bar <= Detection Suites Suites Suites Suites Suites Suites Suites Suites Suites Suites Suites 512-bit 512-bit 512-bit Information 512-bit Resume Trusted Trusted Trusted Trusted Trusted Trusted Downgraded <= <= <= <= Supported Supported Supported Modulus Supported Supported Be Be Be Be Be Be On Cipher Cipher Cipher Cipher Cipher Cipher Cipher Cipher Cipher Cipher Cipher Header Protocol SSL_OP_NETSCAPE_REUSE_CIPHER_ 3 Suites Suites Suites Session Suites Suites Certificate Oracle Cannot Cannot Cannot Cannot Cannot Cannot ETag and Strength Strength Strength Strength Strength Strength Strength Strength Strength Strength Strength 2 Cipher Cipher Cipher Cipher Cipher EXPORT_RSA EXPORT_RSA EXPORT_RSA EXPORT_DHE Diffie-Hellman (POODLE) Server Padding (Logjam) Medium Weak Weak Medium Version RC4 Certificate Medium Certificate Certificate Weak Certificate RC4 Self-Signed Medium Medium Certificate Medium Medium Certificate Medium Medium Medium Medium SSL SSL Vulnerability SSL SSL SSL/TLS SSL/TLS (FREAK) SSL/TLS ported SSL (FREAK) Apache OpenSSL SSL SSL CHANGE_BUG Issue SSL SSL SSLv3 SSL SSL/TLS nerability SSL SSL SSL SSL SSL SSL SSL SSL SSL SSL SSL SSL SSL SSL SSL/TLS (FREAK) Owner SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG
37 April 2, 2018 411 411 289 295 210 242 210 210 210 242 242 242 242 342 217 217 217 217 340 218 340 218 340 215 210 215 340 337 210 328 328 328 328 295 295 Age Days
11:05 11:08 11:08 11:08 11:50 11:50 00:24 13:07 00:24 00:24 13:07 00:24 01:34 01:34 12:46 17:14 17:14 17:14 17:14 03:52 03:32 03:52 03:32 03:52 00:24 03:52 20:21 00:24 03:58 03:58 03:58 03:58 14:52 09:59 09:59 (UTC) Detection Latest 2018-03-27 2018-03-30 2018-03-30 2018-03-30 2018-03-30 2018-03-30 2018-03-29 2018-03-30 2018-03-29 2018-03-29 2018-03-30 2018-03-29 2018-03-31 2018-03-31 2018-03-30 2018-03-27 2018-03-27 2018-03-27 2018-03-27 2018-03-31 2018-03-31 2018-03-31 2018-03-31 2018-03-31 2018-03-29 2018-03-31 2018-03-28 2018-03-29 2018-03-31 2018-03-31 2018-03-31 2018-03-31 2018-03-27 2018-03-31 2018-03-31
11:59 11:59 11:59 11:59 17:28 19:39 01:36 21:46 17:28 17:28 21:46 17:28 01:36 02:01 02:01 01:36 21:57 13:14 13:14 13:14 13:14 17:12 00:16 17:12 00:16 17:12 04:02 17:28 04:02 17:12 17:09 17:28 22:13 20:10 20:10 (UTC)
Detection Initial 2017-02-11 2017-02-11 2017-05-06 2017-05-06 2017-05-06 2017-05-06 2017-08-30 2017-06-10 2017-07-31 2017-08-30 2017-08-30 2017-08-30 2017-07-31 2017-07-31 2017-07-31 2017-07-31 2017-04-21 2017-08-22 2017-08-22 2017-08-22 2017-08-22 2017-04-24 2017-08-25 2017-04-24 2017-08-25 2017-04-24 2017-08-27 2017-08-30 2017-08-27 2017-04-24 2017-04-25 2017-08-30 2017-06-04 2017-06-08 2017-06-08 21 21 21 443 443 443 443 443 443 443 443 443 443 500 443 443 443 443 443 443 443 443 443 443 443 443 443 443 443 443 443 443 443 443 443 Port
Host x.x.95.1 x.x.95.1 x.x.95.1 x.x.95.1 x.x.92.39 x.x.80.51 x.x.80.51 x.x.80.52 x.x.80.52 x.x.191.11 x.x.80.233 x.x.88.188 x.x.88.188 x.x.80.233 x.x.80.233 x.x.80.235 x.x.91.175 x.x.82.194 x.x.91.175 x.x.82.194 x.x.91.175 x.x.88.187 x.x.88.187 x.x.91.175 x.x.91.156 x.x.91.156 x.x.91.156 x.x.91.156 x.x.82.192 x.x.124.226 x.x.124.226 x.x.124.226 x.x.124.226 x.x.124.226 x.x.124.226 Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Severity Supported Supported Supported Pre-Shared with Suites Suites Suites Algorithm Algorithm Mode Mitzvah) Mitzvah) Mitzvah) Mitzvah) Mitzvah) Cipher Cipher Cipher Supported Supported Supported Supported Supported Supported Supported Supported Supported Hashing Hashing (Bar (Bar (Bar (Bar (Bar Suites Suites Suites Suites Suites Suites Suites Suites Suites Weak Weak 512-bit 512-bit 512-bit Aggressive Trusted Trusted Trusted Trusted Trusted Trusted Trusted Trusted <= <= <= Supported Supported Supported Supported Supported Supported Supported Supported Be Be Be Be Be Be Be Be Using Using (IKE) Cipher Cipher Cipher Cipher Cipher Cipher Cipher Cipher Cipher Suites Suites Suites Suites Suites Suites Suites Suites Certificate Certificate Cannot Cannot Cannot Signed Signed Cannot Expiry Cannot Expiry Cannot Cannot Cannot Strength Strength Strength Strength Strength Strength Strength Strength Strength Exchange Cipher Cipher Cipher Cipher Cipher Cipher Cipher Cipher EXPORT_RSA EXPORT_RSA EXPORT_RSA Key Certificate Certificate RC4 Certificate Self-Signed Medium Certificate Certificate Medium RC4 Medium Medium Weak RC4 Certificate RC4 Certificate Medium Certificate Weak Certificate Medium Medium Certificate Certificate RC4 Medium Weak Medium Certificate Self-Signed
SSL SSL Vulnerability SSL SSL SSL SSL SSL SSL Internet SSL SSL/TLS SSL SSL Key SSL/TLS SSL SSL (FREAK) SSL SSL (FREAK) SSL SSL SSL SSL SSL SSL SSL SSL SSL SSL/TLS SSL (FREAK) SSL SSL SSL SSL SSL SSL
Owner SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG
38 April 2, 2018 210 201 187 196 196 196 187 210 196 194 187 194 209 191 187 209 195 192 190 189 188 209 188 188 188 185 188 184 209 184 212 209 212 212 202 202 202 202 201 Age Days 11:06 00:24 14:52 16:31 01:44 01:44 01:44 16:31 00:24 01:44 09:33 16:31 17:15 19:44 16:31 19:44 22:48 01:44 19:44 13:15 20:09 19:44 20:09 20:09 20:09 00:47 20:09 10:22 19:44 10:22 23:14 01:39 09:50 09:50 09:33 09:33 09:33 09:33 00:23 (UTC) Detection Latest 2018-03-26 2018-03-29 2018-03-27 2018-03-27 2018-03-29 2018-03-29 2018-03-29 2018-03-27 2018-03-29 2018-03-29 2018-03-28 2018-03-27 2018-03-28 2018-03-27 2018-03-27 2018-03-27 2018-03-30 2018-03-29 2018-03-27 2018-03-28 2018-03-28 2018-03-27 2018-03-28 2018-03-28 2018-03-28 2018-03-27 2018-03-28 2018-03-26 2018-03-27 2018-03-26 2018-03-30 2018-03-28 2018-03-31 2018-03-31 2018-03-28 2018-03-28 2018-03-28 2018-03-28 2018-03-27 17:28 05:05 22:07 21:15 21:15 21:15 22:07 17:28 21:15 22:35 22:07 22:43 17:29 00:56 22:07 17:29 13:21 22:41 23:14 02:43 20:40 17:29 20:40 20:40 20:40 03:44 20:40 15:01 17:29 15:01 18:32 18:41 18:55 18:55 18:54 18:54 18:54 18:54 18:54 (UTC) Detection Initial 2017-08-30 2017-09-07 2017-09-20 2017-09-13 2017-09-13 2017-09-13 2017-09-20 2017-08-30 2017-09-13 2017-09-14 2017-09-20 2017-09-14 2017-08-30 2017-09-16 2017-09-20 2017-08-30 2017-09-16 2017-09-17 2017-09-17 2017-09-20 2017-09-20 2017-08-30 2017-09-20 2017-09-20 2017-09-20 2017-09-22 2017-09-20 2017-09-22 2017-08-30 2017-09-22 2017-08-30 2017-08-30 2017-08-30 2017-08-30 2017-09-06 2017-09-06 2017-09-06 2017-09-06 2017-09-06 21 80 80 80 443 443 443 443 443 443 443 443 443 443 443 443 443 443 443 443 443 443 443 443 443 443 443 443 443 443 443 443 443 443 443 443 443 443 Port 8443 Host x.x.82.192 x.x.81.126 x.x.80.168 x.x.80.107 x.x.80.107 x.x.136.75 x.x.77.138 x.x.162.12 x.x.162.12 x.x.109.221 x.x.124.226 x.x.109.221 x.x.124.226 x.x.109.217 x.x.109.217 x.x.109.217 x.x.109.221 x.x.109.217 x.x.109.219 x.x.109.222 x.x.109.142 x.x.109.221 x.x.109.222 x.x.255.149 x.x.109.222 x.x.109.217 x.x.109.222 x.x.143.101 x.x.109.220 x.x.109.220 x.x.109.220 x.x.109.220 x.x.109.222 x.x.109.220 x.x.109.219 x.x.109.219 x.x.109.219 x.x.109.219 x.x.109.223 Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Severity (Logjam) (Logjam) (Logjam) (Logjam) (Logjam) (Logjam) Bits Bits Bits Bits Bits Bits Clickjacking Clickjacking Clickjacking Clickjacking Clickjacking Clickjacking Clickjacking Mitzvah) Mitzvah) Mitzvah) Mitzvah) Mitzvah) to to to to to to to Supported Supported Supported Supported Supported Supported 1024 Supported 1024 1024 1024 1024 1024 (Bar (Bar (Bar (Bar (Bar <= <= <= <= <= <= Suites Suites Suites Suites Suites Suites Suites Disclosure Vulnerable Vulnerable Vulnerable Vulnerable Vulnerable Vulnerable Vulnerable Trusted Trusted Trusted Trusted Supported Supported Supported Supported Supported Modulus Modulus Modulus Modulus Modulus Modulus Supported Supported Supported Supported Supported Be Be Be Be Cipher Cipher Cipher Cipher Cipher Cipher Cipher Suites Suites Suites Suites Suites Information Suites Suites Suites Suites Suites Certificate Certificate Certificate Potentially Potentially Potentially Potentially Potentially Potentially Potentially Cannot Cannot Cannot Cannot Strength Strength Strength Strength Disclosure Strength Strength Strength Error Cipher Cipher Cipher Cipher Cipher Cipher Cipher Cipher Cipher Cipher Diffie-Hellman Diffie-Hellman Diffie-Hellman Diffie-Hellman Diffie-Hellman Diffie-Hellman Files Application Application Application Application Application Application Application Self-Signed Self-Signed Medium Weak RC4 Medium RC4 Weak Medium Self-Signed RC4 Weak RC4 Weak Medium Certificate Certificate Certificate Medium Medium Weak RC4 Medium Certificate Detailed SSL/TLS Vulnerability SSL SSL SSL/TLS SSL SSL SSL SSL SSL SSL/TLS Web SSL/TLS SSL IIS SSL Web SSL SSL Web Web Web Web SSL/TLS SSL SSL SSL SSL Backup Web SSL SSL SSL SSL SSL/TLS SSL SSL SSL SSL SSL Owner SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG
39 April 2, 2018 24 90 93 93 85 88 84 81 72 72 62 63 49 24 24 119 119 119 119 119 119 119 119 119 184 184 176 160 160 149 160 140 Age Days 11:37 05:01 00:09 02:10 00:09 02:10 00:53 10:30 01:39 10:30 09:59 02:39 10:30 02:16 10:04 03:50 18:33 18:33 12:07 18:33 03:31 18:33 18:33 14:12 18:33 02:10 14:12 10:52 13:30 21:03 08:34 08:34 (UTC) Detection Latest 2018-03-30 2018-03-29 2018-03-31 2018-03-28 2018-03-31 2018-03-28 2018-03-27 2018-03-28 2018-03-28 2018-03-28 2018-03-31 2018-03-31 2018-03-28 2018-03-31 2018-03-26 2018-03-31 2018-03-28 2018-03-28 2018-03-27 2018-03-28 2018-03-27 2018-03-28 2018-03-28 2018-03-26 2018-03-28 2018-03-28 2018-03-26 2018-03-28 2018-03-30 2018-03-29 2018-03-29 2018-03-29 11:59 11:06 11:06 23:45 01:53 23:45 01:53 18:22 04:57 05:52 04:57 16:17 18:48 04:57 05:31 10:42 15:28 10:02 21:32 21:32 23:16 21:32 12:23 21:32 21:32 01:23 21:32 01:53 01:23 22:41 13:16 10:17 (UTC) Detection Initial 2018-03-04 2017-11-29 2017-11-29 2017-11-01 2017-11-10 2017-11-28 2017-11-28 2017-11-28 2017-11-28 2017-11-28 2017-11-28 2017-11-29 2018-03-04 2018-03-04 2017-09-27 2017-09-27 2017-10-01 2017-10-19 2017-12-27 2017-10-19 2017-12-27 2017-12-27 2017-10-19 2017-12-30 2018-01-01 2018-01-01 2018-01-04 2018-01-13 2018-01-13 2018-01-24 2018-01-26 2018-02-08 80 443 443 443 443 443 443 443 443 443 443 443 443 443 443 443 443 443 443 443 443 443 443 443 443 443 443 Port 9443 9091 7547 9443 9443 Host x.x.80.52 x.x.90.62 x.x.83.35 x.x.83.86 x.x.87.20 x.x.81.118 x.x.90.211 x.x.196.93 x.x.158.37 x.x.158.37 x.x.158.35 x.x.77.138 x.x.158.35 x.x.158.35 x.x.81.241 x.x.84.104 x.x.158.10 x.x.158.10 x.x.81.124 x.x.158.10 x.x.84.103 x.x.158.10 x.x.158.10 x.x.175.46 x.x.158.10 x.x.158.37 x.x.175.46 x.x.194.79 x.x.194.79 x.x.109.207 x.x.109.207 x.x.109.139 Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Severity Informa- Informa- Informa- Informa- Informa- Informa- Informa- (Logjam) Algorithm (ROBOT) (ROBOT) (ROBOT) (ROBOT) (ROBOT) (ROBOT) (ROBOT) Bits Clickjacking Mitzvah) Mitzvah) to Supported Supported Supported Supported 1024 Threat Threat Threat Threat Threat Threat Threat Hashing (Bar (Bar Allowed <= Suites Suites Suites Suites Weak Oracle Oracle Oracle Oracle Oracle Oracle Oracle Vulnerable Trusted Trusted Trusted Trusted Trusted Trusted Trusted Trusted Modulus Methods Supported Supported Be Be Be Be Be Be Be Be Using Cipher Cipher Cipher Cipher XSS XSS XSS Suites Suites Certificate Certificate Certificate Certificate Potentially TRACK Cannot Cannot Cannot Cannot Cannot Signed Cannot Cannot Cannot / Strength Strength Strength Strength Generic Generic Generic Bleichenbacher’s Bleichenbacher’s Bleichenbacher’s Bleichenbacher’s Bleichenbacher’s Bleichenbacher’s Bleichenbacher’s Cipher Cipher Diffie-Hellman Of Of Of Of Of Of Of TRACE Server Application Server Server Certificate RC4 Medium Certificate Medium Certificate Self-Signed Certificate Medium RC4 Self-Signed Certificate Certificate Medium Self-Signed Certificate Certificate Certificate Self-Signed Disclosure Disclosure Disclosure Disclosure Disclosure Disclosure Disclosure SSL Vulnerability SSL SSL SSL Web Return SSL SSL tion Return SSL tion Return tion Return Web SSL SSL/TLS tion Return tion Return SSL SSL tion Return SSL tion Web SSL SSL Web SSL SSL SSL SSL HTTP SSL SSL Owner SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG
