| Network Vulnerability Assessment Report |
| |
| Sorted by host names |
| |||||||||
|
| Host | Holes | Warnings | Open ports | State |
| 10.0.0.54 | 2 | 5 | 3 | Finished |
| Service | Severity | Description |
| snmp (161/tcp) | Port is open | |
| snmp (161/udp) | Port is open | |
| www (80/tcp) | Port is open | |
| snmp (161/udp) | SNMP Agent responded as expected with community name: private SNMP Agent responded as expected with community name: public CVE : CAN-1999-0517, CAN-1999-0186, CAN-1999-0254, CAN-1999-0516 BID : 11237, 10576, 177, 2112, 6825, 7081, 7212, 7317, 9681, 986 Other references : IAVA:2001-B-0001 | |
| snmp (161/tcp) | Using SNMP, it was possible to determine the login/password pair of what is likely to be the remote ADSL connection : 'Aa'/'Ab' Solution : Filter incoming traffic to this port, and change your SNMP community name to a secret one Risk factor : High BID : 7212 | |
| general/tcp | The remote host is a Wireless Access Point (Internet Gateway Device). You should ensure that the proper physical and logical controls exist around the AP. A misconfigured access point may allow an attacker to gain access to an internal network without being physically present on the premises. If the access point is using an 'off-the-shelf' configuration (such as 40 or 104 bit WEP encryption), the data being passed through the access point may be vulnerable to hijacking or sniffing. Risk factor : Low | |
| snmp (161/udp) | It was possible to obtain the list of Lanman shares of the remote host via SNMP : . e An attacker may use this information to gain more knowledge about the target host. Solution : disable the SNMP service on the remote host if you do not use it, or filter incoming UDP packets going to this port Risk factor : Low CVE : CAN-1999-0499 | |
| snmp (161/udp) | It was possible to obtain the list of SMB users of the remote host via SNMP : . e An attacker may use this information to set up brute force attacks or find an unused account. Solution : disable the SNMP service on the remote host if you do not use it, or filter incoming UDP packets going to this port Risk factor : Medium | |
| general/tcp | The remote host does not discard TCP SYN packets which have the FIN flag set. Depending on the kind of firewall you are using, an attacker may use this flaw to bypass its rules. See also : http://archives.neohapsis.com/archives/bugtraq/2002-10/0266.html http://www.kb.cert.org/vuls/id/464113 Solution : Contact your vendor for a patch Risk factor : Medium BID : 7487 | |
| general/icmp | The remote host answers to an ICMP timestamp request. This allows an attacker to know the date which is set on your machine. This may help him to defeat all your time based authentication protocols. Solution : filter out the ICMP timestamp requests (13), and the outgoing ICMP timestamp replies (14). Risk factor : Low CVE : CAN-1999-0524 | |
| general/udp | For your information, here is the traceroute to 10.0.0.54 : 10.0.0.59 10.0.0.54 | |
| www (80/tcp) | The following directories were discovered: /bin, /dev, /etc, /home, /htdocs, /lib, /root, /usr While this is not, in and of itself, a bug, you should manually inspect these directories to ensure that they are in compliance with company security standards Other references : OWASP:OWASP-CM-006 | |
| www (80/tcp) | A web server is running on this port | |
| www (80/tcp) | The following CGI have been discovered : Syntax : cginame (arguments [default value]) /cgi-bin/logi (rc [@] PS [] rd [banner] ) | |
| snmp (161/udp) | Using SNMP, we could determine that the remote operating system is : Internet Gateway Device |