Nessus Report

Trapp Vulnerability Report

Demo Vulnerability Scan

Fri, 27 Apr 2018 11:17:00 US Mountain Standard Time

SUMMARY
This report contains the detailed results of the vulnerability scan conducted on 4/27/2018. Results reported are grouped by vulnerability and are sorted by severity level. The Plugin Output field for each vulnerability indicates the IP address of the host containing the vulnerability. Recommended remediations are described at the end of this report.

TABLE OF CONTENTS
Vulnerabilities by Plugin
62758 (2) - Microsoft XML Parser (MSXML) and XML Core Services Unsupported
Synopsis
The remote Windows host contains unsupported XML parsers.
Description
The remote host contains one or more unsupported versions of the Microsoft XML Parser (MSXML) or XML Core Services.

Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it is likely to contain security vulnerabilities.

Note that support for MSXML 3.0 and 6.0 is based on the support policy of the operating system on which it is installed. Support for MSXML 5.0 is based on the Microsoft Office lifecycle policy.
See Also
Solution
Upgrade the software packages responsible for the unsupported DLL versions or upgrade to a supported version of Windows (Vista / 2008 or later). Alternatively, uninstall the outdated MSXML or XML Core Services.
Risk Factor
Critical
CVSS v3.0 Base Score
10.0 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
CVSS Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
Plugin Information:
Published: 2012/10/30, Modified: 2017/01/14
Plugin Output

10.0.0.14 (tcp/445)


Path : C:\Windows\system32\msxml.dll
File version : 8.0.7002.0
XML Core version : 1.x
EOL date : 2007/04/10
EOL announcement : https://support.microsoft.com/en-us/kb/269238
Supported versions : 5.20.1076 (Office 2007) / 6.0 or later on a supported version of Windows (Vista / 2008 or later).

Path : C:\Windows\system32\msxml2.dll
File version : 8.30.9528.0
XML Core version : 2.x
EOL date : 2007/04/10
EOL announcement : https://support.microsoft.com/en-us/kb/269238
Supported versions : 5.20.1076 (Office 2007) / 6.0 or later on a supported version of Windows (Vista / 2008 or later).

Path : C:\Windows\system32\msxml4.dll
File version : 4.20.9876.0
XML Core version : 4.0 Post SP3 (KB2758694)
EOL date : 2014/04/12
EOL announcement : https://support.microsoft.com/en-us/lifecycle/search/7921
Supported versions : 5.20.1076 (Office 2007) / 6.0 or later on a supported version of Windows (Vista / 2008 or later).

10.0.0.64 (tcp/445)


Path : C:\Windows\SysWOW64\msxml4.dll
File version : 4.20.9876.0
XML Core version : 4.0 Post SP3 (KB2758694)
EOL date : 2014/04/12
EOL announcement : https://support.microsoft.com/en-us/lifecycle/search/7921
Supported versions : 5.20.1076 (Office 2007) / 6.0 or later on a supported version of Windows (Vista / 2008 or later).
86947 (2) - VMware ESXi 5.5 < Build 3029944 OpenSLP RCE (VMSA-2015-0007)
Synopsis
The remote VMware ESXi host is affected by a remote code execution vulnerability.
Description
The remote VMware ESXi host is version 5.5 prior to build 3029944. It is, therefore, affected by a remote code execution vulnerability due to a double-free error in the SLPDProcessMessage() function in OpenSLP. An unauthenticated, remote attacker can exploit this, via a crafted package, to execute arbitrary code or cause a denial of service condition.
See Also
Solution
Apply patch ESXi550-201509101-SG for ESXi 5.5.
Risk Factor
Critical
CVSS Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score
7.0 (CVSS2#E:U/RL:OF/RC:UR)
References
BID 76635
CVE CVE-2015-5177
XREF OSVDB:126300
XREF VMSA:2015-0007
XREF ZDI:ZDI-15-455
Plugin Information:
Published: 2015/11/19, Modified: 2015/12/18
Plugin Output

10.0.0.44 (tcp/0)


ESXi version : ESXi 5.5
Installed build : 2068190
Fixed build : 3029944

10.0.0.46 (tcp/0)


ESXi version : ESXi 5.5
Installed build : 2068190
Fixed build : 3029944
88906 (2) - ESXi 5.5 < Build 3568722 / 6.0 < Build 3568940 glibc DNS Resolver RCE (VMSA-2016-0002) (remote check)
Synopsis
The remote VMware ESXi host is affected by a remote code execution vulnerability.
Description
The remote VMware ESXi host is 5.5 prior to build 3568722 or 6.0 prior to build 3568940. It is, therefore, affected by a stack-based buffer overflow condition in the GNU C Library (glibc) DNS client-side resolver due to improper validation of user-supplied input when looking up names via the getaddrinfo() function. An attacker can exploit this to execute arbitrary code by using an attacker-controlled domain name, an attacker-controlled DNS server, or through a man-in-the-middle attack.
See Also
Solution
Apply the appropriate patch as referenced in the vendor advisory.
Risk Factor
Critical
CVSS Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score
8.3 (CVSS2#E:F/RL:OF/RC:ND)
STIG Severity
I
References
BID 83265
CVE CVE-2015-7547
XREF OSVDB:134584
XREF VMSA:2016-0002
XREF IAVB:2016-B-0036
XREF IAVB:2016-B-0037
XREF CERT:457759
XREF EDB-ID:39454
Plugin Information:
Published: 2016/02/23, Modified: 2016/08/16
Plugin Output

10.0.0.44 (tcp/0)


ESXi version : 5.5
Installed build : 2068190
Fixed build : 3568722

10.0.0.46 (tcp/0)


ESXi version : 5.5
Installed build : 2068190
Fixed build : 3568722
108958 (2) - Adobe Flash Player <= 29.0.0.113 (APSB18-08)
Synopsis
The remote Windows host has a browser plugin installed that is affected by multiple vulnerabilities.
Description
The version of Adobe Flash Player installed on the remote Windows host is equal or prior to version 29.0.0.113. It is therefore affected by multiple vulnerabilities.
See Also
Solution
Upgrade to Adobe Flash Player version 29.0.0.140 or later.
Risk Factor
Critical
CVSS v3.0 Base Score
9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVSS Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
STIG Severity
I
References
CVE CVE-2018-4932
CVE CVE-2018-4933
CVE CVE-2018-4934
CVE CVE-2018-4935
CVE CVE-2018-4936
CVE CVE-2018-4937
XREF IAVA:2018-A-0103
Plugin Information:
Published: 2018/04/10, Modified: 2018/04/12
Plugin Output

10.0.0.14 (tcp/445)


Product : ActiveX control (for Internet Explorer)
Path : C:\WINDOWS\system32\Macromed\Flash\Flash10p.ocx
Installed version : 10.2.159.1
Fixed version : 29.0.0.140

10.0.0.64 (tcp/445)


Product : Browser Plugin (for Firefox / Netscape / Opera)
Path : C:\Windows\system32\Macromed\Flash\NPSWF64_26_0_0_151.dll
Installed version : 26.0.0.151
Fixed version : 29.0.0.140

Product : ActiveX control (for Internet Explorer)
Path : C:\Windows\system32\Macromed\Flash\Flash64_26_0_0_151.ocx
Installed version : 26.0.0.151
Fixed version : 29.0.0.140
10297 (1) - Web Server Directory Traversal Arbitrary File Access
Synopsis
The remote web server is affected by a directory traversal vulnerability.
Description
It appears possible to read arbitrary files on the remote host outside the web server's document directory using a specially crafted URL. An unauthenticated attacker may be able to exploit this issue to access sensitive information to aide in subsequent attacks.

Note that this plugin is not limited to testing for known vulnerabilities in a specific set of web servers. Instead, it attempts a variety of generic directory traversal attacks and considers a product to be vulnerable simply if it finds evidence of the contents of '/etc/passwd' or a Windows 'win.ini' file in the response. It may, in fact, uncover 'new' issues, that have yet to be reported to the product's vendor.
Solution
Contact the vendor for an update, use a different product, or disable the service altogether.
Risk Factor
Critical
CVSS Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score
8.3 (CVSS2#E:F/RL:OF/RC:C)
References
BID 1770
BID 7308
BID 7362
BID 7378
BID 7544
BID 7715
BID 26583
BID 32412
BID 40053
BID 40133
BID 40680
BID 43230
BID 43258
BID 43356
BID 43358
BID 43830
BID 44393
BID 44564
BID 44586
BID 45599
BID 45603
BID 47760
BID 47842
BID 47987
BID 48114
BID 48926
BID 51286
BID 51311
BID 51399
BID 52327
BID 52384
BID 52541
BID 56871
BID 57143
BID 57313
BID 58794
BID 67389
BID 70760
CVE CVE-2000-0920
CVE CVE-2007-6483
CVE CVE-2008-5315
CVE CVE-2010-1571
CVE CVE-2010-3459
CVE CVE-2010-3460
CVE CVE-2010-3487
CVE CVE-2010-3488
CVE CVE-2010-3743
CVE CVE-2010-4181
CVE CVE-2011-1900
CVE CVE-2011-2524
CVE CVE-2011-4788
CVE CVE-2012-0697
CVE CVE-2012-1464
CVE CVE-2012-5100
CVE CVE-2012-5335
CVE CVE-2012-5344
CVE CVE-2012-5641
CVE CVE-2013-2619
CVE CVE-2013-3304
CVE CVE-2014-3744
XREF OSVDB:426
XREF OSVDB:3681
XREF OSVDB:42402
XREF OSVDB:50288
XREF OSVDB:64532
XREF OSVDB:64611
XREF OSVDB:65285
XREF OSVDB:68026
XREF OSVDB:68027
XREF OSVDB:68089
XREF OSVDB:68141
XREF OSVDB:68538
XREF OSVDB:68880
XREF OSVDB:68962
XREF OSVDB:70176
XREF OSVDB:72231
XREF OSVDB:72498
XREF OSVDB:72972
XREF OSVDB:73413
XREF OSVDB:74135
XREF OSVDB:78307
XREF OSVDB:78308
XREF OSVDB:79653
XREF OSVDB:79863
XREF OSVDB:79867
XREF OSVDB:79879
XREF OSVDB:80586
XREF OSVDB:82647
XREF OSVDB:82678
XREF OSVDB:84825
XREF OSVDB:88925
XREF OSVDB:89293
XREF OSVDB:91895
XREF EDB-ID:24915
XREF EDB-ID:33428
XREF EDB-ID:35056
XREF CWE:22
Plugin Information:
Published: 1999/11/05, Modified: 2018/02/21
Plugin Output

10.0.0.14 (tcp/7002)


Nessus was able to retrieve the remote host's 'win.ini' file using the
following URL :

- http://10.0.0.14:7002/../../../../../../../../../../../../windows/win.ini

Here are the contents :

------------------------------ snip ------------------------------
; for 16-bit app support
[fonts]
[extensions]
[mci extensions]
[files]
[Mail]
MAPI=1
[MCI Extensions.BAK]
aif=MPEGVideo
aifc=MPEGVideo
aiff=MPEGVideo
asf=MPEGVideo
asx=MPEGVideo
au=MPEGVideo
m1v=MPEGVideo
m3u=MPEGVideo
mp2=MPEGVideo
mp2v=MPEGVideo
mp3=MPEGVideo
mpa=MPEGVideo
mpe=MPEGVideo
mpeg=MPEGVideo
mpg=MPEGVideo
mpv2=MPEGVideo
snd=MPEGVideo
wax=MPEGVideo
wm=MPEGVideo
wma=MPEGVideo
wmv=MPEGVideo
wmx=MPEGVideo
wpl=MPEGVideo
wvx=MPEGVideo
[Intel]
CurrentLanguage=enu
------------------------------ snip ------------------------------

Note that Nessus stopped searching after one exploit was found. To
report all known exploits, enable the 'Perform thorough tests'
setting and re-scan.
21725 (1) - Symantec Antivirus Software Detection and Status
Synopsis
An antivirus application is installed on the remote host.
Description
A Symantec antivirus application is installed on the remote host.

Note that this plugin checks that the application is running properly and that its latest virus definitions are loaded.
Solution
Ensure that updates are working and the associated services are running.
Risk Factor
Critical
CVSS v3.0 Base Score
10.0 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
CVSS Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
Plugin Information:
Published: 2006/06/16, Modified: 2017/09/05
Plugin Output

10.0.0.64 (tcp/445)


The remote host has antivirus software from Symantec installed. It has
been fingerprinted as :

Endpoint Protection.cloud : 22.9.3.13
DAT version : 20180118

The remote host has an outdated version of virus signatures.
Last version is 20180426

As a result, the remote host might be infected by viruses received by email or other means.
40362 (1) - Mozilla Foundation Unsupported Application Detection
Synopsis
The remote host contains one or more unsupported applications from the Mozilla Foundation.
Description
According to its version, there is at least one unsupported Mozilla application (Firefox, Thunderbird, and/or SeaMonkey) installed on the remote host. This version of the software is no longer actively maintained.

Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it is likely to contain security vulnerabilities.
See Also
Solution
Upgrade to a version that is currently supported.
Risk Factor
Critical
CVSS v3.0 Base Score
10.0 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
CVSS Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
Plugin Information:
Published: 2009/07/24, Modified: 2018/04/12
Plugin Output

10.0.0.64 (tcp/445)


Product : Mozilla Firefox
Path : C:\Program Files (x86)\Mozilla Firefox
Installed version : 42.0
Latest version : 59.0.2
EOL URL : https://wiki.mozilla.org/Releases#Previous_Releases
56212 (1) - Adobe Acrobat Unsupported Version Detection
Synopsis
The remote host contains an unsupported version of Adobe Acrobat.
Description
According to its self-reported version, the installation of Adobe Acrobat on the remote Windows host is no longer supported.

Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it is likely to contain security vulnerabilities.
See Also
Solution
Upgrade to a version of Adobe Acrobat that is currently supported.
Risk Factor
Critical
CVSS v3.0 Base Score
9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVSS Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
Plugin Information:
Published: 2011/09/15, Modified: 2017/12/07
Plugin Output

10.0.0.64 (tcp/445)


Path : C:\Program Files (x86)\Adobe\Acrobat 9.0
Installed version : 9.5.5.316
End of support date : June 26, 2013
Announcement : https://helpx.adobe.com/acrobat/kb/end-support-acrobat-8-reader.html
Supported versions : DC (2015) / 2017
59196 (1) - Adobe Flash Player Unsupported Version Detection
Synopsis
The remote host contains an unsupported version of Adobe Flash Player.
Description
There is at least one unsupported version of Adobe Flash Player installed on the remote Windows host.

Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it is likely to contain security vulnerabilities.
See Also
Solution
Upgrade to a version of Adobe Flash Player that is currently supported. Alternatively, remove the unsupported versions.
Risk Factor
Critical
CVSS Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
Plugin Information:
Published: 2012/05/18, Modified: 2015/11/11
Plugin Output

10.0.0.14 (tcp/445)

The following unsupported Flash player controls were detected :
Product : ActiveX control (for Internet Explorer)
Path : C:\WINDOWS\system32\Macromed\Flash\Flash10p.ocx
Installed version : 10.2.159.1
Supported versions : 19.x / 18.x
72704 (1) - Microsoft .NET Framework Unsupported
Synopsis
An unsupported software framework is installed on the remote Windows host.
Description
According to its self-reported version number, there is at least one version of Microsoft .NET Framework installed on the remote Windows host that is no longer supported.

Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it is likely to contain security vulnerabilities.
See Also
Solution
Upgrade to a version of the Microsoft .NET Framework that is currently supported.
Risk Factor
Critical
CVSS v3.0 Base Score
10.0 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
CVSS Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
Plugin Information:
Published: 2014/02/26, Modified: 2017/05/26
Plugin Output

10.0.0.14 (tcp/445)


The following Microsoft .NET Framework version is no longer
supported :


Installed version : Microsoft .NET Framework v1.1.4322
EOL date : October 8, 2013
EOL URL : http://support.microsoft.com/lifecycle/search/?sort=pn&alpha=.net+framework
Supported versions : 3.5 / 4.5.2 / 4.6 / 4.6.1 / 4.6.2 / 4.7
77728 (1) - VMware Security Updates for vCenter Server (VMSA-2014-0008)
Synopsis
The remote host has a virtualization management application installed that is affected by multiple security vulnerabilities.
Description
The VMware vCenter Server installed on the remote host is version 5.0 prior to Update 3c, 5.1 prior to Update 3, or 5.5 prior to Update 2.
It is, therefore, affected by multiple vulnerabilities in third party libraries :

- The bundled version of Apache Struts contains a code execution flaw. Note that 5.0 Update 3c only addresses this vulnerability. (CVE-2014-0114)

- The bundled tc-server / Apache Tomcat contains multiple vulnerabilities. (CVE-2013-4590, CVE-2013-4322, and CVE-2014-0050)

- The bundled version of Oracle JRE is prior to 1.7.0_55 and thus is affected by multiple vulnerabilities. Note that this only affects version 5.5 of vCenter.
See Also
Solution
Upgrade to VMware vCenter Server 5.5u2 (5.5.0 build-2001466) / 5.1u3 (5.1.0 build-2306353) / 5.0u3c (5.0.0 build-2210222) or later.
Risk Factor
Critical
CVSS Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score
9.0 (CVSS2#E:POC/RL:U/RC:ND)
References
BID 63676
BID 64493
BID 65400
BID 65568
BID 65767
BID 65768
BID 66856
BID 66866
BID 66870
BID 66873
BID 66877
BID 66879
BID 66881
BID 66883
BID 66887
BID 66891
BID 66893
BID 66894
BID 66897
BID 66898
BID 66899
BID 66902
BID 66903
BID 66905
BID 66907
BID 66909
BID 66910
BID 66911
BID 66914
BID 66915
BID 66916
BID 66917
BID 66918
BID 66919
BID 67121
CVE CVE-2013-4322
CVE CVE-2013-4590
CVE CVE-2013-6629
CVE CVE-2013-6954
CVE CVE-2014-0050
CVE CVE-2014-0114
CVE CVE-2014-0429
CVE CVE-2014-0432
CVE CVE-2014-0446
CVE CVE-2014-0449
CVE CVE-2014-0451
CVE CVE-2014-0452
CVE CVE-2014-0453
CVE CVE-2014-0454
CVE CVE-2014-0455
CVE CVE-2014-0456
CVE CVE-2014-0457
CVE CVE-2014-0458
CVE CVE-2014-0459
CVE CVE-2014-0460
CVE CVE-2014-0461
CVE CVE-2014-1876
CVE CVE-2014-2397
CVE CVE-2014-2401
CVE CVE-2014-2402
CVE CVE-2014-2403
CVE CVE-2014-2409
CVE CVE-2014-2412
CVE CVE-2014-2413
CVE CVE-2014-2414
CVE CVE-2014-2420
CVE CVE-2014-2421
CVE CVE-2014-2423
CVE CVE-2014-2427
CVE CVE-2014-2428
XREF OSVDB:99711
XREF OSVDB:101309
XREF OSVDB:102808
XREF OSVDB:102945
XREF OSVDB:103706
XREF OSVDB:103707
XREF OSVDB:105866
XREF OSVDB:105867
XREF OSVDB:105868
XREF OSVDB:105869
XREF OSVDB:105871
XREF OSVDB:105872
XREF OSVDB:105873
XREF OSVDB:105874
XREF OSVDB:105875
XREF OSVDB:105877
XREF OSVDB:105878
XREF OSVDB:105879
XREF OSVDB:105880
XREF OSVDB:105881
XREF OSVDB:105882
XREF OSVDB:105883
XREF OSVDB:105884
XREF OSVDB:105885
XREF OSVDB:105886
XREF OSVDB:105887
XREF OSVDB:105889
XREF OSVDB:105890
XREF OSVDB:105891
XREF OSVDB:105892
XREF OSVDB:105895
XREF OSVDB:105896
XREF OSVDB:105897
XREF OSVDB:105898
XREF OSVDB:106409
XREF VMSA:2014-0008
Exploitable With
Metasploit (true)
Plugin Information:
Published: 2014/09/17, Modified: 2016/11/29
Plugin Output

10.0.0.47 (tcp/443)


Installed version : 5.5.0 build-1623101
Fixed version : 5.5.0 build-2001466
78675 (1) - WinZip Unsupported Version Detection
Synopsis
A file compression and decompression application installed on the remote host is no longer supported.
Description
According to its self-reported version number, the installation of WinZip on the remote Windows host is no longer supported.

Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it is likely to contain security vulnerabilities.
See Also
Solution
Upgrade to a version of WinZip that is currently supported.
Risk Factor
Critical
CVSS v3.0 Base Score
10.0 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
CVSS Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
Plugin Information:
Published: 2014/10/24, Modified: 2017/01/26
Plugin Output

10.0.0.64 (tcp/445)


Path : C:\Program Files\WinZip\
Installed version : 17.5 (10480)
Supported versions : 18.x - 21.x
EOL URL : http://kb.winzip.com/kb/entry/132/
79865 (1) - VMware Security Updates for vCenter Server (VMSA-2014-0012)
Synopsis
The remote host has a virtualization management application installed that is affected by multiple security vulnerabilities.
Description
The VMware vCenter Server installed on the remote host is version 5.0 prior to Update 3c, 5.1 prior to Update 3, or 5.5 prior to Update 2.
It is, therefore, affected by multiple vulnerabilities in third party libraries :

- Due to improper certificate validation when connecting to a CIM server on an ESXi host, an attacker can perform man-in-the-middle attacks. (CVE-2014-8371)

- The bundled version of Oracle JRE is prior to 1.6.0_81 and thus is affected by multiple vulnerabilities. Note that this only affects version 5.1 and 5.0 of vCenter but is only fixed in 5.1 Update 3.
See Also
Solution
Upgrade to VMware vCenter Server 5.5u2 (5.5.0 build-2001466) / 5.1u3 (5.1.0 build-2306353) / 5.0u3c (5.0.0 build-2210222) or later.
Risk Factor
Critical
CVSS Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score
8.7 (CVSS2#E:ND/RL:OF/RC:C)
References
BID 65270
BID 66457
BID 67233
BID 68562
BID 68571
BID 68576
BID 68580
BID 68583
BID 68590
BID 68596
BID 68599
BID 68603
BID 68608
BID 68612
BID 68615
BID 68620
BID 68624
BID 68626
BID 68632
BID 68636
BID 68639
BID 68642
BID 68645
BID 71493
CVE CVE-2014-0015
CVE CVE-2014-0138
CVE CVE-2014-0191
CVE CVE-2014-2483
CVE CVE-2014-2490
CVE CVE-2014-4208
CVE CVE-2014-4209
CVE CVE-2014-4216
CVE CVE-2014-4218
CVE CVE-2014-4219
CVE CVE-2014-4220
CVE CVE-2014-4221
CVE CVE-2014-4223
CVE CVE-2014-4227
CVE CVE-2014-4244
CVE CVE-2014-4247
CVE CVE-2014-4252
CVE CVE-2014-4262
CVE CVE-2014-4263
CVE CVE-2014-4264
CVE CVE-2014-4265
CVE CVE-2014-4266
CVE CVE-2014-4268
CVE CVE-2014-8371
XREF OSVDB:102715
XREF OSVDB:104972
XREF OSVDB:106710
XREF OSVDB:109124
XREF OSVDB:109125
XREF OSVDB:109126
XREF OSVDB:109127
XREF OSVDB:109128
XREF OSVDB:109129
XREF OSVDB:109130
XREF OSVDB:109131
XREF OSVDB:109132
XREF OSVDB:109133
XREF OSVDB:109134
XREF OSVDB:109135
XREF OSVDB:109136
XREF OSVDB:109137
XREF OSVDB:109138
XREF OSVDB:109139
XREF OSVDB:109140
XREF OSVDB:109141
XREF OSVDB:109142
XREF OSVDB:109143
XREF OSVDB:115364
XREF VMSA:2014-0012
Plugin Information:
Published: 2014/12/12, Modified: 2015/10/18
Plugin Output

10.0.0.47 (tcp/443)


Installed version : 5.5.0 build-1623101
Fixed version : 5.5.0 build-2001466
83186 (1) - VMware vCenter Server Multiple Java Vulnerabilities (VMSA-2015-0003) (POODLE)
Synopsis
The remote host has a virtualization management application installed that is affected by multiple vulnerabilities.
Description
The VMware vCenter Server installed on the remote host is version 5.0 prior to 5.0u3d, 5.1 prior to 5.1u3a, 5.5 prior to 5.5u2e, or 6.0 prior to 6.0.0a. It is, therefore, affected by a man-in-the-middle (MitM) information disclosure vulnerability known as POODLE, related to the bundled JRE component. The vulnerability is due to the way SSL 3.0 handles padding bytes when decrypting messages encrypted using block ciphers in cipher block chaining (CBC) mode. MitM attackers can decrypt a selected byte of a cipher text in as few as 256 tries if they are able to force a victim application to repeatedly send the same data over newly created SSL 3.0 connections.

Additionally, multiple unspecified vulnerabilities also exist in the following bundled JRE components :

- 2D (CVE-2014-6585, CVE-2014-6591)

- Deployment (CVE-2015-0403, CVE-2015-0406)

- Hotspot (CVE-2014-6601, CVE-2015-0383, CVE-2015-0395, CVE-2015-0437)

- Installation (CVE-2015-0421)

- JAX-WS (CVE-2015-0412)

- JSSE (CVE-2014-6593)

- Libraries (CVE-2014-6549, CVE-2014-6587, CVE-2015-0400)

- RMI (CVE-2015-0408)

- Security (CVE-2015-0410)

- Serviceability (CVE-2015-0413)

- Swing (CVE-2015-0407)
See Also
Solution
Upgrade to VMware vCenter Server 5.0u3d (5.0.0 build-2656067) / 5.1u3a (5.1.0 build-2669725) / 5.5u2e (5.5.0 build-2646482) / 6.0.0a (6.0.0 build-2656757) or later.
Risk Factor
Critical
CVSS Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score
8.7 (CVSS2#E:ND/RL:OF/RC:C)
References
BID 70574
BID 72132
BID 72136
BID 72137
BID 72140
BID 72142
BID 72146
BID 72148
BID 72150
BID 72154
BID 72155
BID 72159
BID 72162
BID 72165
BID 72168
BID 72169
BID 72173
BID 72175
BID 72176
CVE CVE-2014-3566
CVE CVE-2014-6549
CVE CVE-2014-6585
CVE CVE-2014-6587
CVE CVE-2014-6591
CVE CVE-2014-6593
CVE CVE-2014-6601
CVE CVE-2015-0383
CVE CVE-2015-0395
CVE CVE-2015-0400
CVE CVE-2015-0403
CVE CVE-2015-0406
CVE CVE-2015-0407
CVE CVE-2015-0408
CVE CVE-2015-0410
CVE CVE-2015-0412
CVE CVE-2015-0413
CVE CVE-2015-0421
CVE CVE-2015-0437
XREF OSVDB:113251
XREF OSVDB:117224
XREF OSVDB:117225
XREF OSVDB:117226
XREF OSVDB:117227
XREF OSVDB:117228
XREF OSVDB:117229
XREF OSVDB:117230
XREF OSVDB:117231
XREF OSVDB:117232
XREF OSVDB:117233
XREF OSVDB:117234
XREF OSVDB:117235
XREF OSVDB:117236
XREF OSVDB:117237
XREF OSVDB:117238
XREF OSVDB:117239
XREF OSVDB:117240
XREF OSVDB:117241
XREF CERT:577193
XREF VMSA:2015-0003
Plugin Information:
Published: 2015/05/01, Modified: 2016/05/24
Plugin Output

10.0.0.47 (tcp/443)


Installed version : 5.5.0 build-1623101
Fixed version : 5.5.0 build-2646482
86255 (1) - VMware vCenter Multiple Vulnerabilities (VMSA-2015-0007)
Synopsis
The remote host has a virtualization management application installed that is affected by multiple vulnerabilities.
Description
The VMware vCenter Server installed on the remote host is affected by the following vulnerabilities :

- A flaw exists in the vpxd service due to improper sanitization of long heartbeat messages. An unauthenticated, remote attacker can exploit this to cause a denial of service. (CVE-2015-1047)

- A flaw exists due to an insecurely configured and remotely accessible JMX RMI service. An unauthenticated, remote attacker can exploit this, via an MLet file, to execute arbitrary code on the vCenter server with the same privileges as the web server. (CVE-2015-2342)
See Also
Solution
Upgrade to VMware vCenter Server 6.0.0b (6.0.0 build-2776510), 5.5u3 (5.5.0 build-3000241), 5.1u3b (5.1.0 build-3070521), or 5.0u3e (5.0.0 build-3073234) or later.
Risk Factor
Critical
CVSS Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score
8.3 (CVSS2#E:F/RL:OF/RC:ND)
STIG Severity
I
References
CVE CVE-2015-1047
CVE CVE-2015-2342
XREF OSVDB:128332
XREF OSVDB:128333
XREF VMSA:2015-0007
XREF IAVA:2015-A-0236
XREF IAVA:2015-A-0237
XREF EDB-ID:36101
XREF ZDI:ZDI-15-455
Exploitable With
Core Impact (true) Metasploit (true)
Plugin Information:
Published: 2015/10/02, Modified: 2016/08/16
Plugin Output

10.0.0.47 (tcp/443)


Installed version : 5.5.0 build-1623101
Fixed version : 5.5.0 build-3000241
91322 (1) - VMware vCenter Server 5.0.x < 5.0u3e / 5.1.x < 5.1u3b / 5.5.x < 5.5u3 (Linux) / 5.5.x < 5.5u3b (Windows) / 6.0.x < 6.0.0b JMX Deserialization RCE (VMSA-2016-0005)
Synopsis
A virtualization management application installed on the remote host is affected by a remote code execution vulnerability.
Description
The version of VMware vCenter Server installed on the remote host is 5.0.x prior to 5.0u3e, 5.1.x prior to 5.1u3b, 5.5.x prior to 5.5u3 (Linux), 5.5.x prior to 5.5u3b (Windows), or 6.0.x prior to 6.0.0b.
It is, therefore, affected by a flaw in Oracle JMX when deserializing authentication credentials. An unauthenticated, remote attacker can exploit this to execute arbitrary code.
See Also
Solution
Upgrade to VMware vCenter Server version 5.0u3e (5.0.0 build-3073236) / 5.1u3b on Linux or Windows (5.1.0 build-3070521) / 5.1u3d on Windows (5.1.0 build-3814779) / 5.5u3 on Linux (5.5.0 build-3000241) / 5.5u3b on Windows (5.5.0 build-3252642) / 5.5u3d on Windows (5.5.0 build-3721164) / 6.0.0b (6.0.0 build-2776510) or later.

Note that vCenter Server Windows releases 5.0 u3e, 5.1 u3b, and 5.5 u3b additionally require KB 2144428 to be applied. See VMSA-2015-0007 for details. Alternatively, versions 5.1 and 5.5 on Windows may be fixed with their respective u3d builds.

Furthermore, remote and local exploitation of this vulnerability is feasible on vCenter Server 6.0 and 6.0.0a for Windows. Remote exploitation is not feasible on vCenter Server 6.0.0b (and above) for Windows but local exploitation is. The local exploitation vulnerability can be resolved by applying the steps of KB 2145343 to vCenter Server version 6.0.0b (and above) for Windows.
Risk Factor
Critical
CVSS Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score
7.4 (CVSS2#E:U/RL:OF/RC:C)
References
CVE CVE-2016-3427
XREF OSVDB:137303
XREF VMSA:2016-0005
Plugin Information:
Published: 2016/05/25, Modified: 2016/05/26
Plugin Output

10.0.0.47 (tcp/443)


Installed version : 5.5.0 build-1623101
Fixed version : 5.5.0 build-3000241
101374 (1) - Windows 2008 July 2017 Multiple Security Updates
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing multiple security updates. It is, therefore, affected by multiple vulnerabilities :

- An information disclosure vulnerability exists in the Windows Performance Monitor Console due to improper parsing of XML input that contains a reference to an external entity. An unauthenticated, remote attacker can exploit this, by convincing a user to create a Data Collector Set and import a specially crafted XML file, to disclose arbitrary files via an XML external entity (XXE) declaration. (CVE-2017-0170)

- A remote code execution vulnerability exists in Windows Explorer due to improper handling of executable files and shares during rename operations. An unauthenticated, remote attacker can exploit this, by convincing a user to open a specially crafted file, to execute arbitrary code in the context of the current user. (CVE-2017-8463)

- Multiple elevation of privilege vulnerabilities exist in the Microsoft Graphics component due to improper handling of objects in memory. A local attacker can exploit these, via a specially crafted application, to run arbitrary code in kernel mode. (CVE-2017-8467, CVE-2017-8556, CVE-2017-8573, CVE-2017-8577, CVE-2017-8578, CVE-2017-8580)

- An information disclosure vulnerability exists in Win32k due to improper handling of objects in memory. A local attacker can exploit this, via a specially crafted application, to disclose sensitive information.
(CVE-2017-8486)

- A security bypass vulnerability exists in Microsoft Windows when handling Kerberos ticket exchanges due to a failure to prevent tampering with the SNAME field. A man-in-the-middle attacker can exploit this to bypass the Extended Protection for Authentication security feature. (CVE-2017-8495)

- An information disclosure vulnerability exists in the Windows System Information Console due to improper parsing of XML input that contains a reference to an external entity. An unauthenticated, remote attacker can exploit this, by convincing a user to open a specially crafted file, to disclose arbitrary files via an XML external entity (XXE) declaration.
(CVE-2017-8557)

- An elevation of privilege vulnerability exists in Windows due to Kerberos falling back to NT LAN Manager (NTLM) Authentication Protocol as the default authentication protocol. An authenticated, remote attacker can exploit this, via an application that sends specially crafted traffic to a domain controller, to run processes in an elevated context. (CVE-2017-8563)

- An information disclosure vulnerability exists in the Windows kernel due to improper initialization of objects in memory. An authenticated, remote attacker can exploit this, via a specially crafted application, to bypass Kernel Address Space Layout Randomization (KASLR) and disclose the base address of the kernel driver.
(CVE-2017-8564)

- A remote code execution vulnerability exists in PowerShell when handling a PSObject that wraps a CIM instance. An authenticated, remote attacker can exploit this, via a specially crafted script, to execute arbitrary code in a PowerShell remote session.
(CVE-2017-8565)

- An elevation of privilege vulnerability exists in Windows due to improper handling of objects in memory. A local attacker can exploit this, via a specially crafted application, to run arbitrary code in kernel mode.
(CVE-2017-8581)

- An information disclosure vulnerability exists in the HTTP.sys server application component due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, via a specially crafted request, to disclose sensitive information.
(CVE-2017-8582)

- A denial of service vulnerability exists in Windows Explorer that is triggered when Explorer attempts to open a non-existent file. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website, to cause a user's system to stop responding. (CVE-2017-8587)

- A remote code execution vulnerability exists in WordPad due to improper parsing of specially crafted files. An unauthenticated, remote attacker can exploit this, by convincing a user to open a specially crafted file, to execute arbitrary code in the context of the current user. (CVE-2017-8588)

- A remote code execution vulnerability exists in the Windows Search component due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by sending specially crafted messages to the Windows Search service, to elevate privileges and execute arbitrary code. (CVE-2017-8589)

- An elevation of privilege vulnerability exists in the Windows Common Log File System (CLFS) driver due to improper handling of objects in memory. A local attacker can exploit this, via a specially crafted application, to run processes in an elevated context. (CVE-2017-8590)

- A security bypass vulnerability exists in Microsoft browsers due to improper handling of redirect requests.
An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website, to bypass CORS redirect restrictions. (CVE-2017-8592)

- A remote code execution vulnerability exists in the way JavaScript engines render when handling objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2017-8606, CVE-2017-8607, CVE-2017-8608, CVE-2017-8618)
See Also
Solution
Apply the following security updates :

- 4022746
- 4022748
- 4022914
- 4025240
- 4025252
- 4025397
- 4025398
- 4025409
- 4025497
- 4025674
- 4025872
- 4025877
- 4026059
- 4026061
- 4032955
Risk Factor
Critical
CVSS v3.0 Base Score
9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVSS Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
References
BID 99387
BID 99389
BID 99394
BID 99396
BID 99398
BID 99400
BID 99402
BID 99409
BID 99413
BID 99414
BID 99416
BID 99419
BID 99421
BID 99423
BID 99424
BID 99425
BID 99427
BID 99428
BID 99429
BID 99431
BID 99439
CVE CVE-2017-0170
CVE CVE-2017-8463
CVE CVE-2017-8467
CVE CVE-2017-8486
CVE CVE-2017-8495
CVE CVE-2017-8556
CVE CVE-2017-8557
CVE CVE-2017-8563
CVE CVE-2017-8564
CVE CVE-2017-8565
CVE CVE-2017-8573
CVE CVE-2017-8577
CVE CVE-2017-8578
CVE CVE-2017-8580
CVE CVE-2017-8581
CVE CVE-2017-8582
CVE CVE-2017-8587
CVE CVE-2017-8588
CVE CVE-2017-8589
CVE CVE-2017-8590
CVE CVE-2017-8592
CVE CVE-2017-8606
CVE CVE-2017-8607
CVE CVE-2017-8608
CVE CVE-2017-8618
MSKB 4022746
MSKB 4022748
MSKB 4022914
MSKB 4025240
MSKB 4025252
MSKB 4025397
MSKB 4025398
MSKB 4025409
MSKB 4025497
MSKB 4025674
MSKB 4025872
MSKB 4025877
MSKB 4026059
MSKB 4026061
MSKB 4032955
XREF MSFT:MS17-4022746
XREF MSFT:MS17-4022748
XREF MSFT:MS17-4022914
XREF MSFT:MS17-4025240
XREF MSFT:MS17-4025252
XREF MSFT:MS17-4025397
XREF MSFT:MS17-4025398
XREF MSFT:MS17-4025409
XREF MSFT:MS17-4025497
XREF MSFT:MS17-4025674
XREF MSFT:MS17-4025872
XREF MSFT:MS17-4025877
XREF MSFT:MS17-4026059
XREF MSFT:MS17-4026061
XREF MSFT:MS17-4032955
Plugin Information:
Published: 2017/07/11, Modified: 2017/10/20
Plugin Output

10.0.0.14 (tcp/445)



KB : 4025872
None of the versions of 'System.Management.Automation.dll' under C:\Windows\WinSxS
have been patched.
Fixed version : 6.2.9200.22198
41028 (8) - SNMP Agent Default Community Name (public)
Synopsis
The community name of the remote SNMP server can be guessed.
Description
It is possible to obtain the default community name of the remote SNMP server.

An attacker may use this information to gain more knowledge about the remote host, or to change the configuration of the remote system (if the default community allows such modifications).
Solution
Disable the SNMP service on the remote host if you do not use it.
Either filter incoming UDP packets going to this port, or change the default community string.
Risk Factor
High
CVSS Base Score
7.5 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS Temporal Score
7.1 (CVSS2#E:F/RL:ND/RC:ND)
References
BID 2112
CVE CVE-1999-0517
XREF OSVDB:209
Plugin Information:
Published: 2002/11/25, Modified: 2016/12/14
Plugin Output

10.0.0.5 (udp/161)


The remote SNMP server replies to the following default community
string :

public

10.0.0.11 (udp/161)


The remote SNMP server replies to the following default community
string :

public

10.0.0.12 (udp/161)


The remote SNMP server replies to the following default community
string :

public

10.0.0.17 (udp/161)


The remote SNMP server replies to the following default community
string :

public

10.0.0.19 (udp/161)


The remote SNMP server replies to the following default community
string :

public

10.0.0.87 (udp/161)


The remote SNMP server replies to the following default community
string :

public

10.0.0.248 (udp/161)


The remote SNMP server replies to the following default community
string :

public

10.0.0.249 (udp/161)


The remote SNMP server replies to the following default community
string :

public
34460 (2) - Unsupported Web Server Detection
Synopsis
The remote web server is obsolete / unsupported.
Description
According to its version, the remote web server is obsolete and no longer maintained by its vendor or provider.

Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it may contain security vulnerabilities.
Solution
Remove the service if it is no longer needed. Otherwise, upgrade to a newer version if possible or switch to another server.
Risk Factor
High
CVSS v3.0 Base Score
10.0 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
CVSS Base Score
7.5 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
Plugin Information:
Published: 2008/10/21, Modified: 2018/04/11
Plugin Output

10.0.0.133 (tcp/80)


Product : Apache 2.2.x
Server response header : Apache/2.2.34 (Debian)
Supported versions : Apache HTTP Server 2.4.x
Additional information : http://archive.apache.org/dist/httpd/Announcement2.2.html

10.0.0.133 (tcp/443)


Product : Apache 2.2.x
Server response header : Apache/2.2.34 (Debian)
Supported versions : Apache HTTP Server 2.4.x
Additional information : http://archive.apache.org/dist/httpd/Announcement2.2.html
48762 (2) - MS KB2269637: Insecure Library Loading Could Allow Remote Code Execution
Synopsis
The remote Windows host may be vulnerable to code execution attacks.
Description
The remote host is missing Microsoft KB2264107 or an associated registry change, which provides a mechanism for mitigating binary planting or DLL preloading attacks.

Insecurely implemented applications look in their current working directory when resolving DLL dependencies. If a malicious DLL with the same name as a required DLL is located in the application's current working directory, the malicious DLL will be loaded.

A remote attacker could exploit this issue by tricking a user into accessing a vulnerable application via a network share or WebDAV folder where a malicious DLL resides, resulting in arbitrary code execution.
See Also
Solution
Microsoft has released a set of patches for Windows XP, 2003, Vista, 2008, 7, and 2008 R2 :

Please note this update provides a method of mitigating a class of vulnerabilities rather than fixing any specific vulnerabilities.
Additionally, these patches must be used in conjunction with the 'CWDIllegalInDllSearch' registry setting to have any effect. These protections could be applied in a way that breaks functionality in existing applications. Refer to the Microsoft advisory for more information.
Risk Factor
High
CVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
References
MSKB 2269637
Plugin Information:
Published: 2010/08/26, Modified: 2017/08/30
Plugin Output

10.0.0.14 (tcp/445)


ntdll.dll has been upgraded by KB2264107 or a related, subsequent update,
but the following registry entry has not been set :

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\CWDIllegalInDllSearch

10.0.0.64 (tcp/445)


ntdll.dll has been upgraded by KB2264107 or a related, subsequent update,
but the following registry entry has not been set :

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\CWDIllegalInDllSearch
80101 (2) - IPMI v2.0 Password Hash Disclosure
Synopsis
The remote host supports IPMI version 2.0.
Description
The remote host supports IPMI v2.0. The Intelligent Platform Management Interface (IPMI) protocol is affected by an information disclosure vulnerability due to the support of RMCP+ Authenticated Key-Exchange Protocol (RAKP) authentication. A remote attacker can obtain password hash information for valid user accounts via the HMAC from a RAKP message 2 response from a BMC.
See Also
Solution
There is no patch for this vulnerability; it is an inherent problem with the specification for IPMI v2.0. Suggested mitigations include :

- Disabling IPMI over LAN if it is not needed.

- Using strong passwords to limit the successfulness of off-line dictionary attacks.

- Using Access Control Lists (ACLs) or isolated networks to limit access to your IPMI management interfaces.
Risk Factor
High
CVSS Base Score
7.8 (CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:N)
CVSS Temporal Score
7.8 (CVSS2#E:ND/RL:U/RC:ND)
References
BID 61076
CVE CVE-2013-4786
XREF OSVDB:95057
Plugin Information:
Published: 2014/12/18, Modified: 2016/11/23
Plugin Output

10.0.0.43 (udp/623)


Nessus detected that the remote server has IPMI v2.0 implemented.
Remote unauthenticated users will be able to get password hashes
for valid users.

10.0.0.45 (udp/623)


Nessus detected that the remote server has IPMI v2.0 implemented.
Remote unauthenticated users will be able to get password hashes
for valid users.
81085 (2) - ESXi 5.5 < Build 2352327 Multiple Vulnerabilities (remote check) (POODLE)
Synopsis
The remote VMware ESXi 5.5 host is affected by multiple vulnerabilities.
Description
The remote VMware ESXi host is version 5.5 prior to build 2352327. It is, therefore, affected by the following vulnerabilities :

- An error exists related to DTLS SRTP extension handling and specially crafted handshake messages that can allow denial of service attacks via memory leaks.
(CVE-2014-3513)

- An error exists related to the way SSL 3.0 handles padding bytes when decrypting messages encrypted using block ciphers in cipher block chaining (CBC) mode. A man-in-the-middle attacker can decrypt a selected byte of a cipher text in as few as 256 tries if they are able to force a victim application to repeatedly send the same data over newly created SSL 3.0 connections. This is also known as the 'POODLE' issue. (CVE-2014-3566)

- An error exists related to session ticket handling that can allow denial of service attacks via memory leaks.
(CVE-2014-3567)

- An error exists related to the build configuration process and the 'no-ssl3' build option that allows servers and clients to process insecure SSL 3.0 handshake messages. (CVE-2014-3568)

- A denial of service vulnerability in libxml2 due to entity expansion even when entity substitution is disabled. A remote attacker, using a crafted XML document containing larger number of nested entity references, can cause the consumption of CPU resources.
(CVE-2014-3660)

- An unspecified privilege escalation vulnerability.
(CVE-2014-8370)

- An unspecified denial of service vulnerability due to an input validation issue in the VMware Authorization process (vmware-authd). (CVE-2015-1044)
See Also
Solution
Apply patch ESXi550-201403102-SG and ESXi550-201501101-SG for ESXi 5.5.
Risk Factor
High
CVSS Base Score
7.1 (CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C)
CVSS Temporal Score
6.2 (CVSS2#E:ND/RL:OF/RC:C)
References
BID 70574
BID 70584
BID 70585
BID 70586
BID 70644
BID 72336
BID 72338
CVE CVE-2014-3513
CVE CVE-2014-3566
CVE CVE-2014-3567
CVE CVE-2014-3568
CVE CVE-2014-3660
CVE CVE-2014-8370
CVE CVE-2015-1044
XREF OSVDB:113251
XREF OSVDB:113373
XREF OSVDB:113374
XREF OSVDB:113377
XREF OSVDB:113389
XREF CERT:577193
XREF VMSA:2015-0001
Plugin Information:
Published: 2015/01/29, Modified: 2016/05/24
Plugin Output

10.0.0.44 (tcp/0)


ESXi version : ESXi 5.5
Installed build : 2068190
Fixed build : 2352327

10.0.0.46 (tcp/0)


ESXi version : ESXi 5.5
Installed build : 2068190
Fixed build : 2352327
81264 (2) - MS15-011: Vulnerability in Group Policy Could Allow Remote Code Execution (3000483)
Synopsis
The remote Windows host is affected by a remote code execution vulnerability.
Description
The remote Windows host is affected by a remote code execution vulnerability due to how the Group Policy service manages policy data when a domain-joined system connects to a domain controller. An attacker, using a controlled network, can exploit this to gain complete control of the host.

Note that Microsoft has no plans to release an update for Windows 2003 even though it is affected by this vulnerability.
See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 8, 2012, 8.1, and 2012 R2.
Risk Factor
High
CVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score
8.1 (CVSS2#E:ND/RL:OF/RC:C)
STIG Severity
I
References
BID 72477
CVE CVE-2015-0008
MSKB 3000483
XREF OSVDB:118181
XREF CERT:787252
XREF MSFT:MS15-011
XREF IAVA:2015-A-0033
Exploitable With
Core Impact (true)
Plugin Information:
Published: 2015/02/10, Modified: 2017/07/24
Plugin Output

10.0.0.14 (tcp/445)



KB 3000483 or a related, subsequent update was successfully
installed, but the GPO setting "Hardened UNC Paths" has not
been enabled.

10.0.0.64 (tcp/445)



KB 3000483 or a related, subsequent update was successfully
installed, but the GPO setting "Hardened UNC Paths" has not
been enabled.
87253 (2) - MS15-124: Cumulative Security Update for Internet Explorer (3116180)
Synopsis
The remote host has a web browser installed that is affected by multiple vulnerabilities.
Description
The version of Internet Explorer installed on the remote host is missing Cumulative Security Update 3116180. It is, therefore, affected by multiple vulnerabilities, the majority of which are remote code execution vulnerabilities. An unauthenticated, remote attacker can exploit these issues by convincing a user to visit a specially crafted website, resulting in the execution of arbitrary code in the context of the current user.
See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 8, RT, 2012, 8.1, RT 8.1, 2012 R2, and 10.
Risk Factor
High
CVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score
7.7 (CVSS2#E:F/RL:OF/RC:ND)
References
BID 78481
BID 78482
BID 78483
BID 78484
BID 78485
BID 78486
BID 78487
BID 78488
BID 78489
BID 78490
BID 78491
BID 78492
BID 78494
BID 78495
BID 78507
BID 78508
BID 78526
BID 78527
BID 78528
BID 78529
BID 78530
BID 78531
BID 78532
BID 78533
BID 78534
BID 78535
BID 78536
BID 78537
BID 78538
BID 78540
CVE CVE-2015-6083
CVE CVE-2015-6134
CVE CVE-2015-6135
CVE CVE-2015-6136
CVE CVE-2015-6138
CVE CVE-2015-6139
CVE CVE-2015-6140
CVE CVE-2015-6141
CVE CVE-2015-6142
CVE CVE-2015-6143
CVE CVE-2015-6144
CVE CVE-2015-6145
CVE CVE-2015-6146
CVE CVE-2015-6147
CVE CVE-2015-6148
CVE CVE-2015-6149
CVE CVE-2015-6150
CVE CVE-2015-6151
CVE CVE-2015-6152
CVE CVE-2015-6153
CVE CVE-2015-6154
CVE CVE-2015-6155
CVE CVE-2015-6156
CVE CVE-2015-6157
CVE CVE-2015-6158
CVE CVE-2015-6159
CVE CVE-2015-6160
CVE CVE-2015-6161
CVE CVE-2015-6162
CVE CVE-2015-6164
MSKB 3104002
MSKB 3116869
MSKB 3116900
MSKB 3125869
XREF OSVDB:131290
XREF OSVDB:131291
XREF OSVDB:131292
XREF OSVDB:131293
XREF OSVDB:131294
XREF OSVDB:131295
XREF OSVDB:131296
XREF OSVDB:131297
XREF OSVDB:131298
XREF OSVDB:131299
XREF OSVDB:131300
XREF OSVDB:131301
XREF OSVDB:131302
XREF OSVDB:131303
XREF OSVDB:131304
XREF OSVDB:131305
XREF OSVDB:131306
XREF OSVDB:131307
XREF OSVDB:131308
XREF OSVDB:131309
XREF OSVDB:131310
XREF OSVDB:131311
XREF OSVDB:131312
XREF OSVDB:131313
XREF OSVDB:131314
XREF OSVDB:131315
XREF OSVDB:131316
XREF OSVDB:131317
XREF OSVDB:131318
XREF OSVDB:131319
XREF MSFT:MS15-124
Plugin Information:
Published: 2015/12/08, Modified: 2017/07/24
Plugin Output

10.0.0.14 (tcp/445)


ASLR hardening settings for Internet Explorer in KB3125869
have not been applied. The following DWORD keys must be
created with a value of 1:
- HKLM\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_ALLOW_USER32_EXCEPTION_HANDLER_HARDENING\iexplore.exe

10.0.0.64 (tcp/445)


ASLR hardening settings for Internet Explorer in KB3125869
have not been applied. The following DWORD keys must be
created with a value of 1:
- HKLM\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_ALLOW_USER32_EXCEPTION_HANDLER_HARDENING\iexplore.exe
- HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_ALLOW_USER32_EXCEPTION_HANDLER_HARDENING\iexplore.exe
99129 (2) - ESXi 5.5 < Build 5230635 Multiple Vulnerabilities (VMSA-2017-0006) (remote check)
Synopsis
The remote VMware ESXi 5.5 host is affected by multiple vulnerabilities.
Description
The version of the remote VMware ESXi 5.5 host is prior to build 5230635. It is, therefore, affected by multiple vulnerabilities :

- An unspecified flaw exists in memory initialization that allows an attacker on the guest to execute arbitrary code on the host. (CVE-2017-4904)

- An unspecified flaw exists in memory initialization that allows the disclosure of sensitive information.
(CVE-2017-4905)
See Also
Solution
Apply patch ESXi550-201703401-SG according to the vendor advisory.
Risk Factor
High
CVSS v3.0 Base Score
9.6 (CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
CVSS Base Score
8.3 (CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score
6.9 (CVSS2#E:F/RL:OF/RC:ND)
STIG Severity
I
References
BID 97164
BID 97165
CVE CVE-2017-4904
CVE CVE-2017-4905
XREF OSVDB:154021
XREF OSVDB:154022
XREF VMSA:2017-0006
XREF IAVB:2017-B-0036
Plugin Information:
Published: 2017/03/31, Modified: 2017/08/16
Plugin Output

10.0.0.44 (tcp/0)


ESXi version : ESXi 5.5
Installed build : 2068190
Fixed build : 5230635

10.0.0.46 (tcp/0)


ESXi version : ESXi 5.5
Installed build : 2068190
Fixed build : 5230635
103124 (2) - Adobe Flash Player <= 26.0.0.151 Multiple Vulnerabilities (APSB17-28)
Synopsis
The remote Windows host has a browser plugin installed that is affected by multiple vulnerabilities.
Description
The version of Adobe Flash Player installed on the remote Windows host is equal or prior to version 26.0.0.151. It is, therefore, affected by multiple vulnerabilities :

- An unspecified memory corruption flaw exists that is caused by input not being properly validated. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a website containing specially crafted Flash content, to to corrupt memory and potentially execute arbitrary code.
(CVE-2017-11281, CVE-2017-11282)
See Also
Solution
Upgrade to Adobe Flash Player version 27.0.0.130 or later.
Risk Factor
High
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
7.9 (CVSS:3.0/E:P/RL:O/RC:X)
CVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score
7.3 (CVSS2#E:POC/RL:OF/RC:ND)
References
BID 100710
BID 100716
CVE CVE-2017-11281
CVE CVE-2017-11282
XREF OSVDB:165215
XREF OSVDB:165216
Plugin Information:
Published: 2017/09/12, Modified: 2017/11/13
Plugin Output

10.0.0.14 (tcp/445)


Product : ActiveX control (for Internet Explorer)
Path : C:\WINDOWS\system32\Macromed\Flash\Flash10p.ocx
Installed version : 10.2.159.1
Fixed version : 27.0.0.130

10.0.0.64 (tcp/445)


Product : Browser Plugin (for Firefox / Netscape / Opera)
Path : C:\Windows\system32\Macromed\Flash\NPSWF64_26_0_0_151.dll
Installed version : 26.0.0.151
Fixed version : 27.0.0.130

Product : ActiveX control (for Internet Explorer)
Path : C:\Windows\system32\Macromed\Flash\Flash64_26_0_0_151.ocx
Installed version : 26.0.0.151
Fixed version : 27.0.0.130
103137 (2) - Security and Quality Rollup for .NET Framework (Sep 2017)
Synopsis
The remote Windows host has a software framework installed that is affected by a security feature bypass vulnerability.
Description
The .NET Framework installation on the remote host is missing a security update. It is, therefore, affected by the following vulnerability:

- A remote code execution vulnerability exists when Microsoft .NET Framework processes untrusted input. An attacker who successfully exploited this vulnerability in software using the .NET framework could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
(CVE-2017-8759)
See Also
Solution
Microsoft has released a set of patches for Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, and 4.7
Risk Factor
High
CVSS v3.0 Base Score
9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVSS Base Score
9.4 (CVSS2#AV:N/AC:L/Au:N/C:N/I:C/A:C)
CVSS Temporal Score
8.2 (CVSS2#E:H/RL:OF/RC:ND)
STIG Severity
I
References
BID 100742
CVE CVE-2017-8759
MSKB 4041086
MSKB 4041093
MSKB 4041083
MSKB 4041090
MSKB 4041084
MSKB 4041091
MSKB 4041085
MSKB 4041092
MSKB 4038781
MSKB 4038783
MSKB 4038782
MSKB 4038788
XREF OSVDB:165223
XREF MSFT:MS17-4041086
XREF MSFT:MS17-4041093
XREF MSFT:MS17-4041083
XREF MSFT:MS17-4041090
XREF MSFT:MS17-4041084
XREF MSFT:MS17-4041091
XREF MSFT:MS17-4041085
XREF MSFT:MS17-4041092
XREF MSFT:MS17-4038781
XREF MSFT:MS17-4038783
XREF MSFT:MS17-4038782
XREF MSFT:MS17-4038788
XREF IAVA:2017-A-0272
Exploitable With
CANVAS (true) Core Impact (true)
Plugin Information:
Published: 2017/09/12, Modified: 2018/03/02
Plugin Output

10.0.0.14 (tcp/445)


Microsoft .NET Framework 4.6.1
The remote host is missing one of the following rollup KBs :

Security Only
- 4041093

Cumulative
- 4041086

C:\Windows\Microsoft.NET\Framework\v4.0.30319\system.runtime.remoting.dll has not been patched.
Remote version : 4.6.1085.0
Should be : 4.7.2114.0

10.0.0.64 (tcp/445)


Microsoft .NET Framework 4.7
The remote host is missing one of the following rollup KBs :

Security Only
- 4041090

Cumulative
- 4041083

C:\Windows\Microsoft.NET\Framework\v4.0.30319\system.runtime.remoting.dll has not been patched.
Remote version : 4.7.2053.0
Should be : 4.7.2114.0

103922 (2) - Adobe Flash Player <= 27.0.0.159 Type Confusion Vulnerability (APSB17-32)
Synopsis
The remote Windows host has a browser plugin installed that is affected by a type confusion vulnerability.
Description
The version of Adobe Flash Player installed on the remote Windows host is equal or prior to version 27.0.0.159. It is, therefore, affected by an unspecified type confusion flaw that is caused by input not being properly validated. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a website containing specially crafted Flash content, to trigger the vulnerability and potentially execute arbitrary code.
See Also
Solution
Upgrade to Adobe Flash Player version 27.0.0.170 or later.
Risk Factor
High
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
8.1 (CVSS:3.0/E:F/RL:O/RC:X)
CVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score
7.7 (CVSS2#E:F/RL:OF/RC:ND)
References
BID 101286
CVE CVE-2017-11292
XREF OSVDB:167361
Plugin Information:
Published: 2017/10/18, Modified: 2017/11/16
Plugin Output

10.0.0.14 (tcp/445)


Product : ActiveX control (for Internet Explorer)
Path : C:\WINDOWS\system32\Macromed\Flash\Flash10p.ocx
Installed version : 10.2.159.1
Fixed version : 27.0.0.170

10.0.0.64 (tcp/445)


Product : Browser Plugin (for Firefox / Netscape / Opera)
Path : C:\Windows\system32\Macromed\Flash\NPSWF64_26_0_0_151.dll
Installed version : 26.0.0.151
Fixed version : 27.0.0.170

Product : ActiveX control (for Internet Explorer)
Path : C:\Windows\system32\Macromed\Flash\Flash64_26_0_0_151.ocx
Installed version : 26.0.0.151
Fixed version : 27.0.0.170
104544 (2) - Adobe Flash Player <= 27.0.0.183 (APSB17-33)
Synopsis
The remote Windows host has a browser plugin installed that is affected by multiple vulnerabilities.
Description
The version of Adobe Flash Player installed on the remote Windows host is equal or prior to version 27.0.0.183. It is therefore affected by multiple remote code execution vulnerabilities.
See Also
Solution
Upgrade to Adobe Flash Player version 27.0.0.187 or later.
Risk Factor
High
CVSS v3.0 Base Score
8.4 (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVSS Base Score
7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score
5.3 (CVSS2#E:U/RL:OF/RC:C)
References
BID 101837
CVE CVE-2017-11213
CVE CVE-2017-11215
CVE CVE-2017-11225
CVE CVE-2017-3112
CVE CVE-2017-3114
XREF OSVDB:169124
XREF OSVDB:169125
XREF OSVDB:169126
XREF OSVDB:169127
XREF OSVDB:169128
Plugin Information:
Published: 2017/11/14, Modified: 2017/12/18
Plugin Output

10.0.0.14 (tcp/445)


Product : ActiveX control (for Internet Explorer)
Path : C:\WINDOWS\system32\Macromed\Flash\Flash10p.ocx
Installed version : 10.2.159.1
Fixed version : 27.0.0.187

10.0.0.64 (tcp/445)


Product : Browser Plugin (for Firefox / Netscape / Opera)
Path : C:\Windows\system32\Macromed\Flash\NPSWF64_26_0_0_151.dll
Installed version : 26.0.0.151
Fixed version : 27.0.0.187

Product : ActiveX control (for Internet Explorer)
Path : C:\Windows\system32\Macromed\Flash\Flash64_26_0_0_151.ocx
Installed version : 26.0.0.151
Fixed version : 27.0.0.187
104892 (2) - Security Updates for Internet Explorer (June 2017)
Synopsis
The Internet Explorer installation on the remote host is affected by multiple vulnerabilities.
Description
The Internet Explorer installation on the remote host is missing security updates. It is, therefore, affected by multiple vulnerabilities :

- A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory.
This vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. (CVE-2017-8519, CVE-2017-8547)

- A remote code execution vulnerability exists in the way JavaScript engines render when handling objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2017-8517, CVE-2017-8522, CVE-2017-8524)
See Also
Solution
Microsoft has released security updates for the affected versions of Internet Explorer.
Risk Factor
High
CVSS v3.0 Base Score
7.5 (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
6.5 (CVSS:3.0/E:U/RL:O/RC:C)
CVSS Base Score
7.6 (CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C)
CVSS Temporal Score
5.6 (CVSS2#E:U/RL:OF/RC:C)
References
BID 98895
BID 98899
BID 98926
BID 98930
BID 98932
CVE CVE-2017-8517
CVE CVE-2017-8519
CVE CVE-2017-8522
CVE CVE-2017-8524
CVE CVE-2017-8547
CVE CVE-2017-8529
MSKB 4022726
MSKB 4022724
MSKB 4021558
MSKB 4022719
XREF OSVDB:158932
XREF OSVDB:158937
XREF OSVDB:158941
XREF OSVDB:158950
XREF OSVDB:158970
XREF MSFT:MS17-4022726
XREF MSFT:MS17-4022724
XREF MSFT:MS17-4021558
XREF MSFT:MS17-4022719
Plugin Information:
Published: 2017/11/30, Modified: 2018/04/06
Plugin Output

10.0.0.14 (tcp/445)



The following registry key is missing.
This registry key is required to enable the fix for CVE-2017-8529:
SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_PRINT_INFO_DISCLOSURE_FIX\iexplore.exe

10.0.0.64 (tcp/445)



The following registry key is missing.
This registry key is required to enable the fix for CVE-2017-8529:
SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_PRINT_INFO_DISCLOSURE_FIX\iexplore.exe

the following registry key is missing.
This registry key is required to enable the fix for cve-2017-8529:
SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_PRINT_INFO_DISCLOSURE_FIX\iexplore.exe
105486 (2) - ESXi 5.5 / 6.0 / 6.5 / Multiple Vulnerabilities (VMSA-2017-0021) (VMSA-2018-0002) (Spectre) (remote check)
Synopsis
The remote VMware ESXi host is affected by multiple vulnerabilities.
Description
The remote VMware ESXi host is version 5.5, 6.0, or 6.5 and is missing a security patch. It is, therefore, affected by multiple vulnerabilities that can allow code execution in a virtual machine via the authenticated VNC session as well as cause information disclosure from one virtual machine to another virtual machine on the same host.
See Also
Solution
Apply the appropriate patch as referenced in the vendor advisory.
Risk Factor
High
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
8.3 (CVSS:3.0/E:P/RL:U/RC:X)
CVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score
8.4 (CVSS2#E:POC/RL:U/RC:ND)
STIG Severity
I
References
BID 102238
BID 102241
BID 102376
BID 102371
CVE CVE-2017-4940
CVE CVE-2017-4941
CVE CVE-2017-5753
CVE CVE-2017-5715
XREF OSVDB:171160
XREF OSVDB:171223
XREF OSVDB:171897
XREF VMSA:2017-0021
XREF IAVA:2018-A-0020
XREF IAVB:2018-B-0004
XREF IAVB:2018-B-0005
XREF IAVB:2018-B-0006
XREF VMSA:2018-0002
Plugin Information:
Published: 2017/12/29, Modified: 2018/01/15
Plugin Output

10.0.0.44 (tcp/0)


ESXi version : 5.5
Installed build : 2068190
Fixed build : 6480324 / 6480267 (security-only fix)

10.0.0.46 (tcp/0)


ESXi version : 5.5
Installed build : 2068190
Fixed build : 6480324 / 6480267 (security-only fix)
105691 (2) - Adobe Flash Player <= 28.0.0.126 (APSB18-01)
Synopsis
The remote Windows host has a browser plugin installed that is affected by an out-of-bounds read vulnerability.
Description
The version of Adobe Flash Player installed on the remote Windows host is equal or prior to version 28.0.0.126. It is, therefore, affected by a an out-of-bounds read vulnerability.
See Also
Solution
Upgrade to Adobe Flash Player version 28.0.0.137 or later.
Risk Factor
High
CVSS v3.0 Base Score
6.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N)
CVSS Base Score
7.1 (CVSS2#AV:N/AC:M/Au:N/C:C/I:N/A:N)
CVSS Temporal Score
5.3 (CVSS2#E:U/RL:OF/RC:C)
References
BID 102465
CVE CVE-2018-4871
XREF OSVDB:172249
Plugin Information:
Published: 2018/01/09, Modified: 2018/02/08
Plugin Output

10.0.0.14 (tcp/445)


Product : ActiveX control (for Internet Explorer)
Path : C:\WINDOWS\system32\Macromed\Flash\Flash10p.ocx
Installed version : 10.2.159.1
Fixed version : 28.0.0.137

10.0.0.64 (tcp/445)


Product : Browser Plugin (for Firefox / Netscape / Opera)
Path : C:\Windows\system32\Macromed\Flash\NPSWF64_26_0_0_151.dll
Installed version : 26.0.0.151
Fixed version : 28.0.0.137

Product : ActiveX control (for Internet Explorer)
Path : C:\Windows\system32\Macromed\Flash\Flash64_26_0_0_151.ocx
Installed version : 26.0.0.151
Fixed version : 28.0.0.137
105731 (2) - Security and Quality Rollup for .NET Framework (January 2018)
Synopsis
The remote Windows host has a software framework installed that is affected by multiple vulnerabilities.
Description
The .NET Framework installation on the remote host is missing a security update. It is, therefore, affected by the following vulnerabilities:

- A Denial of Service vulnerability exists when .NET, and .NET core, improperly process XML documents. An attacker who successfully exploited this vulnerability could cause a denial of service against a .NET application. A remote unauthenticated attacker could exploit this vulnerability by issuing specially crafted requests to a .NET(or .NET core) application. (CVE-2018-0764)

- A security feature bypass vulnerability exists when Microsoft .NET Framework (and .NET Core) components do not completely validate certificates. An attacker could present a certificate that is marked invalid for a specific use, but the component uses it for that purpose. This action disregards the Enhanced Key Usage taggings. (CVE-2018-0786)
See Also
Solution
Microsoft has released a set of patches for Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, and 4.7.1
Risk Factor
High
CVSS v3.0 Base Score
7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVSS Base Score
7.1 (CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C)
CVSS Temporal Score
5.3 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
I
References
BID 102380
BID 102387
CVE CVE-2018-0764
CVE CVE-2018-0786
MSKB 4054170
MSKB 4054171
MSKB 4054172
MSKB 4054174
MSKB 4054175
MSKB 4054176
MSKB 4054177
MSKB 4054181
MSKB 4054182
MSKB 4054183
MSKB 4054993
MSKB 4054994
MSKB 4054995
MSKB 4054996
MSKB 4054997
MSKB 4054998
MSKB 4054999
MSKB 4055000
MSKB 4055001
MSKB 4055002
MSKB 4055266
XREF OSVDB:172253
XREF OSVDB:172259
XREF IAVA:2018-A-0011
XREF MSFT:MS18-4054170
XREF MSFT:MS18-4054171
XREF MSFT:MS18-4054172
XREF MSFT:MS18-4054174
XREF MSFT:MS18-4054175
XREF MSFT:MS18-4054176
XREF MSFT:MS18-4054177
XREF MSFT:MS18-4054181
XREF MSFT:MS18-4054182
XREF MSFT:MS18-4054183
XREF MSFT:MS18-4054993
XREF MSFT:MS18-4054994
XREF MSFT:MS18-4054995
XREF MSFT:MS18-4054996
XREF MSFT:MS18-4054997
XREF MSFT:MS18-4054998
XREF MSFT:MS18-4054999
XREF MSFT:MS18-4055000
XREF MSFT:MS18-4055001
XREF MSFT:MS18-4055002
XREF MSFT:MS18-4055266
Plugin Information:
Published: 2018/01/10, Modified: 2018/03/16
Plugin Output

10.0.0.14 (tcp/445)


Microsoft .NET Framework 4.6.1
The remote host is missing one of the following rollup KBs :

Cumulative
- 4041086

Security Only
- 4041093

C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMDiagnostics.dll has not been patched.
Remote version : 4.6.1085.0
Should be : 4.7.2612.0

Microsoft .NET Framework 2.0.50727
The remote host is missing one of the following rollup KBs :

Cumulative
- 4054996

Security Only
- 4054174

C:\Windows\Microsoft.NET\Framework\v2.0.50727\system.xml.dll has not been patched.
Remote version : 2.0.50727.4260
Should be : 2.0.50727.8773

10.0.0.64 (tcp/445)


Microsoft .NET Framework 4.7
The remote host is missing one of the following rollup KBs :

Cumulative
- 4055002

Security Only
- 4054183

C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMDiagnostics.dll has not been patched.
Remote version : 4.7.2053.0
Should be : 4.7.2612.0

106190 (2) - Oracle Java SE Multiple Vulnerabilities (January 2018 CPU)
Synopsis
The remote Windows host contains a programming platform that is affected by multiple vulnerabilities.
Description
The version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is prior to 9 Update 4, 8 Update 161, 7 Update 171, or 6 Update 181. It is, therefore, affected by multiple vulnerabilities related to the following components :

- AWT
- Deployment
- Hotspot
- I18n
- Installer
- JCE
- JGSS
- JMX
- JNDI
- JavaFX
- LDAP
- Libraries
- Serialization
See Also
Solution
Upgrade to Oracle JDK / JRE 9 Update 4, 8 Update 161 / 7 Update 171 / 6 Update 181 or later. If necessary, remove any affected versions.

Note that an Extended Support contract with Oracle is needed to obtain JDK / JRE 6 Update 95 or later.
Risk Factor
High
CVSS v3.0 Base Score
8.3 (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)
CVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score
6.9 (CVSS2#E:U/RL:OF/RC:C)
References
BID 102546
BID 102556
BID 102557
BID 102576
BID 102584
BID 102592
BID 102597
BID 102605
BID 102612
BID 102615
BID 102625
BID 102629
BID 102633
BID 102636
BID 102642
BID 102656
BID 102659
BID 102661
BID 102662
BID 102663
CVE CVE-2018-2579
CVE CVE-2018-2581
CVE CVE-2018-2582
CVE CVE-2018-2588
CVE CVE-2018-2599
CVE CVE-2018-2602
CVE CVE-2018-2603
CVE CVE-2018-2618
CVE CVE-2018-2627
CVE CVE-2018-2629
CVE CVE-2018-2633
CVE CVE-2018-2634
CVE CVE-2018-2637
CVE CVE-2018-2638
CVE CVE-2018-2639
CVE CVE-2018-2641
CVE CVE-2018-2657
CVE CVE-2018-2663
CVE CVE-2018-2677
CVE CVE-2018-2678
XREF OSVDB:172895
XREF OSVDB:172897
XREF OSVDB:172898
XREF OSVDB:172899
XREF OSVDB:172900
XREF OSVDB:172907
XREF OSVDB:172908
XREF OSVDB:172909
XREF OSVDB:172910
XREF OSVDB:172911
XREF OSVDB:172912
XREF OSVDB:172913
XREF OSVDB:172914
XREF OSVDB:172915
XREF OSVDB:172916
XREF OSVDB:172917
XREF OSVDB:172918
XREF OSVDB:172919
XREF OSVDB:172920
XREF OSVDB:172921
Plugin Information:
Published: 2018/01/19, Modified: 2018/04/19
Plugin Output

10.0.0.14 (tcp/445)


The following vulnerable instance of Java is installed on the
remote host :

Path : C:\Program Files\Java\jre1.8.0_151
Installed version : 1.8.0_151
Fixed version : 1.6.0_181 / 1.7.0_171 / 1.8.0_161 / 1.9.0_4

10.0.0.64 (tcp/445)


The following vulnerable instances of Java are installed on the
remote host :

Path : C:\Program Files (x86)\Java\jre1.8.0_121
Path : C:\Program Files\Java\jre1.8.0_121
Installed version : 1.8.0_121
Fixed version : 1.6.0_181 / 1.7.0_171 / 1.8.0_161 / 1.9.0_4
106606 (2) - Adobe Flash Player <= 28.0.0.137 Use-after-free Remote Code Execution (APSA18-01) (APSB18-03)
Synopsis
The remote Windows host has a browser plugin installed that is affected by a remote code execution vulnerability.
Description
The version of Adobe Flash Player installed on the remote Windows host is equal or prior to version 28.0.0.137. It is, therefore, affected by a use-after-free vulnerability that allows arbitrary code execution.
See Also
Solution
Upgrade to Adobe Flash Player version 28.0.0.161 or later.
Risk Factor
High
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
8.1 (CVSS:3.0/E:F/RL:O/RC:X)
CVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score
7.7 (CVSS2#E:F/RL:OF/RC:ND)
References
BID 102893
BID 102930
CVE CVE-2018-4877
CVE CVE-2018-4878
XREF OSVDB:173919
XREF OSVDB:174144
Plugin Information:
Published: 2018/02/05, Modified: 2018/03/16
Plugin Output

10.0.0.14 (tcp/445)


Product : ActiveX control (for Internet Explorer)
Path : C:\WINDOWS\system32\Macromed\Flash\Flash10p.ocx
Installed version : 10.2.159.1
Fixed version : 28.0.0.161

10.0.0.64 (tcp/445)


Product : Browser plugin (for Firefox / Netscape / Opera)
Path : C:\Windows\system32\Macromed\Flash\NPSWF64_26_0_0_151.dll
Installed version : 26.0.0.151
Fixed version : 28.0.0.161

Product : ActiveX control (for Internet Explorer)
Path : C:\Windows\system32\Macromed\Flash\Flash64_26_0_0_151.ocx
Installed version : 26.0.0.151
Fixed version : 28.0.0.161
108281 (2) - Adobe Flash Player <= 28.0.0.161 (APSB18-05)
Synopsis
The remote Windows host has a browser plugin installed that is affected by multiple vulnerabilities.
Description
The version of Adobe Flash Player installed on the remote Windows host is equal or prior to version 28.0.0.161. It is therefore affected by multiple vulnerabilities.
See Also
Solution
Upgrade to Adobe Flash Player version 29.0.0.113 or later.
Risk Factor
High
CVSS v3.0 Base Score
7.5 (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS Base Score
7.6 (CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C)
STIG Severity
I
References
CVE CVE-2018-4919
CVE CVE-2018-4920
XREF IAVA:2018-A-0071
Plugin Information:
Published: 2018/03/13, Modified: 2018/03/16
Plugin Output

10.0.0.14 (tcp/445)


Product : ActiveX control (for Internet Explorer)
Path : C:\WINDOWS\system32\Macromed\Flash\Flash10p.ocx
Installed version : 10.2.159.1
Fixed version : 29.0.0.113

10.0.0.64 (tcp/445)


Product : Browser Plugin (for Firefox / Netscape / Opera)
Path : C:\Windows\system32\Macromed\Flash\NPSWF64_26_0_0_151.dll
Installed version : 26.0.0.151
Fixed version : 29.0.0.113

Product : ActiveX control (for Internet Explorer)
Path : C:\Windows\system32\Macromed\Flash\Flash64_26_0_0_151.ocx
Installed version : 26.0.0.151
Fixed version : 29.0.0.113
108971 (2) - Security Updates for Internet Explorer (April 2018)
Synopsis
The Internet Explorer installation on the remote host is affected by multiple vulnerabilities.
Description
The Internet Explorer installation on the remote host is missing security updates. It is, therefore, affected by multiple vulnerabilities :

- A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2018-1004)

- A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory.
The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2018-0870, CVE-2018-0991, CVE-2018-0997, CVE-2018-1018, CVE-2018-1020)

- A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.
(CVE-2018-0988, CVE-2018-0996, CVE-2018-1001)

- An information disclosure vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could provide an attacker with information to further compromise the user's computer or data. (CVE-2018-0981, CVE-2018-0989, CVE-2018-1000)

- An information disclosure vulnerability exists when the scripting engine does not properly handle objects in memory in Internet Explorer. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system.
(CVE-2018-0987)
See Also
Solution
Microsoft has released the following security updates to address this issue:
-KB4093114
-KB4093123
-KB4093118
-KB4092946
Risk Factor
High
CVSS v3.0 Base Score
7.5 (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS Base Score
7.6 (CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C)
STIG Severity
I
References
CVE CVE-2018-0870
CVE CVE-2018-0981
CVE CVE-2018-0987
CVE CVE-2018-0988
CVE CVE-2018-0989
CVE CVE-2018-0991
CVE CVE-2018-0996
CVE CVE-2018-0997
CVE CVE-2018-1000
CVE CVE-2018-1001
CVE CVE-2018-1004
CVE CVE-2018-1018
CVE CVE-2018-1020
MSKB 4093114
MSKB 4093123
MSKB 4093118
MSKB 4092946
XREF MSFT:MS18-4093114
XREF MSFT:MS18-4093123
XREF MSFT:MS18-4093118
XREF MSFT:MS18-4092946
XREF IAVA:2018-A-0108
Plugin Information:
Published: 2018/04/10, Modified: 2018/04/12
Plugin Output

10.0.0.14 (tcp/445)



KB : 4092946
- C:\Windows\system32\mshtml.dll has not been patched.
Remote version : 9.0.8112.21200
Should be : 9.0.8112.21213

10.0.0.64 (tcp/445)



KB : 4092946
- C:\Windows\system32\mshtml.dll has not been patched.
Remote version : 11.0.9600.18763
Should be : 11.0.9600.18978

Note: The fix for this issue is available in either of the following updates:
- KB4092946 : Cumulative Security Update for Internet Explorer
- KB4093118 : Windows 7 / Server 2008 R2 Monthly Rollup
109202 (2) - Oracle Java SE Multiple Vulnerabilities (April 2018 CPU)
Synopsis
The remote Windows host contains a programming platform that is affected by multiple vulnerabilities.
Description
The version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is prior to 10 Update 1, 8 Update 171, 7 Update 181, or 6 Update 191. It is, therefore, affected by multiple vulnerabilities related to the following components :

- AWT
- Concurrency
- Hotspot
- Install
- JAXP
- JMX
- Libraries
- RMI
- Security
- Serialization
See Also
Solution
Upgrade to Oracle JDK / JRE 10 Update 1, 8 Update 171 / 7 Update 181 / 6 Update 191 or later. If necessary, remove any affected versions.

Note that an Extended Support contract with Oracle is needed to obtain JDK / JRE 6 Update 95 or later.
Risk Factor
High
CVSS v3.0 Base Score
8.3 (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)
CVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
STIG Severity
I
References
BID 103796
BID 103810
BID 103817
BID 103832
BID 103848
BID 103849
BID 103872
CVE CVE-2018-2783
CVE CVE-2018-2790
CVE CVE-2018-2794
CVE CVE-2018-2795
CVE CVE-2018-2796
CVE CVE-2018-2797
CVE CVE-2018-2798
CVE CVE-2018-2799
CVE CVE-2018-2800
CVE CVE-2018-2811
CVE CVE-2018-2814
CVE CVE-2018-2815
CVE CVE-2018-2825
CVE CVE-2018-2826
XREF OSVDB:178923
XREF OSVDB:178924
XREF OSVDB:178925
XREF OSVDB:178926
XREF OSVDB:178927
XREF OSVDB:178928
XREF OSVDB:178929
XREF OSVDB:178930
XREF OSVDB:178931
XREF OSVDB:178932
XREF OSVDB:178933
XREF OSVDB:178936
XREF OSVDB:178939
XREF OSVDB:178949
XREF IAVA:2018-A-0119
Plugin Information:
Published: 2018/04/20, Modified: 2018/04/20
Plugin Output

10.0.0.14 (tcp/445)


The following vulnerable instance of Java is installed on the
remote host :

Path : C:\Program Files\Java\jre1.8.0_151
Installed version : 1.8.0_151
Fixed version : 1.6.0_191 / 1.7.0_181 / 1.8.0_171 / 1.10.0_1

10.0.0.64 (tcp/445)


The following vulnerable instances of Java are installed on the
remote host :

Path : C:\Program Files (x86)\Java\jre1.8.0_121
Path : C:\Program Files\Java\jre1.8.0_121
Installed version : 1.8.0_121
Fixed version : 1.6.0_191 / 1.7.0_181 / 1.8.0_171 / 1.10.0_1
10412 (1) - Microsoft Windows SMB Registry : Autologon Enabled
Synopsis
Anyone can logon to the remote system.
Description
This script determines whether the autologon feature is enabled. This feature allows an intruder to log into the remote host as DefaultUserName with the password DefaultPassword.
See Also
Solution
Delete the keys AutoAdminLogon and DefaultPassword under HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
Risk Factor
High
CVSS Base Score
7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)
Plugin Information:
Published: 2000/05/20, Modified: 2016/12/09
Plugin Output

10.0.0.14 (tcp/445)

Autologon is enabled on this host.
This allows an attacker to access it as jsilver/6******A

Note: The password displayed has been partially obfuscated.
11832 (1) - MS03-037: Visual Basic for Application Overflow (822715)
Synopsis
Arbitrary code can be executed on the remote host through VBA.
Description
The remote host is running a version of Microsoft Visual Basic for Applications that is vulnerable to a buffer overflow when handling malformed documents.

An attacker may exploit this flaw to execute arbitrary code on this host by sending a malformed file to a user of the remote host.
See Also
Solution
Microsoft has released a set of patches for Office.
Risk Factor
High
CVSS v3.0 Base Score
8.1 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVSS Base Score
7.6 (CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C)
CVSS Temporal Score
6.3 (CVSS2#E:F/RL:OF/RC:C)
References
BID 8534
CVE CVE-2003-0347
MSKB 822715
XREF OSVDB:12652
XREF MSFT:MS03-037
XREF CERT:804780
Plugin Information:
Published: 2003/09/04, Modified: 2017/05/25
Plugin Output

10.0.0.14 (tcp/445)



KB : 822715
- C:\Program Files\Common Files\Microsoft Shared\VBA\vbe.dll has not been patched.
Remote version : 5.0.41.21
Should be : 5.0.78.15
26185 (1) - EasyMail SMTP Object ActiveX Control Multiple Buffer Overflows
Synopsis
The remote Windows host has an ActiveX control that is affected by multiple buffer overflow vulnerabilities.
Description
EasyMail Objects, a set of COM objects for supporting email protocols, is installed on the remote Windows host. It may have been bundled with a third-party application, such as Oracle Document Capture, Earthlink internet access software, Borland Caliber RM Client, and FrontRange Heat.

The SMTP component of the version of this control installed on the remote host reportedly contains multiple buffer overflows involving the AddAttachment and SubmitToExpress methods that could lead to arbitrary code execution on the affected system. Successful exploitation requires, though, that an attacker trick a user on the affected host into visiting a specially crafted web page.
See Also
Solution
Either disable its use from within Internet Explorer by setting its kill bit or remove it completely.
Risk Factor
High
CVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score
8.4 (CVSS2#E:F/RL:W/RC:ND)
References
BID 25467
BID 36440
CVE CVE-2007-4607
CVE CVE-2009-4663
XREF OSVDB:38335
XREF OSVDB:59939
XREF CERT:281977
XREF EDB-ID:4328
XREF EDB-ID:9705
XREF CWE:119
Exploitable With
Core Impact (true) Metasploit (true)
Plugin Information:
Published: 2007/09/25, Modified: 2015/10/08
Plugin Output

10.0.0.14 (tcp/445)


Class identifier : {68AC0D5F-0424-11D5-822F-00C04F6BA8D9}
Filename : C:\WINDOWS\system32\emsmtp.dll
Installed version : 6.0.3.3


Moreover, its kill bit is not set so it is accessible via Internet
Explorer.
45513 (1) - MS10-026: Vulnerability in Microsoft MPEG Layer-3 Codecs Could Allow Remote Code Execution (977816)
Synopsis
An audio codec on the remote Windows host has a buffer overflow vulnerability.
Description
The Microsoft MPEG Layer-3 (MP3) codecs have a buffer overflow vulnerability that is triggered by opening a specially crafted AVI file with an MP3 audio stream.

A remote attacker could exploit this by tricking a user into opening a malicious AVI file, which would lead to arbitrary code execution.
See Also
Solution
Microsoft has released a set of patches for Windows 2000, XP, 2003, Vista, and 2008.
Risk Factor
High
CVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score
8.1 (CVSS2#E:H/RL:OF/RC:ND)
STIG Severity
II
References
BID 39303
CVE CVE-2010-0480
MSKB 977816
XREF OSVDB:63749
XREF IAVA:2010-A-0053
XREF MSFT:MS10-026
Exploitable With
CANVAS (true) Core Impact (true) Metasploit (true)
Plugin Information:
Published: 2010/04/13, Modified: 2017/07/26
Plugin Output

10.0.0.14 (tcp/445)



KB : 977816
- C:\Windows\system32\L3codecp.acm has not been patched.
Remote version : 3.3.0.44
Should be : 3.4.0.0
51873 (1) - Oracle Document Capture Multiple Vulnerabilities
Synopsis
The remote Windows host has one or more ActiveX controls installed that are affected by multiple vulnerabilities.
Description
The Oracle Document Capture client installed on the remote host is potentially affected by multiple vulnerabilities :

- An unspecified vulnerability exists in the Import Export utility. An attacker can exploit this to affect integrity. (CVE-2010-3598)

- An information disclosure vulnerability exists related to the EasyMail ActiveX control. (CVE-2010-3595)

- Insecure methods in the 'Actbar2.ocx' and 'empop3.dll'
ActiveX controls can be exploited to overwrite arbitrary files. (CVE-2010-3591)

- An error in the 'WriteJPG()' method in the NCSEcw.dll ActiveX control can be exploited to overwrite arbitrary files or potentially cause a buffer overflow.
(CVE-2010-3599)

- An unspecified vulnerability exists in the Internal Operations component. (CVE-2010-3592)

Note that the NCSEcw.dll control is actually from the ERDAS ECW/JP2 SDK developer toolkit from Intergraph.
See Also
Solution
If using Oracle's Document Capture client, apply the patch from Oracle to disable the ActiveX controls.

If using a different application that includes the NCSEcw.dll control, set the kill bit for the affect control as discussed in Hexagon Geospatial's advisory.
Risk Factor
High
CVSS Base Score
9.4 (CVSS2#AV:N/AC:L/Au:N/C:N/I:C/A:C)
CVSS Temporal Score
7.4 (CVSS2#E:POC/RL:OF/RC:C)
References
BID 45846
BID 45849
BID 45851
BID 45856
BID 45871
CVE CVE-2010-3591
CVE CVE-2010-3592
CVE CVE-2010-3595
CVE CVE-2010-3598
CVE CVE-2010-3599
XREF OSVDB:70537
XREF OSVDB:70538
XREF OSVDB:70541
XREF OSVDB:70544
XREF OSVDB:70545
XREF OSVDB:99002
XREF EDB-ID:16052
XREF EDB-ID:16053
XREF EDB-ID:16055
XREF EDB-ID:16056
XREF Secunia:42976
Plugin Information:
Published: 2011/02/04, Modified: 2016/01/22
Plugin Output

10.0.0.14 (tcp/445)


Class Identifier : {68AC0D5F-0424-11D5-822F-00C04F6BA8D9}
Filename : C:\WINDOWS\system32\emsmtp.dll
Installed version : 6.0.3.3

Moreover, its kill bit is not set so it is accessible via Internet
Explorer.
54299 (1) - Flash Player < 10.3.181.14 Multiple Vulnerabilities (APSB11-12)
Synopsis
A browser plugin is affected by multiple vulnerabilities.
Description
Several critical vulnerabilities exist in versions of Flash Player earlier than 10.3.181.14 :

- An unspecified information disclosure vulnerability exists. (CVE-2011-0579)

- An unspecified integer overflow vulnerability exists.
(CVE-2011-0618, CVE-2011-0628)

- Unspecified memory corruption vulnerabilities exist.
(CVE-2011-0619, CVE-2011-0620, CVE-2011-0621, CVE-2011-0622, CVE-2011-0627)

- Unspecified boundary-checking errors exist.
(CVE-2011-0623, CVE-2011-0624, CVE-2011-0625, CVE-2011-0626)
See Also
Solution
Upgrade to Adobe Flash version 10.3.181.14 or later.
Risk Factor
High
CVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score
8.1 (CVSS2#E:H/RL:OF/RC:ND)
References
BID 47806
BID 47807
BID 47808
BID 47809
BID 47810
BID 47811
BID 47812
BID 47813
BID 47814
BID 47815
BID 47847
BID 47961
CVE CVE-2011-0579
CVE CVE-2011-0618
CVE CVE-2011-0619
CVE CVE-2011-0620
CVE CVE-2011-0621
CVE CVE-2011-0622
CVE CVE-2011-0623
CVE CVE-2011-0624
CVE CVE-2011-0625
CVE CVE-2011-0626
CVE CVE-2011-0627
CVE CVE-2011-0628
XREF OSVDB:72331
XREF OSVDB:72332
XREF OSVDB:72333
XREF OSVDB:72334
XREF OSVDB:72335
XREF OSVDB:72336
XREF OSVDB:72337
XREF OSVDB:72341
XREF OSVDB:72342
XREF OSVDB:72343
XREF OSVDB:72344
XREF OSVDB:73097
XREF Secunia:44590
Plugin Information:
Published: 2011/05/18, Modified: 2016/07/18
Plugin Output

10.0.0.14 (tcp/445)


Product : ActiveX control (for Internet Explorer)
Path : C:\WINDOWS\system32\Macromed\Flash\Flash10p.ocx
Installed version : 10.2.159.1
Fixed version : 10.3.181.14
55140 (1) - Flash Player < 10.3.181.26 Multiple Vulnerabilities (APSB11-18)
Synopsis
A browser plugin is affected by a memory corruption vulnerability.
Description
According to its version, the instance of Flash Player installed on the remote Windows host is earlier than 10.3.181.26. This version of Flash Player has a critical vulnerability. By tricking a user on the affected system into opening a specially crafted document with Flash content, an attacker could leverage the vulnerability to execute arbitrary code remotely on the system subject to the user's privileges.