40 April 2, 2018 21 27 24 21 24 21 27 21 24 25 25 30 21 21 25 21 25 21 25 25 25 25 25 25 25 25 23 29 29 23 22 22 29 20 21 Age Days 08:57 03:51 05:01 07:39 01:47 07:39 03:51 16:08 01:47 00:33 00:33 16:14 09:07 09:07 00:33 08:02 00:33 08:02 00:33 22:29 00:33 22:29 01:21 21:32 01:21 21:32 15:59 14:16 14:16 15:59 01:21 01:21 14:16 05:07 08:57 (UTC) Detection Latest 2018-03-27 2018-04-01 2018-03-29 2018-03-27 2018-03-29 2018-03-27 2018-04-01 2018-03-27 2018-03-29 2018-03-30 2018-03-30 2018-04-03 2018-03-26 2018-03-26 2018-03-30 2018-03-26 2018-03-30 2018-03-26 2018-03-30 2018-03-29 2018-03-30 2018-03-29 2018-03-30 2018-03-29 2018-03-30 2018-03-29 2018-03-28 2018-04-03 2018-04-03 2018-03-28 2018-03-28 2018-03-28 2018-04-03 2018-03-26 2018-03-27 11:59 11:04 11:04 11:50 16:28 00:07 17:24 12:16 17:24 00:07 18:15 12:16 00:10 00:10 12:34 14:46 14:46 00:10 17:09 00:10 17:09 00:10 19:06 00:10 19:06 00:23 19:28 00:23 19:28 01:17 20:45 20:45 01:17 20:45 16:28 (UTC) Detection Initial 2018-03-04 2018-03-05 2018-03-05 2018-03-05 2018-03-05 2018-03-05 2018-03-05 2018-03-04 2018-03-05 2018-03-05 2018-03-05 2018-03-04 2018-03-05 2018-03-05 2018-03-04 2018-03-04 2018-03-04 2018-03-05 2018-03-04 2018-03-05 2018-03-04 2018-03-05 2018-03-04 2018-03-05 2018-03-04 2018-03-05 2018-03-04 2018-03-05 2018-03-04 2018-03-05 2018-03-04 2018-03-04 2018-03-05 2018-03-04 2018-03-05 53 NA Port 9443 9443 9443 9443 9443 9443 9443 9443 9443 3389 3389 9443 9443 3389 9443 3389 9443 3389 9443 3389 9443 9443 9443 9443 9443 9443 9443 9443 9443 9443 9443 9443 2332 Host x.x.9.184 x.x.9.184 x.x.105.90 x.x.41.185 x.x.196.93 x.x.105.90 x.x.195.86 x.x.41.185 x.x.108.25 x.x.108.25 x.x.192.34 x.x.108.25 x.x.108.29 x.x.108.25 x.x.108.29 x.x.108.25 x.x.192.24 x.x.108.25 x.x.192.24 x.x.153.60 x.x.153.60 x.x.41.176 x.x.41.176 x.x.195.57 x.x.195.146 x.x.195.146 x.x.194.233 x.x.195.142 x.x.194.233 x.x.195.142 x.x.194.150 x.x.194.150 x.x.194.150 x.x.195.101 x.x.195.101 Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Severity (Devil’s Man-in- Poison- Low Authentication Cache Server or Algorithm Level (ACV-116267) Protocol Medium Prediction Hashing is RCE Network Field Weak Level Desktop ID Use Trusted Trusted Trusted Trusted Trusted Trusted Trusted Trusted Trusted Trusted Trusted Trusted Trusted Trusted Handling Be Be Be Be Be Be Be Be Be Be Be Be Be Be Using Query Remote Server Doesn’t Encryption Certificate Certificate Certificate Certificate Certificate Certificate Certificate Certificate Certificate Certificate Certificate Certificate Certificate Certificate DNS Cannot Cannot Cannot Cannot Cannot Cannot Cannot Signed Cannot Cannot Cannot Cannot Cannot Cannot Cannot Message Telnet Weakness Windows Services Services Vendor Only gSOAP Certificate Self-Signed Certificate Self-Signed Certificate Self-Signed Self-Signed Certificate Certificate Self-Signed Certificate Self-Signed Certificate Certificate Self-Signed Certificate Self-Signed Certificate Certificate Self-Signed Self-Signed Certificate Self-Signed Certificate Self-Signed Certificate Self-Signed Certificate Self-Signed SSL Vulnerability SSL SSL SSL SSL SSL SSL SSL Microsoft Multiple the-Middle SSL SSL ing SSL SSL SSL SSL SSL Terminal SSL Terminal SSL (NLA) SSL SSL SSL SSL SSL AXIS SSL Ivy) SSL SSL SSL SSL Unencrypted SSL SSL Owner SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG
41 April 2, 2018 0 0 4 1 20 21 20 20 21 20 21 20 21 20 24 20 28 20 28 20 16 20 16 20 16 20 16 16 16 17 16 210 Age 1510 1510 1512 1512 1510 1510 Days 20:30 01:30 03:21 16:08 01:30 03:21 01:30 22:34 16:08 01:30 00:24 22:34 18:01 01:30 18:01 01:30 18:21 01:30 19:40 01:30 19:40 01:30 02:03 01:30 02:03 01:30 02:03 08:06 02:24 01:30 04:26 02:03 01:30 04:08 20:30 04:08 23:07 04:08 (UTC) Detection Latest 2018-03-26 2018-04-03 2018-03-29 2018-03-27 2018-04-03 2018-03-29 2018-04-03 2018-03-26 2018-03-27 2018-04-03 2018-03-29 2018-03-26 2018-03-27 2018-04-03 2018-03-27 2018-04-03 2018-03-30 2018-04-03 2018-04-03 2018-04-03 2018-04-03 2018-04-03 2018-03-27 2018-04-03 2018-03-27 2018-04-03 2018-03-27 2018-03-29 2018-03-31 2018-04-03 2018-03-27 2018-03-27 2018-04-03 2018-03-28 2018-03-26 2018-03-28 2018-03-29 2018-03-28 15:11 01:04 12:30 06:50 18:15 12:30 06:50 12:30 14:20 18:15 12:30 17:28 14:20 18:33 12:30 18:33 12:30 19:10 12:30 19:54 12:30 19:54 12:30 17:32 12:30 17:32 12:30 17:32 08:06 02:24 12:30 02:47 17:32 03:34 17:01 01:04 17:01 17:01 (UTC) Detection Initial 2018-03-11 2018-03-11 2018-03-11 2018-03-12 2014-02-05 2018-03-13 2014-02-05 2018-03-05 2018-03-13 2014-02-05 2018-03-13 2014-02-05 2018-03-05 2018-03-13 2017-08-30 2014-02-05 2018-03-05 2018-03-13 2018-03-05 2018-03-13 2018-03-05 2018-03-13 2018-03-05 2018-03-13 2018-03-05 2018-03-13 2018-03-10 2018-03-13 2018-03-10 2018-03-13 2018-03-10 2018-03-29 2018-03-31 2018-03-13 2018-03-23 2018-03-10 2018-04-01 2014-02-05 22 22 22 22 21 22 21 22 443 443 443 443 443 443 443 Port 8100 9443 8100 8100 2332 8100 9443 8100 9443 8100 8080 8100 9443 8100 9443 8100 2332 9443 9443 8100 2332 9443 9443 Host x.x.83.76 x.x.80.15 x.x.87.21 x.x.89.198 x.x.105.72 x.x.195.86 x.x.105.72 x.x.89.178 x.x.195.86 x.x.89.178 x.x.157.83 x.x.157.83 x.x.88.182 x.x.88.182 x.x.88.182 x.x.88.182 x.x.89.198 x.x.196.117 x.x.194.153 x.x.194.153 x.x.194.153 x.x.194.153 x.x.192.229 x.x.194.153 x.x.124.226 x.x.192.229 x.x.194.153 x.x.194.153 x.x.194.153 x.x.194.153 x.x.194.153 x.x.194.153 x.x.194.153 x.x.124.236 x.x.194.153 x.x.163.121 x.x.163.121 x.x.163.121 Low Low Low Low Low Low Low Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Severity DoS Leak Supported Disclosure (FREAK) (httpoxy) Suites Memory (OptionsBleed) IDs Information Mitzvah) Cipher ntpupdate) Supported / (Bar MitM Vulnerabilities Vulnerabilities Vulnerabilities Enabled Enabled Enabled Session Vulnerabilities Vulnerabilities Vulnerabilities Vulnerabilities Vulnerabilities Suites 512-bit Vulnerability Enabled Enabled Enabled Oracle Trusted Trusted Trusted Trusted Trusted <= Multiple Multiple Multiple Supported X509_ATTRIBUTE (ntpupdate Ciphers Ciphers Ciphers Supported Be Be Be Be Be Random Cipher Multiple HTTP Multiple Multiple Multiple Multiple XSS Server Server Server Padding Suites Non 0.9.8zd 0.9.8zf 0.9.8zg Mode Mode Mode 0.9.8zh Suites Algorithms Algorithms Algorithms Certificate Certificate Certificate Certificate Certificate < < < 2.4.16 2.4.28 2.4.27 2.4.12 2.4.25 2.4.30 Cannot Cannot Cannot Expiry < Cannot Cannot < < < < < < Strength Telnet Telnet Telnet Credentials CBC CBC CBC Generic Uses MAC MAC MAC Cipher 0.9.8 0.9.8 0.9.8 AES-NI 0.9.8 Cipher EXPORT_RSA 2.4.x 2.4.x 2.4.x 2.4.x 2.4.x 2.4.x FTP Server Weak Server Weak Server Weak Server Server Self-Signed Certificate Self-Signed Certificate Self-Signed Medium Certificate RC4 Self-Signed Weak Certificate Self-Signed Certificate Certificate OpenSSL SSH Vulnerability SSL SSH OpenSSL SSH Unencrypted OpenSSL SSH OpenSSL SSH SSL Apache OpenSSL SSL Apache Web Apache SSL Apache SSL Apache SSL/TLS Unencrypted (FREAK) SSL SSL SSL SSL SSL Default Apache SSL Web Unencrypted SSH SSL SSL SSL Owner SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG
42 April 2, 2018 4 0 0 21 28 21 24 24 30 21 24 21 25 21 25 16 16 25 20 23 13 22 28 19 12 12 119 192 189 208 207 Age Days 11:06 22:52 00:53 00:24 13:23 00:17 18:33 16:08 05:01 08:34 20:38 16:08 07:40 02:47 06:03 02:28 20:00 05:07 04:08 00:33 01:30 15:59 18:01 01:21 15:13 01:30 08:57 08:57 22:19 04:08 07:40 (UTC) Detection Latest 2018-03-26 2018-03-26 2018-03-27 2018-03-29 2018-03-27 2018-04-03 2018-03-28 2018-03-27 2018-03-29 2018-03-29 2018-04-03 2018-03-27 2018-03-29 2018-03-30 2018-03-30 2018-03-30 2018-03-29 2018-03-26 2018-03-28 2018-03-30 2018-04-03 2018-03-28 2018-03-27 2018-03-28 2018-04-02 2018-04-03 2018-03-27 2018-03-27 2018-03-29 2018-03-28 2018-03-29 11:33 11:14 11:59 11:06 11:04 00:42 17:31 14:26 21:32 17:32 18:15 10:51 18:15 12:09 01:42 13:05 01:56 14:44 15:48 17:01 00:10 12:30 01:17 05:49 03:31 17:15 23:45 23:45 20:27 04:08 07:40 (UTC) Detection Initial 2018-03-05 2017-09-15 2017-11-28 2018-03-04 2018-03-04 2018-03-11 2018-03-05 2017-09-20 2017-08-30 2018-03-05 2017-08-30 2018-03-05 2018-03-04 2018-03-05 2018-03-04 2018-03-09 2018-03-04 2018-03-09 2018-03-04 2018-03-09 2018-03-05 2018-03-13 2018-03-05 2018-03-14 2018-03-05 2018-03-14 2018-03-14 2018-03-14 2018-03-25 2018-03-28 2018-03-29 21 21 22 443 443 443 Port 9191 9191 9091 9191 9191 9191 9191 9191 9191 9191 9191 9191 9191 3389 9191 8100 9191 9191 9191 9191 9191 8100 9191 8080 8080 Host x.x.81.118 x.x.158.10 x.x.195.86 x.x.196.96 x.x.195.86 x.x.196.93 x.x.194.79 x.x.41.180 x.x.41.168 x.x.195.57 x.x.108.25 x.x.153.60 x.x.41.176 x.x.109.151 x.x.194.154 x.x.194.150 x.x.124.226 x.x.255.149 x.x.194.196 x.x.192.133 x.x.195.208 x.x.163.121 x.x.194.153 x.x.192.229 x.x.196.200 x.x.194.153 x.x.195.101 x.x.195.101 x.x.127.185 x.x.163.121 x.x.194.196 Low Low Low Low Low Low Low Low Low Low Low Low Low Low Low Low Low Low Low Low Low Low Low Low Low Low Low Low Low Low Low Severity bits 2048 Compliant Than HTTPS HTTPS HTTPS HTTPS Disclosure Less FIPS-140 IP Without Without Without Without not Disclosure Disclosure Keys is IP IP Internal Credentials Credentials Credentials Credentials Credentials Credentials Credentials Credentials Credentials Credentials Credentials Credentials Credentials Credentials Credentials Credentials Credentials Credentials Credentials Enabled RSA Supported Level Internal Internal Method Suites Authentication Authentication Authentication Authentication Authentication Ciphers Cleartext Cleartext Cleartext Cleartext Cleartext Cleartext Cleartext Cleartext Cleartext Cleartext Cleartext Cleartext Cleartext Cleartext Cleartext Cleartext Cleartext Cleartext Cleartext Contains Header Header Encryption Basic Basic Basic Basic Mode Cipher Chain Cleartext CBC HTTP Transmits PROPFIND Transmits Uses Transmits Transmits Transmits Transmits Transmits Transmits Transmits Transmits Transmits Transmits HTTP Transmits Transmits Transmits Transmits Transmits Transmits Uses Transmits Uses Uses Services Server Server Server Server Server Server Server Server Server Server Server Server Server Server Server Server Server Server Server Server Server Server Server Server Server Server Server Anonymous Supports Certificate Vulnerability Web Web SSL SSL Web Web Web Web FTP Web Web Web Web Web Web Web Web Terminal Web Web Web Web Web Web Web Web Web Web SSH Web Web Owner SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG
43 April 2, 2018 considered to to be code. due 6.41.3. request, should attacker before arbitrary that POST process of remote server crafted solution RouterOS execution web the specially or mitigation MikroTik HTTP a unauthenticated, of its via an in condition by this, version flaw a a recommended by service a exploit leaks. of 7 leveraged running can have is be Vault affected denial a can is later. the in device attacker or identified that host Vulnerability from later. 6.38.5 remote resulting or remote exploit networking vulnerability the 6.41.3 version Vulnerabilities process, on remote x.x.236.156 the ChimayRed overflow scans. server unauthenticated, running RouterOS RouterOS Mitigations by the web An of buffer x.x.192.34, x.x.192.34 version, the part MikroTik MikroTik software SMB input. vulnerability UTC UTC to to UTC UTC within and x.x.157.83, x.x.157.83, 11:56 09:30 remote 00:26 12:34 reportedly self-reported a RouterOS location is Solution Upgrade Upgrade its by mapping to user-supplied of x.x.105.90 , x.x.105.90 , arbitrary 2018-04-04 2018-04-04 MikroTik code. 2018-03-23 2018-03-04 affected an network vulnerability CVSS 10.0 10.0 The According to the Host(s): Host(s): this validation arbitrary data Detection: Detection: Detection: Detection: from that therefore, network. write is, Affected Affected Severity Critical 4 Initial Latest Description: execute Critical It Initial Latest Description: 3 improper to Note Findings and Recommended results secure a scan RCE HTTP 6.41.3 < maintain Write detailed Detailed or Overflow RouterOS RouterOS Arbitrary presents establish Buffer to Vulnerability section SMB MikroTik MikroTik (ChimayRed) Server order Appendix C This in
44 April 2, 2018 contact to An re - your code. ) due 1.6.18. remote handling handling handling to from string. (SSDP) application, prior arbitrary when when when unauthenticated, is comes An Protocol host different CVE-2012-5960 execute ( a ) unauthenticated, attack to by ssdp/ssdp_server.c An colons. the remote ’::upnp:rootdevice’ code. file Discovery the two library the URN. request, think ssdp/ssdp_server.c ssdp/ssdp_server.c ssdp/ssdp_server.c on to to command. within arbitrary file file file party CVE-2012-5959 Service ( them prior prior SSDP running third PORT within within within a code. execute DeviceType function UDN UDN the Simple as crafted making to ) the the the workarounds. (libupnp) using code. function function function used arbitrary and hosts, parsing is request, specially copying copying copying a parties Devices other arbitrary when : execute via SSDP libupnp while while while solutions CVE-2012-5965 third to If , UPnP scan to for fields for unique_service_name() execute to issues, crafted later. to request, triggered triggered triggered or fix. the SDK connect a is is is vulnerabilities these in unique_service_name() unique_service_name() unique_service_name() to references for specially SSDP that that that 1.6.18 resources request, the the the ServiceType a CVE-2012-5964 the exist , exploit Portable in in in in server via and of execution crafted SSDP can version x.x.196.96 FTP this, network requests requests requests application exists exists exists code advisory conditions version that crafted your libupnp exploit specially attacker remote of the (SSDP) (SSDP) (SSDP) a UTC UTC CVE-2012-5963 to UTC UTC remote DeviceType, use CERT , condition condition condition the can via x.x.196.200, to overflow the specially vendor remote 11:50 08:21 10:38 19:19 banner, a UDN, force this, Protocol Protocol Protocol multiple Solution the Upgrade See its to attacker via overflow overflow overflow buffer the by to intruders of exploit this, x.x.194.150, x.x.124.236 CVE-2012-5962 buffer buffer buffer 2018-04-04 2018-04-04 remote ) , 2018-03-04 2017-09-03 possible can Discovery Discovery Discovery affected is allows CVSS 10.0 7.5 exploit It According unauthenticated, stack-based Host(s): Host(s): validation An can
Service Service Service attacker Detection: Detection: Detection: Detection: problem therefore, stack-based stack-based stack-based Affected is, Affected Severity Critical Simple remote ( CVE-2012-5958 -A attacker Simple Initial Latest 3 Description: -A It Simple unauthenticated, -A ( CVE-2012-5961 - Multiple improper High quests. Initial Latest 1 The Description: network. De - Multi - Over - Bounce UPnP Buffer 1.6.18 Port for < SDK
RCE (libupnp) Privileged Stack-based Vulnerability Portable ple vices flows FTP Scan
45 April 2, 2018 to An take buffer remote remote Tomcat instructions affected itself. a the by (gSOAP). host settings, of Apache OWASP or therefore, stack-based or library a affected is, install remote network It (ACV-116267). string. the Tomcat SOAP trigger configuration on the to Tomcat 5.6.34. therefore, change the advisory to party is, It data, community Follow remote installed prior third of vendor change a defaults, the are patch. to the in default 5.6.x 2GB is or servlets. per it. the about factory exists servlets and use security server. host, its server a device feed. that exceeding not change to JSP web or the do SNMP your code. example information remote missing for you port, device is the condition if example message remote and/or viewing remote this the arbitrary the uncover that the host to version the of about from POST on JSPs, of reset overflow going later. page. remove version remote attacker an can HTTP or name firmware to an operator running the and execution error example an knowledge an on packets due the help PHP 5.6.34 via firmware page or page, a of Ivy, default more available UDP may community this, vulnerability modifications). service prevent index the version index to gain they latest it version this running Devil’s such condition to as exploit default is SNMP PHP the incoming as default the modify UTC UTC UTC UTC default to to UTC UTC UTC UTC the the can or reboot the allows filter x.x.80.39 service exploits or device 06:16 05:45 14:16 23:57 known of removed page, 02:31 15:25 20:45 03:16 banner, obtain information be vulnerability. Solution Upgrade Disable Either Upgrade Delete replace its to attacker AXIS error device, to denial this community a the x.x.124.231 x.x.175.46 x.x.194.150 x.x.242.236, should in successfully use 2018-04-04 2018-04-04 2018-04-03 2018-04-03 remote remote of overflow default 2018-03-10 2018-01-06 2018-03-04 possible 2018-01-28 vulnerability, files is default who CVSS 7.5 7.5 6.8 6.8 may The According It The Host(s): Host(s): buffer Host(s): Host(s): the control resulting (if These Detection: Detection: Detection: Detection: Detection: Detection: Detection: Detection: execution stack attacker attacker a Affected Affected Affected Affected Severity High by High Initial Latest Description: 1 Initial Latest Description: 1 An system Medium Initial Latest 1 Description: unauthenticated, overflow, An code complete Medium 2 Initial Latest Description: server. Han - Files Com - Stack Default 5.6.34 Default (ACV-116267) Message (public) < Tomcat Ivy) Agent RCE Name Overflow 5.6.x gSOAP Vulnerability PHP Buffer SNMP (Devil’s Apache munity AXIS dling
46 April 2, 2018 to this this to of (MiTM) Authentication’ ability the attack access Level with with MiTM A user Network man-in-the-middle attacker a local with An to detected. Any credentials. Desktop being or/and library. vulnerable encryption. is up without Remote authentication supported, mstlsapi.dll if setting Service) server running the including in and when service key (Terminal this client server computers for the attack. private the Server transmitted, from of this layer with RSA for only it Protocol identity information use transport the a encryption and hard-coded as Desktop a connections key sensitive SSL validate establish the of stores to any Remote ’Allow available. can use is UTC the effort the it UTC server obtain retrieve the if of no to server can 00:33 RDP 00:10 Solution - Force - Select setting RDP version the makes attacker system) the x.x.108.25 the client 2018-03-30 remote 2018-03-05 because from allow CVSS 6.4 RDP The Windows Host(s): exists traffic The any would Detection: Detection: flaw (on Affected Severity Medium nature file This intercept attack. 1 Initial Latest Description: Server Remote Weakness Protocol Windows Vulnerability Microsoft Desktop Man-in-the-Middle
47 April 2, 2018 48 Vulnerability Severity CVSS Solution
SSL Certificate Cannot Be Medium 6.4 Purchase or generate a proper certificate for this service. Trusted 309 Affected Host(s): x.x.10.2, x.x.101.3, x.x.108.25, x.x.109.115, x.x.109.150, x.x.109.229, x.x.109.230, x.x.12.165, x.x.121.222, x.x.124.231, x.x.124.236, x.x.136.74, x.x.136.75, x.x.136.76, x.x.136.81, x.x.136.82, x.x.15.174, x.x.151.66, x.x.157.83, x.x.158.11, x.x.162.12, x.x.165.38, x.x.165.39, x.x.165.65, x.x.166.126, x.x.18.40, x.x.184.100, x.x.184.204, x.x.184.99, x.x.191.10, x.x.191.38, x.x.191.40, x.x.192.133, x.x.192.16, x.x.192.20, x.x.192.24, x.x.192.34, x.x.193.109, x.x.193.113, x.x.193.12, x.x.193.130, x.x.193.138, x.x.193.149, x.x.193.205, x.x.193.95, x.x.194.150, x.x.194.153, x.x.194.170, x.x.194.188, x.x.194.196, x.x.194.207, x.x.194.233, x.x.194.79, x.x.195.142, x.x.195.145, x.x.195.146, x.x.195.199, x.x.195.208, x.x.195.245, x.x.196.10, x.x.196.117, x.x.196.119, x.x.196.130, x.x.196.134, x.x.196.137, x.x.196.194, x.x.196.200, x.x.196.253, x.x.196.93, x.x.196.94, x.x.196.96, x.x.197.23, x.x.197.35, x.x.197.47, x.x.208.130, x.x.208.141, x.x.208.142, x.x.208.47, x.x.212.145, x.x.228.130, x.x.241.232, x.x.27.11, x.x.27.34, x.x.41.161, x.x.41.166, x.x.41.168, x.x.41.180, x.x.5.195, x.x.59.83, x.x.62.142, x.x.79.162, x.x.80.107, x.x.80.12, x.x.80.122, x.x.80.137, x.x.80.140, x.x.80.15, x.x.80.150, x.x.80.157, x.x.80.158, x.x.80.159, x.x.80.16, x.x.80.162, x.x.80.166, x.x.80.167, x.x.80.170, x.x.80.172, x.x.80.177, x.x.80.186, x.x.80.23, x.x.80.232, x.x.80.233, x.x.80.24, x.x.80.26, x.x.80.27, x.x.80.33, x.x.80.39, x.x.80.41, x.x.80.51, x.x.80.52, x.x.80.54, x.x.80.56, x.x.80.57, x.x.80.58, x.x.81.138, x.x.81.150, x.x.81.187, x.x.81.241, x.x.82.147, x.x.82.194, x.x.82.195, x.x.82.196, x.x.82.197, x.x.82.199, x.x.82.201, x.x.82.202, x.x.82.203, x.x.82.204, x.x.83.140, x.x.83.162, x.x.83.163, x.x.83.35, x.x.83.36, x.x.83.88, x.x.83.89, x.x.84.103, x.x.84.104, x.x.84.113, x.x.84.114, x.x.84.115, x.x.84.116, x.x.84.118, x.x.84.119, x.x.84.120, x.x.84.145, x.x.84.2, x.x.84.3, x.x.84.38, x.x.84.4, x.x.84.81, x.x.84.82, x.x.84.88, x.x.84.90, x.x.84.91, x.x.84.92, x.x.84.93, x.x.85.106, x.x.85.107, x.x.85.112, x.x.85.122,
April x.x.85.123, x.x.85.132, x.x.85.139, x.x.85.140, x.x.85.141, x.x.85.142, x.x.85.145, x.x.85.146, x.x.85.155, x.x.85.159, x.x.85.160, x.x.85.162, x.x.85.163, x.x.85.165, x.x.85.168, x.x.85.169, x.x.85.176, x.x.85.180, x.x.85.183, x.x.85.191, x.x.85.199, x.x.85.30, x.x.85.32, 2,
2018 x.x.85.5, x.x.85.55, x.x.85.56, x.x.85.57, x.x.85.59, x.x.85.60, x.x.85.61, x.x.85.72, x.x.85.75, x.x.85.76, x.x.85.78, x.x.85.79, x.x.85.85, x.x.85.86, x.x.85.87, x.x.85.88, x.x.85.89, x.x.85.9, x.x.85.90, x.x.85.91, x.x.85.93, x.x.85.94, x.x.85.95, x.x.87.145, x.x.87.17, x.x.87.20, x.x.87.21, x.x.87.227, x.x.87.228, x.x.87.26, x.x.87.3, x.x.87.4, x.x.87.61, x.x.88.138, x.x.88.177, x.x.88.178, x.x.88.179, x.x.88.180, x.x.88.181, x.x.88.182, x.x.88.183, x.x.88.185, x.x.88.186, x.x.88.187, x.x.88.188, x.x.88.189, x.x.88.224, x.x.89.148, x.x.89.152, x.x.89.153, x.x.89.40, x.x.89.41, x.x.90.182, x.x.90.183, x.x.90.201, x.x.90.202, x.x.90.207, x.x.90.211, x.x.90.62, x.x.90.74, x.x.91.147, x.x.91.156, x.x.91.159, x.x.91.162, x.x.91.163, x.x.91.164, x.x.91.165, x.x.91.167, x.x.91.168, x.x.91.169, x.x.91.175, x.x.91.192, x.x.91.193, x.x.91.194, x.x.91.196, x.x.91.197, x.x.91.200, x.x.91.201, x.x.91.202, x.x.91.208, x.x.91.211, x.x.91.212, x.x.91.235, x.x.91.236, x.x.91.249, x.x.91.254, x.x.92.10, x.x.92.132, x.x.92.47, x.x.92.7, x.x.92.80, x.x.92.81, x.x.92.82, x.x.92.83, x.x.92.84, x.x.92.85, x.x.92.86, x.x.92.87, x.x.92.88, x.x.92.9, x.x.92.90, x.x.92.91, x.x.92.92, x.x.92.94, x.x.93.146, x.x.93.147, x.x.93.148, x.x.94.35, x.x.95.1, x.x.95.100, x.x.95.101, x.x.95.102, x.x.95.108, x.x.95.26, x.x.95.29, x.x.95.32 Initial Detection: 2012-11-26 22:09 UTC Latest Detection: 2018-04-04 13:35 UTC Description: The server’s X.509 certificate cannot be trusted. This situation can occur in three different ways, in which the chain of trust can be broken, as stated below :
- First, the top of the certificate chain sent by the server might not be descended from a known public certificate authority. This can occur either when the top of the chain is an unrecognized, self-signed certificate, or when intermediate certificates are missing that would connect the top of the certificate chain to a known public certificate authority.