This issue is reportedly being exploited in the wild in targeted attacks as of June 2011.
See Also
Solution
Upgrade to Adobe Flash version 10.3.181.26 or later.
Risk Factor
High
CVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score
7.7 (CVSS2#E:F/RL:OF/RC:ND)
References
BID 48268
CVE CVE-2011-2110
XREF OSVDB:73007
XREF EDB-ID:19295
Exploitable With
CANVAS (true) Core Impact (true) Metasploit (true)
Plugin Information:
Published: 2011/06/15, Modified: 2017/08/14
Plugin Output

10.0.0.14 (tcp/445)


Product : ActiveX control (for Internet Explorer)
Path : C:\WINDOWS\system32\Macromed\Flash\Flash10p.ocx
Installed version : 10.2.159.1
Fixed version : 10.3.181.26
55803 (1) - Flash Player <= 10.3.181.36 Multiple Vulnerabilities (APSB11-21)
Synopsis
A browser plugin is affected by multiple vulnerabilities.
Description
According to its version, the instance of Flash Player installed on the remote Windows host is 10.3.181.36 or earlier. As such, it is reportedly affected by several critical vulnerabilities :

- Multiple buffer overflow vulnerabilities could lead to code execution. (CVE-2011-2130, CVE-2011-2134, CVE-2011-2137, CVE-2011-2414, CVE-2011-2415)

- Multiple memory corruption vulnerabilities could lead to code execution. (CVE-2011-2135, CVE-2011-2140, CVE-2011-2417, CVE-2011-2424, CVE-2011-2425)

- Multiple integer overflow vulnerabilities could lead to code execution. (CVE-2011-2136, CVE-2011-2138, CVE-2011-2416)

- A cross-site information disclosure vulnerability exists that could lead to code execution. (CVE-2011-2139)

By tricking a user on the affected system into opening a specially crafted document with Flash content, an attacker could leverage these vulnerabilities to execute arbitrary code remotely on the system subject to the user's privileges.
See Also
Solution
Upgrade to Adobe Flash version 10.3.183.5 or later.
Risk Factor
High
CVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score
8.4 (CVSS2#E:POC/RL:ND/RC:C)
References
BID 49073
BID 49074
BID 49075
BID 49076
BID 49077
BID 49079
BID 49080
BID 49081
BID 49082
BID 49083
BID 49084
BID 49085
BID 49086
BID 49186
CVE CVE-2011-2130
CVE CVE-2011-2134
CVE CVE-2011-2135
CVE CVE-2011-2136
CVE CVE-2011-2137
CVE CVE-2011-2138
CVE CVE-2011-2139
CVE CVE-2011-2140
CVE CVE-2011-2414
CVE CVE-2011-2415
CVE CVE-2011-2416
CVE CVE-2011-2417
CVE CVE-2011-2424
CVE CVE-2011-2425
XREF OSVDB:74432
XREF OSVDB:74433
XREF OSVDB:74434
XREF OSVDB:74435
XREF OSVDB:74436
XREF OSVDB:74437
XREF OSVDB:74438
XREF OSVDB:74439
XREF OSVDB:74440
XREF OSVDB:74441
XREF OSVDB:74442
XREF OSVDB:74443
XREF OSVDB:74444
XREF OSVDB:75201
XREF EDB-ID:18437
XREF EDB-ID:18479
Exploitable With
Core Impact (true) Metasploit (true)
Plugin Information:
Published: 2011/08/10, Modified: 2016/05/20
Plugin Output

10.0.0.14 (tcp/445)


Product : ActiveX control (for Internet Explorer)
Path : C:\WINDOWS\system32\Macromed\Flash\Flash10p.ocx
Installed version : 10.2.159.1
Fixed version : 10.3.183.5
56259 (1) - Flash Player <= 10.3.183.7 Multiple Vulnerabilities (APSB11-26)
Synopsis
The remote Windows host has a browser plugin that is affected by multiple vulnerabilities.
Description
According to its version, the instance of Flash Player installed on the remote Windows host is 10.3.183.7 or earlier. It is, therefore, reportedly affected by several critical vulnerabilities :

- Multiple AVM stack overflow vulnerabilities could lead to code execution. (CVE-2011-2426, CVE-2011-2427)

- A logic error issue could lead to code execution or a browser crash. (CVE-2011-2428)

- A Flash Player security control bypass vulnerability could lead to information disclosure. (CVE-2011-2429)

- A streaming media logic error vulnerability could lead to code execution. (CVE-2011-2430)

- A universal cross-site scripting vulnerability could be abused to take actions on a user's behalf on any website if the user is tricked into visiting a malicious website. Note that this issue is reportedly being actively exploited in targeted attacks. (CVE-2011-2444)
See Also
Solution
Upgrade to Adobe Flash version 10.3.183.10 or later.
Risk Factor
High
CVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score
8.1 (CVSS2#E:ND/RL:OF/RC:C)
References
BID 49710
BID 49714
BID 49715
BID 49716
BID 49717
BID 49718
CVE CVE-2011-2426
CVE CVE-2011-2427
CVE CVE-2011-2428
CVE CVE-2011-2429
CVE CVE-2011-2430
CVE CVE-2011-2444
XREF OSVDB:75625
XREF OSVDB:75626
XREF OSVDB:75627
XREF OSVDB:75628
XREF OSVDB:75629
XREF OSVDB:75630
Plugin Information:
Published: 2011/09/22, Modified: 2017/06/08
Plugin Output

10.0.0.14 (tcp/445)


Product : ActiveX control (for Internet Explorer)
Path : C:\WINDOWS\system32\Macromed\Flash\Flash10p.ocx
Installed version : 10.2.159.1
Fixed version : 10.3.183.10
56874 (1) - Flash Player <= 10.3.183.10 / 11.0.1.152 Multiple Vulnerabilities (APSB11-28)
Synopsis
The remote Windows host has a browser plugin that is affected by multiple vulnerabilities.
Description
According to its version, the instance of Flash Player installed on the remote Windows host is 10.x equal to or earlier than 10.3.183.10 or 11.x equal to or earlier than 11.0.1.152. It is, therefore, reportedly affected by several critical vulnerabilities :

- Several unspecified memory corruption errors exist that could lead to code execution. (CVE-2011-2445, CVE-2011-2451, CVE-2011-2452, CVE-2011-2453, CVE-2011-2454, CVE-2011-2455, CVE-2011-2459, CVE-2011-2460)

- An unspecified heap corruption error exists that could lead to code execution. (CVE-2011-2450)

- An unspecified buffer overflow error exists that could lead to code execution. (CVE-2011-2456)

- An unspecified stack overflow error exists that could lead to code execution. (CVE-2011-2457)

- An unspecified error related to Internet Explorer can allow cross-domain policy violations. (CVE-2011-2458)
See Also
Solution
Upgrade to Adobe Flash version 10.3.183.11 / 11.1.102.55 or later.
Risk Factor
High
CVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score
7.7 (CVSS2#E:F/RL:OF/RC:ND)
References
BID 50618
BID 50619
BID 50620
BID 50621
BID 50622
BID 50623
BID 50624
BID 50625
BID 50626
BID 50627
BID 50628
BID 50629
CVE CVE-2011-2445
CVE CVE-2011-2450
CVE CVE-2011-2451
CVE CVE-2011-2452
CVE CVE-2011-2453
CVE CVE-2011-2454
CVE CVE-2011-2455
CVE CVE-2011-2456
CVE CVE-2011-2457
CVE CVE-2011-2458
CVE CVE-2011-2459
CVE CVE-2011-2460
XREF OSVDB:77018
XREF OSVDB:77019
XREF OSVDB:77020
XREF OSVDB:77021
XREF OSVDB:77022
XREF OSVDB:77023
XREF OSVDB:77024
XREF OSVDB:77025
XREF OSVDB:77026
XREF OSVDB:77027
XREF OSVDB:77028
XREF OSVDB:77029
Plugin Information:
Published: 2011/11/18, Modified: 2016/05/05
Plugin Output

10.0.0.14 (tcp/445)


Product : ActiveX control (for Internet Explorer)
Path : C:\WINDOWS\system32\Macromed\Flash\Flash10p.ocx
Installed version : 10.2.159.1
Fixed version : 10.3.183.11 / 11.1.102.55
58001 (1) - Flash Player <= 10.3.183.14 / 11.1.102.55 Multiple Vulnerabilities (APSB12-03)
Synopsis
The remote Windows host has a browser plugin that is affected by multiple vulnerabilities.
Description
According to its version, the instance of Flash Player installed on the remote Windows host is 10.x equal to or earlier than 10.3.183.14 or 11.x equal to or earlier than 11.1.102.55. It is, therefore, reportedly affected by several critical vulnerabilities :

- Multiple unspecified memory corruption issues exist that could lead to code execution. (CVE-2012-0751, CVE-2012-0754)

- An unspecified type confusion memory corruption vulnerability exists that could lead to code execution.
(CVE-2012-0752)

- An MP4 parsing memory corruption issue exists that could lead to code execution. (CVE-2012-0753)

- Multiple unspecified security bypass vulnerabilities exist that could lead to code execution. (CVE-2012-0755, CVE-2012-0756)

- A universal cross-site scripting issue exists that could be used to take actions on a user's behalf on any website or webmail provider. (CVE-2012-0767)
See Also
Solution
Upgrade to Adobe Flash version 10.3.183.15 / 11.1.102.62 or later.
Risk Factor
High
CVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score
8.1 (CVSS2#E:H/RL:OF/RC:ND)
References
BID 52032
BID 52033
BID 52034
BID 52035
BID 52036
BID 52037
BID 52040
CVE CVE-2012-0751
CVE CVE-2012-0752
CVE CVE-2012-0753
CVE CVE-2012-0754
CVE CVE-2012-0755
CVE CVE-2012-0756
CVE CVE-2012-0767
XREF EDB-ID:18572
XREF OSVDB:79296
XREF OSVDB:79297
XREF OSVDB:79298
XREF OSVDB:79299
XREF OSVDB:79300
XREF OSVDB:79301
XREF OSVDB:79302
Exploitable With
CANVAS (true) Core Impact (true) Metasploit (true)
Plugin Information:
Published: 2012/02/17, Modified: 2018/02/15
Plugin Output

10.0.0.14 (tcp/445)


Product : ActiveX control (for Internet Explorer)
Path : C:\WINDOWS\system32\Macromed\Flash\Flash10p.ocx
Installed version : 10.2.159.1
Fixed version : 10.3.183.15 / 11.1.102.62
58207 (1) - Flash Player <= 10.3.183.15 / 11.1.102.62 Multiple Vulnerabilities (APSB12-05)
Synopsis
The remote Windows host has a browser plugin that is affected by multiple vulnerabilities.
Description
According to its version, the instance of Flash Player installed on the remote Windows host is 10.x equal to or earlier than 10.3.183.15 or 11.x equal to or earlier than 11.1.102.62. It is, therefore, reportedly affected by several critical vulnerabilities :

- A memory corruption vulnerability exists in Matrix3D that could lead to code execution. (CVE-2012-0768)

- Multiple integer errors exist that could lead to information disclosure. (CVE-2012-0769)
See Also
Solution
Upgrade to Adobe Flash version 10.3.183.16 / 11.1.102.63 or later.
Risk Factor
High
CVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score
7.3 (CVSS2#E:POC/RL:OF/RC:C)
References
BID 52297
BID 52299
CVE CVE-2012-0768
CVE CVE-2012-0769
XREF OSVDB:79817
XREF OSVDB:79818
Plugin Information:
Published: 2012/03/05, Modified: 2015/10/13
Plugin Output

10.0.0.14 (tcp/445)


Product : ActiveX control (for Internet Explorer)
Path : C:\WINDOWS\system32\Macromed\Flash\Flash10p.ocx
Installed version : 10.2.159.1
Fixed version : 10.3.183.16 / 11.1.102.63
58538 (1) - Flash Player <= 10.3.183.16 / 11.1.102.63 Multiple Memory Corruption Vulnerabilities (APSB12-07)
Synopsis
The remote Windows host has a browser plugin that is affected by multiple memory corruption vulnerabilities.
Description
According to its version, the instance of Flash Player installed on the remote Windows host is 10.x equal to or earlier than 10.3.183.16 or 11.x equal to or earlier than 11.1.102.63. It is, therefore, reportedly affected by several critical memory corruption vulnerabilities :

- Memory corruption vulnerabilities related to URL security domain checking. (CVE-2012-0772)

- A flaw in the NetStream Class that could lead to remote code execution. (CVE-2012-0773)

- Two Flash Player memory corruption vulnerabilities related to the Google Chrome interface. (CVE-2012-0724, CVE-2012-0725)

By tricking a victim into visiting a specially crafted page, an attacker may be able to utilize these vulnerabilities to execute arbitrary code subject to the users' privileges.
See Also
Solution
Upgrade to Adobe Flash version 11.2.202.228 / 10.3.183.18 or later.
Risk Factor
High
CVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score
7.7 (CVSS2#E:F/RL:OF/RC:ND)
References
BID 52748
BID 52914
BID 52916
CVE CVE-2012-0772
CVE CVE-2012-0773
CVE CVE-2012-0724
CVE CVE-2012-0725
XREF OSVDB:80706
XREF OSVDB:80707
XREF OSVDB:81244
XREF OSVDB:81245
Plugin Information:
Published: 2012/03/30, Modified: 2016/05/05
Plugin Output

10.0.0.14 (tcp/445)


Product : ActiveX control (for Internet Explorer)
Path : C:\WINDOWS\system32\Macromed\Flash\Flash10p.ocx
Installed version : 10.2.159.1
Fixed version : 11.2.202.228 / 10.3.183.18
58994 (1) - Flash Player <= 10.3.183.18 / 11.2.202.233 Object Confusion Vulnerability (APSB12-09)
Synopsis
The remote Windows host has a browser plugin that is affected by a code execution vulnerability.
Description
According to its version, the instance of Flash Player installed on the remote Windows host is 10.x equal to or earlier than 10.3.183.18 or 11.x equal to or earlier than 11.2.202.233. It is, therefore, reportedly affected by an object confusion vulnerability that could allow an attacker to crash the application or potentially take control of the target system.

By tricking a victim into visiting a specially crafted page, an attacker may be able to utilize this vulnerability to execute arbitrary code subject to the users' privileges.
See Also
Solution
Upgrade to Adobe Flash Player version 10.3.183.19 / 11.2.202.235 or later.
Risk Factor
High
CVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score
7.3 (CVSS2#E:POC/RL:OF/RC:C)
References
BID 53395
CVE CVE-2012-0779
XREF OSVDB:81656
Exploitable With
Core Impact (true) Metasploit (true)
Plugin Information:
Published: 2012/05/04, Modified: 2016/12/08
Plugin Output

10.0.0.14 (tcp/445)


Product : ActiveX control (for Internet Explorer)
Path : C:\WINDOWS\system32\Macromed\Flash\Flash10p.ocx
Installed version : 10.2.159.1
Fixed version : 10.3.183.19 / 11.2.202.235
59426 (1) - Flash Player <= 10.3.183.19 / 11.3.300.256 Multiple Vulnerabilities (APSB12-14)
Synopsis
The remote Windows host has a browser plugin that is affected by multiple vulnerabilities.
Description
According to its version, the instance of Flash Player installed on the remote Windows host is 10.x equal to or earlier than 10.3.183.19 or 11.x equal to or earlier than 11.3.300.256. It is, therefore, potentially affected by multiple vulnerabilities :

- Multiple memory corruption vulnerabilities exist that could lead to code execution. (CVE-2012-2034, CVE-2012-2037)

- A stack overflow vulnerability exists that could lead to code execution. (CVE-2012-2035)

- An integer overflow vulnerability exists that could lead to code execution. (CVE-2012-2036)

- A security bypass vulnerability exists that could lead to information disclosure. (CVE-2012-2038)

- A null dereference vulnerability exists that could lead to code execution. (CVE-2012-2039)

- A binary planting vulnerability exists in the Flash Player installer that could lead to code execution.
(CVE-2012-2040)
See Also
Solution
Upgrade to Adobe Flash Player version 10.3.183.20 / 11.3.300.257 or later.
Risk Factor
High
CVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score
7.7 (CVSS2#E:F/RL:OF/RC:ND)
References
BID 53887
CVE CVE-2012-2034
CVE CVE-2012-2035
CVE CVE-2012-2036
CVE CVE-2012-2037
CVE CVE-2012-2038
CVE CVE-2012-2039
CVE CVE-2012-2040
XREF OSVDB:82719
XREF OSVDB:82720
XREF OSVDB:82721
XREF OSVDB:82722
XREF OSVDB:82723
XREF OSVDB:82724
XREF OSVDB:82725
Plugin Information:
Published: 2012/06/09, Modified: 2016/05/05
Plugin Output

10.0.0.14 (tcp/445)


Product : ActiveX control (for Internet Explorer)
Path : C:\WINDOWS\system32\Macromed\Flash\Flash10p.ocx
Installed version : 10.2.159.1
Fixed version : 10.3.183.20 / 11.3.300.257
59915 (1) - MS KB2719662: Vulnerabilities in Gadgets Could Allow Remote Code Execution
Synopsis
Arbitrary code can be executed on the remote host through Desktop Gadgets.
Description
The remote version of Microsoft Windows is missing a workaround that mitigates multiple, unspecified remote code execution vulnerabilities caused by running insecure Gadgets. Windows Vista and 7 are affected by this issue. An attacker could exploit this by tricking a user into installing a vulnerable Gadget, resulting in arbitrary code execution.
See Also
Solution
Apply the workaround described in Microsoft security advisory 2719662.
Risk Factor
High
CVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
References
MSKB 2719662
Plugin Information:
Published: 2012/07/11, Modified: 2017/08/30
Plugin Output

10.0.0.64 (tcp/445)


Nessus determined the workaround is not being used because the following
registry value does not exist :

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Windows\Sidebar\TurnOffSidebar
61622 (1) - Flash Player <= 10.3.183.22 / 11.4.402.264 Multiple Vulnerabilities (APSB12-19)
Synopsis
The remote Windows host has a browser plugin that is affected by multiple vulnerabilities.
Description
According to its version, the instance of Flash Player installed on the remote Windows host is 11.x equal to or earlier than 11.4.402.264, or 10.x equal to or earlier than 10.3.183.22. It is, therefore, potentially affected by multiple vulnerabilities :

- Multiple memory corruption vulnerabilities could lead to code execution. (CVE-2012-4163, CVE-2012-4164, CVE-2012-4165)

- An integer overflow vulnerability exists that could lead to code execution. (CVE-2012-4167)

- A cross-domain information leak vulnerability exists.
(CVE-2012-4168)

- A crash can be caused by a logic error involving multiple dialogs in Firefox. (CVE-2012-4171)

- A Matrix3D integer overflow vulnerability could lead to code execution. (CVE-2012-5054)
See Also
Solution
Upgrade to Adobe Flash Player version 10.3.183.23, 11.4.402.265 or later, or Google Chrome PepperFlash 11.3.31.230 or later.
Risk Factor
High
CVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score
7.3 (CVSS2#E:POC/RL:OF/RC:C)
References
BID 55365
BID 55691
CVE CVE-2012-4163
CVE CVE-2012-4164
CVE CVE-2012-4165
CVE CVE-2012-4167
CVE CVE-2012-4168
CVE CVE-2012-4171
CVE CVE-2012-5054
XREF OSVDB:84789
XREF OSVDB:84790
XREF OSVDB:84791
XREF OSVDB:84792
XREF OSVDB:84793
XREF OSVDB:84794
XREF OSVDB:85260
XREF OSVDB:85786
Plugin Information:
Published: 2012/08/22, Modified: 2016/05/20
Plugin Output

10.0.0.14 (tcp/445)


Product : ActiveX control (for Internet Explorer)
Path : C:\WINDOWS\system32\Macromed\Flash\Flash10p.ocx
Installed version : 10.2.159.1
Fixed version : 10.3.183.23 / 11.4.402.265
62480 (1) - Flash Player <= 10.3.183.23 / 11.4.402.278 Multiple Vulnerabilities (APSB12-22)
Synopsis
The remote Windows host has a browser plugin that is affected by multiple vulnerabilities.
Description
According to its version, the instance of Flash Player installed on the remote Windows host is 11.x equal to or earlier than 11.4.402.278, or 10.x equal to or earlier than 10.3.183.23. It is, therefore, potentially affected by multiple vulnerabilities :

- Several unspecified issues exist that can lead to buffer overflows and arbitrary code execution. (CVE-2012-5248, CVE-2012-5249, CVE-2012-5250, CVE-2012-5251, CVE-2012-5253, CVE-2012-5254, CVE-2012-5255, CVE-2012-5257, CVE-2012-5259, CVE-2012-5260, CVE-2012-5262, CVE-2012-5264, CVE-2012-5265, CVE-2012-5266, CVE-2012-5285, CVE-2012-5286, CVE-2012-5287)

- Several unspecified issues exist that can lead to memory corruption and arbitrary code execution. (CVE-2012-5252, CVE-2012-5256, CVE-2012-5258, CVE-2012-5261, CVE-2012-5263, CVE-2012-5267, CVE-2012-5268, CVE-2012-5269, CVE-2012-5270, CVE-2012-5271, CVE-2012-5272)

- An unspecified issue exists having unspecified impact.
(CVE-2012-5673)
See Also
Solution
Upgrade to Adobe Flash Player version 10.3.183.29, 11.4.402.287 or later, or Google Chrome PepperFlash 11.4.31.110 or later.
Risk Factor
High
CVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score
7.3 (CVSS2#E:POC/RL:OF/RC:C)
References
BID 56198
BID 56200
BID 56201
BID 56202
BID 56203
BID 56204
BID 56205
BID 56206
BID 56207
BID 56208
BID 56209
BID 56210
BID 56211
BID 56212
BID 56213
BID 56214
BID 56215
BID 56216
BID 56217
BID 56218
BID 56219
BID 56220
BID 56221
BID 56222
BID 56224
BID 56374
BID 56375
BID 56376
BID 56377
CVE CVE-2012-5248
CVE CVE-2012-5249
CVE CVE-2012-5250
CVE CVE-2012-5251
CVE CVE-2012-5252
CVE CVE-2012-5253
CVE CVE-2012-5254
CVE CVE-2012-5255
CVE CVE-2012-5256
CVE CVE-2012-5257
CVE CVE-2012-5258
CVE CVE-2012-5259
CVE CVE-2012-5260
CVE CVE-2012-5261
CVE CVE-2012-5262
CVE CVE-2012-5263
CVE CVE-2012-5264
CVE CVE-2012-5265
CVE CVE-2012-5266
CVE CVE-2012-5267
CVE CVE-2012-5268
CVE CVE-2012-5269
CVE CVE-2012-5270
CVE CVE-2012-5271
CVE CVE-2012-5272
CVE CVE-2012-5285
CVE CVE-2012-5286
CVE CVE-2012-5287
CVE CVE-2012-5673
XREF OSVDB:86025
XREF OSVDB:86026
XREF OSVDB:86027
XREF OSVDB:86028
XREF OSVDB:86029
XREF OSVDB:86030
XREF OSVDB:86031
XREF OSVDB:86032
XREF OSVDB:86033
XREF OSVDB:86034
XREF OSVDB:86035
XREF OSVDB:86036
XREF OSVDB:86037
XREF OSVDB:86038
XREF OSVDB:86039
XREF OSVDB:86040
XREF OSVDB:86041
XREF OSVDB:86042
XREF OSVDB:86043
XREF OSVDB:86044
XREF OSVDB:86045
XREF OSVDB:86046
XREF OSVDB:86047
XREF OSVDB:86048
XREF OSVDB:86049
XREF OSVDB:86874
XREF OSVDB:86875
XREF OSVDB:86876
XREF OSVDB:86877
Exploitable With
Core Impact (true)
Plugin Information:
Published: 2012/10/10, Modified: 2016/12/08
Plugin Output

10.0.0.14 (tcp/445)


Product : ActiveX control (for Internet Explorer)
Path : C:\WINDOWS\system32\Macromed\Flash\Flash10p.ocx
Installed version : 10.2.159.1
Fixed version : 10.3.183.29 / 11.4.402.287
62836 (1) - Flash Player <= 10.3.183.29 / 11.4.402.287 Multiple Vulnerabilities (APSB12-24)
Synopsis
The remote Windows host has a browser plugin that is affected by multiple vulnerabilities.
Description
According to its version, the instance of Flash Player installed on the remote Windows host is 11.x equal to or earlier than 11.4.402.287, or 10.x equal to or earlier than 10.3.183.29. It is, therefore, potentially affected by multiple vulnerabilities :

- Several unspecified issues exist that can lead to buffer overflows and arbitrary code execution. (CVE-2012-5274, CVE-2012-5275, CVE-2012-5276, CVE-2012-5277, CVE-2012-5280)

- An unspecified security bypass issue exists that can lead to arbitrary code execution. (CVE-2012-5278)

- An unspecified issue exists that can lead to memory corruption and arbitrary code execution. (CVE-2012-5279)
See Also
Solution
Upgrade to Adobe Flash Player version 10.3.183.43, 11.5.502.110 or later, or Google Chrome PepperFlash 11.5.31.2 or later.
Risk Factor
High
CVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score
7.7 (CVSS2#E:F/RL:OF/RC:ND)
References
BID 56542
BID 56543
BID 56544
BID 56545
BID 56546
BID 56547
BID 56554
CVE CVE-2012-5274
CVE CVE-2012-5275
CVE CVE-2012-5276
CVE CVE-2012-5277
CVE CVE-2012-5278
CVE CVE-2012-5279
CVE CVE-2012-5280
XREF OSVDB:87064
XREF OSVDB:87065
XREF OSVDB:87066
XREF OSVDB:87067
XREF OSVDB:87068
XREF OSVDB:87069
XREF OSVDB:87070
Plugin Information:
Published: 2012/11/07, Modified: 2016/05/05
Plugin Output

10.0.0.14 (tcp/445)


Product : ActiveX control (for Internet Explorer)
Path : C:\WINDOWS\system32\Macromed\Flash\Flash10p.ocx
Installed version : 10.2.159.1
Fixed version : 10.3.183.43 / 11.5.502.110
63242 (1) - Flash Player <= 10.3.183.43 / 11.5.502.110 Multiple Vulnerabilities (APSB12-27)
Synopsis
The remote Windows host has a browser plugin that is affected by multiple vulnerabilities.
Description
According to its version, the instance of Flash Player installed on the remote Windows host is 11.x equal to or earlier than 11.5.502.110, or 10.x equal to or earlier than 10.3.183.43. It is, therefore, potentially affected by multiple vulnerabilities :

- An unspecified error exists that can allow a buffer overflow and arbitrary code execution. (CVE-2012-5676)

- An unspecified error exists that can allow an integer overflow and arbitrary code execution. (CVE-2012-5677)

- An unspecified error exists that can lead to memory corruption and arbitrary code execution. (CVE-2012-5678)
See Also
Solution
Upgrade to Adobe Flash Player version 10.3.183.48 / 11.5.502.135 or later, or Google Chrome PepperFlash 11.5.31.5 or later.
Risk Factor
High
CVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score
7.3 (CVSS2#E:POC/RL:OF/RC:C)
References
BID 56892
BID 56896
BID 56898
CVE CVE-2012-5676
CVE CVE-2012-5677
CVE CVE-2012-5678
XREF OSVDB:88353
XREF OSVDB:88354
XREF OSVDB:88356
Plugin Information:
Published: 2012/12/12, Modified: 2015/10/13
Plugin Output

10.0.0.14 (tcp/445)


Product : ActiveX control (for Internet Explorer)
Path : C:\WINDOWS\system32\Macromed\Flash\Flash10p.ocx
Installed version : 10.2.159.1
Fixed version : 10.3.183.48 / 11.5.502.135
63450 (1) - Flash Player <= 10.3.183.48 / 11.5.502.135 Buffer Overflow (APSB13-01)
Synopsis
The remote Windows host has a browser plugin that is affected by buffer overflow vulnerability.
Description
According to its version, the instance of Flash Player installed on the remote Windows host is 11.x equal to or earlier than 11.5.502.135, or 10.x equal to or earlier than 10.3.183.48. It is, therefore, potentially affected by an unspecified buffer overflow that could lead to arbitrary code execution.
See Also
Solution
Upgrade to Adobe Flash Player version 10.3.183.50 / 11.5.502.146 or later, or Google Chrome PepperFlash 11.5.31.137 or later.
Risk Factor
High
CVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score
7.7 (CVSS2#E:F/RL:OF/RC:ND)
References
BID 57184
CVE CVE-2013-0630
XREF OSVDB:88969
Plugin Information:
Published: 2013/01/09, Modified: 2016/05/05
Plugin Output

10.0.0.14 (tcp/445)


Product : ActiveX control (for Internet Explorer)
Path : C:\WINDOWS\system32\Macromed\Flash\Flash10p.ocx
Installed version : 10.2.159.1
Fixed version : 10.3.183.50 / 11.5.502.146
64506 (1) - Flash Player <= 10.3.183.50 / 11.5.502.146 Multiple Vulnerabilities (APSB13-04)
Synopsis
The remote Windows host has a browser plugin that is affected by multiple vulnerabilities.
Description
According to its version, the instance of Flash Player installed on the remote Windows host is 11.x equal or prior to 11.5.502.146, or 10.x equal or prior to 10.3.183.50. It is, therefore, potentially affected by the following vulnerabilities :

- An unspecified error exists that could allow a buffer overflow leading to code execution. (CVE-2013-0633)

- An unspecified error exists that could allow memory corruption leading to code execution. (CVE-2013-0634)
See Also
Solution
Upgrade to Adobe Flash Player version 10.3.183.51 / 11.5.502.149 or later, or Google Chrome PepperFlash 11.5.31.139 or later.
Risk Factor
High
CVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score
7.7 (CVSS2#E:F/RL:OF/RC:ND)
References
BID 57787
BID 57788
CVE CVE-2013-0633
CVE CVE-2013-0634
XREF OSVDB:89936
XREF OSVDB:89937
Exploitable With
CANVAS (true) Core Impact (true) Metasploit (true)
Plugin Information:
Published: 2013/02/08, Modified: 2016/12/08
Plugin Output

10.0.0.14 (tcp/445)


Product : ActiveX control (for Internet Explorer)
Path : C:\WINDOWS\system32\Macromed\Flash\Flash10p.ocx
Installed version : 10.2.159.1
Fixed version : 10.3.183.51 / 11.5.502.149
64584 (1) - Flash Player <= 10.3.183.51 / 11.5.502.149 Multiple Vulnerabilities (APSB13-05)
Synopsis
The remote Windows host has a browser plugin that is affected by multiple vulnerabilities.
Description
According to its version, the instance of Flash Player installed on the remote Windows host is 11.x equal or prior to 11.5.502.149, or 10.x equal or prior to 10.3.183.51. It is, therefore, potentially affected by the following vulnerabilities :

- Several unspecified issues exist that could lead to buffer overflows and arbitrary code execution.
(CVE-2013-1372, CVE-2013-0645, CVE-2013-1373, CVE-2013-1369, CVE-2013-1370, CVE-2013-1366, CVE-2013-1365, CVE-2013-1368, CVE-2013-0642, CVE-2013-1367)

- Several unspecified use-after-free vulnerabilities exist that could lead to remote code execution. (CVE-2013-0649, CVE-2013-1374, CVE-2013-0644)

- Two unspecified issues exist that could lead to memory corruption and arbitrary code execution. (CVE-2013-0638, CVE-2013-0647)

- An unspecified information disclosure vulnerability exists. (CVE-2013-0637)

- An unspecified integer overflow vulnerability exists.
(CVE-2013-0639)
See Also
Solution
Upgrade to Adobe Flash Player version 10.3.183.63 / 11.6.602.168 or later, or Google Chrome PepperFlash 11.6.602.167 or later.
Risk Factor
High
CVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score
7.7 (CVSS2#E:F/RL:OF/RC:ND)
References
BID 57912
BID 57916
BID 57917
BID 57918
BID 57919
BID 57920
BID 57921
BID 57922
BID 57923
BID 57924
BID 57925
BID 57926
BID 57927
BID 57929
BID 57930
BID 57932
BID 57933
CVE CVE-2013-0637
CVE CVE-2013-0638
CVE CVE-2013-0639
CVE CVE-2013-0642
CVE CVE-2013-0644
CVE CVE-2013-0645
CVE CVE-2013-0647
CVE CVE-2013-0649
CVE CVE-2013-1365
CVE CVE-2013-1366
CVE CVE-2013-1367
CVE CVE-2013-1368
CVE CVE-2013-1369
CVE CVE-2013-1370
CVE CVE-2013-1372
CVE CVE-2013-1373
CVE CVE-2013-1374
XREF OSVDB:90095
XREF OSVDB:90096
XREF OSVDB:90097
XREF OSVDB:90098
XREF OSVDB:90099
XREF OSVDB:90100
XREF OSVDB:90101
XREF OSVDB:90102
XREF OSVDB:90103
XREF OSVDB:90104
XREF OSVDB:90105
XREF OSVDB:90106
XREF OSVDB:90107
XREF OSVDB:90108
XREF OSVDB:90109
XREF OSVDB:90110
XREF OSVDB:90111
Plugin Information:
Published: 2013/02/13, Modified: 2016/05/05
Plugin Output

10.0.0.14 (tcp/445)


Product : ActiveX control (for Internet Explorer)
Path : C:\WINDOWS\system32\Macromed\Flash\Flash10p.ocx
Installed version : 10.2.159.1
Fixed version : 10.3.183.63 / 11.6.602.168
64916 (1) - Flash Player <= 10.3.183.63 / 11.6.602.168 Multiple Vulnerabilities (APSB13-08)
Synopsis
The remote Windows host has a browser plugin that is affected by multiple vulnerabilities.
Description
According to its version, the instance of Flash Player installed on the remote Windows host is 11.x equal or prior to 11.6.602.168, or 10.x equal or prior to 10.3.183.63. It is, therefore, potentially affected by the following vulnerabilities :

- A buffer overflow error exists related to the 'broker service'. (CVE-2013-0504)

- A permissions issue exists related to the Firefox sandbox. (CVE-2013-0643)

- An unspecified error exists related to 'ExternalInterface ActionScript' feature.
(CVE-2013-0648)
See Also
Solution
Upgrade to Adobe Flash Player version 10.3.183.67 / 11.6.602.171 or later, or Google Chrome PepperFlash 11.6.602.171 or later.
Risk Factor
High
CVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score
7.3 (CVSS2#E:POC/RL:OF/RC:C)
References
BID 58184
BID 58185
BID 58186
CVE CVE-2013-0504
CVE CVE-2013-0643
CVE CVE-2013-0648
XREF OSVDB:90612
XREF OSVDB:90613
XREF OSVDB:90614
Plugin Information:
Published: 2013/02/27, Modified: 2016/05/20
Plugin Output

10.0.0.14 (tcp/445)


Product : ActiveX control (for Internet Explorer)
Path : C:\WINDOWS\system32\Macromed\Flash\Flash10p.ocx
Installed version : 10.2.159.1
Fixed version : 10.3.183.67 / 11.6.602.171
65219 (1) - Flash Player <= 10.3.183.67 / 11.6.602.171 Multiple Vulnerabilities (APSB13-09)
Synopsis
The remote Windows host has a browser plugin that is affected by multiple vulnerabilities.
Description
According to its version, the instance of Flash Player installed on the remote Windows host is 11.x equal or prior to 11.6.602.171, or 10.x equal or prior to 10.3.183.67. It is, therefore, potentially affected by the following vulnerabilities :

- An integer overflow error exists that could lead to code execution. (CVE-2013-0646)

- A use-after-free error exists that could lead to code execution. (CVE-2013-0650)

- A memory corruption error exists that could lead to code execution. (CVE-2013-1371)

- A heap-based buffer overflow error exists that could lead to code execution. (CVE-2013-1375)
See Also
Solution
Upgrade to Adobe Flash Player version 10.3.183.68 / 11.6.602.180 or later, or Google Chrome PepperFlash 11.6.602.180 or later.
Risk Factor
High
CVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score
6.9 (CVSS2#E:U/RL:OF/RC:C)
References
BID 58436
BID 58438
BID 58439
BID 58440
CVE CVE-2013-0646
CVE CVE-2013-0650
CVE CVE-2013-1371
CVE CVE-2013-1375
XREF OSVDB:91158
XREF OSVDB:91159
XREF OSVDB:91160
XREF OSVDB:91161
Plugin Information:
Published: 2013/03/13, Modified: 2016/05/05
Plugin Output

10.0.0.14 (tcp/445)


Product : ActiveX control (for Internet Explorer)
Path : C:\WINDOWS\system32\Macromed\Flash\Flash10p.ocx
Installed version : 10.2.159.1
Fixed version : 10.3.183.68 / 11.6.602.180
65910 (1) - Flash Player <= 10.3.183.68 / 11.6.602.180 Multiple Vulnerabilities (APSB13-11)
Synopsis
The remote Windows host has a browser plugin that is affected by multiple vulnerabilities.
Description
According to its version, the instance of Flash Player installed on the remote Windows host is 11.x equal or prior to 11.6.602.180, or 10.x equal or prior to 10.3.183.68. It is, therefore, potentially affected by the following vulnerabilities :

- Multiple memory corruption errors exist that could lead to code execution. (CVE-2013-1378, CVE-2013-1379, CVE-2013-1380)

- An integer overflow error exists that could lead to code execution. (CVE-2013-2555)
See Also
Solution
Upgrade to Adobe Flash Player version 10.3.183.75 / 11.7.700.169 or later, or Google Chrome PepperFlash 11.7.700.179 or later.
Risk Factor
High
CVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score
7.7 (CVSS2#E:F/RL:OF/RC:ND)
References
BID 58396
BID 58947
BID 58949
BID 58951
CVE CVE-2013-1378
CVE CVE-2013-1379
CVE CVE-2013-1380
CVE CVE-2013-2555
XREF OSVDB:91203
XREF OSVDB:92141
XREF OSVDB:92142
XREF OSVDB:92143
Plugin Information:
Published: 2013/04/10, Modified: 2016/05/05
Plugin Output

10.0.0.14 (tcp/445)


Product : ActiveX control (for Internet Explorer)
Path : C:\WINDOWS\system32\Macromed\Flash\Flash10p.ocx
Installed version : 10.2.159.1
Fixed version : 10.3.183.75 / 11.7.700.169
66445 (1) - Flash Player <= 10.3.183.75 / 11.7.700.169 Multiple Vulnerabilities (APSB13-14)
Synopsis
The remote Windows host has a browser plugin that is affected by multiple vulnerabilities.
Description
According to its version, the instance of Flash Player installed on the remote Windows host is 11.x equal or prior to 11.7.700.169, or 10.x equal or prior to 10.3.183.75. It is, therefore, potentially affected by several memory corruption errors that could lead to code execution.
See Also
Solution
Upgrade to Adobe Flash Player version 10.3.183.86 / 11.7.700.202 or later, or Google Chrome PepperFlash 11.7.700.202 or later.
Risk Factor
High
CVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score
6.9 (CVSS2#E:U/RL:OF/RC:C)
References
BID 59889
BID 59890
BID 59891
BID 59892
BID 59893
BID 59894
BID 59895
BID 59896
BID 59897
BID 59898
BID 59899
BID 59900
BID 59901
CVE CVE-2013-2728
CVE CVE-2013-3324
CVE CVE-2013-3325
CVE CVE-2013-3326
CVE CVE-2013-3327
CVE CVE-2013-3328
CVE CVE-2013-3329
CVE CVE-2013-3330
CVE CVE-2013-3331
CVE CVE-2013-3332
CVE CVE-2013-3333
CVE CVE-2013-3334
CVE CVE-2013-3335
XREF OSVDB:93322
XREF OSVDB:93323
XREF OSVDB:93324
XREF OSVDB:93325
XREF OSVDB:93326
XREF OSVDB:93327
XREF OSVDB:93328
XREF OSVDB:93329
XREF OSVDB:93330
XREF OSVDB:93331
XREF OSVDB:93332
XREF OSVDB:93333
XREF OSVDB:93334
Plugin Information:
Published: 2013/05/15, Modified: 2016/05/05
Plugin Output

10.0.0.14 (tcp/445)


Product : ActiveX control (for Internet Explorer)
Path : C:\WINDOWS\system32\Macromed\Flash\Flash10p.ocx
Installed version : 10.2.159.1
Fixed version : 10.3.183.86 / 11.7.700.202
66872 (1) - Flash Player <= 10.3.183.86 / 11.7.700.202 Memory Corruption (APSB13-16)
Synopsis
The remote Windows host has a browser plugin that is affected by a memory corruption vulnerability.
Description
According to its version, the instance of Flash Player installed on the remote Windows host is 11.x equal or prior to 11.7.700.202, or 10.x equal or prior to 10.3.183.86. It is, therefore, potentially affected by a memory corruption vulnerability that could lead to code execution.
See Also
Solution
Upgrade to Adobe Flash Player version 10.3.183.90 / 11.7.700.224 or later, or Google Chrome PepperFlash 11.7.700.225 or later.
Risk Factor
High
CVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score
6.9 (CVSS2#E:U/RL:OF/RC:C)
References
BID 60478
CVE CVE-2013-3343
XREF OSVDB:94128
Plugin Information:
Published: 2013/06/11, Modified: 2016/05/05
Plugin Output

10.0.0.14 (tcp/445)


Product : ActiveX control (for Internet Explorer)
Path : C:\WINDOWS\system32\Macromed\Flash\Flash10p.ocx
Installed version : 10.2.159.1
Fixed version : 10.3.183.90 / 11.7.700.224
67225 (1) - Flash Player <= 10.3.183.90 / 11.7.700.224 Multiple Vulnerabilities (APSB13-17)
Synopsis
The remote Windows host has a browser plugin that is affected by multiple vulnerabilities.
Description
According to its version, the instance of Flash Player installed on the remote Windows host is 10.x equal or prior to 10.3.183.90, or 11.x equal or prior to 11.7.700.224. It is, therefore, potentially affected by multiple vulnerabilities :

- A heap based buffer overflow vulnerability exists that could lead to code execution. (CVE-2013-3344)

- A memory corruption vulnerability exists that could lead to code execution. (CVE-2013-3345)

- An integer overflow exists when resampling a user-supplied PCM buffer. (CVE-2013-3347)
See Also
Solution
Upgrade to Adobe Flash Player version 11.7.700.232 / 11.8.800.94 or later, or Google Chrome PepperFlash 11.8.800.97 or later.
Risk Factor
High
CVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score
6.9 (CVSS2#E:U/RL:OF/RC:C)
References
BID 61043
BID 61045
BID 61048
CVE CVE-2013-3344
CVE CVE-2013-3345
CVE CVE-2013-3347
XREF OSVDB:94988
XREF OSVDB:94989
XREF OSVDB:94990
Plugin Information:
Published: 2013/07/10, Modified: 2016/05/05
Plugin Output

10.0.0.14 (tcp/445)


Product : ActiveX control (for Internet Explorer)
Path : C:\WINDOWS\system32\Macromed\Flash\Flash10p.ocx
Installed version : 10.2.159.1
Fixed version : 11.7.700.232 / 11.8.800.94
69866 (1) - Flash Player <= 11.7.700.232 / 11.8.800.94 Memory Corruptions (APSB13-21)
Synopsis
The remote Windows host has a browser plugin that is affected by multiple memory corruption vulnerabilities.
Description
According to its version, the instance of Flash Player installed on the remote Windows host is equal or prior to 10.3.183.90 / 11.x equal or prior to 11.7.700.232 / 11.8.x equal or prior to 11.8.800.94. It is, therefore, potentially affected by multiple memory corruption vulnerabilities that could lead to code execution.
See Also
Solution
Upgrade to Adobe Flash Player version 11.7.700.242 / 11.8.800.168 or later, or Google Chrome Flash 11.8.800.170 or later.
Risk Factor
High
CVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score
6.9 (CVSS2#E:U/RL:OF/RC:C)
References
BID 62290
BID 62294
BID 62295
BID 62296
CVE CVE-2013-3361
CVE CVE-2013-3362
CVE CVE-2013-3363
CVE CVE-2013-5324
XREF OSVDB:97050
XREF OSVDB:97051
XREF OSVDB:97052
XREF OSVDB:97053
Plugin Information:
Published: 2013/09/13, Modified: 2015/10/13
Plugin Output

10.0.0.14 (tcp/445)


Product : ActiveX control (for Internet Explorer)
Path : C:\WINDOWS\system32\Macromed\Flash\Flash10p.ocx
Installed version : 10.2.159.1
Fixed version : 11.7.700.242 / 11.8.800.168
70858 (1) - Flash Player <= 11.7.700.242 / 11.9.900.117 Memory Corruptions (APSB13-26)
Synopsis
The remote Windows host has a browser plugin that is affected by multiple memory corruption vulnerabilities.
Description
According to its version, the instance of Flash Player installed on the remote Windows host is equal or prior to 11.7.700.242 / 11.8.x or 11.9.x equal or prior to 11.9.900.117. It is, therefore, potentially affected by multiple memory corruption vulnerabilities that could lead to code execution.
See Also
Solution
Upgrade to Adobe Flash Player version 11.7.700.252 / 11.9.900.152 or later.
Risk Factor
High
CVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score
7.3 (CVSS2#E:POC/RL:OF/RC:C)
References
BID 63680
BID 63683
CVE CVE-2013-5329
CVE CVE-2013-5330
XREF OSVDB:99655
XREF OSVDB:99656
Plugin Information:
Published: 2013/11/13, Modified: 2016/05/20
Plugin Output

10.0.0.14 (tcp/445)


Product : ActiveX control (for Internet Explorer)
Path : C:\WINDOWS\system32\Macromed\Flash\Flash10p.ocx
Installed version : 10.2.159.1
Fixed version : 11.7.700.252 / 11.9.900.152
71351 (1) - Flash Player <= 11.7.700.252 / 11.9.900.152 Multiple Vulnerabilities (APSB13-28)
Synopsis
The remote Windows host has a browser plugin that is affected by multiple vulnerabilities.
Description
According to its version, the instance of Flash Player installed on the remote Windows host is equal or prior to 11.7.700.252 / 11.8.x or 11.9.x equal or prior to 11.9.900.152. It is, therefore, potentially affected by the following vulnerabilities :

- A type-confusion error exists that could allow arbitrary code execution. (CVE-2013-5331)

- An input validation error exists that could allow denial of service attacks or possibly arbitrary code execution. (CVE-2013-5332)
See Also
Solution
Upgrade to Adobe Flash Player version 11.7.700.257 / 11.9.900.170 or later.
Risk Factor
High
CVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score
7.3 (CVSS2#E:POC/RL:OF/RC:C)
References
BID 64199
BID 64201
CVE CVE-2013-5331
CVE CVE-2013-5332
XREF OSVDB:100774
XREF OSVDB:100775
Exploitable With
Core Impact (true) Metasploit (true)
Plugin Information:
Published: 2013/12/11, Modified: 2017/05/16
Plugin Output

10.0.0.14 (tcp/445)


Product : ActiveX control (for Internet Explorer)
Path : C:\WINDOWS\system32\Macromed\Flash\Flash10p.ocx
Installed version : 10.2.159.1
Fixed version : 11.7.700.257 / 11.9.900.170
71951 (1) - Flash Player <= 11.7.700.257 / 11.9.900.170 Multiple Vulnerabilities (APSB14-02)
Synopsis
The remote Windows host has a browser plugin that is affected by multiple vulnerabilities.
Description
According to its version, the instance of Flash Player installed on the remote Windows host is equal or prior to 11.7.700.257 / 11.8.x or 11.9.900.170. It is, therefore, potentially affected by the following vulnerabilities :

- An unspecified vulnerability exists that can be used to bypass Flash Player security protections.
(CVE-2014-0491)

- An unspecified vulnerability exists that can be used to bypass memory address layout randomization.
(CVE-2014-0492)
See Also
Solution
Upgrade to Adobe Flash Player version 11.7.700.260 / 12.0.0.38 or later.
Risk Factor
High
CVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score
8.1 (CVSS2#E:ND/RL:OF/RC:C)
References
BID 64807
BID 64810
CVE CVE-2014-0491
CVE CVE-2014-0492
XREF OSVDB:101982
XREF OSVDB:101983
Plugin Information:
Published: 2014/01/14, Modified: 2017/05/16
Plugin Output

10.0.0.14 (tcp/445)


Product : ActiveX control (for Internet Explorer)
Path : C:\WINDOWS\system32\Macromed\Flash\Flash10p.ocx
Installed version : 10.2.159.1
Fixed version : 12.0.0.38
72284 (1) - Flash Player <= 11.7.700.260 / 12.0.0.43 Unspecified Remote Code Execution (APSB14-04)
Synopsis
The remote Windows host has a browser plugin that is affected by a code execution vulnerability.
Description
According to its version, the instance of Flash Player installed on the remote Windows host is equal or prior to 11.7.700.260 / 11.8.x / 11.9.x / 12.0.0.43. It is, therefore, potentially affected by an unspecified vulnerability that could lead to arbitrary code execution.
See Also
Solution
Upgrade to Adobe Flash Player version 11.7.700.261 / 12.0.0.44 or later.
Risk Factor
High
CVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score
8.1 (CVSS2#E:H/RL:OF/RC:ND)
References
BID 65327
CVE CVE-2014-0497
XREF OSVDB:102849
Exploitable With
Core Impact (true) Metasploit (true)
Plugin Information:
Published: 2014/02/04, Modified: 2017/05/16
Plugin Output

10.0.0.14 (tcp/445)


Product : ActiveX control (for Internet Explorer)
Path : C:\WINDOWS\system32\Macromed\Flash\Flash10p.ocx
Installed version : 10.2.159.1
Fixed version : 12.0.0.44
72606 (1) - Flash Player <= 11.7.700.261 / 12.0.0.44 Multiple Vulnerabilities (APSB14-07)
Synopsis
The remote Windows host has a browser plugin that is affected by multiple vulnerabilities.
Description
According to its version, the instance of Flash Player installed on the remote Windows host is equal or prior to 11.7.700.261 / 11.8.x / 11.9.x / 12.0.0.70. It is, therefore, potentially affected multiple vulnerabilities :

- A stack overflow vulnerability exists that could result in arbitrary code execution. (CVE-2014-0498)

- A memory leak vulnerability exists that could be used to aid in buffer overflow attacks by bypassing address space layout randomization (ASLR). (CVE-2014-0499)

- A double free vulnerability exists that could result in arbitrary code execution. (CVE-2014-0502)
See Also
Solution
Upgrade to Adobe Flash Player version 11.7.700.269 / 12.0.0.70 or later.
Risk Factor
High
CVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score
7.7 (CVSS2#E:F/RL:OF/RC:ND)
References
BID 65702
BID 65703
BID 65704
CVE CVE-2014-0498
CVE CVE-2014-0499
CVE CVE-2014-0502
XREF OSVDB:103518
XREF OSVDB:103519
XREF OSVDB:103520
Exploitable With
Core Impact (true)
Plugin Information:
Published: 2014/02/20, Modified: 2017/05/16
Plugin Output

10.0.0.14 (tcp/445)


Product : ActiveX control (for Internet Explorer)
Path : C:\WINDOWS\system32\Macromed\Flash\Flash10p.ocx
Installed version : 10.2.159.1
Fixed version : 12.0.0.70
73433 (1) - Flash Player <= 11.7.700.272 / 12.0.0.77 Multiple Vulnerabilities (APSB14-09)
Synopsis
The remote Windows host has a browser plugin that is affected by multiple vulnerabilities.
Description
According to its version, the instance of Flash Player installed on the remote Windows host is equal or prior to 11.7.700.272 / 11.8.x / 11.9.x / 12.0.0.77. It is, therefore, potentially affected multiple vulnerabilities :

- A use-after-free error exists that could lead to arbitrary code execution. (CVE-2014-0506)

- A buffer overflow error exists that could lead to arbitrary code execution. (CVE-2014-0507)

- An unspecified error exists that could allow a security bypass leading to information disclosure.
(CVE-2014-0508)

- An unspecified error exists that could allow cross- site scripting attacks. (CVE-2014-0509)
See Also
Solution
Upgrade to Adobe Flash Player version 11.7.700.275 / 13.0.0.182 or later.
Risk Factor
High
CVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score
8.1 (CVSS2#E:ND/RL:OF/RC:C)
References
BID 66208
BID 66699
BID 66701
BID 66703
CVE CVE-2014-0506
CVE CVE-2014-0507
CVE CVE-2014-0508
CVE CVE-2014-0509
XREF OSVDB:104598
XREF OSVDB:105535
XREF OSVDB:105536
XREF OSVDB:105537
XREF CWE:20
XREF CWE:74
XREF CWE:79
XREF CWE:442
XREF CWE:629
XREF CWE:711
XREF CWE:712
XREF CWE:722
XREF CWE:725
XREF CWE:750
XREF CWE:751
XREF CWE:800
XREF CWE:801
XREF CWE:809
XREF CWE:811
XREF CWE:864
XREF CWE:900
XREF CWE:928
XREF CWE:931
XREF CWE:990
Plugin Information:
Published: 2014/04/09, Modified: 2017/05/16
Plugin Output

10.0.0.14 (tcp/445)


Product : ActiveX control (for Internet Explorer)
Path : C:\WINDOWS\system32\Macromed\Flash\Flash10p.ocx
Installed version : 10.2.159.1
Fixed version : 13.0.0.182
73740 (1) - Flash Player <= 11.7.700.275 / 13.0.0.182 Pixel Bender Component Buffer Overflow (APSB14-13)
Synopsis
The remote Windows host has a browser plugin that is affected by a buffer overflow vulnerability.
Description
According to its version, the instance of Flash Player installed on the remote Windows host is equal or prior to 11.7.700.275 / 11.8.x / 11.9.x / 12.x / 13.0.0.182. It is, therefore, potentially affected by a buffer overflow vulnerability due to improper user input validation in the Pixel Bender component. An attacker could cause a buffer overflow with a specially crafted SWF file, resulting in arbitrary code execution.
See Also
Solution
Upgrade to Adobe Flash Player version 11.7.700.279 / 13.0.0.206 or later.
Risk Factor
High
CVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score
8.1 (CVSS2#E:H/RL:OF/RC:ND)
References
BID 67092
CVE CVE-2014-0515
XREF OSVDB:106347
Exploitable With
Core Impact (true) Metasploit (true)
Plugin Information:
Published: 2014/04/28, Modified: 2017/05/16
Plugin Output

10.0.0.14 (tcp/445)


Product : ActiveX control (for Internet Explorer)
Path : C:\WINDOWS\system32\Macromed\Flash\Flash10p.ocx
Installed version : 10.2.159.1
Fixed version : 13.0.0.206
73994 (1) - Flash Player <= 13.0.0.206 Multiple Vulnerabilities (APSB14-14)
Synopsis
The remote Windows host has a browser plugin that is potentially affected by multiple vulnerabilities.
Description
According to its version, the instance of Flash Player installed on the remote Windows host is equal or prior to 13.0.0.206. It is, therefore, potentially affected by the following vulnerabilities :

- An unspecified use-after-free vulnerability exists that could allow for the execution of arbitrary code.
(CVE-2014-0510)

- An unspecified vulnerability exists that could be used to bypass the same origin policy. (CVE-2014-0516)

- Multiple, unspecified security bypass vulnerabilities exist. (CVE-2014-0517, CVE-2014-0518, CVE-2014-0519, CVE-2014-0520)
See Also
Solution
Upgrade to Adobe Flash Player version 13.0.0.214 or later.
Risk Factor
High
CVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score
7.3 (CVSS2#E:POC/RL:OF/RC:C)
References
BID 66241
BID 67361
BID 67364
BID 67371
BID 67372
BID 67373
CVE CVE-2014-0510
CVE CVE-2014-0516
CVE CVE-2014-0517
CVE CVE-2014-0518
CVE CVE-2014-0519
CVE CVE-2014-0520
XREF OSVDB:104585
XREF OSVDB:106886
XREF OSVDB:106887
XREF OSVDB:106888
XREF OSVDB:106889
XREF OSVDB:106890
Plugin Information:
Published: 2014/05/14, Modified: 2017/05/16
Plugin Output

10.0.0.14 (tcp/445)


Product : ActiveX control (for Internet Explorer)
Path : C:\WINDOWS\system32\Macromed\Flash\Flash10p.ocx
Installed version : 10.2.159.1
Fixed version : 13.0.0.214
74431 (1) - Flash Player <= 13.0.0.214 Multiple Vulnerabilities (APSB14-16)
Synopsis
The remote Windows host has a browser plugin that is potentially affected by multiple vulnerabilities.
Description
According to its version, the instance of Flash Player installed on the remote Windows host is equal or prior to 13.0.0.214. It is, therefore, affected by the following vulnerabilities :

- Multiple, unspecified errors exist that could allow cross-site scripting attacks. (CVE-2014-0531, CVE-2014-0532, CVE-2014-0533)

- Multiple, unspecified errors exist that could allow unspecified security bypass attacks. (CVE-2014-0534, CVE-2014-0535)

- An unspecified memory corruption issue exists that could allow arbitrary code execution. (CVE-2014-0536)
See Also
Solution
Upgrade to Adobe Flash Player version 14.0.0.125 or later.

Alternatively, Adobe has made version 13.0.0.223 available for those installations that cannot be upgraded to 14.x.
Risk Factor
High
CVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score
8.1 (CVSS2#E:ND/RL:OF/RC:C)
References
BID 67961
BID 67962
BID 67963
BID 67970
BID 67973
BID 67974
CVE CVE-2014-0531
CVE CVE-2014-0532
CVE CVE-2014-0533
CVE CVE-2014-0534
CVE CVE-2014-0535
CVE CVE-2014-0536
XREF OSVDB:107822
XREF OSVDB:107823
XREF OSVDB:107824
XREF OSVDB:107825
XREF OSVDB:107826
XREF OSVDB:107827
XREF CWE:20
XREF CWE:74
XREF CWE:79
XREF CWE:442
XREF CWE:629
XREF CWE:711
XREF CWE:712
XREF CWE:722
XREF CWE:725
XREF CWE:750
XREF CWE:751
XREF CWE:800
XREF CWE:801
XREF CWE:809
XREF CWE:811
XREF CWE:864
XREF CWE:900
XREF CWE:928
XREF CWE:931
XREF CWE:990
Plugin Information:
Published: 2014/06/11, Modified: 2017/05/16
Plugin Output

10.0.0.14 (tcp/445)


Product : ActiveX control (for Internet Explorer)
Path : C:\WINDOWS\system32\Macromed\Flash\Flash10p.ocx
Installed version : 10.2.159.1
Fixed version : 14.0.0.125 / 13.0.0.223
76413 (1) - Flash Player <= 14.0.0.125 Multiple Vulnerabilities (APSB14-17)
Synopsis
The remote Windows host has a browser plugin that is affected by multiple vulnerabilities.
Description
According to its version, the instance of Flash Player installed on the remote Windows host is equal or prior to 14.0.0.125. It is, therefore, affected by the following vulnerabilities :

- A CSRF bypassing Same Origin Policy vulnerability exists that could leak potentially sensitive data.
(CVE-2014-4671)

- Multiple unspecified errors exist that could allow unspecified security bypass attacks. (CVE-2014-0537, CVE-2014-0539)
See Also
Solution
Upgrade to Adobe Flash Player version 14.0.0.145 or later.

Alternatively, Adobe has made version 13.0.0.231 available for those installations that cannot be upgraded to 14.x.
Risk Factor
High
CVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score
7.3 (CVSS2#E:POC/RL:OF/RC:C)
References
BID 68454
BID 68455
BID 68457
CVE CVE-2014-0537
CVE CVE-2014-0539
CVE CVE-2014-4671
XREF OSVDB:108799
XREF OSVDB:108800
XREF OSVDB:108828
Plugin Information:
Published: 2014/07/08, Modified: 2017/05/16
Plugin Output

10.0.0.14 (tcp/445)


Product : ActiveX control (for Internet Explorer)
Path : C:\WINDOWS\system32\Macromed\Flash\Flash10p.ocx
Installed version : 10.2.159.1
Fixed version : 14.0.0.145 / 13.0.0.231
77172 (1) - Flash Player <= 14.0.0.145 Multiple Vulnerabilities (APSB14-18)
Synopsis
The remote Windows host has a browser plugin that is affected by multiple vulnerabilities.
Description
According to its version, the instance of Flash Player installed on the remote Windows host is equal or prior to 14.0.0.145. It is, therefore, affected by the following vulnerabilities :

- A use-after-free error exists that allows code execution. (CVE-2014-0538)

- An unspecified security bypass error exists.
(CVE-2014-0541)

- Multiple errors exist related to memory leaks that can be used to bypass memory address randomization.
(CVE-2014-0540, CVE-2014-0542, CVE-2014-0543, CVE-2014-0544, CVE-2014-0545)
See Also
Solution
Upgrade to Adobe Flash Player version 14.0.0.176 (Internet Explorer), 14.0.0.179 (Firefox / Netscape / Opera), or 14.0.0.177 (Chrome) or later.

Alternatively, Adobe has made version 13.0.0.241 available for those installations that cannot be upgraded to 14.x.
Risk Factor
High
CVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score
7.3 (CVSS2#E:POC/RL:OF/RC:C)
References
Plugin Information:
Published: 2014/08/12, Modified: 2017/05/16
Plugin Output

10.0.0.14 (tcp/445)


Product : ActiveX control (for Internet Explorer)
Path : C:\WINDOWS\system32\Macromed\Flash\Flash10p.ocx
Installed version : 10.2.159.1
Fixed version : 14.0.0.176 / 13.0.0.241
77577 (1) - Flash Player <= 14.0.0.179 Multiple Vulnerabilities (APSB14-21)
Synopsis
The remote Windows host has a browser plugin that is affected by multiple vulnerabilities.
Description
According to its version, the installation of Flash Player installed on the remote Windows host is equal or prior to 14.0.0.179. It is, therefore, affected by the following vulnerabilities :

- Unspecified memory corruption issues exist that allow arbitrary code execution. (CVE-2014-0547, CVE-2014-0549, CVE-2014-0550, CVE-2014-0551, CVE-2014-0552, CVE-2014-0555)

- An unspecified error exists that allows cross-origin policy violations. (CVE-2014-0548)

- A use-after-free error exists that allows arbitrary code execution. (CVE-2014-0553)

- An unspecified error exists that allows an unspecified security bypass. (CVE-2014-0554)

- Unspecified errors exist that allow memory leaks leading to easier defeat of memory address randomization.
(CVE-2014-0557)

- Heap-based buffer overflow errors exist that allow arbitrary code execution. (CVE-2014-0556, CVE-2014-0559)
See Also
Solution
Upgrade to Adobe Flash Player version 15.0.0.152 or later.

Alternatively, Adobe has made version 13.0.0.244 available for those installations that cannot be upgraded to 15.x.
Risk Factor
High
CVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score
7.7 (CVSS2#E:F/RL:OF/RC:ND)
References
BID 69695
BID 69696
BID 69697
BID 69699
BID 69700
BID 69701
BID 69702
BID 69703
BID 69704
BID 69705
BID 69706
BID 69707
CVE CVE-2014-0547
CVE CVE-2014-0548
CVE CVE-2014-0549
CVE CVE-2014-0550
CVE CVE-2014-0551
CVE CVE-2014-0552
CVE CVE-2014-0553
CVE CVE-2014-0554
CVE CVE-2014-0555
CVE CVE-2014-0556
CVE CVE-2014-0557
CVE CVE-2014-0559
XREF OSVDB:111100
XREF OSVDB:111101
XREF OSVDB:111102
XREF OSVDB:111103
XREF OSVDB:111104
XREF OSVDB:111105
XREF OSVDB:111106
XREF OSVDB:111107
XREF OSVDB:111108
XREF OSVDB:111109
XREF OSVDB:111110
XREF OSVDB:111111
Exploitable With
CANVAS (true) Core Impact (true) Metasploit (true)
Plugin Information:
Published: 2014/09/10, Modified: 2017/05/16
Plugin Output

10.0.0.14 (tcp/445)


Product : ActiveX control (for Internet Explorer)
Path : C:\WINDOWS\system32\Macromed\Flash\Flash10p.ocx
Installed version : 10.2.159.1
Fixed version : 15.0.0.152 / 13.0.0.244
78441 (1) - Flash Player <= 15.0.0.167 Multiple Vulnerabilities (APSB14-22)
Synopsis
The remote Windows host has a browser plugin that is affected by multiple vulnerabilities.
Description
According to its version, the installation of Adobe Flash Player installed on the remote Windows host is equal or prior to 15.0.0.167.
It is, therefore, affected by the following vulnerabilities :

- Multiple memory corruption issues due to improperly sanitized user-supplied input allow arbitrary code execution. (CVE-2014-0564, CVE-2014-0558)

- An integer overflow issue due to improperly sanitized user-supplied input that allows arbitrary code execution. (CVE-2014-0569)

- An arbitrary code execution vulnerability due to the handling of a dereferenced memory pointer.
(CVE-2014-8439)
See Also
Solution
Upgrade to Adobe Flash Player version 15.0.0.189 or later.

Alternatively, Adobe has made version 13.0.0.250 available for those installations that cannot be upgraded to 15.x.
Risk Factor
High
CVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score
7.7 (CVSS2#E:F/RL:OF/RC:ND)
References
BID 70437
BID 70441
BID 70442
BID 71289
CVE CVE-2014-0558
CVE CVE-2014-0564
CVE CVE-2014-0569
CVE CVE-2014-8439
XREF OSVDB:113197
XREF OSVDB:113198
XREF OSVDB:113199
XREF OSVDB:115035
Exploitable With
Core Impact (true) Metasploit (true)
Plugin Information:
Published: 2014/10/15, Modified: 2017/05/16
Plugin Output

10.0.0.14 (tcp/445)


Product : ActiveX control (for Internet Explorer)
Path : C:\WINDOWS\system32\Macromed\Flash\Flash10p.ocx
Installed version : 10.2.159.1
Fixed version : 15.0.0.189 / 13.0.0.250
79140 (1) - Flash Player <= 15.0.0.189 Multiple Vulnerabilities (APSB14-24)
Synopsis
The remote Windows host has a browser plugin that is affected by multiple vulnerabilities.
Description
According to its version, the installation of Adobe Flash Player installed on the remote Windows host is equal or prior to 15.0.0.189.
It is, therefore, affected by the following vulnerabilities :

- Multiple memory corruption vulnerabilities allow an attacker to execute arbitrary code. (CVE-2014-0576, CVE-2014-0581, CVE-2014-8440, CVE-2014-8441)

- Multiple use-after-free vulnerabilities could result in arbitrary code execution. (CVE-2014-0573, CVE-2014-0588, CVE-2014-8438, CVE-2014-0574)

- Multiple type confusion vulnerabilities could result in arbitrary code execution. (CVE-2014-0577, CVE-2014-0584, CVE-2014-0585, CVE-2014-0586, CVE-2014-0590)

- Multiple heap-based buffer overflow vulnerabilities can be exploited to execute arbitrary code or elevate privileges. (CVE-2014-0583, CVE-2014-0582, CVE-2014-0589)

- A permission issue that allows a remote attacker to gain elevated privileges. (CVE-2014-8442)

- An information disclosure vulnerability can be exploited to disclose secret session tokens. (CVE-2014-8437)
See Also
Solution
Upgrade to Adobe Flash Player version 15.0.0.223 or later.

Alternatively, Adobe has made version 13.0.0.252 available for those installations that cannot be upgraded to 15.x.
Risk Factor
High
CVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score
7.7 (CVSS2#E:F/RL:OF/RC:ND)
References
BID 71033
BID 71035
BID 71036
BID 71037
BID 71038
BID 71039
BID 71040
BID 71041
BID 71042
BID 71043
BID 71044
BID 71045
BID 71046
BID 71047
BID 71048
BID 71049
BID 71050
BID 71051
CVE CVE-2014-0573
CVE CVE-2014-0574
CVE CVE-2014-0576
CVE CVE-2014-0577
CVE CVE-2014-0581
CVE CVE-2014-0582
CVE CVE-2014-0583
CVE CVE-2014-0584
CVE CVE-2014-0585
CVE CVE-2014-0586
CVE CVE-2014-0588
CVE CVE-2014-0589
CVE CVE-2014-0590
CVE CVE-2014-8437
CVE CVE-2014-8438
CVE CVE-2014-8440
CVE CVE-2014-8441
CVE CVE-2014-8442
XREF OSVDB:114487
XREF OSVDB:114488
XREF OSVDB:114489
XREF OSVDB:114490
XREF OSVDB:114491
XREF OSVDB:114492
XREF OSVDB:114493
XREF OSVDB:114494
XREF OSVDB:114495
XREF OSVDB:114496
XREF OSVDB:114497
XREF OSVDB:114498
XREF OSVDB:114499
XREF OSVDB:114500
XREF OSVDB:114501
XREF OSVDB:114502
XREF OSVDB:114503
XREF OSVDB:114504
Exploitable With
Metasploit (true)
Plugin Information:
Published: 2014/11/12, Modified: 2017/05/16
Plugin Output

10.0.0.14 (tcp/445)


Product : ActiveX control (for Internet Explorer)
Path : C:\WINDOWS\system32\Macromed\Flash\Flash10p.ocx
Installed version : 10.2.159.1
Fixed version : 15.0.0.223 / 13.0.0.252
79442 (1) - Flash Player <= 15.0.0.223 Dereferenced Memory Pointer RCE (APSB14-26)
Synopsis
The remote Windows host has a browser plugin that is affected by a remote code execution vulnerability.
Description
According to its version, the installation of Adobe Flash Player installed on the remote Windows host is equal or prior to 15.0.0.223.
It is, therefore, affected by a remote code execution vulnerability due to the processing of a dereferenced memory pointer.
See Also
Solution
Upgrade to Adobe Flash Player version 15.0.0.239 or later.

Alternatively, Adobe has made version 13.0.0.258 available for those installations that cannot be upgraded to 15.x.
Risk Factor
High
CVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score
7.3 (CVSS2#E:POC/RL:OF/RC:C)
References
BID 71289
CVE CVE-2014-8439
XREF OSVDB:115035
Plugin Information:
Published: 2014/11/25, Modified: 2017/05/16
Plugin Output

10.0.0.14 (tcp/445)


Product : ActiveX control (for Internet Explorer)
Path : C:\WINDOWS\system32\Macromed\Flash\Flash10p.ocx
Installed version : 10.2.159.1
Fixed version : 15.0.0.239 / 13.0.0.258
79835 (1) - Flash Player <= 15.0.0.239 Multiple Vulnerabilities (APSB14-27)
Synopsis
The remote Windows host has a browser plugin that is affected by multiple vulnerabilities.
Description
According to its version, the installation of Adobe Flash Player installed on the remote Windows host is equal or prior to 15.0.0.239.
It is, therefore, affected by the following vulnerabilities :

- A security bypass vulnerability that allows an attacker to bypass the same-origin policy. (CVE-2014-0580)

- Multiple memory corruption vulnerabilities that allow an attacker to execute arbitrary code. (CVE-2014-0587, CVE-2014-9164)

- A use-after-free vulnerability that can result in arbitrary code execution. (CVE-2014-8443)

- An unspecified information disclosure vulnerability.
(CVE-2014-9162)

- A stack-based buffer overflow vulnerability that can be exploited to execute arbitrary code or elevate privileges. (CVE-2014-9163)
See Also
Solution
Upgrade to Adobe Flash Player version 16.0.0.235 or later.

Alternatively, Adobe has made version 13.0.0.259 available for those installations that cannot be upgraded to 16.x.
Risk Factor
High
CVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score
7.3 (CVSS2#E:POC/RL:OF/RC:ND)
References
BID 71581
BID 71582
BID 71583
BID 71584
BID 71585
BID 71586
CVE CVE-2014-0580
CVE CVE-2014-0587
CVE CVE-2014-8443
CVE CVE-2014-9162
CVE CVE-2014-9163
CVE CVE-2014-9164
XREF OSVDB:115557
XREF OSVDB:115558
XREF OSVDB:115559
XREF OSVDB:115560
XREF OSVDB:115561
XREF OSVDB:115564
Plugin Information:
Published: 2014/12/09, Modified: 2017/05/16
Plugin Output

10.0.0.14 (tcp/445)


Product : ActiveX control (for Internet Explorer)
Path : C:\WINDOWS\system32\Macromed\Flash\Flash10p.ocx
Installed version : 10.2.159.1
Fixed version : 16.0.0.235 / 13.0.0.259
80484 (1) - Flash Player <= 16.0.0.235 Multiple Vulnerabilities (APSB15-01)
Synopsis
The remote Windows host has a browser plugin that is affected by multiple vulnerabilities.
Description
According to its version, the installation of Adobe Flash Player installed on the remote Windows host is equal or prior to 16.0.0.235.
It is, therefore, affected by the following vulnerabilities :

- An unspecified improper file validation issue.
(CVE-2015-0301)

- An unspecified information disclosure vulnerability, which can be exploited to capture keystrokes.
(CVE-2015-0302)

- Multiple memory corruption vulnerabilities allow an attacker to execute arbitrary code. (CVE-2015-0303, CVE-2015-0306)

- Multiple heap-based buffer overflow vulnerabilities that can be exploited to execute arbitrary code.
(CVE-2015-0304, CVE-2015-0309)

- An unspecified type confusion vulnerability that can lead to code execution. (CVE-2015-0305)

- An out-of-bounds read vulnerability that can be exploited to leak memory addresses. (CVE-2015-0307)

- A use-after-free vulnerability that results in arbitrary code execution. (CVE-2015-0308)
See Also
Solution
Upgrade to Adobe Flash Player version 16.0.0.257 or later.

Alternatively, Adobe has made version 13.0.0.260 available for those installations that cannot be upgraded to 16.x.
Risk Factor
High
CVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score
7.3 (CVSS2#E:POC/RL:OF/RC:ND)
References
BID 72031
BID 72032
BID 72033
BID 72034
BID 72035
BID 72036
BID 72037
BID 72038
BID 72039
CVE CVE-2015-0301
CVE CVE-2015-0302
CVE CVE-2015-0303
CVE CVE-2015-0304
CVE CVE-2015-0305
CVE CVE-2015-0306
CVE CVE-2015-0307
CVE CVE-2015-0308
CVE CVE-2015-0309
XREF OSVDB:116944
XREF OSVDB:116945
XREF OSVDB:116946
XREF OSVDB:116947
XREF OSVDB:116948
XREF OSVDB:116949
XREF OSVDB:116950
XREF OSVDB:116951
XREF OSVDB:116952
Plugin Information:
Published: 2015/01/13, Modified: 2017/05/16
Plugin Output

10.0.0.14 (tcp/445)


Product : ActiveX control (for Internet Explorer)
Path : C:\WINDOWS\system32\Macromed\Flash\Flash10p.ocx
Installed version : 10.2.159.1
Fixed version : 16.0.0.257 / 13.0.0.260
80998 (1) - Flash Player <= 16.0.0.287 Unspecified Code Execution (APSA15-01 / APSB15-03)
Synopsis
The remote Windows host has a browser plugin that is affected by multiple code execution vulnerabilities.
Description
According to its version, the Adobe Flash Player installed on the remote Windows host is equal or prior to 16.0.0.287. It is, therefore, affected by the following vulnerabilities :

- A use-after-free error exists that allows an attacker to crash the application or execute arbitrary code.
(CVE-2015-0311)

- A double-free error exists that allows an attacker to crash the application or possibly execute arbitrary code. (CVE-2015-0312)
See Also
Solution
Upgrade to Adobe Flash Player version 16.0.0.296 or later.

Alternatively, Adobe has made version 13.0.0.264 available for those installations that cannot be upgraded to 16.x.
Risk Factor
High
CVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score
8.1 (CVSS2#E:H/RL:OF/RC:ND)
References
BID 72283
BID 72343
CVE CVE-2015-0311
CVE CVE-2015-0312
XREF OSVDB:117428
XREF OSVDB:117580
Exploitable With
Core Impact (true) Metasploit (true)
Plugin Information:
Published: 2015/01/26, Modified: 2017/05/16
Plugin Output

10.0.0.14 (tcp/445)


Product : ActiveX control (for Internet Explorer)
Path : C:\WINDOWS\system32\Macromed\Flash\Flash10p.ocx
Installed version : 10.2.159.1
Fixed version : 16.0.0.296 / 13.0.0.264
81127 (1) - Flash Player <= 16.0.0.296 Unspecified Code Execution (APSA15-02 / APSB15-04)
Synopsis
The remote Windows host has a browser plugin that is affected by multiple code execution vulnerabilities.
Description
According to its version, the Adobe Flash Player installed on the remote Windows host is equal or prior to 16.0.0.296. It is, therefore, affected by the following vulnerabilities :

- Several use-after-free errors exist that allow arbitrary code execution. (CVE-2015-0313, CVE-2015-0315, CVE-2015-0320, CVE-2015-0322)

- Several memory corruption errors exist that allow arbitrary code execution. (CVE-2015-0314, CVE-2015-0316, CVE-2015-0318, CVE-2015-0321, CVE-2015-0329, CVE-2015-0330)

- Several type confusion errors exist that allow arbitrary code execution. (CVE-2015-0317, CVE-2015-0319)

- Several heap-based buffer-overflow errors exist that allow arbitrary code execution. (CVE-2015-0323, CVE-2015-0327)

- A buffer overflow error exists that allows arbitrary code execution. (CVE-2015-0324)

- Several null pointer dereference errors exist that have unspecified impacts. (CVE-2015-0325, CVE-2015-0326, CVE-2015-0328).

- A user-after-free error exists within the processing of invalid m3u8 playlists. A remote attacker, with a specially crafted m3u8 playlist file, can force a dangling pointer to be reused after it has been freed, allowing the execution of arbitrary code.
(CVE-2015-0331)
See Also
Solution
Upgrade to Adobe Flash Player version 16.0.0.305 or later.

Alternatively, Adobe has made version 13.0.0.269 available for those installations that cannot be upgraded to 16.x.
Risk Factor
High
CVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score
7.7 (CVSS2#E:F/RL:OF/RC:ND)
References
BID 72429
BID 72514
BID 72698
CVE CVE-2015-0313
CVE CVE-2015-0314
CVE CVE-2015-0315
CVE CVE-2015-0316
CVE CVE-2015-0317
CVE CVE-2015-0318
CVE CVE-2015-0319
CVE CVE-2015-0320
CVE CVE-2015-0321
CVE CVE-2015-0322
CVE CVE-2015-0323
CVE CVE-2015-0324
CVE CVE-2015-0325
CVE CVE-2015-0326
CVE CVE-2015-0327
CVE CVE-2015-0328
CVE CVE-2015-0329
CVE CVE-2015-0330
CVE CVE-2015-0331
XREF OSVDB:117853
XREF OSVDB:117967
XREF OSVDB:117968
XREF OSVDB:117969
XREF OSVDB:117970
XREF OSVDB:117971
XREF OSVDB:117972
XREF OSVDB:117973
XREF OSVDB:117974
XREF OSVDB:117975
XREF OSVDB:117976
XREF OSVDB:117977
XREF OSVDB:117978
XREF OSVDB:117979
XREF OSVDB:117980
XREF OSVDB:117981
XREF OSVDB:117982
XREF OSVDB:117983
XREF OSVDB:118597
Exploitable With
CANVAS (true) Core Impact (true) Metasploit (true)
Plugin Information:
Published: 2015/02/02, Modified: 2017/05/16
Plugin Output

10.0.0.14 (tcp/445)


Product : ActiveX control (for Internet Explorer)
Path : C:\WINDOWS\system32\Macromed\Flash\Flash10p.ocx
Installed version : 10.2.159.1
Fixed version : 16.0.0.305 / 13.0.0.269
81146 (1) - VMware Security Updates for vCenter Server (VMSA-2015-0001) (POODLE)
Synopsis
The remote host has a virtualization management application installed that is affected by multiple security vulnerabilities.
Description
The VMware vCenter Server installed on the remote host is version 5.5 prior to Update 2d. It is, therefore, affected by multiple vulnerabilities in the included OpenSSL library :

- An error exists related to DTLS SRTP extension handling and specially crafted handshake messages that can allow denial of service attacks via memory leaks.
(CVE-2014-3513)

- An error exists related to the way SSL 3.0 handles padding bytes when decrypting messages encrypted using block ciphers in cipher block chaining (CBC) mode.
Man-in-the-middle attackers can decrypt a selected byte of a cipher text in as few as 256 tries if they are able to force a victim application to repeatedly send the same data over newly created SSL 3.0 connections. This is also known as the 'POODLE' issue. (CVE-2014-3566)

- An error exists related to session ticket handling that can allow denial of service attacks via memory leaks.
(CVE-2014-3567)

- An error exists related to the build configuration process and the 'no-ssl3' build option that allows servers and clients to process insecure SSL 3.0 handshake messages. (CVE-2014-3568)
See Also
Solution
Upgrade to VMware vCenter Server 5.5u2d (5.5.0 build-2183111) or later.
Risk Factor
High
CVSS Base Score
7.1 (CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C)
CVSS Temporal Score
6.2 (CVSS2#E:ND/RL:OF/RC:C)
References
BID 70574
BID 70584
BID 70585
BID 70586
CVE CVE-2014-3513
CVE CVE-2014-3566
CVE CVE-2014-3567
CVE CVE-2014-3568
XREF OSVDB:113251
XREF OSVDB:113373
XREF OSVDB:113374
XREF OSVDB:113377
XREF CERT:577193
XREF VMSA:2015-0001
Plugin Information:
Published: 2015/02/03, Modified: 2016/05/24
Plugin Output

10.0.0.47 (tcp/443)


Installed version : 5.5.0 build-1623101
Fixed version : 5.5.0 build-2183111
81819 (1) - Flash Player <= 16.0.0.305 Multiple Vulnerabilities (APSB15-05)
Synopsis
The remote Windows host has a browser plugin that is affected by multiple vulnerabilities.
Description
According to its version, the Adobe Flash Player installed on the remote Windows host is equal or prior to version 16.0.0.305. It is, therefore, affected by the following vulnerabilities :

- Multiple memory corruption issues exist due to not properly validating user input, which an attacker can exploit to execute arbitrary code. (CVE-2015-0332, CVE-2015-0333, CVE-2015-0335, CVE-2015-0339)

- Multiple type confusions flaws exist, which an attacker can exploit to execute arbitrary code. (CVE-2015-0334, CVE-2015-0336)

- An unspecified flaw exists that allows an attacker to bypass cross-domain policy. (CVE-2015-0337)

- An integer overflow condition exists due to not properly validating user input, which an attacker can exploit to execute arbitrary code. (CVE-2015-0338)

- An unspecified flaw exists that allows an attacker to bypass restrictions and upload arbitrary files.
(CVE-2015-0340)

- Multiple use-after-free errors exist that can allow an attacker to deference already freed memory and execute arbitrary code. (CVE-2015-0341, CVE-2015-0342)
See Also
Solution
Upgrade to Adobe Flash Player version 17.0.0.134 or later.

Alternatively, Adobe has made version 13.0.0.277 available for those installations that cannot be upgraded to 17.x.
Risk Factor
High
CVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score
7.3 (CVSS2#E:POC/RL:OF/RC:ND)
References
BID 73080
BID 73081
BID 73082
BID 73083
BID 73084
BID 73085
BID 73086
BID 73087
BID 73088
BID 73089
BID 73091
CVE CVE-2015-0332
CVE CVE-2015-0333
CVE CVE-2015-0334
CVE CVE-2015-0335
CVE CVE-2015-0336
CVE CVE-2015-0337
CVE CVE-2015-0338
CVE CVE-2015-0339
CVE CVE-2015-0340
CVE CVE-2015-0341
CVE CVE-2015-0342
XREF OSVDB:119386
XREF OSVDB:119479
XREF OSVDB:119480
XREF OSVDB:119481
XREF OSVDB:119482
XREF OSVDB:119483
XREF OSVDB:119484
XREF OSVDB:119485
XREF OSVDB:119486
XREF OSVDB:119487
XREF OSVDB:119488
XREF EDB-ID:36962
Exploitable With
Core Impact (true) Metasploit (true)
Plugin Information:
Published: 2015/03/13, Modified: 2017/05/16
Plugin Output

10.0.0.14 (tcp/445)


Product : ActiveX control (for Internet Explorer)
Path : C:\WINDOWS\system32\Macromed\Flash\Flash10p.ocx
Installed version : 10.2.159.1
Fixed version : 17.0.0.134 / 13.0.0.277
82781 (1) - Adobe Flash Player <= 17.0.0.134 Multiple Vulnerabilities (APSB15-06)
Synopsis
The remote Windows host has a browser plugin installed that is affected by multiple vulnerabilities.
Description
The version of Adobe Flash Player installed on the remote Windows host is equal or prior to version 17.0.0.134. It is, therefore, affected by multiple vulnerabilities :

- Multiple double-free errors exist that allow an attacker to execute arbitrary code. (CVE-2015-0346, CVE-2015-0359)

- Multiple memory corruption flaws exist due to improper validation of user-supplied input. A remote attacker can exploit these flaws, via specially crafted flash content, to corrupt memory and execute arbitrary code.
(CVE-2015-0347, CVE-2015-0350, CVE-2015-0352, CVE-2015-0353, CVE-2015-0354, CVE-2015-0355, CVE-2015-0360, CVE-2015-3038, CVE-2015-3041, CVE-2015-3042, CVE-2015-3043)

- A unspecified buffer overflow condition exists due to improper validation of user-supplied input. A remote attacker can exploit this to execute arbitrary code.
(CVE-2015-0348)

- Multiple unspecified use-after-free errors exist that allow an attacker to execute arbitrary code.
(CVE-2015-0349, CVE-2015-0351, CVE-2015-0358, CVE-2015-3039)

- An unspecified type confusion flaw exists that allows an attacker to execute arbitrary code. (CVE-2015-0356)

- Multiple unspecified memory leaks exist that allows an attacker to bypass the Address Space Layout Randomization (ASLR) feature. (CVE-2015-0357, CVE-2015-3040)

- An unspecified security bypass flaw exists that allows an attacker to disclose information. (CVE-2015-3044)
See Also
Solution
Upgrade to Adobe Flash Player version 17.0.0.169 or later.

Alternatively, Adobe has made version 13.0.0.281 and 11.2.202.457 available for those installations that cannot be upgraded to 17.x.
Risk Factor
High
CVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score
7.7 (CVSS2#E:F/RL:OF/RC:ND)
References
BID 74062
BID 74064
BID 74065
BID 74066
BID 74067
BID 74068
BID 74069
CVE CVE-2015-0346
CVE CVE-2015-0347
CVE CVE-2015-0348
CVE CVE-2015-0349
CVE CVE-2015-0350
CVE CVE-2015-0351
CVE CVE-2015-0352
CVE CVE-2015-0353
CVE CVE-2015-0354
CVE CVE-2015-0355
CVE CVE-2015-0356
CVE CVE-2015-0357
CVE CVE-2015-0358
CVE CVE-2015-0359
CVE CVE-2015-0360
CVE CVE-2015-3038
CVE CVE-2015-3039
CVE CVE-2015-3040
CVE CVE-2015-3041
CVE CVE-2015-3042
CVE CVE-2015-3043
CVE CVE-2015-3044
XREF OSVDB:120641
XREF OSVDB:120642
XREF OSVDB:120643
XREF OSVDB:120644
XREF OSVDB:120645
XREF OSVDB:120646
XREF OSVDB:120647
XREF OSVDB:120648
XREF OSVDB:120649
XREF OSVDB:120650
XREF OSVDB:120651
XREF OSVDB:120652
XREF OSVDB:120653
XREF OSVDB:120654
XREF OSVDB:120655
XREF OSVDB:120656
XREF OSVDB:120657
XREF OSVDB:120658
XREF OSVDB:120659
XREF OSVDB:120660
XREF OSVDB:120661
XREF OSVDB:120662
Exploitable With
Core Impact (true) Metasploit (true)
Plugin Information:
Published: 2015/04/14, Modified: 2016/12/08
Plugin Output

10.0.0.14 (tcp/445)


Product : ActiveX control (for Internet Explorer)
Path : C:\WINDOWS\system32\Macromed\Flash\Flash10p.ocx
Installed version : 10.2.159.1
Fixed version : 17.0.0.169 / 13.0.0.281
83365 (1) - Adobe Flash Player <= 17.0.0.169 Multiple Vulnerabilities (APSB15-09)
Synopsis
The remote Windows host has a browser plugin installed that is affected by multiple vulnerabilities.
Description
The version of Adobe Flash Player installed on the remote Windows host is equal or prior to version 17.0.0.169. It is, therefore, affected by multiple vulnerabilities :

- An unspecified security bypass vulnerability exists that allows an attacker to disclose sensitive information.
(CVE-2015-3044)

- Multiple unspecified type confusion flaws exist that allow an attacker to execute arbitrary code.
(CVE-2015-3077, CVE-2015-3084, CVE-2015-3086)

- Multiple memory corruption flaws exist due to improper validation of user-supplied input. A remote attacker can exploit these flaws, via specially crafted flash content, to corrupt memory and execute arbitrary code.
(CVE-2015-3078, CVE-2015-3089, CVE-2015-3090, CVE-2015-3093)

- An unspecified security bypass exists that allows a context-dependent attacker to disclose sensitive information. (CVE-2015-3079)

- An unspecified use-after-free error exists that allows an attacker to execute arbitrary code. (CVE-2015-3080)

- An unspecified time-of-check time-of-use (TOCTOU) race condition exists that allows an attacker to bypass Protected Mode for Internet Explorer. (CVE-2015-3081)

- Multiple validation bypass vulnerabilities exist that allow an attacker to read and write arbitrary data to the file system. (CVE-2015-3082, CVE-2015-3083, CVE-2015-3085)

- An integer overflow condition exists due to improper validation of user-supplied input. This allows a context-dependent attacker to execute arbitrary code.
(CVE-2015-3087)

- A heap-based buffer overflow exists due to improper validation of user-supplied input. A remote attacker can exploit this to execute arbitrary code. (CVE-2015-3088)

- Multiple unspecified memory leaks exist that allow an attacker to bypass the Address Space Layout Randomization (ASLR) feature. (CVE-2015-3091, CVE-2015-3092)
See Also
Solution
Upgrade to Adobe Flash Player version 17.0.0.188 or later.

Alternatively, Adobe has made version 13.0.0.289 available for those installations that cannot be upgraded to 17.x.
Risk Factor
High
CVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score
8.4 (CVSS2#E:POC/RL:ND/RC:ND)
References
BID 74605
BID 74608
BID 74609
BID 74610
BID 74612
BID 74613
BID 74614
BID 74616
BID 74617
CVE CVE-2015-3044
CVE CVE-2015-3077
CVE CVE-2015-3078
CVE CVE-2015-3079
CVE CVE-2015-3080
CVE CVE-2015-3081
CVE CVE-2015-3082
CVE CVE-2015-3083
CVE CVE-2015-3084
CVE CVE-2015-3085
CVE CVE-2015-3086
CVE CVE-2015-3087
CVE CVE-2015-3088
CVE CVE-2015-3089
CVE CVE-2015-3090
CVE CVE-2015-3091
CVE CVE-2015-3092
CVE CVE-2015-3093
XREF OSVDB:120662
XREF OSVDB:121927
XREF OSVDB:121928
XREF OSVDB:121929
XREF OSVDB:121930
XREF OSVDB:121931
XREF OSVDB:121932
XREF OSVDB:121933
XREF OSVDB:121934
XREF OSVDB:121935
XREF OSVDB:121936
XREF OSVDB:121937
XREF OSVDB:121938
XREF OSVDB:121939
XREF OSVDB:121940
XREF OSVDB:121941
XREF OSVDB:121942
XREF OSVDB:121943
Exploitable With
Core Impact (true) Metasploit (true)
Plugin Information:
Published: 2015/05/12, Modified: 2016/12/08
Plugin Output

10.0.0.14 (tcp/445)


Product : ActiveX control (for Internet Explorer)
Path : C:\WINDOWS\system32\Macromed\Flash\Flash10p.ocx
Installed version : 10.2.159.1
Fixed version : 17.0.0.188 / 13.0.0.289
84048 (1) - Adobe Flash Player <= 17.0.0.188 Multiple Vulnerabilities (APSB15-11)
Synopsis
The remote Windows host has a browser plugin installed that is affected by multiple vulnerabilities.
Description
The version of Adobe Flash Player installed on the remote Windows host is equal or prior to version 17.0.0.188. It is, therefore, affected by multiple vulnerabilities :

- An unspecified vulnerability exists that allows an attacker to bypass the fix for CVE-2014-5333.
(CVE-2015-3096)

- An unspecified memory address randomization flaw exists on Windows 7 64-bit. (CVE-2015-3097)

- Multiple unspecified flaws exist that allow a remote attacker to bypass the same-origin-policy, resulting in the disclosure of sensitive information. (CVE-2015-3098, CVE-2015-3099, CVE-2015-3102)

- A remote code execution vulnerability exists due to an unspecified stack overflow flaw. (CVE-2015-3100)

- A permission flaw exists in the Flash broker for IE that allows an attacker to perform a privilege escalation. (CVE-2015-3101)

- Multiple use-after-free errors exist that allow an attacker to execute arbitrary code. (CVE-2015-3103, CVE-2015-3106, CVE-2015-3107)

- An integer overflow condition exists due to improper validation of user-supplied input. A remote attacker can exploit this to execute arbitrary code. (CVE-2015-3104)

- A memory corruption flaw exists due to improper validation of user-supplied input. A remote attacker can exploit this flaw, via specially crafted flash content, to corrupt memory and execute arbitrary code.
(CVE-2015-3105)

- An unspecified memory leak exists that allows an attacker to bypass the Address Space Layout Randomization (ASLR) feature. (CVE-2015-3108)
See Also
Solution
Upgrade to Adobe Flash Player version 18.0.0.160 or later.

Alternatively, Adobe has made version 13.0.0.292 available for those installations that cannot be upgraded to 18.x.
Risk Factor
High
CVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score
7.7 (CVSS2#E:F/RL:OF/RC:ND)
References
BID 75080
BID 75081
BID 75084
BID 75085
BID 75086
BID 75087
BID 75088
BID 75089
BID 75090
CVE CVE-2015-3096
CVE CVE-2015-3097
CVE CVE-2015-3098
CVE CVE-2015-3099
CVE CVE-2015-3100
CVE CVE-2015-3101
CVE CVE-2015-3102
CVE CVE-2015-3103
CVE CVE-2015-3104
CVE CVE-2015-3105
CVE CVE-2015-3106
CVE CVE-2015-3107
CVE CVE-2015-3108
XREF OSVDB:123020
XREF OSVDB:123021
XREF OSVDB:123022
XREF OSVDB:123023
XREF OSVDB:123024
XREF OSVDB:123025
XREF OSVDB:123026
XREF OSVDB:123027
XREF OSVDB:123028
XREF OSVDB:123029
XREF OSVDB:123030
XREF OSVDB:123031
XREF OSVDB:123032
Exploitable With
Core Impact (true) Metasploit (true)
Plugin Information:
Published: 2015/06/09, Modified: 2016/12/08
Plugin Output

10.0.0.14 (tcp/445)


Product : ActiveX control (for Internet Explorer)
Path : C:\WINDOWS\system32\Macromed\Flash\Flash10p.ocx
Installed version : 10.2.159.1
Fixed version : 18.0.0.160 / 13.0.0.292
84365 (1) - Adobe Flash Player <= 18.0.0.161 RCE (APSB15-14)
Synopsis
The remote Windows host has a browser plugin installed that is affected by a remote code execution vulnerability.
Description
The version of Adobe Flash Player installed on the remote Windows host is equal or prior to version 18.0.0.161. It is, therefore, affected by a remote code execution vulnerability due to improper validation of unspecified user-supplied input. A remote attacker can exploit this, via specially crafted Flash content, to cause a heap-based buffer overflow, resulting in the execution of arbitrary code.
See Also
Solution
Upgrade to Adobe Flash Player version 18.0.0.194 or later.

Alternatively, Adobe has made version 13.0.0.296 available for those installations that cannot be upgraded to 18.x.
Risk Factor
High
CVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score
7.7 (CVSS2#E:F/RL:OF/RC:ND)
References
CVE CVE-2015-3113
XREF OSVDB:123591
Exploitable With
Core Impact (true) Metasploit (true)
Plugin Information:
Published: 2015/06/24, Modified: 2016/12/08
Plugin Output

10.0.0.14 (tcp/445)


Product : ActiveX control (for Internet Explorer)
Path : C:\WINDOWS\system32\Macromed\Flash\Flash10p.ocx
Installed version : 10.2.159.1
Fixed version : 18.0.0.194 / 13.0.0.296
84642 (1) - Adobe Flash Player <= 18.0.0.194 Multiple Vulnerabilities (APSB15-16)
Synopsis
The remote Windows host has a browser plugin installed that is affected by multiple vulnerabilities.
Description
The version of Adobe Flash Player installed on the remote Windows host is equal or prior to version 18.0.0.194. It is, therefore, affected by multiple vulnerabilities :

- An information disclosure vulnerability exists that allows an attacker to guess the address for the Flash heap. (CVE-2015-3097)

- Multiple heap-based buffer overflow vulnerabilities exist that allow arbitrary code execution.
(CVE-2015-3135, CVE-2015-4432, CVE-2015-5118)

- Multiple memory corruption vulnerabilities exist that allow arbitrary code execution. (CVE-2015-3117, CVE-2015-3123, CVE-2015-3130, CVE-2015-3133, CVE-2015-3134, CVE-2015-4431)

- Multiple NULL pointer dereference flaws exist.
(CVE-2015-3126, CVE-2015-4429)

- A security bypass vulnerability exists that results in an information disclosure. (CVE-2015-3114)

- Multiple type confusion vulnerabilities exist that allow arbitrary code execution. (CVE-2015-3119, CVE-2015-3120, CVE-2015-3121, CVE-2015-3122, CVE-2015-4433)

- Multiple use-after-free errors exist that allow arbitrary code execution. (CVE-2015-3118, CVE-2015-3124, CVE-2015-5117, CVE-2015-3127, CVE-2015-3128, CVE-2015-3129, CVE-2015-3131, CVE-2015-3132, CVE-2015-3136, CVE-2015-3137, CVE-2015-4428, CVE-2015-4430, CVE-2015-5119)

- Multiple same-origin policy bypass vulnerabilities exist that allow information disclosure. (CVE-2014-0578, CVE-2015-3115, CVE-2015-3116, CVE-2015-3125, CVE-2015-5116)

- A memory corruption issue exists due to improper validation of user-supplied input. An attacker can exploit this to execute arbitrary code. (CVE-2015-5124)
See Also
Solution
Upgrade to Adobe Flash Player version 18.0.0.203 or later.