- Second, the certificate chain may contain a certificate that is not valid at the time of the scan. This can occur either when the scan occurs before one of the certificate’s ’notBefore’ dates, or after one of the certificate’s ’notAfter’ dates.
- Third, the certificate chain may contain a signature that either didn’t match the certificate’s information or could not be verified. Bad signatures can be fixed by getting the certificate with the bad signature to be re-signed by its issuer. Signatures that could not be verified are the result of the certificate’s issuer using a signing algorithm that Nessus either does not support or does not recognize.
If the remote host is a public host in production, any break in the chain makes it more difficult for users to verify the authenticity and identity of the web server. This could make it easier to carry out man-in-the-middle attacks against the remote host. and host unrec - actions x.x.85.75, x.x.85.94, x.x.84.88, x.x.92.81, x.x.80.23, an users public the x.x.93.147, x.x.90.201, x.x.85.159, x.x.91.167, x.x.41.180, x.x.196.10, x.x.196.96, x.x.124.236, x.x.193.109, x.x.194.188, a by of is other track of host x.x.92.80, x.x.85.72, x.x.85.93, signed x.x.80.186, x.x.84.145, host. x.x.91.165, x.x.196.94, x.x.93.146, x.x.85.155, x.x.90.183, IDs is x.x.41.168, x.x.195.245, keep x.x.192.34, x.x.194.170, x.x.124.231, to remote but remote x.x.85.61, the x.x.85.91, x.x.91.254, session used If x.x.92.94, x.x.80.172, x.x.83.36, the x.x.91.164, x.x.196.93, x.x.89.41, x.x.85.142, the x.x.41.166, x.x.195.208, x.x.192.24, x.x.194.153, x.x.121.222, self-signed, typically x.x.85.60, against x.x.85.90, authority. guess is x.x.92.92, x.x.91.249, not x.x.83.35, x.x.80.159, IDs. to x.x.91.163, ID x.x.85.141, is x.x.89.153, x.x.196.253, attack x.x.41.161, x.x.192.20, x.x.195.199, x.x.194.150, flaw x.x.85.9, that x.x.85.59, x.x.12.165, certificate x.x.92.91, session session this x.x.91.197, A x.x.80.158, x.x.81.241, x.x.91.162, x.x.85.140, x.x.89.152, use x.x.196.200, x.x.27.34, x.x.192.16, x.x.195.146, x.x.193.95, service. x.x.85.89, random certificate x.x.85.57, x.x.92.90, a recognized might this a use x.x.109.150, man-in-the-middle x.x.91.196, in x.x.80.58, x.x.80.157, connection. a to x.x.91.159, by for x.x.85.139, , x.x.27.11 x.x.89.148, end as x.x.85.88, x.x.85.56, x.x.196.194, each x.x.92.88, x.x.195.145, x.x.192.133, x.x.193.205, so attacker signed that for establish x.x.91.194, An x.x.80.54, certificate x.x.80.150, ID not x.x.109.115, x.x.91.156, CGIs is x.x.85.132, x.x.85.55, x.x.85.87, x.x.88.138, chains could IDs. x.x.92.87, and x.x.228.130, x.x.196.137, proper x.x.195.142, x.x.193.149, x.x.166.126, session a site x.x.80.52, service a x.x.91.193, x.x.80.140, x.x.91.147, anyone x.x.85.5, x.x.108.25, session x.x.85.86, this x.x.85.123, certificate x.x.87.61, as x.x.92.86, remote for generate for x.x.196.134, x.x.194.79, x.x.208.130, SSL x.x.193.138, x.x.165.39, the or generates UTC UTC x.x.80.27, x.x.91.192, UTC UTC x.x.90.74, of x.x.85.32, x.x.80.137, chain x.x.101.3, x.x.95.32 x.x.85.85, x.x.87.4, x.x.84.93, check x.x.92.85, non-random use 13:35 08:06 server 08:06 17:12 not the Solution Purchase Configure website. x.x.194.233, x.x.196.130, x.x.197.47, x.x.80.26, web x.x.165.38, x.x.193.130, a x.x.85.30, certificate x.x.91.175, x.x.90.211, x.x.10.2, x.x.87.3, x.x.80.122, does x.x.85.79, x.x.84.92, x.x.92.84, x.x.95.100, session. generates x.x.83.76 authority. nullifies visits 2018-04-04 2018-03-29 remote X.509 2012-11-27 2018-03-29 he their plugin this Host(s): CVSS 6.4 6.4 server x.x.194.207, x.x.196.119, x.x.197.35, x.x.193.12, The The x.x.80.233, x.x.158.11, x.x.85.163, x.x.91.169, x.x.80.12, x.x.95.1, x.x.90.207, x.x.87.26, Host(s): x.x.85.78, x.x.84.91, this x.x.92.83, steal while certificate Detection: Detection: Detection: Detection: that remote Affected user a production, Affected Severity Medium x.x.90.202, x.x.85.76 , x.x.85.95 , x.x.91.168, x.x.92.82 , x.x.93.148, Initial Latest x.x.85.162, Note Description: x.x.79.162, in x.x.80.232, x.x.84.90 , x.x.157.83 , x.x.196.117, x.x.197.23 , 179 x.x.194.196, ognized Medium x.x.193.113, therefore The Initial Latest Description: 1 of Ran - Non Certificate IDs Uses Server Session Self-Signed Vulnerability dom SSL Web
49 April 2, 2018 an and as remote attacker cleartext. the x.x.41.161, such in of information streams runtime x.x.34.69, transferred unauthenticated sensitive the data are alter users. other to remote or A x.x.250.84, this additional files. commands use tunnel authenticated credentials and might by x.x.195.199, can .htpasswd obtain files. to and usable attacker passwords, and/or these An only channel. to or session x.x.194.153, logins, scripts. .htaccess access Telnet as eavesdropping instead. a to disabled ASP unencrypted on block are x.x.193.95, from SSH an to information. access remote use over the recommended and eavesdrop to restrict statements to credentials important server. server not x.x.193.113, configuration is service and properly Telnet DEBUG attacker uncover protects statements a client Apache not Telnet it that a channel UTC UTC UTC x.x.175.46, UTC UTC UTC the the debug does sure running since 05:45 13:36 06:46 potentially x.x.80.27 is 04:09 21:55 23:31 send between Solution Disable Make Change server to and host Telnet unencrypted man-in-the-middle x.x.174.177, files an x.x.255.159 x.x.80.26 , over 2018-04-04 2018-04-03 2018-04-03 Apache remote 2013-03-12 2017-09-20 2018-01-29 possible exchanged these is over remote, CVSS 5.8 5.0 5.0 The The It Host(s): a x.x.59.81 Host(s): Host(s): traffic preferred Telnet Detection: Detection: Detection: Detection: Detection: Detection: is allows session. download Affected modify Affected Affected Severity Medium This to SSH 11 x.x.41.176, Initial X11 Medium Latest Description: Using Initial Latest Description: 1 scripts. Medium 2 Initial Latest Description: can .ht - Method and Server Telnet DEBUG .htaccess Disclosure Vulnerability ASP.NET Enabled Apache Unencrypted passwd
50 April 2, 2018 as the This attack as therefore contents, the known institution, negotiation and known network. course, memory financial security Of group server, vulnerability, set. a internal bit IKEv1 by disclose the name of to particular to institution. a this disclosure of recursion packet, via limited supported. handling 2016/08/14 the if financial be on IKEv1 services that have settings. information CSCvb29204. of resolved improper would not ID an more. to connection online crafted do by disclosed bug been usage and the due that WiFi attacks configuration or Cisco specially exploits affected in recently a servers, and utilizes company is fix. domains and via a subsystem network networks, mail have for x.x.89.137 device issue, referenced guest regarding company credentials a (IKEv1) outside third-party IOS external this 1 domains on to your software for model vulnerabilities version x.x.80.237, Cisco including exploit DNS users which patterns, version fixed queries Group whether the can to statistical accessible remote of in a x.x.80.236, not the relevant potentially information determine Exchange build attacker web-surfing Equation on vendor the to responds and to UTC UTC to UTC UTC Key server interested the visited. remote x.x.80.235, x.x.59.81 running attack server multiple 14:51 07:20 was partners, DNS 03:50 19:26 confidential attacker of Internet Solution Upgrade Contact this of consultants DNS B2B recently the service one use attacker internal find in remote is to x.x.250.84 , x.x.192.34 , been to IKE 2018-04-03 2018-04-04 a remote an an 2017-02-03 2017-03-06 disclosure if able is unauthenticated, CVSS 5.0 5.0 The employees, The have used the be allow Host(s): Host(s): An this in be Brokers. If Detection: Detection: hosts Detection: Detection: may include would instance, also Affected Affected Severity Medium Initial Latest 5 Description: requests. BENIGNCERTAIN, resulting BENIGNCERTAIN Shadow Medium they can Initial Note: Latest Description: 2 This which For may Dis - Dis - Han - Snoop - Packet check) Cache Information Information IKEv1 (BENIGNCERTAIN) (cisco-sa-20160916 - Server IOS Remote Remote Vulnerability Cisco ikev1) (uncredentialed DNS dling closure closure ing
51 April 2, 2018 your it). of to to get and another section (’.’) connected against ’amplification’ zone ’options’ LAN this root the the attacks of queries. in command. the of www.nessus.org). leverage ’acl’ such those as Service allowed. the can (NS) as if of reject (such to using (such it servers attacker ’allow-recursion’ Denial access names name guest remote addresses party or a ’bounce’ the reconfigure nameserver instruction to or third server. this the query internal used address, of use to DNS documentation. state: employees IP network resolve be names. using its to to by it nameserver. should can remote possible public grouping source explicitly }’ this this use a is limited that the consult host It to the third-party from do be can the for hosts using define against you can server, may server the anyone can then request. spoofing host to you server block, name By vector you DNS attacks any 8, UDP, allows 9, to it name your queries hosts_defined_in_acl bind via attack options third-party { bind another to request. then a the poisoning the remote answers using using using UTC UTC queries UTC UTC recursive access the then original are against within cache are are x.x.59.81 x.x.59.81 server 07:20 07:20 the 19:26 19:26 you query you you nameserver, Solution named.conf. If Then, ’allow-recursion If Restrict If Restrict attack to recursive DNS than perform to nameserver, remote x.x.192.34 , x.x.192.34 , these service a bigger 2018-04-04 2018-04-04 remote 2017-03-06 2017-03-06 possible of is is internal CVSS 5.0 5.0 The It attackers allows system. that Host(s): Host(s): probing denial or your a Detection: Detection: host are is Detection: Detection: allows answer the Affected this you Affected Severity Medium Initial Latest 2 Description: If If This If network Medium Initial Latest Description: 2 launch an Re - Query DDoS Weakness Spoofed Recursive Poisoning Server Amplification Server Vulnerability DNS Cache DNS quest
52 April 2, 2018 in (PSK) cause access used enabled to key be x.x.89.137, has to sites. query, unauthenticated, 6 An x.x.87.3, Nessus unauthorized properly. potential Pre-Shared arbitrary mode to gain the with servers. and requests crafted traffic password. have x.x.83.163, Mode DNS and this. gateway queries of specially legitimate a x.x.81.72, VPN authentication via third-party a Aggressive these username divert of to to because keys. this, to PSK handles support x.x.80.235, random addresses. queries strong to the a exploit respond IP possible. attacker incorrectly service very that it’s any the crack using if seems making the use x.x.80.231, and potentially from that when Devices allowing service so IPv6. patch. accessed could 1 vulnerabilities a avoided, capture ports be over to for be x.x.80.230, authentication server, queries. connections can run 6 supported. for version attacker if reporting DNS random not vendor host cannot VPN configuration key attacker mode (IKE) use from an queries. key Mode remote x.x.250.84, to does allow 6 remote server not remote server’s allow not the plugins the plugin DNS mode does Pre-Shared do Exchange FTP on responds could UTC UTC UTC UTC this Aggressive Pre-Shared UTC UTC UTC UTC other use your NTP poison the x.x.228.130, Key to that not resolver unauthenticated, server 12:13 16:14 08:21 12:09 using possible, running 12:34 17:37 19:12 22:43 condition. this An prevent Solution - Disable - Do - If - If Note Contact Correct Restrict Internet DNS NTP to configuration server a x.x.196.130, exploit service x.x.192.34 x.x.124.236 x.x.32.33 attacks. of 2018-04-04 2018-04-03 2018-04-04 2018-03-31 remote remote remote FTP 2012-11-26 2018-03-04 2017-08-30 2017-08-30 can Such CVSS 5.0 5.0 5.0 5.0 The The The The Host(s): denial Host(s): Host(s): Host(s): x.x.92.9 networks. attacker Detection: Detection: Detection: Detection: countermeasures Detection: Detection: Detection: Detection: amplification Affected private Affected Affected Affected reflected Severity Medium x.x.92.10 , Initial Latest 12 Description: authentication. to Medium remote Medium Initial Latest Description: 1 Initial Latest 1 Medium Description: some 1 Initial Latest Description: NTP a Poi - Pre- (IKE) (NTP) Query with Username Embedded Cache DNS Bypass Protocol Any Exchange Mode Vendor Vendor Time Key Scanner Prediction Key 6 Service Field Vulnerability ID Authentication Internet Shared Multiple soning Multiple FTP Network Mode Aggressive
53 April 2, 2018 54 Vulnerability Severity CVSS Solution
PHP 5.6.x < 5.6.31 Multiple Medium 5.0 Upgrade to PHP version 5.6.31 or later. Vulnerabilities 1 Affected Host(s): x.x.124.231 Initial Detection: 2017-11-28 18:46 UTC Latest Detection: 2018-04-04 06:16 UTC Description: According to its banner, the version of PHP running on the remote web server is 5.6.x prior to 5.6.31. It is, therefore, affected by the following vulnerabilities :
- An out-of-bounds read error exists in the PCRE library in the compile_bracket_matchingpath() function within file pcre_jit_compile.c. An unauthenticated, remote attacker can exploit this, via a specially crafted regular expression, to crash a process linked to the library, resulting in a denial of service condition. (CVE-2017-6004)
- An out-of-bounds read error exists in the GD Graphics Library (LibGD) in the gdImageCreateFromGifCtx() function within file gd_ gif_in.c when handling a specially crafted GIF file. An unauthenticated, remote attacker can exploit this to disclose sensitive memory contents or crash a process linked to the library. (CVE-2017-7890) April
- An out-of-bounds read error exists in Oniguruma in the match_at() function within file regexec.c. An unauthenticated, remote at- 2,
2018 tacker can exploit this to disclose sensitive memory contents or crash a process linked to the library. (CVE-2017-9224)
- An out-of-bounds write error exists in Oniguruma in the next_state_val() function during regular expression compilation. An unau- thenticated, remote attacker can exploit this to execute arbitrary code. (CVE-2017-9226)
- An out-of-bounds read error exists in Oniguruma in the mbc_enc_len() function within file utf8.c. An unauthenticated, remote at- tacker can exploit this to disclose memory contents or crash a process linked to the library. (CVE-2017-9227)
- An out-of-bounds write error exists in Oniguruma in the bitset_set_range() function during regular expression compilation. An unauthenticated, remote attacker can exploit this to execute arbitrary code. (CVE-2017-9228)
- An invalid pointer deference flaw exists in Oniguruma in the left_adjust_char_head() function within file regexec.c during regular expression compilation. An unauthenticated, remote attacker can exploit this to crash a process linked to the library, resulting in a denial of service condition. (CVE-2017-9229)
-A denial of service condition exists in PHP when handling overlarge POST requests. An unauthenticated, remote attacker can exploit this to exhaust available CPU resources. (CVE-2017-11142)
- An extended invalid free error exists in PHP in the php_wddx_push_element() function within file ext/wddx/wddx.c when parsing empty boolean tags. An unauthenticated, remote attacker can exploit this to cause a denial of service condition. (CVE-2017-11143)
-A flaw exists in OpenSSL in the EVP_SealInit() function within file crypto/evp/p_seal.c due to returning an undocumented value of ’-1’. An unauthenticated, remote attacker can exploit this to cause an unspecified impact. (CVE-2017-11144)
- An out-of-bounds read error exists in PHP in the php_parse_date() function within file ext/date/lib/parse_date.c. An unauthenti- cated, remote attacker can exploit this to disclose memory contents or cause a denial of service condition. (CVE-2017-11145)
- An out-of-bounds read error exists in PHP in the finish_nested_data() function within file ext/standard/var_unserializer.re. An unauthenticated, remote attacker can exploit this to disclose memory contents or cause a denial of service condition. (VulnDB 160497)
- An off-by-one overflow condition exists in PHP in the INI parsing API, specifically in the zend_ini_do_op() function within file Zend/zend_ ini_parser.y, due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. (VulnDB 160499) ci - as affected affected RSA attacker x.x.84.90, x.x.85.84, x.x.83.35, x.x.93.147, an exchanges, incorrectly, key it allow therefore, therefore, malformed x.x.84.88, x.x.85.83, can is, is, RSA x.x.83.143, It It x.x.93.146, and completing supports by 5.6.32. 5.6.33. x.x.84.82, x.x.85.82, correct information x.x.92.7, to to x.x.83.140, exchanges. of and reported. This key is service prior prior x.x.84.81, x.x.92.6, x.x.85.81, RSA number 5.6.x 5.6.x x.x.83.132, a is is handshake SSL/TLS formatted. vulnerable the disable be The sends server server x.x.84.38, x.x.85.80, it to x.x.91.201, x.x.83.130, correctly web web was completing service Alternatively, however remote remote x.x.84.120, x.x.85.76, not vulnerability. the x.x.90.211, responds. client the the x.x.81.187, by a finds on on by software. server ciphertext, ways, that later. later. disclosure sent x.x.84.119, the x.x.85.169, the server. or or x.x.90.198, running running of x.x.81.126, RSA the how method multiple an PHP PHP 5.6.32 5.6.33 in exchange of of version first information x.x.84.118, x.x.85.107, key x.x.90.197, the an observes x.x.81.123, recover version version impersonate by version version to patched RSA and Only or PHP PHP a vulnerability the the the UTC UTC UTC to to to x.x.84.116, UTC UTC UTC x.x.85.106, x.x.87.24, the x.x.80.52, affected not attempt suites. is 06:16 06:16 13:11 or sessions 12:25 00:16 banner, 18:46 banner, handshake not Solution Upgrade Upgrade Upgrade its its cipher host discover to to SSL x.x.84.114, of x.x.84.93, x.x.85.87, does to whether x.x.165.39 , an SSL/TLS x.x.124.231 x.x.124.231 2018-04-04 2018-04-04 2018-04-04 of remote 2017-11-28 2018-01-14 2017-12-27 variety leaks plugin a CVSS 5.0 5.0 5.0 part The According According Host(s): attempts vulnerabilities. vulnerabilities. x.x.84.92, x.x.85.86, x.x.84.113, Host(s): Host(s): previous this as using Detection: Detection: Detection: Detection: Detection: Detection: that plugin as incorrectly Affected multiple multiple decrypt Affected Affected Severity Medium by Medium Initial Latest Description: 1 Initial Latest 1 by Medium Description: 47 x.x.83.36 , x.x.84.91 , x.x.85.85 , x.x.93.148 Initial to Latest Description: and Note phertexts well This Infor - Multiple Multiple 5.6.32 5.6.33 (ROBOT) Bleichenbacher’s < < Of Disclosure Threat 5.6.x 5.6.x Vulnerability PHP Vulnerabilities PHP Vulnerabilities Return mation Oracle
55 April 2, 2018 in to any is (e.g. this x.x.85.9, This x.x.85.90, x.x.92.94, x.x.88.186, x.x.82.195, x.x.95.101, x.x.85.163, x.x.91.159, x.x.85.140, x.x.91.249, x.x.81.241, whether exploit algorithm can x.x.85.89, reports x.x.85.89, x.x.92.92, vulnerable. x.x.81.187, x.x.95.100, x.x.85.162, x.x.88.185, hashing x.x.85.139, x.x.91.156, x.x.91.236, x.x.82.194, and as service. attacker weak x.x.85.87, ignored. An x.x.85.88, x.x.92.91, target 2017 x.x.92.80, x.x.79.162, x.x.85.145, 1, affected x.x.88.183, the been x.x.85.132, x.x.91.147, x.x.91.197, x.x.82.147, on the attacks. x.x.85.86, have x.x.85.87, x.x.92.90, as January x.x.27.34, one. x.x.91.208, x.x.85.122, cryptographically x.x.88.182, x.x.89.40, services x.x.85.123, collision a x.x.91.196, x.x.81.187, after x.x.85.85, to x.x.85.86, x.x.92.88, existing using x.x.27.11, masquerade expire the x.x.91.200, x.x.84.81, reissued. to (known_CA.inc) x.x.88.180, algorithm. x.x.84.93, x.x.88.189, x.x.85.76, that signed x.x.91.194, x.x.80.170, SSL- enabled vulnerable x.x.85.85, x.x.92.87, hash replace be attacker with been certificate to x.x.83.89, database x.x.228.130, to x.x.91.165, SHA-1 an x.x.85.5, x.x.84.92 , x.x.88.179, x.x.87.61, the CA has x.x.85.79, x.x.92.86, with x.x.91.193, x.x.80.167, known that have certificate allowing associated cryptographic to x.x.83.140, Nessus are x.x.196.117, x.x.91.164, x.x.85.32, x.x.84.91, signed chain x.x.87.26, x.x.88.178, SSL the x.x.85.78, x.x.92.85, in SHA-1 x.x.91.192, new x.x.241.232, signature, Authority chains a the certificates algorithms x.x.82.203, x.x.85.30, certificate x.x.91.163, of x.x.84.90, of x.x.124.236, x.x.85.95, x.x.87.228, x.x.85.75, x.x.92.84, digital contained SSL generate dates Certificate certificate x.x.91.175, are an signature same or UTC UTC x.x.109.230, x.x.82.202, UTC x.x.85.159, UTC sunsetting the x.x.84.88, x.x.91.162, x.x.85.94, that SSL x.x.85.72, x.x.92.83, the uses expiry x.x.121.222, x.x.87.227, These all 13:15 12:43 11:21 20:54 with chain gradual Solution Purchase Contact x.x.91.169, service checks the x.x.85.5, x.x.82.201, x.x.85.155, x.x.95.29 x.x.92.82, x.x.85.93, x.x.91.159, x.x.84.145, reports SHA1). x.x.109.229, in x.x.85.95, x.x.108.25 , or certificate plugin 2018-04-04 2018-04-04 remote Google’s 2013-10-23 2015-09-23 plugin expired. CVSS 5.0 5.0 This x.x.91.168, The MD5, with Host(s): Host(s): x.x.85.176, x.x.92.81, x.x.89.41, x.x.82.199, x.x.85.142, x.x.95.108, x.x.85.91, x.x.83.36, x.x.85.94, this certificates another Detection: Detection: MD4, Detection: Detection: that already that Affected Affected Severity Medium x.x.88.187, have Medium x.x.82.196, x.x.85.91 , x.x.95.102, Initial Latest 61 Description: x.x.85.168, Note accordance 72 x.x.95.26 Initial MD2, Note Latest x.x.91.167, generate Description: x.x.83.35 , x.x.85.90 , x.x.91.254, x.x.85.141, Using Signed Expiry Algorithm Hashing Certificate Certificate Vulnerability SSL Weak SSL
56 April 2, 2018 to as by be PCI ser - in will x.x.83.36, x.x.80.16, x.x.85.61, x.x.89.40, x.x.94.35, x.x.95.26 attacker x.x.80.233, x.x.91.159, strength affected x.x.109.150, x.x.109.224, x.x.212.145, affected found an are versions the medium SSL x.x.85.60, allows x.x.83.35, x.x.91.236, x.x.80.159, x.x.89.153, x.x.95.100, x.x.80.232, x.x.91.156, network. these of suite. x.x.208.47, x.x.109.146, that x.x.109.218, enforcement entirely. between that regards of way ciphers. physical x.x.89.40, x.x.85.59, (so versions x.x.94.35, x.x.80.23, x.x.82.146, x.x.80.158, x.x.89.152, x.x.91.147, encryption date disabled Nessus x.x.208.130, same unsafe x.x.109.145, be the These strength x.x.109.217, 3DES protocol an the of x.x.85.57, x.x.88.189, in x.x.93.148, communications 3.0. on x.x.80.186, x.x.90.79, the As the x.x.80.153, x.x.89.148, x.x.82.145, is 3.0. this encryption. of protocols medium SSL x.x.196.117, uses of and x.x.109.143, decrypt x.x.85.56, x.x.109.209, that these x.x.84.103, use attacker 2.0 x.x.93.147, to x.x.90.211, x.x.80.177, version x.x.88.36, and/or strength x.x.80.57, x.x.80.150, instead. that or the cryptography’. implement else SSL 2.0 if avoid or x.x.195.146, to communications. x.x.85.55, x.x.109.142, medium SSL higher ’strong x.x.80.167, bits, x.x.93.146, attacks x.x.88.34, x.x.90.207, x.x.80.172, supported x.x.109.208, disable or x.x.80.15, x.x.80.56, of browsers offer to 112 secure using encryption possible recommended web if x.x.165.65, that for suites) than x.x.85.32, highest is it x.x.80.158, x.x.109.139, definition x.x.91.254, x.x.90.201, x.x.80.170, x.x.88.224, the x.x.80.51, many less strength x.x.80.140, x.x.109.207, cipher encrypted ciphers and SSC’s application documentation x.x.162.12, man-in-the-middle acceptable SSL x.x.85.209, better), schemes. bits Therefore, medium PCI of choosing x.x.91.249, x.x.90.200, x.x.80.167, x.x.228.130, x.x.109.131, x.x.80.12, x.x.88.189, x.x.80.41, 64 approved the for longer affected use connections x.x.109.205, conduct ciphers. nothing least no (with x.x.158.11, the the to application’s meet at resumption is POODLE). x.x.85.205, circumvent UTC UTC CBC 1.1 UTC UTC means x.x.101.3, x.x.91.236, x.x.59.83, x.x.90.198, x.x.80.166, the in x.x.80.33, not to x.x.88.188, x.x.124.236, accepts 3.0 and support flaws as with TLS will 13:25 08:21 supports lengths 06:26 23:55 including: x.x.109.203, SSL secure easier Solution Reconfigure Consult Use x.x.124.236, these SSL server service (such key a host x.x.85.204, x.x.5.195, x.x.91.175, x.x.90.197, x.x.80.162, of that x.x.80.28, scheme or flaws, x.x.100.234, x.x.88.177, x.x.121.222, has uses renegotiation exploit 2018-04-04 2018-04-04 remote remote 2016-12-08 2015-01-06 client that version padding x.x.109.201, considerably connection x.x.45.66, Host(s): can CVSS 5.0 5.0 x.x.121.222, The The the x.x.85.112, Host(s): a x.x.91.168, x.x.90.183, x.x.80.161, is x.x.80.27, x.x.87.61, any determined session if SSL/TLS it clients. cryptographic Detection: Detection: has Detection: Detection: only that v3.1, insecure and encryption Affected attacker Affected Severity Medium x.x.80.26 , x.x.109.151, x.x.109.234, x.x.228.130, x.x.80.160, 114 x.x.84.103, x.x.91.167, x.x.85.91 , x.x.90.182, Initial any Latest Description: Medium Note x.x.95.26 Initial several DSS Latest Description: - An - Insecure used downgrade NIST An vice Although 11 Cipher Protocol 3 and Strength 2 Supported Medium Version Vulnerability SSL Suites SSL Detection
57 April 2, 2018 the to the used used infor - Refer uncover are was running. to is that it sensitive than manipulate calculation. anyone can cipher methods services providing attacker. header of allows the resides. list HTTP weaker connection ETag by a header which the are the SSL with Nessus patch. and in ETag an a chosen TRACK of the protocol, for which to session inodes and cipher start on file hostname, due vendor mDNS) the its information. or weaker TRACE resuming your a segment include more sniffing) not version, use allow for vulnerability by to to to contact ZeroConf files. methods. network or exact as (i.e., output the server desired. shown and session later, if on vulnerability. information. disclosure sees TRACK known or web plugin requested not type that been this that of 5353, the of more the by are (also x.x.83.143 and/or has of to 1.0.0.c for port / system that information host attacker number Refer an affected UDP Bonjour TRACE header an 0.9.8q hosts to by be resumptions the inode the x.x.109.143, by remote operating that ETag also the its traffic the documentation methods. used as affected as on OpenSSL may HTTP means is supports UTC UTC UTC UTC to UTC UTC UTC UTC subsequent these such the such understands Apache mDNS x.x.109.142, This incoming 01:06 22:49 13:39 09:53 server server 11:52 19:22 22:36 06:17 host cause OpenSSL Solution Filter linked Modify Disable Upgrade to service of web web attacker, discover initiated. an connections. to remote implementations x.x.59.83 x.x.80.186 x.x.109.139, x.x.84.103 cache was aid 2018-04-04 2018-04-03 2018-04-03 2018-03-31 remote version remote remote the 2017-04-13 2016-01-28 2014-02-04 2016-12-10 SSL server CVSS 5.0 4.3 4.3 4.3 The The The The could from attempts Host(s): Host(s): Host(s): Host(s): session session other web that Detection: Detection: Detection: Detection: the Detection: Detection: Detection: Detection: that plugin debug Affected Affected Affected Affected Severity Medium 1 Initial Latest information Description: This Medium Medium mation 1 Initial Latest Description: Initial to Medium Latest 4 Description: OpenSSL Note when Initial Latest 1 Description: Meth - Header (Remote SSL_OP_ Ciphersuite ETag TRACK / Issue Disclosure Detection Resume Server TRACE Allowed Vulnerability Information HTTP NETSCAPE_REUSE_ CIPHER_CHANGE_BUG Session Downgrade mDNS ods OpenSSL Network) Apache