Alternatively, Adobe has made version 13.0.0.302 available for those installations that cannot be upgraded to 18.x.
Risk Factor
High
CVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score
7.7 (CVSS2#E:F/RL:OF/RC:ND)
References
BID 75090
BID 75568
BID 75590
BID 75591
BID 75592
BID 75593
BID 75594
BID 75595
BID 75596
CVE CVE-2014-0578
CVE CVE-2015-3097
CVE CVE-2015-3114
CVE CVE-2015-3115
CVE CVE-2015-3116
CVE CVE-2015-3117
CVE CVE-2015-3118
CVE CVE-2015-3119
CVE CVE-2015-3120
CVE CVE-2015-3121
CVE CVE-2015-3122
CVE CVE-2015-3123
CVE CVE-2015-3124
CVE CVE-2015-3125
CVE CVE-2015-3126
CVE CVE-2015-3127
CVE CVE-2015-3128
CVE CVE-2015-3129
CVE CVE-2015-3130
CVE CVE-2015-3131
CVE CVE-2015-3132
CVE CVE-2015-3133
CVE CVE-2015-3134
CVE CVE-2015-3135
CVE CVE-2015-3136
CVE CVE-2015-3137
CVE CVE-2015-4428
CVE CVE-2015-4429
CVE CVE-2015-4430
CVE CVE-2015-4431
CVE CVE-2015-4432
CVE CVE-2015-4433
CVE CVE-2015-5116
CVE CVE-2015-5117
CVE CVE-2015-5118
CVE CVE-2015-5119
CVE CVE-2015-5124
XREF OSVDB:124196
XREF OSVDB:124244
XREF OSVDB:124245
XREF OSVDB:124246
XREF OSVDB:124247
XREF OSVDB:124248
XREF OSVDB:124249
XREF OSVDB:124250
XREF OSVDB:124251
XREF OSVDB:124252
XREF OSVDB:124253
XREF OSVDB:124254
XREF OSVDB:124255
XREF OSVDB:124256
XREF OSVDB:124257
XREF OSVDB:124258
XREF OSVDB:124259
XREF OSVDB:124260
XREF OSVDB:124261
XREF OSVDB:124262
XREF OSVDB:124263
XREF OSVDB:124264
XREF OSVDB:124265
XREF OSVDB:124266
XREF OSVDB:124267
XREF OSVDB:124268
XREF OSVDB:124269
XREF OSVDB:124270
XREF OSVDB:124271
XREF OSVDB:124273
XREF OSVDB:124274
XREF OSVDB:124275
XREF OSVDB:124276
XREF OSVDB:124277
XREF OSVDB:124278
XREF OSVDB:124975
Exploitable With
CANVAS (true) Core Impact (true) Metasploit (true)
Plugin Information:
Published: 2015/07/09, Modified: 2016/12/08
Plugin Output

10.0.0.14 (tcp/445)


Product : ActiveX control (for Internet Explorer)
Path : C:\WINDOWS\system32\Macromed\Flash\Flash10p.ocx
Installed version : 10.2.159.1
Fixed version : 18.0.0.203 / 13.0.0.302
84730 (1) - Adobe Flash Player <= 18.0.0.203 Multiple RCE Vulnerabilities (APSB15-18)
Synopsis
The remote Windows host has a browser plugin installed that is affected by multiple remote code execution vulnerabilities.
Description
The version of Adobe Flash Player installed on the remote Windows host is equal or prior to version 18.0.0.203. It is, therefore, affected by multiple remote code execution vulnerabilities :

- A use-after-free error exists in the opaqueBackground class in the ActionScript 3 (AS3) implementation. A remote attacker, via specially crafted Flash content, can dereference already freed memory, resulting in the execution of arbitrary code. (CVE-2015-5122)

- A use-after-free error exists in the BitmapData class in the ActionScript 3 (AS3) implementation. A remote attacker, via specially crafted Flash content, can dereference already freed memory, resulting in the execution of arbitrary code. (CVE-2015-5123)
See Also
Solution
Upgrade to Adobe Flash Player version 18.0.0.209 or later.

Alternatively, Adobe has made version 13.0.0.309 available for those installations that cannot be upgraded to 18.x.
Risk Factor
High
CVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score
8.1 (CVSS2#E:H/RL:OF/RC:ND)
References
BID 75710
BID 75712
CVE CVE-2015-5122
CVE CVE-2015-5123
XREF OSVDB:124416
XREF OSVDB:124424
XREF CERT:338736
XREF CERT:918568
Exploitable With
Core Impact (true) Metasploit (true)
Plugin Information:
Published: 2015/07/14, Modified: 2017/08/14
Plugin Output

10.0.0.14 (tcp/445)


Product : ActiveX control (for Internet Explorer)
Path : C:\WINDOWS\system32\Macromed\Flash\Flash10p.ocx
Installed version : 10.2.159.1
Fixed version : 18.0.0.209 / 13.0.0.309
86060 (1) - Adobe Flash Player <= 18.0.0.232 Multiple Vulnerabilities (APSB15-23)
Synopsis
The remote Windows host has a browser plugin installed that is affected by multiple vulnerabilities.
Description
The version of Adobe Flash Player installed on the remote Windows host is equal or prior to version 18.0.0.232. It is, therefore, affected by multiple vulnerabilities :

- An unspecified stack corruption issue exists that allows a remote attacker to execute arbitrary code.
(CVE-2015-5567, CVE-2015-5579)

- A vector length corruption issue exists that allows a remote attacker to have an unspecified impact.
(CVE-2015-5568)

- A use-after-free error exists in an unspecified component due to improperly sanitized user-supplied input. A remote attacker can exploit this, via a specially crafted file, to deference already freed memory and execute arbitrary code. (CVE-2015-5570, CVE-2015-5574, CVE-2015-5581, CVE-2015-5584, CVE-2015-6682)

- An unspecified flaw exists due to a failure to reject content from vulnerable JSONP callback APIs. A remote attacker can exploit this to have an unspecified impact.
(CVE-2015-5571)

- An unspecified flaw exists that allows a remote attacker to bypass security restrictions and gain access to sensitive information. (CVE-2015-5572)

- An unspecified type confusion flaw exists that allows a remote attacker to execute arbitrary code.
(CVE-2015-5573)

- A flaw exists in an unspecified component due to improper validation of user-supplied input when handling a specially crafted file. A remote attacker can exploit this to corrupt memory, resulting in a denial of service or the execution of arbitrary code. (CVE-2015-5575, CVE-2015-5577, CVE-2015-5578, CVE-2015-5580, CVE-2015-5582, CVE-2015-5588, CVE-2015-6677)

- A memory leak issue exists that allows a remote attacker to have an unspecified impact. (CVE-2015-5576)

- A stack buffer overflow condition exists due to improper validation of user-supplied input. A remote attacker can exploit this to execute arbitrary code. (CVE-2015-5587)

- An unspecified overflow condition exists due to improper validation of user-supplied input. A remote attacker can exploit this to execute arbitrary code. (CVE-2015-6676, CVE-2015-6678)

- An unspecified flaw exists that allows a remote attacker to bypass same-origin policy restrictions and gain access to sensitive information. (CVE-2015-6679)
See Also
Solution
Upgrade to Adobe Flash Player version 19.0.0.185 or later.

Alternatively, Adobe has made version 18.0.0.241 available for those installations that cannot be upgraded to the latest version.
Risk Factor
High
CVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score
7.3 (CVSS2#E:POC/RL:OF/RC:C)
References
CVE CVE-2015-5567
CVE CVE-2015-5568
CVE CVE-2015-5570
CVE CVE-2015-5571
CVE CVE-2015-5572
CVE CVE-2015-5573
CVE CVE-2015-5574
CVE CVE-2015-5575
CVE CVE-2015-5576
CVE CVE-2015-5577
CVE CVE-2015-5578
CVE CVE-2015-5579
CVE CVE-2015-5580
CVE CVE-2015-5581
CVE CVE-2015-5582
CVE CVE-2015-5584
CVE CVE-2015-5587
CVE CVE-2015-5588
CVE CVE-2015-6676
CVE CVE-2015-6677
CVE CVE-2015-6678
CVE CVE-2015-6679
CVE CVE-2015-6682
XREF OSVDB:127803
XREF OSVDB:127804
XREF OSVDB:127805
XREF OSVDB:127806
XREF OSVDB:127807
XREF OSVDB:127808
XREF OSVDB:127809
XREF OSVDB:127810
XREF OSVDB:127811
XREF OSVDB:127812
XREF OSVDB:127813
XREF OSVDB:127814
XREF OSVDB:127815
XREF OSVDB:127816
XREF OSVDB:127817
XREF OSVDB:127818
XREF OSVDB:127819
XREF OSVDB:127820
XREF OSVDB:127821
XREF OSVDB:127822
XREF OSVDB:127823
XREF OSVDB:127824
XREF OSVDB:127825
Plugin Information:
Published: 2015/09/22, Modified: 2017/09/20
Plugin Output

10.0.0.14 (tcp/445)


Product : ActiveX control (for Internet Explorer)
Path : C:\WINDOWS\system32\Macromed\Flash\Flash10p.ocx
Installed version : 10.2.159.1
Fixed version : 19.0.0.185 / 18.0.0.241
86369 (1) - Adobe Flash Player <= 19.0.0.185 Multiple Vulnerabilities (APSB15-25)
Synopsis
The remote Windows host has a browser plugin installed that is affected by multiple vulnerabilities.
Description
The version of Adobe Flash Player installed on the remote Windows host is equal or prior to version 19.0.0.185. It is, therefore, affected by multiple vulnerabilities :

- An unspecified vulnerability exists related to the defense-in-depth feature in the Flash Broker API. No other details are available. (CVE-2015-5569)

- Multiple unspecified memory corruption issues exist due to improper validation of user-supplied input. A remote attacker can exploit this to execute arbitrary code.
(CVE-2015-7625, CVE-2015-7626, CVE-2015-7627, CVE-2015-7630, CVE-2015-7633, CVE-2015-7634)

- A unspecified vulnerability exists that can be exploited by a remote attacker to bypass the same-origin policy, allowing the disclosure of sensitive information.
(CVE-2015-7628)

- Multiple unspecified use-after-free errors exist that can be exploited by a remote attacker to deference already freed memory, potentially allowing the execution of arbitrary code. (CVE-2015-7629, CVE-2015-7631, CVE-2015-7643, CVE-2015-7644)

- An unspecified buffer overflow condition exists due to improper validation of user-supplied input. An attacker can exploit this to execute arbitrary code.
(CVE-2015-7632)
See Also
Solution
Upgrade to Adobe Flash Player version 19.0.0.207 or later.

Alternatively, Adobe has made version 18.0.0.252 available for those installations that cannot be upgraded to the latest version.
Risk Factor
High
CVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score
6.9 (CVSS2#E:U/RL:OF/RC:C)
References
CVE CVE-2015-5569
CVE CVE-2015-7625
CVE CVE-2015-7626
CVE CVE-2015-7627
CVE CVE-2015-7628
CVE CVE-2015-7629
CVE CVE-2015-7630
CVE CVE-2015-7631
CVE CVE-2015-7632
CVE CVE-2015-7633
CVE CVE-2015-7634
CVE CVE-2015-7643
CVE CVE-2015-7644
XREF OSVDB:128762
XREF OSVDB:128763
XREF OSVDB:128764
XREF OSVDB:128765
XREF OSVDB:128766
XREF OSVDB:128767
XREF OSVDB:128768
XREF OSVDB:128769
XREF OSVDB:128770
XREF OSVDB:128771
XREF OSVDB:128772
XREF OSVDB:128773
XREF OSVDB:128774
Plugin Information:
Published: 2015/10/13, Modified: 2016/04/28
Plugin Output

10.0.0.14 (tcp/445)


Product : ActiveX control (for Internet Explorer)
Path : C:\WINDOWS\system32\Macromed\Flash\Flash10p.ocx
Installed version : 10.2.159.1
Fixed version : 19.0.0.207 / 18.0.0.252
86403 (1) - Adobe Reader <= 10.1.15 / 11.0.12 / 2015.006.30060 / 2015.008.20082 Multiple Vulnerabilities (APSB15-24)
Synopsis
The version of Adobe Reader installed on the remote Windows host is affected by multiple vulnerabilities.
Description
The version of Adobe Reader installed on the remote Windows host is version 10.1.15 / 11.0.12 / 2015.006.30060 / 2015.008.20082 or earlier. It is, therefore, affected by multiple vulnerabilities :

- A buffer overflow condition exists that allows an attacker to disclose information. (CVE-2015-6692)

- Multiple use-after-free errors exist that allow an attacker to execute arbitrary code. (CVE-2015-6689, CVE-2015-6688, CVE-2015-6690, CVE-2015-7615, CVE-2015-7617, CVE-2015-6687, CVE-2015-6684, CVE-2015-6691, CVE-2015-7621, CVE-2015-5586, CVE-2015-6683)

- Multiple heap buffer overflow conditions exist that allow an attacker to execute arbitrary code.
(CVE-2015-6696, CVE-2015-6698, CVE-2015-8458)

- Multiple memory corruption issues exist that allow a remote attacker to execute arbitrary code.
(CVE-2015-6685, CVE-2015-6693, CVE-2015-6694, CVE-2015-6695, CVE-2015-6686, CVE-2015-7622, CVE-2015-7650)

- Multiple unspecified memory leak vulnerabilities exist.
(CVE-2015-6699, CVE-2015-6700, CVE-2015-6701, CVE-2015-6702, CVE-2015-6703, CVE-2015-6704, CVE-2015-6697)

- Multiple security bypass vulnerabilities exist that allow a remote attacker to disclose information.
(CVE-2015-5583, CVE-2015-6705, CVE-2015-6706, CVE-2015-7624)

- Multiple security bypass vulnerabilities exists that allow an attacker to bypass JavaScript API execution.
(CVE-2015-6707, CVE-2015-6708, CVE-2015-6709, CVE-2015-6710, CVE-2015-6711, CVE-2015-6712, CVE-2015-7614, CVE-2015-7616, CVE-2015-6716, CVE-2015-6717, CVE-2015-6718, CVE-2015-6719, CVE-2015-6720, CVE-2015-6721, CVE-2015-6722, CVE-2015-6723, CVE-2015-6724, CVE-2015-6725, CVE-2015-7618, CVE-2015-7619, CVE-2015-7620, CVE-2015-7623, CVE-2015-6713, CVE-2015-6714, CVE-2015-6715)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Upgrade to Adobe Reader 10.1.16 / 11.0.13 / 2015.006.30094 / 2015.009.20069 or later.
Risk Factor
High
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
7.7 (CVSS:3.0/E:U/RL:O/RC:C)
CVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score
6.9 (CVSS2#E:U/RL:OF/RC:C)
References
BID 77064
BID 77066
BID 77067
BID 77068
BID 77069
BID 77070
BID 77074
BID 79208
CVE CVE-2015-5583
CVE CVE-2015-5586
CVE CVE-2015-6683
CVE CVE-2015-6684
CVE CVE-2015-6685
CVE CVE-2015-6686
CVE CVE-2015-6687
CVE CVE-2015-6688
CVE CVE-2015-6689
CVE CVE-2015-6690
CVE CVE-2015-6691
CVE CVE-2015-6692
CVE CVE-2015-6693
CVE CVE-2015-6694
CVE CVE-2015-6695
CVE CVE-2015-6696
CVE CVE-2015-6697
CVE CVE-2015-6698
CVE CVE-2015-6699
CVE CVE-2015-6700
CVE CVE-2015-6701
CVE CVE-2015-6702
CVE CVE-2015-6703
CVE CVE-2015-6704
CVE CVE-2015-6705
CVE CVE-2015-6706
CVE CVE-2015-6707
CVE CVE-2015-6708
CVE CVE-2015-6709
CVE CVE-2015-6710
CVE CVE-2015-6711
CVE CVE-2015-6712
CVE CVE-2015-6713
CVE CVE-2015-6714
CVE CVE-2015-6715
CVE CVE-2015-6716
CVE CVE-2015-6717
CVE CVE-2015-6718
CVE CVE-2015-6719
CVE CVE-2015-6720
CVE CVE-2015-6721
CVE CVE-2015-6722
CVE CVE-2015-6723
CVE CVE-2015-6724
CVE CVE-2015-6725
CVE CVE-2015-7614
CVE CVE-2015-7615
CVE CVE-2015-7616
CVE CVE-2015-7617
CVE CVE-2015-7618
CVE CVE-2015-7619
CVE CVE-2015-7620
CVE CVE-2015-7621
CVE CVE-2015-7622
CVE CVE-2015-7623
CVE CVE-2015-7624
CVE CVE-2015-7650
CVE CVE-2015-8458
XREF OSVDB:128706
XREF OSVDB:128707
XREF OSVDB:128708
XREF OSVDB:128709
XREF OSVDB:128710
XREF OSVDB:128711
XREF OSVDB:128712
XREF OSVDB:128713
XREF OSVDB:128714
XREF OSVDB:128715
XREF OSVDB:128716
XREF OSVDB:128717
XREF OSVDB:128718
XREF OSVDB:128719
XREF OSVDB:128720
XREF OSVDB:128721
XREF OSVDB:128722
XREF OSVDB:128723
XREF OSVDB:128724
XREF OSVDB:128725
XREF OSVDB:128726
XREF OSVDB:128727
XREF OSVDB:128728
XREF OSVDB:128729
XREF OSVDB:128730
XREF OSVDB:128731
XREF OSVDB:128732
XREF OSVDB:128733
XREF OSVDB:128734
XREF OSVDB:128735
XREF OSVDB:128736
XREF OSVDB:128737
XREF OSVDB:128738
XREF OSVDB:128739
XREF OSVDB:128740
XREF OSVDB:128741
XREF OSVDB:128742
XREF OSVDB:128743
XREF OSVDB:128744
XREF OSVDB:128745
XREF OSVDB:128746
XREF OSVDB:128747
XREF OSVDB:128748
XREF OSVDB:128749
XREF OSVDB:128750
XREF OSVDB:128751
XREF OSVDB:128752
XREF OSVDB:128753
XREF OSVDB:128754
XREF OSVDB:128755
XREF OSVDB:128756
XREF OSVDB:128757
XREF OSVDB:128758
XREF OSVDB:128759
XREF OSVDB:128760
XREF OSVDB:128761
XREF OSVDB:129615
XREF OSVDB:131708
Plugin Information:
Published: 2015/10/15, Modified: 2017/05/09
Plugin Output

10.0.0.64 (tcp/445)


Path : C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader
Installed version : 15.8.20082.147029
Fixed version : 10.1.16 / 11.0.13 / 2015.006.30094 / 2015.009.20069
86423 (1) - Adobe Flash Player <= 19.0.0.207 Vulnerability (APSB15-27)
Synopsis
The remote Windows host has a browser plugin installed that is affected by multiple vulnerabilities.
Description
The version of Adobe Flash Player installed on the remote Windows host is equal or prior to version 19.0.0.207. It is, therefore, affected by multiple vulnerabilities :

- Multiple type confusion errors exist that allow a remote attacker to execute arbitrary code. (CVE-2015-7645, CVE-2015-7647, CVE-2015-7648)
See Also
Solution
Upgrade to Adobe Flash Player version 19.0.0.226 or later.

Alternatively, Adobe has made version 18.0.0.255 available for those installations that cannot be upgraded to the latest version.
Risk Factor
High
CVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score
7.7 (CVSS2#E:F/RL:OF/RC:ND)
References
CVE CVE-2015-7645
CVE CVE-2015-7647
CVE CVE-2015-7648
XREF OSVDB:128853
XREF OSVDB:128982
XREF OSVDB:128983
Plugin Information:
Published: 2015/10/19, Modified: 2016/04/28
Plugin Output

10.0.0.14 (tcp/445)


Product : ActiveX control (for Internet Explorer)
Path : C:\WINDOWS\system32\Macromed\Flash\Flash10p.ocx
Installed version : 10.2.159.1
Fixed version : 19.0.0.226 / 18.0.0.255
86851 (1) - Adobe Flash Player <= 19.0.0.226 Multiple Vulnerabilities (APSB15-28)
Synopsis
The remote Windows host has a browser plugin installed that is affected by multiple vulnerabilities.
Description
The version of Adobe Flash Player installed on the remote Windows host is equal or prior to version 19.0.0.226. It is, therefore, affected by multiple vulnerabilities :

- A type confusion error exists that allows an attacker to execute arbitrary code. (CVE-2015-7659)

- A security bypass vulnerability exists that allows an attacker to write arbitrary data to the file system under user permissions. (CVE-2015-7662)

- Multiple use-after-free vulnerabilities exist that allow an attacker to execute arbitrary code. (CVE-2015-7651, CVE-2015-7652, CVE-2015-7653, CVE-2015-7654, CVE-2015-7655, CVE-2015-7656, CVE-2015-7657, CVE-2015-7658, CVE-2015-7660, CVE-2015-7661, CVE-2015-7663, CVE-2015-8042, CVE-2015-8043, CVE-2015-8044, CVE-2015-8046)
See Also
Solution
Upgrade to Adobe Flash Player version 19.0.0.245 or later.

Alternatively, Adobe has made version 18.0.0.261 available for those installations that cannot be upgraded to the latest version.
Risk Factor
High
CVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score
7.3 (CVSS2#E:POC/RL:OF/RC:ND)
References
CVE CVE-2015-7651
CVE CVE-2015-7652
CVE CVE-2015-7653
CVE CVE-2015-7654
CVE CVE-2015-7655
CVE CVE-2015-7656
CVE CVE-2015-7657
CVE CVE-2015-7658
CVE CVE-2015-7659
CVE CVE-2015-7660
CVE CVE-2015-7661
CVE CVE-2015-7662
CVE CVE-2015-7663
CVE CVE-2015-8042
CVE CVE-2015-8043
CVE CVE-2015-8044
CVE CVE-2015-8046
XREF OSVDB:129999
XREF OSVDB:130000
XREF OSVDB:130001
XREF OSVDB:130002
XREF OSVDB:130003
XREF OSVDB:130004
XREF OSVDB:130005
XREF OSVDB:130006
XREF OSVDB:130007
XREF OSVDB:130008
XREF OSVDB:130009
XREF OSVDB:130010
XREF OSVDB:130011
XREF OSVDB:130012
XREF OSVDB:130013
XREF OSVDB:130014
XREF OSVDB:130015
Plugin Information:
Published: 2015/11/11, Modified: 2016/05/20
Plugin Output

10.0.0.14 (tcp/445)


Product : ActiveX control (for Internet Explorer)
Path : C:\WINDOWS\system32\Macromed\Flash\Flash10p.ocx
Installed version : 10.2.159.1
Fixed version : 19.0.0.245 / 18.0.0.261
87244 (1) - Adobe Flash Player <= 19.0.0.245 Multiple Vulnerabilities (APSB15-32)
Synopsis
The remote Windows host has a browser plugin installed that is affected by multiple vulnerabilities.
Description
The version of Adobe Flash Player installed on the remote Windows host is equal or prior to version 19.0.0.245. It is, therefore, affected by multiple vulnerabilities :

- Multiple heap buffer overflow conditions exist that allow an attacker to execute arbitrary code.
(CVE-2015-8438, CVE-2015-8446)

- Multiple memory corruption issues exist that allow an attacker to execute arbitrary code. (CVE-2015-8045, CVE-2015-8047, CVE-2015-8060, CVE-2015-8408, CVE-2015-8416, CVE-2015-8417, CVE-2015-8418, CVE-2015-8419, CVE-2015-8443, CVE-2015-8444, CVE-2015-8451, CVE-2015-8455, CVE-2015-8652, CVE-2015-8654, CVE-2015-8656, CVE-2015-8657, CVE-2015-8658, CVE-2015-8820)

- Multiple security bypass vulnerabilities exist that allow an attacker to write arbitrary data to the file system under user permissions. (CVE-2015-8453, CVE-2015-8440, CVE-2015-8409)

- A stack buffer overflow condition exists that allows an attacker to execute arbitrary code. (CVE-2015-8407, CVE-2015-8457)

- A type confusion error exists that allows an attacker to execute arbitrary code. (CVE-2015-8439, CVE-2015-8456)

- An integer overflow condition exists that allows an attacker to execute arbitrary code. (CVE-2015-8445)

- A buffer overflow condition exists that allows an attacker to execute arbitrary code. (CVE-2015-8415)

- Multiple use-after-free errors exist that allow an attacker to execute arbitrary code. (CVE-2015-8048, CVE-2015-8049, CVE-2015-8050, CVE-2015-8055, CVE-2015-8056, CVE-2015-8057, CVE-2015-8058, CVE-2015-8059, CVE-2015-8061, CVE-2015-8062, CVE-2015-8063, CVE-2015-8064, CVE-2015-8065, CVE-2015-8066, CVE-2015-8067, CVE-2015-8068, CVE-2015-8069, CVE-2015-8070, CVE-2015-8071, CVE-2015-8401, CVE-2015-8402, CVE-2015-8403, CVE-2015-8404, CVE-2015-8405, CVE-2015-8406, CVE-2015-8410, CVE-2015-8411, CVE-2015-8412, CVE-2015-8413, CVE-2015-8414, CVE-2015-8420, CVE-2015-8421, CVE-2015-8422, CVE-2015-8423, CVE-2015-8424, CVE-2015-8425, CVE-2015-8426, CVE-2015-8427, CVE-2015-8428, CVE-2015-8429, CVE-2015-8430, CVE-2015-8431, CVE-2015-8432, CVE-2015-8433, CVE-2015-8434, CVE-2015-8435, CVE-2015-8436, CVE-2015-8437, CVE-2015-8441, CVE-2015-8442, CVE-2015-8447, CVE-2015-8448, CVE-2015-8449, CVE-2015-8450, CVE-2015-8452, CVE-2015-8454, CVE-2015-8653, CVE-2015-8655, CVE-2015-8821, CVE-2015-8822
See Also
Solution
Upgrade to Adobe Flash Player version 20.0.0.228 or later.

Alternatively, Adobe has made version 18.0.0.268 available for those installations that cannot be upgraded to the latest version.
Risk Factor
High
CVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score
7.7 (CVSS2#E:F/RL:OF/RC:ND)
References
BID 78710
BID 78712
BID 78713
BID 78714
BID 78715
BID 78716
BID 78717
BID 78718
BID 78802
CVE CVE-2015-8045
CVE CVE-2015-8047
CVE CVE-2015-8048
CVE CVE-2015-8049
CVE CVE-2015-8050
CVE CVE-2015-8054
CVE CVE-2015-8055
CVE CVE-2015-8056
CVE CVE-2015-8057
CVE CVE-2015-8058
CVE CVE-2015-8059
CVE CVE-2015-8060
CVE CVE-2015-8061
CVE CVE-2015-8062
CVE CVE-2015-8063
CVE CVE-2015-8064
CVE CVE-2015-8065
CVE CVE-2015-8066
CVE CVE-2015-8067
CVE CVE-2015-8068
CVE CVE-2015-8069
CVE CVE-2015-8070
CVE CVE-2015-8071
CVE CVE-2015-8401
CVE CVE-2015-8402
CVE CVE-2015-8403
CVE CVE-2015-8404
CVE CVE-2015-8405
CVE CVE-2015-8406
CVE CVE-2015-8407
CVE CVE-2015-8408
CVE CVE-2015-8409
CVE CVE-2015-8410
CVE CVE-2015-8411
CVE CVE-2015-8412
CVE CVE-2015-8413
CVE CVE-2015-8414
CVE CVE-2015-8415
CVE CVE-2015-8416
CVE CVE-2015-8417
CVE CVE-2015-8418
CVE CVE-2015-8419
CVE CVE-2015-8420
CVE CVE-2015-8421
CVE CVE-2015-8422
CVE CVE-2015-8423
CVE CVE-2015-8424
CVE CVE-2015-8425
CVE CVE-2015-8426
CVE CVE-2015-8427
CVE CVE-2015-8428
CVE CVE-2015-8429
CVE CVE-2015-8430
CVE CVE-2015-8431
CVE CVE-2015-8432
CVE CVE-2015-8433
CVE CVE-2015-8434
CVE CVE-2015-8435
CVE CVE-2015-8436
CVE CVE-2015-8437
CVE CVE-2015-8438
CVE CVE-2015-8439
CVE CVE-2015-8440
CVE CVE-2015-8441
CVE CVE-2015-8442
CVE CVE-2015-8443
CVE CVE-2015-8444
CVE CVE-2015-8445
CVE CVE-2015-8446
CVE CVE-2015-8447
CVE CVE-2015-8448
CVE CVE-2015-8449
CVE CVE-2015-8450
CVE CVE-2015-8451
CVE CVE-2015-8452
CVE CVE-2015-8453
CVE CVE-2015-8454
CVE CVE-2015-8455
CVE CVE-2015-8456
CVE CVE-2015-8457
CVE CVE-2015-8652
CVE CVE-2015-8653
CVE CVE-2015-8654
CVE CVE-2015-8655
CVE CVE-2015-8656
CVE CVE-2015-8657
CVE CVE-2015-8658
CVE CVE-2015-8820
CVE CVE-2015-8821
CVE CVE-2015-8822
XREF OSVDB:131208
XREF OSVDB:131209
XREF OSVDB:131210
XREF OSVDB:131211
XREF OSVDB:131212
XREF OSVDB:131213
XREF OSVDB:131214
XREF OSVDB:131215
XREF OSVDB:131216
XREF OSVDB:131217
XREF OSVDB:131218
XREF OSVDB:131219
XREF OSVDB:131220
XREF OSVDB:131221
XREF OSVDB:131222
XREF OSVDB:131223
XREF OSVDB:131224
XREF OSVDB:131225
XREF OSVDB:131226
XREF OSVDB:131227
XREF OSVDB:131228
XREF OSVDB:131229
XREF OSVDB:131230
XREF OSVDB:131231
XREF OSVDB:131232
XREF OSVDB:131233
XREF OSVDB:131234
XREF OSVDB:131235
XREF OSVDB:131236
XREF OSVDB:131237
XREF OSVDB:131238
XREF OSVDB:131239
XREF OSVDB:131240
XREF OSVDB:131241
XREF OSVDB:131242
XREF OSVDB:131243
XREF OSVDB:131244
XREF OSVDB:131245
XREF OSVDB:131246
XREF OSVDB:131247
XREF OSVDB:131248
XREF OSVDB:131249
XREF OSVDB:131250
XREF OSVDB:131251
XREF OSVDB:131252
XREF OSVDB:131253
XREF OSVDB:131254
XREF OSVDB:131255
XREF OSVDB:131256
XREF OSVDB:131257
XREF OSVDB:131258
XREF OSVDB:131259
XREF OSVDB:131260
XREF OSVDB:131261
XREF OSVDB:131262
XREF OSVDB:131463
XREF OSVDB:131264
XREF OSVDB:131265
XREF OSVDB:131266
XREF OSVDB:131267
XREF OSVDB:131268
XREF OSVDB:131269
XREF OSVDB:131270
XREF OSVDB:131271
XREF OSVDB:131272
XREF OSVDB:131273
XREF OSVDB:131274
XREF OSVDB:131275
XREF OSVDB:131276
XREF OSVDB:131277
XREF OSVDB:131278
XREF OSVDB:131279
XREF OSVDB:131280
XREF OSVDB:131281
XREF OSVDB:131282
XREF OSVDB:131283
XREF OSVDB:131464
XREF OSVDB:131465
XREF OSVDB:131466
XREF OSVDB:131467
XREF OSVDB:135374
XREF OSVDB:135375
XREF OSVDB:135376
XREF OSVDB:135377
XREF OSVDB:135378
XREF OSVDB:135379
XREF OSVDB:135380
XREF OSVDB:135381
XREF OSVDB:135382
XREF OSVDB:135383
XREF ZDI:ZDI-15-601
XREF ZDI:ZDI-15-602
XREF ZDI:ZDI-15-603
XREF ZDI:ZDI-15-604
XREF ZDI:ZDI-15-605
XREF ZDI:ZDI-15-606
XREF ZDI:ZDI-15-607
XREF ZDI:ZDI-15-608
XREF ZDI:ZDI-15-609
XREF ZDI:ZDI-15-610
XREF ZDI:ZDI-15-611
XREF ZDI:ZDI-15-612
XREF ZDI:ZDI-15-613
XREF ZDI:ZDI-15-614
XREF ZDI:ZDI-15-655
XREF ZDI:ZDI-15-656
XREF ZDI:ZDI-15-657
XREF ZDI:ZDI-15-658
XREF ZDI:ZDI-15-659
XREF ZDI:ZDI-15-660
XREF ZDI:ZDI-15-661
XREF ZDI:ZDI-15-662
XREF ZDI:ZDI-15-663
XREF ZDI:ZDI-15-664
XREF EDB-ID:39042
XREF EDB-ID:39043
XREF EDB-ID:39047
XREF EDB-ID:39049
XREF EDB-ID:39051
XREF EDB-ID:39052
XREF EDB-ID:39053
XREF EDB-ID:39054
XREF EDB-ID:39072
Plugin Information:
Published: 2015/12/08, Modified: 2016/04/28
Plugin Output

10.0.0.14 (tcp/445)


Product : ActiveX control (for Internet Explorer)
Path : C:\WINDOWS\system32\Macromed\Flash\Flash10p.ocx
Installed version : 10.2.159.1
Fixed version : 20.0.0.228 / 18.0.0.268
87476 (1) - Firefox < 43 Multiple Vulnerabilities
Synopsis
The remote Windows host contains a web browser that is affected by multiple vulnerabilities.
Description
The version of Firefox installed on the remote Windows host is prior to 43. It is, therefore, affected by the following vulnerabilities :

- Multiple unspecified memory corruption issues exist due to improper validation of user-supplied input. A remote attacker can exploit these issues by convincing a user to visit a specially crafted web page, resulting in the execution of arbitrary code. (CVE-2015-7201)

- Multiple unspecified memory corruption issues exist due to improper validation of user-supplied input. A remote attacker can exploit these issues by convincing a user to visit a specially crafted web page, resulting in the execution of arbitrary code. (CVE-2015-7202)

- An overflow condition exists in the LoadFontFamilyData() function due to improper validation of user-supplied input. A remote attacker can exploit this to cause a buffer overflow, resulting in the execution of arbitrary code. (CVE-2015-7203)

- A flaw exists in the PropertyWriteNeedsTypeBarrier() function due to improper handling of unboxed objects during JavaScript variable assignments. A remote attacker can exploit this to execute arbitrary code.
(CVE-2015-7204)

- A flaw exists in the RtpHeaderParser::Parse() function due to improper handling of RTP headers. An unauthenticated, remote attacker can exploit this, via specially crafted RTP headers, to execute arbitrary code. (CVE-2015-7205)

- A same-origin bypass vulnerability exists that is triggered after a redirect when the function is used alongside an iframe to host a page. An attacker can exploit this to gain access to cross-origin URL information. (CVE-2015-7207)

- The SetCookieInternal() function improperly allows control characters (e.g. ASCII code 11) to be inserted into cookies. An attacker can exploit this to inject cookies. (CVE-2015-7208)

- A use-after-free error exists due to improper prevention of datachannel operations on closed PeerConnections. An attacker can exploit this to dereference already freed memory, resulting in the execution of arbitrary code.
(CVE-2015-7210)

- A flaw exists in the ParseURI() function due to improper handling of a hash (#) character in the data: URI. An attacker can exploit this to spoof the URL bar.
(CVE-2015-7211)

- An overflow condition exists in the AllocateForSurface() function due to improper validation of user-supplied input when handling texture allocation in graphics operations. An attacker can exploit this to execute arbitrary code. (CVE-2015-7212)

- An integer overflow condition exists in the readMetaData() function due to improper validation of user-supplied input when handling a specially crafted MP4 file. An attacker can exploit this to execute arbitrary code. (CVE-2015-7213)

- A same-origin bypass vulnerability exists due to improper handling of 'data:' and 'view-source:' URIs. An attacker can exploit this to read data from cross-site URLs and local files. (CVE-2015-7214)

- An information disclosure vulnerability exists due to improper handling of error events in web workers. An attacker can exploit this to gain access to sensitive cross-origin information. (CVE-2015-7215)

- Multiple integer underflow conditions exist due to improper validation of user-supplied input when handling HTTP2 frames. An attacker can exploit these to crash the application, resulting in a denial of service.
(CVE-2015-7218, CVE-2015-7219)

- An overflow condition exists in the XDRBuffer::grow() function due to improper validation of user-supplied input. An attacker can exploit this to cause a buffer overflow, resulting in the execution of arbitrary code.
(CVE-2015-7220)

- An overflow condition exists in the GrowCapacity() function due to improper validation of user-supplied input. An attacker can exploit this to cause a buffer overflow, resulting in the execution of arbitrary code.
(CVE-2015-7221)

- An integer underflow condition exists in the bundled version of libstagefright in the parseChunk() function that is triggered when handling 'covr' chunks. An unauthenticated, remote attacker can exploit this, via specially crafted media content, to crash the application or execute arbitrary code. (CVE-2015-7222)

- A privilege escalation vulnerability exists in the Extension.jsm script due to a failure to restrict WebExtension APIs from being injected into documents without WebExtension principals. An attacker can exploit this to conduct a cross-site scripting attack, resulting in the execution of arbitrary script code in a user's browser session. (CVE-2015-7223)
See Also
Solution
Upgrade to Firefox 43 or later.
Risk Factor
High
CVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score
6.9 (CVSS2#E:U/RL:OF/RC:C)
References
BID 79279
BID 79280
BID 79283
CVE CVE-2015-7201
CVE CVE-2015-7202
CVE CVE-2015-7203
CVE CVE-2015-7204
CVE CVE-2015-7205
CVE CVE-2015-7207
CVE CVE-2015-7208
CVE CVE-2015-7210
CVE CVE-2015-7211
CVE CVE-2015-7212
CVE CVE-2015-7213
CVE CVE-2015-7214
CVE CVE-2015-7215
CVE CVE-2015-7218
CVE CVE-2015-7219
CVE CVE-2015-7220
CVE CVE-2015-7221
CVE CVE-2015-7222
CVE CVE-2015-7223
XREF OSVDB:125392
XREF OSVDB:131845
XREF OSVDB:131846
XREF OSVDB:131847
XREF OSVDB:131848
XREF OSVDB:131849
XREF OSVDB:131850
XREF OSVDB:131851
XREF OSVDB:131852
XREF OSVDB:131853
XREF OSVDB:131854
XREF OSVDB:131855
XREF OSVDB:131856
XREF OSVDB:131857
XREF OSVDB:131858
XREF OSVDB:131859
XREF OSVDB:131860
XREF OSVDB:131861
XREF OSVDB:131863
XREF OSVDB:131864
XREF OSVDB:131865
XREF OSVDB:131866
XREF OSVDB:131867
XREF OSVDB:131868
XREF OSVDB:131869
XREF OSVDB:131870
XREF OSVDB:131871
XREF OSVDB:131872
XREF OSVDB:131873
XREF OSVDB:131874
XREF OSVDB:131875
XREF OSVDB:131902
XREF OSVDB:131903
Plugin Information:
Published: 2015/12/17, Modified: 2016/03/13
Plugin Output

10.0.0.64 (tcp/445)


Path : C:\Program Files (x86)\Mozilla Firefox
Installed version : 42.0
Fixed version : 43
87657 (1) - Adobe Flash Player <= 20.0.0.235 Multiple Vulnerabilities (APSB16-01)
Synopsis
The remote Windows host has a browser plugin installed that is affected by multiple vulnerabilities.
Description
The version of Adobe Flash Player installed on the remote Windows host is equal or prior to version 20.0.0.235. It is, therefore, affected by multiple vulnerabilities :

- A type confusion error exists that a remote attacker can exploit to execute arbitrary code. (CVE-2015-8644)

- An integer overflow condition exists that a remote attacker can exploit to execute arbitrary code.
(CVE-2015-8651)

- Multiple use-after-free errors exist that a remote attacker can exploit to execute arbitrary code.
(CVE-2015-8634, CVE-2015-8635, CVE-2015-8638, CVE-2015-8639, CVE-2015-8640, CVE-2015-8641, CVE-2015-8642, CVE-2015-8643, CVE-2015-8646, CVE-2015-8647, CVE-2015-8648, CVE-2015-8649, CVE-2015-8650, CVE-2016-0959)

- Multiple memory corruption issues exist that allow a remote attacker to execute arbitrary code.
(CVE-2015-8459, CVE-2015-8460, CVE-2015-8636, CVE-2015-8645)
See Also
Solution
Upgrade to Adobe Flash Player version 20.0.0.267 or later.

Alternatively, Adobe has made version 18.0.0.324 available for those installations that cannot be upgraded to the latest version.
Risk Factor
High
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
7.9 (CVSS:3.0/E:P/RL:O/RC:X)
CVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score
7.3 (CVSS2#E:POC/RL:OF/RC:ND)
References
BID 79700
BID 79701
BID 79704
BID 79705
CVE CVE-2015-8459
CVE CVE-2015-8460
CVE CVE-2015-8634
CVE CVE-2015-8635
CVE CVE-2015-8636
CVE CVE-2015-8638
CVE CVE-2015-8639
CVE CVE-2015-8640
CVE CVE-2015-8641
CVE CVE-2015-8642
CVE CVE-2015-8643
CVE CVE-2015-8644
CVE CVE-2015-8645
CVE CVE-2015-8646
CVE CVE-2015-8647
CVE CVE-2015-8648
CVE CVE-2015-8649
CVE CVE-2015-8650
CVE CVE-2015-8651
CVE CVE-2016-0959
XREF OSVDB:132309
XREF OSVDB:132310
XREF OSVDB:132311
XREF OSVDB:132312
XREF OSVDB:132313
XREF OSVDB:132314
XREF OSVDB:132315
XREF OSVDB:132316
XREF OSVDB:132317
XREF OSVDB:132318
XREF OSVDB:132319
XREF OSVDB:132320
XREF OSVDB:132321
XREF OSVDB:132322
XREF OSVDB:132323
XREF OSVDB:132324
XREF OSVDB:132325
XREF OSVDB:132326
XREF OSVDB:132327
XREF OSVDB:159928
Plugin Information:
Published: 2015/12/29, Modified: 2017/06/30
Plugin Output

10.0.0.14 (tcp/445)


Product : ActiveX control (for Internet Explorer)
Path : C:\WINDOWS\system32\Macromed\Flash\Flash10p.ocx
Installed version : 10.2.159.1
Fixed version : 20.0.0.267 / 18.0.0.324
87918 (1) - Adobe Reader < 11.0.14 / 15.006.30119 / 15.010.20056 Multiple Vulnerabilities (APSB16-02)
Synopsis
The version of Adobe Reader installed on the remote Windows host is affected by multiple vulnerabilities.
Description
The version of Adobe Reader installed on the remote host is a version prior to 11.0.14, 15.006.30119, or 15.010.20056. It is, therefore, affected by multiple vulnerabilities :

- Multiple use-after-free errors exist that allow a remote attacker to execute arbitrary code. (CVE-2016-0932, CVE-2016-0934, CVE-2016-0937, CVE-2016-0940, CVE-2016-0941)

- Multiple memory corruption issues exist that allow a remote attacker to execute arbitrary code.
(CVE-2016-0931, CVE-2016-0933, CVE-2016-0936, CVE-2016-0938, CVE-2016-0939, CVE-2016-0942, CVE-2016-0944, CVE-2016-0945, CVE-2016-0946)

- Multiple double-free errors exist that allow a remote attacker to execute arbitrary code. (CVE-2016-0935, CVE-2016-1111)

- A flaw exists in the Global JavaScript API that allows a remote attacker to bypass restrictions and execute arbitrary code. (CVE-2016-0943)

- A flaw exists in the download manager related to the directory search path used to find resources. A remote attacker can exploit this execute arbitrary code.
(CVE-2016-0947)
See Also
Solution
Upgrade to Adobe Reader 11.0.14 / 15.006.30119 / 15.010.20056 or later.
Risk Factor
High
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
7.9 (CVSS:3.0/E:P/RL:O/RC:C)
CVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score
7.3 (CVSS2#E:POC/RL:OF/RC:C)
References
CVE CVE-2016-0931
CVE CVE-2016-0932
CVE CVE-2016-0933
CVE CVE-2016-0934
CVE CVE-2016-0935
CVE CVE-2016-0936
CVE CVE-2016-0937
CVE CVE-2016-0938
CVE CVE-2016-0939
CVE CVE-2016-0940
CVE CVE-2016-0941
CVE CVE-2016-0942
CVE CVE-2016-0943
CVE CVE-2016-0944
CVE CVE-2016-0945
CVE CVE-2016-0946
CVE CVE-2016-0947
CVE CVE-2016-1111
XREF OSVDB:132761
XREF OSVDB:132762
XREF OSVDB:132763
XREF OSVDB:132764
XREF OSVDB:132765
XREF OSVDB:132766
XREF OSVDB:132767
XREF OSVDB:132768
XREF OSVDB:132769
XREF OSVDB:132770
XREF OSVDB:132771
XREF OSVDB:132772
XREF OSVDB:132773
XREF OSVDB:132774
XREF OSVDB:132775
XREF OSVDB:132776
XREF OSVDB:132777
XREF OSVDB:137805
XREF ZDI:ZDI-16-273
Plugin Information:
Published: 2016/01/14, Modified: 2017/05/09
Plugin Output

10.0.0.64 (tcp/445)


Path : C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader
Installed version : 15.8.20082.147029
Fixed version : 11.0.14 / 15.006.30119 / 15.010.20056
88461 (1) - Firefox < 44 Multiple Vulnerabilities
Synopsis
The remote Windows host contains a web browser that is affected by multiple vulnerabilities.
Description
The version of Firefox installed on the remote Windows host is prior to 44. It is, therefore, affected by the following vulnerabilities :

- A cookie injection vulnerability exists due to illegal control characters being stored as cookie values in violation of RFC6265. A remote attacker can exploit this to inject cookies. (CVE-2015-7208)

- Multiple unspecified memory corruption issues exist that allow a remote attacker to execute arbitrary code.
(CVE-2016-1930, CVE-2016-1931)

- An integer overflow condition exists due to improper parsing of GIF images during deinterlacing. A remote attacker can exploit this, via a specially crafted GIF image, to cause a denial of service condition or the execution of arbitrary code. (CVE-2016-1933)

- A buffer overflow condition exists in WebGL that is triggered when handling cache out-of-memory error conditions. A remote attacker can exploit this to execute arbitrary code. (CVE-2016-1935)

- A content spoofing vulnerability exists due to the protocol handler dialog treating double click events as two single click events. A remote attacker can exploit this to spoof content, allowing the attacker to trick a user into performing malicious actions. (CVE-2016-1937)

- A cryptographic weakness exists in Network Security Services (NSS) due to incorrect calculations with 'mp_div' and 'mp_exptmod'. (CVE-2016-1938)

- A cookie injection vulnerability exists due to illegal control characters being permitted in cookie names. A remote attacker can exploit this to inject cookies.
(CVE-2016-1939)

- An URL spoofing vulnerability exists due to a flaw that is triggered during the handling of a URL that invalid for the internal protocol, causing the URL to be pasted into the address bar. A remote attacker can exploit this spoof URLs, allowing the attacker to trick a user into visiting a malicious website. (CVE-2016-1942)

- An unspecified memory corruption issue exists in the ANGLE graphics library implementation. A remote attacker can exploit this to corrupt memory, resulting in the execution of arbitrary code. (CVE-2016-1944)

- A wild pointer flaw exists due to improper handling of ZIP files. A remote attacker can exploit this, via a crafted ZIP file, to have an unspecified impact.
(CVE-2016-1945)

- An integer overflow condition exists in the bundled version of libstagefright due to improper handling of MP4 file metadata. A remote attacker can exploit this to execute arbitrary code. (CVE-2016-1946)

- A flaw exists in the safe browsing feature due to the Application Reputation service being unreachable. A remote attacker can exploit this to convince a user into downloading a malicious executable without being warned. (CVE-2016-1947)

- A use-after-free error exists in Network Security Services (NSS) due to improper handling of failed allocations during DHE and ECDHE handshakes. An attacker can exploit this to dereference already freed memory, resulting in the execution of arbitrary code.
(CVE-2016-1978)
See Also
Solution
Upgrade to Firefox version 44 or later.
Risk Factor
High
CVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score
6.9 (CVSS2#E:U/RL:OF/RC:C)
References
BID 79280
CVE CVE-2015-7208
CVE CVE-2016-1930
CVE CVE-2016-1931
CVE CVE-2016-1933
CVE CVE-2016-1935
CVE CVE-2016-1937
CVE CVE-2016-1938
CVE CVE-2016-1939
CVE CVE-2016-1942
CVE CVE-2016-1944
CVE CVE-2016-1945
CVE CVE-2016-1946
CVE CVE-2016-1947
CVE CVE-2016-1978
XREF OSVDB:131875
XREF OSVDB:133629
XREF OSVDB:133630
XREF OSVDB:133631
XREF OSVDB:133632
XREF OSVDB:133633
XREF OSVDB:133634
XREF OSVDB:133635
XREF OSVDB:133636
XREF OSVDB:133637
XREF OSVDB:133638
XREF OSVDB:133639
XREF OSVDB:133640
XREF OSVDB:133641
XREF OSVDB:133642
XREF OSVDB:133643
XREF OSVDB:133644
XREF OSVDB:133645
XREF OSVDB:133646
XREF OSVDB:133647
XREF OSVDB:133648
XREF OSVDB:133649
XREF OSVDB:133650
XREF OSVDB:133651
XREF OSVDB:133652
XREF OSVDB:133653
XREF OSVDB:133654
XREF OSVDB:133656
XREF OSVDB:133657
XREF OSVDB:133659
XREF OSVDB:133660
XREF OSVDB:133661
XREF OSVDB:133662
XREF OSVDB:133669
XREF OSVDB:133682
XREF OSVDB:133684
XREF OSVDB:135718
XREF MFSA:2016-01
XREF MFSA:2016-02
XREF MFSA:2016-03
XREF MFSA:2016-04
XREF MFSA:2016-06
XREF MFSA:2016-07
XREF MFSA:2016-08
XREF MFSA:2016-09
XREF MFSA:2016-10
XREF MFSA:2016-11
XREF MFSA:2016-15
Plugin Information:
Published: 2016/01/28, Modified: 2016/04/28
Plugin Output

10.0.0.64 (tcp/445)


Path : C:\Program Files (x86)\Mozilla Firefox
Installed version : 42.0
Fixed version : 44
88639 (1) - Adobe Flash Player <= 20.0.0.286 Multiple Vulnerabilities (APSB16-04)
Synopsis
The remote Windows host has a browser plugin installed that is affected by multiple vulnerabilities.
Description
The version of Adobe Flash Player installed on the remote Windows host is prior or equal to version 20.0.0.286. It is, therefore, affected by multiple vulnerabilities :

- A type confusion error exists that allows a remote attacker to execute arbitrary code. (CVE-2016-0985)

- Multiple use-after-free errors exist that allow a remote attacker to execute arbitrary code. (CVE-2016-0973, CVE-2016-0974, CVE-2016-0975, CVE-2016-0982, CVE-2016-0983, CVE-2016-0984)

- A heap buffer overflow condition exist that allows an attacker to execute arbitrary code. (CVE-2016-0971)

- Multiple memory corruption issues exist that allow a remote attacker to execute arbitrary code.
(CVE-2016-0964, CVE-2016-0965, CVE-2016-0966, CVE-2016-0967, CVE-2016-0968, CVE-2016-0969, CVE-2016-0970, CVE-2016-0972, CVE-2016-0976, CVE-2016-0977, CVE-2016-0978, CVE-2016-0979, CVE-2016-0980, CVE-2016-0981)
See Also
Solution
Upgrade to Adobe Flash Player version 20.0.0.306 or later.

Alternatively, Adobe has made version 18.0.0.329 available for those installations that cannot be upgraded to the latest version.
Risk Factor
High
CVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score
7.3 (CVSS2#E:POC/RL:OF/RC:C)
References
CVE CVE-2016-0964
CVE CVE-2016-0965
CVE CVE-2016-0966
CVE CVE-2016-0967
CVE CVE-2016-0968
CVE CVE-2016-0969
CVE CVE-2016-0970
CVE CVE-2016-0971
CVE CVE-2016-0972
CVE CVE-2016-0973
CVE CVE-2016-0974
CVE CVE-2016-0975
CVE CVE-2016-0976
CVE CVE-2016-0977
CVE CVE-2016-0978
CVE CVE-2016-0979
CVE CVE-2016-0980
CVE CVE-2016-0981
CVE CVE-2016-0982
CVE CVE-2016-0983
CVE CVE-2016-0984
CVE CVE-2016-0985
XREF OSVDB:134259
XREF OSVDB:134260
XREF OSVDB:134261
XREF OSVDB:134262
XREF OSVDB:134263
XREF OSVDB:134264
XREF OSVDB:134265
XREF OSVDB:134266
XREF OSVDB:134267
XREF OSVDB:134268
XREF OSVDB:134269
XREF OSVDB:134270
XREF OSVDB:134271
XREF OSVDB:134272
XREF OSVDB:134273
XREF OSVDB:134274
XREF OSVDB:134275
XREF OSVDB:134276
XREF OSVDB:134277
XREF OSVDB:134278
XREF OSVDB:134279
XREF OSVDB:134280
Plugin Information:
Published: 2016/02/09, Modified: 2016/04/28
Plugin Output

10.0.0.14 (tcp/445)


Product : ActiveX control (for Internet Explorer)
Path : C:\WINDOWS\system32\Macromed\Flash\Flash10p.ocx
Installed version : 10.2.159.1
Fixed version : 20.0.0.306 / 18.0.0.329
89831 (1) - Adobe Reader < 11.0.15 / 15.006.30121 / 15.010.20060 Multiple Vulnerabilities (APSB16-09)
Synopsis
The version of Adobe Reader installed on the remote Windows host is affected by multiple vulnerabilities.
Description
The version of Adobe Reader installed on the remote Windows host is prior to 11.0.15, 15.006.30121, or 15.010.20060. It is, therefore, affected by multiple vulnerabilities :

- A memory corruption issue exists due to the use of uninitialized memory when handling annotation gestures.
A remote attacker can exploit this, via a crafted PDF file, to corrupt memory, resulting in a denial of service or the execution of arbitrary code.
(CVE-2016-1007)

- A flaw exists related to searching and loading dynamic-link library (DLL) files due to using a search path that may contain directories which are not trusted or under the user's control. An attacker can exploit this, by injecting a malicious DLL into the path, to gain elevated privileges. (CVE-2016-1008)

- An array indexing error exists due to improper validation of user-supplied input. A remote attacker can exploit this, via a crafted PDF file, to corrupt memory, resulting in a denial of service or the execution of arbitrary code. (CVE-2016-1009)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Upgrade to Adobe Reader version 11.0.15 / 15.006.30121 / 15.010.20060 or later.
Risk Factor
High
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
8.1 (CVSS:3.0/E:F/RL:O/RC:X)
CVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score
7.7 (CVSS2#E:F/RL:OF/RC:ND)
References
BID 84215
BID 84216
CVE CVE-2016-1007
CVE CVE-2016-1008
CVE CVE-2016-1009
XREF OSVDB:135504
XREF OSVDB:135505
XREF OSVDB:135506
Plugin Information:
Published: 2016/03/10, Modified: 2017/05/09
Plugin Output

10.0.0.64 (tcp/445)


Note: The Adobe Reader version was extracted from AcroRd32.dll.
Path : C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader
Installed version : 15.8.20082.147029
Fixed version : 11.0.15 / 15.006.30121 / 15.010.20060
89834 (1) - Adobe Flash Player <= 20.0.0.306 Multiple Vulnerabilities (APSB16-08)
Synopsis
The remote Windows host has a browser plugin installed that is affected by multiple vulnerabilities.
Description
The version of Adobe Flash Player installed on the remote Windows host is prior or equal to version 20.0.0.306. It is, therefore, affected by multiple vulnerabilities :

- Multiple integer overflow conditions exist that allow an attacker to execute arbitrary code. (CVE-2016-0963, CVE-2016-0993, CVE-2016-1010)

- Multiple use-after-free errors exist that allow an attacker to execute arbitrary code. (CVE-2016-0987, CVE-2016-0988, CVE-2016-0990, CVE-2016-0991, CVE-2016-0994, CVE-2016-0995, CVE-2016-0996, CVE-2016-0997, CVE-2016-0998, CVE-2016-0999, CVE-2016-1000)

- A heap overflow condition exists that allows an attacker to execute arbitrary code. (CVE-2016-1001)

- Multiple memory corruption issues exist that allow an attacker to execute arbitrary code. (CVE-2016-0960, CVE-2016-0961, CVE-2016-0962, CVE-2016-0986, CVE-2016-0989, CVE-2016-0992, CVE-2016-1002, CVE-2016-1005)
See Also
Solution
Upgrade to Adobe Flash Player version 21.0.0.182 or later.

Alternatively, Adobe has made version 18.0.0.333 available for those installations that cannot be upgraded to the latest version.
Risk Factor
High
CVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score
7.3 (CVSS2#E:POC/RL:OF/RC:C)
References
BID 84308
BID 84308
BID 84310
BID 84311
BID 84312
CVE CVE-2016-0960
CVE CVE-2016-0961
CVE CVE-2016-0962
CVE CVE-2016-0963
CVE CVE-2016-0986
CVE CVE-2016-0987
CVE CVE-2016-0988
CVE CVE-2016-0989
CVE CVE-2016-0990
CVE CVE-2016-0991
CVE CVE-2016-0992
CVE CVE-2016-0993
CVE CVE-2016-0994
CVE CVE-2016-0995
CVE CVE-2016-0996
CVE CVE-2016-0997
CVE CVE-2016-0998
CVE CVE-2016-0999
CVE CVE-2016-1000
CVE CVE-2016-1001
CVE CVE-2016-1002
CVE CVE-2016-1005
CVE CVE-2016-1010
XREF OSVDB:135679
XREF OSVDB:135680
XREF OSVDB:135681
XREF OSVDB:135682
XREF OSVDB:135683
XREF OSVDB:135684
XREF OSVDB:135685
XREF OSVDB:135686
XREF OSVDB:135687
XREF OSVDB:135688
XREF OSVDB:135689
XREF OSVDB:135690
XREF OSVDB:135691
XREF OSVDB:135692
XREF OSVDB:135693
XREF OSVDB:135694
XREF OSVDB:135695
XREF OSVDB:135696
XREF OSVDB:135697
XREF OSVDB:135698
XREF OSVDB:135699
XREF OSVDB:135700
XREF OSVDB:135701
Plugin Information:
Published: 2016/03/11, Modified: 2016/07/18
Plugin Output

10.0.0.14 (tcp/445)


Product : ActiveX control (for Internet Explorer)
Path : C:\WINDOWS\system32\Macromed\Flash\Flash10p.ocx
Installed version : 10.2.159.1
Fixed version : 21.0.0.182 / 18.0.0.333
89875 (1) - Firefox < 45 Multiple Vulnerabilities
Synopsis
The remote Windows host contains a web browser that is affected by multiple vulnerabilities.
Description
The version of Firefox installed on the remote Windows host is prior to 45. It is, therefore, affected by multiple vulnerabilities, the majority of which are remote code execution vulnerabilities. An unauthenticated, remote attacker can exploit these issues by convincing a user to visit a specially crafted website, resulting in the execution of arbitrary code in the context of the current user.
See Also
Solution
Upgrade to Firefox version 45 or later.
Risk Factor
High
CVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score
7.3 (CVSS2#E:POC/RL:OF/RC:ND)
References
CVE CVE-2016-1950
CVE CVE-2016-1952
CVE CVE-2016-1953
CVE CVE-2016-1954
CVE CVE-2016-1955
CVE CVE-2016-1956
CVE CVE-2016-1957
CVE CVE-2016-1958
CVE CVE-2016-1959
CVE CVE-2016-1960
CVE CVE-2016-1961
CVE CVE-2016-1962
CVE CVE-2016-1963
CVE CVE-2016-1964
CVE CVE-2016-1965
CVE CVE-2016-1966
CVE CVE-2016-1967
CVE CVE-2016-1968
CVE CVE-2016-1969
CVE CVE-2016-1970
CVE CVE-2016-1971
CVE CVE-2016-1972
CVE CVE-2016-1973
CVE CVE-2016-1974
CVE CVE-2016-1975
CVE CVE-2016-1976
CVE CVE-2016-1977
CVE CVE-2016-1979
CVE CVE-2016-2790
CVE CVE-2016-2791
CVE CVE-2016-2792
CVE CVE-2016-2793
CVE CVE-2016-2794
CVE CVE-2016-2795
CVE CVE-2016-2796
CVE CVE-2016-2797
CVE CVE-2016-2798
CVE CVE-2016-2799
CVE CVE-2016-2800
CVE CVE-2016-2801
CVE CVE-2016-2802
XREF OSVDB:135550
XREF OSVDB:135551
XREF OSVDB:135552
XREF OSVDB:135553
XREF OSVDB:135554
XREF OSVDB:135555
XREF OSVDB:135556
XREF OSVDB:135557
XREF OSVDB:135558
XREF OSVDB:135559
XREF OSVDB:135560
XREF OSVDB:135561
XREF OSVDB:135562
XREF OSVDB:135563
XREF OSVDB:135564
XREF OSVDB:135565
XREF OSVDB:135566
XREF OSVDB:135567
XREF OSVDB:135568
XREF OSVDB:135569
XREF OSVDB:135570
XREF OSVDB:135571
XREF OSVDB:135572
XREF OSVDB:135573
XREF OSVDB:135574
XREF OSVDB:135575
XREF OSVDB:135576
XREF OSVDB:135577
XREF OSVDB:135578
XREF OSVDB:135579
XREF OSVDB:135580
XREF OSVDB:135581
XREF OSVDB:135582
XREF OSVDB:135583
XREF OSVDB:135584
XREF OSVDB:135585
XREF OSVDB:135591
XREF OSVDB:135592
XREF OSVDB:135593
XREF OSVDB:135594
XREF OSVDB:135595
XREF OSVDB:135596
XREF OSVDB:135597
XREF OSVDB:135598
XREF OSVDB:135599
XREF OSVDB:135600
XREF OSVDB:135601
XREF OSVDB:135602
XREF OSVDB:135603
XREF OSVDB:135604
XREF OSVDB:135605
XREF OSVDB:135606
XREF OSVDB:135607
XREF OSVDB:135608
XREF OSVDB:135609
XREF OSVDB:135610
XREF OSVDB:135611
XREF OSVDB:135612
XREF OSVDB:135613
XREF OSVDB:135614
XREF OSVDB:135615
XREF OSVDB:135616
XREF OSVDB:135617
XREF OSVDB:135618
XREF OSVDB:135666
XREF MFSA:2016-16
XREF MFSA:2016-17
XREF MFSA:2016-18
XREF MFSA:2016-19
XREF MFSA:2016-20
XREF MFSA:2016-21
XREF MFSA:2016-22
XREF MFSA:2016-23
XREF MFSA:2016-24
XREF MFSA:2016-25
XREF MFSA:2016-26
XREF MFSA:2016-27
XREF MFSA:2016-28
XREF MFSA:2016-29
XREF MFSA:2016-30
XREF MFSA:2016-31
XREF MFSA:2016-32
XREF MFSA:2016-33
XREF MFSA:2016-34
XREF MFSA:2016-35
XREF MFSA:2016-36
XREF MFSA:2016-37
XREF MFSA:2016-38
Plugin Information:
Published: 2016/03/11, Modified: 2018/04/05
Plugin Output

10.0.0.64 (tcp/445)


Path : C:\Program Files (x86)\Mozilla Firefox
Installed version : 42.0
Fixed version : 45
90425 (1) - Adobe Flash Player <= 21.0.0.197 Multiple Vulnerabilities (APSB16-10)
Synopsis
The remote Windows host has a browser plugin installed that is affected by multiple vulnerabilities.
Description
The version of Adobe Flash Player installed on the remote Windows host is prior or equal to version 21.0.0.197. It is, therefore, affected by multiple vulnerabilities :

- An Address Space Layout Randomization (ASLR) bypass vulnerability exists that allows an attacker to predict memory offsets in the call stack. (CVE-2016-1006)

- Multiple use-after-free errors exist that allow an attacker to execute arbitrary code. (CVE-2016-1011, CVE-2016-1013, CVE-2016-1016, CVE-2016-1017, CVE-2016-1031)

- Multiple memory corruption issues exist that allow an attacker to execute arbitrary code. (CVE-2016-1012, CVE-2016-1020, CVE-2016-1021, CVE-2016-1022, CVE-2016-1023, CVE-2016-1024, CVE-2016-1025, CVE-2016-1026, CVE-2016-1027, CVE-2016-1028, CVE-2016-1029, CVE-2016-1032, CVE-2016-1033)

- A directory search path vulnerability exists that allows an attacker to disclose sensitive resources.
(CVE-2016-1014)

- Multiple type confusion errors exist that allow an attacker to execute arbitrary code. (CVE-2016-1015, CVE-2016-1019)

- An overflow condition exists that is triggered when handling JPEG-XR compressed image content. An attacker can exploit this to execute arbitrary code.
(CVE-2016-1018)

- An unspecified security bypass vulnerability exists.
(CVE-2016-1030)
See Also
Solution
Upgrade to Adobe Flash Player version 21.0.0.213 or later.

Alternatively, Adobe has made version 18.0.0.343 available for those installations that cannot be upgraded to the latest version.
Risk Factor
High
CVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score
8.8 (CVSS2#E:F/RL:U/RC:ND)
References
BID 85856
BID 85926
BID 85927
BID 85928
BID 85930
BID 85931
BID 85932
BID 85932
BID 85933
CVE CVE-2016-1006
CVE CVE-2016-1011
CVE CVE-2016-1012
CVE CVE-2016-1013
CVE CVE-2016-1014
CVE CVE-2016-1015
CVE CVE-2016-1016
CVE CVE-2016-1017
CVE CVE-2016-1018
CVE CVE-2016-1019
CVE CVE-2016-1020
CVE CVE-2016-1021
CVE CVE-2016-1022
CVE CVE-2016-1023
CVE CVE-2016-1024
CVE CVE-2016-1025
CVE CVE-2016-1026
CVE CVE-2016-1027
CVE CVE-2016-1028
CVE CVE-2016-1029
CVE CVE-2016-1030
CVE CVE-2016-1031
CVE CVE-2016-1032
CVE CVE-2016-1033
XREF OSVDB:135953
XREF OSVDB:135957
XREF OSVDB:135959
XREF OSVDB:136683
XREF OSVDB:136810
XREF OSVDB:136811
XREF OSVDB:136812
XREF OSVDB:136813
XREF OSVDB:136814
XREF OSVDB:136817
XREF OSVDB:136819
XREF OSVDB:136820
XREF OSVDB:136821
XREF OSVDB:136822
XREF OSVDB:136823
XREF OSVDB:136824
XREF OSVDB:136825
XREF OSVDB:136826
XREF OSVDB:136827
XREF OSVDB:136828
XREF OSVDB:136829
XREF OSVDB:136830
XREF OSVDB:136831
XREF OSVDB:136832
XREF ZDI:ZDI-16-225
XREF ZDI:ZDI-16-226
XREF ZDI:ZDI-16-227
XREF ZDI:ZDI-16-228
Plugin Information:
Published: 2016/04/08, Modified: 2016/07/18
Plugin Output

10.0.0.14 (tcp/445)


Product : ActiveX control (for Internet Explorer)
Path : C:\WINDOWS\system32\Macromed\Flash\Flash10p.ocx
Installed version : 10.2.159.1
Fixed version : 21.0.0.213 / 18.0.0.343
90793 (1) - Firefox < 46 Multiple Vulnerabilities
Synopsis
The remote Windows host contains a web browser that is affected by multiple vulnerabilities.
Description
The version of Firefox installed on the remote Windows host is prior to 46. It is, therefore, affected by multiple vulnerabilities :

- Multiple memory corruption issues exist that allow an attacker to corrupt memory, resulting in the execution of arbitrary code. (CVE-2016-2804, CVE-2016-2806, CVE-2016-2807)

- A flaw exists due to improper validation of user-supplied input when handling the 32-bit generation count of the underlying HashMap. A context-dependent attacker can exploit this to cause a buffer overflow condition, resulting in a denial of service or the execution of arbitrary code. (CVE-2016-2808)

- A local privilege escalation vulnerability exists in the Maintenance Service updater due to improper handling of long log file paths. A local attacker can exploit this to delete arbitrary files and gain elevated privileges.
(CVE-2016-2809)

- A remote code execution vulnerability exists due to a use-after-free error in the BeginReading() function. A context-dependent attacker can exploit this to dereference already freed memory, resulting in the execution of arbitrary code. (CVE-2016-2811)

- A remote code execution vulnerability exists due to a race condition in ServiceWorkerManager in the get() function. A context-dependent attacker can exploit this to execute arbitrary code. (CVE-2016-2812)

- A heap buffer overflow condition exists in the Google Stagefright component due to improper validation of user-supplied input when handling CENC offsets and the sizes table. A context-dependent attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. (CVE-2016-2814)

- A security bypass vulnerability exists due to the Content Security Policy (CSP) not being properly applied to web content sent with the 'multipart/x-mixed-replace'
MIME-type. A context-dependent attacker can exploit this to bypass CSP protection. (CVE-2016-2816)

- A cross-site scripting (XSS) vulnerability exists due to improper restriction of unprivileged 'javascript: URL'
navigation. A context-dependent attacker can exploit this, via a specially crafted request, to execute arbitrary script code in the context of a user's browser session. (CVE-2016-2817)

- A flaw exists in the Firefox Health Report that is triggered when it accepts any content document events that are presented in its iframe. A context-dependent attacker can exploit this to manipulate sharing preferences. (CVE-2016-2820)
See Also
Solution
Upgrade to Firefox version 46 or later.
Risk Factor
High
CVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score
7.5 (CVSS2#E:U/RL:ND/RC:UR)
References
BID 88099
BID 88100
CVE CVE-2016-2804
CVE CVE-2016-2806
CVE CVE-2016-2807
CVE CVE-2016-2808
CVE CVE-2016-2809
CVE CVE-2016-2811
CVE CVE-2016-2812
CVE CVE-2016-2814
CVE CVE-2016-2816
CVE CVE-2016-2817
CVE CVE-2016-2820
XREF OSVDB:137609
XREF OSVDB:137610
XREF OSVDB:137611
XREF OSVDB:137613
XREF OSVDB:137614
XREF OSVDB:137615
XREF OSVDB:137616
XREF OSVDB:137617
XREF OSVDB:137618
XREF OSVDB:137619
XREF OSVDB:137620
XREF OSVDB:137621
XREF OSVDB:137622
XREF OSVDB:137623
XREF OSVDB:137624
XREF OSVDB:137625
XREF OSVDB:137626
XREF OSVDB:137627
XREF OSVDB:137628
XREF OSVDB:137629
XREF OSVDB:137630
XREF OSVDB:137631
XREF OSVDB:137632
XREF OSVDB:137633
XREF OSVDB:137634
XREF OSVDB:137636
XREF OSVDB:137637
XREF OSVDB:137639
XREF OSVDB:137640
XREF OSVDB:137641
XREF OSVDB:137642
XREF OSVDB:137643
XREF MFSA:2016-39
XREF MFSA:2016-40
XREF MFSA:2016-42
XREF MFSA:2016-44
XREF MFSA:2016-45
XREF MFSA:2016-46
XREF MFSA:2016-47
XREF MFSA:2016-48
Plugin Information:
Published: 2016/04/29, Modified: 2016/10/06
Plugin Output

10.0.0.64 (tcp/445)


Path : C:\Program Files (x86)\Mozilla Firefox
Installed version : 42.0
Fixed version : 46
91097 (1) - Adobe Reader < 11.0.16 / 15.006.30172 / 15.016.20039 Multiple Vulnerabilities (APSB16-14)
Synopsis
The version of Adobe Reader installed on the remote Windows host is affected by multiple vulnerabilities.
Description
The version of Adobe Reader installed on the remote Windows host is prior to 11.0.16, 15.006.30172, or 15.016.20039. It is, therefore, affected by multiple vulnerabilities :

- Multiple use-after-free errors exist that allow an attacker to execute arbitrary code. (CVE-2016-1045, CVE-2016-1046, CVE-2016-1047, CVE-2016-1048, CVE-2016-1049, CVE-2016-1050, CVE-2016-1051, CVE-2016-1052, CVE-2016-1053, CVE-2016-1054, CVE-2016-1055, CVE-2016-1056, CVE-2016-1057, CVE-2016-1058, CVE-2016-1059, CVE-2016-1060, CVE-2016-1061, CVE-2016-1065, CVE-2016-1066, CVE-2016-1067, CVE-2016-1068, CVE-2016-1069, CVE-2016-1070, CVE-2016-1075, CVE-2016-1094, CVE-2016-1121, CVE-2016-1122, CVE-2016-4102, CVE-2016-4107)

- Multiple heap buffer overflow conditions exist that allow an attacker to execute arbitrary code.
(CVE-2016-4091, CVE-2016-4092)

- Multiple memory corruption issues exist that allow an attacker to execute arbitrary code. (CVE-2016-1037, CVE-2016-1063, CVE-2016-1064, CVE-2016-1071, CVE-2016-1072, CVE-2016-1073, CVE-2016-1074, CVE-2016-1076, CVE-2016-1077, CVE-2016-1078, CVE-2016-1080, CVE-2016-1081, CVE-2016-1082, CVE-2016-1083, CVE-2016-1084, CVE-2016-1085, CVE-2016-1086, CVE-2016-1088, CVE-2016-1093, CVE-2016-1095, CVE-2016-1116, CVE-2016-1118, CVE-2016-1119, CVE-2016-1120, CVE-2016-1123, CVE-2016-1124, CVE-2016-1125, CVE-2016-1126, CVE-2016-1127, CVE-2016-1128, CVE-2016-1129, CVE-2016-1130, CVE-2016-4088, CVE-2016-4089, CVE-2016-4090, CVE-2016-4093, CVE-2016-4094, CVE-2016-4096, CVE-2016-4097, CVE-2016-4098, CVE-2016-4099, CVE-2016-4100, CVE-2016-4101, CVE-2016-4103, CVE-2016-4104, CVE-2016-4105, CVE-2016-4119)

- An integer overflow vulnerability exists that allows an attacker to execute arbitrary code. (CVE-2016-1043)

- Multiple memory leak issues exist that allow an attacker to have an unspecified impact. (CVE-2016-1079, CVE-2016-1092)

- An unspecified flaw exists that allows an attacker to disclose sensitive information. (CVE-2016-1112)

- Multiple vulnerabilities exist that allow an attacker to bypass restrictions on JavaScript API execution.
(CVE-2016-1038, CVE-2016-1039, CVE-2016-1040, CVE-2016-1041, CVE-2016-1042, CVE-2016-1044, CVE-2016-1062, CVE-2016-1117)

- Multiple flaws exist when loading dynamic-link libraries. An attacker can exploit this, via a specially crafted .dll file, to execute arbitrary code.
(CVE-2016-1087, CVE-2016-1090, CVE-2016-4106)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Upgrade to Adobe Reader version 11.0.16 / 15.006.30172 / 15.016.20039 or later.
Risk Factor
High
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
7.9 (CVSS:3.0/E:P/RL:O/RC:C)
CVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score
7.3 (CVSS2#E:POC/RL:OF/RC:C)
References
BID 90517
CVE CVE-2016-1037
CVE CVE-2016-1038
CVE CVE-2016-1039
CVE CVE-2016-1040
CVE CVE-2016-1041
CVE CVE-2016-1042
CVE CVE-2016-1043
CVE CVE-2016-1044
CVE CVE-2016-1045
CVE CVE-2016-1046
CVE CVE-2016-1047
CVE CVE-2016-1048
CVE CVE-2016-1049
CVE CVE-2016-1050
CVE CVE-2016-1051
CVE CVE-2016-1052
CVE CVE-2016-1053
CVE CVE-2016-1054
CVE CVE-2016-1055
CVE CVE-2016-1056
CVE CVE-2016-1057
CVE CVE-2016-1058
CVE CVE-2016-1059
CVE CVE-2016-1060
CVE CVE-2016-1061
CVE CVE-2016-1062
CVE CVE-2016-1063
CVE CVE-2016-1064
CVE CVE-2016-1065
CVE CVE-2016-1066
CVE CVE-2016-1067
CVE CVE-2016-1068
CVE CVE-2016-1069
CVE CVE-2016-1070
CVE CVE-2016-1071
CVE CVE-2016-1072
CVE CVE-2016-1073
CVE CVE-2016-1074
CVE CVE-2016-1075
CVE CVE-2016-1076
CVE CVE-2016-1077
CVE CVE-2016-1078
CVE CVE-2016-1079
CVE CVE-2016-1080
CVE CVE-2016-1081
CVE CVE-2016-1082
CVE CVE-2016-1083
CVE CVE-2016-1084
CVE CVE-2016-1085
CVE CVE-2016-1086
CVE CVE-2016-1087
CVE CVE-2016-1088
CVE CVE-2016-1090
CVE CVE-2016-1092
CVE CVE-2016-1093
CVE CVE-2016-1094
CVE CVE-2016-1095
CVE CVE-2016-1112
CVE CVE-2016-1116
CVE CVE-2016-1117
CVE CVE-2016-1118
CVE CVE-2016-1119
CVE CVE-2016-1120
CVE CVE-2016-1121
CVE CVE-2016-1122
CVE CVE-2016-1123
CVE CVE-2016-1124
CVE CVE-2016-1125
CVE CVE-2016-1126
CVE CVE-2016-1127
CVE CVE-2016-1128
CVE CVE-2016-1129
CVE CVE-2016-1130
CVE CVE-2016-4088
CVE CVE-2016-4089
CVE CVE-2016-4090
CVE CVE-2016-4091
CVE CVE-2016-4092
CVE CVE-2016-4093
CVE CVE-2016-4094
CVE CVE-2016-4096
CVE CVE-2016-4097
CVE CVE-2016-4098
CVE CVE-2016-4099
CVE CVE-2016-4100
CVE CVE-2016-4101
CVE CVE-2016-4102
CVE CVE-2016-4103
CVE CVE-2016-4104
CVE CVE-2016-4105
CVE CVE-2016-4106
CVE CVE-2016-4107
CVE CVE-2016-4119
XREF OSVDB:138219
XREF OSVDB:138220
XREF OSVDB:138225
XREF OSVDB:138226
XREF OSVDB:138227
XREF OSVDB:138228
XREF OSVDB:138229
XREF OSVDB:138230
XREF OSVDB:138231
XREF OSVDB:138232
XREF OSVDB:138233
XREF OSVDB:138234
XREF OSVDB:138235
XREF OSVDB:138236
XREF OSVDB:138237
XREF OSVDB:138238
XREF OSVDB:138239
XREF OSVDB:138240
XREF OSVDB:138241
XREF OSVDB:138242
XREF OSVDB:138243
XREF OSVDB:138244
XREF OSVDB:138245
XREF OSVDB:138246
XREF OSVDB:138247
XREF OSVDB:138248
XREF OSVDB:138249
XREF OSVDB:138250
XREF OSVDB:138251
XREF OSVDB:138252
XREF OSVDB:138253
XREF OSVDB:138254
XREF OSVDB:138255
XREF OSVDB:138256
XREF OSVDB:138257
XREF OSVDB:138258
XREF OSVDB:138259
XREF OSVDB:138260
XREF OSVDB:138261
XREF OSVDB:138262
XREF OSVDB:138263
XREF OSVDB:138264
XREF OSVDB:138265
XREF OSVDB:138266
XREF OSVDB:138267
XREF OSVDB:138268
XREF OSVDB:138269
XREF OSVDB:138270
XREF OSVDB:138271
XREF OSVDB:138272
XREF OSVDB:138273
XREF OSVDB:138274
XREF OSVDB:138275
XREF OSVDB:138276
XREF OSVDB:138277
XREF OSVDB:138278
XREF OSVDB:138279
XREF OSVDB:138280
XREF OSVDB:138281
XREF OSVDB:138282
XREF OSVDB:138283
XREF OSVDB:138284
XREF OSVDB:138285
XREF OSVDB:138286
XREF OSVDB:138287
XREF OSVDB:138288
XREF OSVDB:138289
XREF OSVDB:138290
XREF OSVDB:138291
XREF OSVDB:138292
XREF OSVDB:138293
XREF OSVDB:138294
XREF OSVDB:138295
XREF OSVDB:138296
XREF OSVDB:138297
XREF OSVDB:138298
XREF OSVDB:138299
XREF OSVDB:138300
XREF OSVDB:138301
XREF OSVDB:138302
XREF OSVDB:138303
XREF OSVDB:138304
XREF OSVDB:138305
XREF OSVDB:138306
XREF OSVDB:138307
XREF OSVDB:138308
XREF OSVDB:138309
XREF OSVDB:138310
XREF OSVDB:138311
XREF OSVDB:138312
XREF OSVDB:138313
XREF OSVDB:138314
XREF OSVDB:138717
XREF ZDI:ZDI-16-285
XREF ZDI:ZDI-16-286
XREF ZDI:ZDI-16-287
XREF ZDI:ZDI-16-288
XREF ZDI:ZDI-16-289
XREF ZDI:ZDI-16-290
XREF ZDI:ZDI-16-291
XREF ZDI:ZDI-16-292
XREF ZDI:ZDI-16-293
XREF ZDI:ZDI-16-294
XREF ZDI:ZDI-16-295
XREF ZDI:ZDI-16-296
XREF ZDI:ZDI-16-297
XREF ZDI:ZDI-16-298
XREF ZDI:ZDI-16-299
XREF ZDI:ZDI-16-300
XREF ZDI:ZDI-16-301
XREF ZDI:ZDI-16-302
XREF ZDI:ZDI-16-303
XREF ZDI:ZDI-16-304
XREF ZDI:ZDI-16-305
XREF ZDI:ZDI-16-306
XREF ZDI:ZDI-16-307
XREF ZDI:ZDI-16-308
XREF ZDI:ZDI-16-309
XREF ZDI:ZDI-16-310
XREF ZDI:ZDI-16-311
XREF ZDI:ZDI-16-312
XREF ZDI:ZDI-16-313
XREF ZDI:ZDI-16-315
XREF ZDI:ZDI-16-316
XREF ZDI:ZDI-16-317
XREF ZDI:ZDI-16-318
XREF ZDI:ZDI-16-319
XREF ZDI:ZDI-16-320
XREF ZDI:ZDI-16-321
XREF ZDI:ZDI-16-322
XREF ZDI:ZDI-16-323
XREF ZDI:ZDI-16-324
XREF ZDI:ZDI-16-325
XREF ZDI:ZDI-16-326
XREF ZDI:ZDI-16-327
XREF ZDI:ZDI-16-328
XREF ZDI:ZDI-16-329
Plugin Information:
Published: 2016/05/12, Modified: 2017/05/09
Plugin Output

10.0.0.64 (tcp/445)


Note: The Adobe Reader version was extracted from AcroRd32.dll.
Path : C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader
Installed version : 15.8.20082.147029
Fixed version : 11.0.16 / 15.006.30172 / 15.016.20039
91163 (1) - Adobe Flash Player <= 21.0.0.226 Multiple Vulnerabilities (APSB16-15)
Synopsis
The remote Windows host has a browser plugin installed that is affected by multiple vulnerabilities.
Description
The version of Adobe Flash Player installed on the remote Windows host is equal or prior to 21.0.0.226. It is, therefore, affected by multiple vulnerabilities :

- Multiple type confusion errors exist that allow an attacker to execute arbitrary code. (CVE-2016-1105, CVE-2016-4117)

- Multiple use-after-free errors exist that allow an attacker to execute arbitrary code. (CVE-2016-1097, CVE-2016-1106, CVE-2016-1107, CVE-2016-1108, CVE-2016-1109, CVE-2016-1110, CVE-2016-4108, CVE-2016-4110, CVE-2016-4121)

- A heap buffer overflow condition exists that allows an attacker to execute arbitrary code. (CVE-2016-1101)

- An unspecified buffer overflow exists that allows an attacker to execute arbitrary code. (CVE-2016-1103)

- Multiple memory corruption issues exist that allow an attacker to execute arbitrary code. (CVE-2016-1096, CVE-2016-1098, CVE-2016-1099, CVE-2016-1100, CVE-2016-1102, CVE-2016-1104, CVE-2016-4109, CVE-2016-4111, CVE-2016-4112, CVE-2016-4113, CVE-2016-4114, CVE-2016-4115, CVE-2016-4120, CVE-2016-4160, CVE-2016-4161, CVE-2016-4162, CVE-2016-4163)

- A flaw exists when loading dynamic-link libraries. An attacker can exploit this, via a specially crafted .dll file, to execute arbitrary code. (CVE-2016-4116)
See Also
Solution
Upgrade to Adobe Flash Player version 21.0.0.242 or later.

Alternatively, Adobe has made version 18.0.0.352 available for those installations that cannot be upgraded to the latest version.
Risk Factor
High
CVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score
7.3 (CVSS2#E:POC/RL:OF/RC:ND)
References
BID 90505
CVE CVE-2016-1096
CVE CVE-2016-1097
CVE CVE-2016-1098
CVE CVE-2016-1099
CVE CVE-2016-1100
CVE CVE-2016-1101
CVE CVE-2016-1102
CVE CVE-2016-1103
CVE CVE-2016-1104
CVE CVE-2016-1105
CVE CVE-2016-1106
CVE CVE-2016-1107
CVE CVE-2016-1108
CVE CVE-2016-1109
CVE CVE-2016-1110
CVE CVE-2016-4108
CVE CVE-2016-4109
CVE CVE-2016-4110
CVE CVE-2016-4111
CVE CVE-2016-4112
CVE CVE-2016-4113
CVE CVE-2016-4114
CVE CVE-2016-4115
CVE CVE-2016-4116
CVE CVE-2016-4117
CVE CVE-2016-4120
CVE CVE-2016-4121
CVE CVE-2016-4160
CVE CVE-2016-4161
CVE CVE-2016-4162
CVE CVE-2016-4163
XREF OSVDB:138221
XREF OSVDB:138349
XREF OSVDB:138350
XREF OSVDB:138351
XREF OSVDB:138352
XREF OSVDB:138353
XREF OSVDB:138354
XREF OSVDB:138355
XREF OSVDB:138356
XREF OSVDB:138357
XREF OSVDB:138358
XREF OSVDB:138359
XREF OSVDB:138360
XREF OSVDB:138361
XREF OSVDB:138362
XREF OSVDB:138363
XREF OSVDB:138364
XREF OSVDB:138365
XREF OSVDB:138366
XREF OSVDB:138367
XREF OSVDB:138368
XREF OSVDB:138369
XREF OSVDB:138370
XREF OSVDB:138371
XREF OSVDB:138372
XREF OSVDB:138733
XREF OSVDB:138734
XREF OSVDB:139301
XREF OSVDB:139302
XREF OSVDB:139303
XREF OSVDB:139304
Plugin Information:
Published: 2016/05/16, Modified: 2016/12/07
Plugin Output

10.0.0.14 (tcp/445)


Product : ActiveX control (for Internet Explorer)
Path : C:\WINDOWS\system32\Macromed\Flash\Flash10p.ocx
Installed version : 10.2.159.1
Fixed version : 21.0.0.242 / 18.0.0.352
91547 (1) - Firefox < 47 Multiple Vulnerabilities
Synopsis
The remote Windows host contains a web browser that is affected by multiple vulnerabilities.
Description
The version of Firefox installed on the remote Windows host is prior to 47. It is, therefore, affected by multiple vulnerabilities :

- Multiple memory corruption issues exist that allow an unauthenticated, remote attacker to execute arbitrary code. (CVE-2016-2815, CVE-2016-2818)

- An overflow condition exists that is triggered when handling HTML5 fragments in foreign contexts (e.g., under <svg> nodes). An unauthenticated, remote attacker can exploit this to cause a heap-based buffer overflow, resulting in the execution of arbitrary code.
(CVE-2016-2819)

- A use-after-free error exists that is triggered when deleting DOM table elements in 'contenteditable' mode.
An unauthenticated, remote attacker can exploit this to dereference already freed memory, resulting in the execution of arbitrary code. (CVE-2016-2821)

- A spoofing vulnerability exists due to improper handling of SELECT elements. An unauthenticated, remote attacker can exploit this to spoof the contents of the address bar. (CVE-2016-2822)

- An out-of-bounds write error exists in the ANGLE graphics library due to improper size checking while writing to an array during WebGL shader operations. An unauthenticated, remote attacker can exploit this to execute arbitrary code. (CVE-2016-2824)

- A same-origin bypass vulnerability exists that is triggered when handling location.host property values set after the creation of invalid 'data:' URIs. An unauthenticated, remote attacker can exploit this to partially bypass same-origin policy protections.
(CVE-2016-2825)

- A privilege escalation vulnerability exists in the Windows updater utility due to improper extraction of files from MAR archives. A local attacker can exploit this to replace the extracted files, allowing the attacker to gain elevated privileges. (CVE-2016-2826)

- A use-after-free error exists that is triggered when destroying the recycle pool of a texture used during the processing of WebGL content. An unauthenticated, remote attacker can exploit this to dereference already freed memory, resulting in the execution of arbitrary code.
(CVE-2016-2828)

- A flaw exists in browser/modules/webrtcUI.jsm that is triggered when handling a large number of permission requests over a small period of time. An unauthenticated, remote attacker can exploit this to cause the incorrect icon to be displayed in a given permission request, potentially resulting in a user approving unintended permission requests.
(CVE-2016-2829)

- A flaw exists that is triggered when handling paired fullscreen and pointerlock requests in combination with closing windows. An unauthenticated, remote attacker can exploit this to create an unauthorized pointerlock, resulting in a denial of service condition.
Additionally, an attacker can exploit this to conduct spoofing and clickjacking attacks. (CVE-2016-2831)

- An information disclosure vulnerability exists that is triggered when handling CSS pseudo-classes. An unauthenticated, remote attacker can exploit this disclose a list of installed plugins. (CVE-2016-2832)

- A Content Security Policy (CSP) bypass exists that is triggered when handling specially crafted cross-domain Java applets. An unauthenticated, remote attacker can exploit this to bypass the CSP and conduct cross-site scripting attacks. (CVE-2016-2833)

- Multiple unspecified flaws exist in the Mozilla Network Security Services (NSS) component that allow an attacker to have an unspecified impact. (CVE-2016-2834)
See Also
Solution
Upgrade to Firefox version 47 or later.
Risk Factor
High
CVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score
7.5 (CVSS2#E:U/RL:ND/RC:UR)
References
BID 91072
BID 91074
BID 91075
CVE CVE-2016-2815
CVE CVE-2016-2818
CVE CVE-2016-2819
CVE CVE-2016-2821
CVE CVE-2016-2822
CVE CVE-2016-2824
CVE CVE-2016-2825
CVE CVE-2016-2826
CVE CVE-2016-2828
CVE CVE-2016-2829
CVE CVE-2016-2831
CVE CVE-2016-2832
CVE CVE-2016-2833
CVE CVE-2016-2834
XREF OSVDB:139436
XREF OSVDB:139437
XREF OSVDB:139438
XREF OSVDB:139439
XREF OSVDB:139440
XREF OSVDB:139441
XREF OSVDB:139442
XREF OSVDB:139443
XREF OSVDB:139444
XREF OSVDB:139445
XREF OSVDB:139446
XREF OSVDB:139447
XREF OSVDB:139448
XREF OSVDB:139449
XREF OSVDB:139450
XREF OSVDB:139451
XREF OSVDB:139452
XREF OSVDB:139453
XREF OSVDB:139454
XREF OSVDB:139455
XREF OSVDB:139456
XREF OSVDB:139457
XREF OSVDB:139458
XREF OSVDB:139459
XREF OSVDB:139460
XREF OSVDB:139461
XREF OSVDB:139462
XREF OSVDB:139463
XREF OSVDB:139464
XREF OSVDB:139465
XREF OSVDB:139466
XREF OSVDB:139467
XREF OSVDB:139468
XREF OSVDB:139469
XREF MFSA:2016-49
XREF MFSA:2016-50
XREF MFSA:2016-51
XREF MFSA:2016-52
XREF MFSA:2016-53
XREF MFSA:2016-54
XREF MFSA:2016-55
XREF MFSA:2016-56
XREF MFSA:2016-57
XREF MFSA:2016-58
XREF MFSA:2016-59
XREF MFSA:2016-60
XREF MFSA:2016-61
Plugin Information:
Published: 2016/06/09, Modified: 2016/08/09
Plugin Output

10.0.0.64 (tcp/445)


Path : C:\Program Files (x86)\Mozilla Firefox
Installed version : 42.0
Fixed version : 47
91670 (1) - Adobe Flash Player <= 21.0.0.242 Multiple Vulnerabilities (APSB16-18)
Synopsis
The remote Windows host has a browser plugin installed that is affected by multiple vulnerabilities.
Description
The version of Adobe Flash Player installed on the remote Windows host is equal or prior to version 21.0.0.242. It is, therefore, affected by multiple vulnerabilities :

- Multiple memory corruption issues exist that allow an unauthenticated, remote attacker to cause a denial of service condition or the execution of arbitrary code.
(CVE-2016-4122, CVE-2016-4123, CVE-2016-4124, CVE-2016-4125, CVE-2016-4127, CVE-2016-4128, CVE-2016-4129, CVE-2016-4130, CVE-2016-4131, CVE-2016-4132, CVE-2016-4133, CVE-2016-4134, CVE-2016-4137, CVE-2016-4141, CVE-2016-4150, CVE-2016-4151, CVE-2016-4152, CVE-2016-4153, CVE-2016-4154, CVE-2016-4155, CVE-2016-4156, CVE-2016-4166, CVE-2016-4171)

- Multiple heap buffer overflow conditions exist due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit these to execute arbitrary code. (CVE-2016-4135, CVE-2016-4136, CVE-2016-4138).