58 April 2, 2018 into AES-GCM 4253 with x.x.80.27, x.x.59.83, RFC x.x.88.188, x.x.91.236, x.x.91.147, ciphertexts, x.x.109.217, x.x.109.224, 1.2 all. introduced at TLS are x.x.80.26, x.x.45.66, millions) x.x.90.79, x.x.87.61, x.x.91.175, cipher using of x.x.109.209, x.x.109.218, biases no or tens x.x.80.23, x.x.89.40, small x.x.95.26 Consider x.x.85.32, x.x.228.130, x.x.91.168, of (i.e., cipher ciphers. ciphers. x.x.109.207, x.x.109.217, many ciphers. variety x.x.80.186, weak stream x.x.88.189, x.x.95.100, weak x.x.85.209, x.x.91.167, x.x.196.117, of the RC4 wide obtain a of use Arcfour to x.x.109.205, x.x.109.205, that use x.x.80.177, the the remove x.x.88.188, x.x.91.254, network. able so to x.x.85.205, x.x.91.159, use is x.x.195.146, encryption. avoid avoid suites. to to bytes to x.x.109.203, x.x.109.203, physical of weak x.x.87.61, x.x.80.172, x.x.91.249, cipher attacker x.x.91.156, support. x.x.85.204, offer same x.x.165.65, an possible, possible configured documentation stream more if if the that is or x.x.85.32, server and x.x.109.201, x.x.109.201, on x.x.80.170, x.x.91.236, is one keys. product x.x.91.147, web server x.x.84.103, in ciphers x.x.124.236, and application, application, weak cookies), SSH RC4 SSL x.x.84.103, attacker consult pseudo-random x.x.80.166, of of x.x.109.143, x.x.109.143, x.x.91.175, with or a x.x.90.79, x.x.95.26 the x.x.80.57, HTTP if of browser affected affected use use remote to issue x.x.121.222, the the x.x.80.28, the the the plaintext. vendor (e.g., an UTC UTC UTC exploit x.x.80.162, UTC UTC UTC x.x.91.168, the the to that x.x.90.183, x.x.95.100, x.x.109.142, x.x.109.142, to x.x.80.56, subject generation x.x.157.83 due 09:30 12:20 12:20 supports supports 00:07 05:57 23:55 its derive easier randomness. x.x.109.234, in Solution Contact suites Reconfigure Reconfigure encrypted x.x.124.236, to detected host host x.x.80.160, its x.x.89.40, x.x.94.35, x.x.91.167, Arcfour x.x.80.51, has x.x.109.139, x.x.109.139, able x.x.105.90 , flawed 2018-04-04 2018-04-04 2018-04-04 be remote remote 2018-03-05 2013-10-23 2015-01-06 is using repeatedly considerably x.x.109.224, CVSS 4.3 4.3 4.3 x.x.121.222, The Nessus The may Host(s): Host(s): decreasing x.x.80.159, is x.x.88.224, x.x.91.254, x.x.91.159, is x.x.80.33, Host(s): cipher against Detection: Detection: Detection: This Detection: Detection: Detection: RC4 stream, attacker Affected Affected plaintext Affected Severity Medium Initial Latest 2 Description: advises Medium x.x.80.28 , x.x.88.189, x.x.91.249, Initial Latest Description: x.x.80.153, The If the x.x.109.218, the Medium 61 x.x.109.234, x.x.91.156, Initial Latest Description: 31 Note: Sup - Sup - Sup - Suites Suites Algorithms Mitzvah) Cipher Cipher (Bar Weak RC4 Weak Vulnerability ported SSL ported SSL ported SSH
59 April 2, 2018 a ). third a factor attacker Through x.x.82.146, x.x.91.156, can x.x.109.224, and bits. recommended is CVE-2015-0204 size x.x.92.9 1024 it cryptanalysis, attacker to x.x.80.15, x.x.91.147, (e.g. An x.x.109.218, Thus, modulus x.x.92.4, equal Through or on bits. suites x.x.5.195, greater. suites. bits. x.x.90.79, 512 than or x.x.92.10, to cipher 512 connections. x.x.109.217, less bits cipher to of suites. suites. (depending x.x.95.26 equal x.x.45.66, x.x.89.40, 2048 moduli or equal time of cipher cipher x.x.90.182, or integrity of than x.x.109.205, the than EXPORT_RSA x.x.27.11, x.x.95.100, moduli less EXPORT_DHE x.x.88.189, amount less use x.x.89.153, violate Diffie-Hellman use keys to short EXPORT_DHE EXPORT_RSA keys to x.x.109.203, a more x.x.91.254, with for for x.x.255.171, with in or x.x.88.188, Diffie-Hellman session potentially x.x.89.152, session one suites or the suites support support secret suites. the unique with x.x.91.249, x.x.109.201, a cipher x.x.87.61, x.x.255.167, cipher plaintext x.x.85.112, cipher use remove remove shared time. to to to of the downgrade the downgrade weak x.x.91.236, to connections to x.x.85.32, find x.x.109.146, x.x.84.3, for service service service time. amount recover to x.x.255.162, able EXPORT_RSA of able to the the the EXPORT_DHE be short able SSL/TLS be UTC UTC support UTC UTC UTC UTC x.x.84.2, x.x.91.175, suites. a be x.x.84.103, in amount may may attacker x.x.109.139, supports 13:25 09:53 05:11 supports allows 01:08 06:17 05:07 cipher may remove an x.x.255.159, short Solution Reconfigure Reconfigure Reconfigure secret host to host host a x.x.84.145, x.x.91.168, attacker weak party in allow attacker x.x.80.28 , x.x.10.2, x.x.84.103 for shared 2018-04-04 2018-03-31 2018-04-04 remote may remote remote third 2015-05-31 2016-12-10 2015-03-09 a middle middle the x.x.195.146, CVSS 4.3 4.3 4.3 modulus The The The This Host(s): Host(s): x.x.83.163, x.x.91.167, Host(s): support recommended find is RSA Detection: Detection: Detection: it Detection: Detection: Detection: can Affected Affected man-in-the remove man-in-the Affected Severity Medium Medium resources). Initial Latest Description: x.x.83.162, cryptanalysis, 32 x.x.109.234, Initial Latest 1 party Description: A to Medium Initial Latest x.x.91.159, Description: 19 512-bit A Thus, <= <= Sup - Suites (Logjam) Suites Cipher Bits (Logjam) EXPORT_RSA EXPORT_DHE Cipher 1024 Export (FREAK) <= Vulnerability 512-bit Supported SSL/TLS 512-bit ported Mod - SSL/TLS Diffie-Hellman ulus SSL/TLS
60 April 2, 2018 to of this vul - The pro - sup - AES block disabled. way is as The be only repeatedly enable cipher only decryption to such can can newer in POODLE. it the the or as should POODLE. is for cipher SSLv3 as ciphers application TLSv1 until allow known block however, if SSLv3 a block known victim immediately could a even clients; using x.x.95.26 employs mechanism Disabling force vulnerability SSLv3 to that SSLv3, vulnerability legacy vulnerability SCSV to encrypted able x.x.94.35, suite disable This are disclosure back’ disclosure impacting Fallback cipher cannot they a implementation. if messages ’rolled TLS x.x.91.236, that decrypted. tries without be SSL using the information be information Sites 256 to can decrypting when as x.x.89.40, enable (MitM) attacks (MitM) traffic particular few when as should padding TLS any connection in mechanism. rollback’ in bytes x.x.88.189, a text the cipher SSLv3 not update. encrypted ’version an connections. man-in-the-middle padding SSLv3, cipher block man-in-the-middle support a a for support x.x.84.103, 3.0 a allow of by by SSL can must handles support prevents party. specification, verifying byte vendor service UTC UTC 3.0 that UTC UTC not the SSLv3. both third affected and affected x.x.228.130, created is SSLv3 SSL checking is 08:21 12:59 selected 23:55 21:56 x.x.228.130 server a client mechanism the Solution Disable Services Contact way service host newly host service. in vulnerability. the TLS the padding and over unauthorized the SCSV and decrypt to of x.x.124.236, x.x.10.2, the remote 2018-04-04 2018-04-04 when remote an 2015-01-06 2015-07-05 to mode. data can due client lack by client CVSS 4.3 4.3 The is The a due mitigate Host(s): Host(s): vulnerability The Fallback the is same as (CBC) a traffic by Detection: Detection: Detection: Detection: attackers the is TLS connections DES. long Affected Affected Severity Medium completely Medium mechanism. This send As chaining MitM ported The tect Initial Latest Description: vulnerability 8 HTTPS and nerability Initial Latest Description: 2 On Encryp - Informa - Oracle Vulnerability (POODLE) Oracle Legacy Padding POODLE) Disclosure Padding Vulnerability Vulnerability (TLS SSLv3 Downgraded tion TLS tion
61 April 2, 2018 of tab from ’Remote’ Credential screenshots the mechanisms, the computer on obtain uses done remote Kerberos and NLA the or easily only. generally protect is more TLS/SSL (NLA) This helps established. is through also server. NLA either RDP communications Authentication connection cryptography. the on Level remote RDP strong the authentication, full authentication a use on Network to eavesdrop : server to use before (NLA) of improving to to one strong configured to attacker not an addition level is Windows. configured perform authentication In Authentication on allow to not user is service Level may attacks. encryption settings protocol UTC UTC UTC UTC RDP Services service Compliant Network Services completing this ’System’ 00:33 00:33 by High FIPS 00:10 00:10 (CredSSP) Solution Enable the Change 3. 4. with Terminal Terminal man-in-the-middle software x.x.108.25 x.x.108.25 2018-03-30 2018-03-30 Provider remote remote 2018-03-05 2018-03-05 and against CVSS 4.3 4.3 The The cryptography Host(s): Host(s): users Support keystrokes. Detection: Detection: protect weak Detection: Detection: Affected Affected Severity Medium Medium malicious 1 Initial Latest Description: Security which 1 Initial Latest Description: Using and/or Doesn’t Authenti - Low Encryption or Level Only Services Services Medium (NLA) is Network Vulnerability Terminal Use cation Terminal Level
62 April 2, 2018 the if with in to tags. major which support result attacker all header HTML leveraging positives possible x.x.81.241, an clickjacking, can by transactions. By be restricts false for HTTP iframe This ’frame-ancestors’ which increasing may or in be. it directive x.x.81.126, supported to with produce JavaScript. frame directive) attack, mitigations page may policy the security-sensitive Group, the currently application, only any redress malicious using is plugin x.x.255.159, the of UI web this and or when Content-Security-Policy Working the not perform perceives a ’frame-ancestors’ of strings site or not are ’frame-ancestors’ user the attacks x.x.124.231, Therefore, Security The the does clickjacking request (with another structure header a headers by to what page the attacks. site clickjacking sanitize the on x.x.12.165, than if Application automation. response the or other rendered response Web mitigate and different through being expose adequately to Depending is deployed to W3C x.x.109.234, upgrade. that from way Content-Security-Policy are the fails or a detected or clickjacking X-Frame-Options cookies. feasible. page by potentially as that be is content an patch a can x.x.109.221, could set JavaScript) mitigate server for Content-Security-Policy arbitrary attack that page’s to not proposed Microsoft mechanism. vulnerable This transactions. web and the by a way inject the this fixation. vendor X-Frame-Options does a fixation been to of UTC UTC UTC UTC methods the x.x.109.218, as resource. the response. using has frame-busting malicious running able area prevents x.x.87.205 responses. server session 11:07 13:51 is proposed or session 21:16 16:01 an be of reliable (e.g., attack Solution page’s This Return Contact web the vendors, (CSP) host protected if may been content X-Frame-Options most x.x.109.217, vector the clicking all x.x.87.202, has fraudulent the fixation’ 2018-04-04 2018-04-03 in the remote : check remote 2017-09-14 2017-03-05 browser only into strategies attacker not CVSS 4.3 4.3 embed The that The the Host(s): while an user Host(s): major header did ’session a currently vendors. can not note all a performing Detection: Detection: is that Detection: Detection: mitigation are issue, trick Affected user Affected Severity Medium 10 x.x.83.130 Initial Latest Description: response can among Medium a X-Frame-Options browser Content-Security-Policy sources other Note they Initial 2 Latest Description: this Please - Nessus - This launch Cookie Potentially Clickjacking Generic to Application Server Vulnerability Web Vulnerable Web Injection
63 April 2, 2018 that so a by the by 6.40.x remote server network A within messages implemen - affected the 6.39.3, the decrypt error to intercepted in to browser be The prior therefore, configure JavaScript. error is, ability an user’s could It 6.9.X a to case, the in in (AES-NI). due malicious which protocol. latter 1.1.0g. of code MikroTik to the of resulting In prior cleartext, script strings processors handshake in vulnerability version and attack, 1.1.0 a is request WPA2 SSL/TLS). HTML oracle later. host the disclosure x86/amd64 running over transmitted or in in is sanitize be remote (FTP to padding arbitrary 6.41rc a later. / device the or information HMAC-SHA256. available on FTPS discovered or adequately or execute 6.40.4 later. password conduct / to 1.0.2h (MitM) to or to / networking running and suite) upgrade. fails 6.39.3 or acceleration 1.1.0g 1.0.1t that SSH vulnerabilities request, name attacker HMAC-SHA1 remote AES patch the OpenSSL encrypted. the with a version version of of server user’s the RouterOS crafted are multiple for man-in-the-middle x.x.59.81 the x.x.87.205 to use a web mode (part version, a to version by attack. vendor OpenSSL MikroTik OpenSSL CBC specially allows the SFTP UTC UTC UTC UTC UTC man-in-the-middle to to to a UTC UTC UTC UTC in UTC the a connections to written vulnerable running x.x.193.95, x.x.87.202, via affected site. is AES server 20:08 10:31 11:56 14:33 02:11 is 19:49 21:53 19:26 17:28 07:35 banner, self-reported allow Solution Contact Upgrade Upgrade control Switch Upgrade use its its host issue, FTP host specially to to affected therefore, allow that is vulnerability. this It, man-in-the-middle x.x.196.117, x.x.80.193 x.x.236.156 x.x.124.226, x.x.124.226 the a 2018-04-03 2018-04-02 2018-04-04 2018-04-03 2018-04-02 remote remote remote 2017-09-15 2017-11-07 2018-03-04 2017-03-06 2017-08-30 of server or carry exploit 4.3 CVSS 4.0 2.9 2.6 2.6 The The According The According 6.41rc. the Host(s): Host(s): Host(s): Host(s): Host(s): or by can ciphersuites sniffer context Detection: Detection: Detection: Detection: Detection: of Detection: Detection: Detection: Detection: Detection: implementation unspecified 6.40.4, Affected Affected Affected Affected Affected Medium Severity 3 Initial Latest Description: attacker security Medium Initial Latest 1 Description: an Low Initial Latest 1 Description: Low < 3 Initial Latest Description: network Low Initial Latest Description: 1 returned traffic. tation The / Au - Dis - Carry 1.1.0g 6.39.3 Padding XSS < < Cleartext (KRACK) Information Generic 1.1.0 AES-NI Unspecified RouterOS 6.41rc MitM / Supports Server Vulnerability FTP 6.40.4 thentication OpenSSL Oracle closure Issue MikroTik Web OpenSSL RSA/DSA