- An unspecified vulnerability exists that allows an unauthenticated, remote attacker to bypass the same-origin policy, resulting in the disclosure of potentially sensitive information. (CVE-2016-4139)

- An unspecified flaw exists when loading certain dynamic link libraries due to using a search path that includes directories which may not be trusted or under the user's control. An unauthenticated, remote attacker can exploit this, by inserting a specially crafted library in the path, to execute arbitrary code in the context of the user. (CVE-2016-4140)

- Multiple use-after-free errors exist that allow an unauthenticated, remote attacker to deference already freed memory, resulting in the execution of arbitrary code. (CVE-2016-4142, CVE-2016-4143, CVE-2016-4145, CVE-2016-4146, CVE-2016-4147, CVE-2016-4148)

- Multiple type confusion errors exist that allow an unauthenticated, remote attacker to execute arbitrary code. (CVE-2016-4144, CVE-2016-4149)
See Also
Solution
Upgrade to Adobe Flash Player version 22.0.0.192 or later.

Alternatively, Adobe has made version 18.0.0.360 available for those installations that cannot be upgraded to the latest version.
Risk Factor
High
CVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score
7.3 (CVSS2#E:POC/RL:OF/RC:ND)
References
CVE CVE-2016-4122
CVE CVE-2016-4123
CVE CVE-2016-4124
CVE CVE-2016-4125
CVE CVE-2016-4127
CVE CVE-2016-4128
CVE CVE-2016-4129
CVE CVE-2016-4130
CVE CVE-2016-4131
CVE CVE-2016-4132
CVE CVE-2016-4133
CVE CVE-2016-4134
CVE CVE-2016-4135
CVE CVE-2016-4136
CVE CVE-2016-4137
CVE CVE-2016-4138
CVE CVE-2016-4139
CVE CVE-2016-4140
CVE CVE-2016-4141
CVE CVE-2016-4142
CVE CVE-2016-4143
CVE CVE-2016-4144
CVE CVE-2016-4145
CVE CVE-2016-4146
CVE CVE-2016-4147
CVE CVE-2016-4148
CVE CVE-2016-4149
CVE CVE-2016-4150
CVE CVE-2016-4151
CVE CVE-2016-4152
CVE CVE-2016-4153
CVE CVE-2016-4154
CVE CVE-2016-4155
CVE CVE-2016-4156
CVE CVE-2016-4166
CVE CVE-2016-4171
XREF OSVDB:139936
XREF OSVDB:140015
XREF OSVDB:140077
XREF OSVDB:140078
XREF OSVDB:140079
XREF OSVDB:140080
XREF OSVDB:140081
XREF OSVDB:140082
XREF OSVDB:140083
XREF OSVDB:140084
XREF OSVDB:140085
XREF OSVDB:140086
XREF OSVDB:140087
XREF OSVDB:140088
XREF OSVDB:140089
XREF OSVDB:140090
XREF OSVDB:140091
XREF OSVDB:140092
XREF OSVDB:140093
XREF OSVDB:140094
XREF OSVDB:140095
XREF OSVDB:140096
XREF OSVDB:140097
XREF OSVDB:140098
XREF OSVDB:140099
XREF OSVDB:140100
XREF OSVDB:140101
XREF OSVDB:140102
XREF OSVDB:140103
XREF OSVDB:140104
XREF OSVDB:140105
XREF OSVDB:140106
XREF OSVDB:140107
XREF OSVDB:140108
XREF OSVDB:140109
XREF OSVDB:140110
XREF CERT:748992
Plugin Information:
Published: 2016/06/17, Modified: 2016/08/16
Plugin Output

10.0.0.14 (tcp/445)


Product : ActiveX control (for Internet Explorer)
Path : C:\WINDOWS\system32\Macromed\Flash\Flash10p.ocx
Installed version : 10.2.159.1
Fixed version : 22.0.0.192 / 18.0.0.360
92012 (1) - Adobe Flash Player <= 22.0.0.192 Multiple Vulnerabilities (APSB16-25)
Synopsis
The remote Windows host has a browser plugin installed that is affected by multiple vulnerabilities.
Description
The version of Adobe Flash Player installed on the remote Windows host is equal or prior to version 22.0.0.192. It is, therefore, affected by multiple Vulnerabilities :

- Multiple memory corruption issues exist that allow a remote attacker to execute arbitrary code.
(CVE-2016-4172, CVE-2016-4175, CVE-2016-4179, CVE-2016-4180, CVE-2016-4181, CVE-2016-4182, CVE-2016-4183, CVE-2016-4184, CVE-2016-4185, CVE-2016-4186, CVE-2016-4187, CVE-2016-4188, CVE-2016-4189, CVE-2016-4190, CVE-2016-4217, CVE-2016-4218, CVE-2016-4219, CVE-2016-4220, CVE-2016-4221, CVE-2016-4233, CVE-2016-4234, CVE-2016-4235, CVE-2016-4236, CVE-2016-4237, CVE-2016-4238, CVE-2016-4239, CVE-2016-4240, CVE-2016-4241, CVE-2016-4242, CVE-2016-4243, CVE-2016-4244, CVE-2016-4245, CVE-2016-4246)

- Multiple use-after-free errors exist that allow a remote attacker to execute arbitrary code. (CVE-2016-4173, CVE-2016-4174, CVE-2016-4222, CVE-2016-4226, CVE-2016-4227, CVE-2016-4228, CVE-2016-4229, CVE-2016-4230, CVE-2016-4231, CVE-2016-4248, CVE-2016-7020)

- Multiple stack corruption issues exist that allow a remote attacker to execute arbitrary code.
(CVE-2016-4176, CVE-2016-4177)

- A security bypass vulnerability exists that allows a remote attacker to disclose sensitive information.
(CVE-2016-4178)

- Multiple type confusion errors exist that allow a remote attacker to execute arbitrary code. (CVE-2016-4223, CVE-2016-4224, CVE-2016-4225)

- An unspecified memory leak issue exists that allows an attacker to have an unspecified impact. (CVE-2016-4232)

- A race condition exists that allows a remote attacker to disclose sensitive information. (CVE-2016-4247)

- A heap buffer overflow condition exists that allows a remote attacker to execute arbitrary code.
(CVE-2016-4249)
See Also
Solution
Upgrade to Adobe Flash Player version 22.0.0.209 or later.

Alternatively, Adobe has made version 18.0.0.366 available for those installs that cannot be upgraded to the latest version.
Risk Factor
High
CVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score
7.3 (CVSS2#E:POC/RL:OF/RC:ND)
References
BID 91718
BID 91719
BID 91720
BID 91721
BID 91722
BID 91723
BID 91724
BID 91725
CVE CVE-2016-4172
CVE CVE-2016-4173
CVE CVE-2016-4174
CVE CVE-2016-4175
CVE CVE-2016-4176
CVE CVE-2016-4177
CVE CVE-2016-4178
CVE CVE-2016-4179
CVE CVE-2016-4180
CVE CVE-2016-4181
CVE CVE-2016-4182
CVE CVE-2016-4183
CVE CVE-2016-4184
CVE CVE-2016-4185
CVE CVE-2016-4186
CVE CVE-2016-4187
CVE CVE-2016-4188
CVE CVE-2016-4189
CVE CVE-2016-4190
CVE CVE-2016-4217
CVE CVE-2016-4218
CVE CVE-2016-4219
CVE CVE-2016-4220
CVE CVE-2016-4221
CVE CVE-2016-4222
CVE CVE-2016-4223
CVE CVE-2016-4224
CVE CVE-2016-4225
CVE CVE-2016-4226
CVE CVE-2016-4227
CVE CVE-2016-4228
CVE CVE-2016-4229
CVE CVE-2016-4230
CVE CVE-2016-4231
CVE CVE-2016-4232
CVE CVE-2016-4233
CVE CVE-2016-4234
CVE CVE-2016-4235
CVE CVE-2016-4236
CVE CVE-2016-4237
CVE CVE-2016-4238
CVE CVE-2016-4239
CVE CVE-2016-4240
CVE CVE-2016-4241
CVE CVE-2016-4242
CVE CVE-2016-4243
CVE CVE-2016-4244
CVE CVE-2016-4245
CVE CVE-2016-4246
CVE CVE-2016-4247
CVE CVE-2016-4248
CVE CVE-2016-4249
CVE CVE-2016-7020
XREF OSVDB:141309
XREF OSVDB:141310
XREF OSVDB:141311
XREF OSVDB:141312
XREF OSVDB:141313
XREF OSVDB:141314
XREF OSVDB:141315
XREF OSVDB:141316
XREF OSVDB:141317
XREF OSVDB:141318
XREF OSVDB:141319
XREF OSVDB:141320
XREF OSVDB:141321
XREF OSVDB:141322
XREF OSVDB:141323
XREF OSVDB:141324
XREF OSVDB:141325
XREF OSVDB:141326
XREF OSVDB:141327
XREF OSVDB:141328
XREF OSVDB:141329
XREF OSVDB:141330
XREF OSVDB:141331
XREF OSVDB:141332
XREF OSVDB:141333
XREF OSVDB:141334
XREF OSVDB:141335
XREF OSVDB:141336
XREF OSVDB:141337
XREF OSVDB:141338
XREF OSVDB:141339
XREF OSVDB:141340
XREF OSVDB:141341
XREF OSVDB:141342
XREF OSVDB:141343
XREF OSVDB:141344
XREF OSVDB:141345
XREF OSVDB:141346
XREF OSVDB:141347
XREF OSVDB:141348
XREF OSVDB:141349
XREF OSVDB:141350
XREF OSVDB:141351
XREF OSVDB:141352
XREF OSVDB:141353
XREF OSVDB:141354
XREF OSVDB:141355
XREF OSVDB:141356
XREF OSVDB:141359
XREF OSVDB:141360
XREF OSVDB:141380
XREF OSVDB:141381
XREF OSVDB:145170
Plugin Information:
Published: 2016/07/12, Modified: 2016/10/06
Plugin Output

10.0.0.14 (tcp/445)


Product : ActiveX control (for Internet Explorer)
Path : C:\WINDOWS\system32\Macromed\Flash\Flash10p.ocx
Installed version : 10.2.159.1
Fixed version : 22.0.0.209 / 18.0.0.366
92018 (1) - MS16-087: Security Update for Windows Print Spooler (3170005)
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing a security update. It is, therefore, affected by multiple vulnerabilities :

- A remote code execution vulnerability exists in the Windows Print Spooler service due to improper validation of print drivers while installing a printer from network servers. An unauthenticated, remote attacker can exploit this vulnerability, via a man-in-the-middle attack on a workstation or print server or via a rogue print server, to execute arbitrary code in the context of the current user. (CVE-2016-3238)

- An elevation of privilege vulnerability exists in the Windows Print Spooler service due to improperly allowing arbitrary writing to the file system. An attacker can exploit this issue, via a specially crafted script or application, to execute arbitrary code with elevated system privileges. (CVE-2016-3239)
See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 2012, 8.1, RT 8.1, 2012 R2, and 10.
Risk Factor
High
CVSS v3.0 Base Score
9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score
7.7 (CVSS2#E:F/RL:OF/RC:ND)
STIG Severity
II
References
BID 91609
BID 91612
CVE CVE-2016-3238
CVE CVE-2016-3239
MSKB 3170455
MSKB 4038777
MSKB 4038779
MSKB 4038781
MSKB 4038782
MSKB 4038783
MSKB 4038786
MSKB 4038792
MSKB 4038793
MSKB 4038799
XREF OSVDB:141403
XREF OSVDB:141404
XREF MSFT:MS16-087
XREF IAVA:2016-A-0181
Plugin Information:
Published: 2016/07/12, Modified: 2017/11/28
Plugin Output

10.0.0.64 (tcp/445)


The remote host is missing one of the following rollup KBs :
- 4038777
- 4038779

C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 6.1.7601.23864
Should be : 6.1.7601.23889
92035 (1) - Adobe Reader < 11.0.17 / 15.006.30198 / 15.017.20050 Multiple Vulnerabilities (APSB16-26)
Synopsis
The version of Adobe Reader installed on the remote Windows host is affected by multiple vulnerabilities.
Description
The version of Adobe Reader installed on the remote Windows host is prior to 11.0.17, 15.006.30198, or 15.017.20050. It is, therefore, affected by multiple vulnerabilities :

- Multiple unspecified memory corruption issues exist due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit these to execute arbitrary code. (CVE-2016-4191, CVE-2016-4192, CVE-2016-4193, CVE-2016-4194, CVE-2016-4195, CVE-2016-4196, CVE-2016-4197, CVE-2016-4198, CVE-2016-4199, CVE-2016-4200, CVE-2016-4201, CVE-2016-4202, CVE-2016-4203, CVE-2016-4204, CVE-2016-4205, CVE-2016-4206, CVE-2016-4207, CVE-2016-4208, CVE-2016-4211, CVE-2016-4212, CVE-2016-4213, CVE-2016-4214, CVE-2016-4250, CVE-2016-4251, CVE-2016-4252, CVE-2016-4254, CVE-2016-4265, CVE-2016-4266, CVE-2016-4267, CVE-2016-4268, CVE-2016-4269, CVE-2016-4270, CVE-2016-6937)

- An unspecified heap buffer overflow condition exists due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this to execute arbitrary code. (CVE-2016-4209)

- An unspecified integer overflow condition exists that allows an unauthenticated, remote attacker to execute arbitrary code. (CVE-2016-4210)

- An unspecified flaw exists that allows an unauthenticated, remote attacker to bypass the JavaScript API and execute arbitrary code.
CVE-2016-4215)

- An unspecified use-after-free error exists that allows an unauthenticated, remote attacker to execute arbitrary code. (CVE-2016-4255, CVE-2016-6938)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Upgrade to Adobe Reader version 11.0.17 / 15.006.30198 / 15.017.20050 or later.
Risk Factor
High
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
7.9 (CVSS:3.0/E:P/RL:O/RC:C)
CVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score
7.3 (CVSS2#E:POC/RL:OF/RC:C)
References
BID 91710
BID 91711
BID 91712
BID 91714
BID 91716
BID 92635
BID 92636
BID 92637
BID 92640
BID 92641
BID 92643
BID 93014
BID 93016
CVE CVE-2016-4191
CVE CVE-2016-4192
CVE CVE-2016-4193
CVE CVE-2016-4194
CVE CVE-2016-4195
CVE CVE-2016-4196
CVE CVE-2016-4197
CVE CVE-2016-4198
CVE CVE-2016-4199
CVE CVE-2016-4200
CVE CVE-2016-4201
CVE CVE-2016-4202
CVE CVE-2016-4203
CVE CVE-2016-4204
CVE CVE-2016-4205
CVE CVE-2016-4206
CVE CVE-2016-4207
CVE CVE-2016-4208
CVE CVE-2016-4209
CVE CVE-2016-4210
CVE CVE-2016-4211
CVE CVE-2016-4212
CVE CVE-2016-4213
CVE CVE-2016-4214
CVE CVE-2016-4215
CVE CVE-2016-4250
CVE CVE-2016-4251
CVE CVE-2016-4252
CVE CVE-2016-4254
CVE CVE-2016-4255
CVE CVE-2016-4265
CVE CVE-2016-4266
CVE CVE-2016-4267
CVE CVE-2016-4268
CVE CVE-2016-4269
CVE CVE-2016-4270
CVE CVE-2016-6937
CVE CVE-2016-6938
XREF OSVDB:141302
XREF OSVDB:141303
XREF OSVDB:141304
XREF OSVDB:141305
XREF OSVDB:141306
XREF OSVDB:141307
XREF OSVDB:141308
XREF OSVDB:141357
XREF OSVDB:141358
XREF OSVDB:141361
XREF OSVDB:141362
XREF OSVDB:141363
XREF OSVDB:141364
XREF OSVDB:141365
XREF OSVDB:141366
XREF OSVDB:141367
XREF OSVDB:141368
XREF OSVDB:141369
XREF OSVDB:141370
XREF OSVDB:141371
XREF OSVDB:141372
XREF OSVDB:141373
XREF OSVDB:141374
XREF OSVDB:141375
XREF OSVDB:141376
XREF OSVDB:141377
XREF OSVDB:141378
XREF OSVDB:141379
XREF OSVDB:143420
XREF OSVDB:143421
XREF OSVDB:143422
XREF OSVDB:143423
XREF OSVDB:143424
XREF OSVDB:143425
XREF OSVDB:144408
XREF OSVDB:144409
Plugin Information:
Published: 2016/07/13, Modified: 2017/05/09
Plugin Output

10.0.0.64 (tcp/445)


Note: The Adobe Reader version was extracted from AcroRd32.dll.
Path : C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader
Installed version : 15.8.20082.147029
Fixed version : 11.0.17 / 15.006.30198 / 15.017.20050
92755 (1) - Firefox < 48 Multiple Vulnerabilities
Synopsis
The remote Windows host contains a web browser that is affected by multiple vulnerabilities.
Description
The version of Firefox installed on the remote Windows host is prior to 48. It is, therefore, affected by multiple vulnerabilities :

- An overflow condition exists in the expat XML parser due to improper validation of user-supplied input when handling malformed input documents. An attacker can exploit this to cause a buffer overflow, resulting in a denial of service condition or the execution of arbitrary code. (CVE-2016-0718)

- An information disclosure vulnerability exists due to a failure to close connections after requesting favicons.
An attacker can exploit this to continue to send requests to the user's browser and disclose sensitive information.(CVE-2016-2830)

- Multiple memory corruption issues exist due to improper validation of user-supplied input. An attacker can exploit these issues to cause a denial of service condition or the execution of arbitrary code.
(CVE-2016-2835, CVE-2016-2836)

- An overflow condition exists in the ClearKey Content Decryption Module (CDM) used by the Encrypted Media Extensions (EME) API due to improper validation of user-supplied input. An attacker can exploit this to cause a buffer overflow, resulting in a denial of service condition or the execution of arbitrary code.
(CVE-2016-2837)

- An overflow condition exists in the ProcessPDI() function in layout/base/nsBidi.cpp due to improper validation of user-supplied input. An attacker can exploit this to cause a heap-based buffer overflow, resulting in a denial of service condition or the execution of arbitrary code. (CVE-2016-2838)

- A flaw exists in the Resource Timing API during page navigation. An attacker can exploit this to disclose sensitive information. (CVE-2016-5250)

- A flaw exists that is triggered when decoding url-encoded values in 'data:' URLs. An attacker can exploit this, via non-ASCII or emoji characters, to spoof the address in the address bar. (CVE-2016-5251)

- An underflow condition exists in the BasePoint4d() function in gfx/2d/Matrix.h due to improper validation of user-supplied input when calculating clipping regions in 2D graphics. A remote attacker can exploit this to cause a stack-based buffer underflow, resulting in a denial of service condition or the execution of arbitrary code. (CVE-2016-5252)

- A flaw in the updater service exists when launched using the callback application path parameter that allows an attacker to escalate privileges. (CVE-2016-5253)

- A use-after-free error exists in the KeyDown() function in layout/xul/nsXULPopupManager.cpp when using the alt key in conjunction with top level menu items. An attacker can exploit this to dereference already freed memory, resulting in a denial of service condition or the execution of arbitrary code. (CVE-2016-5254)

- A use-after-free error exists in the sweep() function that is triggered when handling objects and pointers during incremental garbage collection. An attacker can exploit this to dereference already freed memory, resulting in a denial of service condition or the execution of arbitrary code. (CVE-2016-5255)

- A use-after-free error exists in WebRTC that is triggered when handling DTLS objects. An attacker can exploit this to dereference already freed memory, resulting in a denial of service condition or the execution of arbitrary code. (CVE-2016-5258)

- A use-after-free error exists in the DestroySyncLoop() function in dom/workers/WorkerPrivate.cpp that is triggered when handling nested sync event loops in Service Workers. An attacker can exploit this to dereference already freed memory, resulting in a denial of service condition or the execution of arbitrary code.
(CVE-2016-5259)

- An information disclosure vulnerability exists in the restorableFormNodes() function in XPathGenerator.jsm due to persistently storing passwords in plaintext in session restore data. An attacker can exploit this to disclose password information. (CVE-2016-5260)

- An integer overflow condition exists in the ProcessInput() function in WebSocketChannel.cpp due to improper validation of user-supplied input when handling specially crafted WebSocketChannel packets. An attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. (CVE-2016-5261)

- A security bypass vulnerability exists due to event handler attributes on a <marquee> tag being executed inside a sandboxed iframe that does not have the allow-scripts flag set. An attacker can exploit this to bypass cross-site scripting protection mechanisms.
(CVE-2016-5262)

- A type confusion flaw exists in the HitTest() function in nsDisplayList.cpp when handling display transformations. An attacker can exploit this to execute arbitrary code. (CVE-2016-5263)

- A use-after-free error exists in the NativeAnonymousChildListChange() function when applying effects to SVG elements. An attacker can exploit this to dereference already freed memory, resulting in a denial of service condition or the execution of arbitrary code.
(CVE-2016-5264)

- A flaw exists in the Redirect() function in nsBaseChannel.cpp that is triggered when a malicious shortcut is called from the same directory as a local HTML file. An attacker can exploit this to bypass the same-origin policy. (CVE-2016-5265)

- A flaw exists due to a failure to properly filter file URIs dragged from a web page to a different piece of software. An attacker can exploit this to disclose sensitive information. (CVE-2016-5266)

- A flaw exists that is triggered when handling certain specific 'about:' URLs that allows an attacker to spoof the contents of system information or error messages (CVE-2016-5268)

- A flaw exists in woff2 that is triggered during the handling of TTC detection. An attacker can exploit this to have an unspecified impact. (VulnDB 142603)

- Multiple unspecified flaws exist in woff2 that allow an attacker to cause a denial of service condition. (VulnDB 142607, 142608, and 142609)
See Also
Solution
Upgrade to Firefox version 48 or later.
Risk Factor
High
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
8.1 (CVSS:3.0/E:U/RL:U/RC:C)
CVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score
7.9 (CVSS2#E:U/RL:U/RC:C)
References
BID 90729
BID 92258
BID 92260
BID 92261
CVE CVE-2016-0718
CVE CVE-2016-2830
CVE CVE-2016-2835
CVE CVE-2016-2836
CVE CVE-2016-2837
CVE CVE-2016-2838
CVE CVE-2016-5250
CVE CVE-2016-5251
CVE CVE-2016-5252
CVE CVE-2016-5253
CVE CVE-2016-5254
CVE CVE-2016-5255
CVE CVE-2016-5258
CVE CVE-2016-5259
CVE CVE-2016-5260
CVE CVE-2016-5261
CVE CVE-2016-5262
CVE CVE-2016-5263
CVE CVE-2016-5264
CVE CVE-2016-5265
CVE CVE-2016-5266
CVE CVE-2016-5268
XREF OSVDB:138680
XREF OSVDB:142419
XREF OSVDB:142420
XREF OSVDB:142421
XREF OSVDB:142422
XREF OSVDB:142423
XREF OSVDB:142424
XREF OSVDB:142425
XREF OSVDB:142426
XREF OSVDB:142427
XREF OSVDB:142428
XREF OSVDB:142429
XREF OSVDB:142430
XREF OSVDB:142431
XREF OSVDB:142432
XREF OSVDB:142433
XREF OSVDB:142434
XREF OSVDB:142435
XREF OSVDB:142468
XREF OSVDB:142469
XREF OSVDB:142471
XREF OSVDB:142472
XREF OSVDB:142473
XREF OSVDB:142474
XREF OSVDB:142475
XREF OSVDB:142476
XREF OSVDB:142477
XREF OSVDB:142478
XREF OSVDB:142479
XREF OSVDB:142480
XREF OSVDB:142481
XREF OSVDB:142482
XREF OSVDB:142484
XREF OSVDB:142485
XREF OSVDB:142486
XREF OSVDB:142487
XREF OSVDB:142488
XREF OSVDB:142603
XREF OSVDB:142607
XREF OSVDB:142608
XREF OSVDB:142609
XREF MFSA:2016-62
XREF MFSA:2016-63
XREF MFSA:2016-64
XREF MFSA:2016-66
XREF MFSA:2016-67
XREF MFSA:2016-68
XREF MFSA:2016-69
XREF MFSA:2016-70
XREF MFSA:2016-71
XREF MFSA:2016-72
XREF MFSA:2016-73
XREF MFSA:2016-74
XREF MFSA:2016-75
XREF MFSA:2016-76
XREF MFSA:2016-77
XREF MFSA:2016-78
XREF MFSA:2016-79
XREF MFSA:2016-80
XREF MFSA:2016-81
XREF MFSA:2016-83
XREF MFSA:2016-84
Plugin Information:
Published: 2016/08/05, Modified: 2017/08/15
Plugin Output

10.0.0.64 (tcp/445)


Path : C:\Program Files (x86)\Mozilla Firefox
Installed version : 42.0
Fixed version : 48
93461 (1) - Adobe Flash Player <= 22.0.0.211 Multiple Vulnerabilities (APSB16-29)
Synopsis
The remote Windows host has a browser plugin installed that is affected by multiple vulnerabilities.
Description
The version of Adobe Flash Player installed on the remote Windows host is equal or prior to version 22.0.0.211. It is, therefore, affected by multiple vulnerabilities :

- Multiple security bypass vulnerabilities exist that allow an unauthenticated, remote attacker to disclose sensitive information. (CVE-2016-4271, CVE-2016-4277, CVE-2016-4278)

- Multiple use-after-free errors exist that allow an unauthenticated, remote attacker to execute arbitrary code. (CVE-2016-4272, CVE-2016-4279, CVE-2016-6921, CVE-2016-6923, CVE-2016-6925, CVE-2016-6926, CVE-2016-6927, CVE-2016-6929, CVE-2016-6930, CVE-2016-6931, CVE-2016-6932)

- Multiple memory corruption issues exist that allow an unauthenticated, remote attacker to execute arbitrary code. (CVE-2016-4274, CVE-2016-4275, CVE-2016-4276, CVE-2016-4280, CVE-2016-4281, CVE-2016-4282, CVE-2016-4283, CVE-2016-4284, CVE-2016-4285, CVE-2016-6922, CVE-2016-6924)

- An integer overflow condition exists that allows an unauthenticated, remote attacker to execute arbitrary code. (CVE-2016-4287)
See Also
Solution
Upgrade to Adobe Flash Player version 23.0.0.162 or later.

Alternatively, Adobe has made version 18.0.0.375 available for those installs that cannot be upgraded to the latest version.
Risk Factor
High
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score
7.3 (CVSS2#E:POC/RL:OF/RC:C)
References
CVE CVE-2016-4271
CVE CVE-2016-4272
CVE CVE-2016-4274
CVE CVE-2016-4275
CVE CVE-2016-4276
CVE CVE-2016-4277
CVE CVE-2016-4278
CVE CVE-2016-4279
CVE CVE-2016-4280
CVE CVE-2016-4281
CVE CVE-2016-4282
CVE CVE-2016-4283
CVE CVE-2016-4284
CVE CVE-2016-4285
CVE CVE-2016-4287
CVE CVE-2016-6921
CVE CVE-2016-6922
CVE CVE-2016-6923
CVE CVE-2016-6924
CVE CVE-2016-6925
CVE CVE-2016-6926
CVE CVE-2016-6927
CVE CVE-2016-6929
CVE CVE-2016-6930
CVE CVE-2016-6931
CVE CVE-2016-6932
XREF OSVDB:144112
XREF OSVDB:144113
XREF OSVDB:144114
XREF OSVDB:144115
XREF OSVDB:144116
XREF OSVDB:144117
XREF OSVDB:144118
XREF OSVDB:144119
XREF OSVDB:144120
XREF OSVDB:144121
XREF OSVDB:144122
XREF OSVDB:144123
XREF OSVDB:144124
XREF OSVDB:144125
XREF OSVDB:144126
XREF OSVDB:144127
XREF OSVDB:144128
XREF OSVDB:144129
XREF OSVDB:144130
XREF OSVDB:144131
XREF OSVDB:144132
XREF OSVDB:144133
XREF OSVDB:144134
XREF OSVDB:144135
XREF OSVDB:144136
XREF OSVDB:144138
Plugin Information:
Published: 2016/09/13, Modified: 2016/12/08
Plugin Output

10.0.0.14 (tcp/445)


Product : ActiveX control (for Internet Explorer)
Path : C:\WINDOWS\system32\Macromed\Flash\Flash10p.ocx
Installed version : 10.2.159.1
Fixed version : 23.0.0.162 / 18.0.0.375
93662 (1) - Mozilla Firefox < 49.0 Multiple Vulnerabilities
Synopsis
The remote Windows host contains a web browser that is affected by multiple vulnerabilities.
Description
The version of Mozilla Firefox installed on the remote Windows host is prior to 49.0. It is, therefore, affected by multiple vulnerabilities :

- An out-of-bounds read error exists within file dom/security/nsCSPParser.cpp when handling content security policies (CSP) containing empty referrer directives. An unauthenticated, remote attacker can exploit this to cause a denial of service condition.
(CVE-2016-2827)

- Multiple memory safety issues exist that allow an unauthenticated, remote attacker to potentially execute arbitrary code. (CVE-2016-5256, CVE-2016-5257)

- A heap buffer overflow condition exists in the nsCaseTransformTextRunFactory::TransformString() function in layout/generic/nsTextRunTransformations.cpp when converting text containing certain Unicode characters. An unauthenticated, remote attacker can exploit this to execute arbitrary code. (CVE-2016-5270)

- An out-of-bounds read error exists in the nsCSSFrameConstructor::GetInsertionPrevSibling() function in file layout/base/nsCSSFrameConstructor.cpp when handling text runs. An unauthenticated, remote attacker can exploit this to disclose memory contents.
(CVE-2016-5271)

- A type confusion error exists within file layout/forms/nsRangeFrame.cpp when handling layout with input elements. An unauthenticated, remote attacker can exploit this to execute arbitrary code. (CVE-2016-5272)

- An unspecified flaw exists in the HyperTextAccessible::GetChildOffset() function that allows an unauthenticated, remote attacker to execute arbitrary code. (CVE-2016-5273)

- A use-after-free error exists within file layout/style/nsRuleNode.cpp when handling web animations during restyling. An unauthenticated, remote attacker can exploit this to execute arbitrary code.
(CVE-2016-5274)

- A buffer overflow condition exists in the FilterSupport::ComputeSourceNeededRegions() function when handling empty filters during canvas rendering. An unauthenticated, remote attacker can exploit this to execute arbitrary code. (CVE-2016-5275)

- A use-after-free error exists in the DocAccessible::ProcessInvalidationList() function within file accessible/generic/DocAccessible.cpp when setting an aria-owns attribute. An unauthenticated, remote attacker can exploit this to execute arbitrary code.
(CVE-2016-5276)

- A use-after-free error exists in the nsRefreshDriver::Tick() function when handling web animations destroying a timeline. An unauthenticated, remote attacker can exploit this to execute arbitrary code. (CVE-2016-5277)

- A buffer overflow condition exists in the nsBMPEncoder::AddImageFrame() function within file dom/base/ImageEncoder.cpp when encoding image frames to images. An unauthenticated, remote attacker can exploit this to execute arbitrary code. (CVE-2016-5278)

- A flaw exists that is triggered when handling drag-and-drop events for files. An unauthenticated, remote attacker can exploit this disclose the full local file path. (CVE-2016-5279)

- A use-after-free error exists in the nsTextNodeDirectionalityMap::RemoveElementFromMap() function within file dom/base/DirectionalityUtils.cpp when handling changing of text direction. An unauthenticated, remote attacker can exploit this to execute arbitrary code. (CVE-2016-5280)

- A use-after-free error exists when handling SVG format content that is being manipulated through script code.
An unauthenticated, remote attacker can exploit this to execute arbitrary code. (CVE-2016-5281)

- A flaw exists when handling content that requests favicons from non-whitelisted schemes that are using certain URI handlers. An unauthenticated, remote attacker can exploit this to bypass intended restrictions. (CVE-2016-5282)

- A flaw exists that is related to the handling of iframes that allow an unauthenticated, remote attacker to conduct an 'iframe src' fragment timing attack, resulting in disclosure of cross-origin data.
(CVE-2016-5283)

- A flaw exists due to the certificate pinning policy for built-in sites (e.g., addons.mozilla.org) not being honored when pins have expired. A man-in-the-middle (MitM) attacker can exploit this to generate a trusted certificate, which could be used to conduct spoofing attacks. (CVE-2016-5284)
See Also
Solution
Upgrade to Mozilla Firefox version 49.0 or later.
Risk Factor
High
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
7.7 (CVSS:3.0/E:U/RL:O/RC:C)
CVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score
6.9 (CVSS2#E:U/RL:OF/RC:C)
References
BID 93049
BID 93052
CVE CVE-2016-2827
CVE CVE-2016-5256
CVE CVE-2016-5257
CVE CVE-2016-5270
CVE CVE-2016-5271
CVE CVE-2016-5272
CVE CVE-2016-5273
CVE CVE-2016-5274
CVE CVE-2016-5275
CVE CVE-2016-5276
CVE CVE-2016-5277
CVE CVE-2016-5278
CVE CVE-2016-5279
CVE CVE-2016-5280
CVE CVE-2016-5281
CVE CVE-2016-5282
CVE CVE-2016-5283
CVE CVE-2016-5284
XREF OSVDB:144426
XREF OSVDB:144608
XREF OSVDB:144609
XREF OSVDB:144610
XREF OSVDB:144611
XREF OSVDB:144612
XREF OSVDB:144613
XREF OSVDB:144614
XREF OSVDB:144615
XREF OSVDB:144616
XREF OSVDB:144617
XREF OSVDB:144618
XREF OSVDB:144619
XREF OSVDB:144620
XREF OSVDB:144621
XREF OSVDB:144622
XREF OSVDB:144623
XREF OSVDB:144624
XREF OSVDB:144625
XREF OSVDB:144626
XREF OSVDB:144627
XREF OSVDB:144628
XREF OSVDB:144629
XREF OSVDB:144630
XREF OSVDB:144631
XREF OSVDB:144632
XREF OSVDB:144633
XREF OSVDB:144634
XREF OSVDB:144635
XREF OSVDB:144636
XREF OSVDB:144637
XREF OSVDB:144638
XREF MFSA:2016-85
Plugin Information:
Published: 2016/09/22, Modified: 2016/11/28
Plugin Output

10.0.0.64 (tcp/445)


Path : C:\Program Files (x86)\Mozilla Firefox
Installed version : 42.0
Fixed version : 49
93960 (1) - Adobe Flash Player <= 23.0.0.162 Multiple Vulnerabilities (APSB16-32)
Synopsis
The remote Windows host has a browser plugin installed that is affected by multiple vulnerabilities.
Description
The version of Adobe Flash Player installed on the remote Windows host is equal or prior to version 23.0.0.162. It is, therefore, affected by multiple vulnerabilities :

- A type confusion error exists that allows an unauthenticated, remote attacker to execute arbitrary code. (CVE-2016-6992)

- Multiple use-after-free errors exist that allow an unauthenticated, remote attacker to execute arbitrary code. (CVE-2016-6981, CVE-2016-6987)

- An unspecified security bypass vulnerability exists that allows an unauthenticated, remote attacker to bypass security restrictions. (CVE-2016-4286)

- Multiple memory corruption issues exist that allow an unauthenticated, remote attacker to execute arbitrary code. (CVE-2016-4273, CVE-2016-6982, CVE-2016-6983, CVE-2016-6984, CVE-2016-6985, CVE-2016-6986, CVE-2016-6989, CVE-2016-6990)
See Also
Solution
Upgrade to Adobe Flash Player version 23.0.0.185 or later.

Alternatively, Adobe has made version 18.0.0.382 available for those installs that cannot be upgraded to the latest version.
Risk Factor
High
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score
7.3 (CVSS2#E:POC/RL:OF/RC:C)
References
BID 93488
BID 93490
BID 93492
BID 93497
CVE CVE-2016-4273
CVE CVE-2016-4286
CVE CVE-2016-6981
CVE CVE-2016-6982
CVE CVE-2016-6983
CVE CVE-2016-6984
CVE CVE-2016-6985
CVE CVE-2016-6986
CVE CVE-2016-6987
CVE CVE-2016-6989
CVE CVE-2016-6990
CVE CVE-2016-6992
XREF OSVDB:145407
XREF OSVDB:145408
XREF OSVDB:145409
XREF OSVDB:145410
XREF OSVDB:145411
XREF OSVDB:145412
XREF OSVDB:145413
XREF OSVDB:145414
XREF OSVDB:145415
XREF OSVDB:145416
XREF OSVDB:145417
XREF OSVDB:145418
Plugin Information:
Published: 2016/10/11, Modified: 2016/12/08
Plugin Output

10.0.0.14 (tcp/445)


Product : ActiveX control (for Internet Explorer)
Path : C:\WINDOWS\system32\Macromed\Flash\Flash10p.ocx
Installed version : 10.2.159.1
Fixed version : 23.0.0.185 / 18.0.0.382
94072 (1) - Adobe Reader < 11.0.18 / 15.006.30243 / 15.020.20039 Multiple Vulnerabilities (APSB16-33)
Synopsis
The version of Adobe Reader installed on the remote Windows host is affected by multiple vulnerabilities.
Description
The version of Adobe Reader installed on the remote Windows host is prior to 11.0.18, 15.006.30243, or 15.020.20039. It is, therefore, affected by multiple vulnerabilities :

- Multiple use-after-free errors exist that allow an unauthenticated, remote attacker to execute arbitrary code. (CVE-2016-1089, CVE-2016-1091, CVE-2016-6944, CVE-2016-6945, CVE-2016-6946, CVE-2016-6949, CVE-2016-6952, CVE-2016-6953, CVE-2016-6961, CVE-2016-6962, CVE-2016-6963, CVE-2016-6964, CVE-2016-6965, CVE-2016-6967, CVE-2016-6968, CVE-2016-6969, CVE-2016-6971, CVE-2016-6979, CVE-2016-6988, CVE-2016-6993)

- Multiple heap buffer overflow conditions exist that allow an unauthenticated, remote attacker to execute arbitrary code. (CVE-2016-6939, CVE-2016-6994)

- Multiple memory corruption issues exist that allow an unauthenticated, remote attacker to execute arbitrary code. (CVE-2016-6940, CVE-2016-6941, CVE-2016-6942, CVE-2016-6943, CVE-2016-6947, CVE-2016-6948, CVE-2016-6950, CVE-2016-6951, CVE-2016-6954, CVE-2016-6955, CVE-2016-6956, CVE-2016-6959, CVE-2016-6960, CVE-2016-6966, CVE-2016-6970, CVE-2016-6972, CVE-2016-6973, CVE-2016-6974, CVE-2016-6975, CVE-2016-6976, CVE-2016-6977, CVE-2016-6978, CVE-2016-6995, CVE-2016-6996, CVE-2016-6997, CVE-2016-6998, CVE-2016-7000, CVE-2016-7001, CVE-2016-7002, CVE-2016-7003, CVE-2016-7004, CVE-2016-7005, CVE-2016-7006, CVE-2016-7007, CVE-2016-7008, CVE-2016-7009, CVE-2016-7010, CVE-2016-7011, CVE-2016-7012, CVE-2016-7013, CVE-2016-7014, CVE-2016-7015, CVE-2016-7016, CVE-2016-7017, CVE-2016-7018, CVE-2016-7019, CVE-2016-7852, CVE-2016-7853, CVE-2016-7854)

- A security bypass vulnerability exists that allows an unauthenticated, remote attacker to bypass restrictions on JavaScript API execution. (CVE-2016-6957)

- An unspecified security bypass vulnerability exists that allows an unauthenticated, remote attacker to bypass security restrictions. (CVE-2016-6958)

- An integer overflow condition exists that allows an unauthenticated, remote attacker to execute arbitrary code. (CVE-2016-6999)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Upgrade to Adobe Reader version 11.0.18 / 15.006.30243 / 15.020.20039 or later.
Risk Factor
High
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score
7.3 (CVSS2#E:POC/RL:OF/RC:C)
References
BID 93486
BID 93487
BID 93491
BID 93494
BID 93495
BID 93496
CVE CVE-2016-1089
CVE CVE-2016-1091
CVE CVE-2016-6939
CVE CVE-2016-6940
CVE CVE-2016-6941
CVE CVE-2016-6942
CVE CVE-2016-6943
CVE CVE-2016-6944
CVE CVE-2016-6945
CVE CVE-2016-6946
CVE CVE-2016-6947
CVE CVE-2016-6948
CVE CVE-2016-6949
CVE CVE-2016-6950
CVE CVE-2016-6951
CVE CVE-2016-6952
CVE CVE-2016-6953
CVE CVE-2016-6954
CVE CVE-2016-6955
CVE CVE-2016-6956
CVE CVE-2016-6957
CVE CVE-2016-6958
CVE CVE-2016-6959
CVE CVE-2016-6960
CVE CVE-2016-6961
CVE CVE-2016-6962
CVE CVE-2016-6963
CVE CVE-2016-6964
CVE CVE-2016-6965
CVE CVE-2016-6966
CVE CVE-2016-6967
CVE CVE-2016-6968
CVE CVE-2016-6969
CVE CVE-2016-6970
CVE CVE-2016-6971
CVE CVE-2016-6972
CVE CVE-2016-6973
CVE CVE-2016-6974
CVE CVE-2016-6975
CVE CVE-2016-6976
CVE CVE-2016-6977
CVE CVE-2016-6978
CVE CVE-2016-6979
CVE CVE-2016-6988
CVE CVE-2016-6993
CVE CVE-2016-6994
CVE CVE-2016-6995
CVE CVE-2016-6996
CVE CVE-2016-6997
CVE CVE-2016-6998
CVE CVE-2016-6999
CVE CVE-2016-7000
CVE CVE-2016-7001
CVE CVE-2016-7002
CVE CVE-2016-7003
CVE CVE-2016-7004
CVE CVE-2016-7005
CVE CVE-2016-7006
CVE CVE-2016-7007
CVE CVE-2016-7008
CVE CVE-2016-7009
CVE CVE-2016-7010
CVE CVE-2016-7011
CVE CVE-2016-7012
CVE CVE-2016-7013
CVE CVE-2016-7014
CVE CVE-2016-7015
CVE CVE-2016-7016
CVE CVE-2016-7017
CVE CVE-2016-7018
CVE CVE-2016-7019
CVE CVE-2016-7852
CVE CVE-2016-7853
CVE CVE-2016-7854
XREF OSVDB:145419
XREF OSVDB:145420
XREF OSVDB:145421
XREF OSVDB:145422
XREF OSVDB:145423
XREF OSVDB:145424
XREF OSVDB:145425
XREF OSVDB:145426
XREF OSVDB:145427
XREF OSVDB:145428
XREF OSVDB:145429
XREF OSVDB:145430
XREF OSVDB:145431
XREF OSVDB:145432
XREF OSVDB:145433
XREF OSVDB:145434
XREF OSVDB:145435
XREF OSVDB:145436
XREF OSVDB:145437
XREF OSVDB:145438
XREF OSVDB:145439
XREF OSVDB:145440
XREF OSVDB:145441
XREF OSVDB:145442
XREF OSVDB:145443
XREF OSVDB:145445
XREF OSVDB:145446
XREF OSVDB:145447
XREF OSVDB:145448
XREF OSVDB:145449
XREF OSVDB:145450
XREF OSVDB:145451
XREF OSVDB:145452
XREF OSVDB:145453
XREF OSVDB:145454
XREF OSVDB:145455
XREF OSVDB:145456
XREF OSVDB:145457
XREF OSVDB:145458
XREF OSVDB:145459
XREF OSVDB:145460
XREF OSVDB:145461
XREF OSVDB:145462
XREF OSVDB:145463
XREF OSVDB:145464
XREF OSVDB:145465
XREF OSVDB:145466
XREF OSVDB:145467
XREF OSVDB:145468
XREF OSVDB:145469
XREF OSVDB:145470
XREF OSVDB:145471
XREF OSVDB:145472
XREF OSVDB:145473
XREF OSVDB:145474
XREF OSVDB:145475
XREF OSVDB:145476
XREF OSVDB:145477
XREF OSVDB:145478
XREF OSVDB:145479
XREF OSVDB:145480
XREF OSVDB:145481
XREF OSVDB:145482
XREF OSVDB:145483
XREF OSVDB:145484
XREF OSVDB:145485
XREF OSVDB:145486
XREF OSVDB:145487
XREF OSVDB:145488
XREF OSVDB:145489
XREF OSVDB:145490
XREF OSVDB:146151
XREF OSVDB:146152
XREF OSVDB:146153
Plugin Information:
Published: 2016/10/14, Modified: 2017/04/13
Plugin Output

10.0.0.64 (tcp/445)


Path : C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader
Installed version : 15.8.20082.147029
Fixed version : 15.20.20039
94334 (1) - Adobe Flash Player <= 23.0.0.185 Arbitrary Code Execution (APSB16-36)
Synopsis
The remote Windows host has a browser plugin installed that is affected by an arbitrary code execution vulnerability.
Description
The version of Adobe Flash Player installed on the remote Windows host is equal or prior to version 23.0.0.185. It is, therefore, affected by an arbitrary code execution vulnerability due to a use-after-free error. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a website containing specially crafted Flash content, to dereference already freed memory, resulting in the execution of arbitrary code in the context of the current user.
See Also
Solution
Upgrade to Adobe Flash Player version 23.0.0.205 or later.
Risk Factor
High
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score
8.1 (CVSS2#E:H/RL:OF/RC:ND)
References
BID 93861
CVE CVE-2016-7855
XREF OSVDB:146300
Plugin Information:
Published: 2016/10/27, Modified: 2016/12/08
Plugin Output

10.0.0.14 (tcp/445)


Product : ActiveX control (for Internet Explorer)
Path : C:\WINDOWS\system32\Macromed\Flash\Flash10p.ocx
Installed version : 10.2.159.1
Fixed version : 23.0.0.205
94628 (1) - Adobe Flash Player <= 23.0.0.205 Multiple Vulnerabilities (APSB16-37)
Synopsis
The remote Windows host has a browser plugin installed that is affected by a multiple vulnerabilities.
Description
The version of Adobe Flash Player installed on the remote Windows host is equal or prior to version 23.0.0.205. It is, therefore, affected by multiple vulnerabilities :

- Multiple use-after-free errors exist that allow an unauthenticated, remote attacker to execute arbitrary code by convincing a user to visit a website containing specially crafted Flash content. (CVE-2016-7857, CVE-2016-7858, CVE-2016-7859, CVE-2016-7862, CVE-2016-7863, CVE-2016-7864)

- Multiple type confusion errors exist that allow an unauthenticated, remote attacker to execute arbitrary code by convincing a user to visit a website containing specially crafted Flash content. (CVE-2016-7860, CVE-2016-7861, CVE-2016-7865)
See Also
Solution
Upgrade to Adobe Flash Player version 23.0.0.207 or later.
Risk Factor
High
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score
7.3 (CVSS2#E:POC/RL:OF/RC:C)
References
BID 94151
BID 94153
CVE CVE-2016-7857
CVE CVE-2016-7858
CVE CVE-2016-7859
CVE CVE-2016-7860
CVE CVE-2016-7861
CVE CVE-2016-7862
CVE CVE-2016-7863
CVE CVE-2016-7864
CVE CVE-2016-7865
XREF OSVDB:146854
XREF OSVDB:146855
XREF OSVDB:146856
XREF OSVDB:146857
XREF OSVDB:146858
XREF OSVDB:146859
XREF OSVDB:146860
XREF OSVDB:146861
XREF OSVDB:146862
Plugin Information:
Published: 2016/11/08, Modified: 2017/08/24
Plugin Output

10.0.0.14 (tcp/445)


Product : ActiveX control (for Internet Explorer)
Path : C:\WINDOWS\system32\Macromed\Flash\Flash10p.ocx
Installed version : 10.2.159.1
Fixed version : 23.0.0.207
94960 (1) - Mozilla Firefox < 50.0 Multiple Vulnerabilities
Synopsis
The remote Windows host contains a web browser that is affected by multiple vulnerabilities.
Description
The version of Mozilla Firefox installed on the remote Windows host is prior to 50.0. It is, therefore, affected by multiple vulnerabilities, the majority of which are remote code execution vulnerabilities. An unauthenticated, remote attacker can exploit these vulnerabilities by convincing a user to visit a specially crafted website, resulting in the execution of arbitrary code in the context of the current user.
See Also
Solution
Upgrade to Mozilla Firefox version 50.0 or later.
Risk Factor
High
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
7.9 (CVSS:3.0/E:P/RL:O/RC:X)
CVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score
7.3 (CVSS2#E:POC/RL:OF/RC:ND)
References
BID 94335
BID 94336
BID 94337
BID 94339
BID 94341
CVE CVE-2016-5289
CVE CVE-2016-5290
CVE CVE-2016-5291
CVE CVE-2016-5292
CVE CVE-2016-5293
CVE CVE-2016-5294
CVE CVE-2016-5295
CVE CVE-2016-5296
CVE CVE-2016-5297
CVE CVE-2016-9063
CVE CVE-2016-9064
CVE CVE-2016-9066
CVE CVE-2016-9067
CVE CVE-2016-9068
CVE CVE-2016-9069
CVE CVE-2016-9070
CVE CVE-2016-9071
CVE CVE-2016-9072
CVE CVE-2016-9073
CVE CVE-2016-9074
CVE CVE-2016-9075
CVE CVE-2016-9076
CVE CVE-2016-9077
XREF OSVDB:147338
XREF OSVDB:147339
XREF OSVDB:147340
XREF OSVDB:147341
XREF OSVDB:147342
XREF OSVDB:147343
XREF OSVDB:147345
XREF OSVDB:147346
XREF OSVDB:147347
XREF OSVDB:147348
XREF OSVDB:147349
XREF OSVDB:147350
XREF OSVDB:147351
XREF OSVDB:147352
XREF OSVDB:147353
XREF OSVDB:147360
XREF OSVDB:147361
XREF OSVDB:147362
XREF OSVDB:147363
XREF OSVDB:147364
XREF OSVDB:147365
XREF OSVDB:147366
XREF OSVDB:147367
XREF OSVDB:147368
XREF OSVDB:147369
XREF OSVDB:147370
XREF OSVDB:147371
XREF OSVDB:147372
XREF OSVDB:147373
XREF OSVDB:147374
XREF OSVDB:147375
XREF OSVDB:147376
XREF OSVDB:147377
XREF OSVDB:147378
XREF OSVDB:147379
XREF OSVDB:147380
XREF OSVDB:147381
XREF OSVDB:147382
XREF OSVDB:147383
XREF OSVDB:147384
XREF OSVDB:147385
XREF OSVDB:147386
XREF OSVDB:147387
XREF MFSA:2016-89
Plugin Information:
Published: 2016/11/18, Modified: 2016/12/05
Plugin Output

10.0.0.64 (tcp/445)


Path : C:\Program Files (x86)\Mozilla Firefox
Installed version : 42.0
Fixed version : 50
95475 (1) - Mozilla Firefox < 50.0.2 nsSMILTimeContainer.cpp SVG Animation RCE
Synopsis
The remote Windows host contains a web browser that is affected by a remote code execution vulnerability.
Description
The version of Mozilla Firefox installed on the remote Windows host is prior to 50.0.2. It is, therefore, affected by a use-after-free error in dom/smil/nsSMILTimeContainer.cpp when handling SVG animations. An unauthenticated, remote attacker can exploit this issue, via a specially crafted web page, to deference already freed memory, resulting in the execution of arbitrary code.
See Also
Solution
Upgrade to Mozilla Firefox version 50.0.2 or later.
Risk Factor
High
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
8.1 (CVSS:3.0/E:F/RL:O/RC:X)
CVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score
7.7 (CVSS2#E:F/RL:OF/RC:ND)
References
BID 94591
CVE CVE-2016-9079
XREF OSVDB:147993
XREF MFSA:2016-92
XREF CERT:791496
Exploitable With
Core Impact (true) Metasploit (true)
Plugin Information:
Published: 2016/12/02, Modified: 2017/01/24
Plugin Output

10.0.0.64 (tcp/445)


Path : C:\Program Files (x86)\Mozilla Firefox
Installed version : 42.0
Fixed version : 50.0.2
95762 (1) - Adobe Flash Player <= 23.0.0.207 Multiple Vulnerabilities (APSB16-39)
Synopsis
The remote Windows host has a browser plugin installed that is affected by multiple vulnerabilities.
Description
The version of Adobe Flash Player installed on the remote Windows host is equal or prior to version 23.0.0.207. It is, therefore, affected by multiple vulnerabilities :

- Multiple use-after-free errors exist that allow an unauthenticated, remote attacker to execute arbitrary code. (CVE-2016-7872, CVE-2016-7877, CVE-2016-7878, CVE-2016-7879, CVE-2016-7880, CVE-2016-7881, CVE-2016-7892)

- Multiple buffer overflow conditions exist that allow an unauthenticated, remote attacker to execute arbitrary code. (CVE-2016-7867, CVE-2016-7868, CVE-2016-7869, CVE-2016-7870)

- Multiple memory corruption issues exist that allow an unauthenticated, remote attacker to execute arbitrary code. (CVE-2016-7871, CVE-2016-7873, CVE-2016-7874, CVE-2016-7875, CVE-2016-7876)

- An unspecified security bypass vulnerability exists.
(CVE-2016-7890)
See Also
Solution
Upgrade to Adobe Flash Player version 24.0.0.186 or later.
Risk Factor
High
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
8.1 (CVSS:3.0/E:F/RL:O/RC:X)
CVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score
7.7 (CVSS2#E:F/RL:OF/RC:ND)
References
BID 94866
BID 94870
BID 94871
BID 94873
BID 94877
CVE CVE-2016-7867
CVE CVE-2016-7868
CVE CVE-2016-7869
CVE CVE-2016-7870
CVE CVE-2016-7871
CVE CVE-2016-7872
CVE CVE-2016-7873
CVE CVE-2016-7874
CVE CVE-2016-7875
CVE CVE-2016-7876
CVE CVE-2016-7877
CVE CVE-2016-7878
CVE CVE-2016-7879
CVE CVE-2016-7880
CVE CVE-2016-7881
CVE CVE-2016-7890
CVE CVE-2016-7892
XREF OSVDB:148553
XREF OSVDB:148554
XREF OSVDB:148555
XREF OSVDB:148556
XREF OSVDB:148557
XREF OSVDB:148558
XREF OSVDB:148559
XREF OSVDB:148560
XREF OSVDB:148561
XREF OSVDB:148562
XREF OSVDB:148563
XREF OSVDB:148564
XREF OSVDB:148565
XREF OSVDB:148566
XREF OSVDB:148567
XREF OSVDB:148568
XREF OSVDB:148569
Plugin Information:
Published: 2016/12/13, Modified: 2017/01/16
Plugin Output

10.0.0.14 (tcp/445)


Product : ActiveX control (for Internet Explorer)
Path : C:\WINDOWS\system32\Macromed\Flash\Flash10p.ocx
Installed version : 10.2.159.1
Fixed version : 24.0.0.186
95886 (1) - Mozilla Firefox < 50.1 Multiple Vulnerabilities
Synopsis
The remote Windows host contains a web browser that is affected by multiple vulnerabilities.
Description
The version of Mozilla Firefox installed on the remote Windows host is prior to 50.1. It is, therefore, affected by the following vulnerabilities :

- Multiple memory corruption issues exists when handling style contexts, regular expressions, and clamped gradients that allow an unauthenticated, remote attacker to cause a denial of service condition or the execution of arbitrary code. (CVE-2016-9080)

- Multiple memory corruption issues exists, such as when handling document state changes or HTML5 content, or else due to dereferencing already freed memory or improper validation of user-supplied input. An unauthenticated, remote attacker can exploit these to cause a denial of service condition or the execution of arbitrary code. (CVE-2016-9893)

- A buffer overflow condition exists in SkiaGl, within the GrResourceProvider::createBuffer() function in file gfx/skia/skia/src/gpu/GrResourceProvider.cpp, due to a GrGLBuffer being truncated during allocation. An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. (CVE-2016-9894)

- A security bypass vulnerability exists due to event handlers for marquee elements being executed despite a Content Security Policy (CSP) that disallowed inline JavaScript. An unauthenticated, remote attacker can exploit this to impact integrity. (CVE-2016-9895)

- A use-after-free error exists within WebVR when handling the navigator object. An unauthenticated, remote attacker can exploit this to dereference already freed memory, resulting in the execution of arbitrary code.
(CVE-2016-9896)

- A memory corruption issue exists in libGLES when WebGL functions use a vector constructor with a varying array within libGLES. An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. (CVE-2016-9897)

- A use-after-free error exists in Editor, specifically within file editor/libeditor/HTMLEditor.cpp, when handling DOM subtrees. An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code.
(CVE-2016-9898)

- A use-after-free error exists in the nsNodeUtils::CloneAndAdopt() function within file dom/base/nsNodeUtils.cpp, while manipulating DOM events and removing audio elements, due to improper handling of failing node adoption. An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code.
(CVE-2016-9899)

- A security bypass vulnerability exists in the nsDataDocumentContentPolicy::ShouldLoad() function within file dom/base/nsDataDocumentContentPolicy.cpp that allows external resources to be inappropriately loaded by SVG images by utilizing 'data:' URLs. An unauthenticated, remote attacker can exploit this to disclose sensitive cross-domain information.
(CVE-2016-9900)

- A flaw exists due to improper sanitization of HTML tags received from the Pocket server. An unauthenticated, remote attacker can exploit this to run JavaScript code in the about:pocket-saved (unprivileged) page, giving it access to Pocket's messaging API through HTML injection.
(CVE-2016-9901)

- A flaw exists in the Pocket toolbar button, specifically in browser/extensions/pocket/content/main.js, due to improper verification of the origin of events fired from its own pages. An unauthenticated, remote attacker can exploit this to inject content and commands from other origins into the Pocket context. Note that this issue does not affect users with e10s enabled. (CVE-2016-9902)

- A universal cross-site scripting (XSS) vulnerability exists in the Add-ons SDK, specifically within files addon-sdk/source/lib/sdk/ui/frame/view.html and addon-sdk/source/lib/sdk/ui/frame/view.js, due to improper validation of input before returning it to users. An unauthenticated, remote attacker can exploit this, via a specially crafted request, to execute arbitrary script code in a user's browser session.
(CVE-2016-9903)

- An information disclosure vulnerability exists that allows an unauthenticated, remote attacker to determine whether an atom is used by another compartment or zone in specific contexts, by utilizing a JavaScript Map/Set timing attack. (CVE-2016-9904)
See Also
Solution
Upgrade to Mozilla Firefox version 50.1 or later.
Risk Factor
High
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
7.9 (CVSS:3.0/E:P/RL:O/RC:X)
CVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score
7.3 (CVSS2#E:POC/RL:OF/RC:ND)
References
BID 94883
BID 94885
CVE CVE-2016-9080
CVE CVE-2016-9893
CVE CVE-2016-9894
CVE CVE-2016-9895
CVE CVE-2016-9896
CVE CVE-2016-9897
CVE CVE-2016-9898
CVE CVE-2016-9899
CVE CVE-2016-9900
CVE CVE-2016-9901
CVE CVE-2016-9902
CVE CVE-2016-9903
CVE CVE-2016-9904
XREF OSVDB:148662
XREF OSVDB:148663
XREF OSVDB:148664
XREF OSVDB:148665
XREF OSVDB:148666
XREF OSVDB:148667
XREF OSVDB:148668
XREF OSVDB:148693
XREF OSVDB:148695
XREF OSVDB:148696
XREF OSVDB:148697
XREF OSVDB:148698
XREF OSVDB:148699
XREF OSVDB:148701
XREF OSVDB:148702
XREF OSVDB:148703
XREF OSVDB:148704
XREF OSVDB:148705
XREF OSVDB:148706
XREF OSVDB:148707
XREF OSVDB:148708
XREF OSVDB:148709
XREF OSVDB:148710
XREF OSVDB:148711
XREF MFSA:2016-94
Exploitable With
Core Impact (true)
Plugin Information:
Published: 2016/12/15, Modified: 2017/01/27
Plugin Output

10.0.0.64 (tcp/445)


Path : C:\Program Files (x86)\Mozilla Firefox
Installed version : 42.0
Fixed version : 50.1
96388 (1) - Adobe Flash Player <= 24.0.0.186 Multiple Vulnerabilities (APSB17-02)
Synopsis
The remote Windows host has a browser plugin installed that is affected by multiple vulnerabilities.
Description
The version of Adobe Flash Player installed on the remote Windows host is equal or prior to version 24.0.0.186. It is, therefore, affected by multiple vulnerabilities :

- Multiple memory corruption issues exist that allow an unauthenticated, remote attacker to execute arbitrary code. (CVE-2017-2925, CVE-2017-2926, CVE-2017-2928, CVE-2017-2930, CVE-2017-2931)

- Multiple heap buffer overflow conditions exist that allow an unauthenticated, remote attacker to execute arbitrary code. (CVE-2017-2927, CVE-2017-2933, CVE-2017-2934, CVE-2017-2935)

- Multiple use-after-free errors exist that allow an unauthenticated, remote attacker to execute arbitrary code. (CVE-2017-2932, CVE-2017-2936, CVE-2017-2937)

- A security bypass vulnerability exists that allows an unauthenticated, remote attacker to disclose sensitive information. (CVE-2017-2938)
See Also
Solution
Upgrade to Adobe Flash Player version 24.0.0.194 or later.
Risk Factor
High
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score
7.3 (CVSS2#E:POC/RL:OF/RC:ND)
References
BID 95341
BID 95342
BID 95347
BID 95350
CVE CVE-2017-2925
CVE CVE-2017-2926
CVE CVE-2017-2927
CVE CVE-2017-2928
CVE CVE-2017-2930
CVE CVE-2017-2931
CVE CVE-2017-2932
CVE CVE-2017-2933
CVE CVE-2017-2934
CVE CVE-2017-2935
CVE CVE-2017-2936
CVE CVE-2017-2937
CVE CVE-2017-2938
XREF OSVDB:149841
XREF OSVDB:149842
XREF OSVDB:149843
XREF OSVDB:149844
XREF OSVDB:149845
XREF OSVDB:149846
XREF OSVDB:149847
XREF OSVDB:149848
XREF OSVDB:149849
XREF OSVDB:149850
XREF OSVDB:149851
XREF OSVDB:149852
XREF OSVDB:149853
Plugin Information:
Published: 2017/01/10, Modified: 2017/08/14
Plugin Output

10.0.0.14 (tcp/445)


Product : ActiveX control (for Internet Explorer)
Path : C:\WINDOWS\system32\Macromed\Flash\Flash10p.ocx
Installed version : 10.2.159.1
Fixed version : 24.0.0.194
96453 (1) - Adobe Reader < 11.0.19 / 15.006.30279 / 15.023.20053 Multiple Vulnerabilities (APSB17-01)
Synopsis
The version of Adobe Reader installed on the remote Windows host is affected by multiple vulnerabilities.
Description
The version of Adobe Reader installed on the remote Windows host is prior to 11.0.19, 15.006.30279, or 15.023.20053. It is, therefore, affected by multiple vulnerabilities :

- Multiple memory corruption issues exist due to improper validation of unspecified input. An unauthenticated, remote attacker can exploit these to execute arbitrary code. (CVE-2017-2939, CVE-2017-2940, CVE-2017-2941, CVE-2017-2943, CVE-2017-2944, CVE-2017-2953, CVE-2017-2954)

- Multiple heap buffer overflow conditions exist due to improper validation of unspecified input. An unauthenticated, remote attacker can exploit these to execute arbitrary code. (CVE-2017-2942, CVE-2017-2945, CVE-2017-2959)

- A heap buffer overflow condition exists when handling JPEG2000 images due to improper validation of unspecified input. An unauthenticated, remote attacker can exploit this to execute arbitrary code.
(CVE-2017-2946)

- An unspecified security bypass vulnerability exists that allows an unauthenticated, remote attacker to have an unspecified impact. (CVE-2017-2947)

- Multiple overflow conditions exist due to improper validation of unspecified input. An unauthenticated, remote attacker can exploit these to execute arbitrary code. (CVE-2017-2948, CVE-2017-2952)

- A heap buffer overflow condition exists when handling the XSLT element-available() function that allows an unauthenticated, remote attacker to execute arbitrary code. (CVE-2017-2949)

- Multiple use-after-free memory errors exist when handling XFA subform layouts, hyphenation objects, field font sizes, and template objects. An unauthenticated, remote attacker can exploit these to execute arbitrary code.
(CVE-2017-2950, CVE-2017-2951, CVE-2017-2961, CVE-2017-2967)

- Multiple use-after-free memory errors exist that allow an unauthenticated, remote attacker to execute arbitrary code. (CVE-2017-2955, CVE-2017-2956, CVE-2017-2957, CVE-2017-2958)

- Multiple memory corruption issues exist when handling JPEG and TIFF files due to improper validation of unspecified input. An unauthenticated, remote attacker can exploit these to execute arbitrary code.
(CVE-2017-2960, CVE-2017-2963, CVE-2017-2964, CVE-2017-2965)

- A type confusion error exists when handling the XSLT lang() function that allows an unauthenticated, remote attacker to execute arbitrary code. (CVE-2017-2962)

- A heap buffer overflow condition exists in the ImageConversion component when handling TIFF images() due to improper validation of unspecified input. An unauthenticated, remote attacker can exploit this to execute arbitrary code. (CVE-2017-2966)

- A buffer overflow condition exists in the JPEG2000 parser due to improper validation of unspecified input.
An unauthenticated, remote attacker can exploit this to disclose sensitive information. (CVE-2017-3009)

- A memory corruption issue exists in the Rendering engine due to improper validation of unspecified input. An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. (CVE-2017-3010)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Upgrade to Adobe Reader version 11.0.19 / 15.006.30279 / 15.023.20053 or later.
Risk Factor
High
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
7.9 (CVSS:3.0/E:P/RL:O/RC:C)
CVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score
7.3 (CVSS2#E:POC/RL:OF/RC:C)
References
BID 95340
BID 95343
BID 95344
BID 95345
BID 95346
BID 95348
BID 97302
BID 97306
CVE CVE-2017-2939
CVE CVE-2017-2940
CVE CVE-2017-2941
CVE CVE-2017-2942
CVE CVE-2017-2943
CVE CVE-2017-2944
CVE CVE-2017-2945
CVE CVE-2017-2946
CVE CVE-2017-2947
CVE CVE-2017-2948
CVE CVE-2017-2949
CVE CVE-2017-2950
CVE CVE-2017-2951
CVE CVE-2017-2952
CVE CVE-2017-2953
CVE CVE-2017-2954
CVE CVE-2017-2955
CVE CVE-2017-2956
CVE CVE-2017-2957
CVE CVE-2017-2958
CVE CVE-2017-2959
CVE CVE-2017-2960
CVE CVE-2017-2961
CVE CVE-2017-2962
CVE CVE-2017-2963
CVE CVE-2017-2964
CVE CVE-2017-2965
CVE CVE-2017-2966
CVE CVE-2017-2967
CVE CVE-2017-3009
CVE CVE-2017-3010
XREF OSVDB:149854
XREF OSVDB:149855
XREF OSVDB:149856
XREF OSVDB:149857
XREF OSVDB:149858
XREF OSVDB:149859
XREF OSVDB:149860
XREF OSVDB:149861
XREF OSVDB:149862
XREF OSVDB:149863
XREF OSVDB:149864
XREF OSVDB:149865
XREF OSVDB:149866
XREF OSVDB:149867
XREF OSVDB:149868
XREF OSVDB:149869
XREF OSVDB:149870
XREF OSVDB:149871
XREF OSVDB:149872
XREF OSVDB:149873
XREF OSVDB:149874
XREF OSVDB:149875
XREF OSVDB:149876
XREF OSVDB:149877
XREF OSVDB:149878
XREF OSVDB:149879
XREF OSVDB:149880
XREF OSVDB:149881
XREF OSVDB:149882
XREF OSVDB:154712
XREF OSVDB:154713
Plugin Information:
Published: 2017/01/12, Modified: 2017/05/05
Plugin Output

10.0.0.64 (tcp/445)


Path : C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader
Installed version : 15.8.20082.147029
Fixed version : 11.0.19 / 15.006.30279 / 15.023.20053
96776 (1) - Mozilla Firefox < 51.0 Multiple Vulnerabilities
Synopsis
The remote Windows host contains a web browser that is affected by multiple vulnerabilities.
Description
The version of Mozilla Firefox installed on the remote Windows host is prior to 51.0. It is, therefore, affected by multiple vulnerabilities :

- Mozilla developers and community members Christian Holler, Gary Kwong, Andre Bargull, Jan de Mooij, Tom Schuster, and Oriol reported memory safety bugs present in Firefox 50.1 and Firefox ESR 45.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code.
(CVE-2017-5373)

- Mozilla developers and community members Gary Kwong, Olli Pettay, Tooru Fujisawa, Carsten Book, Andrew McCreight, Chris Pearce, Ronald Crane, Jan de Mooij, Julian Seward, Nicolas Pierron, Randell Jesup, Esther Monchari, Honza Bambas, and Philipp reported memory safety bugs present in Firefox 50.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. (CVE-2017-5374)

- JIT code allocation can allow for a bypass of ASLR and DEP protections leading to potential memory corruption attacks. (CVE-2017-5375)

- Use-after-free while manipulating XSL in XSLT documents (CVE-2017-5376)

- A memory corruption vulnerability in Skia that can occur when using transforms to make gradients, resulting in a potentially exploitable crash.
(CVE-2017-5377)

- Hashed codes of JavaScript objects are shared between pages. This allows for pointer leaks because an object's address can be discovered through hash codes, and also allows for data leakage of an object's content using these hash codes. (CVE-2017-5378)

- Use-after-free vulnerability in Web Animations when interacting with cycle collection found through fuzzing. (CVE-2017-5379)

- A potential use-after-free found through fuzzing during DOM manipulation of SVG content. (CVE-2017-5380)

- The 'export' function in the Certificate Viewer can force local filesystem navigation when the 'common name' in a certificate contains slashes, allowing certificate content to be saved in unsafe locations with an arbitrary filename. (CVE-2017-5381)

- Feed preview for RSS feeds can be used to capture errors and exceptions generated by privileged content, allowing for the exposure of internal information not meant to be seen by web content. (CVE-2017-5382)

- URLs containing certain unicode glyphs for alternative hyphens and quotes do not properly trigger punycode display, allowing for domain name spoofing attacks in the location bar. (CVE-2017-5383)

- Proxy Auto-Config (PAC) files can specify a JavaScript function called for all URL requests with the full URL path which exposes more information than would be sent to the proxy itself in the case of HTTPS. Normally the Proxy Auto-Config file is specified by the user or machine owner and presumed to be non-malicious, but if a user has enabled Web Proxy Auto Detect (WPAD) this file can be served remotely. (CVE-2017-5384)

- Data sent with in multipart channels, such as the multipart/x-mixed-replace MIME type, will ignore the referrer-policy response header, leading to potential information disclosure for sites using this header.
(CVE-2017-5385)

- WebExtension scripts can use the 'data:' protocol to affect pages loaded by other web extensions using this protocol, leading to potential data disclosure or privilege escalation in affected extensions.
(CVE-2017-5386)

- The existence of a specifically requested local file can be found due to the double firing of the 'onerror'
when the 'source' attribute on a <track> tag refers to a file that does not exist if the source page is loaded locally. (CVE-2017-5387)

- A STUN server in conjunction with a large number of 'webkitRTCPeerConnection' objects can be used to send large STUN packets in a short period of time due to a lack of rate limiting being applied on e10s systems, allowing for a denial of service attack. (CVE-2017-5388)

- WebExtensions could use the 'mozAddonManager' API by modifying the CSP headers on sites with the appropriate permissions and then using host requests to redirect script loads to a malicious site. This allows a malicious extension to then install additional extensions without explicit user permission.
(CVE-2017-5389)

- The JSON viewer in the Developer Tools uses insecure methods to create a communication channel for copying and viewing JSON or HTTP headers data, allowing for potential privilege escalation. (CVE-2017-5390)

- Special 'about:' pages used by web content, such as RSS feeds, can load privileged 'about:' pages in an iframe.
If a content-injection bug were found in one of those pages this could allow for potential privilege escalation. (CVE-2017-5391)

- The 'mozAddonManager' allows for the installation of extensions from the CDN for addons.mozilla.org, a publicly accessible site. This could allow malicious extensions to install additional extensions from the CDN in combination with an XSS attack on Mozilla AMO sites.
(CVE-2017-5393)

- A use-after-free vulnerability in the Media Decoder when working with media files when some events are fired after the media elements are freed from memory.
(CVE-2017-5396)

Note that Tenable Network Security has extracted the preceding description block directly from the Mozilla security advisories.
Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
See Also
https://www.mozilla.org/en-US/security/advisories/mfsa2017-01/
https://bugzilla.mozilla.org/show_bug.cgi?id=1017616
https://bugzilla.mozilla.org/show_bug.cgi?id=1255474
https://bugzilla.mozilla.org/show_bug.cgi?id=1281482
https://bugzilla.mozilla.org/show_bug.cgi?id=1285833
https://bugzilla.mozilla.org/show_bug.cgi?id=1285960
https://bugzilla.mozilla.org/show_bug.cgi?id=1288561
https://bugzilla.mozilla.org/show_bug.cgi?id=1293327
https://bugzilla.mozilla.org/show_bug.cgi?id=1295023
https://bugzilla.mozilla.org/show_bug.cgi?id=1295322
https://bugzilla.mozilla.org/show_bug.cgi?id=1295747
https://bugzilla.mozilla.org/show_bug.cgi?id=1295945
https://bugzilla.mozilla.org/show_bug.cgi?id=1297361
https://bugzilla.mozilla.org/show_bug.cgi?id=1297808
https://bugzilla.mozilla.org/show_bug.cgi?id=1300145
https://bugzilla.mozilla.org/show_bug.cgi?id=1302231
https://bugzilla.mozilla.org/show_bug.cgi?id=1306883
https://bugzilla.mozilla.org/show_bug.cgi?id=1307458
https://bugzilla.mozilla.org/show_bug.cgi?id=1308688
https://bugzilla.mozilla.org/show_bug.cgi?id=1309198
https://bugzilla.mozilla.org/show_bug.cgi?id=1309282
https://bugzilla.mozilla.org/show_bug.cgi?id=1309310
https://bugzilla.mozilla.org/show_bug.cgi?id=1311319
https://bugzilla.mozilla.org/show_bug.cgi?id=1311687
https://bugzilla.mozilla.org/show_bug.cgi?id=1312001
https://bugzilla.mozilla.org/show_bug.cgi?id=1313385
https://bugzilla.mozilla.org/show_bug.cgi?id=1315447
https://bugzilla.mozilla.org/show_bug.cgi?id=1317501
https://bugzilla.mozilla.org/show_bug.cgi?id=1318766
https://bugzilla.mozilla.org/show_bug.cgi?id=1319070
https://bugzilla.mozilla.org/show_bug.cgi?id=1319456
https://bugzilla.mozilla.org/show_bug.cgi?id=1319888
https://bugzilla.mozilla.org/show_bug.cgi?id=1321374
https://bugzilla.mozilla.org/show_bug.cgi?id=1322107
https://bugzilla.mozilla.org/show_bug.cgi?id=1322305
https://bugzilla.mozilla.org/show_bug.cgi?id=1322315
https://bugzilla.mozilla.org/show_bug.cgi?id=1322420
https://bugzilla.mozilla.org/show_bug.cgi?id=1323338
https://bugzilla.mozilla.org/show_bug.cgi?id=1324716
https://bugzilla.mozilla.org/show_bug.cgi?id=1324810
https://bugzilla.mozilla.org/show_bug.cgi?id=1325200
https://bugzilla.mozilla.org/show_bug.cgi?id=1325344
https://bugzilla.mozilla.org/show_bug.cgi?id=1325877
https://bugzilla.mozilla.org/show_bug.cgi?id=1325938
https://bugzilla.mozilla.org/show_bug.cgi?id=1328251
https://bugzilla.mozilla.org/show_bug.cgi?id=1328834
https://bugzilla.mozilla.org/show_bug.cgi?id=1329403
https://bugzilla.mozilla.org/show_bug.cgi?id=1329989
https://bugzilla.mozilla.org/show_bug.cgi?id=1330769
https://bugzilla.mozilla.org/show_bug.cgi?id=1331058
http://www.nessus.org/u?4d11b233
Solution
Upgrade to Mozilla Firefox version 51.0 or later.
Risk Factor
High
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
7.9 (CVSS:3.0/E:P/RL:O/RC:X)
CVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score
7.3 (CVSS2#E:POC/RL:OF/RC:ND)
References
BID 95757
BID 95758
BID 95759
BID 95761
BID 95762
BID 95763
BID 95769
CVE CVE-2017-5373
CVE CVE-2017-5374
CVE CVE-2017-5375
CVE CVE-2017-5376
CVE CVE-2017-5377
CVE CVE-2017-5378
CVE CVE-2017-5379
CVE CVE-2017-5380
CVE CVE-2017-5381
CVE CVE-2017-5382
CVE CVE-2017-5383
CVE CVE-2017-5384
CVE CVE-2017-5385
CVE CVE-2017-5386
CVE CVE-2017-5387
CVE CVE-2017-5388
CVE CVE-2017-5389
CVE CVE-2017-5390
CVE CVE-2017-5391
CVE CVE-2017-5393
CVE CVE-2017-5396
XREF OSVDB:150831
XREF OSVDB:150832
XREF OSVDB:150833
XREF OSVDB:150834
XREF OSVDB:150835
XREF OSVDB:150836
XREF OSVDB:150837
XREF OSVDB:150838
XREF OSVDB:150839
XREF OSVDB:150840
XREF OSVDB:150841
XREF OSVDB:150842
XREF OSVDB:150843
XREF OSVDB:150844
XREF OSVDB:150845
XREF OSVDB:150846
XREF OSVDB:150847
XREF OSVDB:150848
XREF OSVDB:150849
XREF OSVDB:150850
XREF OSVDB:150851
XREF OSVDB:150852
XREF OSVDB:150853
XREF OSVDB:150854
XREF OSVDB:150855
XREF OSVDB:150856
XREF OSVDB:150857
XREF OSVDB:150858
XREF OSVDB:150859
XREF OSVDB:150860
XREF OSVDB:150861
XREF OSVDB:150862
XREF OSVDB:150863
XREF OSVDB:150864
XREF OSVDB:150865
XREF OSVDB:150866
XREF OSVDB:150875
XREF OSVDB:150876
XREF OSVDB:150877
XREF OSVDB:150878
XREF OSVDB:150879
XREF OSVDB:150880
XREF OSVDB:150881
XREF OSVDB:150883
XREF OSVDB:150885
XREF OSVDB:150887
XREF OSVDB:150888
XREF MFSA:2017-01
Plugin Information:
Published: 2017/01/25, Modified: 2017/03/15
Plugin Output

10.0.0.64 (tcp/445)


Path : C:\Program Files (x86)\Mozilla Firefox
Installed version : 42.0
Fixed version : 51.0
96907 (1) - Cisco WebEx for Firefox RCE (cisco-sa-20170124-webex)
Synopsis
A browser extension installed on the remote host is affected by a remote code execution vulnerability.
Description
The Cisco WebEx Extension for Firefox installed on the remote host is affected by a remote code execution vulnerability due to a crafted pattern that permits any URL utilizing it to automatically use native messaging to access sensitive functionality provided by the extension.
An unauthenticated, remote attacker can exploit this vulnerability to execute arbitrary code by convincing a user to visit a web page that contains this pattern and starting a WebEx session.
See Also
Solution
Upgrade ActiveTouch General Plugin Container to version 106, or else upgrade Cisco WebEx Extension to version 1.0.5 or later. However, if you are using both, then you will need to upgrade both.
Risk Factor
High
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
8.1 (CVSS:3.0/E:F/RL:O/RC:X)
CVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score
7.7 (CVSS2#E:F/RL:OF/RC:ND)
References
BID 95737
CVE CVE-2017-3823
XREF OSVDB:150755
XREF CISCO-SA:cisco-sa-20170124-webex
XREF CISCO-BUG-ID:CSCvc86959
XREF CISCO-BUG-ID:CSCvc88194
XREF CISCO-BUG-ID:CSCvc88535
XREF CERT:909240
Exploitable With
Metasploit (true)
Plugin Information:
Published: 2017/01/31, Modified: 2017/09/27
Plugin Output

10.0.0.64 (tcp/445)


The following user has a vulnerable version of the Cisco WebEx Extension or plugin for Firefox installed:

User : swoods
Plugin version : ActiveTouch General Plugin Container Version 105
File version : 28.1.2011.1123
Update date : Apr. 16, 2012 at 18:37:56 GMT
Path : C:\Users\swoods\AppData\Roaming\Mozilla\plugins\npatgpc.dll

Fix: Upgrade to version 106 of ActiveTouch General Plugin Container or later.
97142 (1) - Adobe Flash Player <= 24.0.0.194 Multiple Vulnerabilities (APSB17-04)
Synopsis
The remote Windows host has a browser plugin installed that is affected by multiple vulnerabilities.
Description
The version of Adobe Flash Player installed on the remote Windows host is equal or prior to version 24.0.0.194. It is, therefore, affected by multiple vulnerabilities :

- Multiple use-after-free errors exist that allow an unauthenticated, remote attacker to execute arbitrary code. (CVE-2017-2982, CVE-2017-2985, CVE-2017-2993, CVE-2017-2994).

- Multiple heap buffer overflow conditions exist that allow an unauthenticated, remote attacker to execute arbitrary code. (CVE-2017-2984, CVE-2017-2986, CVE-2017-2992).

- An integer overflow condition exists that allows an unauthenticated, remote attacker to execute arbitrary code. (CVE-2017-2987).

- Multiple memory corruption issues exist that allow an unauthenticated, remote attacker to execute arbitrary code. (CVE-2017-2988, CVE-2017-2990, CVE-2017-2991, CVE-2017-2996).

- A type confusion error exists that allows an unauthenticated, remote attacker to execute arbitrary code. (CVE-2017-2995)
See Also
Solution
Upgrade to Adobe Flash Player version 24.0.0.221 or later.
Risk Factor
High
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
7.9 (CVSS:3.0/E:P/RL:O/RC:C)
CVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score
7.3 (CVSS2#E:POC/RL:OF/RC:C)
References
CVE CVE-2017-2982
CVE CVE-2017-2984
CVE CVE-2017-2985
CVE CVE-2017-2986
CVE CVE-2017-2987
CVE CVE-2017-2988
CVE CVE-2017-2990
CVE CVE-2017-2991
CVE CVE-2017-2992
CVE CVE-2017-2993
CVE CVE-2017-2994
CVE CVE-2017-2995
CVE CVE-2017-2996
XREF OSVDB:152028
XREF OSVDB:152029
XREF OSVDB:152030
XREF OSVDB:152031
XREF OSVDB:152032
XREF OSVDB:152033
XREF OSVDB:152034
XREF OSVDB:152035
XREF OSVDB:152036
XREF OSVDB:152037
XREF OSVDB:152038
XREF OSVDB:152039
XREF OSVDB:152040
Plugin Information:
Published: 2017/02/14, Modified: 2017/03/20
Plugin Output

10.0.0.14 (tcp/445)


Product : ActiveX control (for Internet Explorer)
Path : C:\WINDOWS\system32\Macromed\Flash\Flash10p.ocx
Installed version : 10.2.159.1
Fixed version : 24.0.0.221
97639 (1) - Mozilla Firefox < 52.0 Multiple Vulnerabilities
Synopsis
The remote Windows host contains a web browser that is affected by multiple vulnerabilities.
Description
The version of Mozilla Firefox installed on the remote Windows host is prior to 52.0. It is, therefore, affected by multiple vulnerabilities :

- Mozilla developers and community members Boris Zbarsky, Christian Holler, Honza Bambas, Jon Coppeard, Randell Jesup, Andre Bargull, Kan-Ru Chen, and Nathan Froyd reported memory safety bugs present in Firefox 51 and Firefox ESR 45.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. (CVE-2017-5398)

- Mozilla developers and community members Carsten Book, Calixte Denizet, Christian Holler, Andrew McCreight, David Bolter, David Keeler, Jon Coppeard, Tyson Smith, Ronald Crane, Tooru Fujisawa, Ben Kelly, Bob Owen, Jed Davis, Julian Seward, Julian Hector, Philipp, Markus Stange, and Andre Bargull reported memory safety bugs present in Firefox 51. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. (CVE-2017-5399)

- JIT-spray targeting asm.js combined with a heap spray allows for a bypass of ASLR and DEP protections leading to potential memory corruption attacks. (CVE-2017-5400)

- A crash triggerable by web content in which an ErrorResult references unassigned memory due to a logic error. The resulting crash may be exploitable.
(CVE-2017-5401)

- A use-after-free can occur when events are fired for a FontFace object after the object has been already been destroyed while working with fonts. This results in a potentially exploitable crash. (CVE-2017-5402)

- When adding a range to an object in the DOM, it is possible to use addRange to add the range to an incorrect root object. This triggers a use-after-free, resulting in a potentially exploitable crash.
(CVE-2017-5403)

- A use-after-free error can occur when manipulating ranges in selections with one node inside a native anonymous tree and one node outside of it. This results in a potentially exploitable crash. (CVE-2017-5404)

- Certain response codes in FTP connections can result in the use of uninitialized values for ports in FTP operations. (CVE-2017-5405)

- A segmentation fault can occur in the Skia graphics library during some canvas operations due to issues with mask/clip intersection and empty masks.
(CVE-2017-5406)

- Using SVG filters that don't use the fixed point math implementation on a target iframe, a malicious page can extract pixel values from a targeted user. This can be used to extract history information and read text values across domains. This violates same-origin policy and leads to information disclosure. (CVE-2017-5407)

- Video files loaded video captions cross-origin without checking for the presence of CORS headers permitting such cross-origin use, leading to potential information disclosure for video captions. (CVE-2017-5408)

- The Mozilla Windows updater can be called by a non-privileged user to delete an arbitrary local file by passing a special path to the callback parameter through the Mozilla Maintenance Service, which has privileged access. Note: This attack requires local system access and only affects Windows. Other operating systems are not affected. (CVE-2017-5409)

- Memory corruption resulting in a potentially exploitable crash during garbage collection of JavaScript due errors in how incremental sweeping is managed for memory cleanup. (CVE-2017-5410)

- A use-after-free can occur during buffer storage operations within the ANGLE graphics library, used for WebGL content. The buffer storage can be freed while still in use in some circumstances, leading to a potentially exploitable crash. Note: This issue is in libGLES, which is only in use on Windows. Other operating systems are not affected. (CVE-2017-5411)

- A buffer overflow read during SVG filter color value operations, resulting in data exposure. (CVE-2017-5412)

- A segmentation fault can occur during some bidirectional layout operations. (CVE-2017-5413)

- The file picker dialog can choose and display the wrong local default directory when instantiated. On some operating systems, this can lead to information disclosure, such as the operating system or the local account name. (CVE-2017-5414)

- An attack can use a blob URL and script to spoof an arbitrary addressbar URL prefaced by blob: as the protocol, leading to user confusion and further spoofing attacks. (CVE-2017-5415)

- In certain circumstances a networking event listener can be prematurely released. This appears to result in a null dereference in practice. (CVE-2017-5416)

- When dragging content from the primary browser pane to the addressbar on a malicious site, it is possible to change the addressbar so that the displayed location following navigation does not match the URL of the newly loaded page. This allows for spoofing attacks.
(CVE-2017-5417)

- An out of bounds read error occurs when parsing some HTTP digest authorization responses, resulting in information leakage through the reading of random memory containing matches to specifically set patterns.
(CVE-2017-5418)

- If a malicious site repeatedly triggers a modal authentication prompt, eventually the browser UI will become non-responsive, requiring shutdown through the operating system. This is a denial of service (DOS) attack. (CVE-2017-5419)

- A javascript: url loaded by a malicious page can obfuscate its location by blanking the URL displayed in the addressbar, allowing for an attacker to spoof an existing page without the malicious page's address being displayed correctly. (CVE-2017-5420)

- A malicious site could spoof the contents of the print preview window if popup windows are enabled, resulting in user confusion of what site is currently loaded.
(CVE-2017-5421)

- If a malicious site uses the view-source: protocol in a series within a single hyperlink, it can trigger a non-exploitable browser crash when the hyperlink is selected. This was fixed by no longer making view-source: linkable. (CVE-2017-5422)

- A non-existent chrome.manifest file will attempt to be loaded during startup from the primary installation directory. If a malicious user with local access puts chrome.manifest and other referenced files in this directory, they will be loaded and activated during startup. This could result in malicious software being added without consent or modification of referenced installed files. (CVE-2017-5427)

Note that Tenable Network Security has extracted the preceding description block directly from the Mozilla security advisories.
Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
See Also
Solution
Upgrade to Mozilla Firefox version 52.0 or later.
Risk Factor
High
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
7.9 (CVSS:3.0/E:P/RL:O/RC:X)
CVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score
7.3 (CVSS2#E:POC/RL:OF/RC:ND)
References
BID 96651
BID 96654
BID 96664
BID 96677
BID 96691
BID 96692
BID 96693
BID 96696
CVE CVE-2017-5398
CVE CVE-2017-5399
CVE CVE-2017-5400
CVE CVE-2017-5401
CVE CVE-2017-5402
CVE CVE-2017-5403
CVE CVE-2017-5404
CVE CVE-2017-5405
CVE CVE-2017-5406
CVE CVE-2017-5407
CVE CVE-2017-5408
CVE CVE-2017-5409
CVE CVE-2017-5410
CVE CVE-2017-5411
CVE CVE-2017-5412
CVE CVE-2017-5413
CVE CVE-2017-5414
CVE CVE-2017-5415
CVE CVE-2017-5416
CVE CVE-2017-5417
CVE CVE-2017-5418
CVE CVE-2017-5419
CVE CVE-2017-5420
CVE CVE-2017-5421
CVE CVE-2017-5422
CVE CVE-2017-5427
XREF OSVDB:144079
XREF OSVDB:147374
XREF OSVDB:153143
XREF OSVDB:153144
XREF OSVDB:153145
XREF OSVDB:153146
XREF OSVDB:153147
XREF OSVDB:153148
XREF OSVDB:153149
XREF OSVDB:153150
XREF OSVDB:153151
XREF OSVDB:153152
XREF OSVDB:153153
XREF OSVDB:153154
XREF OSVDB:153155
XREF OSVDB:153156
XREF OSVDB:153157
XREF OSVDB:153158
XREF OSVDB:153159
XREF OSVDB:153160
XREF OSVDB:153161
XREF OSVDB:153162
XREF OSVDB:153163
XREF OSVDB:153164
XREF OSVDB:153165
XREF OSVDB:153166
XREF OSVDB:153167
XREF OSVDB:153168
XREF OSVDB:153169
XREF OSVDB:153170
XREF OSVDB:153171
XREF OSVDB:153172
XREF OSVDB:153173
XREF OSVDB:153174
XREF OSVDB:153175
XREF OSVDB:153176
XREF OSVDB:153177
XREF OSVDB:153178
XREF OSVDB:153179
XREF OSVDB:153180
XREF OSVDB:153181
XREF OSVDB:153182
XREF OSVDB:153183
XREF OSVDB:153189
XREF OSVDB:153190
XREF OSVDB:153191
XREF OSVDB:153192
XREF OSVDB:153193
XREF OSVDB:153194
XREF OSVDB:153195
XREF OSVDB:153196
XREF OSVDB:153198
XREF OSVDB:153203
XREF OSVDB:153204
XREF OSVDB:153205
XREF OSVDB:153206
XREF OSVDB:153207
XREF OSVDB:153209
XREF OSVDB:153211
XREF OSVDB:153212
XREF OSVDB:153213
XREF OSVDB:153214
XREF OSVDB:153215
XREF OSVDB:153217
XREF OSVDB:153248
XREF OSVDB:153249
XREF MFSA:2017-05
Plugin Information:
Published: 2017/03/09, Modified: 2017/08/15
Plugin Output

10.0.0.64 (tcp/445)


Path : C:\Program Files (x86)\Mozilla Firefox
Installed version : 42.0
Fixed version : 52.0
97727 (1) - Adobe Flash Player <= 24.0.0.221 Multiple Vulnerabilities (APSB17-07)
Synopsis
The remote Windows host has a browser plugin installed that is affected by multiple vulnerabilities.
Description
The version of Adobe Flash Player installed on the remote Windows host is equal or prior to version 24.0.0.221. It is, therefore, affected by multiple vulnerabilities :

- A buffer overflow condition exists that allows an attacker to execute arbitrary code. (CVE-2017-2997)

- Multiple memory corruption issues exist that allow an attacker to execute arbitrary code. (CVE-2017-2998, CVE-2017-2999)

- An unspecified flaw exists in the random number generator used for constant binding that allows an attacker to disclose sensitive information.
(CVE-2017-3000)

- Multiple use-after-free errors exist that allow an attacker to execute arbitrary code. (CVE-2017-3001, CVE-2017-3002, CVE-2017-3003)
See Also
Solution
Upgrade to Adobe Flash Player version 25.0.0.127 or later.
Risk Factor
High
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
7.7 (CVSS:3.0/E:U/RL:O/RC:C)
CVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score
6.9 (CVSS2#E:U/RL:OF/RC:C)
References
BID 96860
BID 96861
BID 96862
BID 96866
CVE CVE-2017-2997
CVE CVE-2017-2998
CVE CVE-2017-2999
CVE CVE-2017-3000
CVE CVE-2017-3001
CVE CVE-2017-3002
CVE CVE-2017-3003
XREF OSVDB:153612
XREF OSVDB:153613
XREF OSVDB:153614
XREF OSVDB:153618
XREF OSVDB:153619
XREF OSVDB:153620
XREF OSVDB:153621
Plugin Information:
Published: 2017/03/14, Modified: 2017/04/15
Plugin Output

10.0.0.14 (tcp/445)


Product : ActiveX control (for Internet Explorer)
Path : C:\WINDOWS\system32\Macromed\Flash\Flash10p.ocx
Installed version : 10.2.159.1
Fixed version : 25.0.0.127
99125 (1) - Mozilla Firefox < 52.0.1 CreateImageBitmap RCE
Synopsis
The remote Windows host contains a web browser that is affected by a remote code execution vulnerability.
Description
The version of Mozilla Firefox installed on the remote Windows host is prior to 52.0.1. It is, therefore, affected by an integer overflow condition in the nsGlobalWindow::CreateImageBitmap() function within file dom/base/nsGlobalWindow.cpp due to improper validation of certain input. An unauthenticated, remote attacker can exploit this to corrupt memory, possibly resulting in the execution of arbitrary code.