64 April 2, 2018 GCM or the AUTH CTR uncover x.x.89.182, recover weak. can enable to command, attacker x.x.84.50, attacker considered An USER versions. algorithms. an x.x.89.194 are versions. (eg, encryption, and MAC allow x.x.83.74, which software of cipher software may connections. 96-bit x.x.89.182, compliant. mechanism both This and x.x.32.33, mode stunnel. vulnerable MD5 vulnerable CBC x.x.84.50, for FIPS-140 using unencrypted for algorithms, encryption. not TLS disable x.x.236.156, check over authentication disable is / check to to MAC x.x.83.74, not (CBC) SSL not logins secure service does 96-bit with it does or less x.x.194.170, x.x.32.33, a Chaining cleartext and if and traffic MD5 Services documentation documentation Block allows server server, : either encrypt daemon x.x.174.177, to product that product x.x.236.156, Terminal or SSH SSH Cipher allow fix level POP3 the the a to consult consult of of remote the daemon for or or support x.x.157.83, to the to x.x.194.170, by POP3 encryption options options vendor encryption. configured a traffic vendor vendor is the the UTC UTC UTC UTC used UTC UTC UTC UTC RDP your the Compliant the for for mode x.x.127.185, configured running sniffing x.x.157.83, server 01:06 11:56 11:56 00:33 is is 11:52 FIPS 16:26 16:26 00:10 setting by ciphertext. Solution Contact Contact cipher Contact Change 4. checks checks used. SSH host the is server only only x.x.105.90 , x.x.59.83 x.x.105.90 , x.x.108.25 from 2018-04-04 2018-04-04 2018-04-04 2018-03-30 SSH remote encryption remote passwords 2017-04-13 2014-02-03 2014-02-03 2018-03-05 LOGIN) plugin plugin 2.6 CVSS 2.6 2.6 2.6 The The The The and Host(s): Host(s): Host(s): Host(s): this this message AUTH Detection: Detection: Detection: Detection: Detection: Detection: Detection: Detection: that that names Affected Affected Affected Affected Low Severity Initial Latest Description: 1 user PLAIN, Low x.x.89.194 Initial Latest 11 Description: plaintext Note Low Initial Latest Description: 9 Note Low 1 Initial Latest Description: Ci - Per - Compli - Mode Algorithms Encryption Logins CBC MAC FIPS-140 Services not Cleartext Enabled is Server Weak Vulnerability Enabled Terminal ant phers SSH mitted SSH Level POP3
65 April 2, 2018 web their there (NAT) systems, that x.x.197.23, x.x.193.149, x.x.195.245, servers, transmit Translation web operating Knowing which x.x.196.96, users. other x.x.195.208, x.x.193.138, Address different balancer. valid affect ’password’ of cleartext. load x.x.196.94, running Network also a over type x.x.195.145, a be x.x.193.130, of may redirection. passwords behind may to behind input x.x.196.93, This and an hosts x.x.195.142, others x.x.193.12, authentication HTTPS. related logins x.x.59.81 masked HTTPS. users. over or ’Basic’ several x.x.196.253, over obtain underlying containing disclosure. x.x.194.79, by valid configuration. with x.x.192.20, of the content hidden may x.x.9.184 x.x.196.250, fields as default misconfigurations protected transmitted x.x.196.250, server form of information usually its is x.x.194.207, transmits are conjunction passwords x.x.192.16, in attacker and are in hide x.x.52.235, form an that x.x.195.142, and HTML variety to this to that a browser x.x.196.200, running logins pages x.x.194.196, doing several authentication useful sensitive be x.x.192.133, x.x.41.180, web through web 4.0 be to x.x.194.196, obtain addresses configuration and every HTTP IIS IP contains could x.x.196.194, cleartext. web between might that that seems x.x.194.188, contains UTC UTC UTC UTC in UTC UTC x.x.41.168, UTC UTC x.x.157.83, the sure sure x.x.157.83, internal server balancers traffic traffic Microsoft x.x.82.145 service server 00:11 13:17 13:35 10:41 server 09:47 08:54 a 18:46 18:46 server the the load Solution None Update Make Make web with web x.x.196.134, web x.x.194.170, web expose x.x.41.166, behind x.x.124.231, issue x.x.158.25 , x.x.93.146 x.x.124.231, may remote proxies, 2018-04-02 2018-03-31 2018-04-04 2018-04-04 remote server. remote 2017-01-09 2015-04-08 2017-11-28 2017-11-28 remote a web CVSS 2.6 2.6 2.6 2.6 The This The etc. The systems Host(s): eavesdropping eavesdropping known x.x.196.119, to x.x.41.161, x.x.194.150, proxy Host(s): Host(s): Host(s): a or is Detection: Detection: Detection: Detection: Detection: Detection: Detection: Detection: multiple attacker attacker Affected Affected Affected Affected Severity Low Low Initial applications, 2 Latest Description: Firewall There patchlevels, Low are Initial Latest 1 Description: x.x.196.10 , x.x.193.95 , x.x.197.47 , Initial Latest 38 Description: information An Low Initial Latest Description: 6 An Au - Clear- Balancer HTTPS Basic Header In - Load Uses Transmits Without Disclosure IP Server Server Server Credentials Vulnerability thentication Detection Web text Web Server HTTP Web ternal Web
66 April 2, 2018 not is is, at - files this, user It argu - switch. content any -v remote host exploit remote the ) 2016.74. and access can any sensitive to to using that prior user run attacker is Therefore, the usernames unauthenticated, ensure then in CVE-2016-7406 host ( to An remote and allows logins. %x) files. server remote This and option privileges. key the FTP %s on root anonymous the (e.g., unauthenticated, with credentials. OpenSSH allows check running An code DEBUG_TRACE host ) unique SSH specifiers crafted or the scripts. later. Routinely ) arbitrary remote or in with format the Dropbear specially ) password on of execute a required. CVE-2016-7409 string 2016.74 ( to compiled not of arguments banner, this CVE-2016-7408 is ( -c running are its it handling version providing or if in memory. they CVE-2016-7407 : exploit code. ( handling -m SSH server if FTP can without the improper version process FTP code. to server arbitrary the improper available. Dropbear server UTC UTC due attacker to to UTC UTC vulnerabilities that handling anonymous disclose the arbitrary made x.x.184.204 to execute to due dropbear self-reported 01:06 08:21 21:23 12:21 to remote when this server. or its Solution Upgrade Disable being following detected execute to exists FTP to script, the has exploit x.x.194.170 x.x.124.236, dbclient by the flaw dropbearconvert dbclient this authenticate 2018-04-03 2018-04-04 2018-03-04 2017-04-19 in can in in by crafted and CVSS 2.1 0.0 According Nessus string exploit unauthenticated, Host(s): Host(s): affected exists exists exists An attacker Detection: can Detection: available Detection: Detection: specially connect format flaw flaw flaw a local Affected Affected Severity Low ments. -A tacker -A via -A A Low Initial Latest Description: -A 1 therefore, 2 Initial made Latest Description: may < Server - Vulnerabili Enabled FTP SSH Multiple Vulnerability 2016.72 ties Anonymous Dropbear
67 April 2, 2018 any reissue 2010, bits. industry and certificate x.x.92.80, x.x.85.78, 31, to 2048 key, SSL least x.x.85.75, at According longer December some x.x.91.236, a be to bits. with must prior x.x.85.72, 2048 x.x.91.165, Additionally, length 2014 than in issued 1, bits 2014. x.x.85.163, were shorter 1, January x.x.91.164, 2048 is they if after that than January x.x.85.162, bits key less a issued x.x.91.163, after 2048 key has bits x.x.84.145, RSA than 2014. host 1, certificates 2048 the x.x.91.162, less remote with than x.x.27.34, keys Forum, January the less chain certificate. x.x.89.41, by RSA (CA/B) the before old keys sent in with the bits x.x.228.130, by x.x.89.40, reject 2048 certificate may certificates signed certificates than UTC the UTC x.x.196.117, Authority/Browser less root exempt. X.509 x.x.88.189, 13:15 11:21 the flag them Solution certificates Replace of not x.x.85.9, implementations one Certification certificates x.x.121.222, will 2018-04-04 the 2013-10-23 considers SSL least by revoke 0.0 CVSS At Host(s): x.x.95.26 x.x.85.88, Nessus set may browser Detection: standard Detection: that Affected the Low Severity x.x.85.79, x.x.95.100, Initial Latest Description: standards 24 Some vendors as Note Con - Than Less Chain Keys RSA Certificate bits Vulnerability 2048 tains SSL
68 April 2, 2018 a a a the that that that and as as as it. of of of Vulnerabilities use used used used change is is is not vendor vendor vendor or solutions do the the the for port, later. later. later. you libupnp libupnp libupnp or or or if If If If vulnerabilities. this contact contact contact to host later. later. later. later. 6.38.5 6.38.5 6.38.5 later. later. later. or or or or critical references or or or going later. later. remote and the or or 6.41.3 6.41.3 6.41.3 6.41.3 version version version application, application, application, the in 1.6.18 1.6.18 1.6.18 high packets on 5.6.34 5.6.34 different different different UDP RouterOS RouterOS RouterOS RouterOS RouterOS RouterOS RouterOS version version version a a a displays service string. advisory by by by version version fix. fix. fix. a a a only libupnp libupnp libupnp SNMP MikroTik MikroTik MikroTik MikroTik MikroTik MikroTik MikroTik PHP PHP incoming for for for CERT library library library to to to to to to to to to to to to table the community network. filter the party party party The default Upgrade Upgrade Upgrade Upgrade Solution Upgrade Upgrade Upgrade Upgrade application third Upgrade application third Upgrade application third See workarounds. Upgrade Upgrade Disable Either secure a scans. 11 11 11 12 30 29 30 30 30 31 23 25 87 212 Age Days maintain or vulnerability IP Address and Severity Critical Critical Critical Critical Critical Critical Critical Critical Critical Critical High High High High establish to SMB SMB SMB SMB Buffer Buffer mapping Stack- Stack- Stack- Server Server Server Scan order Devices Devices Devices in RCE RCE RCE Community 6.41.3 6.41.3 6.41.3 6.41.3 Stack Stack HTTP HTTP HTTP < < < < network (ChimayRed) (ChimayRed) (ChimayRed) Bounce UPnP UPnP UPnP Multiple Multiple Multiple Mitigations by the for for for Port Default RCE RCE RCE 5.6.34 5.6.34 considered Overflows Overflows Overflows 1.6.18 1.6.18 1.6.18 < < from be < < < RouterOS RouterOS RouterOS SDK SDK SDK RouterOS RouterOS RouterOS RouterOS Write Write Write Agent Buffer Buffer Buffer (public) Overflow Overflow Overflow Overflow 5.6.x 5.6.x host, Privileged should by Vulnerability MikroTik Buffer Buffer Buffer Buffer Arbitrary MikroTik MikroTik MikroTik MikroTik MikroTik Arbitrary MikroTik Arbitrary Portable (libupnp) based Portable (libupnp) based Portable (libupnp) based FTP Overflow PHP Overflow PHP SNMP Name that ordered solution Port(s) NA NA NA NA 8090 8090 8090 49152 49152 49152 21 80 443 161 results, mitigation scan Host x.x.105.90 x.x.157.83 x.x.192.34 x.x.236.156 x.x.105.90 x.x.157.83 x.x.192.34 x.x.194.150 x.x.196.200 x.x.196.96 x.x.124.236 x.x.124.231 x.x.124.231 x.x.175.46 detailed Critical and High Vulnerability recommended a presents have Owner SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG SUB_ORG section identified Appendix D This
69 April 2, 2018 of an then false false is a expires for listing is submit full a finding status findings finding please For the Positive If the Expiration 2018-05-22 positive report Positive False to Expiration positive, positive. section. False like False false false determined this a a Positive would of Effective from 2017-05-22 recipients. Positive date Effective False SAMPLE SAMPLE considered report False removed how If to still be 16:51 (UTC) expiration is will Detection the (UTC) positive present). indicating days. finding is Detection finding Latest 30 false extend the 2018-02-25 a the to Latest next evidence like the and vulnerability 15:59 (UTC) in expires, a determined constitutes (UTC) Detection would Detection expire status analysis what Initial indicates an will 2017-05-10 for SAMPLE Initial SAMPLE If that positive with how 443 Port Port false incorrectly days. contact findings 30 that determination of Host indicating Host the finding’s data within a point positive x.x.85.185 (i.e., leave evidence false When Severity will expiring no and technical is Critical positive Severity NCATS. NCATS false analysis currently by positive be an designated are Findings. to such false HTTP.sys Execution with a your as check) insufficient, in There as is NCATS Positive Code to contact Findings marked through status of False Findings was All Remote email Vulnerability point submission whose asserted (uncredentialed an E.2: the Positive Allow positive reviewed. Findings Vulnerability Positive findings technical submit SAMPLE be false Vulnerability MS15-034: Could (3042553) Appendix that the determines please positive see should False Positive after Soon False designated false findings NCATS Owner status please days your lists its lists Owner SUB_ORG 365 Unless consideration, All False Expiring through positives, section section default positive. by positive re-detected, Appendix E This E.1 This email E.2 false
70 April 2, 2018 Appendix F Frequently Asked Questions
This section seeks to answer the most frequently asked questions about Cyber Hygiene reports.