Note that this function runs in the content sandbox, requiring a second vulnerability to compromise a user's computer.
See Also
Solution
Upgrade to Mozilla Firefox version 52.0.1 or later.
Risk Factor
High
CVSS v3.0 Base Score
7.5 (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS Base Score
7.6 (CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C)
CVSS Temporal Score
6.3 (CVSS2#E:F/RL:OF/RC:ND)
References
BID 96959
CVE CVE-2017-5428
XREF OSVDB:153959
XREF MFSA:2017-08
Plugin Information:
Published: 2017/03/31, Modified: 2017/08/15
Plugin Output

10.0.0.64 (tcp/445)


Path : C:\Program Files (x86)\Mozilla Firefox
Installed version : 42.0
Fixed version : 52.0.1
99283 (1) - Adobe Flash Player <= 25.0.0.127 Multiple Vulnerabilities (APSB17-10)
Synopsis
The remote Windows host has a browser plugin installed that is affected by multiple vulnerabilities.
Description
The version of Adobe Flash Player installed on the remote Windows host is equal or prior to version 25.0.0.127. It is, therefore, affected by multiple vulnerabilities :

- Multiple use-after-free errors exist that allow an unauthenticated, remote attacker to execute arbitrary code. (CVE-2017-3058, CVE-2017-3059, CVE-2017-3062, CVE-2017-3063)

- Multiple memory corruption issues exist that allow an unauthenticated, remote attacker to execute arbitrary code. (CVE-2017-3060, CVE-2017-3061, CVE-2017-3064)
See Also
Solution
Upgrade to Adobe Flash Player version 25.0.0.148 or later.
Risk Factor
High
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
7.9 (CVSS:3.0/E:P/RL:O/RC:X)
CVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score
7.3 (CVSS2#E:POC/RL:OF/RC:ND)
References
BID 97551
BID 97557
CVE CVE-2017-3058
CVE CVE-2017-3059
CVE CVE-2017-3060
CVE CVE-2017-3061
CVE CVE-2017-3062
CVE CVE-2017-3063
CVE CVE-2017-3064
XREF OSVDB:155267
XREF OSVDB:155268
XREF OSVDB:155269
XREF OSVDB:155270
XREF OSVDB:155271
XREF OSVDB:155272
XREF OSVDB:155273
Plugin Information:
Published: 2017/04/11, Modified: 2017/08/14
Plugin Output

10.0.0.14 (tcp/445)


Product : ActiveX control (for Internet Explorer)
Path : C:\WINDOWS\system32\Macromed\Flash\Flash10p.ocx
Installed version : 10.2.159.1
Fixed version : 25.0.0.148
99374 (1) - Adobe Reader < 11.0.20 / 2015.006.30306 / 2017.009.20044 Multiple Vulnerabilities (APSB17-11)
Synopsis
The version of Adobe Reader installed on the remote Windows host is affected by multiple vulnerabilities.
Description
The version of Adobe Reader installed on the remote Windows host is a version prior to 11.0.20, 2015.006.30306, or 2017.009.20044. It is, therefore, affected by multiple vulnerabilities :

- Multiple use-after-free errors exist that allow an attacker to execute arbitrary code. (CVE-2017-3014, CVE-2017-3026, CVE-2017-3027, CVE-2017-3035, CVE-2017-3047, CVE-2017-3057)

- Multiple heap buffer overflow conditions exist that allow an attacker to execute arbitrary code.
(CVE-2017-3042, CVE-2017-3048, CVE-2017-3049, CVE-2017-3055)

- Multiple memory corruption issues exist that allow an attacker to execute arbitrary code. (CVE-2017-3015, CVE-2017-3017, CVE-2017-3018, CVE-2017-3019, CVE-2017-3023, CVE-2017-3024, CVE-2017-3025, CVE-2017-3028, CVE-2017-3030, CVE-2017-3036, CVE-2017-3037, CVE-2017-3038, CVE-2017-3039, CVE-2017-3040, CVE-2017-3041, CVE-2017-3044, CVE-2017-3050, CVE-2017-3051, CVE-2017-3054, CVE-2017-3056, CVE-2017-3065)

- Multiple integer overflow conditions exist that allow an attacker to execute arbitrary code. (CVE-2017-3011, CVE-2017-3034)

- Multiple memory corruption issues exist that allow an an attacker to disclose memory address information.
(CVE-2017-3020, CVE-2017-3021, CVE-2017-3022, CVE-2017-3029, CVE-2017-3031, CVE-2017-3032, CVE-2017-3033, CVE-2017-3043, CVE-2017-3045, CVE-2017-3046, CVE-2017-3052, CVE-2017-3053)

- A flaw exists due to the use of an insecure directory search path. An attacker can potentially exploit this to execute arbitrary code. (CVE-2017-3012, CVE-2017-3013)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Upgrade to Adobe Reader 11.0.20 / 2015.006.30306 / 2017.009.20044 or later.
Risk Factor
High
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
7.9 (CVSS:3.0/E:P/RL:O/RC:C)
CVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score
7.3 (CVSS2#E:POC/RL:OF/RC:C)
References
BID 97547
BID 97548
BID 97549
BID 97550
BID 97554
BID 97556
CVE CVE-2017-3011
CVE CVE-2017-3012
CVE CVE-2017-3013
CVE CVE-2017-3014
CVE CVE-2017-3015
CVE CVE-2017-3017
CVE CVE-2017-3018
CVE CVE-2017-3019
CVE CVE-2017-3020
CVE CVE-2017-3021
CVE CVE-2017-3022
CVE CVE-2017-3023
CVE CVE-2017-3024
CVE CVE-2017-3025
CVE CVE-2017-3026
CVE CVE-2017-3027
CVE CVE-2017-3028
CVE CVE-2017-3029
CVE CVE-2017-3030
CVE CVE-2017-3031
CVE CVE-2017-3032
CVE CVE-2017-3033
CVE CVE-2017-3034
CVE CVE-2017-3035
CVE CVE-2017-3036
CVE CVE-2017-3037
CVE CVE-2017-3038
CVE CVE-2017-3039
CVE CVE-2017-3040
CVE CVE-2017-3041
CVE CVE-2017-3042
CVE CVE-2017-3043
CVE CVE-2017-3044
CVE CVE-2017-3045
CVE CVE-2017-3046
CVE CVE-2017-3047
CVE CVE-2017-3048
CVE CVE-2017-3049
CVE CVE-2017-3050
CVE CVE-2017-3051
CVE CVE-2017-3052
CVE CVE-2017-3053
CVE CVE-2017-3054
CVE CVE-2017-3055
CVE CVE-2017-3056
CVE CVE-2017-3057
CVE CVE-2017-3065
XREF OSVDB:155282
XREF OSVDB:155283
XREF OSVDB:155284
XREF OSVDB:155285
XREF OSVDB:155286
XREF OSVDB:155287
XREF OSVDB:155288
XREF OSVDB:155289
XREF OSVDB:155290
XREF OSVDB:155291
XREF OSVDB:155292
XREF OSVDB:155293
XREF OSVDB:155294
XREF OSVDB:155295
XREF OSVDB:155296
XREF OSVDB:155297
XREF OSVDB:155298
XREF OSVDB:155299
XREF OSVDB:155300
XREF OSVDB:155301
XREF OSVDB:155302
XREF OSVDB:155303
XREF OSVDB:155304
XREF OSVDB:155305
XREF OSVDB:155306
XREF OSVDB:155307
XREF OSVDB:155308
XREF OSVDB:155309
XREF OSVDB:155310
XREF OSVDB:155311
XREF OSVDB:155312
XREF OSVDB:155313
XREF OSVDB:155314
XREF OSVDB:155315
XREF OSVDB:155316
XREF OSVDB:155317
XREF OSVDB:155318
XREF OSVDB:155319
XREF OSVDB:155320
XREF OSVDB:155321
XREF OSVDB:155322
XREF OSVDB:155323
XREF OSVDB:155324
XREF OSVDB:155325
XREF OSVDB:155326
XREF OSVDB:155327
XREF OSVDB:155328
Plugin Information:
Published: 2017/04/14, Modified: 2018/04/25
Plugin Output

10.0.0.64 (tcp/445)


Path : C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader
Installed version : 15.8.20082.147029
Fixed version : 17.9.20044
99588 (1) - Oracle Java SE Multiple Vulnerabilities (April 2017 CPU)
Synopsis
The remote Windows host contains a programming platform that is affected by multiple vulnerabilities.
Description
The version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is prior to 6 Update 151, 7 Update 141, or 8 Update 131. It is, therefore, affected by multiple vulnerabilities :

- An unspecified flaw exists in the Networking subcomponent that allows an unauthenticated, remote attacker to impact confidentiality and integrity.
(CVE-2017-3509)

- An unspecified flaw exists in the JCE subcomponent that allows a local attacker to gain elevated privileges.
This vulnerability does not affect Java SE version 6.
(CVE-2017-3511)

- An unspecified flaw exists in the AWT subcomponent that allows an unauthenticated, remote attacker to execute arbitrary code. This vulnerability does not affect Java SE version 6. (CVE-2017-3512)

- An unspecified flaw exists in the AWT subcomponent that allows an unauthenticated, remote attacker to execute arbitrary code. (CVE-2017-3514)

- An unspecified flaw exists in the JAXP subcomponent that allows an unauthenticated, remote attacker to cause a denial of service condition. (CVE-2017-3526)

- Multiple unspecified flaws exist in the Networking subcomponent that allow an unauthenticated, remote attacker to gain update, insert, or delete access to unauthorized data. (CVE-2017-3533, CVE-2017-3544)

- An unspecified flaw exists in the Security subcomponent that allows an unauthenticated, remote attacker to gain update, insert, or delete access to unauthorized data.
(CVE-2017-3539)
See Also
Solution
Upgrade to Oracle JDK / JRE 6 Update 151 / 7 Update 141 / 8 Update 131 or later. If necessary, remove any affected versions.

Note that an Extended Support contract with Oracle is needed to obtain JDK / JRE 6 Update 95 or later.
Risk Factor
High
CVSS v3.0 Base Score
8.3 (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)
CVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score
6.9 (CVSS2#E:U/RL:OF/RC:C)
References
BID 97727
BID 97729
BID 97731
BID 97733
BID 97737
BID 97740
BID 97745
BID 97752
CVE CVE-2017-3509
CVE CVE-2017-3511
CVE CVE-2017-3512
CVE CVE-2017-3514
CVE CVE-2017-3526
CVE CVE-2017-3533
CVE CVE-2017-3539
CVE CVE-2017-3544
XREF OSVDB:155830
XREF OSVDB:155831
XREF OSVDB:155832
XREF OSVDB:155833
XREF OSVDB:155834
XREF OSVDB:155835
XREF OSVDB:155836
XREF OSVDB:155837
Plugin Information:
Published: 2017/04/21, Modified: 2017/08/15
Plugin Output

10.0.0.64 (tcp/445)


The following vulnerable instances of Java are installed on the
remote host :

Path : C:\Program Files (x86)\Java\jre1.8.0_121
Path : C:\Program Files\Java\jre1.8.0_121
Installed version : 1.8.0_121
Fixed version : 1.6.0_151 / 1.7.0_141 / 1.8.0_131
99632 (1) - Mozilla Firefox < 53 Multiple Vulnerabilities
Synopsis
The remote Windows host contains a web browser that is affected by multiple vulnerabilities.
Description
The version of Mozilla Firefox installed on the remote Windows host is prior to 53. It is, therefore, affected by the following vulnerabilities :

- Multiple buffer overflow conditions exist in the FLEX generated code due to improper validation of certain input. An unauthenticated, remote attacker can exploit these to execute arbitrary code. (CVE-2016-6354, CVE-2017-5469)

- Multiple flaws exist in the Libevent library, within files evdns.c and evutil.c, due to improper validation of input when handling IP address strings, empty base name strings, and DNS packets. An unauthenticated, remote attacker can exploit these to cause a denial of service condition or the execution of arbitrary code.
(CVE-2016-10195, CVE-2016-10196, CVE-2016-10197, CVE-2017-5437)

- Multiple memory corruption issues exist that allow an unauthenticated, remote attacker to execute arbitrary code. (CVE-2017-5429, CVE-2017-5430)

- A use-after-free error exists in input text selection that allows an unauthenticated, remote attacker to cause a denial of service condition or the execution of arbitrary code. (CVE-2017-5432)

- A use-after-free error exists in the SMIL animation functions when handling animation elements. An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. (CVE-2017-5433)

- A use-after-free error exists when redirecting focus handling that allows an unauthenticated, remote attacker to cause a denial of service condition or the execution of arbitrary code. (CVE-2017-5434)

- A use-after-free error exists in design mode interactions when handling transaction processing in the editor. An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. (CVE-2017-5435)

- An out-of-bounds write error exists in the Graphite 2 library when handling specially crafted Graphite fonts.
An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. (CVE-2017-5436)

- A use-after-free error exists in the nsAutoPtr() function during XSLT processing due to the result handler being held by a freed handler. An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. (CVE-2017-5438)

- A use-after-free error exists in the Length() function in nsTArray when handling template parameters during XSLT processing. An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. (CVE-2017-5439)

- A use-after-free error exists in the txExecutionState destructor when processing XSLT content. An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. (CVE-2017-5440)

- A use-after-free error exists when holding a selection during scroll events. An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code.
(CVE-2017-5441)

- A use-after-free error exists when changing styles in DOM elements that allows an unauthenticated, remote attacker to cause a denial of service condition or the execution of arbitrary code. (CVE-2017-5442)

- An out-of-bounds write error exists while decoding improperly formed BinHex format archives that allows an unauthenticated, remote attacker to cause a denial of service condition or the execution of arbitrary code.
(CVE-2017-5443)

- A buffer overflow condition exists while parsing application/http-index-format format content due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this, via improperly formatted data, to disclose out-of-bounds memory content. (CVE-2017-5444)

- A flaw exists in nsDirIndexParser.cpp when parsing application/http-index-format format content in which uninitialized values are used to create an array. An unauthenticated, remote attacker can exploit this to disclose memory contents. (CVE-2017-5445)

- An out-of-bounds read error exists when handling HTTP/2 DATA connections to a server that sends DATA frames with incorrect content. An unauthenticated, remote attacker can exploit to cause a denial of service condition or the disclosure of memory contents. (CVE-2017-5446)

- An out-of-bounds read error exists when processing glyph widths during text layout. An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the disclosure of memory contents.
(CVE-2017-5447)

- An out-of-bounds write error exists in the ClearKeyDecryptor::Decrypt() function within file ClearKeyDecryptionManager.cpp when decrypting Clearkey-encrypted media content. An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code.
This vulnerability can only be exploited if a secondary mechanism can be used to escape the Gecko Media Plugin (GMP) sandbox. (CVE-2017-5448)

- A flaw exists when handling bidirectional Unicode text in conjunction with CSS animations that allows an unauthenticated, remote attacker to cause a denial of service condition or the execution or arbitrary code.
(CVE-2017-5449)

- A flaw exists in the handling of specially crafted 'onblur' events. An unauthenticated, remote attacker can exploit this, via a specially crafted event, to spoof the address bar, making the loaded site appear to be different from the one actually loaded. (CVE-2017-5451)

- A flaw exists in the RSS reader preview page due to improper sanitization of URL parameters for a feed's TITLE element. An unauthenticated, remote attacker can exploit this to spoof the TITLE element. However, no scripted content can be run. (CVE-2017-5453)

- A flaw exists in the FileSystemSecurity::Forget() function within file FileSystemSecurity.cpp when using the File Picker due to improper sanitization of input containing path traversal sequences. An unauthenticated, remote attacker can exploit this to bypass file system access protections in the sandbox and read arbitrary files on the local file system. (CVE-2017-5454)

- An unspecified flaw exists in the internal feed reader APIs when handling messages. An unauthenticated, remote attacker can exploit this to escape the sandbox and gain elevated privileges if it can be combined with another vulnerability that allows remote code execution inside the sandboxed process. (CVE-2017-5455)

- A flaw exists in the Entries API when using a file system request constructor through an IPC message. An unauthenticated, remote attacker can exploit this to bypass file system access protections in the sandbox and gain read and write access to the local file system.
(CVE-2017-5456)

- A reflected cross-site scripting (XSS) vulnerability exists when dragging and dropping a 'javascript:' URL into the address bar due to improper validation of input. An unauthenticated, remote attacker can exploit this to execute arbitrary script code in a user's browser session. (CVE-2017-5458)

- A buffer overflow condition exists in WebGL when handling web content due to improper validation of certain input. An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. (CVE-2017-5459)

- A use-after-free error exists in frame selection when handling a specially crafted combination of script content and key presses by the user. An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code.
(CVE-2017-5460)

- An out-of-bounds write error exists in the Network Security Services (NSS) library during Base64 decoding operations due to insufficient memory being allocated to a buffer. An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. (CVE-2017-5461)

- A flaw exists in the Network Security Services (NSS) library during DRBG number generation due to the internal state V not correctly carrying bits over. An unauthenticated, remote attacker can exploit this to potentially cause predictable random number generation.
(CVE-2017-5462)

- A flaw exists when making changes to DOM content in the accessibility tree due to improper validation of certain input, which can lead to the DOM tree becoming out of sync with the accessibility tree. An unauthenticated, remote attacker can exploit this to corrupt memory, resulting in a denial of service condition or the execution of arbitrary code. (CVE-2017-5464)

- An out-of-bounds read error exists in ConvolvePixel when processing SVG content, which allows for otherwise inaccessible memory being copied into SVG graphic content. An unauthenticated, remote attacker can exploit this to disclose memory contents or cause a denial of service condition. (CVE-2017-5465)

- A cross-site script (XSS) vulnerability exists due to improper handling of data:text/html URL redirects when a reload is triggered, which causes the reloaded data:text/html page to have its origin set incorrectly.
An unauthenticated, remote attacker can exploit this, via a specially crafted request, to execute arbitrary script code in a user's browser session. (CVE-2017-5466)

- A memory corruption issue exists when rendering Skia content outside of the bounds of a clipping region due to improper validation of certain input. An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. (CVE-2017-5467)

- A flaw exists in the developer tools due to an incorrect ownership model of privateBrowsing information. An unauthenticated, remote attacker can exploit this to cause a denial of service condition. (CVE-2017-5468)
See Also
Solution
Upgrade to Mozilla Firefox version 53 or later.
Risk Factor
High
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
8.1 (CVSS:3.0/E:F/RL:O/RC:X)
CVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score
7.7 (CVSS2#E:F/RL:OF/RC:ND)
References
BID 92141
BID 96014
BID 97940
CVE CVE-2016-6354
CVE CVE-2016-10195
CVE CVE-2016-10196
CVE CVE-2016-10197
CVE CVE-2017-5429
CVE CVE-2017-5430
CVE CVE-2017-5432
CVE CVE-2017-5433
CVE CVE-2017-5434
CVE CVE-2017-5435
CVE CVE-2017-5436
CVE CVE-2017-5437
CVE CVE-2017-5438
CVE CVE-2017-5439
CVE CVE-2017-5440
CVE CVE-2017-5441
CVE CVE-2017-5442
CVE CVE-2017-5443
CVE CVE-2017-5444
CVE CVE-2017-5445
CVE CVE-2017-5446
CVE CVE-2017-5447
CVE CVE-2017-5448
CVE CVE-2017-5449
CVE CVE-2017-5451
CVE CVE-2017-5453
CVE CVE-2017-5454
CVE CVE-2017-5455
CVE CVE-2017-5456
CVE CVE-2017-5458
CVE CVE-2017-5459
CVE CVE-2017-5460
CVE CVE-2017-5461
CVE CVE-2017-5462
CVE CVE-2017-5464
CVE CVE-2017-5465
CVE CVE-2017-5466
CVE CVE-2017-5467
CVE CVE-2017-5468
CVE CVE-2017-5469
XREF OSVDB:142032
XREF OSVDB:151245
XREF OSVDB:151246
XREF OSVDB:151247
XREF OSVDB:155950
XREF OSVDB:155951
XREF OSVDB:155952
XREF OSVDB:155953
XREF OSVDB:155954
XREF OSVDB:155955
XREF OSVDB:155956
XREF OSVDB:155957
XREF OSVDB:155958
XREF OSVDB:155959
XREF OSVDB:155960
XREF OSVDB:155961
XREF OSVDB:155962
XREF OSVDB:155963
XREF OSVDB:155964
XREF OSVDB:155965
XREF OSVDB:155966
XREF OSVDB:155967
XREF OSVDB:155968
XREF OSVDB:155972
XREF OSVDB:155973
XREF OSVDB:155974
XREF OSVDB:155975
XREF OSVDB:155976
XREF OSVDB:155989
XREF OSVDB:155991
XREF OSVDB:155992
XREF OSVDB:155994
XREF OSVDB:155996
XREF OSVDB:155997
XREF OSVDB:155998
XREF OSVDB:155999
XREF OSVDB:156037
XREF OSVDB:156038
XREF OSVDB:156039
XREF OSVDB:156040
XREF OSVDB:156041
XREF OSVDB:156042
XREF OSVDB:156043
XREF OSVDB:156044
XREF OSVDB:156045
XREF OSVDB:156046
XREF OSVDB:156047
XREF OSVDB:156048
XREF OSVDB:156049
XREF OSVDB:156050
XREF OSVDB:156051
XREF OSVDB:156052
XREF OSVDB:156053
XREF OSVDB:156054
XREF OSVDB:156055
XREF OSVDB:156056
XREF OSVDB:156057
XREF OSVDB:156058
XREF OSVDB:156059
XREF MFSA:2017-10
Plugin Information:
Published: 2017/04/24, Modified: 2017/08/15
Plugin Output

10.0.0.64 (tcp/445)


Path : C:\Program Files (x86)\Mozilla Firefox
Installed version : 42.0
Fixed version : 53
100052 (1) - Adobe Flash Player <= 25.0.0.148 Multiple Vulnerabilities (APSB17-15)
Synopsis
The remote Windows host has a browser plugin installed that is affected by multiple vulnerabilities.
Description
The version of Adobe Flash Player installed on the remote Windows host is equal or prior to version 25.0.0.148. It is, therefore, affected by multiple vulnerabilities :

- A use-after-free error exists that allows an unauthenticated, remote attacker to execute arbitrary code. (CVE-2017-3071)

- Multiple memory corruption issues exist that allow an unauthenticated, remote attacker to execute arbitrary code. (CVE-2017-3068, CVE-2017-3069, CVE-2017-3070, CVE-2017-3072, CVE-2017-3073, CVE-2017-3074)
See Also
Solution
Upgrade to Adobe Flash Player version 25.0.0.171 or later.
Risk Factor
High
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score
7.3 (CVSS2#E:POC/RL:OF/RC:ND)
References
BID 98347
BID 98349
BID 98349
BID 98349
BID 98349
BID 98349
BID 98349
CVE CVE-2017-3068
CVE CVE-2017-3069
CVE CVE-2017-3070
CVE CVE-2017-3071
CVE CVE-2017-3072
CVE CVE-2017-3073
CVE CVE-2017-3074
XREF OSVDB:157209
XREF OSVDB:157210
XREF OSVDB:157211
XREF OSVDB:157212
XREF OSVDB:157213
XREF OSVDB:157214
XREF OSVDB:157215
Plugin Information:
Published: 2017/05/09, Modified: 2017/08/14
Plugin Output

10.0.0.14 (tcp/445)


Product : ActiveX control (for Internet Explorer)
Path : C:\WINDOWS\system32\Macromed\Flash\Flash10p.ocx
Installed version : 10.2.159.1
Fixed version : 25.0.0.171
100127 (1) - Mozilla Firefox < 53.0.2 ANGLE Graphics Library RCE
Synopsis
The remote Windows host contains a web browser that is affected by a remote code execution vulnerability.
Description
The version of Mozilla Firefox installed on the remote Windows host is prior to 53.0.2. It is, therefore, affected by a use-after-free error in libANGLE/renderer/d3d/d3d11/Buffer11.cpp within the ANGLE graphics library (libGLES) when handling Buffer11 API calls. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted web page, to dereference already freed memory, resulting in a crash or potentially the execution of arbitrary code.
See Also
Solution
Upgrade to Mozilla Firefox version 53.0.2 or later.
Risk Factor
High
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
7.7 (CVSS:3.0/E:U/RL:U/RC:R)
CVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score
7.5 (CVSS2#E:U/RL:U/RC:UR)
References
BID 98326
CVE CVE-2017-5031
XREF OSVDB:153215
XREF MFSA:2017-14
Plugin Information:
Published: 2017/05/11, Modified: 2017/06/29
Plugin Output

10.0.0.64 (tcp/445)


Path : C:\Program Files (x86)\Mozilla Firefox
Installed version : 42.0
Fixed version : 53.0.2
100756 (1) - Adobe Flash Player <= 25.0.0.171 Multiple Vulnerabilities (APSB17-17)
Synopsis
The remote Windows host has a browser plugin installed that is affected by multiple vulnerabilities.
Description
The version of Adobe Flash Player installed on the remote Windows host is equal or prior to version 25.0.0.171. It is, therefore, affected by multiple vulnerabilities :

- Multiple use-after-free errors exist that allow an unauthenticated, remote attacker to execute arbitrary code. (CVE-2017-3075, CVE-2017-3081, CVE-2017-3083, CVE-2017-3084)

- Multiple memory corruption issues exist that allow an unauthenticated, remote attacker to execute arbitrary code. (CVE-2017-3076, CVE-2017-3077, CVE-2017-3078, CVE-2017-3079, CVE-2017-3082)
See Also
Solution
Upgrade to Adobe Flash Player version 26.0.0.126 or later.
Risk Factor
High
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
7.9 (CVSS:3.0/E:P/RL:O/RC:X)
CVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score
7.3 (CVSS2#E:POC/RL:OF/RC:ND)
References
BID 99023
BID 99025
CVE CVE-2017-3075
CVE CVE-2017-3076
CVE CVE-2017-3077
CVE CVE-2017-3078
CVE CVE-2017-3079
CVE CVE-2017-3081
CVE CVE-2017-3082
CVE CVE-2017-3083
CVE CVE-2017-3084
XREF OSVDB:158876
XREF OSVDB:158877
XREF OSVDB:158878
XREF OSVDB:158879
XREF OSVDB:158880
XREF OSVDB:158881
XREF OSVDB:158882
XREF OSVDB:158883
XREF OSVDB:158884
Plugin Information:
Published: 2017/06/13, Modified: 2017/08/14
Plugin Output

10.0.0.14 (tcp/445)


Product : ActiveX control (for Internet Explorer)
Path : C:\WINDOWS\system32\Macromed\Flash\Flash10p.ocx
Installed version : 10.2.159.1
Fixed version : 26.0.0.120
100806 (1) - Adobe Shockwave Player <= 12.2.8.198 Memory Corruption RCE (APSB17-18)
Synopsis
The remote Windows host contains a web browser plugin that is affected by a remote code execution vulnerability.
Description
The version of Adobe Shockwave Player installed on the remote host is equal or prior to 12.2.8.198. It is, therefore, affected by an unspecified memory corruption issue due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code.
See Also
Solution
Upgrade to Adobe Shockwave Player version 12.2.9.199 or later.
Risk Factor
High
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
7.7 (CVSS:3.0/E:U/RL:O/RC:C)
CVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score
6.9 (CVSS2#E:U/RL:OF/RC:C)
References
BID 99019
CVE CVE-2017-3086
XREF OSVDB:158885
Plugin Information:
Published: 2017/06/15, Modified: 2017/11/16
Plugin Output

10.0.0.64 (tcp/445)


Nessus has identified the following vulnerable instances of Shockwave
Player installed on the remote host :

Variant : Browser Plugin (for Firefox / Netscape / Opera)
File : C:\Windows\SysWOW64\Adobe\Director\np32dsw_1228198.dll
Installed version : 12.2.8.198
Fixed version : 12.2.9.199

Variant : ActiveX control (for Internet Explorer)
File : C:\Windows\SysWow64\Adobe\Director\SwDir_1228198.dll
Installed version : 12.2.8.198
Fixed version : 12.2.9.199
100810 (1) - Mozilla Firefox < 54 Multiple Vulnerabilities
Synopsis
A web browser installed on the remote Windows host is affected by multiple vulnerabilities.
Description
The version of Mozilla Firefox installed on the remote Windows host is prior to 54. It is, therefore, affected by multiple vulnerabilities :

- Multiple memory corruption issues exist that allow an unauthenticated, remote attacker to execute arbitrary code by convincing a user to visit a specially crafted website. (CVE-2017-5470, CVE-2017-5471)

- A use-after-free error exists in the EndUpdate() function in nsCSSFrameConstructor.cpp that is triggered when reconstructing trees during regeneration of CSS layouts. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website, to cause a denial of service condition or the execution of arbitrary code. (CVE-2017-5472)

- A use-after-free error exists in the Reload() function in nsDocShell.cpp that is triggered when using an incorrect URL during the reload of a docshell. An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. (CVE-2017-7749)

- A use-after-free error exists in the Hide() function in nsDocumentViewer.cpp that is triggered when handling track elements. An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. (CVE-2017-7750)

- A use-after-free error exists in the nsDocumentViewer class in nsDocumentViewer.cpp that is triggered when handling content viewer listeners. An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code.
(CVE-2017-7751)

- A use-after-free error exists that is triggered when handling events while specific user interaction occurs with the input method editor (IME). An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code.
(CVE-2017-7752)

- An out-of-bounds read error exists in the IsComplete() function in WebGLTexture.cpp that is triggered when handling textures. An unauthenticated, remote attacker can exploit this to disclose memory contents.
(CVE-2017-7754)

- A privilege escalation vulnerability exists due to improper loading of dynamic-link library (DLL) files. A local attacker can exploit this, via a specially crafted DLL file in the installation path, to inject and execute arbitrary code. (CVE-2017-7755)

- A use-after-free error exists in the SetRequestHead() function in XMLHttpRequestMainThread.cpp that is triggered when logging XML HTTP Requests (XHR). An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. (CVE-2017-7756)

- A use-after-free error exists in ActorsParent.cpp due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. (CVE-2017-7757)

- An out-of-bounds read error exists in the AppendAudioSegment() function in TrackEncoder.cpp that is triggered when the number of channels in an audio stream changes while the Opus encoder is in use. An unauthenticated, remote attacker can exploit this to disclose sensitive information. (CVE-2017-7758)

- A flaw exists in the NS_main() function in updater.cpp due to improper validation of input when handling callback file path parameters. A local attacker can exploit this to manipulate files in the installation directory. (CVE-2017-7760)

- A flaw exists in the Maintenance Service helper.exe application that is triggered as permissions for a temporary directory are set to writable by non-privileged users. A local attacker can exploit this to delete arbitrary files on the system. (CVE-2017-7761)

- A flaw exists that is triggered when displaying URLs including authentication sections in reader mode. An unauthenticated, remote attacker can exploit this, via a specially crafted URL, to spoof domains in the address bar. (CVE-2017-7762)

- A flaw exists in the isLabelSafe() function in nsIDNService.cpp that is triggered when handling characters from different unicode blocks. An unauthenticated, remote attacker can exploit this, via a specially crafted IDN domain, to spoof a valid URL and conduct phishing attacks. (CVE-2017-7764)

- A flaw exists that is triggered due to improper parsing of long filenames when handling downloaded files. An unauthenticated, remote attacker can exploit this to cause a file to be downloaded without the 'mark-of-the-web' applied, resulting in security warnings for executables not being displayed.
(CVE-2017-7765)

- A flaw exists in the Mozilla Maintenance Service that is triggered when handling paths for the 'patch', 'install', and 'working' directories. A local attacker can exploit this to execute arbitrary code with elevated privileges. (CVE-2017-7766)

- A flaw exists in the Mozilla Maintenance Service that is triggered when being invoked using the Mozilla Windows Updater. A local attacker can exploit this to overwrite arbitrary files with random data. (CVE-2017-7767)

- A flaw exists in the IsStatusApplying() function in workmonitor.cpp that is triggered when logging the update status. A local attacker can exploit this to read 32 bytes of arbitrary files. (CVE-2017-7768)

- Multiple integer overflow conditions exist in the Graphite component in the decompress() function in Decompressor.cpp due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. (CVE-2017-7772, CVE-2017-7778)

- An out-of-bounds read error exists in the Graphite component in the readGraphite() function in Silf.cpp. An unauthenticated, remote attacker can exploit this to cause a denial of service condition or disclose memory contents. (CVE-2017-7774)

- An assertion flaw exists in the Graphite component when handling zero value sizes. An unauthenticated, remote attacker can exploit this to cause a denial of service condition. (CVE-2017-7775)

- An out-of-bounds read error exists in the Graphite component in getClassGlyph() function in Silf.cpp due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this to cause a denial of service condition. (CVE-2017-7776)

- A flaw exists in the Graphite component in the read_glyph() function in GlyphCache.cpp related to use of uninitialized memory. An unauthenticated, remote attacker can exploit this to have an unspecified impact.
(CVE-2017-7777)
See Also
Solution
Upgrade to Mozilla Firefox version 54 or later.
Risk Factor
High
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
7.7 (CVSS:3.0/E:U/RL:O/RC:C)
CVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score
6.9 (CVSS2#E:U/RL:OF/RC:C)
References
BID 99040
BID 99041
BID 99042
BID 99047
BID 99057
CVE CVE-2017-5470
CVE CVE-2017-5471
CVE CVE-2017-5472
CVE CVE-2017-7749
CVE CVE-2017-7750
CVE CVE-2017-7751
CVE CVE-2017-7752
CVE CVE-2017-7754
CVE CVE-2017-7755
CVE CVE-2017-7756
CVE CVE-2017-7757
CVE CVE-2017-7758
CVE CVE-2017-7760
CVE CVE-2017-7761
CVE CVE-2017-7762
CVE CVE-2017-7764
CVE CVE-2017-7765
CVE CVE-2017-7766
CVE CVE-2017-7767
CVE CVE-2017-7768
CVE CVE-2017-7772
CVE CVE-2017-7774
CVE CVE-2017-7775
CVE CVE-2017-7776
CVE CVE-2017-7777
CVE CVE-2017-7778
XREF OSVDB:159018
XREF OSVDB:159019
XREF OSVDB:159020
XREF OSVDB:159021
XREF OSVDB:159022
XREF OSVDB:159023
XREF OSVDB:159024
XREF OSVDB:159025
XREF OSVDB:159026
XREF OSVDB:159027
XREF OSVDB:159028
XREF OSVDB:159029
XREF OSVDB:159030
XREF OSVDB:159031
XREF OSVDB:159032
XREF OSVDB:159033
XREF OSVDB:159034
XREF OSVDB:159035
XREF OSVDB:159036
XREF OSVDB:159046
XREF OSVDB:159047
XREF OSVDB:159048
XREF OSVDB:159049
XREF OSVDB:159050
XREF OSVDB:159051
XREF OSVDB:159052
XREF OSVDB:159053
XREF OSVDB:159054
XREF OSVDB:159055
XREF OSVDB:159056
XREF OSVDB:159057
XREF OSVDB:159058
XREF OSVDB:159059
XREF OSVDB:159060
XREF OSVDB:159062
XREF OSVDB:159063
XREF OSVDB:159064
XREF OSVDB:159065
XREF OSVDB:159066
XREF OSVDB:159067
XREF OSVDB:159068
XREF OSVDB:159069
XREF OSVDB:159070
XREF OSVDB:159071
XREF OSVDB:159072
XREF OSVDB:159073
XREF OSVDB:159076
XREF OSVDB:159078
XREF OSVDB:159080
XREF OSVDB:159082
XREF OSVDB:159083
XREF OSVDB:159085
XREF OSVDB:159087
XREF OSVDB:159089
XREF OSVDB:159090
XREF OSVDB:159092
XREF OSVDB:159093
XREF OSVDB:159094
XREF MFSA:2017-15
Plugin Information:
Published: 2017/06/15, Modified: 2017/08/15
Plugin Output

10.0.0.64 (tcp/445)


Path : C:\Program Files (x86)\Mozilla Firefox
Installed version : 42.0
Fixed version : 54
101362 (1) - Adobe Flash Player <= 26.0.0.131 Multiple Vulnerabilities (APSB17-21)
Synopsis
The remote Windows host has a browser plugin installed that is affected by multiple vulnerabilities.
Description
The version of Adobe Flash Player installed on the remote Windows host is equal or prior to version 26.0.0.131. It is, therefore, affected by multiple vulnerabilities :

- An information disclosure vulnerability exists due to an unspecified flaw. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a website containing specially crafted Flash content, to disclose sensitive information. (CVE-2017-3080)

- A remote code execution vulnerability exists due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a website containing specially crafted Flash content, to execute arbitrary code. (CVE-2017-3099)

- An information disclosure vulnerability exists that allows an unauthenticated, remote attacker to corrupt memory and disclose memory addresses. (CVE-2017-3100)
See Also
Solution
Upgrade to Adobe Flash Player version 26.0.0.137 or later.
Risk Factor
High
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
7.9 (CVSS:3.0/E:P/RL:O/RC:C)
CVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score
7.3 (CVSS2#E:POC/RL:OF/RC:C)
References
BID 99519
BID 99520
BID 99523
CVE CVE-2017-3080
CVE CVE-2017-3099
CVE CVE-2017-3100
XREF OSVDB:160715
XREF OSVDB:160716
XREF OSVDB:160717
Plugin Information:
Published: 2017/07/11, Modified: 2017/09/18
Plugin Output

10.0.0.14 (tcp/445)


Product : ActiveX control (for Internet Explorer)
Path : C:\WINDOWS\system32\Macromed\Flash\Flash10p.ocx
Installed version : 10.2.159.1
Fixed version : 26.0.0.137
101843 (1) - Oracle Java SE Multiple Vulnerabilities (July 2017 CPU)
Synopsis
The remote Windows host contains a programming platform that is affected by multiple vulnerabilities.
Description
The version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is prior to 8 Update 141, 7 Update 151, or 6 Update 161. It is, therefore, affected by multiple vulnerabilities :

- An unspecified flaw exists in the 2D component that allows an unauthenticated, remote attacker to cause a denial of service condition. (CVE-2017-10053)

- Multiple unspecified flaws exist in the Security component that allow an unauthenticated, remote attacker to execute arbitrary code. (CVE-2017-10067, CVE-2017-10116)

- An unspecified flaw exists in the Hotspot component that allows an unauthenticated, remote attacker to execute arbitrary code. (CVE-2017-10074)

- An unspecified flaw exists in the Scripting component that allows an authenticated, remote attacker to impact confidentiality and integrity. (CVE-2017-10078)

- An unspecified flaw exists in the Hotspot component that allows an unauthenticated, remote attacker to impact integrity. (CVE-2017-10081)

- Multiple unspecified flaws exist in the JavaFX component that allow an unauthenticated, remote attacker to execute arbitrary code. (CVE-2017-10086, CVE-2017-10114)

- Multiple unspecified flaws exist in the Libraries component that allow an unauthenticated, remote attacker to execute arbitrary code. (CVE-2017-10087, CVE-2017-10090, CVE-2017-10111)

- An unspecified flaw exists in the ImageIO component that allows an unauthenticated, remote attacker to execute arbitrary code. (CVE-2017-10089)

- Multiple unspecified flaws exist in the JAXP component that allow an unauthenticated, remote attacker to execute arbitrary code. (CVE-2017-10096, CVE-2017-10101)

- Multiple unspecified flaws exist in the RMI component that allow an unauthenticated, remote attacker to execute arbitrary code. (CVE-2017-10102, CVE-2017-10107)

- Multiple unspecified flaws exist in the Server component of the Java Advanced Management Console that allow an authenticated, remote attacker to impact confidentiality, integrity, and availability.
(CVE-2017-10104, CVE-2017-10145)

- An unspecified flaw exists in the Deployment component that allows an unauthenticated, remote attacker to impact integrity. (CVE-2017-10105)

- Multiple unspecified flaws exist in the Serialization component that allow an unauthenticated, remote attacker to exhaust available memory, resulting in a denial of service condition. (CVE-2017-10108, CVE-2017-10109)

- An unspecified flaw exists in the AWT component that allows an unauthenticated, remote attacker to execute arbitrary code. (CVE-2017-10110)

- Multiple unspecified flaws exist in the JCE component that allow an unauthenticated, remote attacker to disclose sensitive information. (CVE-2017-10115, CVE-2017-10118, CVE-2017-10135)

- An unspecified flaw exists in the Server component of the Java Advanced Management Console that allows an unauthenticated, remote attacker to disclose sensitive information. (CVE-2017-10117)

- An unspecified flaw exists in the Server component of the Java Advanced Management Console that allows an unauthenticated, remote attacker to impact confidentiality and integrity. (CVE-2017-10121)

- An unspecified flaw exists in the Deployment component that allows a local attacker to impact confidentiality, integrity, and availability. (CVE-2017-10125)

- Multiple unspecified flaws exist in the Security component that allow an unauthenticated, remote attacker to disclose sensitive information. (CVE-2017-10176, CVE-2017-10193, CVE-2017-10198)

- An unspecified flaw exists in the JAX-WS component that allows an unauthenticated, remote attacker to impact confidentiality and availability. (CVE-2017-10243)
See Also
Solution
Upgrade to Oracle JDK / JRE 8 Update 141 / 7 Update 151 / 6 Update 161 or later. If necessary, remove any affected versions.

Note that an Extended Support contract with Oracle is needed to obtain JDK / JRE 6 Update 95 or later.
Risk Factor
High
CVSS v3.0 Base Score
9.6 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
8.3 (CVSS:3.0/E:U/RL:O/RC:C)
CVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score
6.9 (CVSS2#E:U/RL:OF/RC:C)
References
BID 99643
BID 99659
BID 99662
BID 99670
BID 99674
BID 99703
BID 99706
BID 99707
BID 99712
BID 99719
BID 99726
BID 99731
BID 99734
BID 99752
BID 99756
BID 99774
BID 99782
BID 99788
BID 99797
BID 99804
BID 99809
BID 99818
BID 99827
BID 99832
BID 99835
BID 99839
BID 99842
BID 99846
BID 99847
BID 99851
BID 99853
BID 99854
CVE CVE-2017-10053
CVE CVE-2017-10067
CVE CVE-2017-10074
CVE CVE-2017-10078
CVE CVE-2017-10081
CVE CVE-2017-10086
CVE CVE-2017-10087
CVE CVE-2017-10089
CVE CVE-2017-10090
CVE CVE-2017-10096
CVE CVE-2017-10101
CVE CVE-2017-10102
CVE CVE-2017-10104
CVE CVE-2017-10105
CVE CVE-2017-10107
CVE CVE-2017-10108
CVE CVE-2017-10109
CVE CVE-2017-10110
CVE CVE-2017-10111
CVE CVE-2017-10114
CVE CVE-2017-10115
CVE CVE-2017-10116
CVE CVE-2017-10117
CVE CVE-2017-10118
CVE CVE-2017-10121
CVE CVE-2017-10125
CVE CVE-2017-10135
CVE CVE-2017-10145
CVE CVE-2017-10176
CVE CVE-2017-10193
CVE CVE-2017-10198
CVE CVE-2017-10243
XREF OSVDB:161398
XREF OSVDB:161399
XREF OSVDB:161400
XREF OSVDB:161401
XREF OSVDB:161402
XREF OSVDB:161403
XREF OSVDB:161404
XREF OSVDB:161405
XREF OSVDB:161406
XREF OSVDB:161407
XREF OSVDB:161408
XREF OSVDB:161409
XREF OSVDB:161410
XREF OSVDB:161411
XREF OSVDB:161412
XREF OSVDB:161413
XREF OSVDB:161414
XREF OSVDB:161415
XREF OSVDB:161416
XREF OSVDB:161417
XREF OSVDB:161418
XREF OSVDB:161419
XREF OSVDB:161420
XREF OSVDB:161421
XREF OSVDB:161422
XREF OSVDB:161423
XREF OSVDB:161424
XREF OSVDB:161425
XREF OSVDB:161426
XREF OSVDB:161427
XREF OSVDB:161428
XREF OSVDB:161429
Plugin Information:
Published: 2017/07/20, Modified: 2017/10/19
Plugin Output

10.0.0.64 (tcp/445)


The following vulnerable instances of Java are installed on the
remote host :

Path : C:\Program Files (x86)\Java\jre1.8.0_121
Path : C:\Program Files\Java\jre1.8.0_121
Installed version : 1.8.0_121
Fixed version : 1.6.0_161 / 1.7.0_151 / 1.8.0_141
102262 (1) - Adobe Flash Player <= 26.0.0.137 Multiple Vulnerabilities (APSB17-23)
Synopsis
The remote Windows host has a browser plugin installed that is affected by multiple vulnerabilities.
Description
The version of Adobe Flash Player installed on the remote Windows host is equal or prior to version 26.0.0.137. It is, therefore, affected by multiple vulnerabilities :

- An information disclosure vulnerability exists due to an unspecified flaw. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a website containing specially crafted Flash content, to disclose sensitive information. (CVE-2017-3085)

- A remote code execution vulnerability exists due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a website containing specially crafted Flash content, to execute arbitrary code. (CVE-2017-3106)
See Also
Solution
Upgrade to Adobe Flash Player version 26.0.0.151 or later.
Risk Factor
High
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
7.9 (CVSS:3.0/E:P/RL:O/RC:X)
CVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score
7.3 (CVSS2#E:POC/RL:OF/RC:ND)
References
BID 100191
CVE CVE-2017-3085
CVE CVE-2017-3106
XREF OSVDB:162718
XREF OSVDB:162719
Plugin Information:
Published: 2017/08/08, Modified: 2017/09/14
Plugin Output

10.0.0.14 (tcp/445)


Product : ActiveX control (for Internet Explorer)
Path : C:\WINDOWS\system32\Macromed\Flash\Flash10p.ocx
Installed version : 10.2.159.1
Fixed version : 26.0.0.151
102359 (1) - Mozilla Firefox < 55 Multiple Vulnerabilities
Synopsis
A web browser installed on the remote Windows host is affected by multiple vulnerabilities.
Description
The version of Mozilla Firefox installed on the remote Windows host is prior to 55. It is, therefore, affected by multiple vulnerabilities, some of which allow code execution and potentially exploitable crashes.
See Also
Solution
Upgrade to Mozilla Firefox version 55 or later.
Risk Factor
High
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
7.7 (CVSS:3.0/E:U/RL:O/RC:C)
CVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score
6.9 (CVSS2#E:U/RL:OF/RC:C)
References
BID 100196
BID 100197
BID 100198
BID 100199
BID 100201
BID 100202
BID 100203
BID 100206
BID 100234
CVE CVE-2017-7753
CVE CVE-2017-7779
CVE CVE-2017-7780
CVE CVE-2017-7781
CVE CVE-2017-7782
CVE CVE-2017-7783
CVE CVE-2017-7784
CVE CVE-2017-7785
CVE CVE-2017-7786
CVE CVE-2017-7787
CVE CVE-2017-7788
CVE CVE-2017-7789
CVE CVE-2017-7790
CVE CVE-2017-7791
CVE CVE-2017-7792
CVE CVE-2017-7794
CVE CVE-2017-7796
CVE CVE-2017-7797
CVE CVE-2017-7798
CVE CVE-2017-7799
CVE CVE-2017-7800
CVE CVE-2017-7801
CVE CVE-2017-7802
CVE CVE-2017-7803
CVE CVE-2017-7804
CVE CVE-2017-7806
CVE CVE-2017-7807
CVE CVE-2017-7808
CVE CVE-2017-7809
XREF OSVDB:162894
XREF OSVDB:162895
XREF OSVDB:162896
XREF OSVDB:162897
XREF OSVDB:162898
XREF OSVDB:162899
XREF OSVDB:162900
XREF OSVDB:162901
XREF OSVDB:162902
XREF OSVDB:162903
XREF OSVDB:162904
XREF OSVDB:162905
XREF OSVDB:162906
XREF OSVDB:162907
XREF OSVDB:162908
XREF OSVDB:162910
XREF OSVDB:162911
XREF OSVDB:162912
XREF OSVDB:162913
XREF OSVDB:162914
XREF OSVDB:162915
XREF OSVDB:162916
XREF OSVDB:162917
XREF OSVDB:162918
XREF OSVDB:162919
XREF OSVDB:162920
XREF OSVDB:162921
XREF OSVDB:162922
XREF OSVDB:162923
XREF OSVDB:162924
XREF OSVDB:162925
XREF OSVDB:162926
XREF OSVDB:162927
XREF OSVDB:162928
XREF OSVDB:162929
XREF OSVDB:162930
XREF OSVDB:162931
XREF OSVDB:162932
XREF OSVDB:162933
XREF OSVDB:162934
XREF OSVDB:162935
XREF OSVDB:162936
XREF OSVDB:162937
XREF OSVDB:162938
XREF OSVDB:162939
XREF OSVDB:162940
XREF OSVDB:162941
XREF OSVDB:162942
XREF OSVDB:162944
XREF OSVDB:162945
XREF OSVDB:162946
XREF OSVDB:162947
XREF OSVDB:162948
XREF OSVDB:162950
XREF OSVDB:162951
XREF OSVDB:162952
XREF OSVDB:162953
XREF OSVDB:162954
XREF OSVDB:162955
XREF OSVDB:162956
XREF MFSA:2017-18
Plugin Information:
Published: 2017/08/10, Modified: 2017/10/09
Plugin Output

10.0.0.64 (tcp/445)


Path : C:\Program Files (x86)\Mozilla Firefox
Installed version : 42.0
Fixed version : 55
102428 (1) - Adobe Reader < 11.0.21 / 2015.006.30355 / 2017.011.30066 / 2017.012.20098 Multiple Vulnerabilities (APSB17-24)
Synopsis
The version of Adobe Reader installed on the remote Windows host is affected by multiple vulnerabilities.
Description
The version of Adobe Reader installed on the remote Windows host is a version prior to 11.0.21, 2015.006.30355, 2017.011.30066, or 2017.012.20098. It is, therefore, affected by multiple vulnerabilities.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Upgrade to Adobe Reader 11.0.21 / 2015.006.30355 / 2017.011.30066 / 2017.012.20098 or later.
Risk Factor
High
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
7.9 (CVSS:3.0/E:P/RL:O/RC:C)
CVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score
7.3 (CVSS2#E:POC/RL:OF/RC:C)
STIG Severity
I
References
BID 100179
BID 100180
BID 100181
BID 100182
BID 100184
BID 100185
BID 100186
BID 100187
BID 100189
CVE CVE-2017-3016
CVE CVE-2017-3038
CVE CVE-2017-3113
CVE CVE-2017-3115
CVE CVE-2017-3116
CVE CVE-2017-3117
CVE CVE-2017-3118
CVE CVE-2017-3119
CVE CVE-2017-3120
CVE CVE-2017-3121
CVE CVE-2017-3122
CVE CVE-2017-3123
CVE CVE-2017-3124
CVE CVE-2017-11209
CVE CVE-2017-11210
CVE CVE-2017-11211
CVE CVE-2017-11212
CVE CVE-2017-11214
CVE CVE-2017-11216
CVE CVE-2017-11217
CVE CVE-2017-11218
CVE CVE-2017-11219
CVE CVE-2017-11220
CVE CVE-2017-11221
CVE CVE-2017-11222
CVE CVE-2017-11223
CVE CVE-2017-11224
CVE CVE-2017-11226
CVE CVE-2017-11227
CVE CVE-2017-11228
CVE CVE-2017-11229
CVE CVE-2017-11230
CVE CVE-2017-11231
CVE CVE-2017-11232
CVE CVE-2017-11233
CVE CVE-2017-11234
CVE CVE-2017-11235
CVE CVE-2017-11236
CVE CVE-2017-11237
CVE CVE-2017-11238
CVE CVE-2017-11239
CVE CVE-2017-11241
CVE CVE-2017-11242
CVE CVE-2017-11243
CVE CVE-2017-11244
CVE CVE-2017-11245
CVE CVE-2017-11246
CVE CVE-2017-11248
CVE CVE-2017-11249
CVE CVE-2017-11251
CVE CVE-2017-11252
CVE CVE-2017-11254
CVE CVE-2017-11255
CVE CVE-2017-11256
CVE CVE-2017-11257
CVE CVE-2017-11258
CVE CVE-2017-11259
CVE CVE-2017-11260
CVE CVE-2017-11261
CVE CVE-2017-11262
CVE CVE-2017-11263
CVE CVE-2017-11265
CVE CVE-2017-11267
CVE CVE-2017-11268
CVE CVE-2017-11269
CVE CVE-2017-11270
CVE CVE-2017-11271
XREF OSVDB:162752
XREF OSVDB:162753
XREF OSVDB:162754
XREF OSVDB:162755
XREF OSVDB:162756
XREF OSVDB:162757
XREF OSVDB:162758
XREF OSVDB:162759
XREF OSVDB:162760
XREF OSVDB:162762
XREF OSVDB:162763
XREF OSVDB:162764
XREF OSVDB:162765
XREF OSVDB:162766
XREF OSVDB:162767
XREF OSVDB:162768
XREF OSVDB:162769
XREF OSVDB:162770
XREF OSVDB:162771
XREF OSVDB:162772
XREF OSVDB:162773
XREF OSVDB:162775
XREF OSVDB:162776
XREF OSVDB:162777
XREF OSVDB:162778
XREF OSVDB:162779
XREF OSVDB:162781
XREF OSVDB:162782
XREF OSVDB:162783
XREF OSVDB:162784
XREF OSVDB:162785
XREF OSVDB:162786
XREF OSVDB:162787
XREF OSVDB:162788
XREF OSVDB:162789
XREF OSVDB:162790
XREF OSVDB:162791
XREF OSVDB:162792
XREF OSVDB:162793
XREF OSVDB:162794
XREF OSVDB:162795
XREF OSVDB:162796
XREF OSVDB:162797
XREF OSVDB:162798
XREF OSVDB:162799
XREF OSVDB:162800
XREF OSVDB:162801
XREF OSVDB:162802
XREF OSVDB:162803
XREF OSVDB:162804
XREF OSVDB:162806
XREF OSVDB:162807
XREF OSVDB:162808
XREF OSVDB:162809
XREF OSVDB:162810
XREF OSVDB:162811
XREF OSVDB:162812
XREF OSVDB:162813
XREF OSVDB:162814
XREF OSVDB:162815
XREF OSVDB:162816
XREF OSVDB:162817
XREF OSVDB:162818
XREF OSVDB:162819
XREF OSVDB:162820
XREF OSVDB:162821
XREF OSVDB:163493
XREF IAVA:2017-A-0241
Plugin Information:
Published: 2017/08/11, Modified: 2018/04/25
Plugin Output

10.0.0.64 (tcp/445)


Path : C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader
Installed version : 15.8.20082.147029
Fixed version : 17.12.20098
103127 (1) - Windows 7 and Windows Server 2008 R2 September 2017 Security Updates
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing security update 4038779 or cumulative update 4038777. It is, therefore, affected by multiple vulnerabilities :

- A race condition that could lead to a remote code execution vulnerability exists in NetBT Session Services when NetBT fails to maintain certain sequencing requirements. (CVE-2017-0161)

- An information disclosure vulnerability exists in Microsoft browsers in the scripting engines due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website, to disclose files on a user's computer. (CVE-2017-8529)*

- A spoofing vulnerability exists in Microsoft's implementation of the Bluetooth stack. An attacker who successfully exploited this vulnerability could perform a man-in-the-middle attack and force a user's computer to unknowingly route traffic through the attacker's computer. The attacker can then monitor and read the traffic before sending it on to the intended recipient.
(CVE-2017-8628)

- An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system. The update addresses this vulnerability by correcting how the Windows kernel-mode driver handles objects in memory.
(CVE-2017-8675)

- An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, allowing an attacker to retrieve information from a targeted system. By itself, the information disclosure does not allow arbitrary code execution; however, it could allow arbitrary code to be run if the attacker uses it in combination with another vulnerability. (CVE-2017-8676)

- A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2017-8682)

- An information disclosure vulnerability exists when the Microsoft Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2017-8683)

- A information disclosure vulnerability exists when the Windows GDI+ component improperly discloses kernel memory addresses. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system.
(CVE-2017-8677, CVE-2017-8680, CVE-2017-8681, CVE-2017-8684, CVE-2017-8685)

- An Information disclosure vulnerability exists in Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (KASLR) bypass. An attacker who successfully exploited this vulnerability could retrieve the memory address of a kernel object. (CVE-2017-8687)

- An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface+ (GDI+) handles objects in memory, allowing an attacker to retrieve information from a targeted system. By itself, the information disclosure does not allow arbitrary code execution; however, it could allow arbitrary code to be run if the attacker uses it in combination with another vulnerability. (CVE-2017-8688)

- An information disclosure vulnerability exists when Windows Uniscribe improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document or by convincing a user to visit an untrusted webpage.
The update addresses the vulnerability by correcting how Windows Uniscribe handles objects in memory.
(CVE-2017-8695)

- A remote code execution vulnerability exists due to the way Windows Uniscribe handles objects in memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
(CVE-2017-8696)

- A remote code execution vulnerability exists when Windows Shell does not properly validate file copy destinations. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user.
(CVE-2017-8699)

- An information disclosure vulnerability exists when Windows Hyper-V on a host operating system fails to properly validate input from an authenticated user on a guest operating system. (CVE-2017-8707)

- An information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory address, allowing an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (KASLR) bypass. An attacker who successfully exploited this vulnerability could retrieve the base address of the kernel driver from a compromised process. (CVE-2017-8708)

- An information disclosure vulnerability exists in the Windows System Information Console when it improperly parses XML input containing a reference to an external entity. An attacker who successfully exploited this vulnerability could read arbitrary files via an XML external entity (XXE) declaration. To exploit the vulnerability, an attacker could create a file containing specially crafted XML content and convince an authenticated user to open the file. The update addresses the vulnerability by modifying the way that the Windows System Information Console parses XML input.
(CVE-2017-8710)

- An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2017-8678, CVE-2017-8679, CVE-2017-8709, CVE-2017-8719)

- An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs;
view, change, or delete data; or create new accounts with full user rights. (CVE-2017-8720)

- A spoofing vulnerability exists when Internet Explorer improperly handles specific HTML content. An attacker who successfully exploited this vulnerability could trick a user into believing that the user was visiting a legitimate website. The specially crafted website could either spoof content or serve as a pivot to chain an attack with other vulnerabilities in web services. To exploit the vulnerability, the user must either browse to a malicious website or be redirected to it. In an email attack scenario, an attacker could send an email message in an attempt to convince the user to click a link to the malicious website. (CVE-2017-8733)

- An information disclosure vulnerability exists in Microsoft browsers due to improper parent domain verification in certain functionality. An attacker who successfully exploited the vulnerability could obtain specific information that is used in the parent domain.
(CVE-2017-8736)

- A remote code execution vulnerability exists in the way that Microsoft browser JavaScript engines render content when handling objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. (CVE-2017-8741, CVE-2017-8748)

- A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory.
The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. (CVE-2017-8747, CVE-2017-8749)

- A remote code execution vulnerability exists when Microsoft browsers improperly access objects in memory.
The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. (CVE-2017-8750)

- A remote code execution vulnerability exists when Microsoft .NET Framework processes untrusted input. An attacker who successfully exploited this vulnerability in software using the .NET framework could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2017-8759)

* note that a registry value must be added to enable the fix for CVE-2017-8529. if the patch is installed but not enabled, the registry key needed will be detailed in the output below.
See Also
Solution
Apply Security Only update KB4038779 or Cumulative update KB4038777.
Risk Factor
High
CVSS v3.0 Base Score
8.4 (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
7.6 (CVSS:3.0/E:P/RL:O/RC:C)
CVSS Base Score
7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score
5.6 (CVSS2#E:POC/RL:OF/RC:C)
References
BID 98953
BID 100720
BID 100722
BID 100724
BID 100727
BID 100728
BID 100736
BID 100737
BID 100742
BID 100743
BID 100744
BID 100752
BID 100755
BID 100756
BID 100764
BID 100765
BID 100766
BID 100767
BID 100769
BID 100770
BID 100771
BID 100772
BID 100773
BID 100780
BID 100781
BID 100782
BID 100783
BID 100790
BID 100791
BID 100792
BID 100793
BID 100803
BID 100804
CVE CVE-2017-0161
CVE CVE-2017-8529
CVE CVE-2017-8628
CVE CVE-2017-8675
CVE CVE-2017-8676
CVE CVE-2017-8677
CVE CVE-2017-8678
CVE CVE-2017-8679
CVE CVE-2017-8680
CVE CVE-2017-8681
CVE CVE-2017-8682
CVE CVE-2017-8683
CVE CVE-2017-8684
CVE CVE-2017-8685
CVE CVE-2017-8687
CVE CVE-2017-8688
CVE CVE-2017-8695
CVE CVE-2017-8696
CVE CVE-2017-8699
CVE CVE-2017-8707
CVE CVE-2017-8708
CVE CVE-2017-8709
CVE CVE-2017-8710
CVE CVE-2017-8719
CVE CVE-2017-8720
CVE CVE-2017-8733
CVE CVE-2017-8736
CVE CVE-2017-8741
CVE CVE-2017-8747
CVE CVE-2017-8748
CVE CVE-2017-8749
CVE CVE-2017-8750
MSKB 4038779
MSKB 4038777
XREF OSVDB:158924
XREF OSVDB:165223
XREF OSVDB:165233
XREF OSVDB:165234
XREF OSVDB:165235
XREF OSVDB:165235
XREF OSVDB:165236
XREF OSVDB:165242
XREF OSVDB:165247
XREF OSVDB:165250
XREF OSVDB:165256
XREF OSVDB:165257
XREF OSVDB:165263
XREF OSVDB:165264
XREF OSVDB:165265
XREF OSVDB:165266
XREF OSVDB:165271
XREF OSVDB:165272
XREF OSVDB:165274
XREF OSVDB:165275
XREF OSVDB:165276
XREF OSVDB:165277
XREF OSVDB:165278
XREF OSVDB:165279
XREF OSVDB:165279
XREF OSVDB:165280
XREF OSVDB:165281
XREF OSVDB:165282
XREF OSVDB:165283
XREF OSVDB:165283
XREF OSVDB:165284
XREF OSVDB:165284
XREF OSVDB:165285
XREF OSVDB:165286
XREF OSVDB:165287
XREF OSVDB:165296
XREF OSVDB:165302
XREF MSFT:MS17-4038779
XREF MSFT:MS17-4038777
Plugin Information:
Published: 2017/09/12, Modified: 2018/04/20
Plugin Output

10.0.0.64 (tcp/445)


The remote host is missing one of the following rollup KBs :
- 4038779
- 4038777

C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 6.1.7601.23864
Should be : 6.1.7601.23889
103680 (1) - Mozilla Firefox < 56 Multiple Vulnerabilities
Synopsis
A web browser installed on the remote Windows host is affected by multiple vulnerabilities.
Description
The version of Mozilla Firefox installed on the remote Windows host is prior to 56. It is, therefore, affected by multiple vulnerabilities, some of which allow code execution and potentially exploitable crashes.
See Also
Solution
Upgrade to Mozilla Firefox version 56 or later.
Risk Factor
High
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
7.7 (CVSS:3.0/E:U/RL:O/RC:C)
CVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score
6.9 (CVSS2#E:U/RL:OF/RC:C)
References
BID 101053
BID 101054
BID 101055
BID 101057
CVE CVE-2017-7793
CVE CVE-2017-7805
CVE CVE-2017-7810
CVE CVE-2017-7811
CVE CVE-2017-7812
CVE CVE-2017-7813
CVE CVE-2017-7814
CVE CVE-2017-7815
CVE CVE-2017-7816
CVE CVE-2017-7817
CVE CVE-2017-7818
CVE CVE-2017-7819
CVE CVE-2017-7820
CVE CVE-2017-7821
CVE CVE-2017-7822
CVE CVE-2017-7823
CVE CVE-2017-7824
XREF OSVDB:166280
XREF OSVDB:166281
XREF OSVDB:166282
XREF OSVDB:166283
XREF OSVDB:166284
XREF OSVDB:166285
XREF OSVDB:166286
XREF OSVDB:166287
XREF OSVDB:166288
XREF OSVDB:166289
XREF OSVDB:166290
XREF OSVDB:166291
XREF OSVDB:166292
XREF OSVDB:166293
XREF OSVDB:166294
XREF OSVDB:166295
XREF OSVDB:166296
XREF OSVDB:166297
XREF OSVDB:166298
XREF OSVDB:166299
XREF OSVDB:166328
XREF OSVDB:166329
XREF OSVDB:166330
XREF OSVDB:166331
XREF OSVDB:166332
XREF OSVDB:166333
XREF OSVDB:166334
XREF OSVDB:166335
XREF OSVDB:166337
XREF OSVDB:166338
XREF OSVDB:166339
XREF OSVDB:166340
XREF OSVDB:166341
XREF OSVDB:166342
XREF OSVDB:166348
XREF MFSA:2017-21
Plugin Information:
Published: 2017/10/06, Modified: 2017/11/16
Plugin Output

10.0.0.64 (tcp/445)


Path : C:\Program Files (x86)\Mozilla Firefox
Installed version : 42.0
Fixed version : 56
103746 (1) - Windows 7 and Windows Server 2008 R2 October 2017 Security Updates (KRACK)
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing security update 4041678 or cumulative update 4041681. It is, therefore, affected by multiple vulnerabilities :

- A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory.
The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2017-11813, CVE-2017-11822)

- A remote code execution vulnerability exists when Windows Search handles objects in memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
(CVE-2017-11771)

- An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. (CVE-2017-11824)

- An elevation of privilege vulnerability exists when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs;
view, change, or delete data; or create new accounts with full user rights. (CVE-2017-8689, CVE-2017-8694)

- A buffer overflow vulnerability exists in the Microsoft JET Database Engine that could allow remote code execution on an affected system. An attacker who successfully exploited this vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. (CVE-2017-8717, CVE-2017-8718)

- An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, allowing an attacker to retrieve information from a targeted system. By itself, the information disclosure does not allow arbitrary code execution; however, it could allow arbitrary code to be run if the attacker uses it in combination with another vulnerability. (CVE-2017-11816)

- An information disclosure vulnerability exists in the way that the Windows SMB Server handles certain requests. An authenticated attacker who successfully exploited this vulnerability could craft a special packet, which could lead to information disclosure from the server. (CVE-2017-11815)

- An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2017-11765, CVE-2017-11814)

- A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.
(CVE-2017-11793, CVE-2017-11810)

- A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited the vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2017-11762, CVE-2017-11763)

- An information disclosure vulnerability exists when Internet Explorer improperly handles objects in memory.
An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2017-11790)

- An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory.
(CVE-2017-11817)

- A denial of service vulnerability exists in the Microsoft Server Block Message (SMB) when an attacker sends specially crafted requests to the server. An attacker who exploited this vulnerability could cause the affected system to crash. To attempt to exploit this issue, an attacker would need to send specially crafted SMB requests to the target system. Note that the denial of service vulnerability would not allow an attacker to execute code or to elevate their user rights, but it could cause the affected system to stop accepting requests. The security update addresses the vulnerability by correcting the manner in which SMB handles specially crafted client requests.
(CVE-2017-11781)

- An Information disclosure vulnerability exists when Windows Search improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2017-11772)

- A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 1.0 (SMBv1) server handles certain requests. An attacker who successfully exploited the vulnerability could gain the ability to execute code on the target server.
(CVE-2017-11780)

- An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass. An attacker who successfully exploited the vulnerability could retrieve the memory address of a kernel object. (CVE-2017-11784, CVE-2017-11785)

- A spoofing vulnerability exists in the Windows implementation of wireless networking. An attacker who successfully exploited this vulnerability could potentially replay broadcast and/or multicast traffic to hosts on a WPA or WPA 2-protected wireless network.
(CVE-2017-13080)
See Also
Solution
Apply Security Only update KB4041678 or Cumulative update KB4041681.
Risk Factor
High
CVSS v3.0 Base Score
8.1 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
7.3 (CVSS:3.0/E:P/RL:O/RC:X)
CVSS Base Score
7.6 (CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C)
CVSS Temporal Score
6.0 (CVSS2#E:POC/RL:OF/RC:ND)
STIG Severity
II
References
BID 101077
BID 101081
BID 101083
BID 101093
BID 101094
BID 101095
BID 101099
BID 101100
BID 101108
BID 101109
BID 101110
BID 101111
BID 101114
BID 101116
BID 101122
BID 101128
BID 101136
BID 101140
BID 101141
BID 101147
BID 101149
BID 101161
BID 101162
BID 101274
CVE CVE-2017-11762
CVE CVE-2017-11763
CVE CVE-2017-11765
CVE CVE-2017-11771
CVE CVE-2017-11772
CVE CVE-2017-11780
CVE CVE-2017-11781
CVE CVE-2017-11784
CVE CVE-2017-11785
CVE CVE-2017-11790
CVE CVE-2017-11793
CVE CVE-2017-11810
CVE CVE-2017-11813
CVE CVE-2017-11814
CVE CVE-2017-11815
CVE CVE-2017-11816
CVE CVE-2017-11817
CVE CVE-2017-11819
CVE CVE-2017-11822
CVE CVE-2017-11824
CVE CVE-2017-13080
CVE CVE-2017-8689
CVE CVE-2017-8694
CVE CVE-2017-8717
CVE CVE-2017-8718
MSKB 4041681
MSKB 4041678
XREF OSVDB:167040
XREF OSVDB:167041
XREF OSVDB:167043
XREF OSVDB:167047
XREF OSVDB:167048
XREF OSVDB:167049
XREF OSVDB:167050
XREF OSVDB:167053
XREF OSVDB:167054
XREF OSVDB:167055
XREF OSVDB:167057
XREF OSVDB:167070
XREF OSVDB:167077
XREF OSVDB:167079
XREF OSVDB:167080
XREF OSVDB:167083
XREF OSVDB:167085
XREF OSVDB:167086
XREF OSVDB:167088
XREF OSVDB:167089
XREF OSVDB:167095
XREF OSVDB:167096
XREF OSVDB:167098
XREF OSVDB:167099
XREF OSVDB:167351
XREF IAVA:2017-A-0310
XREF MSFT:MS17-4041681
XREF MSFT:MS17-4041678
Plugin Information:
Published: 2017/10/10, Modified: 2017/12/21
Plugin Output

10.0.0.64 (tcp/445)


The remote host is missing one of the following rollup KBs :
- 4041681
- 4041678

C:\Windows\system32\bcrypt.dll has not been patched.
Remote version : 6.1.7601.23864
Should be : 6.1.7601.23915
103876 (1) - Microsoft Windows SMB Server (2017-10) Multiple Vulnerabilities (uncredentialed check)
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is affected by the following vulnerabilities :

- A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 1.0 (SMBv1) server handles certain requests. An attacker who successfully exploited the vulnerability could gain the ability to execute code on the target server.
(CVE-2017-11780)

- A denial of service vulnerability exists in the Microsoft Server Block Message (SMB) when an attacker sends specially crafted requests to the server. An attacker who exploited this vulnerability could cause the affected system to crash. To attempt to exploit this issue, an attacker would need to send specially crafted SMB requests to the target system. Note that the denial of service vulnerability would not allow an attacker to execute code or to elevate their user rights, but it could cause the affected system to stop accepting requests. The security update addresses the vulnerability by correcting the manner in which SMB handles specially crafted client requests.
(CVE-2017-11781)

Note that Microsoft uses AC:H for these two vulnerabilities. This could mean that an exploitable target is configured in a certain way that may include that a publicly accessible file share is available and share enumeration is allowed for anonymous users.
See Also
Solution
Microsoft has released a set of patches for Windows 2008, 7, 2008 R2, 2012, 8.1, RT 8.1, 2012 R2, 10, and 2016.
Risk Factor
High
CVSS v3.0 Base Score
8.1 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVSS Base Score
7.6 (CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C)
CVSS Temporal Score
5.6 (CVSS2#E:U/RL:OF/RC:C)
References
BID 101110
BID 101140
CVE CVE-2017-11780
CVE CVE-2017-11781
MSKB 4041676
MSKB 4041678
MSKB 4041679
MSKB 4041681
MSKB 4041687
MSKB 4041689
MSKB 4041690
MSKB 4041691
MSKB 4041693
MSKB 4041995
MSKB 4042895
XREF OSVDB:167088
XREF OSVDB:167089
XREF MSFT:MS17-4041676
XREF MSFT:MS17-4041678
XREF MSFT:MS17-4041679
XREF MSFT:MS17-4041681
XREF MSFT:MS17-4041687
XREF MSFT:MS17-4041689
XREF MSFT:MS17-4041690
XREF MSFT:MS17-4041691
XREF MSFT:MS17-4041693
XREF MSFT:MS17-4041995
XREF MSFT:MS17-4042895
Plugin Information:
Published: 2017/10/17, Modified: 2017/10/18
Plugin Output

10.0.0.64 (tcp/445)

103963 (1) - Oracle Java SE Multiple Vulnerabilities (October 2017 CPU)
Synopsis
The remote Windows host contains a programming platform that is affected by multiple vulnerabilities.
Description
The version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is prior to 9 Update 1, 8 Update 151, 7 Update 161, or 6 Update 171. It is, therefore, affected by multiple vulnerabilities related to the following components :

- 2D (Little CMS 2)
- Deployment
- Hotspot
- JAX-WS
- JAXP
- Javadoc
- Libraries
- Networking
- RMI
- Security
- Serialization
- Smart Card IO
- Util (zlib)
See Also
Solution
Upgrade to Oracle JDK / JRE 9 Update 1, 8 Update 151 / 7 Update 161 / 6 Update 171 or later. If necessary, remove any affected versions.

Note that an Extended Support contract with Oracle is needed to obtain JDK / JRE 6 Update 95 or later.
Risk Factor
High
CVSS v3.0 Base Score
9.6 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
8.3 (CVSS:3.0/E:U/RL:O/RC:C)
CVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score
6.9 (CVSS2#E:U/RL:OF/RC:C)
References
BID 101315
BID 101319
BID 101321
BID 101328
BID 101333
BID 101338
BID 101341
BID 101348
BID 101354
BID 101355
BID 101369
BID 101378
BID 101382
BID 101384
BID 101396
BID 101413
CVE CVE-2016-9841
CVE CVE-2016-10165
CVE CVE-2017-10274
CVE CVE-2017-10281
CVE CVE-2017-10285
CVE CVE-2017-10293
CVE CVE-2017-10295
CVE CVE-2017-10309
CVE CVE-2017-10345
CVE CVE-2017-10346
CVE CVE-2017-10347
CVE CVE-2017-10348
CVE CVE-2017-10349
CVE CVE-2017-10350
CVE CVE-2017-10355
CVE CVE-2017-10356
CVE CVE-2017-10357
CVE CVE-2017-10388
XREF OSVDB:167507
XREF OSVDB:167508
XREF OSVDB:167509
XREF OSVDB:167510
XREF OSVDB:167511
XREF OSVDB:167512
XREF OSVDB:167513
XREF OSVDB:167517
XREF OSVDB:167519
XREF OSVDB:167520
XREF OSVDB:167521
XREF OSVDB:167524
XREF OSVDB:167526
Plugin Information:
Published: 2017/10/19, Modified: 2018/01/18
Plugin Output

10.0.0.64 (tcp/445)


The following vulnerable instances of Java are installed on the
remote host :

Path : C:\Program Files (x86)\Java\jre1.8.0_121
Path : C:\Program Files\Java\jre1.8.0_121
Installed version : 1.8.0_121
Fixed version : 1.6.0_171 / 1.7.0_161 / 1.8.0_151 / 1.9.0_1
104553 (1) - Windows 7 and Windows Server 2008 R2 November 2017 Security Updates
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing security update 4048960 or cumulative update 4048957. It is, therefore, affected by multiple vulnerabilities :

- A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory. The vulnerability could corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2017-11827, CVE-2017-11858)

- A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.
(CVE-2017-11837, CVE-2017-11838, CVE-2017-11843, CVE-2017-11846)

- A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory.
The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2017-11855, CVE-2017-11856, CVE-2017-11869)

- An information vulnerability exists when Windows Media Player improperly discloses file information. Successful exploitation of the vulnerability could allow the attacker to test for the presence of files on disk.
(CVE-2017-11768)

- An information disclosure vulnerability exists when the scripting engine does not properly handle objects in memory in Internet Explorer. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system.
(CVE-2017-11834)

- An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory.
(CVE-2017-11880)

- An information disclosure vulnerability exists in the way that the Microsoft Windows Embedded OpenType (EOT) font engine parses specially crafted embedded fonts. An attacker who successfully exploited this vulnerability could potentially read data that was not intended to be disclosed. Note that this vulnerability would not allow an attacker to execute code or to elevate their user rights directly, but it could be used to obtain information that could be used to try to further compromise the affected system. (CVE-2017-11832, CVE-2017-11835)

- An information disclosure vulnerability exists when the scripting engine does not properly handle objects in memory in Microsoft browsers. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system.
(CVE-2017-11791)

- An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.
An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2017-11847)

- An information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory address. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2017-11831, CVE-2017-11849, CVE-2017-11853)

- An information disclosure vulnerability exists when Internet Explorer improperly handles page content, which could allow an attacker to detect the navigation of the user leaving a maliciously crafted page.
(CVE-2017-11848)

- A denial of service vulnerability exists when Windows Search improperly handles objects in memory. An attacker who successfully exploited the vulnerability could cause a remote denial of service against a system.
(CVE-2017-11788)

- A Win32k information disclosure vulnerability exists when the Windows GDI component improperly discloses kernel memory addresses. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2017-11851, CVE-2017-11852)
See Also
Solution
Apply Security Only update KB4048960 or Cumulative update KB4048957.
Risk Factor
High
CVSS v3.0 Base Score
7.5 (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
6.7 (CVSS:3.0/E:P/RL:O/RC:X)
CVSS Base Score
7.6 (CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C)
CVSS Temporal Score
6.0 (CVSS2#E:POC/RL:OF/RC:ND)
References
BID 101703
BID 101705
BID 101709
BID 101711
BID 101715
BID 101716
BID 101721
BID 101722
BID 101725
BID 101726
BID 101729
BID 101736
BID 101737
BID 101739
BID 101740
BID 101741
BID 101742
BID 101751
BID 101753
BID 101755
BID 101762
BID 101763
BID 101764
CVE CVE-2017-11768
CVE CVE-2017-11788
CVE CVE-2017-11791
CVE CVE-2017-11827
CVE CVE-2017-11831
CVE CVE-2017-11832
CVE CVE-2017-11834
CVE CVE-2017-11835
CVE CVE-2017-11837
CVE CVE-2017-11838
CVE CVE-2017-11843
CVE CVE-2017-11846
CVE CVE-2017-11847
CVE CVE-2017-11848
CVE CVE-2017-11849
CVE CVE-2017-11851
CVE CVE-2017-11852
CVE CVE-2017-11853
CVE CVE-2017-11855
CVE CVE-2017-11856
CVE CVE-2017-11858
CVE CVE-2017-11869
CVE CVE-2017-11880
MSKB 4048960
MSKB 4048957
XREF OSVDB:167695
XREF OSVDB:169209
XREF OSVDB:169210
XREF OSVDB:169211
XREF OSVDB:169212
XREF OSVDB:169213
XREF OSVDB:169216
XREF OSVDB:169220
XREF OSVDB:169221
XREF OSVDB:169224
XREF OSVDB:169231
XREF OSVDB:169236
XREF OSVDB:169237
XREF OSVDB:169238
XREF OSVDB:169239
XREF OSVDB:169241
XREF OSVDB:169242
XREF OSVDB:169244
XREF OSVDB:169247
XREF OSVDB:169250
XREF OSVDB:169252
XREF OSVDB:169253
XREF OSVDB:169259
XREF MSFT:MS17-4048957
XREF MSFT:MS17-4048960
Plugin Information:
Published: 2017/11/14, Modified: 2017/12/26
Plugin Output

10.0.0.64 (tcp/445)


The remote host is missing one of the following rollup KBs :
- 4048960
- 4048957

C:\Windows\system32\win32k.sys has not been patched.
Remote version : 6.1.7601.23865
Should be : 6.1.7601.23932
104627 (1) - Adobe Reader < 11.0.23 / 2015.006.30392 / 2017.011.30068 / 2018.009.20044 Multiple Vulnerabilities (APSB17-36)
Synopsis
The version of Adobe Reader installed on the remote Windows host is affected by multiple vulnerabilities.
Description
The version of Adobe Reader installed on the remote Windows host is a version prior to 11.0.23, 2015.006.30392, 2017.011.30068, or 2018.009.20044. It is, therefore, affected by multiple vulnerabilities.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Upgrade to Adobe Reader 11.0.23 / 2015.006.30392 / 2017.011.30068 / 2018.009.20044 or later.
Risk Factor
High
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
7.9 (CVSS:3.0/E:P/RL:O/RC:C)
CVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score
7.3 (CVSS2#E:POC/RL:OF/RC:C)
References
BID 101812
BID 101813
BID 101814
BID 101815
BID 101816
BID 101817
BID 101818
BID 101819
BID 101820
BID 101821
BID 101823
BID 101824
BID 101830
BID 101831
CVE CVE-2017-11293
CVE CVE-2017-16360
CVE CVE-2017-16361
CVE CVE-2017-16362
CVE CVE-2017-16363
CVE CVE-2017-16364
CVE CVE-2017-16365
CVE CVE-2017-16366
CVE CVE-2017-16367
CVE CVE-2017-16368
CVE CVE-2017-16369
CVE CVE-2017-16370
CVE CVE-2017-16371
CVE CVE-2017-16372
CVE CVE-2017-16373
CVE CVE-2017-16374
CVE CVE-2017-16375
CVE CVE-2017-16376
CVE CVE-2017-16377
CVE CVE-2017-16378
CVE CVE-2017-16379
CVE CVE-2017-16380
CVE CVE-2017-16381
CVE CVE-2017-16382
CVE CVE-2017-16383
CVE CVE-2017-16384
CVE CVE-2017-16385
CVE CVE-2017-16386
CVE CVE-2017-16387
CVE CVE-2017-16388
CVE CVE-2017-16389
CVE CVE-2017-16390
CVE CVE-2017-16391
CVE CVE-2017-16392
CVE CVE-2017-16393
CVE CVE-2017-16394
CVE CVE-2017-16395
CVE CVE-2017-16396
CVE CVE-2017-16397
CVE CVE-2017-16398
CVE CVE-2017-16399
CVE CVE-2017-16400
CVE CVE-2017-16401
CVE CVE-2017-16402
CVE CVE-2017-16403
CVE CVE-2017-16404
CVE CVE-2017-16405
CVE CVE-2017-16406
CVE CVE-2017-16407
CVE CVE-2017-16408
CVE CVE-2017-16409
CVE CVE-2017-16410
CVE CVE-2017-16411
CVE CVE-2017-16412
CVE CVE-2017-16413
CVE CVE-2017-16414
CVE CVE-2017-16415
CVE CVE-2017-16416
CVE CVE-2017-16417
CVE CVE-2017-16418
CVE CVE-2017-16419
CVE CVE-2017-16420
XREF OSVDB:169192
XREF OSVDB:169107
XREF OSVDB:169132
XREF OSVDB:169133
XREF OSVDB:169134
XREF OSVDB:169135
XREF OSVDB:169136
XREF OSVDB:169137
XREF OSVDB:169138
XREF OSVDB:169139
XREF OSVDB:169140
XREF OSVDB:169141
XREF OSVDB:169142
XREF OSVDB:169143
XREF OSVDB:169144
XREF OSVDB:169145
XREF OSVDB:169146
XREF OSVDB:169147
XREF OSVDB:169148
XREF OSVDB:169149
XREF OSVDB:169150
XREF OSVDB:169151
XREF OSVDB:169152
XREF OSVDB:169153
XREF OSVDB:169154
XREF OSVDB:169155
XREF OSVDB:169156
XREF OSVDB:169157
XREF OSVDB:169158
XREF OSVDB:169159
XREF OSVDB:169160
XREF OSVDB:169161
XREF OSVDB:169162
XREF OSVDB:169163
XREF OSVDB:169164
XREF OSVDB:169165
XREF OSVDB:169166
XREF OSVDB:169167
XREF OSVDB:169168
XREF OSVDB:169169
XREF OSVDB:169170
XREF OSVDB:169171
XREF OSVDB:169172
XREF OSVDB:169173
XREF OSVDB:169174
XREF OSVDB:169175
XREF OSVDB:169176
XREF OSVDB:169177
XREF OSVDB:169178
XREF OSVDB:169179
XREF OSVDB:169180
XREF OSVDB:169181
XREF OSVDB:169182
XREF OSVDB:169183
XREF OSVDB:169184
XREF OSVDB:169185
XREF OSVDB:169186
XREF OSVDB:169187
XREF OSVDB:169188
XREF OSVDB:169189
XREF OSVDB:169190
XREF OSVDB:169191
XREF OSVDB:171912
XREF OSVDB:171913
XREF OSVDB:171914
XREF OSVDB:171915
Plugin Information:
Published: 2017/11/16, Modified: 2018/04/25
Plugin Output

10.0.0.64 (tcp/445)


Path : C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader
Installed version : 15.8.20082.147029
Fixed version : 18.9.20044
104628 (1) - Adobe Shockwave Player <= 12.2.9.199 Memory Corruption RCE (APSB17-40)
Synopsis
The remote Windows host contains a web browser plugin that is affected by a memory corruption vulnerability.
Description
The version of Adobe Shockwave Player installed on the remote host is equal or prior to 12.2.9.199. It is, therefore, affected by an unspecified memory corruption vulnerability that could lead to code execution.
See Also
Solution
Upgrade to Adobe Shockwave Player version 12.3.1.201 or later.
Risk Factor
High
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
7.7 (CVSS:3.0/E:U/RL:O/RC:C)
CVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score
6.9 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
I
References
BID 101836
CVE CVE-2017-11294
XREF OSVDB:169118
XREF IAVA:2017-A-0333
Plugin Information:
Published: 2017/11/16, Modified: 2017/11/17
Plugin Output

10.0.0.64 (tcp/445)


Nessus has identified the following vulnerable instances of Shockwave
Player installed on the remote host :

Variant : Browser Plugin (for Firefox / Netscape / Opera)
File : C:\Windows\SysWOW64\Adobe\Director\np32dsw_1228198.dll
Installed version : 12.2.8.198
Fixed version : 12.3.1.201

Variant : ActiveX control (for Internet Explorer)
File : C:\Windows\SysWow64\Adobe\Director\SwDir_1228198.dll
Installed version : 12.2.8.198
Fixed version : 12.3.1.201
104638 (1) - Mozilla Firefox < 57 Multiple Vulnerabilities
Synopsis
A web browser installed on the remote Windows host is affected by multiple vulnerabilities.
Description
The version of Mozilla Firefox installed on the remote Windows host is prior to 57. It is, therefore, affected by multiple vulnerabilities, some of which allow code execution and potentially exploitable crashes.
See Also
Solution
Upgrade to Mozilla Firefox version 57 or later.
Risk Factor
High
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
7.7 (CVSS:3.0/E:U/RL:O/RC:C)
CVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score
6.9 (CVSS2#E:U/RL:OF/RC:C)
References
BID 101832
CVE CVE-2017-7826
CVE CVE-2017-7827
CVE CVE-2017-7828
CVE CVE-2017-7830
CVE CVE-2017-7831
CVE CVE-2017-7832
CVE CVE-2017-7833
CVE CVE-2017-7834
CVE CVE-2017-7835
CVE CVE-2017-7836
CVE CVE-2017-7837
CVE CVE-2017-7838
CVE CVE-2017-7839
CVE CVE-2017-7840
CVE CVE-2017-7842
XREF OSVDB:169260
XREF OSVDB:169261
XREF OSVDB:169262
XREF OSVDB:169263
XREF OSVDB:169264
XREF OSVDB:169265
XREF OSVDB:169266
XREF OSVDB:169267
XREF OSVDB:169268
XREF OSVDB:169269
XREF OSVDB:169270
XREF OSVDB:169271
XREF OSVDB:169272
XREF OSVDB:169273
XREF OSVDB:169274
XREF OSVDB:169275
XREF OSVDB:169276
XREF OSVDB:169277
XREF OSVDB:169278
XREF OSVDB:169279
XREF OSVDB:169280
XREF OSVDB:169281
XREF OSVDB:169282
XREF OSVDB:169283
XREF OSVDB:169284
XREF OSVDB:169285
XREF OSVDB:169286
XREF OSVDB:169287
XREF OSVDB:169288
XREF OSVDB:169289
XREF OSVDB:169290
XREF OSVDB:169291
XREF OSVDB:169292
XREF OSVDB:169293
XREF OSVDB:169294
XREF OSVDB:169295
XREF OSVDB:169296
XREF OSVDB:169302
XREF OSVDB:169303
XREF OSVDB:169304
XREF OSVDB:169305
XREF OSVDB:169306
XREF OSVDB:169307
XREF OSVDB:169308
XREF OSVDB:169309
XREF OSVDB:169310
XREF OSVDB:169311
XREF OSVDB:169312
XREF OSVDB:169313
XREF OSVDB:169314
XREF MFSA:2017-24
Plugin Information:
Published: 2017/11/16, Modified: 2018/01/25
Plugin Output

10.0.0.64 (tcp/445)


Path : C:\Program Files (x86)\Mozilla Firefox
Installed version : 42.0
Fixed version : 57
104654 (1) - VMware vCenter Server 5.5.x < 5.5u3f / 6.0.x < 6.0u3c / 6.5.x < 6.5u1 Multiple Vulnerabilities (VMSA-2017-0017)
Synopsis
A virtualization management application installed on the remote host is affected by multiple vulnerabilities.
Description
The version of VMware vCenter Server installed on the remote host is 5.5.x prior to 5.5u3f, 6.0.x prior to 6.0u3c, or 6.5.x prior to 6.5u1. It is, therefore, affected by multiple vulnerabilities. See advisory for details.
See Also
Solution
Upgrade to VMware vCenter Server version 5.5.u3f (5.5.0 build-6516310) / 6.0u3c (6.0.0 build-7037393) / 6.5u1 (6.5.0 build-5973321) or later.
Risk Factor
High
CVSS v3.0 Base Score
7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVSS v3.0 Temporal Score
6.5 (CVSS:3.0/E:U/RL:O/RC:C)
CVSS Base Score
7.8 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C)
CVSS Temporal Score
5.8 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
I
References
BID 101786
BID 101785
CVE CVE-2017-4927
CVE CVE-2017-4928
XREF OSVDB:168942
XREF OSVDB:168939
XREF VMSA:2017-0017
XREF IAVB:2017-B-0158
XREF IAVB:2017-B-0157
Plugin Information:
Published: 2017/11/17, Modified: 2018/01/04
Plugin Output

10.0.0.47 (tcp/443)


Installed version : 5.5.0 build-1623101
Fixed version : 5.5.0 build-6516310
104894 (1) - Security Updates for Internet Explorer (November 2017)
Synopsis
The Internet Explorer installation on the remote host is affected by multiple vulnerabilities.
Description
The Internet Explorer installation on the remote host is missing security updates. It is, therefore, affected by multiple vulnerabilities :

- A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory. The vulnerability could corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2017-11827, CVE-2017-11858)

- A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.
(CVE-2017-11837, CVE-2017-11838, CVE-2017-11843, CVE-2017-11846)

- A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory.
The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2017-11855, CVE-2017-11856, CVE-2017-11869)

- An information disclosure vulnerability exists when the scripting engine does not properly handle objects in memory in Internet Explorer. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system.
(CVE-2017-11834)

- An information disclosure vulnerability exists when the scripting engine does not properly handle objects in memory in Microsoft browsers. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system.
(CVE-2017-11791)

- An information disclosure vulnerability exists when Internet Explorer improperly handles page content, which could allow an attacker to detect the navigation of the user leaving a maliciously crafted page.
(CVE-2017-11848)
See Also
Solution
Microsoft has released security updates for the affected versions of Internet Explorer.
Risk Factor
High
CVSS v3.0 Base Score
7.5 (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
6.7 (CVSS:3.0/E:P/RL:O/RC:X)
CVSS Base Score
7.6 (CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C)
CVSS Temporal Score
6.0 (CVSS2#E:POC/RL:OF/RC:ND)
References
BID 101703
BID 101709
BID 101715
BID 101716
BID 101722
BID 101725
BID 101737
BID 101740
BID 101741
BID 101742
BID 101751
BID 101753
CVE CVE-2017-11791
CVE CVE-2017-11827
CVE CVE-2017-11834
CVE CVE-2017-11837
CVE CVE-2017-11838
CVE CVE-2017-11843
CVE CVE-2017-11846
CVE CVE-2017-11848
CVE CVE-2017-11855
CVE CVE-2017-11856
CVE CVE-2017-11858
CVE CVE-2017-11869
MSKB 4048957
MSKB 4048959
MSKB 4048958
MSKB 4047206
XREF OSVDB:169209
XREF OSVDB:169210
XREF OSVDB:169211
XREF OSVDB:169212
XREF OSVDB:169213
XREF OSVDB:169216
XREF OSVDB:169220
XREF OSVDB:169221
XREF OSVDB:169224
XREF OSVDB:169231
XREF OSVDB:169250
XREF OSVDB:169259
XREF MSFT:MS17-4048957
XREF MSFT:MS17-4048959
XREF MSFT:MS17-4048958
XREF MSFT:MS17-4047206
Plugin Information:
Published: 2017/11/30, Modified: 2017/12/26
Plugin Output

10.0.0.64 (tcp/445)



KB : 4047206
- C:\Windows\system32\mshtml.dll has not been patched.
Remote version : 11.0.9600.18763
Should be : 11.0.9600.18838

Note: The fix for this issue is available in either of the following updates:
- KB4047206 : Cumulative Security Update for Internet Explorer
- KB4048957 : Windows 7 / Server 2008 R2 Monthly Rollup
104895 (1) - Security Updates for Internet Explorer (October 2017)
Synopsis
The Internet Explorer installation on the remote host is affected by multiple vulnerabilities.
Description
The Internet Explorer installation on the remote host is missing security updates. It is, therefore, affected by multiple vulnerabilities :

- A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory.
The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2017-11813, CVE-2017-11822)

- An information disclosure vulnerability exists when Internet Explorer improperly handles objects in memory.
An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2017-11790)

- A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.
(CVE-2017-11793, CVE-2017-11810)
See Also
Solution
Microsoft has released security updates for the affected versions of Internet Explorer.
Risk Factor
High
CVSS v3.0 Base Score
7.5 (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
6.7 (CVSS:3.0/E:P/RL:O/RC:X)
CVSS Base Score
7.6 (CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C)
CVSS Temporal Score
6.0 (CVSS2#E:POC/RL:OF/RC:ND)
References
BID 101077
BID 101081
BID 101083
BID 101122
BID 101141
CVE CVE-2017-11790
CVE CVE-2017-11793
CVE CVE-2017-11810
CVE CVE-2017-11813
CVE CVE-2017-11822
MSKB 4041681
MSKB 4041690
MSKB 4041693
MSKB 4040685
XREF OSVDB:167043
XREF OSVDB:167050
XREF OSVDB:167053
XREF OSVDB:167070
XREF OSVDB:167083
XREF MSFT:MS17-4041681
XREF MSFT:MS17-4041690
XREF MSFT:MS17-4041693
XREF MSFT:MS17-4040685
Plugin Information:
Published: 2017/11/30, Modified: 2017/12/13
Plugin Output

10.0.0.64 (tcp/445)



KB : 4040685
- C:\Windows\system32\mshtml.dll has not been patched.
Remote version : 11.0.9600.18763
Should be : 11.0.9600.18817

Note: The fix for this issue is available in either of the following updates:
- KB4040685 : Cumulative Security Update for Internet Explorer
- KB4041681 : Windows 7 / Server 2008 R2 Monthly Rollup
104896 (1) - Security Updates for Internet Explorer (September 2017)
Synopsis
The Internet Explorer installation on the remote host is affected by multiple vulnerabilities.
Description
The Internet Explorer installation on the remote host is missing security updates. It is, therefore, affected by multiple vulnerabilities :

- An information disclosure vulnerability exists when affected Microsoft scripting engines do not properly handle objects in memory. The vulnerability could allow an attacker to detect specific files on the user's computer. (CVE-2017-8529)

- A remote code execution vulnerability exists when Microsoft browsers improperly access objects in memory.
The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. (CVE-2017-8750)

- A spoofing vulnerability exists when Internet Explorer improperly handles specific HTML content. An attacker who successfully exploited this vulnerability could trick a user into believing that the user was visiting a legitimate website. The specially crafted website could either spoof content or serve as a pivot to chain an attack with other vulnerabilities in web services.
(CVE-2017-8733)

- A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory.
The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. (CVE-2017-8747, CVE-2017-8749)

- A remote code execution vulnerability exists in the way that Microsoft browser JavaScript engines render content when handling objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Microsoft browsers and then convince a user to view the website. An attacker could also embed an ActiveX control marked &quot;safe for initialization&quot; in an application or Microsoft Office document that hosts the related rendering engine.
The attacker could also take advantage of compromised websites, and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2017-8741, CVE-2017-8748)

- An information disclosure vulnerability exists in Microsoft browsers due to improper parent domain verification in certain functionality. An attacker who successfully exploited the vulnerability could obtain specific information that is used in the parent domain.
(CVE-2017-8736)
See Also
Solution
Microsoft has released security updates for the affected versions of Internet Explorer.
Risk Factor
High
CVSS v3.0 Base Score
7.5 (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
6.7 (CVSS:3.0/E:P/RL:O/RC:C)
CVSS Base Score
7.6 (CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C)
CVSS Temporal Score
6.0 (CVSS2#E:POC/RL:OF/RC:C)
References
BID 98953
BID 100737
BID 100743
BID 100764
BID 100765
BID 100766
BID 100770
BID 100771
CVE CVE-2017-8529
CVE CVE-2017-8733
CVE CVE-2017-8736
CVE CVE-2017-8741
CVE CVE-2017-8747
CVE CVE-2017-8748
CVE CVE-2017-8749
CVE CVE-2017-8750
MSKB 4036586
MSKB 4038792
MSKB 4038799
MSKB 4038777
XREF OSVDB:158924
XREF OSVDB:165233
XREF OSVDB:165234
XREF OSVDB:165235
XREF OSVDB:165236
XREF OSVDB:165242
XREF OSVDB:165247
XREF OSVDB:165250
XREF MSFT:MS17-4036586
XREF MSFT:MS17-4038792
XREF MSFT:MS17-4038799
XREF MSFT:MS17-4038777
Plugin Information:
Published: 2017/11/30, Modified: 2017/12/01
Plugin Output

10.0.0.64 (tcp/445)



KB : 4036586
- C:\Windows\system32\mshtml.dll has not been patched.
Remote version : 11.0.9600.18763
Should be : 11.0.9600.18792

Note: The fix for this issue is available in either of the following updates:
- KB4036586 : Cumulative Security Update for Internet Explorer
- KB4038777 : Windows 7 / Server 2008 R2 Monthly Rollup
105184 (1) - Windows 7 and Windows Server 2008 R2 December 2017 Security Updates
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing security update 4054521 or cumulative update 4054518. It is, therefore, affected by multiple vulnerabilities :

- An information disclosure vulnerability exists when the scripting engine does not properly handle objects in memory in Microsoft browsers. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system.
(CVE-2017-11919)

- A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory.
The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2017-11886, CVE-2017-11890, CVE-2017-11901, CVE-2017-11903, CVE-2017-11907, CVE-2017-11913)

- A remote code execution vulnerability exists in RPC if the server has Routing and Remote Access enabled. An attacker who successfully exploited this vulnerability could execute code on the target system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
(CVE-2017-11885)

- A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.
(CVE-2017-11894, CVE-2017-11895, CVE-2017-11912, CVE-2017-11930)

- An information disclosure vulnerability exists when Internet Explorer improperly handles objects in memory.
An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2017-11887, CVE-2017-11906)

- An information disclosure vulnerability exists when the Windows its:// protocol handler unnecessarily sends traffic to a remote site in order to determine the zone of a provided URL. This could potentially result in the disclosure of sensitive information to a malicious site.
(CVE-2017-11927)
See Also
Solution
Apply Security Only update KB4054521 or Cumulative update KB4054518.
Risk Factor
High
CVSS v3.0 Base Score
7.5 (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
6.7 (CVSS:3.0/E:P/RL:O/RC:X)
CVSS Base Score
7.6 (CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C)
CVSS Temporal Score
6.0 (CVSS2#E:POC/RL:OF/RC:ND)
References
BID 102045
BID 102046
BID 102047
BID 102053
BID 102054
BID 102055
BID 102058
BID 102062
BID 102063
BID 102078
BID 102082
BID 102091
BID 102092
BID 102093
BID 102095
CVE CVE-2017-11885
CVE CVE-2017-11886
CVE CVE-2017-11887
CVE CVE-2017-11890
CVE CVE-2017-11894
CVE CVE-2017-11895
CVE CVE-2017-11901
CVE CVE-2017-11903
CVE CVE-2017-11906
CVE CVE-2017-11907
CVE CVE-2017-11912
CVE CVE-2017-11913
CVE CVE-2017-11919
CVE CVE-2017-11927
CVE CVE-2017-11930
MSKB 4054521
MSKB 4054518
XREF OSVDB:170722
XREF OSVDB:170728
XREF OSVDB:170729
XREF OSVDB:170730
XREF OSVDB:170731
XREF OSVDB:170734
XREF OSVDB:170735
XREF OSVDB:170736
XREF OSVDB:170737
XREF OSVDB:170738
XREF OSVDB:170739
XREF OSVDB:170741
XREF OSVDB:170742
XREF OSVDB:170744
XREF OSVDB:170745
XREF MSFT:MS17-4054521
XREF MSFT:MS17-4054518
Plugin Information:
Published: 2017/12/12, Modified: 2018/01/26
Plugin Output

10.0.0.64 (tcp/445)


The remote host is missing one of the following rollup KBs :
- 4054521
- 4054518

C:\Windows\system32\itss.dll has not been patched.
Remote version : 6.1.7600.16385
Should be : 6.1.7601.23948
105188 (1) - Security Updates for Internet Explorer (December 2017)
Synopsis
The Internet Explorer installation on the remote host is affected by multiple vulnerabilities.
Description
The Internet Explorer installation on the remote host is missing security updates. It is, therefore, affected by multiple vulnerabilities :

- A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.
(CVE-2017-11894, CVE-2017-11895, CVE-2017-11912, CVE-2017-11930)

- An information disclosure vulnerability exists when Internet Explorer improperly handles objects in memory.
An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2017-11887, CVE-2017-11906)

- An information disclosure vulnerability exists when the scripting engine does not properly handle objects in memory in Microsoft browsers. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system.
(CVE-2017-11919)

- A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory.
The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2017-11886, CVE-2017-11890, CVE-2017-11901, CVE-2017-11903, CVE-2017-11907, CVE-2017-11913)
See Also
Solution
Microsoft has released the following security updates to address this issue:
-KB4054520
-KB4052978
-KB4054519
-KB4054518
Risk Factor
High
CVSS v3.0 Base Score
7.5 (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
6.7 (CVSS:3.0/E:P/RL:O/RC:X)
CVSS Base Score
7.6 (CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C)
CVSS Temporal Score
6.0 (CVSS2#E:POC/RL:OF/RC:ND)
References
BID 102045
BID 102046
BID 102047
BID 102053
BID 102054
BID 102058
BID 102062
BID 102063
BID 102078
BID 102082
BID 102091
BID 102092
BID 102093
CVE CVE-2017-11886
CVE CVE-2017-11887
CVE CVE-2017-11890
CVE CVE-2017-11894
CVE CVE-2017-11895
CVE CVE-2017-11901
CVE CVE-2017-11903
CVE CVE-2017-11906
CVE CVE-2017-11907
CVE CVE-2017-11912
CVE CVE-2017-11913
CVE CVE-2017-11919
CVE CVE-2017-11930
MSKB 4054520
MSKB 4052978
MSKB 4054519
MSKB 4054518
XREF OSVDB:170722
XREF OSVDB:170728
XREF OSVDB:170729
XREF OSVDB:170730
XREF OSVDB:170731
XREF OSVDB:170734
XREF OSVDB:170735
XREF OSVDB:170736
XREF OSVDB:170737
XREF OSVDB:170738
XREF OSVDB:170739
XREF OSVDB:170741
XREF OSVDB:170742
XREF MSFT:MS17-4054520
XREF MSFT:MS17-4052978
XREF MSFT:MS17-4054519
XREF MSFT:MS17-4054518
Plugin Information:
Published: 2017/12/12, Modified: 2018/01/26
Plugin Output

10.0.0.64 (tcp/445)



KB : 4052978
- C:\Windows\system32\mshtml.dll has not been patched.
Remote version : 11.0.9600.18763
Should be : 11.0.9600.18860

Note: The fix for this issue is available in either of the following updates:
- KB4052978 : Cumulative Security Update for Internet Explorer
- KB4054518 : Windows 7 / Server 2008 R2 Monthly Rollup
105213 (1) - Mozilla Firefox < 57.0.2 ANGLE Graphics Library RCE
Synopsis
A web browser installed on the remote Windows host is affected by a remote code execution vulnerability.
Description
The version of Mozilla Firefox installed on the remote Windows host is prior to 57.0.2. It is, therefore, affected by a flaw related to handling Direct 3D 9 drawing and validating elements with the ANGLE graphics library that could allow buffer overflows and potentially code execution.
See Also
Solution
Upgrade to Mozilla Firefox version 57.0.2 or later.
Risk Factor
High
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
7.7 (CVSS:3.0/E:U/RL:O/RC:C)
CVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score
6.9 (CVSS2#E:U/RL:OF/RC:C)
References
BID 102115
CVE CVE-2017-7845
XREF OSVDB:170496
XREF MFSA:2017-29
Plugin Information:
Published: 2017/12/13, Modified: 2017/12/14
Plugin Output

10.0.0.64 (tcp/445)


Path : C:\Program Files (x86)\Mozilla Firefox
Installed version : 42.0
Fixed version : 57.0.2
105546 (1) - Security Updates for Internet Explorer (January 2018)
Synopsis
The Internet Explorer installation on the remote host is affected by multiple vulnerabilities.
Description
The Internet Explorer installation on the remote host is missing security updates. It is, therefore, affected by multiple vulnerabilities :

- A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.
(CVE-2018-0762, CVE-2018-0772)
See Also
Solution
Microsoft has released KB4056568 to address this issue.
Risk Factor
High
CVSS v3.0 Base Score
7.5 (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS Base Score
7.6 (CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C)
References
BID 102365
CVE CVE-2018-0762
CVE CVE-2018-0772
MSKB 4056568
MSKB 4056895
MSKB 4056894
MSKB 4056896
XREF MSFT:MS18-4056568
XREF MSFT:MS18-4056895
XREF MSFT:MS18-4056894
XREF MSFT:MS18-4056896
Plugin Information:
Published: 2018/01/04, Modified: 2018/02/15
Plugin Output

10.0.0.64 (tcp/445)



KB : 4056568
- C:\Windows\system32\mshtml.dll has not been patched.
Remote version : 11.0.9600.18763
Should be : 11.0.9600.18894

Note: The fix for this issue is available in either of the following updates:
- KB4056568 : Cumulative Security Update for Internet Explorer
- KB4056894 : Windows 7 / Server 2008 R2 Monthly Rollup
105552 (1) - KB4056897: Windows 7 and Windows Server 2008 R2 January 2018 Security Update (Meltdown)(Spectre)
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing security update 4056897 or cumulative update 4056894. It is, therefore, affected by multiple vulnerabilities :

- An vulnerability exists within microprocessors utilizing speculative execution and indirect branch prediction, which may allow an attacker with local user access to disclose information via a side-channel analysis.
(CVE-2017-5715, CVE-2017-5753, CVE-2017-5754)

- An elevation of privilege vulnerability exists in Windows Adobe Type Manager Font Driver (ATMFD.dll) when it fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code and take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2018-0788)

- An information disclosure vulnerability exists in Windows Adobe Type Manager Font Driver (ATMFD.dll) when it fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could potentially read data that was not intended to be disclosed. Note that this vulnerability would not allow an attacker to execute code or to elevate their user rights directly, but it could be used to obtain information that could be used to try to further compromise the affected system. (CVE-2018-0754)

- A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.
(CVE-2018-0762, CVE-2018-0772)

- An information disclosure vulnerability exists in the way that the Color Management Module (ICM32.dll) handles objects in memory. This vulnerability allows an attacker to retrieve information to bypass usermode ASLR (Address Space Layout Randomization) on a targeted system. By itself, the information disclosure does not allow arbitrary code execution; however, it could allow arbitrary code to be run if the attacker uses it in combination with another vulnerability. (CVE-2018-0741)

- An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass. An attacker who successfully exploited the vulnerability could retrieve the memory address of a kernel object. (CVE-2018-0747)

- An elevation of privilege vulnerability exists in the Microsoft Server Message Block (SMB) Server when an attacker with valid credentials attempts to open a specially crafted file over the SMB protocol on the same machine. An attacker who successfully exploited this vulnerability could bypass certain security checks in the operating system. (CVE-2018-0749)

- An elevation of privilege vulnerability exists in the way that the Windows Kernel API enforces permissions. An attacker who successfully exploited the vulnerability could impersonate processes, interject cross-process communication, or interrupt system functionality.
(CVE-2018-0748)

- A Win32k information disclosure vulnerability exists when the Windows GDI component improperly discloses kernel memory addresses. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2018-0750)
See Also
Solution
Apply Security Only update KB4056897 or Cumulative Update KB4056894.

Note: Due to a compatibility issue with some antivirus software products, it may not be possible to apply the required updates.
See Microsoft KB article 4072699 for more information.
Risk Factor
High
CVSS v3.0 Base Score
7.5 (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
6.7 (CVSS:3.0/E:P/RL:O/RC:C)
CVSS Base Score
7.6 (CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C)
CVSS Temporal Score
6.0 (CVSS2#E:POC/RL:OF/RC:C)
STIG Severity
I
References
BID 102378
CVE CVE-2017-5715
CVE CVE-2017-5753
CVE CVE-2017-5754
CVE CVE-2018-0741
CVE CVE-2018-0747
CVE CVE-2018-0748
CVE CVE-2018-0749
CVE CVE-2018-0750
CVE CVE-2018-0754
CVE CVE-2018-0762
CVE CVE-2018-0772
CVE CVE-2018-0788
MSKB 4056897
MSKB 4056894
XREF OSVDB:171888
XREF OSVDB:171894
XREF OSVDB:171897
XREF OSVDB:171968
XREF OSVDB:171971
XREF OSVDB:171979
XREF OSVDB:172006
XREF OSVDB:172011
XREF OSVDB:172012
XREF OSVDB:172013
XREF OSVDB:172014
XREF OSVDB:172015
XREF IAVA:2018-A-0019
XREF IAVA:2018-A-0020
XREF MSFT:MS18-4056897
XREF MSFT:MS18-4056894
Plugin Information:
Published: 2018/01/04, Modified: 2018/03/13
Plugin Output

10.0.0.64 (tcp/445)


The remote host is missing one of the following rollup KBs :
- 4056897
- 4056894

C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 6.1.7601.23864
Should be : 6.1.7601.24000
106303 (1) - Mozilla Firefox < 58 Multiple Vulnerabilities
Synopsis
A web browser installed on the remote Windows host is affected by multiple vulnerabilities.
Description
The version of Mozilla Firefox installed on the remote Windows host is prior to 58. It is, therefore, affected by multiple vulnerabilities, some of which allow code execution and potentially exploitable crashes.
See Also
Solution
Upgrade to Mozilla Firefox version 58 or later.
Risk Factor
High
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
7.7 (CVSS:3.0/E:U/RL:U/RC:R)
CVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score
7.5 (CVSS2#E:U/RL:U/RC:UR)
References
BID 102783
CVE CVE-2018-5089
CVE CVE-2018-5090
CVE CVE-2018-5091
CVE CVE-2018-5092
CVE CVE-2018-5093
CVE CVE-2018-5094
CVE CVE-2018-5095
CVE CVE-2018-5097
CVE CVE-2018-5098
CVE CVE-2018-5099
CVE CVE-2018-5100
CVE CVE-2018-5101
CVE CVE-2018-5102
CVE CVE-2018-5103
CVE CVE-2018-5104
CVE CVE-2018-5105
CVE CVE-2018-5106
CVE CVE-2018-5107
CVE CVE-2018-5108
CVE CVE-2018-5109
CVE CVE-2018-5110
CVE CVE-2018-5111
CVE CVE-2018-5112
CVE CVE-2018-5113
CVE CVE-2018-5114
CVE CVE-2018-5115
CVE CVE-2018-5116
CVE CVE-2018-5117
CVE CVE-2018-5118
CVE CVE-2018-5119
CVE CVE-2018-5121
CVE CVE-2018-5122
XREF OSVDB:173244
XREF OSVDB:173245
XREF OSVDB:173246
XREF OSVDB:173247
XREF OSVDB:173248
XREF OSVDB:173249
XREF OSVDB:173250
XREF OSVDB:173251
XREF OSVDB:173252
XREF OSVDB:173253
XREF OSVDB:173254
XREF OSVDB:173255
XREF OSVDB:173256
XREF OSVDB:173257
XREF OSVDB:173258
XREF OSVDB:173259
XREF OSVDB:173260
XREF OSVDB:173261
XREF OSVDB:173262
XREF OSVDB:173263
XREF OSVDB:173264
XREF OSVDB:173265
XREF OSVDB:173266
XREF OSVDB:173267
XREF OSVDB:173268
XREF OSVDB:173269
XREF OSVDB:173270
XREF OSVDB:173271
XREF OSVDB:173272
XREF OSVDB:173273
XREF OSVDB:173274
XREF OSVDB:173275
XREF OSVDB:173276
XREF OSVDB:173277
XREF OSVDB:173279
XREF OSVDB:173280
XREF OSVDB:173281
XREF OSVDB:173282
XREF OSVDB:173283
XREF OSVDB:173284
XREF OSVDB:173285
XREF OSVDB:173286
XREF OSVDB:173287
XREF OSVDB:173288
XREF OSVDB:173289
XREF OSVDB:173290
XREF OSVDB:173291
XREF OSVDB:173292
XREF OSVDB:173293
XREF OSVDB:173294
XREF OSVDB:173295
XREF OSVDB:173296
XREF OSVDB:173297
XREF OSVDB:173298
XREF OSVDB:173299
XREF OSVDB:173300
XREF OSVDB:173301
XREF OSVDB:173302
XREF OSVDB:173303
XREF OSVDB:173304
XREF OSVDB:173312
XREF OSVDB:173313
XREF OSVDB:173314
XREF OSVDB:173315
XREF OSVDB:173324
XREF OSVDB:173325
XREF OSVDB:173326
XREF OSVDB:173327
XREF OSVDB:173328
XREF OSVDB:173330
XREF OSVDB:173331
XREF OSVDB:173332
XREF OSVDB:173336
XREF OSVDB:173337
XREF OSVDB:173338
XREF OSVDB:173339
XREF OSVDB:173340
XREF OSVDB:173341
XREF OSVDB:173342
XREF OSVDB:173343
XREF OSVDB:173344
XREF OSVDB:173345
XREF OSVDB:173346
XREF OSVDB:173348
XREF MFSA:2018-02
Plugin Information:
Published: 2018/01/24, Modified: 2018/03/16
Plugin Output

10.0.0.64 (tcp/445)


Path : C:\Program Files (x86)\Mozilla Firefox
Installed version : 42.0
Fixed version : 58
106485 (1) - Google Chrome < 64.0.3282.119 Multiple Vulnerabilities (Spectre)
Synopsis
A web browser installed on the remote Windows host is affected by multiple security vulnerabilities.
Description
The version of Google Chrome installed on the remote Windows host is prior to 64.0.3282.119. It is, therefore, affected by multiple security vulnerabilities as noted in Chrome stable channel update release notes for January 24th, 2018. Please refer to the release notes for additional information.

Note that Nessus has not attempted to exploit these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Upgrade to Google Chrome version 64.0.3282.119 or later.
Risk Factor
High
CVSS v3.0 Base Score
6.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N)
CVSS Base Score
7.1 (CVSS2#AV:N/AC:M/Au:N/C:C/I:N/A:N)
CVSS Temporal Score
5.6 (CVSS2#E:POC/RL:OF/RC:C)
STIG Severity
I
References
BID 102098
CVE CVE-2017-5715
CVE CVE-2017-5753
CVE CVE-2017-15420
CVE CVE-2018-6031
CVE CVE-2018-6032
CVE CVE-2018-6033
CVE CVE-2018-6034
CVE CVE-2018-6035
CVE CVE-2018-6036
CVE CVE-2018-6037
CVE CVE-2018-6038
CVE CVE-2018-6039
CVE CVE-2018-6040
CVE CVE-2018-6041
CVE CVE-2018-6042
CVE CVE-2018-6043
CVE CVE-2018-6045
CVE CVE-2018-6046
CVE CVE-2018-6047
CVE CVE-2018-6048
CVE CVE-2018-6049
CVE CVE-2018-6050
CVE CVE-2018-6051
CVE CVE-2018-6052
CVE CVE-2018-6053
CVE CVE-2018-6054
XREF OSVDB:170416
XREF OSVDB:173453
XREF OSVDB:173454
XREF OSVDB:173455
XREF OSVDB:173456
XREF OSVDB:173457
XREF OSVDB:173458
XREF OSVDB:173459
XREF OSVDB:173460
XREF OSVDB:173461
XREF OSVDB:173462
XREF OSVDB:173463
XREF OSVDB:173464
XREF OSVDB:173465
XREF OSVDB:173466
XREF OSVDB:173467
XREF OSVDB:173468
XREF OSVDB:173469
XREF OSVDB:173471
XREF OSVDB:173472
XREF OSVDB:173473
XREF OSVDB:173474
XREF OSVDB:173475
XREF OSVDB:173510
XREF OSVDB:175024
XREF IAVA:2018-A-0020
Plugin Information:
Published: 2018/01/30, Modified: 2018/04/13
Plugin Output

10.0.0.64 (tcp/445)


Path : C:\Program Files (x86)\Google\Chrome\Application
Installed version : 63.0.3239.132
Fixed version : 64.0.3282.119
106561 (1) - Mozilla Firefox < 58.0.1 Arbitrary Code Execution
Synopsis
A web browser installed on the remote Windows host is affected by an arbitrary code execution vulnerability.
Description
The version of Mozilla Firefox installed on the remote Windows host is prior to 58.0.1. It is, therefore, affected by an arbitrary code execution vulnerability.
See Also
Solution
Upgrade to Mozilla Firefox version 58.0.1 or later.
Risk Factor
High
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
7.7 (CVSS:3.0/E:U/RL:O/RC:C)
CVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score
6.9 (CVSS2#E:U/RL:OF/RC:C)
References
BID 102843
CVE CVE-2018-5124
XREF OSVDB:173751
XREF MFSA:2018-05
Plugin Information:
Published: 2018/02/01, Modified: 2018/03/16
Plugin Output

10.0.0.64 (tcp/445)


Path : C:\Program Files (x86)\Mozilla Firefox
Installed version : 42.0
Fixed version : 58.0.1
106802 (1) - KB4074587: Windows 7 and Windows Server 2008 R2 February 2018 Security Update
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing security update 4074587 or cumulative update 4074598. It is, therefore, affected by multiple vulnerabilities :

- A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.
(CVE-2018-0866)

- An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2018-0757, CVE-2018-0829, CVE-2018-0830)

- An information disclosure vulnerability exists when VBScript improperly discloses the contents of its memory, which could provide an attacker with information to further compromise the users computer or data.
(CVE-2018-0847)

- A remote code execution vulnerability exists in StructuredQuery when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
(CVE-2018-0825)

- An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory.
An attacker who successfully exploited the vulnerability could execute code with elevated permissions.
(CVE-2018-0742, CVE-2018-0820)

- A remote code execution vulnerability exists when Windows improperly handles objects in memory. An attacker who successfully exploited these vulnerabilities could take control of an affected system. (CVE-2018-0842)

- An elevation of privilege vulnerability exists when the Windows Common Log File System (CLFS) driver improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. (CVE-2018-0844, CVE-2018-0846)

- A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.
(CVE-2018-0840)

- An information disclosure vulnerability exists in the way that the Microsoft Windows Embedded OpenType (EOT) font engine parses specially crafted embedded fonts. An attacker who successfully exploited this vulnerability could potentially read data that was not intended to be disclosed. Note that while this vulnerability would not allow an attacker to either execute code or to elevate user rights directly, it could be used to obtain information in an attempt to further compromise the affected system. (CVE-2018-0755, CVE-2018-0760, CVE-2018-0761, CVE-2018-0855)
See Also
Solution
Apply Security Only update KB4074587 or Cumulative Update KB4074598.
Risk Factor
High
CVSS v3.0 Base Score
8.1 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVSS Base Score
7.6 (CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C)
References
Plugin Information:
Published: 2018/02/13, Modified: 2018/03/16
Plugin Output

10.0.0.64 (tcp/445)


The remote host is missing one of the following rollup KBs :
- 4074598
- 4074587

C:\Windows\system32\ntdll.dll has not been patched.
Remote version : 6.1.7601.23864
Should be : 6.1.7601.24024
106804 (1) - Security Updates for Internet Explorer (February 2018)
Synopsis
The Internet Explorer installation on the remote host is affected by multiple vulnerabilities.
Description
The Internet Explorer installation on the remote host is missing security updates. It is, therefore, affected by multiple vulnerabilities :

- A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.
(CVE-2018-0866)

- A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.
(CVE-2018-0840)
See Also
Solution
Microsoft has released the following security updates to address this issue:
-KB4074598
-KB4074736
-KB4074593
-KB4074594
Risk Factor
High
CVSS v3.0 Base Score
7.5 (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS Base Score
7.6 (CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C)
References
CVE CVE-2018-0840
CVE CVE-2018-0866
MSKB 4074598
MSKB 4074736
MSKB 4074593
MSKB 4074594
XREF MSFT:MS18-4074598
XREF MSFT:MS18-4074736
XREF MSFT:MS18-4074593
XREF MSFT:MS18-4074594
Plugin Information:
Published: 2018/02/13, Modified: 2018/03/16
Plugin Output

10.0.0.64 (tcp/445)



KB : 4074736
- C:\Windows\system32\mshtml.dll has not been patched.
Remote version : 11.0.9600.18763
Should be : 11.0.9600.18921

Note: The fix for this issue is available in either of the following updates:
- KB4074736 : Cumulative Security Update for Internet Explorer
- KB4074598 : Windows 7 / Server 2008 R2 Monthly Rollup
106840 (1) - Google Chrome < 64.0.3282.167 V8 JSFunction::CalculateInstanceSizeForDerivedClass() RCE
Synopsis
A web browser installed on the remote Windows host is affected by a code execution vulnerability.
Description
The version of Google Chrome installed on the remote Windows host is prior to 64.0.3282.167. It is, therefore, affected by a flaw in the V8 JavaScript engine as noted in Chrome stable channel update release notes for February 13th, 2018. Please refer to the release notes for additional information.

Note that Nessus has not attempted to exploit these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Upgrade to Google Chrome version 64.0.3282.167 or later.
Risk Factor
High
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
7.9 (CVSS:3.0/E:P/RL:O/RC:X)
CVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score
7.3 (CVSS2#E:POC/RL:OF/RC:ND)
References
BID 103003
CVE CVE-2018-6056
XREF OSVDB:174922
Plugin Information:
Published: 2018/02/15
Plugin Output

10.0.0.64 (tcp/445)


Path : C:\Program Files (x86)\Google\Chrome\Application
Installed version : 63.0.3239.132
Fixed version : 64.0.3282.167
107220 (1) - Google Chrome < 65.0.3325.146 Multiple Vulnerabilities
Synopsis
A web browser installed on the remote Windows host is affected by multiple vulnerabilities.
Description
The version of Google Chrome installed on the remote Windows host is prior to 65.0.3325.146. It is, therefore, affected by a multiple unspecified vulnerabilities as noted in Chrome stable channel update release notes for March 6th, 2018. Please refer to the release notes for additional information.

Note that Nessus has not attempted to exploit these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Upgrade to Google Chrome version 65.0.3325.146 or later.
Risk Factor
High
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score
6.9 (CVSS2#E:U/RL:OF/RC:C)
References
BID 101837
CVE CVE-2017-11215
CVE CVE-2017-11225
CVE CVE-2018-6057
CVE CVE-2018-6060
CVE CVE-2018-6061
CVE CVE-2018-6062
CVE CVE-2018-6063
CVE CVE-2018-6064
CVE CVE-2018-6065
CVE CVE-2018-6066
CVE CVE-2018-6067
CVE CVE-2018-6068
CVE CVE-2018-6069
CVE CVE-2018-6070
CVE CVE-2018-6071
CVE CVE-2018-6072
CVE CVE-2018-6073
CVE CVE-2018-6074
CVE CVE-2018-6075
CVE CVE-2018-6076
CVE CVE-2018-6077
CVE CVE-2018-6078
CVE CVE-2018-6079
CVE CVE-2018-6080
CVE CVE-2018-6081
CVE CVE-2018-6082
CVE CVE-2018-6083
XREF OSVDB:169127
XREF OSVDB:169128
XREF OSVDB:176182
XREF OSVDB:176183
XREF OSVDB:176184
XREF OSVDB:176185
XREF OSVDB:176186
XREF OSVDB:176187
XREF OSVDB:176188
XREF OSVDB:176189
XREF OSVDB:176190
XREF OSVDB:176191
XREF OSVDB:176192
XREF OSVDB:176193
XREF OSVDB:176194
XREF OSVDB:176195
XREF OSVDB:176196
XREF OSVDB:176197
XREF OSVDB:176198
XREF OSVDB:176199
XREF OSVDB:176200
XREF OSVDB:176201
XREF OSVDB:176202
XREF OSVDB:176203
XREF OSVDB:176204
XREF OSVDB:176205
XREF OSVDB:176207
Plugin Information:
Published: 2018/03/08, Modified: 2018/04/26
Plugin Output

10.0.0.64 (tcp/445)


Path : C:\Program Files (x86)\Google\Chrome\Application
Installed version : 63.0.3239.132
Fixed version : 65.0.3325.146
108290 (1) - KB4088878: Windows 7 and Windows Server 2008 R2 March 2018 Security Update
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing security update 4088878 or cumulative update 4088875. It is, therefore, affected by multiple vulnerabilities :

- An information disclosure vulnerability exists when Windows Remote Assistance incorrectly processes XML External Entities (XXE). An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2018-0878)

- An information disclosure vulnerability exists when Internet Explorer improperly handles objects in memory.
An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2018-0929)

- A remote code execution vulnerability exists when Windows Shell does not properly validate file copy destinations. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. (CVE-2018-0883)

- An elevation of privilege vulnerability exists in Windows when the Microsoft Video Control mishandles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in system mode. An attacker could then install programs;
view, change, or delete data; or create new accounts with full user rights. (CVE-2018-0881)

- An information disclosure vulnerability exists when affected Microsoft browsers improperly handle objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2018-0927, CVE-2018-0932)

- A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.
(CVE-2018-0889, CVE-2018-0935)

- An elevation of privilege vulnerability exists when Internet Explorer fails a check, allowing sandbox escape. An attacker who successfully exploited the vulnerability could use the sandbox escape to elevate privileges on an affected system. This vulnerability by itself does not allow arbitrary code execution; however, it could allow arbitrary code to be run if the attacker uses it in combination with another vulnerability (such as a remote code execution vulnerability or another elevation of privilege vulnerability) that is capable of leveraging the elevated privileges when code execution is attempted. The update addresses the vulnerability by correcting how Internet Explorer handles zone and integrity settings. (CVE-2018-0942)

- An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory.
(CVE-2018-0811, CVE-2018-0813, CVE-2018-0814)

- A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system. An attacker who successfully exploited the vulnerability could cause the host server to crash. (CVE-2018-0885)

- An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass. An attacker who successfully exploited the vulnerability could retrieve the memory address of a kernel object. (CVE-2018-0894, CVE-2018-0895, CVE-2018-0896, CVE-2018-0897, CVE-2018-0898, CVE-2018-0899, CVE-2018-0900, CVE-2018-0901, CVE-2018-0904)

- An elevation of privilege vulnerability exists in the Windows Installer when the Windows Installer fails to properly sanitize input leading to an insecure library loading behavior. A locally authenticated attacker could run arbitrary code with elevated system privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. The security update addresses the vulnerability by correcting the input sanitization error to preclude unintended elevation. (CVE-2018-0868)

- A remote code execution vulnerability exists in the Credential Security Support Provider protocol (CredSSP).
An attacker who successfully exploited this vulnerability could relay user credentials and use them to execute code on the target system. CredSSP is an authentication provider which processes authentication requests for other applications; any application which depends on CredSSP for authentication may be vulnerable to this type of attack. As an example of how an attacker would exploit this vulnerability against Remote Desktop Protocol, the attacker would need to run a specially crafted application and perform a man-in-the-middle attack against a Remote Desktop Protocol session. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. The security update addresses the vulnerability by correcting how Credential Security Support Provider protocol (CredSSP) validates requests during the authentication process. To be fully protected against this vulnerability users must enable Group Policy settings on their systems and update their Remote Desktop clients. The Group Policy settings are disabled by default to prevent connectivity problems and users must follow the instructions documented HERE to be fully protected. (CVE-2018-0886)

- An elevation of privilege vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs;
view, change, or delete data; or create new accounts with full user rights. (CVE-2018-0815, CVE-2018-0816, CVE-2018-0817)

- An information disclosure vulnerability exists when Windows Hyper-V on a host operating system fails to properly validate input from an authenticated user on a guest operating system. (CVE-2018-0888)

- An information disclosure vulnerability exists when the scripting engine does not properly handle objects in memory in Microsoft browsers. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system.
(CVE-2018-0891)
See Also
Solution
Apply Security Only update KB4088878 or Cumulative Update KB4088875.
Risk Factor
High
CVSS v3.0 Base Score
7.5 (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS Base Score
7.6 (CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C)
References
BID 103230
BID 103231
BID 103232
BID 103234
BID 103236
BID 103238
BID 103240
BID 103241
BID 103242
BID 103243
BID 103244
BID 103245
BID 103246
BID 103248
BID 103249
BID 103250
BID 103251
BID 103256
BID 103259
BID 103261
BID 103262
BID 103265
BID 103295
BID 103298
BID 103299
BID 103307
BID 103309
BID 103310
BID 103312
CVE CVE-2018-0811
CVE CVE-2018-0813
CVE CVE-2018-0814
CVE CVE-2018-0815
CVE CVE-2018-0816
CVE CVE-2018-0817
CVE CVE-2018-0868
CVE CVE-2018-0878
CVE CVE-2018-0881
CVE CVE-2018-0883
CVE CVE-2018-0885
CVE CVE-2018-0886
CVE CVE-2018-0888
CVE CVE-2018-0889
CVE CVE-2018-0891
CVE CVE-2018-0894
CVE CVE-2018-0895
CVE CVE-2018-0896
CVE CVE-2018-0897
CVE CVE-2018-0898
CVE CVE-2018-0899
CVE CVE-2018-0900
CVE CVE-2018-0901
CVE CVE-2018-0904
CVE CVE-2018-0927
CVE CVE-2018-0929
CVE CVE-2018-0932
CVE CVE-2018-0935
CVE CVE-2018-0942
MSKB 4088875
MSKB 4088878
XREF OSVDB:176606
XREF OSVDB:176607
XREF OSVDB:176608
XREF OSVDB:176609
XREF OSVDB:176610
XREF OSVDB:176614
XREF OSVDB:176619
XREF OSVDB:176627
XREF OSVDB:176628
XREF OSVDB:176630
XREF OSVDB:176631
XREF OSVDB:176632
XREF OSVDB:176633
XREF OSVDB:176635
XREF OSVDB:176636
XREF OSVDB:176637
XREF OSVDB:176638
XREF OSVDB:176643
XREF OSVDB:176645
XREF OSVDB:176647
XREF OSVDB:176652
XREF OSVDB:176654
XREF OSVDB:176655
XREF OSVDB:176659
XREF OSVDB:176664
XREF OSVDB:176667
XREF OSVDB:176670
XREF OSVDB:176688
XREF OSVDB:176689
XREF MSFT:MS18-4088875
XREF MSFT:MS18-4088878
Plugin Information:
Published: 2018/03/13, Modified: 2018/04/12
Plugin Output

10.0.0.64 (tcp/445)


The remote host is missing one of the following rollup KBs :
- 4088875
- 4088878

C:\Windows\system32\bcrypt.dll has not been patched.
Remote version : 6.1.7601.23864
Should be : 6.1.7601.24059
108295 (1) - Security Updates for Internet Explorer (March 2018)
Synopsis
The Internet Explorer installation on the remote host is affected by multiple vulnerabilities.
Description
The Internet Explorer installation on the remote host is missing security updates. It is, therefore, affected by multiple vulnerabilities :

- A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.
(CVE-2018-0889, CVE-2018-0935)

- An elevation of privilege vulnerability exists when Internet Explorer fails a check, allowing sandbox escape. An attacker who successfully exploited the vulnerability could use the sandbox escape to elevate privileges on an affected system. This vulnerability by itself does not allow arbitrary code execution; however, it could allow arbitrary code to be run if the attacker uses it in combination with another vulnerability (such as a remote code execution vulnerability or another elevation of privilege vulnerability) that is capable of leveraging the elevated privileges when code execution is attempted. The update addresses the vulnerability by correcting how Internet Explorer handles zone and integrity settings. (CVE-2018-0942)

- An information disclosure vulnerability exists when affected Microsoft browsers improperly handle objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2018-0927, CVE-2018-0932)

- An information disclosure vulnerability exists when Internet Explorer improperly handles objects in memory.
An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2018-0929)

- An information disclosure vulnerability exists when the scripting engine does not properly handle objects in memory in Microsoft browsers. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system.
(CVE-2018-0891)
See Also
Solution
Microsoft has released the following security updates to address this issue:
-KB4088876
-KB4088877
-KB4088875
-KB4089187
Risk Factor
High
CVSS v3.0 Base Score
7.5 (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS Base Score
7.6 (CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C)
References
BID 103295
BID 103298
BID 103299
BID 103307
BID 103309
BID 103310
BID 103312
CVE CVE-2018-0889
CVE CVE-2018-0891
CVE CVE-2018-0927
CVE CVE-2018-0929
CVE CVE-2018-0932
CVE CVE-2018-0935
CVE CVE-2018-0942
MSKB 4088876
MSKB 4088877
MSKB 4088875
MSKB 4089187
XREF OSVDB:176627
XREF OSVDB:176628
XREF OSVDB:176645
XREF OSVDB:176659
XREF OSVDB:176670
XREF OSVDB:176688
XREF OSVDB:176689
XREF MSFT:MS18-4088876
XREF MSFT:MS18-4088877
XREF MSFT:MS18-4088875
XREF MSFT:MS18-4089187
Plugin Information:
Published: 2018/03/13, Modified: 2018/04/12
Plugin Output

10.0.0.64 (tcp/445)



KB : 4089187
- C:\Windows\system32\mshtml.dll has not been patched.
Remote version : 11.0.9600.18763
Should be : 11.0.9600.18953

Note: The fix for this issue is available in either of the following updates:
- KB4089187 : Cumulative Security Update for Internet Explorer
- KB4088875 : Windows 7 / Server 2008 R2 Monthly Rollup
108300 (1) - Security Updates for Windows Server 2008 (March 2018)
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing security updates. It is, therefore, affected by multiple vulnerabilities :

- An information disclosure vulnerability exists when Windows Remote Assistance incorrectly processes XML External Entities (XXE). An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2018-0878)

- An information disclosure vulnerability exists when Internet Explorer improperly handles objects in memory.
An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2018-0929)

- A remote code execution vulnerability exists when Windows Shell does not properly validate file copy destinations. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. (CVE-2018-0883)


- An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory.
(CVE-2018-0811, CVE-2018-0813, CVE-2018-0814)

- A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system. An attacker who successfully exploited the vulnerability could cause the host server to crash. (CVE-2018-0885)

- An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass. An attacker who successfully exploited the vulnerability could retrieve the memory address of a kernel object. (CVE-2018-0894, CVE-2018-0895, CVE-2018-0896, CVE-2018-0897, CVE-2018-0898, CVE-2018-0899, CVE-2018-0900, CVE-2018-0901, CVE-2018-0904)

- An elevation of privilege vulnerability exists in the Windows Installer when the Windows Installer fails to properly sanitize input leading to an insecure library loading behavior. A locally authenticated attacker could run arbitrary code with elevated system privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. The security update addresses the vulnerability by correcting the input sanitization error to preclude unintended elevation. (CVE-2018-0868)

- A remote code execution vulnerability exists in the Credential Security Support Provider protocol (CredSSP).
An attacker who successfully exploited this vulnerability could relay user credentials and use them to execute code on the target system. CredSSP is an authentication provider which processes authentication requests for other applications; any application which depends on CredSSP for authentication may be vulnerable to this type of attack. As an example of how an attacker would exploit this vulnerability against Remote Desktop Protocol, the attacker would need to run a specially crafted application and perform a man-in-the-middle attack against a Remote Desktop Protocol session. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. The security update addresses the vulnerability by correcting how Credential Security Support Provider protocol (CredSSP) validates requests during the authentication process. To be fully protected against this vulnerability users must enable Group Policy settings on their systems and update their Remote Desktop clients. The Group Policy settings are disabled by default to prevent connectivity problems and users must follow the instructions documented HERE to be fully protected. (CVE-2018-0886)

- An elevation of privilege vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs;
view, change, or delete data; or create new accounts with full user rights. (CVE-2018-0815, CVE-2018-0816, CVE-2018-0817)

- An information disclosure vulnerability exists when Windows Hyper-V on a host operating system fails to properly validate input from an authenticated user on a guest operating system. (CVE-2018-0888)
See Also
Solution
Microsoft has released the following security updates to address this issue:
-KB4088827
-KB4073011
-KB4089344
-KB4089175
-KB4089453
-KB4089229
-KB4087398
-KB4056564
Risk Factor
High
CVSS v3.0 Base Score
7.5 (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS Base Score
7.6 (CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C)
References
BID 103230
BID 103231
BID 103232
BID 103234
BID 103236
BID 103238
BID 103240
BID 103241
BID 103242
BID 103243
BID 103244
BID 103245
BID 103246
BID 103248
BID 103249
BID 103250
BID 103251
BID 103259
BID 103261
BID 103262
BID 103265
BID 103295
BID 103298
BID 103299
BID 103309
CVE CVE-2018-0811
CVE CVE-2018-0813
CVE CVE-2018-0814
CVE CVE-2018-0815
CVE CVE-2018-0816
CVE CVE-2018-0817
CVE CVE-2018-0868
CVE CVE-2018-0878
CVE CVE-2018-0883
CVE CVE-2018-0885
CVE CVE-2018-0886
CVE CVE-2018-0888
CVE CVE-2018-0894
CVE CVE-2018-0895
CVE CVE-2018-0896
CVE CVE-2018-0897
CVE CVE-2018-0898
CVE CVE-2018-0899
CVE CVE-2018-0900
CVE CVE-2018-0901
CVE CVE-2018-0904
CVE CVE-2018-0929
CVE CVE-2018-0935
MSKB 4088827
MSKB 4073011
MSKB 4089344
MSKB 4089175
MSKB 4089453
MSKB 4089229
MSKB 4087398
MSKB 4056564
XREF OSVDB:176606
XREF OSVDB:176607
XREF OSVDB:176608
XREF OSVDB:176609
XREF OSVDB:176610
XREF OSVDB:176614
XREF OSVDB:176619
XREF OSVDB:176627
XREF OSVDB:176628
XREF OSVDB:176630
XREF OSVDB:176631
XREF OSVDB:176632
XREF OSVDB:176633
XREF OSVDB:176635
XREF OSVDB:176636
XREF OSVDB:176637
XREF OSVDB:176638
XREF OSVDB:176643
XREF OSVDB:176652
XREF OSVDB:176654
XREF OSVDB:176655
XREF OSVDB:176664
XREF OSVDB:176667
XREF OSVDB:176670
XREF OSVDB:176689
XREF MSFT:MS18-4088827
XREF MSFT:MS18-4073011
XREF MSFT:MS18-4089344
XREF MSFT:MS18-4089175
XREF MSFT:MS18-4089453
XREF MSFT:MS18-4089229
XREF MSFT:MS18-4087398
XREF MSFT:MS18-4056564
Plugin Information:
Published: 2018/03/13, Modified: 2018/04/12
Plugin Output

10.0.0.14 (tcp/445)



KB : 4089453
None of the versions of 'msra.exe' under C:\Windows\WinSxS
have been patched.
Fixed version : 6.0.6002.24305
108377 (1) - Mozilla Firefox < 59 Multiple Vulnerabilities
Synopsis
A web browser installed on the remote Windows host is affected by multiple vulnerabilities.
Description
The version of Mozilla Firefox installed on the remote Windows host is prior to 59. It is, therefore, affected by multiple vulnerabilities, some of which allow code execution and potentially exploitable crashes.
See Also
Solution
Upgrade to Mozilla Firefox version 59 or later.
Risk Factor
High
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
References
Plugin Information:
Published: 2018/03/15, Modified: 2018/03/22
Plugin Output

10.0.0.64 (tcp/445)


Path : C:\Program Files (x86)\Mozilla Firefox
Installed version : 42.0
Fixed version : 59
108587 (1) - Mozilla Firefox < 59.0.1 Multiple Code Execution Vulnerabilities
Synopsis
A web browser installed on the remote Windows host is affected by multiple code execution vulnerabilities.
Description
The version of Mozilla Firefox installed on the remote Windows host is prior to 59.0.1. It is, therefore, affected by multiple code execution vulnerabilities. A out-of-bounds write flaw exists in multiple functions of the codebook.c script when decoding Vorbis audio data. A context-dependent attacker could corrupt memory and potentially execute arbitrary code.
See Also
Solution
Upgrade to Mozilla Firefox version 59.0.1 or later.
Risk Factor
High
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
STIG Severity
I
References
BID 103432
CVE CVE-2018-5146
CVE CVE-2018-5147
XREF OSVDB:176896
XREF MFSA:2018-08
XREF IAVA:2018-A-0086
Plugin Information:
Published: 2018/03/23, Modified: 2018/03/23
Plugin Output

10.0.0.64 (tcp/445)


Path : C:\Program Files (x86)\Mozilla Firefox
Installed version : 42.0
Fixed version : 59.0.1
108756 (1) - Mozilla Firefox ESR < 59.0.2 Denial of Service Vulnerability
Synopsis
A web browser installed on the remote Windows host is affected by a Denial of Service vulnerability.
Description
The version of Mozilla Firefox ESR installed on the remote Windows host is prior to 59.0.2. It is, therefore, affected by a use-after-free error that causes a denial of service vulnerability.
See Also
Solution
Upgrade to Mozilla Firefox ESR version 59.0.2 or later.
Risk Factor
High
CVSS v3.0 Base Score
7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVSS Base Score
7.8 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C)
STIG Severity
I
References
BID 103506
CVE CVE-2018-5148
XREF OSVDB:177518
XREF MFSA:2018-10
XREF IAVA:2018-A-0086
Plugin Information:
Published: 2018/03/30, Modified: 2018/04/02
Plugin Output

10.0.0.64 (tcp/445)


Path : C:\Program Files (x86)\Mozilla Firefox
Installed version : 42.0
Fixed version : 59.0.2
108757 (1) - KB4100480: Windows Kernel Elevation of Privilege Vulnerability
Synopsis
The remote Windows host is affected by elevation of privilege vulnerability.
Description
The remote Windows host is missing security update 4100480. It is, therefore, affected by an elevation of privilege vulnerability that exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application to take control of an affected system.
See Also
Solution
Apply KB4100480.
Risk Factor
High
CVSS v3.0 Base Score
7.8 (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
CVSS Base Score
7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)
References
CVE CVE-2018-1038
MSKB 4100480
XREF OSVDB:177680
XREF MSFT:MS18-4100480
Plugin Information:
Published: 2018/03/30, Modified: 2018/04/18
Plugin Output

10.0.0.64 (tcp/445)


The remote host is missing one of the following rollup KBs :
- 4100480

C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 6.1.7601.23864
Should be : 6.1.7601.24093
108966 (1) - KB4093108: Windows 7 and Windows Server 2008 R2 April 2018 Security Update
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing security update 4093108 or cumulative update 4093118. It is, therefore, affected by multiple vulnerabilities :

- An elevation of privilege vulnerability exists in Windows Adobe Type Manager Font Driver (ATMFD.dll) when it fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code and take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2018-1008)

- An information disclosure vulnerability exists when the scripting engine does not properly handle objects in memory in Internet Explorer. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system.
(CVE-2018-0987)

- A buffer overflow vulnerability exists in the Microsoft JET Database Engine that could allow remote code execution on an affected system. An attacker who successfully exploited this vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. (CVE-2018-1003)

- A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory.
The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2018-0870, CVE-2018-0991, CVE-2018-0997, CVE-2018-1018, CVE-2018-1020)

- An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2018-0960)

- A denial of service vulnerability exists in the way that Windows handles objects in memory. An attacker who successfully exploited the vulnerability could cause a target system to stop responding. Note that the denial of service condition would not allow an attacker to execute code or to elevate user privileges. However, the denial of service condition could prevent authorized users from using system resources. The security update addresses the vulnerability by correcting how Windows handles objects in memory. (CVE-2018-8116)

- A denial of service vulnerability exists in the way that Windows SNMP Service handles malformed SNMP traps. An attacker who successfully exploited the vulnerability could cause a target system to stop responding. Note that the denial of service condition would not allow an attacker to execute code or to elevate user privileges.
However, the denial of service condition could prevent authorized users from using system resources. The security update addresses the vulnerability by correcting how Windows SNMP Service processes SNMP traps. (CVE-2018-0967)

- A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2018-1004)

- An information disclosure vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could provide an attacker with information to further compromise the user's computer or data. (CVE-2018-0981, CVE-2018-0989, CVE-2018-1000)

- An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass. An attacker who successfully exploited the vulnerability could retrieve the memory address of a kernel object. (CVE-2018-0969, CVE-2018-0970, CVE-2018-0971, CVE-2018-0972, CVE-2018-0973, CVE-2018-0974, CVE-2018-0975)

- A denial of service vulnerability exists in Remote Desktop Protocol (RDP) when an attacker connects to the target system using RDP and sends specially crafted requests. An attacker who successfully exploited this vulnerability could cause the RDP service on the target system to stop responding. (CVE-2018-0976)

- A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited the vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2018-1010, CVE-2018-1012, CVE-2018-1013, CVE-2018-1015, CVE-2018-1016)

- An information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory address. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2018-0887)

- A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.
(CVE-2018-0988, CVE-2018-0996, CVE-2018-1001)
See Also
Solution
Apply Security Only update KB4093108 or Cumulative Update KB4093118.
Risk Factor
High
CVSS v3.0 Base Score
8.4 (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVSS Base Score
7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)
STIG Severity
I
References
Plugin Information:
Published: 2018/04/10, Modified: 2018/04/12
Plugin Output

10.0.0.64 (tcp/445)


The remote host is missing one of the following rollup KBs :
- 4093108
- 4093118

C:\Windows\system32\advapi32.dll has not been patched.
Remote version : 6.1.7601.23864
Should be : 6.1.7601.24094
108975 (1) - Security Updates for Windows Server 2008 (April 2018)
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing security updates. It is, therefore, affected by multiple vulnerabilities :

- An elevation of privilege vulnerability exists in Windows Adobe Type Manager Font Driver (ATMFD.dll) when it fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code and take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2018-1008)

- A buffer overflow vulnerability exists in the Microsoft JET Database Engine that could allow remote code execution on an affected system. An attacker who successfully exploited this vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. (CVE-2018-1003)

- An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2018-0960)

- A denial of service vulnerability exists in the way that Windows handles objects in memory. An attacker who successfully exploited the vulnerability could cause a target system to stop responding. Note that the denial of service condition would not allow an attacker to execute code or to elevate user privileges. However, the denial of service condition could prevent authorized users from using system resources. The security update addresses the vulnerability by correcting how Windows handles objects in memory. (CVE-2018-8116)

- A denial of service vulnerability exists in the way that Windows SNMP Service handles malformed SNMP traps. An attacker who successfully exploited the vulnerability could cause a target system to stop responding. Note that the denial of service condition would not allow an attacker to execute code or to elevate user privileges.
However, the denial of service condition could prevent authorized users from using system resources. The security update addresses the vulnerability by correcting how Windows SNMP Service processes SNMP traps. (CVE-2018-0967)

- A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2018-1004)

- An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass. An attacker who successfully exploited the vulnerability could retrieve the memory address of a kernel object. (CVE-2018-0969, CVE-2018-0970, CVE-2018-0971, CVE-2018-0972, CVE-2018-0973, CVE-2018-0974, CVE-2018-0975)

- A denial of service vulnerability exists in Remote Desktop Protocol (RDP) when an attacker connects to the target system using RDP and sends specially crafted requests. An attacker who successfully exploited this vulnerability could cause the RDP service on the target system to stop responding. (CVE-2018-0976)

- A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited the vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2018-1010, CVE-2018-1012, CVE-2018-1013, CVE-2018-1015, CVE-2018-1016)

- An information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory address. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2018-0887)
See Also
Solution
Microsoft has released the following security updates to address this issue:
-KB4093478
-KB4093227
-KB4093224
-KB4093223
-KB4093257
-KB4091756
Risk Factor
High
CVSS v3.0 Base Score
8.4 (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVSS Base Score
7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)
STIG Severity
I
References
CVE CVE-2018-0887
CVE CVE-2018-0960
CVE CVE-2018-0967
CVE CVE-2018-0969
CVE CVE-2018-0970
CVE CVE-2018-0971
CVE CVE-2018-0972
CVE CVE-2018-0973
CVE CVE-2018-0974
CVE CVE-2018-0975
CVE CVE-2018-0976
CVE CVE-2018-1003
CVE CVE-2018-1008
CVE CVE-2018-1010
CVE CVE-2018-1012
CVE CVE-2018-1013
CVE CVE-2018-1015
CVE CVE-2018-1016
CVE CVE-2018-8116
MSKB 4093478
MSKB 4093227
MSKB 4093224
MSKB 4093223
MSKB 4093257
MSKB 4091756
XREF IAVA:2018-A-0108
XREF IAVA:2018-A-0114
XREF MSFT:MS18-4093478
XREF MSFT:MS18-4093227
XREF MSFT:MS18-4093224
XREF MSFT:MS18-4093223
XREF MSFT:MS18-4093257
XREF MSFT:MS18-4091756
Plugin Information:
Published: 2018/04/10, Modified: 2018/04/19
Plugin Output

10.0.0.14 (tcp/445)



KB : 4091756
None of the versions of 'wsnmp32.dll' under C:\Windows\WinSxS
have been patched.
Fixed version : 6.0.6002.24329

KB : 4093223
None of the versions of 't2embed.dll' under C:\Windows\WinSxS
have been patched.
Fixed version : 6.0.6002.24311

KB : 4093224
None of the versions of 'win32k.sys' under C:\Windows\WinSxS
have been patched.
Fixed version : 6.0.6002.24344

KB : 4093227
None of the versions of 'scksp.dll' under C:\Windows\WinSxS
have been patched.
Fixed version : 6.0.6002.24329

KB : 4093257
None of the versions of 'msexcl40.dll' under C:\Windows\WinSxS
have been patched.
Fixed version : 4.0.9801.3

KB : 4093478
None of the versions of 'spsys.sys' under C:\Windows\WinSxS
have been patched.
Fixed version : 6.0.6002.24298
51192 (38) - SSL Certificate Cannot Be Trusted
Synopsis
The SSL certificate for this service cannot be trusted.
Description
The server's X.509 certificate cannot be trusted. This situation can occur in three different ways, in which the chain of trust can be broken, as stated below :

- First, the top of the certificate chain sent by the server might not be descended from a known public certificate authority. This can occur either when the top of the chain is an unrecognized, self-signed certificate, or when intermediate certificates are missing that would connect the top of the certificate chain to a known public certificate authority.

- Second, the certificate chain may contain a certificate that is not valid at the time of the scan. This can occur either when the scan occurs before one of the certificate's 'notBefore' dates, or after one of the certificate's 'notAfter' dates.

- Third, the certificate chain may contain a signature that either didn't match the certificate's information or could not be verified. Bad signatures can be fixed by getting the certificate with the bad signature to be re-signed by its issuer. Signatures that could not be verified are the result of the certificate's issuer using a signing algorithm that Nessus either does not support or does not recognize.

If the remote host is a public host in production, any break in the chain makes it more difficult for users to verify the authenticity and identity of the web server. This could make it easier to carry out man-in-the-middle attacks against the remote host.
See Also
Solution
Purchase or generate a proper certificate for this service.
Risk Factor
Medium
CVSS v3.0 Base Score
6.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)
CVSS Base Score
6.4 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N)
Plugin Information:
Published: 2010/12/15, Modified: 2017/05/18
Plugin Output

10.0.0.8 (tcp/1433)


The following certificate was at the top of the certificate
chain sent by the remote host, but it is signed by an unknown
certificate authority :

|-Subject : CN=SSL_Self_Signed_Fallback
|-Issuer : CN=SSL_Self_Signed_Fallback

10.0.0.8 (tcp/3389)


The following certificate was at the top of the certificate
chain sent by the remote host, but it is signed by an unknown
certificate authority :

|-Subject : CN=427576-DB2-NEW.demo.org
|-Issuer : CN=427576-DB2-NEW.demo.org

10.0.0.14 (tcp/3389)


The following certificate was at the top of the certificate
chain sent by the remote host, but it is signed by an unknown
certificate authority :

|-Subject : CN=queen.demo.org
|-Issuer : CN=queen.demo.org

10.0.0.21 (tcp/443)


The following certificate was part of the certificate chain
sent by the remote host, but it has expired :

|-Subject : CN=427580-ts.demo.org
|-Not After : Jan 08 15:15:59 2013 GMT

The following certificate was at the top of the certificate
chain sent by the remote host, but it is signed by an unknown
certificate authority :

|-Subject : CN=427580-ts.demo.org
|-Issuer : CN=427580-ts.demo.org

10.0.0.21 (tcp/3389)


The following certificate was at the top of the certificate
chain sent by the remote host, but it is signed by an unknown
certificate authority :

|-Subject : CN=dynamics-ts.demo.org
|-Issuer : CN=dynamics-ts.demo.org

10.0.0.22 (tcp/3389)


The following certificate was at the top of the certificate
chain sent by the remote host, but it is signed by an unknown
certificate authority :

|-Subject : CN=dynamics-app.demo.org
|-Issuer : CN=dynamics-app.demo.org

10.0.0.22 (tcp/48000)


The following certificate was at the top of the certificate
chain sent by the remote host, but it is signed by an unknown
certificate authority :

|-Subject : ST=/Rackspace/ordhub01/911751-427578/O=Rackspace/OU=ordhub01/OU=911751-427578/CN=127.0.0.1
|-Issuer : ST=/Rackspace/ordhub01/911751-427578/O=Rackspace/OU=ordhub01/OU=911751-427578/CN=127.0.0.1

10.0.0.22 (tcp/48001)


The following certificate was at the top of the certificate
chain sent by the remote host, but it is signed by an unknown
certificate authority :

|-Subject : ST=/n/a/n/a/n/a/O=n/a/OU=n/a/OU=n/a/CN=127.0.0.1
|-Issuer : ST=/n/a/n/a/n/a/O=n/a/OU=n/a/OU=n/a/CN=127.0.0.1

10.0.0.25 (tcp/443)


The following certificate was part of the certificate chain
sent by the remote host, but it has expired :

|-Subject : CN=demoSFDC01.demo.org
|-Not After : Apr 05 00:00:00 2012 GMT

The following certificate was at the top of the certificate
chain sent by the remote host, but it is signed by an unknown
certificate authority :

|-Subject : CN=demoSFDC01.demo.org
|-Issuer : CN=demoSFDC01.demo.org

10.0.0.25 (tcp/636)


The following certificate was part of the certificate chain
sent by the remote host, but it has expired :

|-Subject : CN=demoSFDC01.demo.org
|-Not After : Apr 05 00:00:00 2012 GMT

The following certificate was at the top of the certificate
chain sent by the remote host, but it is signed by an unknown
certificate authority :

|-Subject : CN=demoSFDC01.demo.org
|-Issuer : CN=demoSFDC01.demo.org

10.0.0.25 (tcp/3269)


The following certificate was part of the certificate chain
sent by the remote host, but it has expired :

|-Subject : CN=demoSFDC01.demo.org
|-Not After : Apr 05 00:00:00 2012 GMT

The following certificate was at the top of the certificate
chain sent by the remote host, but it is signed by an unknown
certificate authority :

|-Subject : CN=demoSFDC01.demo.org
|-Issuer : CN=demoSFDC01.demo.org

10.0.0.25 (tcp/3389)


The following certificate was at the top of the certificate
chain sent by the remote host, but it is signed by an unknown
certificate authority :

|-Subject : CN=demoSFDC01.demo.org
|-Issuer : CN=demoSFDC01.demo.org

10.0.0.27 (tcp/636)


The following certificate was part of the certificate chain
sent by the remote host, but it has expired :

|-Subject : CN=demoSFDC02.demo.org
|-Not After : Mar 22 20:54:12 2016 GMT

The following certificate was at the top of the certificate
chain sent by the remote host, but it is signed by an unknown
certificate authority :

|-Subject : CN=demoSFDC02.demo.org
|-Issuer : DC=org/DC=demo/CN=demo-demoSFDC01-CA

10.0.0.27 (tcp/3269)


The following certificate was part of the certificate chain
sent by the remote host, but it has expired :

|-Subject : CN=demoSFDC02.demo.org
|-Not After : Mar 22 20:54:12 2016 GMT

The following certificate was at the top of the certificate
chain sent by the remote host, but it is signed by an unknown
certificate authority :

|-Subject : CN=demoSFDC02.demo.org
|-Issuer : DC=org/DC=demo/CN=demo-demoSFDC01-CA

10.0.0.27 (tcp/3389)


The following certificate was at the top of the certificate
chain sent by the remote host, but it is signed by an unknown
certificate authority :

|-Subject : CN=demosfdc02.demo.org
|-Issuer : CN=demosfdc02.demo.org

10.0.0.43 (tcp/443)


The following certificate was at the top of the certificate
chain sent by the remote host, but it is signed by an unknown
certificate authority :

|-Subject : C=US/ST=TX/L=Houston/O=Hewlett-Packard Company/OU=ISS/CN=iLO3 Default Issuer (Do not trust)
|-Issuer : C=US/ST=TX/L=Houston/O=Hewlett-Packard Company/OU=ISS/CN=iLO3 Default Issuer (Do not trust)

10.0.0.44 (tcp/443)


The following certificate was at the top of the certificate
chain sent by the remote host, but it is signed by an unknown
certificate authority :

|-Subject : C=US/ST=California/L=Palo Alto/O=VMware, Inc/OU=VMware ESX Server Default Certificate/E=ssl-certificates@vmware.com/CN=sf-dgllgt1.demo.org/1.2.840.113549.1.9.2=1417891635,564d7761726520496e632e
|-Issuer : O=VMware Installer

10.0.0.44 (tcp/5989)


The following certificate was at the top of the certificate
chain sent by the remote host, but it is signed by an unknown
certificate authority :

|-Subject : C=US/ST=California/L=Palo Alto/O=VMware, Inc/OU=VMware ESX Server Default Certificate/E=ssl-certificates@vmware.com/CN=sf-dgllgt1.demo.org/1.2.840.113549.1.9.2=1417891635,564d7761726520496e632e
|-Issuer : O=VMware Installer

10.0.0.45 (tcp/443)


The following certificate was at the top of the certificate
chain sent by the remote host, but it is signed by an unknown
certificate authority :

|-Subject : C=US/ST=TX/L=Houston/O=Hewlett-Packard Company/OU=ISS/CN=iLO3 Default Issuer (Do not trust)
|-Issuer : C=US/ST=TX/L=Houston/O=Hewlett-Packard Company/OU=ISS/CN=iLO3 Default Issuer (Do not trust)

10.0.0.46 (tcp/443)


The following certificate was at the top of the certificate
chain sent by the remote host, but it is signed by an unknown
certificate authority :

|-Subject : C=US/ST=California/L=Palo Alto/O=VMware, Inc/OU=VMware ESX Server Default Certificate/E=ssl-certificates@vmware.com/CN=localhost.demo.org/1.2.840.113549.1.9.2=1418416159,564d7761726520496e632e
|-Issuer : O=VMware Installer

10.0.0.46 (tcp/5989)


The following certificate was at the top of the certificate
chain sent by the remote host, but it is signed by an unknown
certificate authority :

|-Subject : C=US/ST=California/L=Palo Alto/O=VMware, Inc/OU=VMware ESX Server Default Certificate/E=ssl-certificates@vmware.com/CN=localhost.demo.org/1.2.840.113549.1.9.2=1418416159,564d7761726520496e632e
|-Issuer : O=VMware Installer

10.0.0.47 (tcp/443)


The following certificate was at the top of the certificate
chain sent by the remote host, but it is signed by an unknown
certificate authority :

|-Subject : C=US/ST=California/L=Palo Alto/O=VMware, Inc./OU=VMware vCenter Server Certificate/E=ssl-certificates@vmware.com/CN=sf-gxwtwp1.demo.org/1.2.840.113549.1.9.2=1417892863,ab088874,564d7761726520496e632e
|-Issuer : C=US/ST=California/L=Palo Alto/O=VMware, Inc./CN=sf-gxwtwp1.demo.org CA ed456d46/E=ssl-certificates@vmware.com

10.0.0.47 (tcp/1514)


The following certificate was at the top of the certificate
chain sent by the remote host, but it is signed by an unknown
certificate authority :

|-Subject : C=US/ST=California/L=Palo Alto/O=VMware, Inc./OU=VMware vCenter Server Certificate/E=ssl-certificates@vmware.com/CN=sf-gxwtwp1.demo.org/1.2.840.113549.1.9.2=1417892863,ab088874,564d7761726520496e632e
|-Issuer : C=US/ST=California/L=Palo Alto/O=VMware, Inc./CN=sf-gxwtwp1.demo.org CA ed456d46/E=ssl-certificates@vmware.com

10.0.0.47 (tcp/8191)


The following certificate was at the top of the certificate
chain sent by the remote host, but it is signed by an unknown
certificate authority :

|-Subject : C=US/ST=California/L=Palo Alto/O=VMware, Inc./OU=VMware vCenter Server Certificate/E=ssl-certificates@vmware.com/CN=sf-gxwtwp1.demo.org/1.2.840.113549.1.9.2=1417892863,ab088874,564d7761726520496e632e
|-Issuer : C=US/ST=California/L=Palo Alto/O=VMware, Inc./CN=sf-gxwtwp1.demo.org CA ed456d46/E=ssl-certificates@vmware.com

10.0.0.47 (tcp/8443)


The following certificate was at the top of the certificate
chain sent by the remote host, but it is signed by an unknown
certificate authority :

|-Subject : C=US/ST=California/L=Palo Alto/O=VMware, Inc./OU=VMware vCenter Server Certificate/E=ssl-certificates@vmware.com/CN=sf-gxwtwp1.demo.org/1.2.840.113549.1.9.2=1417892863,ab088874,564d7761726520496e632e
|-Issuer : C=US/ST=California/L=Palo Alto/O=VMware, Inc./CN=sf-gxwtwp1.demo.org CA ed456d46/E=ssl-certificates@vmware.com

10.0.0.47 (tcp/9443)


The following certificate was at the top of the certificate
chain sent by the remote host, but it is signed by an unknown
certificate authority :

|-Subject : C=US/ST=California/L=Palo Alto/O=VMware, Inc./OU=VMware vCenter Server Certificate/E=ssl-certificates@vmware.com/CN=sf-gxwtwp1.demo.org/1.2.840.113549.1.9.2=1417892863,ab088874,564d7761726520496e632e
|-Issuer : C=US/ST=California/L=Palo Alto/O=VMware, Inc./CN=sf-gxwtwp1.demo.org CA ed456d46/E=ssl-certificates@vmware.com

10.0.0.64 (tcp/3389)


The following certificate was at the top of the certificate
chain sent by the remote host, but it is signed by an unknown
certificate authority :

|-Subject : CN=SF-GXK9JS1.demo.org
|-Issuer : CN=SF-GXK9JS1.demo.org

10.0.0.64 (tcp/49570)


The following certificate was at the top of the certificate
chain sent by the remote host, but it is signed by an unknown
certificate authority :

|-Subject : CN=SSL_Self_Signed_Fallback
|-Issuer : CN=SSL_Self_Signed_Fallback

10.0.0.94 (tcp/443)


The following certificate was part of the certificate chain
sent by the remote host, but it has expired :

|-Subject : O=*.demo.org/OU=Domain Control Validated/CN=*.demo.org
|-Not After : Oct 02 17:46:44 2013 GMT

10.0.0.94 (tcp/3389)


The following certificate was at the top of the certificate
chain sent by the remote host, but it is signed by an unknown
certificate authority :

|-Subject : CN=demoFILER.demo.org
|-Issuer : CN=demoFILER.demo.org

10.0.0.112 (tcp/3389)


The following certificate was at the top of the certificate
chain sent by the remote host, but it is signed by an unknown
certificate authority :

|-Subject : CN=demoPRINT.demo.org
|-Issuer : CN=demoPRINT.demo.org

10.0.0.133 (tcp/443)


The following certificate was at the top of the certificate
chain sent by the remote host, but it is signed by an unknown
certificate authority :

|-Subject : C=US/CN=nas-E6-DA-DE.local
|-Issuer : C=US/CN=nas-E6-DA-DE.local

10.0.0.148 (tcp/3389)


The following certificate was at the top of the certificate
chain sent by the remote host, but it is signed by an unknown
certificate authority :

|-Subject : CN=demoSFVeeam
|-Issuer : CN=demoSFVeeam

10.0.0.158 (tcp/25)


The following certificate was part of the certificate chain
sent by the remote host, but it has expired :

|-Subject : OU=Domain Control Validated/CN=*.demo.org
|-Not After : Oct 02 18:54:38 2017 GMT

10.0.0.158 (tcp/443)


The following certificate was part of the certificate chain
sent by the remote host, but it has expired :

|-Subject : OU=Domain Control Validated/CN=*.demo.org
|-Not After : Oct 02 18:54:38 2017 GMT

10.0.0.158 (tcp/3389)


The following certificate was at the top of the certificate
chain sent by the remote host, but it is signed by an unknown
certificate authority :

|-Subject : CN=NEW427581-SPWFE.demo.org
|-Issuer : CN=NEW427581-SPWFE.demo.org

10.0.0.158 (tcp/48000)


The following certificate was at the top of the certificate
chain sent by the remote host, but it is signed by an unknown
certificate authority :

|-Subject : ST=/Rackspace/ordhub01/911751-427581/O=Rackspace/OU=ordhub01/OU=911751-427581/CN=127.0.0.1
|-Issuer : ST=/Rackspace/ordhub01/911751-427581/O=Rackspace/OU=ordhub01/OU=911751-427581/CN=127.0.0.1

10.0.0.158 (tcp/48001)


The following certificate was at the top of the certificate
chain sent by the remote host, but it is signed by an unknown
certificate authority :

|-Subject : ST=/n/a/n/a/n/a/O=n/a/OU=n/a/OU=n/a/CN=127.0.0.1
|-Issuer : ST=/n/a/n/a/n/a/O=n/a/OU=n/a/OU=n/a/CN=127.0.0.1
42873 (31) - SSL Medium Strength Cipher Suites Supported
Synopsis
The remote service supports the use of medium strength SSL ciphers.
Description
The remote host supports the use of SSL ciphers that offer medium strength encryption. Nessus regards medium strength as any encryption that uses key lengths at least 64 bits and less than 112 bits, or else that uses the 3DES encryption suite.

Note that it is considerably easier to circumvent medium strength encryption if the attacker is on the same physical network.
See Also
Solution
Reconfigure the affected application if possible to avoid use of medium strength ciphers.
Risk Factor
Medium
CVSS v3.0 Base Score
5.3 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
CVSS Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)
Plugin Information:
Published: 2009/11/23, Modified: 2017/09/01
Plugin Output

10.0.0.8 (tcp/1433)


Here is the list of medium strength SSL ciphers supported by the remote server :

Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

DES-CBC3-SHA Kx=RSA Au=RSA Enc=3DES-CBC(168) Mac=SHA1

The fields above are :

{OpenSSL ciphername}
Kx={key exchange}
Au={authentication}
Enc={symmetric encryption method}
Mac={message authentication code}
{export flag}

10.0.0.8 (tcp/3389)


Here is the list of medium strength SSL ciphers supported by the remote server :

Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

DES-CBC3-SHA Kx=RSA Au=RSA Enc=3DES-CBC(168) Mac=SHA1

The fields above are :

{OpenSSL ciphername}
Kx={key exchange}
Au={authentication}
Enc={symmetric encryption method}
Mac={message authentication code}
{export flag}

10.0.0.14 (tcp/3389)


Here is the list of medium strength SSL ciphers supported by the remote server :

Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

DES-CBC3-SHA Kx=RSA Au=RSA Enc=3DES-CBC(168) Mac=SHA1

The fields above are :

{OpenSSL ciphername}
Kx={key exchange}
Au={authentication}
Enc={symmetric encryption method}
Mac={message authentication code}
{export flag}

10.0.0.21 (tcp/443)


Here is the list of medium strength SSL ciphers supported by the remote server :

Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

DES-CBC3-SHA Kx=RSA Au=RSA Enc=3DES-CBC(168) Mac=SHA1

The fields above are :

{OpenSSL ciphername}
Kx={key exchange}
Au={authentication}
Enc={symmetric encryption method}
Mac={message authentication code}
{export flag}

10.0.0.21 (tcp/3389)


Here is the list of medium strength SSL ciphers supported by the remote server :

Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

DES-CBC3-SHA Kx=RSA Au=RSA Enc=3DES-CBC(168) Mac=SHA1

The fields above are :

{OpenSSL ciphername}
Kx={key exchange}
Au={authentication}
Enc={symmetric encryption method}
Mac={message authentication code}
{export flag}

10.0.0.22 (tcp/3389)


Here is the list of medium strength SSL ciphers supported by the remote server :

Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

DES-CBC3-SHA Kx=RSA Au=RSA Enc=3DES-CBC(168) Mac=SHA1

The fields above are :

{OpenSSL ciphername}
Kx={key exchange}
Au={authentication}
Enc={symmetric encryption method}
Mac={message authentication code}
{export flag}

10.0.0.22 (tcp/48000)


Here is the list of medium strength SSL ciphers supported by the remote server :

Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

DES-CBC3-SHA Kx=RSA Au=RSA Enc=3DES-CBC(168) Mac=SHA1

The fields above are :

{OpenSSL ciphername}
Kx={key exchange}
Au={authentication}
Enc={symmetric encryption method}
Mac={message authentication code}
{export flag}

10.0.0.22 (tcp/48001)


Here is the list of medium strength SSL ciphers supported by the remote server :

Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

DES-CBC3-SHA Kx=RSA Au=RSA Enc=3DES-CBC(168) Mac=SHA1

The fields above are :

{OpenSSL ciphername}
Kx={key exchange}
Au={authentication}
Enc={symmetric encryption method}
Mac={message authentication code}
{export flag}

10.0.0.25 (tcp/443)


Here is the list of medium strength SSL ciphers supported by the remote server :

Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

DES-CBC3-SHA Kx=RSA Au=RSA Enc=3DES-CBC(168) Mac=SHA1

The fields above are :

{OpenSSL ciphername}
Kx={key exchange}
Au={authentication}
Enc={symmetric encryption method}
Mac={message authentication code}
{export flag}

10.0.0.25 (tcp/636)


Here is the list of medium strength SSL ciphers supported by the remote server :

Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

DES-CBC3-SHA Kx=RSA Au=RSA Enc=3DES-CBC(168) Mac=SHA1

The fields above are :

{OpenSSL ciphername}
Kx={key exchange}
Au={authentication}
Enc={symmetric encryption method}
Mac={message authentication code}
{export flag}

10.0.0.25 (tcp/3269)


Here is the list of medium strength SSL ciphers supported by the remote server :

Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

DES-CBC3-SHA Kx=RSA Au=RSA Enc=3DES-CBC(168) Mac=SHA1

The fields above are :

{OpenSSL ciphername}
Kx={key exchange}
Au={authentication}
Enc={symmetric encryption method}
Mac={message authentication code}
{export flag}

10.0.0.25 (tcp/3389)


Here is the list of medium strength SSL ciphers supported by the remote server :

Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

DES-CBC3-SHA Kx=RSA Au=RSA Enc=3DES-CBC(168) Mac=SHA1

The fields above are :

{OpenSSL ciphername}
Kx={key exchange}
Au={authentication}
Enc={symmetric encryption method}
Mac={message authentication code}
{export flag}

10.0.0.27 (tcp/636)


Here is the list of medium strength SSL ciphers supported by the remote server :

Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

DES-CBC3-SHA Kx=RSA Au=RSA Enc=3DES-CBC(168) Mac=SHA1

The fields above are :

{OpenSSL ciphername}
Kx={key exchange}
Au={authentication}
Enc={symmetric encryption method}
Mac={message authentication code}
{export flag}

10.0.0.27 (tcp/3269)


Here is the list of medium strength SSL ciphers supported by the remote server :

Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

DES-CBC3-SHA Kx=RSA Au=RSA Enc=3DES-CBC(168) Mac=SHA1

The fields above are :

{OpenSSL ciphername}
Kx={key exchange}
Au={authentication}
Enc={symmetric encryption method}
Mac={message authentication code}
{export flag}

10.0.0.27 (tcp/3389)


Here is the list of medium strength SSL ciphers supported by the remote server :

Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

DES-CBC3-SHA Kx=RSA Au=RSA Enc=3DES-CBC(168) Mac=SHA1

The fields above are :

{OpenSSL ciphername}
Kx={key exchange}
Au={authentication}
Enc={symmetric encryption method}
Mac={message authentication code}
{export flag}

10.0.0.43 (tcp/443)


Here is the list of medium strength SSL ciphers supported by the remote server :

Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

EDH-RSA-DES-CBC3-SHA Kx=DH Au=RSA Enc=3DES-CBC(168) Mac=SHA1
DES-CBC3-SHA Kx=RSA Au=RSA Enc=3DES-CBC(168) Mac=SHA1

The fields above are :

{OpenSSL ciphername}
Kx={key exchange}
Au={authentication}
Enc={symmetric encryption method}
Mac={message authentication code}
{export flag}

10.0.0.44 (tcp/5989)


Here is the list of medium strength SSL ciphers supported by the remote server :

Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

DES-CBC3-SHA Kx=RSA Au=RSA Enc=3DES-CBC(168) Mac=SHA1

The fields above are :

{OpenSSL ciphername}
Kx={key exchange}
Au={authentication}
Enc={symmetric encryption method}
Mac={message authentication code}
{export flag}

10.0.0.45 (tcp/443)


Here is the list of medium strength SSL ciphers supported by the remote server :

Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

EDH-RSA-DES-CBC3-SHA Kx=DH Au=RSA Enc=3DES-CBC(168) Mac=SHA1
DES-CBC3-SHA Kx=RSA Au=RSA Enc=3DES-CBC(168) Mac=SHA1

The fields above are :

{OpenSSL ciphername}
Kx={key exchange}
Au={authentication}
Enc={symmetric encryption method}
Mac={message authentication code}
{export flag}

10.0.0.46 (tcp/5989)


Here is the list of medium strength SSL ciphers supported by the remote server :

Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

DES-CBC3-SHA Kx=RSA Au=RSA Enc=3DES-CBC(168) Mac=SHA1

The fields above are :

{OpenSSL ciphername}
Kx={key exchange}
Au={authentication}
Enc={symmetric encryption method}
Mac={message authentication code}
{export flag}

10.0.0.64 (tcp/3389)


Here is the list of medium strength SSL ciphers supported by the remote server :

Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

DES-CBC3-SHA Kx=RSA Au=RSA Enc=3DES-CBC(168) Mac=SHA1

The fields above are :

{OpenSSL ciphername}
Kx={key exchange}
Au={authentication}
Enc={symmetric encryption method}
Mac={message authentication code}
{export flag}

10.0.0.64 (tcp/49570)


Here is the list of medium strength SSL ciphers supported by the remote server :

Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

DES-CBC3-SHA Kx=RSA Au=RSA Enc=3DES-CBC(168) Mac=SHA1

The fields above are :

{OpenSSL ciphername}
Kx={key exchange}
Au={authentication}
Enc={symmetric encryption method}
Mac={message authentication code}
{export flag}

10.0.0.94 (tcp/443)


Here is the list of medium strength SSL ciphers supported by the remote server :

Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

DES-CBC3-SHA Kx=RSA Au=RSA Enc=3DES-CBC(168) Mac=SHA1

The fields above are :

{OpenSSL ciphername}
Kx={key exchange}
Au={authentication}
Enc={symmetric encryption method}
Mac={message authentication code}
{export flag}

10.0.0.94 (tcp/3389)


Here is the list of medium strength SSL ciphers supported by the remote server :

Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

DES-CBC3-SHA Kx=RSA Au=RSA Enc=3DES-CBC(168) Mac=SHA1

The fields above are :

{OpenSSL ciphername}
Kx={key exchange}
Au={authentication}
Enc={symmetric encryption method}
Mac={message authentication code}
{export flag}

10.0.0.112 (tcp/3389)


Here is the list of medium strength SSL ciphers supported by the remote server :

Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

DES-CBC3-SHA Kx=RSA Au=RSA Enc=3DES-CBC(168) Mac=SHA1

The fields above are :

{OpenSSL ciphername}
Kx={key exchange}
Au={authentication}
Enc={symmetric encryption method}
Mac={message authentication code}
{export flag}

10.0.0.133 (tcp/443)


Here is the list of medium strength SSL ciphers supported by the remote server :

Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

DES-CBC3-SHA Kx=RSA Au=RSA Enc=3DES-CBC(168) Mac=SHA1

The fields above are :

{OpenSSL ciphername}
Kx={key exchange}
Au={authentication}
Enc={symmetric encryption method}
Mac={message authentication code}
{export flag}

10.0.0.148 (tcp/3389)


Here is the list of medium strength SSL ciphers supported by the remote server :

Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

DES-CBC3-SHA Kx=RSA Au=RSA Enc=3DES-CBC(168) Mac=SHA1

The fields above are :

{OpenSSL ciphername}
Kx={key exchange}
Au={authentication}
Enc={symmetric encryption method}
Mac={message authentication code}
{export flag}

10.0.0.158 (tcp/25)


Here is the list of medium strength SSL ciphers supported by the remote server :

Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

DES-CBC3-SHA Kx=RSA Au=RSA Enc=3DES-CBC(168) Mac=SHA1

The fields above are :

{OpenSSL ciphername}
Kx={key exchange}
Au={authentication}
Enc={symmetric encryption method}
Mac={message authentication code}
{export flag}

10.0.0.158 (tcp/443)


Here is the list of medium strength SSL ciphers supported by the remote server :

Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

DES-CBC3-SHA Kx=RSA Au=RSA Enc=3DES-CBC(168) Mac=SHA1

The fields above are :

{OpenSSL ciphername}
Kx={key exchange}
Au={authentication}
Enc={symmetric encryption method}
Mac={message authentication code}
{export flag}

10.0.0.158 (tcp/3389)


Here is the list of medium strength SSL ciphers supported by the remote server :

Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

DES-CBC3-SHA Kx=RSA Au=RSA Enc=3DES-CBC(168) Mac=SHA1

The fields above are :

{OpenSSL ciphername}
Kx={key exchange}
Au={authentication}
Enc={symmetric encryption method}
Mac={message authentication code}
{export flag}

10.0.0.158 (tcp/48000)


Here is the list of medium strength SSL ciphers supported by the remote server :

Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

DES-CBC3-SHA Kx=RSA Au=RSA Enc=3DES-CBC(168) Mac=SHA1

The fields above are :

{OpenSSL ciphername}
Kx={key exchange}
Au={authentication}
Enc={symmetric encryption method}
Mac={message authentication code}
{export flag}

10.0.0.158 (tcp/48001)


Here is the list of medium strength SSL ciphers supported by the remote server :

Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

DES-CBC3-SHA Kx=RSA Au=RSA Enc=3DES-CBC(168) Mac=SHA1

The fields above are :

{OpenSSL ciphername}
Kx={key exchange}
Au={authentication}
Enc={symmetric encryption method}
Mac={message authentication code}
{export flag}
57582 (24) - SSL Self-Signed Certificate
Synopsis
The SSL certificate chain for this service ends in an unrecognized self-signed certificate.
Description
The X.509 certificate chain for this service is not signed by a recognized certificate authority. If the remote host is a public host in production, this nullifies the use of SSL as anyone could establish a man-in-the-middle attack against the remote host.

Note that this plugin does not check for certificate chains that end in a certificate that is not self-signed, but is signed by an unrecognized certificate authority.
Solution
Purchase or generate a proper certificate for this service.
Risk Factor
Medium
CVSS Base Score
6.4 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N)
Plugin Information:
Published: 2012/01/17, Modified: 2016/12/14
Plugin Output

10.0.0.8 (tcp/1433)


The following certificate was found at the top of the certificate
chain sent by the remote host, but is self-signed and was not
found in the list of known certificate authorities :

|-Subject : CN=SSL_Self_Signed_Fallback

10.0.0.8 (tcp/3389)


The following certificate was found at the top of the certificate
chain sent by the remote host, but is self-signed and was not
found in the list of known certificate authorities :

|-Subject : CN=427576-DB2-NEW.demo.org

10.0.0.14 (tcp/3389)


The following certificate was found at the top of the certificate
chain sent by the remote host, but is self-signed and was not
found in the list of known certificate authorities :

|-Subject : CN=queen.demo.org

10.0.0.21 (tcp/443)


The following certificate was found at the top of the certificate
chain sent by the remote host, but is self-signed and was not
found in the list of known certificate authorities :

|-Subject : CN=427580-ts.demo.org

10.0.0.21 (tcp/3389)


The following certificate was found at the top of the certificate
chain sent by the remote host, but is self-signed and was not
found in the list of known certificate authorities :

|-Subject : CN=dynamics-ts.demo.org

10.0.0.22 (tcp/3389)


The following certificate was found at the top of the certificate
chain sent by the remote host, but is self-signed and was not
found in the list of known certificate authorities :

|-Subject : CN=dynamics-app.demo.org

10.0.0.22 (tcp/48000)


The following certificate was found at the top of the certificate
chain sent by the remote host, but is self-signed and was not
found in the list of known certificate authorities :

|-Subject : ST=/Rackspace/ordhub01/911751-427578/O=Rackspace/OU=ordhub01/OU=911751-427578/CN=127.0.0.1

10.0.0.22 (tcp/48001)


The following certificate was found at the top of the certificate
chain sent by the remote host, but is self-signed and was not
found in the list of known certificate authorities :

|-Subject : ST=/n/a/n/a/n/a/O=n/a/OU=n/a/OU=n/a/CN=127.0.0.1

10.0.0.25 (tcp/443)


The following certificate was found at the top of the certificate
chain sent by the remote host, but is self-signed and was not
found in the list of known certificate authorities :

|-Subject : CN=demoSFDC01.demo.org

10.0.0.25 (tcp/636)


The following certificate was found at the top of the certificate
chain sent by the remote host, but is self-signed and was not
found in the list of known certificate authorities :

|-Subject : CN=demoSFDC01.demo.org

10.0.0.25 (tcp/3269)


The following certificate was found at the top of the certificate
chain sent by the remote host, but is self-signed and was not
found in the list of known certificate authorities :

|-Subject : CN=demoSFDC01.demo.org

10.0.0.25 (tcp/3389)


The following certificate was found at the top of the certificate
chain sent by the remote host, but is self-signed and was not
found in the list of known certificate authorities :

|-Subject : CN=demoSFDC01.demo.org

10.0.0.27 (tcp/3389)


The following certificate was found at the top of the certificate
chain sent by the remote host, but is self-signed and was not
found in the list of known certificate authorities :

|-Subject : CN=demosfdc02.demo.org

10.0.0.43 (tcp/443)


The following certificate was found at the top of the certificate
chain sent by the remote host, but is self-signed and was not
found in the list of known certificate authorities :

|-Subject : C=US/ST=TX/L=Houston/O=Hewlett-Packard Company/OU=ISS/CN=iLO3 Default Issuer (Do not trust)

10.0.0.45 (tcp/443)


The following certificate was found at the top of the certificate
chain sent by the remote host, but is self-signed and was not
found in the list of known certificate authorities :

|-Subject : C=US/ST=TX/L=Houston/O=Hewlett-Packard Company/OU=ISS/CN=iLO3 Default Issuer (Do not trust)

10.0.0.64 (tcp/3389)


The following certificate was found at the top of the certificate
chain sent by the remote host, but is self-signed and was not
found in the list of known certificate authorities :

|-Subject : CN=SF-GXK9JS1.demo.org

10.0.0.64 (tcp/49570)


The following certificate was found at the top of the certificate
chain sent by the remote host, but is self-signed and was not
found in the list of known certificate authorities :

|-Subject : CN=SSL_Self_Signed_Fallback

10.0.0.94 (tcp/3389)


The following certificate was found at the top of the certificate
chain sent by the remote host, but is self-signed and was not
found in the list of known certificate authorities :

|-Subject : CN=demoFILER.demo.org

10.0.0.112 (tcp/3389)


The following certificate was found at the top of the certificate
chain sent by the remote host, but is self-signed and was not
found in the list of known certificate authorities :

|-Subject : CN=demoPRINT.demo.org

10.0.0.133 (tcp/443)


The following certificate was found at the top of the certificate
chain sent by the remote host, but is self-signed and was not
found in the list of known certificate authorities :

|-Subject : C=US/CN=nas-E6-DA-DE.local

10.0.0.148 (tcp/3389)


The following certificate was found at the top of the certificate
chain sent by the remote host, but is self-signed and was not
found in the list of known certificate authorities :

|-Subject : CN=demoSFVeeam

10.0.0.158 (tcp/3389)


The following certificate was found at the top of the certificate
chain sent by the remote host, but is self-signed and was not
found in the list of known certificate authorities :

|-Subject : CN=NEW427581-SPWFE.demo.org

10.0.0.158 (tcp/48000)


The following certificate was found at the top of the certificate
chain sent by the remote host, but is self-signed and was not
found in the list of known certificate authorities :

|-Subject : ST=/Rackspace/ordhub01/911751-427581/O=Rackspace/OU=ordhub01/OU=911751-427581/CN=127.0.0.1

10.0.0.158 (tcp/48001)


The following certificate was found at the top of the certificate
chain sent by the remote host, but is self-signed and was not
found in the list of known certificate authorities :

|-Subject : ST=/n/a/n/a/n/a/O=n/a/OU=n/a/OU=n/a/CN=127.0.0.1
20007 (23) - SSL Version 2 and 3 Protocol Detection
Synopsis
The remote service encrypts traffic using a protocol with known weaknesses.
Description
The remote service accepts connections encrypted using SSL 2.0 and/or SSL 3.0. These versions of SSL are affected by several cryptographic flaws, including:

- An insecure padding scheme with CBC ciphers.

- Insecure session renegotiation and resumption schemes.