1. I think the vulnerability listed in my report is a false positive. Can you remove it from my report?
• If you believe a finding to be in error, you can submit a false positive assertion to [email protected] which should include the following: – the name of the vulnerability, – IP address and port, and – your analysis and supporting evidence. NCATS will review and perform our own analysis. This will not include exploiting a vulnerability, but may include actively sending packets to the host in question. • If our research appears to confirm your analysis, the vulnerability will be marked as a false positive for that host and will stop appearing in the main body of report for one year. Vulnerabilities marked as ’false positive’ will be reported in Appendix E: False Positive Findings, along with the name and date of the individual who submitted the request to us. • NCATS reserves the right to assert that certain findings are not false positives, and when false positive assertions are accepted by NCATS, that acceptance should not be construed as validation that a finding is in fact a false positive.
2. Can I get the data you created this report from in CSV?
• Certainly! See Appendix G: Attachments.
3. I fixed a vulnerability listed in my report. Can you rescan to verify?
• CyHy automatically rescans whenever a vulnerability is detected, so there is no need to notify us that you’ve fixed something. If we can no longer detect the vulnerability, it will be listed in Appendix B.1: Mitigated Vulnerabilities.
4. The DHS Binding Operational Directive 15-01 (BOD) requires my agency to fix Critical vulnerabilities within 30 days. If we can’t do that, who do we contact and what needs to be sent?
• For all questions or submissions related to the BOD, please email [email protected]. • To be clear, if a Critical vulnerability – is less than 30 days old and your agency can fix it before it hits 30 days old, nothing needs to be sent to DHS. – can’t or won’t be fixed within 30 days (or it’s already older than 30 days), send [email protected] a Plan Of Action and Milestones (POA&M) that includes the following information: (a) a detailed justification outlining any barriers to expedited mitigation, (b) the steps you are taking to get to a resolution, and (c) a timeframe for mitigation. • Remediation of the Critical vulnerability will be validated when our scans no longer detect the vulnerability, not through an assessment of or concurrence with your submitted POA&M. Even with the submission of a POA&M, the vulnerability will continue to be listed on your CyHy report until remediated (i.e., it will not be marked as a false positive).
5. Can I add my third-party hosted/managed servers?
• Yes, and we recommend that you do so, but we request that you obtain authorization/consent before we begin scanning them. DHS does not require documentation from your third-parties.
6. Why do the host counts in my Cyber Hygiene report not match the number of known Internet-facing end points on my network?
• This is likely due to a difference in what we’re defining as a host. CyHy considers a device a host if there is at least one open port/service operating at the address. When we scan, any number of things can occur that make it appear that nothing is at that address (e.g., our scans are blocked by host or network filters, the device is down for maintenance, packets are dropped or lost en route, etc.).
71 April 2, 2018 • If a port is detected as ’tcpwrapped’, it means that the TCP handshake was completed, but the connection was closed before any data was sent back. For the purposes of this report, tcpwrapped ports are not considered to be ’open’. If a device only responds with tcpwrapped ports, then it will not be considered a host by CyHy. For more information about tcpwrapped ports, see https://secwiki.org/w/FAQ_tcpwrapped. • The intent of CyHy is to find vulnerabilities, not count hosts, and our metrics should not be relied upon as a verified host count of your organization. The weekly host count should be taken as an estimate. If, however, there are no or extremely low host counts reported when there are known active hosts, it is possible that the CyHy scans are being blocked.
7. I’ve added a new host and your scans are not picking it up.
• CyHy is not scanning your entire IP scope every week. If you’ve stood up a new server in a range that we only recently scanned and found nothing in, it’s possible that the new server would not appear for nearly 90 days. If you want the new host to be scanned immediately, you can email [email protected] and we’ll manually scan it, which will add it to your weekly report.
8. I’m getting SSL/TLS certificate vulnerabilities that I think are incorrect.
• In our scans, we will use the Mozilla trust store. NCATS will not accept any other roots. This is done as a matter of practice and principle: as practice, because maintaining private roots from our various stakeholders is operationally infeasible; as principle, because our scans aim to ensure that the user of your services is protected. The Mozilla trust store is generally representative of a ’lowest common denominator’ in what a public-serving site can reasonably expect of those users whose devices they do not manage. • Ensure that the root your certificate is issued from is included in the Mozilla root store. You should also verify that the in- termediate certificates are presented with your site certificate. This allows the scanner to validate the certificate’s chain of trust. • Though the site is Federal Government-centric, tons of great information can be found at https.cio.gov regarding Hypertext Transfer Protocol Secure (HTTPS), much of which is applicable for SSL/TLS more generally.
9. What do the different appendices represent? How can a vulnerability be in more than one appendix? Which vulnerabilities are counted in the Report Card?
Vulnerability Type Counted in Listed in Appendix Report Card? A B.1 B.2 B.3 B.4 C
Detected in latest scan, for the first time (i.e. “brand new vulnerability”) Yes .. . Re-detected in latest scan (previously reported; was present in last Yes . . week’s Appendix A and C) Re-detected in latest scan (previously reported and mitigated; was Yes . . . NOT present in last week’s Appendix A and C) Reported last week in Appendix A and C, but not detected since then No . (i.e. “currently mitigated”) Not detected in latest scan, but detected at some point between last No . report and latest scan
10. Can you scan my IPv6 addresses?
• There is currently no ETA for CyHy to scan IPv6 addresses.
11. Can you scan this list of domains for me?
• For vulnerability scanning, CyHy does not presently scan domain names directly, but we expect to do so in FY18.
12. How can I change who receives my Cyber Hygiene report?
• The CyHy report will be delivered to a single address. Most organizations set up a distribution address which takes incoming mail and delivers it to individual mailboxes. NCATS strongly recommends this approach because it allows your organization to grant access to the report to whomever you’d like, as well as manage the change control of employees onboarding or leaving. If you need to change the distro we mail to, email us at [email protected].
13. Can I change the password for my report?
72 April 2, 2018 • If you need to request a new password for your report, email us at [email protected]. Please let us know if you’d like the password texted, delivered over the phone (note if voicemail is ok), or just emailed back.
14. How is the age of each vulnerability calculated?
• Vulnerability age is determined by when it was first detected on a host, not from when it first appeared on a report. For more information, refer to the “Recurring Vulnerabilities” paragraph in Section 5.2: Methodology / Process.
73 April 2, 2018 Appendix G Attachments
If your PDF viewer supports embedded attachments you will see paperclip icons below for each attached file.
• findings.csv : Detailed list of all vulnerability findings for each IP address and port.
• mitigated-vulnerabilities.csv : List of vulnerabilities that were included on the last report, but were not detected in the latest scans.
• recently-detected.csv : List of all vulnerabilities detected since the last report, but not detected in the latest scans.
• services.csv : List of all discovered services and the associated IP address and port. NOTE: This attachment excludes the 63,276 service(s) detected as ’tcpwrapped’, which indicates that a full TCP handshake was completed, but the connection was closed before any data was sent. For more information, refer to the Frequently Asked Questions section.
• hosts.csv : List of hosts discovered with IP address, best-guess OS identification, and hostname if available.
• scope.csv : List of IP addresses that were in scope for this report.
• false-positive-findings.csv : List of all reported false positive vulnerability findings.
• sub-org-summary.csv : Data from the Sub-Organization Summary.
• days-to-mitigate.csv: Metrics over time for median and maximum days to mitigate findings (calculated with vulnerabilities mitigated since date listed in each row).
• days-currently-active.csv: Metrics over time for median and maximum age of active vulnerabilities (active as of date listed in each row).
74 April 2, 2018 Appendix H Glossary and Acronyms
Glossary active vulnerability A vulnerability that was detected in the most recent scan of a host used for this report. 8, 15 false positive Any normal or expected behavior that is identified in this report as a potentially exploitable vulnerability. 7, 15, 70, 71, 74 host A device that has a least one open port/listening service. 5, 7, 11, 12, 14–16, 19, 69, 71, 74 initial detection The initial point in time when Cyber Hygiene scans identified a vulnerability. This date is used to calculate the vulnerability’s age. 8, 9, 12, 23, 32, 36
IP address A numerical label that identifies each device using the Internet Protocol to communicate over a network. 71 latest detection The most recent time when Cyber Hygiene scans identified a particular vulnerability. 32, 36 mitigation detection The date when a previously identified vulnerability was no longer detected by Cyber Hygiene scans. 23 service An application running at the network application layer that provides communications capabilities across an IP computer network. 5, 11, 12, 18, 74 severity Please review the following guide for vulnerability severity scoring information: https://www.first.org/cvss/v2/guide. 5, 12, 16, 19, 21 vulnerability A weakness in an information system, system security procedures, internal controls, or implementation that could be exploited by a threat source. 5, 7–9, 11, 12, 15, 16, 18–21, 23, 32, 36, 44, 69–71, 74 vulnerability age The time between a vulnerability’s initial detection date and its latest detection date. 8, 9, 12, 73 vulnerable host A host with at least one vulnerability detected on the most recent scan used for this report. 19
Acronyms
CS&C Office of Cybersecurity and Communications [https://www.dhs.gov/office-cybersecurity-and-communications]. 11
CSV Comma-Separated Values. 5, 10, 11, 71
CVE Common Vulnerabilities and Exposures; for more information refer to https://cve.mitre.org/about/faqs.html. 13
CVSS Common Vulnerability Scoring System; for more information refer to https://www.first.org/cvss/v2. 4, 13, 15, 16
CyHy Cyber Hygiene. 5, 7–11, 13, 15, 17, 71, 72
DHS Department of Homeland Security [https://www.dhs.gov]. 5, 7, 11, 71
HTTPS Hypertext Transfer Protocol Secure. 72
IP Internet Protocol. 11, 72, 74
IT Information Technology. 7
NCATS National Cybersecurity Assessments and Technical Services. 7, 11, 12, 15, 20, 70–72
75 April 2, 2018 NCCIC National Cybersecurity and Communications Integration Center [https://www.dhs.gov/about-national-cybersecurity-communications- integration-center]. 11
NPPD National Protection and Programs Directorate [https://www.dhs.gov/national-protection-and-programs-directorate]. 11
NVD National Vulnerability Database; for more information refer to https://nvd.nist.gov. 13
OS Operating System. 11, 74
POA&M Plan Of Action and Milestones. 71
RRS Risk Rating System. 16
SAMPLE Sample Organization. 5, 7–11, 14, 15, 18–20, 70
TCP Transmission Control Protocol. 11
76 April 2, 2018