An attacker can exploit these flaws to conduct man-in-the-middle attacks or to decrypt communications between the affected service and clients.

Although SSL/TLS has a secure means for choosing the highest supported version of the protocol (so that these versions will be used only if the client or server support nothing better), many web browsers implement this in an unsafe way that allows an attacker to downgrade a connection (such as in POODLE). Therefore, it is recommended that these protocols be disabled entirely.

NIST has determined that SSL 3.0 is no longer acceptable for secure communications. As of the date of enforcement found in PCI DSS v3.1, any version of SSL will not meet the PCI SSC's definition of 'strong cryptography'.
See Also
Solution
Consult the application's documentation to disable SSL 2.0 and 3.0.
Use TLS 1.1 (with approved cipher suites) or higher instead.
Risk Factor
Medium
CVSS v3.0 Base Score
7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
CVSS Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)
Plugin Information:
Published: 2005/10/12, Modified: 2017/07/11
Plugin Output

10.0.0.8 (tcp/1433)


- SSLv3 is enabled and the server supports at least one cipher.

10.0.0.21 (tcp/443)


- SSLv3 is enabled and the server supports at least one cipher.

10.0.0.22 (tcp/48000)


- SSLv3 is enabled and the server supports at least one cipher.

10.0.0.22 (tcp/48001)


- SSLv3 is enabled and the server supports at least one cipher.

10.0.0.25 (tcp/443)


- SSLv3 is enabled and the server supports at least one cipher.

10.0.0.25 (tcp/636)


- SSLv3 is enabled and the server supports at least one cipher.

10.0.0.25 (tcp/3269)


- SSLv3 is enabled and the server supports at least one cipher.

10.0.0.27 (tcp/636)


- SSLv3 is enabled and the server supports at least one cipher.

10.0.0.27 (tcp/3269)


- SSLv3 is enabled and the server supports at least one cipher.

10.0.0.43 (tcp/443)


- SSLv3 is enabled and the server supports at least one cipher.

10.0.0.44 (tcp/443)


- SSLv3 is enabled and the server supports at least one cipher.

10.0.0.44 (tcp/5989)


- SSLv3 is enabled and the server supports at least one cipher.

10.0.0.45 (tcp/443)


- SSLv3 is enabled and the server supports at least one cipher.

10.0.0.46 (tcp/443)


- SSLv3 is enabled and the server supports at least one cipher.

10.0.0.46 (tcp/5989)


- SSLv3 is enabled and the server supports at least one cipher.

10.0.0.47 (tcp/1514)


- SSLv3 is enabled and the server supports at least one cipher.

10.0.0.47 (tcp/8191)


- SSLv3 is enabled and the server supports at least one cipher.

10.0.0.64 (tcp/49570)


- SSLv3 is enabled and the server supports at least one cipher.

10.0.0.94 (tcp/443)


- SSLv3 is enabled and the server supports at least one cipher.

10.0.0.158 (tcp/25)


- SSLv3 is enabled and the server supports at least one cipher.

10.0.0.158 (tcp/443)


- SSLv3 is enabled and the server supports at least one cipher.

10.0.0.158 (tcp/48000)


- SSLv3 is enabled and the server supports at least one cipher.

10.0.0.158 (tcp/48001)


- SSLv3 is enabled and the server supports at least one cipher.
78479 (23) - SSLv3 Padding Oracle On Downgraded Legacy Encryption Vulnerability (POODLE)
Synopsis
It is possible to obtain sensitive information from the remote host with SSL/TLS-enabled services.
Description
The remote host is affected by a man-in-the-middle (MitM) information disclosure vulnerability known as POODLE. The vulnerability is due to the way SSL 3.0 handles padding bytes when decrypting messages encrypted using block ciphers in cipher block chaining (CBC) mode.
MitM attackers can decrypt a selected byte of a cipher text in as few as 256 tries if they are able to force a victim application to repeatedly send the same data over newly created SSL 3.0 connections.

As long as a client and service both support SSLv3, a connection can be 'rolled back' to SSLv3, even if TLSv1 or newer is supported by the client and service.

The TLS Fallback SCSV mechanism prevents 'version rollback' attacks without impacting legacy clients; however, it can only protect connections when the client and service support the mechanism. Sites that cannot disable SSLv3 immediately should enable this mechanism.

This is a vulnerability in the SSLv3 specification, not in any particular SSL implementation. Disabling SSLv3 is the only way to completely mitigate the vulnerability.
See Also
Solution
Disable SSLv3.

Services that must support SSLv3 should enable the TLS Fallback SCSV mechanism until SSLv3 can be disabled.
Risk Factor
Medium
CVSS Base Score
4.3 (CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N)
CVSS Temporal Score
3.7 (CVSS2#E:ND/RL:OF/RC:C)
References
BID 70574
CVE CVE-2014-3566
XREF OSVDB:113251
XREF CERT:577193
Plugin Information:
Published: 2014/10/15, Modified: 2016/11/30
Plugin Output

10.0.0.8 (tcp/1433)


Nessus determined that the remote server supports SSLv3 with at least one CBC
cipher suite, indicating that this server is vulnerable.

It appears that TLSv1 or newer is supported on the server. However, the
Fallback SCSV mechanism is not supported, allowing connections to be "rolled
back" to SSLv3.

10.0.0.21 (tcp/443)


Nessus determined that the remote server supports SSLv3 with at least one CBC
cipher suite, indicating that this server is vulnerable.

It appears that TLSv1 or newer is supported on the server. However, the
Fallback SCSV mechanism is not supported, allowing connections to be "rolled
back" to SSLv3.

10.0.0.22 (tcp/48000)


Nessus determined that the remote server supports SSLv3 with at least one CBC
cipher suite, indicating that this server is vulnerable.

It appears that TLSv1 or newer is not supported on the server. Mitigating this
vulnerability requires SSLv3 to be disabled and TLSv1 or newer to be enabled.

10.0.0.22 (tcp/48001)


Nessus determined that the remote server supports SSLv3 with at least one CBC
cipher suite, indicating that this server is vulnerable.

It appears that TLSv1 or newer is not supported on the server. Mitigating this
vulnerability requires SSLv3 to be disabled and TLSv1 or newer to be enabled.

10.0.0.25 (tcp/443)


Nessus determined that the remote server supports SSLv3 with at least one CBC
cipher suite, indicating that this server is vulnerable.

It appears that TLSv1 or newer is supported on the server. However, the
Fallback SCSV mechanism is not supported, allowing connections to be "rolled
back" to SSLv3.

10.0.0.25 (tcp/636)


Nessus determined that the remote server supports SSLv3 with at least one CBC
cipher suite, indicating that this server is vulnerable.

It appears that TLSv1 or newer is supported on the server. However, the
Fallback SCSV mechanism is not supported, allowing connections to be "rolled
back" to SSLv3.

10.0.0.25 (tcp/3269)


Nessus determined that the remote server supports SSLv3 with at least one CBC
cipher suite, indicating that this server is vulnerable.

It appears that TLSv1 or newer is supported on the server. However, the
Fallback SCSV mechanism is not supported, allowing connections to be "rolled
back" to SSLv3.

10.0.0.27 (tcp/636)


Nessus determined that the remote server supports SSLv3 with at least one CBC
cipher suite, indicating that this server is vulnerable.

It appears that TLSv1 or newer is supported on the server. However, the
Fallback SCSV mechanism is not supported, allowing connections to be "rolled
back" to SSLv3.

10.0.0.27 (tcp/3269)


Nessus determined that the remote server supports SSLv3 with at least one CBC
cipher suite, indicating that this server is vulnerable.

It appears that TLSv1 or newer is supported on the server. However, the
Fallback SCSV mechanism is not supported, allowing connections to be "rolled
back" to SSLv3.

10.0.0.43 (tcp/443)


Nessus determined that the remote server supports SSLv3 with at least one CBC
cipher suite, indicating that this server is vulnerable.

It appears that TLSv1 or newer is supported on the server. However, the
Fallback SCSV mechanism is not supported, allowing connections to be "rolled
back" to SSLv3.

10.0.0.44 (tcp/443)


Nessus determined that the remote server supports SSLv3 with at least one CBC
cipher suite, indicating that this server is vulnerable.

It appears that TLSv1 or newer is supported on the server. However, the
Fallback SCSV mechanism is not supported, allowing connections to be "rolled
back" to SSLv3.

10.0.0.44 (tcp/5989)


Nessus determined that the remote server supports SSLv3 with at least one CBC
cipher suite, indicating that this server is vulnerable.

It appears that TLSv1 or newer is supported on the server. However, the
Fallback SCSV mechanism is not supported, allowing connections to be "rolled
back" to SSLv3.

10.0.0.45 (tcp/443)


Nessus determined that the remote server supports SSLv3 with at least one CBC
cipher suite, indicating that this server is vulnerable.

It appears that TLSv1 or newer is supported on the server. However, the
Fallback SCSV mechanism is not supported, allowing connections to be "rolled
back" to SSLv3.

10.0.0.46 (tcp/443)


Nessus determined that the remote server supports SSLv3 with at least one CBC
cipher suite, indicating that this server is vulnerable.

It appears that TLSv1 or newer is supported on the server. However, the
Fallback SCSV mechanism is not supported, allowing connections to be "rolled
back" to SSLv3.

10.0.0.46 (tcp/5989)


Nessus determined that the remote server supports SSLv3 with at least one CBC
cipher suite, indicating that this server is vulnerable.

It appears that TLSv1 or newer is supported on the server. However, the
Fallback SCSV mechanism is not supported, allowing connections to be "rolled
back" to SSLv3.

10.0.0.47 (tcp/1514)


Nessus determined that the remote server supports SSLv3 with at least one CBC
cipher suite, indicating that this server is vulnerable.

It appears that TLSv1 or newer is supported on the server. However, the
Fallback SCSV mechanism is not supported, allowing connections to be "rolled
back" to SSLv3.

10.0.0.47 (tcp/8191)


Nessus determined that the remote server supports SSLv3 with at least one CBC
cipher suite, indicating that this server is vulnerable.

It appears that TLSv1 or newer is supported on the server. However, the
Fallback SCSV mechanism is not supported, allowing connections to be "rolled
back" to SSLv3.

10.0.0.64 (tcp/49570)


Nessus determined that the remote server supports SSLv3 with at least one CBC
cipher suite, indicating that this server is vulnerable.

It appears that TLSv1 or newer is supported on the server. However, the
Fallback SCSV mechanism is not supported, allowing connections to be "rolled
back" to SSLv3.

10.0.0.94 (tcp/443)


Nessus determined that the remote server supports SSLv3 with at least one CBC
cipher suite, indicating that this server is vulnerable.

It appears that TLSv1 or newer is supported on the server. However, the
Fallback SCSV mechanism is not supported, allowing connections to be "rolled
back" to SSLv3.

10.0.0.158 (tcp/25)


Nessus determined that the remote server supports SSLv3 with at least one CBC
cipher suite, indicating that this server is vulnerable.

It appears that TLSv1 or newer is supported on the server. However, the
Fallback SCSV mechanism is not supported, allowing connections to be "rolled
back" to SSLv3.

10.0.0.158 (tcp/443)


Nessus determined that the remote server supports SSLv3 with at least one CBC
cipher suite, indicating that this server is vulnerable.

It appears that TLSv1 or newer is supported on the server. However, the
Fallback SCSV mechanism is not supported, allowing connections to be "rolled
back" to SSLv3.

10.0.0.158 (tcp/48000)


Nessus determined that the remote server supports SSLv3 with at least one CBC
cipher suite, indicating that this server is vulnerable.

It appears that TLSv1 or newer is not supported on the server. Mitigating this
vulnerability requires SSLv3 to be disabled and TLSv1 or newer to be enabled.

10.0.0.158 (tcp/48001)


Nessus determined that the remote server supports SSLv3 with at least one CBC
cipher suite, indicating that this server is vulnerable.

It appears that TLSv1 or newer is not supported on the server. Mitigating this
vulnerability requires SSLv3 to be disabled and TLSv1 or newer to be enabled.
35291 (18) - SSL Certificate Signed Using Weak Hashing Algorithm
Synopsis
An SSL certificate in the certificate chain has been signed using a weak hash algorithm.
Description
The remote service uses an SSL certificate chain that has been signed using a cryptographically weak hashing algorithm (e.g. MD2, MD4, MD5, or SHA1). These signature algorithms are known to be vulnerable to collision attacks. An attacker can exploit this to generate another certificate with the same digital signature, allowing an attacker to masquerade as the affected service.

Note that this plugin reports all SSL certificate chains signed with SHA-1 that expire after January 1, 2017 as vulnerable. This is in accordance with Google's gradual sunsetting of the SHA-1 cryptographic hash algorithm.

Note that certificates in the chain that are contained in the Nessus CA database (known_CA.inc) have been ignored.
See Also
Solution
Contact the Certificate Authority to have the certificate reissued.
Risk Factor
Medium
CVSS Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)
CVSS Temporal Score
4.3 (CVSS2#E:ND/RL:OF/RC:C)
References
BID 11849
BID 33065
CVE CVE-2004-2761
XREF OSVDB:45106
XREF OSVDB:45108
XREF OSVDB:45127
XREF CERT:836068
XREF CWE:310
Plugin Information:
Published: 2009/01/05, Modified: 2018/02/20
Plugin Output

10.0.0.8 (tcp/1433)


The following certificates were part of the certificate chain sent by
the remote host, but contain hashes that are considered to be weak.

|-Subject : CN=SSL_Self_Signed_Fallback
|-Signature Algorithm : SHA-1 With RSA Encryption
|-Valid From : Jan 07 04:47:27 2018 GMT
|-Valid To : Jan 07 04:47:27 2048 GMT

10.0.0.8 (tcp/3389)


The following certificates were part of the certificate chain sent by
the remote host, but contain hashes that are considered to be weak.

|-Subject : CN=427576-DB2-NEW.demo.org
|-Signature Algorithm : SHA-1 With RSA Encryption
|-Valid From : Jan 16 04:48:12 2018 GMT
|-Valid To : Jul 18 04:48:12 2018 GMT

10.0.0.14 (tcp/3389)


The following certificates were part of the certificate chain sent by
the remote host, but contain hashes that are considered to be weak.

|-Subject : CN=queen.demo.org
|-Signature Algorithm : SHA-1 With RSA Encryption
|-Valid From : Apr 02 11:54:47 2018 GMT
|-Valid To : Oct 02 11:54:47 2018 GMT

10.0.0.21 (tcp/3389)


The following certificates were part of the certificate chain sent by
the remote host, but contain hashes that are considered to be weak.

|-Subject : CN=dynamics-ts.demo.org
|-Signature Algorithm : SHA-1 With RSA Encryption
|-Valid From : Apr 11 10:27:16 2018 GMT
|-Valid To : Oct 11 10:27:16 2018 GMT

10.0.0.22 (tcp/3389)


The following certificates were part of the certificate chain sent by
the remote host, but contain hashes that are considered to be weak.

|-Subject : CN=dynamics-app.demo.org
|-Signature Algorithm : SHA-1 With RSA Encryption
|-Valid From : Apr 11 22:13:58 2018 GMT
|-Valid To : Oct 11 22:13:58 2018 GMT

10.0.0.22 (tcp/48000)


The following certificates were part of the certificate chain sent by
the remote host, but contain hashes that are considered to be weak.

|-Subject : ST=/Rackspace/ordhub01/911751-427578/O=Rackspace/OU=ordhub01/OU=911751-427578/CN=127.0.0.1
|-Signature Algorithm : SHA-1 With RSA Encryption
|-Valid From : Apr 10 10:13:47 2018 GMT
|-Valid To : Apr 11 10:13:47 2019 GMT

10.0.0.22 (tcp/48001)


The following certificates were part of the certificate chain sent by
the remote host, but contain hashes that are considered to be weak.

|-Subject : ST=/n/a/n/a/n/a/O=n/a/OU=n/a/OU=n/a/CN=127.0.0.1
|-Signature Algorithm : SHA-1 With RSA Encryption
|-Valid From : Apr 10 10:30:22 2018 GMT
|-Valid To : Apr 11 10:30:22 2019 GMT

10.0.0.25 (tcp/3389)


The following certificates were part of the certificate chain sent by
the remote host, but contain hashes that are considered to be weak.

|-Subject : CN=demoSFDC01.demo.org
|-Signature Algorithm : SHA-1 With RSA Encryption
|-Valid From : Mar 21 22:02:50 2018 GMT
|-Valid To : Sep 20 22:02:50 2018 GMT

10.0.0.27 (tcp/3389)


The following certificates were part of the certificate chain sent by
the remote host, but contain hashes that are considered to be weak.

|-Subject : CN=demosfdc02.demo.org
|-Signature Algorithm : SHA-1 With RSA Encryption
|-Valid From : Mar 28 10:01:59 2018 GMT
|-Valid To : Sep 27 10:01:59 2018 GMT

10.0.0.43 (tcp/443)


The following certificates were part of the certificate chain sent by
the remote host, but contain hashes that are considered to be weak.

|-Subject : CN=ILOMXQ0420GGM.demo.org/OU=ISS/O=Hewlett-Packard Company/L=Houston/ST=Texas/C=US
|-Signature Algorithm : SHA-1 With RSA Encryption
|-Valid From : Jan 24 11:47:56 2011 GMT
|-Valid To : Jan 25 12:47:56 2036 GMT

|-Subject : C=US/ST=TX/L=Houston/O=Hewlett-Packard Company/OU=ISS/CN=iLO3 Default Issuer (Do not trust)
|-Signature Algorithm : SHA-1 With RSA Encryption
|-Valid From : Nov 17 22:59:12 2008 GMT
|-Valid To : Nov 15 22:59:12 2018 GMT

10.0.0.45 (tcp/443)


The following certificates were part of the certificate chain sent by
the remote host, but contain hashes that are considered to be weak.

|-Subject : CN=ILOMXQ0420GJ1.demo.org/OU=ISS/O=Hewlett-Packard Company/L=Houston/ST=Texas/C=US
|-Signature Algorithm : SHA-1 With RSA Encryption
|-Valid From : Jul 24 23:00:00 2010 GMT
|-Valid To : Jul 26 00:00:00 2035 GMT

|-Subject : C=US/ST=TX/L=Houston/O=Hewlett-Packard Company/OU=ISS/CN=iLO3 Default Issuer (Do not trust)
|-Signature Algorithm : SHA-1 With RSA Encryption
|-Valid From : Nov 17 22:59:12 2008 GMT
|-Valid To : Nov 15 22:59:12 2018 GMT

10.0.0.64 (tcp/3389)


The following certificates were part of the certificate chain sent by
the remote host, but contain hashes that are considered to be weak.

|-Subject : CN=SF-GXK9JS1.demo.org
|-Signature Algorithm : SHA-1 With RSA Encryption
|-Valid From : Dec 21 22:22:49 2017 GMT
|-Valid To : Jun 22 22:22:49 2018 GMT

10.0.0.64 (tcp/49570)


The following certificates were part of the certificate chain sent by
the remote host, but contain hashes that are considered to be weak.

|-Subject : CN=SSL_Self_Signed_Fallback
|-Signature Algorithm : SHA-1 With RSA Encryption
|-Valid From : Jan 19 01:02:38 2018 GMT
|-Valid To : Jan 19 01:02:38 2048 GMT

10.0.0.94 (tcp/3389)


The following certificates were part of the certificate chain sent by
the remote host, but contain hashes that are considered to be weak.

|-Subject : CN=demoFILER.demo.org
|-Signature Algorithm : SHA-1 With RSA Encryption
|-Valid From : Feb 27 19:35:03 2018 GMT
|-Valid To : Aug 29 19:35:03 2018 GMT

10.0.0.112 (tcp/3389)


The following certificates were part of the certificate chain sent by
the remote host, but contain hashes that are considered to be weak.

|-Subject : CN=demoPRINT.demo.org
|-Signature Algorithm : SHA-1 With RSA Encryption
|-Valid From : Jan 05 20:00:43 2018 GMT
|-Valid To : Jul 07 20:00:43 2018 GMT

10.0.0.158 (tcp/3389)


The following certificates were part of the certificate chain sent by
the remote host, but contain hashes that are considered to be weak.

|-Subject : CN=NEW427581-SPWFE.demo.org
|-Signature Algorithm : SHA-1 With RSA Encryption
|-Valid From : Mar 04 20:02:55 2018 GMT
|-Valid To : Sep 03 20:02:55 2018 GMT

10.0.0.158 (tcp/48000)


The following certificates were part of the certificate chain sent by
the remote host, but contain hashes that are considered to be weak.

|-Subject : ST=/Rackspace/ordhub01/911751-427581/O=Rackspace/OU=ordhub01/OU=911751-427581/CN=127.0.0.1
|-Signature Algorithm : SHA-1 With RSA Encryption
|-Valid From : Nov 06 02:46:35 2017 GMT
|-Valid To : Nov 07 02:46:35 2018 GMT

10.0.0.158 (tcp/48001)


The following certificates were part of the certificate chain sent by
the remote host, but contain hashes that are considered to be weak.

|-Subject : ST=/n/a/n/a/n/a/O=n/a/OU=n/a/OU=n/a/CN=127.0.0.1
|-Signature Algorithm : SHA-1 With RSA Encryption
|-Valid From : Nov 06 03:03:18 2017 GMT
|-Valid To : Nov 07 03:03:18 2018 GMT
45411 (10) - SSL Certificate with Wrong Hostname
Synopsis
The SSL certificate for this service is for a different host.
Description
The 'commonName' (CN) attribute of the SSL certificate presented for this service is for a different machine.
Solution
Purchase or generate a proper certificate for this service.
Risk Factor
Medium
CVSS v3.0 Base Score
5.3 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
CVSS Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)
Plugin Information:
Published: 2010/04/03, Modified: 2017/06/05
Plugin Output

10.0.0.14 (tcp/3389)


The identities known by Nessus are :

10.0.0.14
fe80::a54d:c849:f133:6cb7
10.0.0.14

The Common Name in the certificate is :

queen.demo.org

10.0.0.64 (tcp/3389)


The identities known by Nessus are :

10.0.0.64
fe80::74c9:6af4:1882:8b05
10.0.0.64

The Common Name in the certificate is :

SF-GXK9JS1.demo.org

10.0.0.64 (tcp/49570)


The identities known by Nessus are :

10.0.0.64
fe80::74c9:6af4:1882:8b05
10.0.0.64

The Common Name in the certificate is :

SSL_Self_Signed_Fallback

10.0.0.112 (tcp/3389)


The identities known by Nessus are :

10.0.0.112
10.0.0.112

The Common Name in the certificate is :

demoPRINT.demo.org

10.0.0.133 (tcp/443)


The identities known by Nessus are :

10.0.0.133
10.0.0.133

The Common Name in the certificate is :

nas-E6-DA-DE.local

10.0.0.158 (tcp/25)


The identities known by Nessus are :

10.0.0.158
10.0.0.158

The Common Name in the certificate is :

*.demo.org

The Subject Alternate Names in the certificate are :

*.demo.org
demo.org

10.0.0.158 (tcp/443)


The identities known by Nessus are :

10.0.0.158
10.0.0.158

The Common Name in the certificate is :

*.demo.org

The Subject Alternate Names in the certificate are :

*.demo.org
demo.org

10.0.0.158 (tcp/3389)


The identities known by Nessus are :

10.0.0.158
10.0.0.158

The Common Name in the certificate is :

NEW427581-SPWFE.demo.org

10.0.0.158 (tcp/48000)


The identities known by Nessus are :

10.0.0.158
10.0.0.158

The Common Name in the certificate is :

127.0.0.1

10.0.0.158 (tcp/48001)


The identities known by Nessus are :

10.0.0.158
10.0.0.158

The Common Name in the certificate is :

127.0.0.1
15901 (9) - SSL Certificate Expiry
Synopsis
The remote server's SSL certificate has already expired.
Description
This plugin checks expiry dates of certificates associated with SSL- enabled services on the target and reports whether any have already expired.
Solution
Purchase or generate a new SSL certificate to replace the existing one.
Risk Factor
Medium
CVSS Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)
Plugin Information:
Published: 2004/12/03, Modified: 2016/01/08
Plugin Output

10.0.0.21 (tcp/443)


The SSL certificate has already expired :

Subject : CN=427580-ts.demo.org
Issuer : CN=427580-ts.demo.org
Not valid before : Jul 9 15:15:59 2012 GMT
Not valid after : Jan 8 15:15:59 2013 GMT

10.0.0.25 (tcp/443)


The SSL certificate has already expired :

Subject : CN=demoSFDC01.demo.org
Issuer : CN=demoSFDC01.demo.org
Not valid before : Apr 5 20:02:05 2011 GMT
Not valid after : Apr 5 00:00:00 2012 GMT

10.0.0.25 (tcp/636)


The SSL certificate has already expired :

Subject : CN=demoSFDC01.demo.org
Issuer : CN=demoSFDC01.demo.org
Not valid before : Apr 5 20:02:05 2011 GMT
Not valid after : Apr 5 00:00:00 2012 GMT

10.0.0.25 (tcp/3269)


The SSL certificate has already expired :

Subject : CN=demoSFDC01.demo.org
Issuer : CN=demoSFDC01.demo.org
Not valid before : Apr 5 20:02:05 2011 GMT
Not valid after : Apr 5 00:00:00 2012 GMT

10.0.0.27 (tcp/636)


The SSL certificate has already expired :

Subject : CN=demoSFDC02.demo.org
Issuer : CN=demo-demoSFDC01-CA
Not valid before : Mar 22 16:24:36 2016 GMT
Not valid after : Mar 22 20:54:12 2016 GMT

10.0.0.27 (tcp/3269)


The SSL certificate has already expired :

Subject : CN=demoSFDC02.demo.org
Issuer : CN=demo-demoSFDC01-CA
Not valid before : Mar 22 16:24:36 2016 GMT
Not valid after : Mar 22 20:54:12 2016 GMT

10.0.0.94 (tcp/443)


The SSL certificate has already expired :

Subject : O=*.demo.org, OU=Domain Control Validated, CN=*.demo.org
Issuer : C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., OU=http://certificates.godaddy.com/repository, CN=Go Daddy Secure Certification Authority
Not valid before : Oct 2 17:46:44 2012 GMT
Not valid after : Oct 2 17:46:44 2013 GMT

10.0.0.158 (tcp/25)


The SSL certificate has already expired :

Subject : OU=Domain Control Validated, CN=*.demo.org
Issuer : C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., OU=http://certs.godaddy.com/repository/, CN=Go Daddy Secure Certificate Authority - G2
Not valid before : Oct 2 18:54:38 2015 GMT
Not valid after : Oct 2 18:54:38 2017 GMT

10.0.0.158 (tcp/443)


The SSL certificate has already expired :

Subject : OU=Domain Control Validated, CN=*.demo.org
Issuer : C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., OU=http://certs.godaddy.com/repository/, CN=Go Daddy Secure Certificate Authority - G2
Not valid before : Oct 2 18:54:38 2015 GMT
Not valid after : Oct 2 18:54:38 2017 GMT
58453 (9) - Terminal Services Doesn't Use Network Level Authentication (NLA) Only
Synopsis
The remote Terminal Services doesn't use Network Level Authentication only.
Description
The remote Terminal Services is not configured to use Network Level Authentication (NLA) only. NLA uses the Credential Security Support Provider (CredSSP) protocol to perform strong server authentication either through TLS/SSL or Kerberos mechanisms, which protect against man-in-the-middle attacks. In addition to improving authentication, NLA also helps protect the remote computer from malicious users and software by completing user authentication before a full RDP connection is established.
See Also
Solution
Enable Network Level Authentication (NLA) on the remote RDP server. This is generally done on the 'Remote' tab of the 'System' settings on Windows.
Risk Factor
Medium
CVSS Base Score
4.3 (CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N)
Plugin Information:
Published: 2012/03/23, Modified: 2018/04/18
Plugin Output

10.0.0.8 (tcp/3389)

Nessus was able to negotiate non-NLA (Network Level Authentication) security.

10.0.0.14 (tcp/3389)

Nessus was able to negotiate non-NLA (Network Level Authentication) security.

10.0.0.21 (tcp/3389)

Nessus was able to negotiate non-NLA (Network Level Authentication) security.

10.0.0.22 (tcp/3389)

Nessus was able to negotiate non-NLA (Network Level Authentication) security.

10.0.0.25 (tcp/3389)

Nessus was able to negotiate non-NLA (Network Level Authentication) security.

10.0.0.27 (tcp/3389)

Nessus was able to negotiate non-NLA (Network Level Authentication) security.

10.0.0.64 (tcp/3389)

Nessus was able to negotiate non-NLA (Network Level Authentication) security.

10.0.0.94 (tcp/3389)

Nessus was able to negotiate non-NLA (Network Level Authentication) security.

10.0.0.112 (tcp/3389)

Nessus was able to negotiate non-NLA (Network Level Authentication) security.
18405 (8) - Microsoft Windows Remote Desktop Protocol Server Man-in-the-Middle Weakness
Synopsis
It may be possible to get access to the remote host.
Description
The remote version of the Remote Desktop Protocol Server (Terminal Service) is vulnerable to a man-in-the-middle (MiTM) attack. The RDP client makes no effort to validate the identity of the server when setting up encryption. An attacker with the ability to intercept traffic from the RDP server can establish encryption with the client and server without being detected. A MiTM attack of this nature would allow the attacker to obtain any sensitive information transmitted, including authentication credentials.

This flaw exists because the RDP server stores a hard-coded RSA private key in the mstlsapi.dll library. Any local user with access to this file (on any Windows system) can retrieve the key and use it for this attack.
See Also
Solution
- Force the use of SSL as a transport layer for this service if supported, or/and

- Select the 'Allow connections only from computers running Remote Desktop with Network Level Authentication' setting if it is available.
Risk Factor
Medium
CVSS Base Score
5.1 (CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P)
CVSS Temporal Score
4.6 (CVSS2#E:F/RL:W/RC:ND)
References
BID 13818
CVE CVE-2005-1794
XREF OSVDB:17131
Plugin Information:
Published: 2005/06/01, Modified: 2016/11/23
Plugin Output

10.0.0.8 (tcp/3389)

10.0.0.14 (tcp/3389)

10.0.0.22 (tcp/3389)

10.0.0.25 (tcp/3389)

10.0.0.27 (tcp/3389)

10.0.0.64 (tcp/3389)

10.0.0.94 (tcp/3389)

10.0.0.112 (tcp/3389)

57690 (8) - Terminal Services Encryption Level is Medium or Low
Synopsis
The remote host is using weak cryptography.
Description
The remote Terminal Services service is not configured to use strong cryptography.

Using weak cryptography with this service may allow an attacker to eavesdrop on the communications more easily and obtain screenshots and/or keystrokes.
Solution
Change RDP encryption level to one of :

3. High

4. FIPS Compliant
Risk Factor
Medium
CVSS Base Score
4.3 (CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N)
Plugin Information:
Published: 2012/01/25, Modified: 2018/04/18
Plugin Output

10.0.0.8 (tcp/3389)


The terminal services encryption level is set to :

2. Medium

10.0.0.14 (tcp/3389)


The terminal services encryption level is set to :

2. Medium

10.0.0.22 (tcp/3389)


The terminal services encryption level is set to :

2. Medium

10.0.0.25 (tcp/3389)


The terminal services encryption level is set to :

2. Medium

10.0.0.27 (tcp/3389)


The terminal services encryption level is set to :

2. Medium

10.0.0.64 (tcp/3389)


The terminal services encryption level is set to :

2. Medium

10.0.0.94 (tcp/3389)


The terminal services encryption level is set to :

2. Medium

10.0.0.112 (tcp/3389)


The terminal services encryption level is set to :

2. Medium
12218 (5) - mDNS Detection (Remote Network)
Synopsis
It is possible to obtain information about the remote host.
Description
The remote service understands the Bonjour (also known as ZeroConf or mDNS) protocol, which allows anyone to uncover information from the remote host such as its operating system type and exact version, its hostname, and the list of services it is running.

This plugin attempts to discover mDNS used by hosts that are not on the network segment on which Nessus resides.
Solution
Filter incoming traffic to UDP port 5353, if desired.
Risk Factor
Medium
CVSS Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)
Plugin Information:
Published: 2004/04/28, Modified: 2013/05/31
Plugin Output

10.0.0.11 (udp/5353)

Nessus was able to extract the following information :

- mDNS hostname : ET0021B7442DE9.local.

10.0.0.12 (udp/5353)

Nessus was able to extract the following information :

- mDNS hostname : ET0021B75406D4.local.

10.0.0.17 (udp/5353)

Nessus was able to extract the following information :

- mDNS hostname : ET0021B7C4E9AE.local.

10.0.0.19 (udp/5353)

Nessus was able to extract the following information :

- mDNS hostname : ET0021B7C421B9.local.

10.0.0.133 (udp/5353)

Nessus was able to extract the following information :

- mDNS hostname : demoSFReadyNAS01.local.

- Advertised services :
o Service name : demoSFReadyNAS01._nut._tcp.local.
Port number : 3493
o Service name : ReadyNAS Administration on demoSFReadyNAS01._http._tcp.local.
Port number : 80
o Service name : demoSFReadyNAS01 (AFP)._afpovertcp._tcp.local.
Port number : 548
o Service name : demoSFReadyNAS01._smb._tcp.local.
Port number : 445
26928 (5) - SSL Weak Cipher Suites Supported
Synopsis
The remote service supports the use of weak SSL ciphers.
Description
The remote host supports the use of SSL ciphers that offer weak encryption.

Note: This is considerably easier to exploit if the attacker is on the same physical network.
See Also
Solution
Reconfigure the affected application, if possible to avoid the use of weak ciphers.
Risk Factor
Medium
CVSS v3.0 Base Score
5.3 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
CVSS Base Score
4.3 (CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N)
References
XREF CWE:326
XREF CWE:327
XREF CWE:720
XREF CWE:753
XREF CWE:803
XREF CWE:928
XREF CWE:934
Plugin Information:
Published: 2007/10/08, Modified: 2017/09/01
Plugin Output

10.0.0.22 (tcp/48001)


Here is the list of weak SSL ciphers supported by the remote server :

Low Strength Ciphers (<= 64-bit key)

DES-CBC-SHA Kx=RSA Au=RSA Enc=DES-CBC(56) Mac=SHA1

The fields above are :

{OpenSSL ciphername}
Kx={key exchange}
Au={authentication}
Enc={symmetric encryption method}
Mac={message authentication code}
{export flag}

10.0.0.43 (tcp/443)


Here is the list of weak SSL ciphers supported by the remote server :

Low Strength Ciphers (<= 64-bit key)

EXP-EDH-RSA-DES-CBC-SHA Kx=DH(512) Au=RSA Enc=DES-CBC(40) Mac=SHA1 export
EDH-RSA-DES-CBC-SHA Kx=DH Au=RSA Enc=DES-CBC(56) Mac=SHA1
EXP1024-DES-CBC-SHA Kx=RSA(1024) Au=RSA Enc=DES-CBC(56) Mac=SHA1 export
EXP1024-RC4-SHA Kx=RSA(1024) Au=RSA Enc=RC4(56) Mac=SHA1 export
EXP-DES-CBC-SHA Kx=RSA(512) Au=RSA Enc=DES-CBC(40) Mac=SHA1 export
EXP-RC4-MD5 Kx=RSA(512) Au=RSA Enc=RC4(40) Mac=MD5 export
DES-CBC-SHA Kx=RSA Au=RSA Enc=DES-CBC(56) Mac=SHA1

The fields above are :

{OpenSSL ciphername}
Kx={key exchange}
Au={authentication}
Enc={symmetric encryption method}
Mac={message authentication code}
{export flag}

10.0.0.45 (tcp/443)


Here is the list of weak SSL ciphers supported by the remote server :

Low Strength Ciphers (<= 64-bit key)

EXP-EDH-RSA-DES-CBC-SHA Kx=DH(512) Au=RSA Enc=DES-CBC(40) Mac=SHA1 export
EDH-RSA-DES-CBC-SHA Kx=DH Au=RSA Enc=DES-CBC(56) Mac=SHA1
EXP1024-DES-CBC-SHA Kx=RSA(1024) Au=RSA Enc=DES-CBC(56) Mac=SHA1 export
EXP1024-RC4-SHA Kx=RSA(1024) Au=RSA Enc=RC4(56) Mac=SHA1 export
EXP-DES-CBC-SHA Kx=RSA(512) Au=RSA Enc=DES-CBC(40) Mac=SHA1 export
EXP-RC4-MD5 Kx=RSA(512) Au=RSA Enc=RC4(40) Mac=MD5 export
DES-CBC-SHA Kx=RSA Au=RSA Enc=DES-CBC(56) Mac=SHA1

The fields above are :

{OpenSSL ciphername}
Kx={key exchange}
Au={authentication}
Enc={symmetric encryption method}
Mac={message authentication code}
{export flag}

10.0.0.158 (tcp/48000)


Here is the list of weak SSL ciphers supported by the remote server :

Low Strength Ciphers (<= 64-bit key)

DES-CBC-SHA Kx=RSA Au=RSA Enc=DES-CBC(56) Mac=SHA1

The fields above are :

{OpenSSL ciphername}
Kx={key exchange}
Au={authentication}
Enc={symmetric encryption method}
Mac={message authentication code}
{export flag}

10.0.0.158 (tcp/48001)


Here is the list of weak SSL ciphers supported by the remote server :

Low Strength Ciphers (<= 64-bit key)

DES-CBC-SHA Kx=RSA Au=RSA Enc=DES-CBC(56) Mac=SHA1

The fields above are :

{OpenSSL ciphername}
Kx={key exchange}
Au={authentication}
Enc={symmetric encryption method}
Mac={message authentication code}
{export flag}
57608 (4) - SMB Signing Disabled
Synopsis
Signing is not required on the remote SMB server.
Description
Signing is not required on the remote SMB server. An unauthenticated, remote attacker can exploit this to conduct man-in-the-middle attacks against the SMB server.
See Also
Solution
Enforce message signing in the host's configuration. On Windows, this is found in the policy setting 'Microsoft network server: Digitally sign communications (always)'. On Samba, the setting is called 'server signing'. See the 'see also' links for further details.
Risk Factor
Medium
CVSS Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)
CVSS Temporal Score
3.7 (CVSS2#E:U/RL:OF/RC:C)
Plugin Information:
Published: 2012/01/19, Modified: 2016/12/09
Plugin Output

10.0.0.14 (tcp/445)

10.0.0.64 (tcp/445)

10.0.0.133 (tcp/445)

10.0.0.148 (tcp/445)

90317 (4) - SSH Weak Algorithms Supported
Synopsis
The remote SSH server is configured to allow weak encryption algorithms or no algorithm at all.
Description
Nessus has detected that the remote SSH server is configured to use the Arcfour stream cipher or no cipher at all. RFC 4253 advises against using Arcfour due to an issue with weak keys.
See Also
Solution
Contact the vendor or consult product documentation to remove the weak ciphers.
Risk Factor
Medium
CVSS Base Score
4.3 (CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N)
Plugin Information:
Published: 2016/04/04, Modified: 2016/12/14
Plugin Output

10.0.0.110 (tcp/22)


The following weak server-to-client encryption algorithms are supported :

arcfour
arcfour128
arcfour256

The following weak client-to-server encryption algorithms are supported :

arcfour
arcfour128
arcfour256

10.0.0.111 (tcp/22)


The following weak server-to-client encryption algorithms are supported :

arcfour
arcfour128
arcfour256

The following weak client-to-server encryption algorithms are supported :

arcfour
arcfour128
arcfour256

10.0.0.169 (tcp/22)


The following weak server-to-client encryption algorithms are supported :

arcfour
arcfour128
arcfour256

The following weak client-to-server encryption algorithms are supported :

arcfour
arcfour128
arcfour256

10.0.0.201 (tcp/22)


The following weak server-to-client encryption algorithms are supported :

arcfour
arcfour128
arcfour256

The following weak client-to-server encryption algorithms are supported :

arcfour
arcfour128
arcfour256
76474 (3) - SNMP 'GETBULK' Reflection DDoS
Synopsis
The remote SNMP daemon is affected by a vulnerability that allows a reflected distributed denial of service attack.
Description
The remote SNMP daemon is responding with a large amount of data to a 'GETBULK' request with a larger than normal value for 'max-repetitions'. A remote attacker can use this SNMP server to conduct a reflected distributed denial of service attack on an arbitrary remote host.
See Also
Solution
Disable the SNMP service on the remote host if you do not use it.
Otherwise, restrict and monitor access to this service, and consider changing the default 'public' community string.
Risk Factor
Medium
CVSS Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVSS Temporal Score
4.8 (CVSS2#E:F/RL:U/RC:ND)
References
XREF OSVDB:125796
Plugin Information:
Published: 2014/07/11, Modified: 2015/09/24
Plugin Output

10.0.0.87 (udp/161)


Nessus was able to determine the SNMP service can be abused in an SNMP
Reflection DDoS attack :

Request size (bytes) : 42
Response size (bytes) : 2032

10.0.0.248 (udp/161)


Nessus was able to determine the SNMP service can be abused in an SNMP
Reflection DDoS attack :

Request size (bytes) : 42
Response size (bytes) : 1277

10.0.0.249 (udp/161)


Nessus was able to determine the SNMP service can be abused in an SNMP
Reflection DDoS attack :

Request size (bytes) : 42
Response size (bytes) : 1276
12217 (2) - DNS Server Cache Snooping Remote Information Disclosure
Synopsis
The remote DNS server is vulnerable to cache snooping attacks.
Description
The remote DNS server responds to queries for third-party domains that do not have the recursion bit set.

This may allow a remote attacker to determine which domains have recently been resolved via this name server, and therefore which hosts have been recently visited.

For instance, if an attacker was interested in whether your company utilizes the online services of a particular financial institution, they would be able to use this attack to build a statistical model regarding company usage of that financial institution. Of course, the attack can also be used to find B2B partners, web-surfing patterns, external mail servers, and more.

Note: If this is an internal DNS server not accessible to outside networks, attacks would be limited to the internal network. This may include employees, consultants and potentially users on a guest network or WiFi connection if supported.
See Also
Solution
Contact the vendor of the DNS software for a fix.
Risk Factor
Medium
CVSS Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)
Plugin Information:
Published: 2004/04/27, Modified: 2016/12/06
Plugin Output

10.0.0.25 (udp/53)


Nessus sent a non-recursive query for example.edu
and received 1 answer :

93.184.216.34

10.0.0.27 (udp/53)


Nessus sent a non-recursive query for example.edu
and received 1 answer :

93.184.216.34
42263 (2) - Unencrypted Telnet Server
Synopsis
The remote Telnet server transmits traffic in cleartext.
Description
The remote host is running a Telnet server over an unencrypted channel.

Using Telnet over an unencrypted channel is not recommended as logins, passwords, and commands are transferred in cleartext. This allows a remote, man-in-the-middle attacker to eavesdrop on a Telnet session to obtain credentials or other sensitive information and to modify traffic exchanged between a client and server.

SSH is preferred over Telnet since it protects credentials from eavesdropping and can tunnel additional data streams such as an X11 session.
Solution
Disable the Telnet service and use SSH instead.
Risk Factor
Medium
CVSS Base Score
5.8 (CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N)
Plugin Information:
Published: 2009/10/27, Modified: 2015/10/21
Plugin Output

10.0.0.248 (tcp/23)


Nessus collected the following banner from the remote Telnet server :

------------------------------ snip ------------------------------
.[24;1H
.[?25h.[24;11H.[2J.[?7l.[3;23r.[?6l.[1;1H.[?25l.[1;1HProCurve J9280A Switch 2510G-48
Software revision Y.11.12

Copyright (C) 1991-2009 Hewlett-Packard Co. All Rights Reserved.

RESTRICTED RIGHTS LEGEND

Use, duplication, or disclosure by the Government is subject to restrictions
as set forth in subdivision (b) (3) (ii) of the Rights in Technical Data and
Computer Software clause at 52.227-7013.

HEWLETT-PACKARD COMPANY, 3000 Hanover St., Palo Alto, CA 94303

We'd like to keep you up to date about:
* Software feature updates
* New product announcements
* Special events

Please register your products now at: www.ProCurve.com


.[1;24r.[1;1H.[24;1HUsername: .[?25h.[24;1H.[?25h.[24;11H.[24;11H.[?25h.[24;11H
------------------------------ snip ------------------------------

10.0.0.249 (tcp/23)


Nessus collected the following banner from the remote Telnet server :

------------------------------ snip ------------------------------
.[2J.[?7l.[3;23r.[?6l.[1;1H.[?25l.[1;1HProCurve J8773A Switch 4208vl
Software revision L.11.47

Copyright (C) 1991-2017 Hewlett-Packard Co. All Rights Reserved.

RESTRICTED RIGHTS LEGEND

Use, duplication, or disclosure by the Government is subject to restrictions
as set forth in subdivision (b) (3) (ii) of the Rights in Technical Data and
Computer Software clause at 52.227-7013.

HEWLETT-PACKARD COMPANY, 3000 Hanover St., Palo Alto, CA 94303

We'd like to keep you up to date about:
* Software feature updates
* New product announcements
* Special events

Please register your products now at: www.ProCurve.com


.[24;1HPress any key to continue.[1;1H.[?25h.[24;27H
------------------------------ snip ------------------------------
42880 (2) - SSL / TLS Renegotiation Handshakes MiTM Plaintext Data Injection
Synopsis
The remote service allows insecure renegotiation of TLS / SSL connections.
Description
The remote service encrypts traffic using TLS / SSL but allows a client to insecurely renegotiate the connection after the initial handshake.
An unauthenticated, remote attacker may be able to leverage this issue to inject an arbitrary amount of plaintext into the beginning of the application protocol stream, which could facilitate man-in-the-middle attacks if the service assumes that the sessions before and after renegotiation are from the same 'client' and merges them at the application layer.
See Also
Solution
Contact the vendor for specific patch information.
Risk Factor
Medium
CVSS Base Score
5.8 (CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:P)
CVSS Temporal Score
5.0 (CVSS2#E:ND/RL:OF/RC:C)
References
BID 36935
CVE CVE-2009-3555
XREF OSVDB:59968
XREF OSVDB:59969
XREF OSVDB:59970
XREF OSVDB:59971
XREF OSVDB:59972
XREF OSVDB:59973
XREF OSVDB:59974
XREF OSVDB:60366
XREF OSVDB:60521
XREF OSVDB:61234
XREF OSVDB:61718
XREF OSVDB:61784
XREF OSVDB:61785
XREF OSVDB:61929
XREF OSVDB:62064
XREF OSVDB:62135
XREF OSVDB:62210
XREF OSVDB:62273
XREF OSVDB:62536
XREF OSVDB:62877
XREF OSVDB:64040
XREF OSVDB:64499
XREF OSVDB:64725
XREF OSVDB:65202
XREF OSVDB:66315
XREF OSVDB:67029
XREF OSVDB:69032
XREF OSVDB:69561
XREF OSVDB:70055
XREF OSVDB:70620
XREF OSVDB:71951
XREF OSVDB:71961
XREF OSVDB:74335
XREF OSVDB:75622
XREF OSVDB:77832
XREF OSVDB:90597
XREF OSVDB:99240
XREF OSVDB:100172
XREF OSVDB:104575
XREF OSVDB:104796
XREF CERT:120541
XREF CWE:310
Plugin Information:
Published: 2009/11/24, Modified: 2017/06/12
Plugin Output

10.0.0.43 (tcp/443)


TLSv1 supports insecure renegotiation.

SSLv3 supports insecure renegotiation.

10.0.0.45 (tcp/443)


TLSv1 supports insecure renegotiation.

SSLv3 supports insecure renegotiation.
66421 (2) - MS13-045: Vulnerability in Windows Essentials Could Allow Information Disclosure (2813707)
Synopsis
An application on the remote Windows host has an information disclosure vulnerability.
Description
The version of Windows Essentials 2011 or 2012 installed on the remote host has an information disclosure vulnerability. Windows Writer, part of Windows Essentials, fails to properly handle specially crafted URLs.
A remote attacker could exploit this by tricking a user into opening a maliciously crafted URL to override Windows Writer proxy settings and overwrite files accessible to the user.
See Also
Solution
Microsoft has released a patch for Windows Essentials 2012.
Risk Factor
Medium
CVSS Base Score
6.8 (CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)
CVSS Temporal Score
5.6 (CVSS2#E:F/RL:OF/RC:C)
References
BID 59783
CVE CVE-2013-0096
MSKB 2813707
XREF OSVDB:93317
XREF MSFT:MS13-045
Plugin Information:
Published: 2013/05/15, Modified: 2017/07/26
Plugin Output

10.0.0.14 (tcp/445)



Windows Essentials 2011 is installed at the following location :

C:\Program Files\Windows Live\


No patch is available for Windows Essentials 2011. Microsoft
recommends upgrading to Windows Essentials 2012 and applying
KB2813707.

10.0.0.64 (tcp/445)



Windows Essentials 2011 is installed at the following location :

C:\Program Files (x86)\Windows Live\


No patch is available for Windows Essentials 2011. Microsoft
recommends upgrading to Windows Essentials 2012 and applying
KB2813707.
78447 (2) - MS KB3009008: Vulnerability in SSL 3.0 Could Allow Information Disclosure (POODLE)
Synopsis
The remote host is affected by a remote information disclosure vulnerability.
Description
The remote host is missing one of the workarounds referenced in the Microsoft Security Advisory 3009008.

If the client registry key workaround has not been applied, any client software installed on the remote host (including IE) is affected by an information disclosure vulnerability when using SSL 3.0.

If the server registry key workaround has not been applied, any server software installed on the remote host (including IIS) is affected by an information disclosure vulnerability when using SSL 3.0.

SSL 3.0 uses nondeterministic CBC padding, which allows a man-in-the-middle attacker to decrypt portions of encrypted traffic using a 'padding oracle' attack. This is also known as the 'POODLE'
issue.
See Also
Solution
Apply the client registry key workaround and the server registry key workaround suggested by Microsoft in the advisory.
Risk Factor
Medium
CVSS Base Score
4.3 (CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N)
CVSS Temporal Score
3.1 (CVSS2#E:U/RL:TF/RC:UR)
References
BID 70574
CVE CVE-2014-3566
MSKB 3009008
XREF OSVDB:113251
XREF CERT:577193
Plugin Information:
Published: 2014/10/15, Modified: 2017/08/30
Plugin Output

10.0.0.14 (tcp/445)


The workaround to disable SSL 3.0 for all server software installed on
the remote host has not been applied.

The workaround to disable SSL 3.0 for all client software installed on
the remote host has not been applied.

The following users on the remote host have vulnerable IE settings :

S-1-5-21-2733907408-164282405-2434571311-1010 (SSLv3 Enabled)

10.0.0.64 (tcp/445)


The workaround to disable SSL 3.0 for all server software installed on
the remote host has not been applied.

The workaround to disable SSL 3.0 for all client software installed on
the remote host has not been applied.
81606 (2) - SSL/TLS EXPORT_RSA <= 512-bit Cipher Suites Supported (FREAK)
Synopsis
The remote host supports a set of weak ciphers.
Description
The remote host supports EXPORT_RSA cipher suites with keys less than or equal to 512 bits. An attacker can factor a 512-bit RSA modulus in a short amount of time.

A man-in-the middle attacker may be able to downgrade the session to use EXPORT_RSA cipher suites (e.g. CVE-2015-0204). Thus, it is recommended to remove support for weak cipher suites.
See Also
Solution
Reconfigure the service to remove support for EXPORT_RSA cipher suites.
Risk Factor
Medium
CVSS Base Score
4.3 (CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N)
CVSS Temporal Score
3.6 (CVSS2#E:F/RL:OF/RC:ND)
References
BID 71936
CVE CVE-2015-0204
XREF OSVDB:116794
XREF CERT:243585
Plugin Information:
Published: 2015/03/04, Modified: 2018/02/20
Plugin Output

10.0.0.43 (tcp/443)


EXPORT_RSA cipher suites supported by the remote server :

Low Strength Ciphers (<= 64-bit key)

EXP-DES-CBC-SHA Kx=RSA(512) Au=RSA Enc=DES-CBC(40) Mac=SHA1 export
EXP-RC4-MD5 Kx=RSA(512) Au=RSA Enc=RC4(40) Mac=MD5 export

The fields above are :

{OpenSSL ciphername}
Kx={key exchange}
Au={authentication}
Enc={symmetric encryption method}
Mac={message authentication code}
{export flag}

10.0.0.45 (tcp/443)


EXPORT_RSA cipher suites supported by the remote server :

Low Strength Ciphers (<= 64-bit key)

EXP-DES-CBC-SHA Kx=RSA(512) Au=RSA Enc=DES-CBC(40) Mac=SHA1 export
EXP-RC4-MD5 Kx=RSA(512) Au=RSA Enc=RC4(40) Mac=MD5 export

The fields above are :

{OpenSSL ciphername}
Kx={key exchange}
Au={authentication}
Enc={symmetric encryption method}
Mac={message authentication code}
{export flag}
87942 (2) - ESXi 5.5 < Build 3248547 Shared Folders (HGFS) Guest Privilege Escalation (VMSA-2016-0001) (remote check)
Synopsis
The remote VMware ESXi 5.5 host is affected by a guest privilege escalation vulnerability.
Description
The remote VMware ESXi 5.5 host is prior to build 3248547. It is, therefore, affected by a guest privilege escalation vulnerability in the Shared Folders (HGFS) feature due to improper validation of user-supplied input. A local attacker can exploit this to corrupt memory, resulting in an elevation of privileges.
See Also
Solution
Apply patch ESXi550-201512102-SG according to the vendor advisory.

Note that VMware Tools in any Windows-based guests that use the Shared Folders (HGFS) feature must also be updated to completely mitigate the vulnerability.
Risk Factor
Medium
CVSS Base Score
4.6 (CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P)
CVSS Temporal Score
3.4 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
II
References
CVE CVE-2015-6933
XREF OSVDB:132670
XREF VMSA:2016-0001
XREF IAVB:2016-B-0015
Plugin Information:
Published: 2016/01/15, Modified: 2017/06/12
Plugin Output

10.0.0.44 (tcp/0)


ESXi version : ESXi 5.5
Installed build : 2068190
Fixed build : 3248547

10.0.0.46 (tcp/0)


ESXi version : ESXi 5.5
Installed build : 2068190
Fixed build : 3248547
92949 (2) - ESXi 5.0 / 5.1 / 5.5 / 6.0 Multiple Vulnerabilities (VMSA-2016-0010) (remote check)
Synopsis
The remote VMware ESXi host is affected by multiple vulnerabilities.
Description
The remote VMware ESXi host is version 5.0, 5.1, 5.5, or 6.0 and is missing a security patch. It is, therefore, affected by multiple vulnerabilities :

- An arbitrary code execution vulnerability exists in the Shared Folders (HGFS) feature due to improper loading of Dynamic-link library (DLL) files from insecure paths, including the current working directory, which may not be under user control. A remote attacker can exploit this vulnerability, by placing a malicious DLL in the path or by convincing a user into opening a file on a network share, to inject and execute arbitrary code in the context of the current user. (CVE-2016-5330)

- An HTTP header injection vulnerability exists due to improper sanitization of user-supplied input. A remote attacker can exploit this to inject arbitrary HTTP headers and conduct HTTP response splitting attacks.
(CVE-2016-5331)
See Also
Solution
Apply the appropriate patch as referenced in the vendor advisory.

Note that VMware Tools on Windows-based guests that use the Shared Folders (HGFS) feature must also be updated to completely mitigate CVE-2016-5330.
Risk Factor
Medium
CVSS v3.0 Base Score
7.3 (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
6.7 (CVSS:3.0/E:F/RL:O/RC:X)
CVSS Base Score
6.9 (CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score
5.7 (CVSS2#E:F/RL:OF/RC:ND)
STIG Severity
II
References
BID 92323
BID 92324
CVE CVE-2016-5330
CVE CVE-2016-5331
XREF OSVDB:142633
XREF OSVDB:142634
XREF VMSA:2016-0010
XREF IAVB:2016-B-0124
XREF IAVB:2016-B-0125
XREF IAVB:2016-B-0126
XREF IAVB:2016-B-0127
Exploitable With
Metasploit (true)
Plugin Information:
Published: 2016/08/12, Modified: 2017/05/05
Plugin Output

10.0.0.44 (tcp/0)


ESXi version : 5.5
Installed build : 2068190
Fixed build : 4179633 / 4179631 (security-only fix)

10.0.0.46 (tcp/0)


ESXi version : 5.5
Installed build : 2068190
Fixed build : 4179633 / 4179631 (security-only fix)
103375 (2) - ESXi 5.5 < Build 6480267 RPC NULL Pointer Dereference Vulnerability (VMSA-2017-0015) (remote check)
Synopsis
The remote VMware ESXi 5.5 host is affected by an RPC NULL pointer dereference vulnerability.
Description
The version of the remote VMware ESXi 5.5 host is prior to build 6480267. It is, therefore, affected by a NULL pointer dereference vulnerability related to handling RPC requests that could allow an attacker to crash a virtual machine.
See Also
Solution
Apply patch ESXi550-201709101-SG according to the vendor advisory.
Risk Factor
Medium
CVSS v3.0 Base Score
6.8 (CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H)
CVSS Base Score
5.5 (CVSS2#AV:A/AC:L/Au:S/C:N/I:N/A:C)
CVSS Temporal Score
4.5 (CVSS2#E:F/RL:OF/RC:ND)
STIG Severity
I
References
BID 100842
CVE CVE-2017-4925
XREF OSVDB:165468
XREF VMSA:2017-0015
XREF IAVB:2017-B-0125
Plugin Information:
Published: 2017/09/21, Modified: 2017/09/22
Plugin Output

10.0.0.44 (tcp/0)


ESXi version : ESXi 5.5
Installed build : 2068190
Fixed build : 6480267

10.0.0.46 (tcp/0)


ESXi version : ESXi 5.5
Installed build : 2068190
Fixed build : 6480267
105175 (2) - Adobe Flash Player <= 27.0.0.187 (APSB17-42)
Synopsis
The remote Windows host has a browser plugin installed that is affected by multiple vulnerabilities.
Description
The version of Adobe Flash Player installed on the remote Windows host is equal or prior to version 27.0.0.187. It is, therefore, affected by a vulnerability which may allow an attacker to reset the global settings preference file.
See Also
Solution
Upgrade to Adobe Flash Player version 28.0.0.126 or later.
Risk Factor
Medium
CVSS v3.0 Base Score
5.3 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
CVSS v3.0 Temporal Score
4.6 (CVSS:3.0/E:U/RL:O/RC:C)
CVSS Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)
CVSS Temporal Score
3.7 (CVSS2#E:U/RL:OF/RC:C)
References
BID 102139
CVE CVE-2017-11305
XREF OSVDB:170675
Plugin Information:
Published: 2017/12/12, Modified: 2018/01/11
Plugin Output

10.0.0.14 (tcp/445)


Product : ActiveX control (for Internet Explorer)
Path : C:\WINDOWS\system32\Macromed\Flash\Flash10p.ocx
Installed version : 10.2.159.1
Fixed version : 28.0.0.126

10.0.0.64 (tcp/445)


Product : Browser Plugin (for Firefox / Netscape / Opera)
Path : C:\Windows\system32\Macromed\Flash\NPSWF64_26_0_0_151.dll
Installed version : 26.0.0.151
Fixed version : 28.0.0.126

Product : ActiveX control (for Internet Explorer)
Path : C:\Windows\system32\Macromed\Flash\Flash64_26_0_0_151.ocx
Installed version : 26.0.0.151
Fixed version : 28.0.0.126
46676 (1) - HP MFP Digital Sending Software < 4.18.3 Local Unspecified Authentication Bypass
Synopsis
The remote Windows host contains an application that is affected by an authentication bypass vulnerability.
Description
The remote Windows host contains a version of HP MFP Digital Sending Software earlier than 4.18.3. Such versions are potentially affected by an unspecified authentication bypass vulnerability.

A local attacker, exploiting this flaw, reportedly can gain unauthorized access to 'Send to email' and other functionalities of an HP Multifunction Peripheral (MFP) that is controlled by the HP Digital Sending Software.
See Also
Solution
Upgrade to HP MFP Digital Sending Software 4.18.5 or later.

Note that HP initially recommended upgrading to version 4.18.3. While that version does address the vulnerability, it also introduces a non-security defect and HP now recommends upgrading to version 4.18.5.
Risk Factor
Medium
CVSS Base Score
4.7 (CVSS2#AV:L/AC:M/Au:N/C:C/I:N/A:N)
CVSS Temporal Score
3.5 (CVSS2#E:U/RL:OF/RC:C)
References
BID 40147
CVE CVE-2010-1558
XREF OSVDB:64661
Plugin Information:
Published: 2010/05/19, Modified: 2013/06/21
Plugin Output

10.0.0.14 (tcp/445)


Path : C:\Program Files\Hewlett-Packard\HP MFP Digital Sending Software
Installed version : 4.16.3.0
Fixed version : 4.18.3
48761 (1) - MS KB982316: Elevation of Privilege Using Windows Service Isolation Bypass
Synopsis
The remote Windows host has a privilege escalation vulnerability.
Description
Windows Service Isolation can be bypassed on the remote host, resulting in the elevation of privileges.

A local attacker could exploit this by leveraging the TAPI service to execute code as SYSTEM.

A similar problem affects other Windows services that run as the NetworkService user (e.g. IIS, SQL Server), though Nessus has not checked for those issues.
See Also
Solution
Microsoft has released a set of patches for Windows XP, 2003, Vista, 2008, 7, and 2008 R2 :

Although these patches mitigate this vulnerability, users should be aware this is considered a non-security update by Microsoft. Refer to the Microsoft advisory for more information.
Risk Factor
Medium
CVSS Base Score
6.8 (CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C)
CVSS Temporal Score
5.6 (CVSS2#E:F/RL:OF/RC:C)
References
BID 42278
CVE CVE-2010-1886
MSKB 982316
XREF OSVDB:67083
Plugin Information:
Published: 2010/08/26, Modified: 2017/08/30
Plugin Output

10.0.0.14 (tcp/445)


The Network Service group has Full Control rights to :

HKLM\Software\Microsoft\Windows\CurrentVersion\Telephony
52045 (1) - Dell DellSystemLite.Scanner ActiveX Control Multiple Vulnerabilities
Synopsis
The remote Windows host has an ActiveX control that is affected by multiple vulnerabilities.
Description
The DellSystemLite.Scanner ActiveX control, a component from Dell to determine relevant software for your system, installed on the remote Windows host reportedly is affected by multiple vulnerabilities :

- An input validation error exists in the 'GetData()' method can be exploited to disclose the contents of arbitrary text files via directory traversal specifiers passed to the 'fileID' parameter.

- The unsafe property 'WMIAttributesOfInterest' allows assigning arbitrary WMI Query Language statements that can be exploited to disclose system information.
See Also
Solution
Remove or disable the control as fixes are not available.
Risk Factor
Medium
CVSS Base Score
4.3 (CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N)
CVSS Temporal Score
3.5 (CVSS2#E:U/RL:W/RC:ND)
References
BID 46443
CVE CVE-2011-0329
CVE CVE-2011-0330
XREF OSVDB:72534
XREF OSVDB:72535
XREF Secunia:42880
Plugin Information:
Published: 2011/02/21, Modified: 2014/08/28
Plugin Output

10.0.0.64 (tcp/445)


Class identifier : {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3}
Filename : C:\Windows\Downloaded Program Files\DellSystemLite.ocx
Installed version : 1.0.0.0


Moreover, its kill bit is not set so it is accessible via Internet
Explorer.
54972 (1) - Flash Player < 10.3.181.22 XSS (APSB11-13)
Synopsis
A browser plugin is affected by a cross-scripting vulnerability.
Description
An unspecified cross-site scripting vulnerability exists in versions of Flash Player earlier than 10.3.181.22 (10.3.181.23 for ActiveX).

An attacker may be able to leverage this issue to inject and execute arbitrary HTML and script code in a user's browser.
See Also
Solution
Upgrade to Adobe Flash version 10.3.181.22 (10.3.181.23 for ActiveX) or later.
Risk Factor
Medium
CVSS Base Score
4.3 (CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N)
CVSS Temporal Score
3.4 (CVSS2#E:POC/RL:OF/RC:C)
References
BID 48107
CVE CVE-2011-2107
XREF OSVDB:72723
XREF Secunia:44846
XREF CWE:20
XREF CWE:74
XREF CWE:79
XREF CWE:442
XREF CWE:629
XREF CWE:711
XREF CWE:712
XREF CWE:722
XREF CWE:725
XREF CWE:750
XREF CWE:751
XREF CWE:800
XREF CWE:801
XREF CWE:809
XREF CWE:811
XREF CWE:864
XREF CWE:900
XREF CWE:928
XREF CWE:931
XREF CWE:990
Plugin Information:
Published: 2011/06/06, Modified: 2016/06/14
Plugin Output

10.0.0.14 (tcp/445)


Product : ActiveX control (for Internet Explorer)
Path : C:\WINDOWS\system32\Macromed\Flash\Flash10p.ocx
Installed version : 10.2.159.1
Fixed version : 10.3.181.23
63155 (1) - Microsoft Windows Unquoted Service Path Enumeration
Synopsis
The remote Windows host has at least one service installed that uses an unquoted service path.
Description
The remote Windows host has at least one service installed that uses an unquoted service path, which contains at least one whitespace. A local attacker can gain elevated privileges by inserting an executable file in the path of the affected service.

Note that this is a generic test that will flag any application affected by the described vulnerability.
See Also
Solution
Ensure that any services that contain a space in the path enclose the path in quotes.
Risk Factor
Medium
CVSS v3.0 Base Score
7.8 (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
7.5 (CVSS:3.0/E:F/RL:X/RC:X)
CVSS Base Score
6.9 (CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score
6.6 (CVSS2#E:F/RL:ND/RC:ND)
References
BID 58591
BID 58617
BID 65873
BID 68520
CVE CVE-2013-1609
CVE CVE-2014-0759
CVE CVE-2014-5455
XREF OSVDB:91492
XREF OSVDB:91582
XREF OSVDB:102505
XREF OSVDB:109007
XREF OSVDB:132967
XREF ICSA:14-058-01
XREF EDB-ID:34037
Exploitable With
Metasploit (true)
Plugin Information:
Published: 2012/12/05, Modified: 2017/03/28
Plugin Output

10.0.0.64 (tcp/445)


Nessus found the following services with an untrusted path :
KeyServ : C:\Program Files (x86)\Avaya\IP Office\KeyServe\KeyServe.exe
Wave Authentication Manager Service : C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe
72937 (1) - Flash Player <= 11.7.700.269 / 12.0.0.70 Multiple Vulnerabilities (APSB14-08)
Synopsis
The remote Windows host has a browser plugin that is affected by multiple vulnerabilities.
Description
According to its version, the instance of Flash Player installed on the remote Windows host is equal or prior to 11.7.700.269 / 11.8.x / 11.9.x / 12.0.0.70. It is, therefore, potentially affected multiple vulnerabilities :

- A vulnerability exists that could be used to bypass the same origin policy. (CVE-2014-0503)

- A vulnerability exists that could be used to read the contents of the clipboard. (CVE-2014-0504)
See Also
Solution
Upgrade to Adobe Flash Player version 11.7.700.272 / 12.0.0.77 or later.
Risk Factor
Medium
CVSS Base Score
4.3 (CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N)
CVSS Temporal Score
3.4 (CVSS2#E:POC/RL:OF/RC:C)
References
BID 66122
BID 66127
CVE CVE-2014-0503
CVE CVE-2014-0504
XREF OSVDB:104318
XREF OSVDB:104319
Plugin Information:
Published: 2014/03/11, Modified: 2017/05/16
Plugin Output

10.0.0.14 (tcp/445)


Product : ActiveX control (for Internet Explorer)
Path : C:\WINDOWS\system32\Macromed\Flash\Flash10p.ocx
Installed version : 10.2.159.1
Fixed version : 12.0.0.77
76457 (1) - VMware Security Updates for vCenter Server (VMSA-2014-0006)
Synopsis
The remote host has a virtualization management application installed that is affected by multiple OpenSSL security vulnerabilities.
Description
The version of VMware vCenter installed on the remote host is prior to 5.0 Update 3a, 5.1 Update 2a, or 5.5 Update 1b. It is, therefore, affected by multiple OpenSSL vulnerabilities :

- An error exists in the function 'ssl3_read_bytes'
that could allow data to be injected into other sessions or allow denial of service attacks. Note this issue is only exploitable if 'SSL_MODE_RELEASE_BUFFERS' is enabled. (CVE-2010-5298)

- An error exists in the function 'do_ssl3_write' that could allow a NULL pointer to be dereferenced leading to denial of service attacks. Note this issue is exploitable only if 'SSL_MODE_RELEASE_BUFFERS' is enabled. (CVE-2014-0198)

- An unspecified error exists that could allow an attacker to cause usage of weak keying material leading to simplified man-in-the-middle attacks.
(CVE-2014-0224)

- An unspecified error exists related to anonymous ECDH cipher suites that could allow denial of service attacks. Note this issue only affects OpenSSL TLS clients. (CVE-2014-3470)
See Also
Solution
Upgrade to VMware vCenter Server 5.0U3a, 5.1U2a, or 5.5U1b.
Risk Factor
Medium
CVSS Base Score
6.8 (CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)
CVSS Temporal Score
5.3 (CVSS2#E:POC/RL:OF/RC:C)
References
BID 66801
BID 67193
BID 67898
BID 67899
CVE CVE-2010-5298
CVE CVE-2014-0198
CVE CVE-2014-0224
CVE CVE-2014-3470
XREF OSVDB:105763
XREF OSVDB:106531
XREF OSVDB:107729
XREF OSVDB:107731
XREF CERT:978508
XREF VMSA:2014-0006
Exploitable With
Core Impact (true)
Plugin Information:
Published: 2014/07/10, Modified: 2016/05/09
Plugin Output

10.0.0.47 (tcp/443)


Installed version : 5.5.0 build-1623101
Fixed version : 5.5.0 build-1891313
80946 (1) - Flash Player <= 16.0.0.257 Information Disclosure (APSB15-02)
Synopsis
The remote Windows host has a browser plugin that is affected by an information disclosure vulnerability.
Description
According to its version, the installation of Adobe Flash Player installed on the remote Windows host is equal or prior to 16.0.0.257.
It is, therefore, affected by a memory leak that can allow bypassing of memory randomization mitigations, aiding in further attacks.
See Also
Solution
Upgrade to Adobe Flash Player version 16.0.0.287 or later.

Alternatively, Adobe has made version 13.0.0.262 available for those installations that cannot be upgraded to 16.x.
Risk Factor
Medium
CVSS Base Score
4.3 (CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N)
CVSS Temporal Score
3.6 (CVSS2#E:F/RL:OF/RC:ND)
References
BID 72261
CVE CVE-2015-0310
XREF OSVDB:117429
Plugin Information:
Published: 2015/01/23, Modified: 2017/05/16
Plugin Output

10.0.0.14 (tcp/445)


Product : ActiveX control (for Internet Explorer)
Path : C:\WINDOWS\system32\Macromed\Flash\Flash10p.ocx
Installed version : 10.2.159.1
Fixed version : 16.0.0.287 / 13.0.0.262
86124 (1) - VMware vCenter 5.5 LDAP Certificate Validation MitM Spoofing (VMSA-2015-0006)
Synopsis
The remote host has a virtualization management application installed that is affected by a man-in-the-middle spoofing vulnerability.
Description
The VMware vCenter Server installed on the remote host is version 5.5 prior to 5.5u3. It is, therefore, affected by a man-in-the-middle spoofing vulnerability due to improper validation of X.509 certificates from TLS LDAP servers. A remote, man-in-the-middle attacker can exploit this to intercept network traffic by spoofing a TLS server via a crafted certificate, resulting in the manipulation or disclosure of sensitive information.
See Also
Solution
Upgrade to VMware vCenter Server 5.5u3 (5.5.0 build-3000241) or later.
Risk Factor
Medium
CVSS Base Score
5.8 (CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N)
CVSS Temporal Score
4.3 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2015-6932
XREF OSVDB:127696
XREF VMSA:2015-0006
XREF IAVB:2015-B-0117
Plugin Information:
Published: 2015/09/24, Modified: 2016/08/16
Plugin Output

10.0.0.47 (tcp/443)


Installed version : 5.5.0 build-1623101
Fixed version : 5.5.0 build-3000241
87592 (1) - VMware vCenter Multiple Vulnerabilities (VMSA-2015-0008)
Synopsis
The remote host has a virtualization management application installed that is affected by multiple vulnerabilities.
Description
The VMware vCenter Server installed on the remote host is affected by the following vulnerabilities :

- An XML external entity (XXE) injection flaw exists in Flex BlazeDS in the file flex-messaging-core.jar due to an incorrectly configured XML parser accepting XML external entities from untrusted sources. A remote attacker can exploit this, via a specially crafted AMF message containing an XML external entity declaration in conjunction with an entity reference, to read arbitrary files and thus gain access to potentially sensitive information. (CVE-2015-3269)

- A server-side request forgery (SSRF) vulnerability exists in Flex BlazeDS. A remote attacker can exploit this, via a crafted XML document, to direct HTTP traffic to intranet servers, thus bypassing access restrictions and allowing further host-based attacks to be conducted.
(CVE-2015-5255)
See Also
Solution
Upgrade to VMware vCenter Server version 5.5u3 (5.5.0 build-3000241) / 5.1u3b (5.1.0 build-3070521) / 5.0u3e (5.0.0 build-3073236) or later.
Risk Factor
Medium
CVSS Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)
CVSS Temporal Score
4.1 (CVSS2#E:F/RL:OF/RC:ND)
References
BID 76394
BID 77626
CVE CVE-2015-3269
CVE CVE-2015-5255
XREF OSVDB:126408
XREF OSVDB:130384
XREF VMSA:2015-0008
Plugin Information:
Published: 2015/12/22, Modified: 2016/06/29
Plugin Output

10.0.0.47 (tcp/443)


Installed version : 5.5.0 build-1623101
Fixed version : 5.5.0 build-3000241
88754 (1) - Firefox < 44.0.2 Service Workers Security Bypass
Synopsis
The remote Windows host contains a web browser that is affected by a security bypass vulnerability.
Description
The version of Mozilla Firefox installed on the remote Windows host is prior to 44.0.2. It is, therefore, affected by a security bypass vulnerability due to improper restriction of interaction between service workers and plugins. An unauthenticated, remote attacker can exploit this, via a crafted web site that triggers spoofed responses to requests that use NPAPI, to bypass the same-origin policy.
See Also
Solution
Upgrade to Mozilla Firefox version 44.0.2 or later.
Risk Factor
Medium
CVSS Base Score
4.3 (CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N)
CVSS Temporal Score
3.2 (CVSS2#E:U/RL:OF/RC:C)
References
CVE CVE-2016-1949
XREF OSVDB:134408
XREF MFSA:2016-13
Plugin Information:
Published: 2016/02/16, Modified: 2016/04/28
Plugin Output

10.0.0.64 (tcp/445)


Path : C:\Program Files (x86)\Mozilla Firefox
Installed version : 42.0
Fixed version : 44.0.2
91713 (1) - VMware vCenter Server 5.0.x < 5.0u3g / 5.1.x < 5.1u3d / 5.5.x < 5.5u2d Reflected XSS (VMSA-2016-0009)
Synopsis
A virtualization management application installed on the remote host is affected by a reflected cross-site scripting vulnerability.
Description
The version of VMware vCenter Server installed on the remote host is 5.0.x prior to 5.0u3g, 5.1.x prior to 5.1u3d, or 5.5.x prior to 5.5u2d. It is, therefore, affected by a reflected cross-site scripting (XSS) vulnerability due to improper sanitization of input. An unauthenticated, remote attacker can exploit this issue, by convincing a user into clicking a malicious link, to execute arbitrary scripting code in the user's browser session.
See Also
Solution
Upgrade to VMware vCenter Server version 5.0u3g (5.0.0 build-3891026) / 5.1u3d (5.1.0 build-3814779) / 5.5u2d (5.5.0 build-2442329) or later.

Note that the client side component of the vSphere Web Client does not need to be updated to remediate CVE-2015-6931. Updating the vCenter Server is sufficient to remediate this issue.
Risk Factor
Medium
CVSS Base Score
4.3 (CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N)
CVSS Temporal Score
3.6 (CVSS2#E:F/RL:OF/RC:ND)
References
CVE CVE-2015-6931
XREF OSVDB:140126
XREF VMSA:2016-0009
Plugin Information:
Published: 2016/06/20, Modified: 2016/06/21
Plugin Output

10.0.0.47 (tcp/443)


Installed version : 5.5.0 build-1623101
Fixed version : 5.5.0 build-2442329 (Update 2d)
95468 (1) - VMware vCenter Server 5.5.x < 5.5u3e / 6.0.x < 6.0u2a Multiple XXE Vulnerabilities (VMSA-2016-0022)
Synopsis
A virtualization management application installed on the remote host is affected by multiple XML external entity (XXE) vulnerabilities.
Description
The version of VMware vCenter Server installed on the remote host is 5.5.x prior to 5.5u3e or 6.0.x prior to 6.0u2a. It is, therefore, affected by multiple XML external entity (XXE) vulnerabilities :

- Multiple XML external entity (XXE) vulnerabilities exist in the Log Browser, the Distributed Switch setup, and the Content Library due to an incorrectly configured XML parser accepting XML external entities from an untrusted source. An authenticated, remote attacker can exploit this, via specially crafted XML data, to disclose the contents of arbitrary files. (CVE-2016-7459)

- An XML external entity (XXE) vulnerability exists in the Single Sign-On functionality due to an incorrectly configured XML parser accepting XML external entities from an untrusted source. An unauthenticated, remote attacker can exploit this, via specially crafted XML data, to disclose the contents of arbitrary files or cause a denial of service condition. (CVE-2016-7460)
See Also
Solution
Upgrade to VMware vCenter Server version 5.5.u3e (5.5.0 build-4180646) / 6.0u2a (6.0.0 build-4541947) or later.
Risk Factor
Medium
CVSS v3.0 Base Score
5.4 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L)
CVSS v3.0 Temporal Score
5.0 (CVSS:3.0/E:F/RL:O/RC:X)
CVSS Base Score
6.4 (CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P)
CVSS Temporal Score
5.3 (CVSS2#E:F/RL:OF/RC:ND)
References
BID 94485
BID 94486
CVE CVE-2016-7459
CVE CVE-2016-7460
XREF OSVDB:147774
XREF OSVDB:147775
XREF OSVDB:147776
XREF OSVDB:147777
XREF VMSA:2016-0022
Plugin Information:
Published: 2016/12/02, Modified: 2017/11/16
Plugin Output

10.0.0.47 (tcp/443)


Installed version : 5.5.0 build-1623101
Fixed version : 5.5.0 build-4180646
105040 (1) - Mozilla Firefox < 57.0.1 Multiple Vulnerabilities
Synopsis
A web browser installed on the remote Windows host is affected by multiple vulnerabilities.
Description
The version of Mozilla Firefox installed on the remote Windows host is prior to 57.0.1. It is, therefore, affected by multiple vulnerabilities.

Note: CVE-2017-7844 only affects version 57. Earlier releases are not affected.
See Also
Solution
Upgrade to Mozilla Firefox version 57.0.1 or later.
Risk Factor
Medium
CVSS v3.0 Base Score
5.3 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
CVSS Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)
CVSS Temporal Score
3.7 (CVSS2#E:U/RL:OF/RC:C)
References
BID 102039
CVE CVE-2017-7843
CVE CVE-2017-7844
XREF OSVDB:170282
XREF OSVDB:170283
Plugin Information:
Published: 2017/12/06, Modified: 2017/12/07
Plugin Output

10.0.0.64 (tcp/445)


Path : C:\Program Files (x86)\Mozilla Firefox
Installed version : 42.0
Fixed version : 57.0.1
105613 (1) - ADV180002: Microsoft SQL Server January 2018 Security Update (Meltdown) (Spectre)
Synopsis
The remote SQL server is affected by multiple vulnerabilities.
Description
The remote Microsoft SQL Server is missing a security update. It is, therefore, affected by a vulnerability exists within microprocessors utilizing speculative execution and indirect branch prediction, which may allow an attacker with local user access to disclose information via a side-channel analysis.
See Also
Solution
Microsoft has released a set of patches for SQL Server 2008, 2008 R2, 2012, 2014, 2016, and 2017.
Risk Factor
Medium
CVSS v3.0 Base Score
6.2 (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
CVSS Base Score
4.9 (CVSS2#AV:L/AC:L/Au:N/C:C/I:N/A:N)
CVSS Temporal Score
4.7 (CVSS2#E:F/RL:U/RC:ND)
STIG Severity
I
References
BID 102371
BID 102376
BID 102378
CVE CVE-2017-5715
CVE CVE-2017-5753
CVE CVE-2017-5754
MSKB 4057113
MSKB 4057114
MSKB 4057115
MSKB 4057116
MSKB 4057117
MSKB 4057118
MSKB 4057119
MSKB 4057120
MSKB 4057121
MSKB 4057122
MSKB 4052987
MSKB 4058559
MSKB 4058560
XREF OSVDB:171894
XREF OSVDB:171897
XREF MSFT:4057113
XREF IAVA:2018-A-0010
XREF IAVA:2018-A-0019
XREF IAVA:2018-A-0020
XREF MSFT:4057114
XREF MSFT:4057115
XREF MSFT:4057116
XREF MSFT:4057117
XREF MSFT:4057118
XREF MSFT:4057119
XREF MSFT:4057120
XREF MSFT:4057121
XREF MSFT:4057122
XREF MSFT:4052987
XREF MSFT:4058559
XREF MSFT:4058560
Plugin Information:
Published: 2018/01/05, Modified: 2018/02/02
Plugin Output

10.0.0.64 (tcp/445)



KB : 4057115
- C:\Program Files\Microsoft SQL Server\110\Setup Bootstrap\SQLServer2012\setup.exe has not been patched.
Remote version : 2011.110.6251.0
Should be : 2011.110.6260.1
105616 (1) - Mozilla Firefox < 57.0.4 Speculative Execution Side-Channel Attack Vulnerability (Spectre)
Synopsis
A web browser installed on the remote Windows host is affected by a speculative execution side-channel attack vulnerability.
Description
The version of Mozilla Firefox installed on the remote Windows host is prior to 57.0.4. It is, therefore, vulnerable to a speculative execution side-channel attack. Code from a malicious web page could read data from other web sites or private data from the browser itself.
See Also
Solution
Upgrade to Mozilla Firefox version 57.0.4 or later.
Risk Factor
Medium
CVSS v3.0 Base Score
4.3 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N)
CVSS Base Score
4.3 (CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N)
CVSS Temporal Score
4.1 (CVSS2#E:F/RL:ND/RC:ND)
STIG Severity
I
References
BID 102376
BID 102371
CVE CVE-2017-5753
CVE CVE-2017-5715
XREF OSVDB:171897
XREF MFSA:2018-01
XREF IAVA:2018-A-0020
Plugin Information:
Published: 2018/01/05, Modified: 2018/01/11
Plugin Output

10.0.0.64 (tcp/445)


Path : C:\Program Files (x86)\Mozilla Firefox
Installed version : 42.0
Fixed version : 57.0.4
105784 (1) - VMware vCenter Server 5.5.x < 5.5U3g / 6.0.x < 6.0U3d / 6.5.x < 6.5U1e Hypervisor-Assisted Guest Remediation (VMSA-2018-0004) (Spectre)
Synopsis
The remote VMware ESXi host is missing a security patch which enables hardware support for branch target mitigation.
Description
The version of VMware vCenter Server installed on the remote host is 5.5.x prior to 5.5U3g, 6.0.x prior to 6.0U3d, or 6.5.x prior to 6.5U1e. It is, therefore, missing security updates that add hypervisor-assisted guest remediation for a speculative execution vulnerability (CVE-2017-5715).
See Also
Solution
Upgrade to VMware vCenter Server version 5.5.U3g (5.5.0 build-7460778) / 6.0U3d (6.0.0 build-7464194) / 6.5U1e (6.5.0 build-7515524) or later.
Risk Factor
Medium
CVSS v3.0 Base Score
5.6 (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N)
CVSS v3.0 Temporal Score
5.4 (CVSS:3.0/E:F/RL:X/RC:X)
CVSS Base Score
4.7 (CVSS2#AV:L/AC:M/Au:N/C:C/I:N/A:N)
CVSS Temporal Score
4.5 (CVSS2#E:F/RL:ND/RC:ND)
STIG Severity
I
References
BID 102376
CVE CVE-2017-5715
XREF OSVDB:171897
XREF VMSA:2018-0004
XREF IAVA:2018-A-0020
Plugin Information:
Published: 2018/01/12
Plugin Output

10.0.0.47 (tcp/443)


Installed version : 5.5.0 build-1623101
Fixed version : 5.5.0 build-7460778
106682 (1) - Google Chrome < 64.0.3282.140 V8 Factory::NewFunction() RCE
Synopsis
A web browser installed on the remote Windows host is affected by a code execution vulnerability.
Description
The version of Google Chrome installed on the remote Windows host is prior to 64.0.3282.140. It is, therefore, affected by a flaw in the V8 JavaScript engine as noted in Chrome stable channel update release notes for February 1st, 2018. Please refer to the release notes for additional information.

Note that Nessus has not attempted to exploit these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Upgrade to Google Chrome version 64.0.3282.140 or later.
Risk Factor
Medium
CVSS v3.0 Base Score
6.3 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L)
CVSS v3.0 Temporal Score
5.7 (CVSS:3.0/E:P/RL:O/RC:X)
CVSS Base Score
6.8 (CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)
CVSS Temporal Score
5.3 (CVSS2#E:POC/RL:OF/RC:ND)
References
XREF OSVDB:173920
Plugin Information:
Published: 2018/02/09, Modified: 2018/02/09
Plugin Output

10.0.0.64 (tcp/445)


Path : C:\Program Files (x86)\Google\Chrome\Application
Installed version : 63.0.3239.132
Fixed version : 64.0.3282.140
65821 (28) - SSL RC4 Cipher Suites Supported (Bar Mitzvah)
Synopsis
The remote service supports the use of the RC4 cipher.
Description
The remote host supports the use of RC4 in one or more cipher suites.
The RC4 cipher is flawed in its generation of a pseudo-random stream of bytes so that a wide variety of small biases are introduced into the stream, decreasing its randomness.

If plaintext is repeatedly encrypted (e.g., HTTP cookies), and an attacker is able to obtain many (i.e., tens of millions) ciphertexts, the attacker may be able to derive the plaintext.
See Also
Solution
Reconfigure the affected application, if possible, to avoid use of RC4 ciphers. Consider using TLS 1.2 with AES-GCM suites subject to browser and web server support.
Risk Factor
Low
CVSS Base Score
2.6 (CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N)
CVSS Temporal Score
2.2 (CVSS2#E:F/RL:TF/RC:ND)
References
BID 58796
BID 73684
CVE CVE-2013-2566
CVE CVE-2015-2808
XREF OSVDB:91162
XREF OSVDB:117855
Plugin Information:
Published: 2013/04/05, Modified: 2018/01/29
Plugin Output

10.0.0.8 (tcp/1433)


List of RC4 cipher suites supported by the remote server :

High Strength Ciphers (>= 112-bit key)

RC4-MD5 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5
RC4-SHA Kx=RSA Au=RSA Enc=RC4(128) Mac=SHA1

The fields above are :

{OpenSSL ciphername}
Kx={key exchange}
Au={authentication}
Enc={symmetric encryption method}
Mac={message authentication code}
{export flag}

10.0.0.8 (tcp/3389)


List of RC4 cipher suites supported by the remote server :

High Strength Ciphers (>= 112-bit key)

RC4-MD5 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5
RC4-SHA Kx=RSA Au=RSA Enc=RC4(128) Mac=SHA1

The fields above are :

{OpenSSL ciphername}
Kx={key exchange}
Au={authentication}
Enc={symmetric encryption method}
Mac={message authentication code}
{export flag}

10.0.0.14 (tcp/3389)


List of RC4 cipher suites supported by the remote server :

High Strength Ciphers (>= 112-bit key)

RC4-MD5 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5
RC4-SHA Kx=RSA Au=RSA Enc=RC4(128) Mac=SHA1

The fields above are :

{OpenSSL ciphername}
Kx={key exchange}
Au={authentication}
Enc={symmetric encryption method}
Mac={message authentication code}
{export flag}

10.0.0.21 (tcp/443)


List of RC4 cipher suites supported by the remote server :

High Strength Ciphers (>= 112-bit key)

RC4-MD5 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5
RC4-SHA Kx=RSA Au=RSA Enc=RC4(128) Mac=SHA1

The fields above are :

{OpenSSL ciphername}
Kx={key exchange}
Au={authentication}
Enc={symmetric encryption method}
Mac={message authentication code}
{export flag}

10.0.0.21 (tcp/3389)


List of RC4 cipher suites supported by the remote server :

High Strength Ciphers (>= 112-bit key)

RC4-MD5 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5
RC4-SHA Kx=RSA Au=RSA Enc=RC4(128) Mac=SHA1

The fields above are :

{OpenSSL ciphername}
Kx={key exchange}
Au={authentication}
Enc={symmetric encryption method}
Mac={message authentication code}
{export flag}

10.0.0.22 (tcp/3389)


List of RC4 cipher suites supported by the remote server :

High Strength Ciphers (>= 112-bit key)

RC4-MD5 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5
RC4-SHA Kx=RSA Au=RSA Enc=RC4(128) Mac=SHA1

The fields above are :

{OpenSSL ciphername}
Kx={key exchange}
Au={authentication}
Enc={symmetric encryption method}
Mac={message authentication code}
{export flag}

10.0.0.22 (tcp/48000)


List of RC4 cipher suites supported by the remote server :

High Strength Ciphers (>= 112-bit key)

RC4-MD5 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5
RC4-SHA Kx=RSA Au=RSA Enc=RC4(128) Mac=SHA1

The fields above are :

{OpenSSL ciphername}
Kx={key exchange}
Au={authentication}
Enc={symmetric encryption method}
Mac={message authentication code}
{export flag}

10.0.0.22 (tcp/48001)


List of RC4 cipher suites supported by the remote server :

High Strength Ciphers (>= 112-bit key)

RC4-MD5 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5
RC4-SHA Kx=RSA Au=RSA Enc=RC4(128) Mac=SHA1

The fields above are :

{OpenSSL ciphername}
Kx={key exchange}
Au={authentication}
Enc={symmetric encryption method}
Mac={message authentication code}
{export flag}

10.0.0.25 (tcp/443)


List of RC4 cipher suites supported by the remote server :

High Strength Ciphers (>= 112-bit key)

RC4-MD5 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5
RC4-SHA Kx=RSA Au=RSA Enc=RC4(128) Mac=SHA1

The fields above are :

{OpenSSL ciphername}
Kx={key exchange}
Au={authentication}
Enc={symmetric encryption method}
Mac={message authentication code}
{export flag}

10.0.0.25 (tcp/636)


List of RC4 cipher suites supported by the remote server :

High Strength Ciphers (>= 112-bit key)

RC4-MD5 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5
RC4-SHA Kx=RSA Au=RSA Enc=RC4(128) Mac=SHA1

The fields above are :

{OpenSSL ciphername}
Kx={key exchange}
Au={authentication}
Enc={symmetric encryption method}
Mac={message authentication code}
{export flag}

10.0.0.25 (tcp/3269)


List of RC4 cipher suites supported by the remote server :

High Strength Ciphers (>= 112-bit key)

RC4-MD5 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5
RC4-SHA Kx=RSA Au=RSA Enc=RC4(128) Mac=SHA1

The fields above are :

{OpenSSL ciphername}
Kx={key exchange}
Au={authentication}
Enc={symmetric encryption method}
Mac={message authentication code}
{export flag}

10.0.0.25 (tcp/3389)


List of RC4 cipher suites supported by the remote server :

High Strength Ciphers (>= 112-bit key)

RC4-MD5 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5
RC4-SHA Kx=RSA Au=RSA Enc=RC4(128) Mac=SHA1

The fields above are :

{OpenSSL ciphername}
Kx={key exchange}
Au={authentication}
Enc={symmetric encryption method}
Mac={message authentication code}
{export flag}

10.0.0.27 (tcp/636)


List of RC4 cipher suites supported by the remote server :

High Strength Ciphers (>= 112-bit key)

RC4-MD5 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5
RC4-SHA Kx=RSA Au=RSA Enc=RC4(128) Mac=SHA1

The fields above are :

{OpenSSL ciphername}
Kx={key exchange}
Au={authentication}
Enc={symmetric encryption method}
Mac={message authentication code}
{export flag}

10.0.0.27 (tcp/3269)


List of RC4 cipher suites supported by the remote server :

High Strength Ciphers (>= 112-bit key)

RC4-MD5 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5
RC4-SHA Kx=RSA Au=RSA Enc=RC4(128) Mac=SHA1

The fields above are :

{OpenSSL ciphername}
Kx={key exchange}
Au={authentication}
Enc={symmetric encryption method}
Mac={message authentication code}
{export flag}

10.0.0.27 (tcp/3389)


List of RC4 cipher suites supported by the remote server :

High Strength Ciphers (>= 112-bit key)

RC4-MD5 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5
RC4-SHA Kx=RSA Au=RSA Enc=RC4(128) Mac=SHA1

The fields above are :

{OpenSSL ciphername}
Kx={key exchange}
Au={authentication}
Enc={symmetric encryption method}
Mac={message authentication code}
{export flag}

10.0.0.43 (tcp/443)


List of RC4 cipher suites supported by the remote server :

Low Strength Ciphers (<= 64-bit key)

EXP1024-RC4-SHA Kx=RSA(1024) Au=RSA Enc=RC4(56) Mac=SHA1 export
EXP-RC4-MD5 Kx=RSA(512) Au=RSA Enc=RC4(40) Mac=MD5 export

High Strength Ciphers (>= 112-bit key)

RC4-MD5 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5
RC4-SHA Kx=RSA Au=RSA Enc=RC4(128) Mac=SHA1

The fields above are :

{OpenSSL ciphername}
Kx={key exchange}
Au={authentication}
Enc={symmetric encryption method}
Mac={message authentication code}
{export flag}

10.0.0.45 (tcp/443)


List of RC4 cipher suites supported by the remote server :

Low Strength Ciphers (<= 64-bit key)

EXP1024-RC4-SHA Kx=RSA(1024) Au=RSA Enc=RC4(56) Mac=SHA1 export
EXP-RC4-MD5 Kx=RSA(512) Au=RSA Enc=RC4(40) Mac=MD5 export

High Strength Ciphers (>= 112-bit key)

RC4-MD5 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5
RC4-SHA Kx=RSA Au=RSA Enc=RC4(128) Mac=SHA1

The fields above are :

{OpenSSL ciphername}
Kx={key exchange}
Au={authentication}
Enc={symmetric encryption method}
Mac={message authentication code}
{export flag}

10.0.0.64 (tcp/3389)


List of RC4 cipher suites supported by the remote server :

High Strength Ciphers (>= 112-bit key)

RC4-MD5 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5
RC4-SHA Kx=RSA Au=RSA Enc=RC4(128) Mac=SHA1

The fields above are :

{OpenSSL ciphername}
Kx={key exchange}
Au={authentication}
Enc={symmetric encryption method}
Mac={message authentication code}
{export flag}

10.0.0.64 (tcp/49570)


List of RC4 cipher suites supported by the remote server :

High Strength Ciphers (>= 112-bit key)

RC4-MD5 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5
RC4-SHA Kx=RSA Au=RSA Enc=RC4(128) Mac=SHA1

The fields above are :

{OpenSSL ciphername}
Kx={key exchange}
Au={authentication}
Enc={symmetric encryption method}
Mac={message authentication code}
{export flag}

10.0.0.94 (tcp/443)


List of RC4 cipher suites supported by the remote server :

High Strength Ciphers (>= 112-bit key)

RC4-MD5 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5
RC4-SHA Kx=RSA Au=RSA Enc=RC4(128) Mac=SHA1

The fields above are :

{OpenSSL ciphername}
Kx={key exchange}
Au={authentication}
Enc={symmetric encryption method}
Mac={message authentication code}
{export flag}

10.0.0.94 (tcp/3389)


List of RC4 cipher suites supported by the remote server :

High Strength Ciphers (>= 112-bit key)

RC4-MD5 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5
RC4-SHA Kx=RSA Au=RSA Enc=RC4(128) Mac=SHA1

The fields above are :

{OpenSSL ciphername}
Kx={key exchange}
Au={authentication}
Enc={symmetric encryption method}
Mac={message authentication code}
{export flag}

10.0.0.112 (tcp/3389)


List of RC4 cipher suites supported by the remote server :

High Strength Ciphers (>= 112-bit key)

RC4-MD5 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5
RC4-SHA Kx=RSA Au=RSA Enc=RC4(128) Mac=SHA1

The fields above are :

{OpenSSL ciphername}
Kx={key exchange}
Au={authentication}
Enc={symmetric encryption method}
Mac={message authentication code}
{export flag}

10.0.0.148 (tcp/3389)


List of RC4 cipher suites supported by the remote server :

High Strength Ciphers (>= 112-bit key)

RC4-MD5 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5
RC4-SHA Kx=RSA Au=RSA Enc=RC4(128) Mac=SHA1

The fields above are :

{OpenSSL ciphername}
Kx={key exchange}
Au={authentication}
Enc={symmetric encryption method}
Mac={message authentication code}
{export flag}

10.0.0.158 (tcp/25)


List of RC4 cipher suites supported by the remote server :

High Strength Ciphers (>= 112-bit key)

RC4-MD5 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5
RC4-SHA Kx=RSA Au=RSA Enc=RC4(128) Mac=SHA1

The fields above are :

{OpenSSL ciphername}
Kx={key exchange}
Au={authentication}
Enc={symmetric encryption method}
Mac={message authentication code}
{export flag}

10.0.0.158 (tcp/443)


List of RC4 cipher suites supported by the remote server :

High Strength Ciphers (>= 112-bit key)

RC4-MD5 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5
RC4-SHA Kx=RSA Au=RSA Enc=RC4(128) Mac=SHA1

The fields above are :

{OpenSSL ciphername}
Kx={key exchange}
Au={authentication}
Enc={symmetric encryption method}
Mac={message authentication code}
{export flag}

10.0.0.158 (tcp/3389)


List of RC4 cipher suites supported by the remote server :

High Strength Ciphers (>= 112-bit key)

RC4-MD5 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5
RC4-SHA Kx=RSA Au=RSA Enc=RC4(128) Mac=SHA1

The fields above are :

{OpenSSL ciphername}
Kx={key exchange}
Au={authentication}
Enc={symmetric encryption method}
Mac={message authentication code}
{export flag}

10.0.0.158 (tcp/48000)


List of RC4 cipher suites supported by the remote server :

High Strength Ciphers (>= 112-bit key)

RC4-MD5 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5
RC4-SHA Kx=RSA Au=RSA Enc=RC4(128) Mac=SHA1

The fields above are :

{OpenSSL ciphername}
Kx={key exchange}
Au={authentication}
Enc={symmetric encryption method}
Mac={message authentication code}
{export flag}

10.0.0.158 (tcp/48001)


List of RC4 cipher suites supported by the remote server :

High Strength Ciphers (>= 112-bit key)

RC4-MD5 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5
RC4-SHA Kx=RSA Au=RSA Enc=RC4(128) Mac=SHA1

The fields above are :

{OpenSSL ciphername}
Kx={key exchange}
Au={authentication}
Enc={symmetric encryption method}
Mac={message authentication code}
{export flag}
83875 (17) - SSL/TLS Diffie-Hellman Modulus <= 1024 Bits (Logjam)
Synopsis
The remote host allows SSL/TLS connections with one or more Diffie-Hellman moduli less than or equal to 1024 bits.
Description
The remote host allows SSL/TLS connections with one or more Diffie-Hellman moduli less than or equal to 1024 bits. Through cryptanalysis, a third party may be able to find the shared secret in a short amount of time (depending on modulus size and attacker resources). This may allow an attacker to recover the plaintext or potentially violate the integrity of connections.
See Also
Solution
Reconfigure the service to use a unique Diffie-Hellman moduli of 2048 bits or greater.
Risk Factor
Low
CVSS v3.0 Base Score
3.7 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)
CVSS Base Score
2.6 (CVSS2#AV:N/AC:H/Au:N/C:N/I:P/A:N)
References
BID 74733
CVE CVE-2015-4000
XREF OSVDB:122331
Plugin Information:
Published: 2015/05/28, Modified: 2018/02/15
Plugin Output

10.0.0.21 (tcp/443)


Vulnerable connection combinations :

SSL/TLS version : TLSv1.0
Cipher suite : TLS1_CK_DHE_RSA_WITH_AES_256_CBC_SHA
Diffie-Hellman MODP size (bits) : 1024
Warning - This is a known static Oakley Group2 modulus. This may make
the remote host more vulnerable to the Logjam attack.
Logjam attack difficulty : Hard (would require nation-state resources)

SSL/TLS version : TLSv1.0
Cipher suite : TLS1_CK_DHE_RSA_WITH_AES_128_CBC_SHA
Diffie-Hellman MODP size (bits) : 1024
Warning - This is a known static Oakley Group2 modulus. This may make
the remote host more vulnerable to the Logjam attack.
Logjam attack difficulty : Hard (would require nation-state resources)

10.0.0.21 (tcp/3389)


Vulnerable connection combinations :

SSL/TLS version : TLSv1.1
Cipher suite : TLS1_CK_DHE_RSA_WITH_AES_128_CBC_SHA
Diffie-Hellman MODP size (bits) : 1024
Warning - This is a known static Oakley Group2 modulus. This may make
the remote host more vulnerable to the Logjam attack.
Logjam attack difficulty : Hard (would require nation-state resources)

SSL/TLS version : TLSv1.1
Cipher suite : TLS1_CK_DHE_RSA_WITH_AES_256_CBC_SHA
Diffie-Hellman MODP size (bits) : 1024
Warning - This is a known static Oakley Group2 modulus. This may make
the remote host more vulnerable to the Logjam attack.
Logjam attack difficulty : Hard (would require nation-state resources)

SSL/TLS version : TLSv1.0
Cipher suite : TLS1_CK_DHE_RSA_WITH_AES_128_CBC_SHA
Diffie-Hellman MODP size (bits) : 1024
Warning - This is a known static Oakley Group2 modulus. This may make
the remote host more vulnerable to the Logjam attack.
Logjam attack difficulty : Hard (would require nation-state resources)

SSL/TLS version : TLSv1.0
Cipher suite : TLS1_CK_DHE_RSA_WITH_AES_256_CBC_SHA
Diffie-Hellman MODP size (bits) : 1024
Warning - This is a known static Oakley Group2 modulus. This may make
the remote host more vulnerable to the Logjam attack.
Logjam attack difficulty : Hard (would require nation-state resources)

10.0.0.22 (tcp/3389)


Vulnerable connection combinations :

SSL/TLS version : TLSv1.1
Cipher suite : TLS1_CK_DHE_RSA_WITH_AES_128_CBC_SHA
Diffie-Hellman MODP size (bits) : 1024
Warning - This is a known static Oakley Group2 modulus. This may make
the remote host more vulnerable to the Logjam attack.
Logjam attack difficulty : Hard (would require nation-state resources)

SSL/TLS version : TLSv1.1
Cipher suite : TLS1_CK_DHE_RSA_WITH_AES_256_CBC_SHA
Diffie-Hellman MODP size (bits) : 1024
Warning - This is a known static Oakley Group2 modulus. This may make
the remote host more vulnerable to the Logjam attack.
Logjam attack difficulty : Hard (would require nation-state resources)

SSL/TLS version : TLSv1.0
Cipher suite : TLS1_CK_DHE_RSA_WITH_AES_128_CBC_SHA
Diffie-Hellman MODP size (bits) : 1024
Warning - This is a known static Oakley Group2 modulus. This may make
the remote host more vulnerable to the Logjam attack.
Logjam attack difficulty : Hard (would require nation-state resources)

SSL/TLS version : TLSv1.0
Cipher suite : TLS1_CK_DHE_RSA_WITH_AES_256_CBC_SHA
Diffie-Hellman MODP size (bits) : 1024
Warning - This is a known static Oakley Group2 modulus. This may make
the remote host more vulnerable to the Logjam attack.
Logjam attack difficulty : Hard (would require nation-state resources)

10.0.0.25 (tcp/443)


Vulnerable connection combinations :

SSL/TLS version : TLSv1.0
Cipher suite : TLS1_CK_DHE_RSA_WITH_AES_256_CBC_SHA
Diffie-Hellman MODP size (bits) : 1024
Warning - This is a known static Oakley Group2 modulus. This may make
the remote host more vulnerable to the Logjam attack.
Logjam attack difficulty : Hard (would require nation-state resources)

SSL/TLS version : TLSv1.0
Cipher suite : TLS1_CK_DHE_RSA_WITH_AES_128_CBC_SHA
Diffie-Hellman MODP size (bits) : 1024
Warning - This is a known static Oakley Group2 modulus. This may make
the remote host more vulnerable to the Logjam attack.
Logjam attack difficulty : Hard (would require nation-state resources)

10.0.0.25 (tcp/636)


Vulnerable connection combinations :

SSL/TLS version : TLSv1.0
Cipher suite : TLS1_CK_DHE_RSA_WITH_AES_256_CBC_SHA
Diffie-Hellman MODP size (bits) : 1024
Warning - This is a known static Oakley Group2 modulus. This may make
the remote host more vulnerable to the Logjam attack.
Logjam attack difficulty : Hard (would require nation-state resources)

SSL/TLS version : TLSv1.0
Cipher suite : TLS1_CK_DHE_RSA_WITH_AES_128_CBC_SHA
Diffie-Hellman MODP size (bits) : 1024
Warning - This is a known static Oakley Group2 modulus. This may make
the remote host more vulnerable to the Logjam attack.
Logjam attack difficulty : Hard (would require nation-state resources)

10.0.0.25 (tcp/3269)


Vulnerable connection combinations :

SSL/TLS version : TLSv1.0
Cipher suite : TLS1_CK_DHE_RSA_WITH_AES_256_CBC_SHA
Diffie-Hellman MODP size (bits) : 1024
Warning - This is a known static Oakley Group2 modulus. This may make
the remote host more vulnerable to the Logjam attack.
Logjam attack difficulty : Hard (would require nation-state resources)

SSL/TLS version : TLSv1.0
Cipher suite : TLS1_CK_DHE_RSA_WITH_AES_128_CBC_SHA
Diffie-Hellman MODP size (bits) : 1024
Warning - This is a known static Oakley Group2 modulus. This may make
the remote host more vulnerable to the Logjam attack.
Logjam attack difficulty : Hard (would require nation-state resources)

10.0.0.25 (tcp/3389)


Vulnerable connection combinations :

SSL/TLS version : TLSv1.1
Cipher suite : TLS1_CK_DHE_RSA_WITH_AES_128_CBC_SHA
Diffie-Hellman MODP size (bits) : 1024
Warning - This is a known static Oakley Group2 modulus. This may make
the remote host more vulnerable to the Logjam attack.
Logjam attack difficulty : Hard (would require nation-state resources)

SSL/TLS version : TLSv1.1
Cipher suite : TLS1_CK_DHE_RSA_WITH_AES_256_CBC_SHA
Diffie-Hellman MODP size (bits) : 1024
Warning - This is a known static Oakley Group2 modulus. This may make
the remote host more vulnerable to the Logjam attack.
Logjam attack difficulty : Hard (would require nation-state resources)

SSL/TLS version : TLSv1.0
Cipher suite : TLS1_CK_DHE_RSA_WITH_AES_128_CBC_SHA
Diffie-Hellman MODP size (bits) : 1024
Warning - This is a known static Oakley Group2 modulus. This may make
the remote host more vulnerable to the Logjam attack.
Logjam attack difficulty : Hard (would require nation-state resources)

SSL/TLS version : TLSv1.0
Cipher suite : TLS1_CK_DHE_RSA_WITH_AES_256_CBC_SHA
Diffie-Hellman MODP size (bits) : 1024
Warning - This is a known static Oakley Group2 modulus. This may make
the remote host more vulnerable to the Logjam attack.
Logjam attack difficulty : Hard (would require nation-state resources)

10.0.0.27 (tcp/636)


Vulnerable connection combinations :

SSL/TLS version : TLSv1.0
Cipher suite : TLS1_CK_DHE_RSA_WITH_AES_256_CBC_SHA
Diffie-Hellman MODP size (bits) : 1024
Warning - This is a known static Oakley Group2 modulus. This may make
the remote host more vulnerable to the Logjam attack.
Logjam attack difficulty : Hard (would require nation-state resources)

SSL/TLS version : TLSv1.0
Cipher suite : TLS1_CK_DHE_RSA_WITH_AES_128_CBC_SHA
Diffie-Hellman MODP size (bits) : 1024
Warning - This is a known static Oakley Group2 modulus. This may make
the remote host more vulnerable to the Logjam attack.
Logjam attack difficulty : Hard (would require nation-state resources)

10.0.0.27 (tcp/3269)


Vulnerable connection combinations :

SSL/TLS version : TLSv1.0
Cipher suite : TLS1_CK_DHE_RSA_WITH_AES_256_CBC_SHA
Diffie-Hellman MODP size (bits) : 1024
Warning - This is a known static Oakley Group2 modulus. This may make
the remote host more vulnerable to the Logjam attack.
Logjam attack difficulty : Hard (would require nation-state resources)

SSL/TLS version : TLSv1.0
Cipher suite : TLS1_CK_DHE_RSA_WITH_AES_128_CBC_SHA
Diffie-Hellman MODP size (bits) : 1024
Warning - This is a known static Oakley Group2 modulus. This may make
the remote host more vulnerable to the Logjam attack.
Logjam attack difficulty : Hard (would require nation-state resources)

10.0.0.27 (tcp/3389)


Vulnerable connection combinations :

SSL/TLS version : TLSv1.1
Cipher suite : TLS1_CK_DHE_RSA_WITH_AES_128_CBC_SHA
Diffie-Hellman MODP size (bits) : 1024
Warning - This is a known static Oakley Group2 modulus. This may make
the remote host more vulnerable to the Logjam attack.
Logjam attack difficulty : Hard (would require nation-state resources)

SSL/TLS version : TLSv1.1
Cipher suite : TLS1_CK_DHE_RSA_WITH_AES_256_CBC_SHA
Diffie-Hellman MODP size (bits) : 1024
Warning - This is a known static Oakley Group2 modulus. This may make
the remote host more vulnerable to the Logjam attack.
Logjam attack difficulty : Hard (would require nation-state resources)

SSL/TLS version : TLSv1.0
Cipher suite : TLS1_CK_DHE_RSA_WITH_AES_128_CBC_SHA
Diffie-Hellman MODP size (bits) : 1024
Warning - This is a known static Oakley Group2 modulus. This may make
the remote host more vulnerable to the Logjam attack.
Logjam attack difficulty : Hard (would require nation-state resources)

SSL/TLS version : TLSv1.0
Cipher suite : TLS1_CK_DHE_RSA_WITH_AES_256_CBC_SHA
Diffie-Hellman MODP size (bits) : 1024
Warning - This is a known static Oakley Group2 modulus. This may make
the remote host more vulnerable to the Logjam attack.
Logjam attack difficulty : Hard (would require nation-state resources)

10.0.0.43 (tcp/443)


Vulnerable connection combinations :

SSL/TLS version : TLSv1.1
Cipher suite : TLS1_CK_DHE_RSA_WITH_DES_CBC_SHA
Diffie-Hellman MODP size (bits) : 1024
Warning - This is a known static Oakley Group2 modulus. This may make
the remote host more vulnerable to the Logjam attack.
Logjam attack difficulty : Hard (would require nation-state resources)

SSL/TLS version : TLSv1.1
Cipher suite : TLS1_CK_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA
Diffie-Hellman MODP size (bits) : 1024
Warning - This is a known static Oakley Group2 modulus. This may make
the remote host more vulnerable to the Logjam attack.
Logjam attack difficulty : Hard (would require nation-state resources)

SSL/TLS version : TLSv1.1
Cipher suite : TLS1_CK_DHE_RSA_WITH_3DES_EDE_CBC_SHA
Diffie-Hellman MODP size (bits) : 1024
Warning - This is a known static Oakley Group2 modulus. This may make
the remote host more vulnerable to the Logjam attack.
Logjam attack difficulty : Hard (would require nation-state resources)

SSL/TLS version : TLSv1.0
Cipher suite : TLS1_CK_DHE_RSA_WITH_DES_CBC_SHA
Diffie-Hellman MODP size (bits) : 1024
Warning - This is a known static Oakley Group2 modulus. This may make
the remote host more vulnerable to the Logjam attack.
Logjam attack difficulty : Hard (would require nation-state resources)

SSL/TLS version : TLSv1.0
Cipher suite : TLS1_CK_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA
Diffie-Hellman MODP size (bits) : 1024
Warning - This is a known static Oakley Group2 modulus. This may make
the remote host more vulnerable to the Logjam attack.
Logjam attack difficulty : Hard (would require nation-state resources)

SSL/TLS version : TLSv1.0
Cipher suite : TLS1_CK_DHE_RSA_WITH_3DES_EDE_CBC_SHA
Diffie-Hellman MODP size (bits) : 1024
Warning - This is a known static Oakley Group2 modulus. This may make
the remote host more vulnerable to the Logjam attack.
Logjam attack difficulty : Hard (would require nation-state resources)

SSL/TLS version : SSLv3
Cipher suite : TLS1_CK_DHE_RSA_WITH_DES_CBC_SHA
Diffie-Hellman MODP size (bits) : 1024
Warning - This is a known static Oakley Group2 modulus. This may make
the remote host more vulnerable to the Logjam attack.
Logjam attack difficulty : Hard (would require nation-state resources)

SSL/TLS version : SSLv3
Cipher suite : TLS1_CK_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA
Diffie-Hellman MODP size (bits) : 1024
Warning - This is a known static Oakley Group2 modulus. This may make
the remote host more vulnerable to the Logjam attack.
Logjam attack difficulty : Hard (would require nation-state resources)

SSL/TLS version : SSLv3
Cipher suite : TLS1_CK_DHE_RSA_WITH_3DES_EDE_CBC_SHA
Diffie-Hellman MODP size (bits) : 1024
Warning - This is a known static Oakley Group2 modulus. This may make
the remote host more vulnerable to the Logjam attack.
Logjam attack difficulty : Hard (would require nation-state resources)

10.0.0.45 (tcp/443)


Vulnerable connection combinations :

SSL/TLS version : TLSv1.1
Cipher suite : TLS1_CK_DHE_RSA_WITH_DES_CBC_SHA
Diffie-Hellman MODP size (bits) : 1024
Warning - This is a known static Oakley Group2 modulus. This may make
the remote host more vulnerable to the Logjam attack.
Logjam attack difficulty : Hard (would require nation-state resources)

SSL/TLS version : TLSv1.1
Cipher suite : TLS1_CK_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA
Diffie-Hellman MODP size (bits) : 1024
Warning - This is a known static Oakley Group2 modulus. This may make
the remote host more vulnerable to the Logjam attack.
Logjam attack difficulty : Hard (would require nation-state resources)

SSL/TLS version : TLSv1.1
Cipher suite : TLS1_CK_DHE_RSA_WITH_3DES_EDE_CBC_SHA
Diffie-Hellman MODP size (bits) : 1024
Warning - This is a known static Oakley Group2 modulus. This may make
the remote host more vulnerable to the Logjam attack.
Logjam attack difficulty : Hard (would require nation-state resources)

SSL/TLS version : TLSv1.0
Cipher suite : TLS1_CK_DHE_RSA_WITH_DES_CBC_SHA
Diffie-Hellman MODP size (bits) : 1024
Warning - This is a known static Oakley Group2 modulus. This may make
the remote host more vulnerable to the Logjam attack.
Logjam attack difficulty : Hard (would require nation-state resources)

SSL/TLS version : TLSv1.0
Cipher suite : TLS1_CK_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA
Diffie-Hellman MODP size (bits) : 1024
Warning - This is a known static Oakley Group2 modulus. This may make
the remote host more vulnerable to the Logjam attack.
Logjam attack difficulty : Hard (would require nation-state resources)

SSL/TLS version : TLSv1.0
Cipher suite : TLS1_CK_DHE_RSA_WITH_3DES_EDE_CBC_SHA
Diffie-Hellman MODP size (bits) : 1024
Warning - This is a known static Oakley Group2 modulus. This may make
the remote host more vulnerable to the Logjam attack.
Logjam attack difficulty : Hard (would require nation-state resources)

SSL/TLS version : SSLv3
Cipher suite : TLS1_CK_DHE_RSA_WITH_DES_CBC_SHA
Diffie-Hellman MODP size (bits) : 1024
Warning - This is a known static Oakley Group2 modulus. This may make
the remote host more vulnerable to the Logjam attack.
Logjam attack difficulty : Hard (would require nation-state resources)

SSL/TLS version : SSLv3
Cipher suite : TLS1_CK_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA
Diffie-Hellman MODP size (bits) : 1024
Warning - This is a known static Oakley Group2 modulus. This may make
the remote host more vulnerable to the Logjam attack.
Logjam attack difficulty : Hard (would require nation-state resources)

SSL/TLS version : SSLv3
Cipher suite : TLS1_CK_DHE_RSA_WITH_3DES_EDE_CBC_SHA
Diffie-Hellman MODP size (bits) : 1024
Warning - This is a known static Oakley Group2 modulus. This may make
the remote host more vulnerable to the Logjam attack.
Logjam attack difficulty : Hard (would require nation-state resources)

10.0.0.64 (tcp/3389)


Vulnerable connection combinations :

SSL/TLS version : TLSv1.1
Cipher suite : TLS1_CK_DHE_RSA_WITH_AES_128_CBC_SHA
Diffie-Hellman MODP size (bits) : 1024
Warning - This is a known static Oakley Group2 modulus. This may make
the remote host more vulnerable to the Logjam attack.
Logjam attack difficulty : Hard (would require nation-state resources)

SSL/TLS version : TLSv1.1
Cipher suite : TLS1_CK_DHE_RSA_WITH_AES_256_CBC_SHA
Diffie-Hellman MODP size (bits) : 1024
Warning - This is a known static Oakley Group2 modulus. This may make
the remote host more vulnerable to the Logjam attack.
Logjam attack difficulty : Hard (would require nation-state resources)

SSL/TLS version : TLSv1.0
Cipher suite : TLS1_CK_DHE_RSA_WITH_AES_128_CBC_SHA
Diffie-Hellman MODP size (bits) : 1024
Warning - This is a known static Oakley Group2 modulus. This may make
the remote host more vulnerable to the Logjam attack.
Logjam attack difficulty : Hard (would require nation-state resources)

SSL/TLS version : TLSv1.0
Cipher suite : TLS1_CK_DHE_RSA_WITH_AES_256_CBC_SHA
Diffie-Hellman MODP size (bits) : 1024
Warning - This is a known static Oakley Group2 modulus. This may make
the remote host more vulnerable to the Logjam attack.
Logjam attack difficulty : Hard (would require nation-state resources)

10.0.0.64 (tcp/49570)


Vulnerable connection combinations :

SSL/TLS version : TLSv1.1
Cipher suite : TLS1_CK_DHE_RSA_WITH_AES_256_CBC_SHA
Diffie-Hellman MODP size (bits) : 1024
Warning - This is a known static Oakley Group2 modulus. This may make
the remote host more vulnerable to the Logjam attack.
Logjam attack difficulty : Hard (would require nation-state resources)

SSL/TLS version : TLSv1.1
Cipher suite : TLS1_CK_DHE_RSA_WITH_AES_128_CBC_SHA
Diffie-Hellman MODP size (bits) : 1024
Warning - This is a known static Oakley Group2 modulus. This may make
the remote host more vulnerable to the Logjam attack.
Logjam attack difficulty : Hard (would require nation-state resources)

SSL/TLS version : TLSv1.0
Cipher suite : TLS1_CK_DHE_RSA_WITH_AES_256_CBC_SHA
Diffie-Hellman MODP size (bits) : 1024
Warning - This is a known static Oakley Group2 modulus. This may make
the remote host more vulnerable to the Logjam attack.
Logjam attack difficulty : Hard (would require nation-state resources)

SSL/TLS version : TLSv1.0
Cipher suite : TLS1_CK_DHE_RSA_WITH_AES_128_CBC_SHA
Diffie-Hellman MODP size (bits) : 1024
Warning - This is a known static Oakley Group2 modulus. This may make
the remote host more vulnerable to the Logjam attack.
Logjam attack difficulty : Hard (would require nation-state resources)

10.0.0.94 (tcp/443)


Vulnerable connection combinations :

SSL/TLS version : TLSv1.0
Cipher suite : TLS1_CK_DHE_RSA_WITH_AES_256_CBC_SHA
Diffie-Hellman MODP size (bits) : 1024
Warning - This is a known static Oakley Group2 modulus. This may make
the remote host more vulnerable to the Logjam attack.
Logjam attack difficulty : Hard (would require nation-state resources)

SSL/TLS version : TLSv1.0
Cipher suite : TLS1_CK_DHE_RSA_WITH_AES_128_CBC_SHA
Diffie-Hellman MODP size (bits) : 1024
Warning - This is a known static Oakley Group2 modulus. This may make
the remote host more vulnerable to the Logjam attack.
Logjam attack difficulty : Hard (would require nation-state resources)

10.0.0.94 (tcp/3389)


Vulnerable connection combinations :

SSL/TLS version : TLSv1.1
Cipher suite : TLS1_CK_DHE_RSA_WITH_AES_128_CBC_SHA
Diffie-Hellman MODP size (bits) : 1024
Warning - This is a known static Oakley Group2 modulus. This may make
the remote host more vulnerable to the Logjam attack.
Logjam attack difficulty : Hard (would require nation-state resources)

SSL/TLS version : TLSv1.1
Cipher suite : TLS1_CK_DHE_RSA_WITH_AES_256_CBC_SHA
Diffie-Hellman MODP size (bits) : 1024
Warning - This is a known static Oakley Group2 modulus. This may make
the remote host more vulnerable to the Logjam attack.
Logjam attack difficulty : Hard (would require nation-state resources)

SSL/TLS version : TLSv1.0
Cipher suite : TLS1_CK_DHE_RSA_WITH_AES_128_CBC_SHA
Diffie-Hellman MODP size (bits) : 1024
Warning - This is a known static Oakley Group2 modulus. This may make
the remote host more vulnerable to the Logjam attack.
Logjam attack difficulty : Hard (would require nation-state resources)

SSL/TLS version : TLSv1.0
Cipher suite : TLS1_CK_DHE_RSA_WITH_AES_256_CBC_SHA
Diffie-Hellman MODP size (bits) : 1024
Warning - This is a known static Oakley Group2 modulus. This may make
the remote host more vulnerable to the Logjam attack.
Logjam attack difficulty : Hard (would require nation-state resources)

10.0.0.112 (tcp/3389)


Vulnerable connection combinations :

SSL/TLS version : TLSv1.1
Cipher suite : TLS1_CK_DHE_RSA_WITH_AES_128_CBC_SHA
Diffie-Hellman MODP size (bits) : 1024
Warning - This is a known static Oakley Group2 modulus. This may make
the remote host more vulnerable to the Logjam attack.
Logjam attack difficulty : Hard (would require nation-state resources)

SSL/TLS version : TLSv1.1
Cipher suite : TLS1_CK_DHE_RSA_WITH_AES_256_CBC_SHA
Diffie-Hellman MODP size (bits) : 1024
Warning - This is a known static Oakley Group2 modulus. This may make
the remote host more vulnerable to the Logjam attack.
Logjam attack difficulty : Hard (would require nation-state resources)

SSL/TLS version : TLSv1.0
Cipher suite : TLS1_CK_DHE_RSA_WITH_AES_128_CBC_SHA
Diffie-Hellman MODP size (bits) : 1024
Warning - This is a known static Oakley Group2 modulus. This may make
the remote host more vulnerable to the Logjam attack.
Logjam attack difficulty : Hard (would require nation-state resources)

SSL/TLS version : TLSv1.0
Cipher suite : TLS1_CK_DHE_RSA_WITH_AES_256_CBC_SHA
Diffie-Hellman MODP size (bits) : 1024
Warning - This is a known static Oakley Group2 modulus. This may make
the remote host more vulnerable to the Logjam attack.
Logjam attack difficulty : Hard (would require nation-state resources)
30218 (8) - Terminal Services Encryption Level is not FIPS-140 Compliant
Synopsis
The remote host is not FIPS-140 compliant.
Description
The encryption setting used by the remote Terminal Services service is not FIPS-140 compliant.
Solution
Change RDP encryption level to :

4. FIPS Compliant
Risk Factor
Low
CVSS Base Score
2.6 (CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N)
Plugin Information:
Published: 2008/02/11, Modified: 2018/04/18
Plugin Output

10.0.0.8 (tcp/3389)


The terminal services encryption level is set to :

2. Medium (Client Compatible)

10.0.0.14 (tcp/3389)


The terminal services encryption level is set to :

2. Medium (Client Compatible)

10.0.0.22 (tcp/3389)


The terminal services encryption level is set to :

2. Medium (Client Compatible)

10.0.0.25 (tcp/3389)


The terminal services encryption level is set to :

2. Medium (Client Compatible)

10.0.0.27 (tcp/3389)


The terminal services encryption level is set to :

2. Medium (Client Compatible)

10.0.0.64 (tcp/3389)


The terminal services encryption level is set to :

2. Medium (Client Compatible)

10.0.0.94 (tcp/3389)


The terminal services encryption level is set to :

2. Medium (Client Compatible)

10.0.0.112 (tcp/3389)


The terminal services encryption level is set to :

2. Medium (Client Compatible)
69551 (6) - SSL Certificate Chain Contains RSA Keys Less Than 2048 bits
Synopsis
The X.509 certificate chain used by this service contains certificates with RSA keys shorter than 2048 bits.
Description
At least one of the X.509 certificates sent by the remote host has a key that is shorter than 2048 bits. According to industry standards set by the Certification Authority/Browser (CA/B) Forum, certificates issued after January 1, 2014 must be at least 2048 bits.

Some browser SSL implementations may reject keys less than 2048 bits after January 1, 2014. Additionally, some SSL certificate vendors may revoke certificates less than 2048 bits before January 1, 2014.

Note that Nessus will not flag root certificates with RSA keys less than 2048 bits if they were issued prior to December 31, 2010, as the standard considers them exempt.
See Also
Solution
Replace the certificate in the chain with the RSA key less than 2048 bits in length with a longer key, and reissue any certificates signed by the old certificate.
Risk Factor
Low
Plugin Information:
Published: 2013/09/03, Modified: 2014/04/10
Plugin Output

10.0.0.8 (tcp/1433)


The following certificates were part of the certificate chain
sent by the remote host, but contain RSA keys that are considered
to be weak :

|-Subject : CN=SSL_Self_Signed_Fallback
|-RSA Key Length : 1024 bits

10.0.0.27 (tcp/636)


The following certificates were part of the certificate chain
sent by the remote host, but contain RSA keys that are considered
to be weak :

|-Subject : CN=demoSFDC02.demo.org
|-RSA Key Length : 1024 bits

10.0.0.27 (tcp/3269)


The following certificates were part of the certificate chain
sent by the remote host, but contain RSA keys that are considered
to be weak :

|-Subject : CN=demoSFDC02.demo.org
|-RSA Key Length : 1024 bits

10.0.0.43 (tcp/443)


The following certificates were part of the certificate chain
sent by the remote host, but contain RSA keys that are considered
to be weak :

|-Subject : CN=ILOMXQ0420GGM.demo.org/OU=ISS/O=Hewlett-Packard Company/L=Houston/ST=Texas/C=US
|-RSA Key Length : 1024 bits

10.0.0.45 (tcp/443)


The following certificates were part of the certificate chain
sent by the remote host, but contain RSA keys that are considered
to be weak :

|-Subject : CN=ILOMXQ0420GJ1.demo.org/OU=ISS/O=Hewlett-Packard Company/L=Houston/ST=Texas/C=US
|-RSA Key Length : 1024 bits

10.0.0.64 (tcp/49570)


The following certificates were part of the certificate chain
sent by the remote host, but contain RSA keys that are considered
to be weak :

|-Subject : CN=SSL_Self_Signed_Fallback
|-RSA Key Length : 1024 bits
70658 (4) - SSH Server CBC Mode Ciphers Enabled
Synopsis
The SSH server is configured to use Cipher Block Chaining.
Description
The SSH server is configured to support Cipher Block Chaining (CBC) encryption. This may allow an attacker to recover the plaintext message from the ciphertext.

Note that this plugin only checks for the options of the SSH server and does not check for vulnerable software versions.
Solution
Contact the vendor or consult product documentation to disable CBC mode cipher encryption, and enable CTR or GCM cipher mode encryption.
Risk Factor
Low
CVSS Base Score
2.6 (CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N)
CVSS Temporal Score
2.6 (CVSS2#E:ND/RL:ND/RC:ND)
References
BID 32319
CVE CVE-2008-5161
XREF OSVDB:50035
XREF OSVDB:50036
XREF CERT:958563
XREF CWE:200
Plugin Information:
Published: 2013/10/28, Modified: 2016/05/12
Plugin Output

10.0.0.110 (tcp/22)


The following client-to-server Cipher Block Chaining (CBC) algorithms
are supported :

3des-cbc
aes128-cbc
aes192-cbc
aes256-cbc
blowfish-cbc
cast128-cbc
rijndael-cbc@lysator.liu.se

The following server-to-client Cipher Block Chaining (CBC) algorithms
are supported :

3des-cbc
aes128-cbc
aes192-cbc
aes256-cbc
blowfish-cbc
cast128-cbc
rijndael-cbc@lysator.liu.se

10.0.0.111 (tcp/22)


The following client-to-server Cipher Block Chaining (CBC) algorithms
are supported :

3des-cbc
aes128-cbc
aes192-cbc
aes256-cbc
blowfish-cbc
cast128-cbc
rijndael-cbc@lysator.liu.se

The following server-to-client Cipher Block Chaining (CBC) algorithms
are supported :

3des-cbc
aes128-cbc
aes192-cbc
aes256-cbc
blowfish-cbc
cast128-cbc
rijndael-cbc@lysator.liu.se

10.0.0.169 (tcp/22)


The following client-to-server Cipher Block Chaining (CBC) algorithms
are supported :

3des-cbc
aes128-cbc
aes192-cbc
aes256-cbc
blowfish-cbc
cast128-cbc
rijndael-cbc@lysator.liu.se

The following server-to-client Cipher Block Chaining (CBC) algorithms
are supported :

3des-cbc
aes128-cbc
aes192-cbc
aes256-cbc
blowfish-cbc
cast128-cbc
rijndael-cbc@lysator.liu.se

10.0.0.201 (tcp/22)


The following client-to-server Cipher Block Chaining (CBC) algorithms
are supported :

3des-cbc
aes128-cbc
aes192-cbc
aes256-cbc
blowfish-cbc
cast128-cbc
rijndael-cbc@lysator.liu.se

The following server-to-client Cipher Block Chaining (CBC) algorithms
are supported :

3des-cbc
aes128-cbc
aes192-cbc
aes256-cbc
blowfish-cbc
cast128-cbc
rijndael-cbc@lysator.liu.se
71049 (4) - SSH Weak MAC Algorithms Enabled
Synopsis
The remote SSH server is configured to allow MD5 and 96-bit MAC algorithms.
Description
The remote SSH server is configured to allow either MD5 or 96-bit MAC algorithms, both of which are considered weak.

Note that this plugin only checks for the options of the SSH server, and it does not check for vulnerable software versions.
Solution
Contact the vendor or consult product documentation to disable MD5 and 96-bit MAC algorithms.
Risk Factor
Low
CVSS Base Score
2.6 (CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N)
Plugin Information:
Published: 2013/11/22, Modified: 2016/12/14
Plugin Output

10.0.0.110 (tcp/22)


The following client-to-server Message Authentication Code (MAC) algorithms
are supported :

hmac-md5
hmac-md5-96
hmac-sha1-96

The following server-to-client Message Authentication Code (MAC) algorithms
are supported :

hmac-md5
hmac-md5-96
hmac-sha1-96

10.0.0.111 (tcp/22)


The following client-to-server Message Authentication Code (MAC) algorithms
are supported :

hmac-md5
hmac-md5-96
hmac-sha1-96

The following server-to-client Message Authentication Code (MAC) algorithms
are supported :

hmac-md5
hmac-md5-96
hmac-sha1-96

10.0.0.169 (tcp/22)


The following client-to-server Message Authentication Code (MAC) algorithms
are supported :

hmac-md5
hmac-md5-96
hmac-sha1-96

The following server-to-client Message Authentication Code (MAC) algorithms
are supported :

hmac-md5
hmac-md5-96
hmac-sha1-96

10.0.0.201 (tcp/22)


The following client-to-server Message Authentication Code (MAC) algorithms
are supported :

hmac-md5
hmac-md5-96
hmac-md5-96-etm@openssh.com
hmac-md5-etm@openssh.com
hmac-sha1-96
hmac-sha1-96-etm@openssh.com

The following server-to-client Message Authentication Code (MAC) algorithms
are supported :

hmac-md5
hmac-md5-96
hmac-md5-96-etm@openssh.com
hmac-md5-etm@openssh.com
hmac-sha1-96
hmac-sha1-96-etm@openssh.com
11457 (2) - Microsoft Windows SMB Registry : Winlogon Cached Password Weakness
Synopsis
User credentials are stored in memory.
Description
The registry key 'HKLM\Software\Microsoft\WindowsNT\CurrentVersion\ Winlogon\CachedLogonsCount' is not 0. Using a value greater than 0 for the CachedLogonsCount key indicates that the remote Windows host locally caches the passwords of the users when they login, in order to continue to allow the users to login in the case of the failure of the primary domain controller (PDC).
See Also
Solution
Use regedt32 and set the value of this registry key to 0.
Risk Factor
Low
CVSS Base Score
2.6 (CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N)
Plugin Information:
Published: 2003/03/24, Modified: 2017/12/05
Plugin Output

10.0.0.14 (tcp/445)


Max cached logons : 10

10.0.0.64 (tcp/445)


Max cached logons : 10
83738 (2) - SSL/TLS EXPORT_DHE <= 512-bit Export Cipher Suites Supported (Logjam)
Synopsis
The remote host supports a set of weak ciphers.
Description
The remote host supports EXPORT_DHE cipher suites with keys less than or equal to 512 bits. Through cryptanalysis, a third party can find the shared secret in a short amount of time.

A man-in-the middle attacker may be able to downgrade the session to use EXPORT_DHE cipher suites. Thus, it is recommended to remove support for weak cipher suites.
See Also
Solution
Reconfigure the service to remove support for EXPORT_DHE cipher suites.
Risk Factor
Low
CVSS Base Score
2.6 (CVSS2#AV:N/AC:H/Au:N/C:N/I:P/A:N)
CVSS Temporal Score
2.2 (CVSS2#E:F/RL:TF/RC:ND)
References
BID 74733
CVE CVE-2015-4000
XREF OSVDB:122331
Plugin Information:
Published: 2015/05/21, Modified: 2016/06/16
Plugin Output

10.0.0.43 (tcp/443)


EXPORT_DHE cipher suites supported by the remote server :

Low Strength Ciphers (<= 64-bit key)

EXP-EDH-RSA-DES-CBC-SHA Kx=DH(512) Au=RSA Enc=DES-CBC(40) Mac=SHA1 export

The fields above are :

{OpenSSL ciphername}
Kx={key exchange}
Au={authentication}
Enc={symmetric encryption method}
Mac={message authentication code}
{export flag}

10.0.0.45 (tcp/443)


EXPORT_DHE cipher suites supported by the remote server :

Low Strength Ciphers (<= 64-bit key)

EXP-EDH-RSA-DES-CBC-SHA Kx=DH(512) Au=RSA Enc=DES-CBC(40) Mac=SHA1 export

The fields above are :

{OpenSSL ciphername}
Kx={key exchange}
Au={authentication}
Enc={symmetric encryption method}
Mac={message authentication code}
{export flag}
11219 (244) - Nessus SYN scanner
Synopsis
It is possible to determine which TCP ports are open.
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.

Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Solution
Protect your target with an IP filter.
Risk Factor
None
Plugin Information:
Published: 2009/02/04, Modified: 2017/05/22
Plugin Output

10.0.0.1 (tcp/80)

Port 80/tcp was found to be open

10.0.0.1 (tcp/81)

Port 81/tcp was found to be open

10.0.0.1 (tcp/2000)

Port 2000/tcp was found to be open

10.0.0.1 (tcp/5060)

Port 5060/tcp was found to be open

10.0.0.1 (tcp/8090)

Port 8090/tcp was found to be open

10.0.0.1 (tcp/8181)

Port 8181/tcp was found to be open

10.0.0.1 (tcp/8889)

Port 8889/tcp was found to be open

10.0.0.8 (tcp/135)

Port 135/tcp was found to be open

10.0.0.8 (tcp/139)

Port 139/tcp was found to be open

10.0.0.8 (tcp/445)

Port 445/tcp was found to be open

10.0.0.8 (tcp/1433)

Port 1433/tcp was found to be open

10.0.0.8 (tcp/2000)

Port 2000/tcp was found to be open

10.0.0.8 (tcp/3389)

Port 3389/tcp was found to be open

10.0.0.8 (tcp/5060)

Port 5060/tcp was found to be open

10.0.0.21 (tcp/80)

Port 80/tcp was found to be open

10.0.0.21 (tcp/135)

Port 135/tcp was found to be open

10.0.0.21 (tcp/139)

Port 139/tcp was found to be open

10.0.0.21 (tcp/443)

Port 443/tcp was found to be open

10.0.0.21 (tcp/445)

Port 445/tcp was found to be open

10.0.0.21 (tcp/2000)

Port 2000/tcp was found to be open

10.0.0.21 (tcp/3389)

Port 3389/tcp was found to be open

10.0.0.21 (tcp/5060)

Port 5060/tcp was found to be open

10.0.0.22 (tcp/80)

Port 80/tcp was found to be open

10.0.0.22 (tcp/135)

Port 135/tcp was found to be open

10.0.0.22 (tcp/139)

Port 139/tcp was found to be open

10.0.0.22 (tcp/445)

Port 445/tcp was found to be open

10.0.0.22 (tcp/2000)

Port 2000/tcp was found to be open

10.0.0.22 (tcp/3389)

Port 3389/tcp was found to be open

10.0.0.22 (tcp/5060)

Port 5060/tcp was found to be open

10.0.0.22 (tcp/48000)

Port 48000/tcp was found to be open

10.0.0.22 (tcp/48001)

Port 48001/tcp was found to be open

10.0.0.25 (tcp/53)

Port 53/tcp was found to be open

10.0.0.25 (tcp/80)

Port 80/tcp was found to be open

10.0.0.25 (tcp/88)

Port 88/tcp was found to be open

10.0.0.25 (tcp/135)

Port 135/tcp was found to be open

10.0.0.25 (tcp/139)

Port 139/tcp was found to be open

10.0.0.25 (tcp/389)

Port 389/tcp was found to be open

10.0.0.25 (tcp/443)

Port 443/tcp was found to be open

10.0.0.25 (tcp/445)

Port 445/tcp was found to be open

10.0.0.25 (tcp/464)

Port 464/tcp was found to be open

10.0.0.25 (tcp/593)

Port 593/tcp was found to be open

10.0.0.25 (tcp/636)

Port 636/tcp was found to be open

10.0.0.25 (tcp/2000)

Port 2000/tcp was found to be open

10.0.0.25 (tcp/3268)

Port 3268/tcp was found to be open

10.0.0.25 (tcp/3269)

Port 3269/tcp was found to be open

10.0.0.25 (tcp/3389)

Port 3389/tcp was found to be open

10.0.0.25 (tcp/5060)

Port 5060/tcp was found to be open

10.0.0.27 (tcp/53)

Port 53/tcp was found to be open

10.0.0.27 (tcp/88)

Port 88/tcp was found to be open

10.0.0.27 (tcp/135)

Port 135/tcp was found to be open

10.0.0.27 (tcp/139)

Port 139/tcp was found to be open

10.0.0.27 (tcp/389)

Port 389/tcp was found to be open

10.0.0.27 (tcp/445)

Port 445/tcp was found to be open

10.0.0.27 (tcp/464)

Port 464/tcp was found to be open

10.0.0.27 (tcp/593)

Port 593/tcp was found to be open

10.0.0.27 (tcp/636)

Port 636/tcp was found to be open

10.0.0.27 (tcp/2000)

Port 2000/tcp was found to be open

10.0.0.27 (tcp/3268)

Port 3268/tcp was found to be open

10.0.0.27 (tcp/3269)

Port 3269/tcp was found to be open

10.0.0.27 (tcp/3389)

Port 3389/tcp was found to be open

10.0.0.27 (tcp/5060)

Port 5060/tcp was found to be open

10.0.0.39 (tcp/2000)

Port 2000/tcp was found to be open

10.0.0.39 (tcp/5060)

Port 5060/tcp was found to be open

10.0.0.43 (tcp/22)

Port 22/tcp was found to be open

10.0.0.43 (tcp/80)

Port 80/tcp was found to be open

10.0.0.43 (tcp/443)

Port 443/tcp was found to be open

10.0.0.43 (tcp/2000)

Port 2000/tcp was found to be open

10.0.0.43 (tcp/5060)

Port 5060/tcp was found to be open

10.0.0.43 (tcp/17990)

Port 17990/tcp was found to be open

10.0.0.44 (tcp/80)

Port 80/tcp was found to be open

10.0.0.44 (tcp/427)

Port 427/tcp was found to be open

10.0.0.44 (tcp/443)

Port 443/tcp was found to be open

10.0.0.44 (tcp/902)

Port 902/tcp was found to be open

10.0.0.44 (tcp/2000)

Port 2000/tcp was found to be open

10.0.0.44 (tcp/5060)

Port 5060/tcp was found to be open

10.0.0.44 (tcp/5989)

Port 5989/tcp was found to be open

10.0.0.44 (tcp/8000)

Port 8000/tcp was found to be open

10.0.0.44 (tcp/8100)

Port 8100/tcp was found to be open

10.0.0.45 (tcp/22)

Port 22/tcp was found to be open

10.0.0.45 (tcp/80)

Port 80/tcp was found to be open

10.0.0.45 (tcp/443)

Port 443/tcp was found to be open

10.0.0.45 (tcp/2000)

Port 2000/tcp was found to be open

10.0.0.45 (tcp/5060)

Port 5060/tcp was found to be open

10.0.0.45 (tcp/17990)

Port 17990/tcp was found to be open

10.0.0.46 (tcp/80)

Port 80/tcp was found to be open

10.0.0.46 (tcp/427)

Port 427/tcp was found to be open

10.0.0.46 (tcp/443)

Port 443/tcp was found to be open

10.0.0.46 (tcp/902)

Port 902/tcp was found to be open

10.0.0.46 (tcp/2000)

Port 2000/tcp was found to be open

10.0.0.46 (tcp/5060)

Port 5060/tcp was found to be open

10.0.0.46 (tcp/5989)

Port 5989/tcp was found to be open

10.0.0.46 (tcp/8000)

Port 8000/tcp was found to be open

10.0.0.47 (tcp/22)

Port 22/tcp was found to be open

10.0.0.47 (tcp/80)

Port 80/tcp was found to be open

10.0.0.47 (tcp/88)

Port 88/tcp was found to be open

10.0.0.47 (tcp/111)

Port 111/tcp was found to be open

10.0.0.47 (tcp/443)

Port 443/tcp was found to be open

10.0.0.47 (tcp/514)

Port 514/tcp was found to be open

10.0.0.47 (tcp/1514)

Port 1514/tcp was found to be open

10.0.0.47 (tcp/2000)

Port 2000/tcp was found to be open

10.0.0.47 (tcp/2012)

Port 2012/tcp was found to be open

10.0.0.47 (tcp/2014)

Port 2014/tcp was found to be open

10.0.0.47 (tcp/5060)

Port 5060/tcp was found to be open

10.0.0.47 (tcp/8190)

Port 8190/tcp was found to be open

10.0.0.47 (tcp/8191)

Port 8191/tcp was found to be open

10.0.0.47 (tcp/8443)

Port 8443/tcp was found to be open

10.0.0.47 (tcp/9443)

Port 9443/tcp was found to be open

10.0.0.47 (tcp/22000)

Port 22000/tcp was found to be open

10.0.0.50 (tcp/2000)

Port 2000/tcp was found to be open

10.0.0.50 (tcp/5060)

Port 5060/tcp was found to be open

10.0.0.51 (tcp/2000)

Port 2000/tcp was found to be open

10.0.0.51 (tcp/5060)

Port 5060/tcp was found to be open

10.0.0.52 (tcp/2000)

Port 2000/tcp was found to be open

10.0.0.52 (tcp/5060)

Port 5060/tcp was found to be open

10.0.0.53 (tcp/2000)

Port 2000/tcp was found to be open

10.0.0.53 (tcp/5060)

Port 5060/tcp was found to be open

10.0.0.54 (tcp/2000)

Port 2000/tcp was found to be open

10.0.0.54 (tcp/5060)

Port 5060/tcp was found to be open

10.0.0.60 (tcp/2000)

Port 2000/tcp was found to be open

10.0.0.60 (tcp/5060)

Port 5060/tcp was found to be open

10.0.0.67 (tcp/2000)

Port 2000/tcp was found to be open

10.0.0.67 (tcp/5060)

Port 5060/tcp was found to be open

10.0.0.84 (tcp/80)

Port 80/tcp was found to be open

10.0.0.84 (tcp/443)

Port 443/tcp was found to be open

10.0.0.84 (tcp/2000)

Port 2000/tcp was found to be open

10.0.0.84 (tcp/5060)

Port 5060/tcp was found to be open

10.0.0.85 (tcp/2000)

Port 2000/tcp was found to be open

10.0.0.85 (tcp/5060)

Port 5060/tcp was found to be open

10.0.0.85 (tcp/62078)

Port 62078/tcp was found to be open

10.0.0.91 (tcp/2000)

Port 2000/tcp was found to be open

10.0.0.91 (tcp/5060)

Port 5060/tcp was found to be open

10.0.0.94 (tcp/80)

Port 80/tcp was found to be open

10.0.0.94 (tcp/135)

Port 135/tcp was found to be open

10.0.0.94 (tcp/139)

Port 139/tcp was found to be open

10.0.0.94 (tcp/443)

Port 443/tcp was found to be open

10.0.0.94 (tcp/445)

Port 445/tcp was found to be open

10.0.0.94 (tcp/2000)

Port 2000/tcp was found to be open

10.0.0.94 (tcp/3389)

Port 3389/tcp was found to be open

10.0.0.94 (tcp/5060)

Port 5060/tcp was found to be open

10.0.0.99 (tcp/80)

Port 80/tcp was found to be open

10.0.0.99 (tcp/443)

Port 443/tcp was found to be open

10.0.0.99 (tcp/2000)

Port 2000/tcp was found to be open

10.0.0.99 (tcp/5060)

Port 5060/tcp was found to be open

10.0.0.100 (tcp/80)

Port 80/tcp was found to be open

10.0.0.100 (tcp/443)

Port 443/tcp was found to be open

10.0.0.100 (tcp/2000)

Port 2000/tcp was found to be open

10.0.0.100 (tcp/5060)

Port 5060/tcp was found to be open

10.0.0.105 (tcp/80)

Port 80/tcp was found to be open

10.0.0.105 (tcp/443)

Port 443/tcp was found to be open

10.0.0.105 (tcp/2000)

Port 2000/tcp was found to be open

10.0.0.105 (tcp/5060)

Port 5060/tcp was found to be open

10.0.0.110 (tcp/21)

Port 21/tcp was found to be open

10.0.0.110 (tcp/22)

Port 22/tcp was found to be open

10.0.0.110 (tcp/2000)

Port 2000/tcp was found to be open

10.0.0.110 (tcp/2345)

Port 2345/tcp was found to be open

10.0.0.110 (tcp/5060)

Port 5060/tcp was found to be open

10.0.0.111 (tcp/22)

Port 22/tcp was found to be open

10.0.0.111 (tcp/2000)

Port 2000/tcp was found to be open

10.0.0.111 (tcp/5060)

Port 5060/tcp was found to be open

10.0.0.112 (tcp/135)

Port 135/tcp was found to be open

10.0.0.112 (tcp/139)

Port 139/tcp was found to be open

10.0.0.112 (tcp/445)

Port 445/tcp was found to be open

10.0.0.112 (tcp/2000)

Port 2000/tcp was found to be open

10.0.0.112 (tcp/3389)

Port 3389/tcp was found to be open

10.0.0.112 (tcp/5060)

Port 5060/tcp was found to be open

10.0.0.114 (tcp/2000)

Port 2000/tcp was found to be open

10.0.0.114 (tcp/5060)

Port 5060/tcp was found to be open

10.0.0.122 (tcp/80)

Port 80/tcp was found to be open

10.0.0.122 (tcp/443)

Port 443/tcp was found to be open

10.0.0.122 (tcp/2000)

Port 2000/tcp was found to be open

10.0.0.122 (tcp/5060)

Port 5060/tcp was found to be open

10.0.0.131 (tcp/554)

Port 554/tcp was found to be open

10.0.0.131 (tcp/2000)

Port 2000/tcp was found to be open

10.0.0.131 (tcp/5060)

Port 5060/tcp was found to be open

10.0.0.133 (tcp/80)

Port 80/tcp was found to be open

10.0.0.133 (tcp/139)

Port 139/tcp was found to be open

10.0.0.133 (tcp/443)

Port 443/tcp was found to be open

10.0.0.133 (tcp/445)

Port 445/tcp was found to be open

10.0.0.133 (tcp/548)

Port 548/tcp was found to be open

10.0.0.133 (tcp/2000)

Port 2000/tcp was found to be open

10.0.0.133 (tcp/3702)

Port 3702/tcp was found to be open

10.0.0.133 (tcp/5060)

Port 5060/tcp was found to be open

10.0.0.133 (tcp/5355)

Port 5355/tcp was found to be open

10.0.0.133 (tcp/8200)

Port 8200/tcp was found to be open

10.0.0.133 (tcp/10000)

Port 10000/tcp was found to be open

10.0.0.147 (tcp/80)

Port 80/tcp was found to be open

10.0.0.147 (tcp/443)

Port 443/tcp was found to be open

10.0.0.147 (tcp/2000)

Port 2000/tcp was found to be open

10.0.0.147 (tcp/5060)

Port 5060/tcp was found to be open

10.0.0.148 (tcp/111)

Port 111/tcp was found to be open

10.0.0.148 (tcp/135)

Port 135/tcp was found to be open

10.0.0.148 (tcp/139)

Port 139/tcp was found to be open

10.0.0.148 (tcp/445)

Port 445/tcp was found to be open

10.0.0.148 (tcp/1063)

Port 1063/tcp was found to be open

10.0.0.148 (tcp/2000)

Port 2000/tcp was found to be open

10.0.0.148 (tcp/2049)

Port 2049/tcp was found to be open

10.0.0.148 (tcp/3389)

Port 3389/tcp was found to be open

10.0.0.148 (tcp/5060)

Port 5060/tcp was found to be open

10.0.0.148 (tcp/9392)

Port 9392/tcp was found to be open

10.0.0.148 (tcp/9393)

Port 9393/tcp was found to be open

10.0.0.148 (tcp/10001)

Port 10001/tcp was found to be open

10.0.0.148 (tcp/10002)

Port 10002/tcp was found to be open

10.0.0.148 (tcp/10003)

Port 10003/tcp was found to be open

10.0.0.148 (tcp/10005)

Port 10005/tcp was found to be open

10.0.0.153 (tcp/80)

Port 80/tcp was found to be open

10.0.0.153 (tcp/443)

Port 443/tcp was found to be open

10.0.0.153 (tcp/2000)

Port 2000/tcp was found to be open

10.0.0.153 (tcp/5060)

Port 5060/tcp was found to be open

10.0.0.158 (tcp/25)

Port 25/tcp was found to be open

10.0.0.158 (tcp/80)

Port 80/tcp was found to be open

10.0.0.158 (tcp/135)

Port 135/tcp was found to be open

10.0.0.158 (tcp/139)

Port 139/tcp was found to be open

10.0.0.158 (tcp/443)

Port 443/tcp was found to be open

10.0.0.158 (tcp/445)

Port 445/tcp was found to be open

10.0.0.158 (tcp/1801)

Port 1801/tcp was found to be open

10.0.0.158 (tcp/2000)

Port 2000/tcp was found to be open

10.0.0.158 (tcp/2103)

Port 2103/tcp was found to be open

10.0.0.158 (tcp/2105)

Port 2105/tcp was found to be open

10.0.0.158 (tcp/2107)

Port 2107/tcp was found to be open

10.0.0.158 (tcp/3389)

Port 3389/tcp was found to be open

10.0.0.158 (tcp/4988)

Port 4988/tcp was found to be open

10.0.0.158 (tcp/5000)

Port 5000/tcp was found to be open

10.0.0.158 (tcp/5060)

Port 5060/tcp was found to be open

10.0.0.158 (tcp/8082)

Port 8082/tcp was found to be open

10.0.0.158 (tcp/8400)

Port 8400/tcp was found to be open

10.0.0.158 (tcp/8402)

Port 8402/tcp was found to be open

10.0.0.158 (tcp/48000)

Port 48000/tcp was found to be open

10.0.0.158 (tcp/48001)

Port 48001/tcp was found to be open

10.0.0.169 (tcp/21)

Port 21/tcp was found to be open

10.0.0.169 (tcp/22)

Port 22/tcp was found to be open

10.0.0.169 (tcp/2000)

Port 2000/tcp was found to be open

10.0.0.169 (tcp/5060)

Port 5060/tcp was found to be open

10.0.0.178 (tcp/80)

Port 80/tcp was found to be open

10.0.0.178 (tcp/443)

Port 443/tcp was found to be open

10.0.0.178 (tcp/2000)

Port 2000/tcp was found to be open

10.0.0.178 (tcp/5060)

Port 5060/tcp was found to be open

10.0.0.182 (tcp/80)

Port 80/tcp was found to be open

10.0.0.182 (tcp/443)

Port 443/tcp was found to be open

10.0.0.182 (tcp/554)

Port 554/tcp was found to be open

10.0.0.182 (tcp/2000)

Port 2000/tcp was found to be open

10.0.0.182 (tcp/5060)

Port 5060/tcp was found to be open

10.0.0.201 (tcp/22)

Port 22/tcp was found to be open

10.0.0.201 (tcp/2000)

Port 2000/tcp was found to be open

10.0.0.201 (tcp/5060)

Port 5060/tcp was found to be open
22964 (156) - Service Detection
Synopsis
The remote service could be identified.
Description
Nessus was able to identify the remote service by its banner or by looking at the error message it sends when it receives an HTTP request.
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2007/08/19, Modified: 2018/04/24
Plugin Output

10.0.0.1 (tcp/80)

A web server is running on this port.

10.0.0.1 (tcp/81)

A web server is running on this port.

10.0.0.1 (tcp/8090)

A web server is running on this port.

10.0.0.1 (tcp/8181)

A web server is running on this port.

10.0.0.1 (tcp/8889)

A web server is running on this port.

10.0.0.8 (tcp/2000)

The service closed the connection without sending any data.
It might be protected by some sort of TCP wrapper.

10.0.0.8 (tcp/5060)

The service closed the connection without sending any data.
It might be protected by some sort of TCP wrapper.

10.0.0.14 (tcp/21)

An FTP server is running on this port.

10.0.0.14 (tcp/80)

A web server is running on this port.

10.0.0.14 (tcp/6002)

A web server is running on this port.

10.0.0.14 (tcp/7002)

A web server is running on this port.

10.0.0.14 (tcp/47001)

A web server is running on this port.

10.0.0.21 (tcp/80)

A web server is running on this port.

10.0.0.21 (tcp/443)

A TLSv1 server answered on this port.

10.0.0.21 (tcp/443)

A web server is running on this port through TLSv1.

10.0.0.21 (tcp/2000)

The service closed the connection without sending any data.
It might be protected by some sort of TCP wrapper.

10.0.0.21 (tcp/5060)

The service closed the connection without sending any data.
It might be protected by some sort of TCP wrapper.

10.0.0.22 (tcp/80)

A web server is running on this port.

10.0.0.22 (tcp/2000)

The service closed the connection without sending any data.
It might be protected by some sort of TCP wrapper.

10.0.0.22 (tcp/5060)

The service closed the connection without sending any data.
It might be protected by some sort of TCP wrapper.

10.0.0.22 (tcp/48000)

An SSLv3 server answered on this port.

10.0.0.22 (tcp/48001)

An SSLv3 server answered on this port.

10.0.0.25 (tcp/80)

A web server is running on this port.

10.0.0.25 (tcp/443)

A TLSv1 server answered on this port.

10.0.0.25 (tcp/443)

A web server is running on this port through TLSv1.

10.0.0.25 (tcp/593)

An http-rpc-epmap is running on this port.

10.0.0.25 (tcp/636)

A TLSv1 server answered on this port.

10.0.0.25 (tcp/2000)

The service closed the connection without sending any data.
It might be protected by some sort of TCP wrapper.

10.0.0.25 (tcp/3269)

A TLSv1 server answered on this port.

10.0.0.25 (tcp/5060)

The service closed the connection without sending any data.
It might be protected by some sort of TCP wrapper.

10.0.0.27 (tcp/593)

An http-rpc-epmap is running on this port.

10.0.0.27 (tcp/636)

A TLSv1 server answered on this port.

10.0.0.27 (tcp/2000)

The service closed the connection without sending any data.
It might be protected by some sort of TCP wrapper.

10.0.0.27 (tcp/3269)

A TLSv1 server answered on this port.

10.0.0.27 (tcp/5060)

The service closed the connection without sending any data.
It might be protected by some sort of TCP wrapper.

10.0.0.39 (tcp/2000)

The service closed the connection without sending any data.
It might be protected by some sort of TCP wrapper.

10.0.0.39 (tcp/5060)

The service closed the connection without sending any data.
It might be protected by some sort of TCP wrapper.

10.0.0.43 (tcp/22)

An SSH server is running on this port.

10.0.0.43 (tcp/80)

A web server is running on this port.

10.0.0.43 (tcp/443)

A TLSv1 server answered on this port.

10.0.0.43 (tcp/443)

A web server is running on this port through TLSv1.

10.0.0.43 (tcp/2000)

The service closed the connection without sending any data.
It might be protected by some sort of TCP wrapper.

10.0.0.43 (tcp/5060)

The service closed the connection without sending any data.
It might be protected by some sort of TCP wrapper.

10.0.0.44 (tcp/80)

A web server is running on this port.

10.0.0.44 (tcp/443)

A TLSv1 server answered on this port.

10.0.0.44 (tcp/443)

A web server is running on this port through TLSv1.

10.0.0.44 (tcp/902)

A VMware authentication daemon is running on this port.

10.0.0.44 (tcp/5989)

A TLSv1 server answered on this port.

10.0.0.44 (tcp/5989)

A web server is running on this port through TLSv1.

10.0.0.44 (tcp/5989)

SBLIM Small Footprint CIM Broker is running on this port through TLSv1.

10.0.0.44 (tcp/8100)

The service closed the connection without sending any data.
It might be protected by some sort of TCP wrapper.

10.0.0.45 (tcp/22)

An SSH server is running on this port.

10.0.0.45 (tcp/80)

A web server is running on this port.

10.0.0.45 (tcp/443)

A TLSv1 server answered on this port.

10.0.0.45 (tcp/443)

A web server is running on this port through TLSv1.

10.0.0.45 (tcp/2000)

The service closed the connection without sending any data.
It might be protected by some sort of TCP wrapper.

10.0.0.45 (tcp/5060)

The service closed the connection without sending any data.
It might be protected by some sort of TCP wrapper.

10.0.0.46 (tcp/80)

A web server is running on this port.

10.0.0.46 (tcp/443)

A TLSv1 server answered on this port.

10.0.0.46 (tcp/443)

A web server is running on this port through TLSv1.

10.0.0.46 (tcp/902)

A VMware authentication daemon is running on this port.

10.0.0.46 (tcp/5989)

A TLSv1 server answered on this port.

10.0.0.46 (tcp/5989)

A web server is running on this port through TLSv1.

10.0.0.46 (tcp/5989)

SBLIM Small Footprint CIM Broker is running on this port through TLSv1.

10.0.0.47 (tcp/22)

An SSH server is running on this port.

10.0.0.47 (tcp/80)

A web server is running on this port.

10.0.0.47 (tcp/443)

A TLSv1 server answered on this port.

10.0.0.47 (tcp/443)

A web server is running on this port through TLSv1.

10.0.0.47 (tcp/1514)

A TLSv1 server answered on this port.

10.0.0.47 (tcp/2000)

The service closed the connection without sending any data.
It might be protected by some sort of TCP wrapper.

10.0.0.47 (tcp/5060)

The service closed the connection without sending any data.
It might be protected by some sort of TCP wrapper.

10.0.0.47 (tcp/8190)

A web server is running on this port.

10.0.0.47 (tcp/8191)

A TLSv1 server answered on this port.

10.0.0.47 (tcp/8191)

A web server is running on this port through TLSv1.

10.0.0.47 (tcp/8443)

A TLSv1 server answered on this port.

10.0.0.47 (tcp/8443)

A web server is running on this port through TLSv1.

10.0.0.47 (tcp/9443)

A TLSv1 server answered on this port.

10.0.0.47 (tcp/9443)

A web server is running on this port through TLSv1.

10.0.0.47 (tcp/22000)

A web server is running on this port.

10.0.0.60 (tcp/2000)

The service closed the connection without sending any data.
It might be protected by some sort of TCP wrapper.

10.0.0.60 (tcp/5060)

The service closed the connection without sending any data.
It might be protected by some sort of TCP wrapper.

10.0.0.64 (tcp/3306)

A MySQL server is running on this port.

10.0.0.64 (tcp/6169)

The service closed the connection without sending any data.
It might be protected by some sort of TCP wrapper.

10.0.0.84 (tcp/80)

A web server is running on this port.

10.0.0.84 (tcp/443)

A web server is running on this port.

10.0.0.85 (tcp/2000)

The service closed the connection without sending any data.
It might be protected by some sort of TCP wrapper.

10.0.0.85 (tcp/5060)

The service closed the connection without sending any data.
It might be protected by some sort of TCP wrapper.

10.0.0.85 (tcp/62078)

The service closed the connection without sending any data.
It might be protected by some sort of TCP wrapper.

10.0.0.87 (tcp/80)

A web server is running on this port.

10.0.0.94 (tcp/80)

A web server is running on this port.

10.0.0.94 (tcp/443)

A TLSv1 server answered on this port.

10.0.0.94 (tcp/443)

A web server is running on this port through TLSv1.

10.0.0.94 (tcp/2000)

The service closed the connection without sending any data.
It might be protected by some sort of TCP wrapper.

10.0.0.94 (tcp/5060)

The service closed the connection without sending any data.
It might be protected by some sort of TCP wrapper.

10.0.0.99 (tcp/80)

A web server is running on this port.

10.0.0.99 (tcp/443)

A web server is running on this port.

10.0.0.100 (tcp/80)

A web server is running on this port.

10.0.0.100 (tcp/443)

A web server is running on this port.

10.0.0.105 (tcp/80)

A web server is running on this port.

10.0.0.105 (tcp/443)

A web server is running on this port.

10.0.0.110 (tcp/21)

An FTP server is running on this port.

10.0.0.110 (tcp/22)

An SSH server is running on this port.

10.0.0.110 (tcp/2000)

The service closed the connection without sending any data.
It might be protected by some sort of TCP wrapper.

10.0.0.110 (tcp/2345)

A MySQL server is running on this port.

10.0.0.110 (tcp/5060)

The service closed the connection without sending any data.
It might be protected by some sort of TCP wrapper.

10.0.0.111 (tcp/22)

An SSH server is running on this port.

10.0.0.111 (tcp/2000)

The service closed the connection without sending any data.
It might be protected by some sort of TCP wrapper.

10.0.0.111 (tcp/5060)

The service closed the connection without sending any data.
It might be protected by some sort of TCP wrapper.

10.0.0.112 (tcp/2000)

The service closed the connection without sending any data.
It might be protected by some sort of TCP wrapper.

10.0.0.112 (tcp/5060)

The service closed the connection without sending any data.
It might be protected by some sort of TCP wrapper.

10.0.0.122 (tcp/80)

A web server is running on this port.

10.0.0.122 (tcp/443)

A web server is running on this port.

10.0.0.131 (tcp/2000)

The service closed the connection without sending any data.
It might be protected by some sort of TCP wrapper.

10.0.0.131 (tcp/5060)

The service closed the connection without sending any data.
It might be protected by some sort of TCP wrapper.

10.0.0.133 (tcp/80)

A web server is running on this port.

10.0.0.133 (tcp/443)

A TLSv1 server answered on this port.

10.0.0.133 (tcp/443)

A web server is running on this port through TLSv1.

10.0.0.133 (tcp/2000)

The service closed the connection without sending any data.
It might be protected by some sort of TCP wrapper.

10.0.0.133 (tcp/3702)

The service closed the connection without sending any data.
It might be protected by some sort of TCP wrapper.

10.0.0.133 (tcp/5060)

The service closed the connection without sending any data.
It might be protected by some sort of TCP wrapper.

10.0.0.133 (tcp/5355)

The service closed the connection without sending any data.
It might be protected by some sort of TCP wrapper.

10.0.0.133 (tcp/8200)

A web server is running on this port.

10.0.0.133 (tcp/10000)

A web server is running on this port.

10.0.0.147 (tcp/80)

A web server is running on this port.

10.0.0.147 (tcp/443)

A web server is running on this port.

10.0.0.147 (tcp/2000)

The service closed the connection without sending any data.
It might be protected by some sort of TCP wrapper.

10.0.0.147 (tcp/5060)

The service closed the connection without sending any data.
It might be protected by some sort of TCP wrapper.

10.0.0.153 (tcp/80)

A web server is running on this port.

10.0.0.153 (tcp/443)

A web server is running on this port.

10.0.0.158 (tcp/25)

An SMTP server is running on this port.

10.0.0.158 (tcp/80)

A web server is running on this port.

10.0.0.158 (tcp/443)

A TLSv1 server answered on this port.

10.0.0.158 (tcp/443)

A web server is running on this port through TLSv1.

10.0.0.158 (tcp/2000)

The service closed the connection without sending any data.
It might be protected by some sort of TCP wrapper.

10.0.0.158 (tcp/4988)

A web server is running on this port.

10.0.0.158 (tcp/5000)

A web server is running on this port.

10.0.0.158 (tcp/5060)

The service closed the connection without sending any data.
It might be protected by some sort of TCP wrapper.

10.0.0.158 (tcp/8082)

A web server is running on this port.

10.0.0.158 (tcp/48000)

An SSLv3 server answered on this port.

10.0.0.158 (tcp/48001)

An SSLv3 server answered on this port.

10.0.0.169 (tcp/21)

An FTP server is running on this port.

10.0.0.169 (tcp/22)

An SSH server is running on this port.

10.0.0.169 (tcp/2000)

The service closed the connection without sending any data.
It might be protected by some sort of TCP wrapper.

10.0.0.169 (tcp/5060)

The service closed the connection without sending any data.
It might be protected by some sort of TCP wrapper.

10.0.0.178 (tcp/80)

A web server is running on this port.

10.0.0.178 (tcp/443)

A web server is running on this port.

10.0.0.182 (tcp/80)

A web server is running on this port.

10.0.0.182 (tcp/443)

A web server is running on this port.

10.0.0.182 (tcp/2000)

The service closed the connection without sending any data.
It might be protected by some sort of TCP wrapper.

10.0.0.182 (tcp/5060)

The service closed the connection without sending any data.
It might be protected by some sort of TCP wrapper.

10.0.0.201 (tcp/22)

An SSH server is running on this port.

10.0.0.201 (tcp/2000)

The service closed the connection without sending any data.
It might be protected by some sort of TCP wrapper.

10.0.0.201 (tcp/5060)

The service closed the connection without sending any data.
It might be protected by some sort of TCP wrapper.

10.0.0.248 (tcp/80)

A web server is running on this port.

10.0.0.249 (tcp/23)

A telnet server is running on this port.

10.0.0.249 (tcp/80)

A web server is running on this port.
10736 (116) - DCE Services Enumeration
Synopsis
A DCE/RPC service is running on the remote host.
Description
By sending a Lookup request to the portmapper (TCP 135 or epmapper PIPE) it was possible to enumerate the Distributed Computing Environment (DCE) services running on the remote port. Using this information it is possible to connect and bind to each service by sending an RPC request to the remote port/pipe.
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2001/08/26, Modified: 2014/05/12
Plugin Output

10.0.0.8 (tcp/135)


The following DCERPC services are available locally :

Object UUID : 6d726574-7273-0076-0000-000000000000
UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0
Description : Unknown RPC service
Annotation : Impl friendly name
Type : Local RPC service
Named pipe : LRPC-734d102b0bfd247211

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0
Description : Security Account Manager
Windows process : lsass.exe
Type : Local RPC service
Named pipe : samss lpc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0
Description : Security Account Manager
Windows process : lsass.exe
Type : Local RPC service
Named pipe : dsrole

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0
Description : Security Account Manager
Windows process : lsass.exe
Type : Local RPC service
Named pipe : protected_storage

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0
Description : Security Account Manager
Windows process : lsass.exe
Type : Local RPC service
Named pipe : securityevent

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0
Description : Security Account Manager
Windows process : lsass.exe
Type : Local RPC service
Named pipe : audit

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0
Description : Security Account Manager
Windows process : lsass.exe
Type : Local RPC service
Named pipe : LRPC-1c49c49e77c2a4c50e

Object UUID : 3bdb59a0-d736-4d44-9074-c1ee00000003
UUID : 24019106-a203-4642-b88d-82dae9158929, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-1e541ba2100bc6086e

Object UUID : b08669ee-8cb5-43a5-a017-84fe00000003
UUID : 76f226c3-ec14-4325-8a99-6a46348418af, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : WMsgKRpc0288B492B3

Object UUID : 52ef130c-08fd-4388-86b3-6edf00000003
UUID : 12e65dd8-887f-41ef-91bf-8d816c42c2e7, version 1.0
Description : Unknown RPC service
Annotation : Secure Desktop LRPC interface
Type : Local RPC service
Named pipe : WMsgKRpc0288B492B3

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 2f5f6521-cb55-1059-b446-00df0bce31db, version 1.0
Description : Telephony service
Windows process : svchost.exe
Annotation : Unimodem LRPC Endpoint
Type : Local RPC service
Named pipe : tapsrvlpc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 2f5f6521-cb55-1059-b446-00df0bce31db, version 1.0
Description : Telephony service
Windows process : svchost.exe
Annotation : Unimodem LRPC Endpoint
Type : Local RPC service
Named pipe : unimdmsvc

Object UUID : ffe714eb-cf9b-428a-9836-cf49198ffca9
UUID : 906b0ce0-c70b-1067-b317-00dd010662da, version 1.0
Description : Distributed Transaction Coordinator
Windows process : msdtc.exe
Type : Local RPC service
Named pipe : LRPC-51a801585cdbd6361e

Object UUID : 7dbcbe92-956a-4559-a013-12ac608f2a5d
UUID : 906b0ce0-c70b-1067-b317-00dd010662da, version 1.0
Description : Distributed Transaction Coordinator
Windows process : msdtc.exe
Type : Local RPC service
Named pipe : LRPC-51a801585cdbd6361e

Object UUID : 38cf5565-29a1-446d-8849-0780ded465f3
UUID : 906b0ce0-c70b-1067-b317-00dd010662da, version 1.0
Description : Distributed Transaction Coordinator
Windows process : msdtc.exe
Type : Local RPC service
Named pipe : LRPC-51a801585cdbd6361e

Object UUID : 3efc3fd9-902e-4774-bacb-d011b618c794
UUID : 906b0ce0-c70b-1067-b317-00dd010662da, version 1.0
Description : Distributed Transaction Coordinator
Windows process : msdtc.exe
Type : Local RPC service
Named pipe : LRPC-51a801585cdbd6361e

Object UUID : fe9c7873-e54f-4df1-805a-c08e69ccd54a
UUID : 906b0ce0-c70b-1067-b317-00dd010662da, version 1.0
Description : Distributed Transaction Coordinator
Windows process : msdtc.exe
Type : Local RPC service
Named pipe : OLE2C4A285C0DC74CB08921AB72AB89

Object UUID : fe9c7873-e54f-4df1-805a-c08e69ccd54a
UUID : 906b0ce0-c70b-1067-b317-00dd010662da, version 1.0
Description : Distributed Transaction Coordinator
Windows process : msdtc.exe
Type : Local RPC service
Named pipe : LRPC-f608f70f0d1c2b3f10

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345678-1234-abcd-ef00-0123456789ab, version 1.0
Description : IPsec Services (Windows XP & 2003)
Windows process : lsass.exe
Annotation : IPSec Policy agent endpoint
Type : Local RPC service
Named pipe : LRPC-e6f1f0243242abbb6c

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 0b6edbfa-4a24-4fc6-8a23-942b1eca65d1, version 1.0
Description : Unknown RPC service
Annotation : Spooler function endpoint
Type : Local RPC service
Named pipe : spoolss

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : ae33069b-a2a8-46ee-a235-ddfd339be281, version 1.0
Description : Unknown RPC service
Annotation : Spooler base remote object endpoint
Type : Local RPC service
Named pipe : spoolss

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 4a452661-8290-4b36-8fbe-7f4093a94978, version 1.0
Description : Unknown RPC service
Annotation : Spooler function endpoint
Type : Local RPC service
Named pipe : spoolss

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : dd490425-5325-4565-b774-7e27d6c09c24, version 1.0
Description : Unknown RPC service
Annotation : Base Firewall Engine API
Type : Local RPC service
Named pipe : LRPC-d97b3c85cead47c126

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 7f9d11bf-7fb9-436b-a812-b2d50c5d4c03, version 1.0
Description : Unknown RPC service
Annotation : Fw APIs
Type : Local RPC service
Named pipe : LRPC-d97b3c85cead47c126

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 2fb92682-6599-42dc-ae13-bd2ca89bd11c, version 1.0
Description : Unknown RPC service
Annotation : Fw APIs
Type : Local RPC service
Named pipe : LRPC-d97b3c85cead47c126

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 7ea70bcf-48af-4f6a-8968-6a440754d5fa, version 1.0
Description : Unknown RPC service
Annotation : NSI server endpoint
Type : Local RPC service
Named pipe : OLEBBDFA4AAB59B4DF893EB485B74CE

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 7ea70bcf-48af-4f6a-8968-6a440754d5fa, version 1.0
Description : Unknown RPC service
Annotation : NSI server endpoint
Type : Local RPC service
Named pipe : LRPC-3dcb72ed003ff01993

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 3473dd4d-2e88-4006-9cba-22570909dd10, version 5.0
Description : Unknown RPC service
Annotation : WinHttp Auto-Proxy Service
Type : Local RPC service
Named pipe : OLEBBDFA4AAB59B4DF893EB485B74CE

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 3473dd4d-2e88-4006-9cba-22570909dd10, version 5.0
Description : Unknown RPC service
Annotation : WinHttp Auto-Proxy Service
Type : Local RPC service
Named pipe : LRPC-3dcb72ed003ff01993

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 3473dd4d-2e88-4006-9cba-22570909dd10, version 5.0
Description : Unknown RPC service
Annotation : WinHttp Auto-Proxy Service
Type : Local RPC service
Named pipe : W32TIME_ALT

Object UUID : 3bdb59a0-d736-4d44-9074-c1ee00000001
UUID : 24019106-a203-4642-b88d-82dae9158929, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-ce08dd7160fb0d3fa4

Object UUID : 6c637067-6569-746e-0000-000000000000
UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0
Description : Unknown RPC service
Annotation : Impl friendly name
Type : Local RPC service
Named pipe : LRPC-b3f2e6ba22b8a071bf

Object UUID : 24d1f7c7-76af-4f28-9ccd-7f6cb6468601
UUID : 2eb08e3e-639f-4fba-97b1-14f878961076, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-b3f2e6ba22b8a071bf

Object UUID : 666f7270-6c69-7365-0000-000000000000
UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0
Description : Unknown RPC service
Annotation : Impl friendly name
Type : Local RPC service
Named pipe : IUserProfile2

Object UUID : 736e6573-0000-0000-0000-000000000000
UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0
Description : Unknown RPC service
Annotation : Impl friendly name
Type : Local RPC service
Named pipe : IUserProfile2

Object UUID : 736e6573-0000-0000-0000-000000000000
UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0
Description : Unknown RPC service
Annotation : Impl friendly name
Type : Local RPC service
Named pipe : senssvc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 0a74ef1c-41a4-4e06-83ae-dc74fb1cdd53, version 1.0
Description : Scheduler Service
Windows process : svchost.exe
Type : Local RPC service
Named pipe : IUserProfile2

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 0a74ef1c-41a4-4e06-83ae-dc74fb1cdd53, version 1.0
Description : Scheduler Service
Windows process : svchost.exe
Type : Local RPC service
Named pipe : senssvc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 0a74ef1c-41a4-4e06-83ae-dc74fb1cdd53, version 1.0
Description : Scheduler Service
Windows process : svchost.exe
Type : Local RPC service
Named pipe : OLEAE425684D4FF4E799748A5390B42

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 1ff70682-0a51-30e8-076d-740be8cee98b, version 1.0
Description : Scheduler Service
Windows process : svchost.exe
Type : Local RPC service
Named pipe : IUserProfile2

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 1ff70682-0a51-30e8-076d-740be8cee98b, version 1.0
Description : Scheduler Service
Windows process : svchost.exe
Type : Local RPC service
Named pipe : senssvc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 1ff70682-0a51-30e8-076d-740be8cee98b, version 1.0
Description : Scheduler Service
Windows process : svchost.exe
Type : Local RPC service
Named pipe : OLEAE425684D4FF4E799748A5390B42

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 378e52b0-c0a9-11cf-822d-00aa0051e40f, version 1.0
Description : Scheduler Service
Windows process : svchost.exe
Type : Local RPC service
Named pipe : IUserProfile2

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 378e52b0-c0a9-11cf-822d-00aa0051e40f, version 1.0
Description : Scheduler Service
Windows process : svchost.exe
Type : Local RPC service
Named pipe : senssvc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 378e52b0-c0a9-11cf-822d-00aa0051e40f, version 1.0
Description : Scheduler Service
Windows process : svchost.exe
Type : Local RPC service
Named pipe : OLEAE425684D4FF4E799748A5390B42

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 86d35949-83c9-4044-b424-db363231fd0c, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : IUserProfile2

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 86d35949-83c9-4044-b424-db363231fd0c, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : senssvc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 86d35949-83c9-4044-b424-db363231fd0c, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : OLEAE425684D4FF4E799748A5390B42

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : a398e520-d59a-4bdd-aa7a-3c1e0303a511, version 1.0
Description : Unknown RPC service
Annotation : IKE/Authip API
Type : Local RPC service
Named pipe : IUserProfile2

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : a398e520-d59a-4bdd-aa7a-3c1e0303a511, version 1.0
Description : Unknown RPC service
Annotation : IKE/Authip API
Type : Local RPC service
Named pipe : senssvc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : a398e520-d59a-4bdd-aa7a-3c1e0303a511, version 1.0
Description : Unknown RPC service
Annotation : IKE/Authip API
Type : Local RPC service
Named pipe : OLEAE425684D4FF4E799748A5390B42

Object UUID : 73736573-6f69-656e-6e76-000000000000
UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0
Description : Unknown RPC service
Annotation : Impl friendly name
Type : Local RPC service
Named pipe : IUserProfile2

Object UUID : 73736573-6f69-656e-6e76-000000000000
UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0
Description : Unknown RPC service
Annotation : Impl friendly name
Type : Local RPC service
Named pipe : senssvc

Object UUID : 73736573-6f69-656e-6e76-000000000000
UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0
Description : Unknown RPC service
Annotation : Impl friendly name
Type : Local RPC service
Named pipe : OLEAE425684D4FF4E799748A5390B42

Object UUID : 73736573-6f69-656e-6e76-000000000000
UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0
Description : Unknown RPC service
Annotation : Impl friendly name
Type : Local RPC service
Named pipe : SECLOGON

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 30b044a5-a225-43f0-b3a4-e060df91f9c1, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : IUserProfile2

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 30b044a5-a225-43f0-b3a4-e060df91f9c1, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : senssvc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 30b044a5-a225-43f0-b3a4-e060df91f9c1, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : OLEAE425684D4FF4E799748A5390B42

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 30b044a5-a225-43f0-b3a4-e060df91f9c1, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : SECLOGON

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 201ef99a-7fa0-444c-9399-19ba84f12a1a, version 1.0
Description : Unknown RPC service
Annotation : AppInfo
Type : Local RPC service
Named pipe : IUserProfile2

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 201ef99a-7fa0-444c-9399-19ba84f12a1a, version 1.0
Description : Unknown RPC service
Annotation : AppInfo
Type : Local RPC service
Named pipe : senssvc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 201ef99a-7fa0-444c-9399-19ba84f12a1a, version 1.0
Description : Unknown RPC service
Annotation : AppInfo
Type : Local RPC service
Named pipe : OLEAE425684D4FF4E799748A5390B42

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 201ef99a-7fa0-444c-9399-19ba84f12a1a, version 1.0
Description : Unknown RPC service
Annotation : AppInfo
Type : Local RPC service
Named pipe : SECLOGON

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 201ef99a-7fa0-444c-9399-19ba84f12a1a, version 1.0
Description : Unknown RPC service
Annotation : AppInfo
Type : Local RPC service
Named pipe : RasmanRpc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 5f54ce7d-5b79-4175-8584-cb65313a0e98, version 1.0
Description : Unknown RPC service
Annotation : AppInfo
Type : Local RPC service
Named pipe : IUserProfile2

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 5f54ce7d-5b79-4175-8584-cb65313a0e98, version 1.0
Description : Unknown RPC service
Annotation : AppInfo
Type : Local RPC service
Named pipe : senssvc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 5f54ce7d-5b79-4175-8584-cb65313a0e98, version 1.0
Description : Unknown RPC service
Annotation : AppInfo
Type : Local RPC service
Named pipe : OLEAE425684D4FF4E799748A5390B42

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 5f54ce7d-5b79-4175-8584-cb65313a0e98, version 1.0
Description : Unknown RPC service
Annotation : AppInfo
Type : Local RPC service
Named pipe : SECLOGON

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 5f54ce7d-5b79-4175-8584-cb65313a0e98, version 1.0
Description : Unknown RPC service
Annotation : AppInfo
Type : Local RPC service
Named pipe : RasmanRpc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : fd7a0523-dc70-43dd-9b2e-9c5ed48225b1, version 1.0
Description : Unknown RPC service
Annotation : AppInfo
Type : Local RPC service
Named pipe : IUserProfile2

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : fd7a0523-dc70-43dd-9b2e-9c5ed48225b1, version 1.0
Description : Unknown RPC service
Annotation : AppInfo
Type : Local RPC service
Named pipe : senssvc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : fd7a0523-dc70-43dd-9b2e-9c5ed48225b1, version 1.0
Description : Unknown RPC service
Annotation : AppInfo
Type : Local RPC service
Named pipe : OLEAE425684D4FF4E799748A5390B42

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : fd7a0523-dc70-43dd-9b2e-9c5ed48225b1, version 1.0
Description : Unknown RPC service
Annotation : AppInfo
Type : Local RPC service
Named pipe : SECLOGON

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : fd7a0523-dc70-43dd-9b2e-9c5ed48225b1, version 1.0
Description : Unknown RPC service
Annotation : AppInfo
Type : Local RPC service
Named pipe : RasmanRpc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : f6beaff7-1e19-4fbb-9f8f-b89e2018337c, version 1.0
Description : Unknown RPC service
Annotation : Event log TCPIP
Type : Local RPC service
Named pipe : eventlog

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d6, version 1.0
Description : Unknown RPC service
Annotation : DHCPv6 Client LRPC Endpoint
Type : Local RPC service
Named pipe : eventlog

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d6, version 1.0
Description : Unknown RPC service
Annotation : DHCPv6 Client LRPC Endpoint
Type : Local RPC service
Named pipe : dhcpcsvc6

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d5, version 1.0
Description : DHCP Client Service
Windows process : svchost.exe
Annotation : DHCP Client LRPC Endpoint
Type : Local RPC service
Named pipe : eventlog

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d5, version 1.0
Description : DHCP Client Service
Windows process : svchost.exe
Annotation : DHCP Client LRPC Endpoint
Type : Local RPC service
Named pipe : dhcpcsvc6

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d5, version 1.0
Description : DHCP Client Service
Windows process : svchost.exe
Annotation : DHCP Client LRPC Endpoint
Type : Local RPC service
Named pipe : dhcpcsvc

Object UUID : b08669ee-8cb5-43a5-a017-84fe00000001
UUID : 76f226c3-ec14-4325-8a99-6a46348418af, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : WMsgKRpc0FD8C1

Object UUID : b08669ee-8cb5-43a5-a017-84fe00000000
UUID : 76f226c3-ec14-4325-8a99-6a46348418af, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : WMsgKRpc0F32A0

Object UUID : b08669ee-8cb5-43a5-a017-84fe00000000
UUID : 76f226c3-ec14-4325-8a99-6a46348418af, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : WindowsShutdown

Object UUID : 765294ba-60bc-48b8-92e9-89fd77769d91
UUID : d95afe70-a6d5-4259-822e-2c84da1ddb0d, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : WMsgKRpc0F32A0

Object UUID : 765294ba-60bc-48b8-92e9-89fd77769d91
UUID : d95afe70-a6d5-4259-822e-2c84da1ddb0d, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : WindowsShutdown

Object UUID : 00736665-0000-0000-0000-000000000000
UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0
Description : Unknown RPC service
Annotation : Impl friendly name
Type : Local RPC service
Named pipe : LRPC-1c49c49e77c2a4c50e

Object UUID : 00736665-0000-0000-0000-000000000000
UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0
Description : Unknown RPC service
Annotation : Impl friendly name
Type : Local RPC service
Named pipe : audit

Object UUID : 00736665-0000-0000-0000-000000000000
UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0
Description : Unknown RPC service
Annotation : Impl friendly name
Type : Local RPC service
Named pipe : securityevent

Object UUID : 00736665-0000-0000-0000-000000000000
UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0
Description : Unknown RPC service
Annotation : Impl friendly name
Type : Local RPC service
Named pipe : protected_storage

Object UUID : 00736665-0000-0000-0000-000000000000
UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0
Description : Unknown RPC service
Annotation : Impl friendly name
Type : Local RPC service
Named pipe : dsrole

Object UUID : 00736665-0000-0000-0000-000000000000
UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0
Description : Unknown RPC service
Annotation : Impl friendly name
Type : Local RPC service
Named pipe : samss lpc

10.0.0.8 (tcp/139)


The following DCERPC services are available remotely :

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0
Description : Security Account Manager
Windows process : lsass.exe
Type : Remote RPC service
Named pipe : \PIPE\protected_storage
Netbios name : \\427576-DB2-NEW

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0
Description : Security Account Manager
Windows process : lsass.exe
Type : Remote RPC service
Named pipe : \pipe\lsass
Netbios name : \\427576-DB2-NEW

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 2f5f6521-cb55-1059-b446-00df0bce31db, version 1.0
Description : Telephony service
Windows process : svchost.exe
Annotation : Unimodem LRPC Endpoint
Type : Remote RPC service
Named pipe : \pipe\tapsrv
Netbios name : \\427576-DB2-NEW

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 3473dd4d-2e88-4006-9cba-22570909dd10, version 5.0
Description : Unknown RPC service
Annotation : WinHttp Auto-Proxy Service
Type : Remote RPC service
Named pipe : \PIPE\wkssvc
Netbios name : \\427576-DB2-NEW

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 3473dd4d-2e88-4006-9cba-22570909dd10, version 5.0
Description : Unknown RPC service
Annotation : WinHttp Auto-Proxy Service
Type : Remote RPC service
Named pipe : \PIPE\W32TIME_ALT
Netbios name : \\427576-DB2-NEW

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 1ff70682-0a51-30e8-076d-740be8cee98b, version 1.0
Description : Scheduler Service
Windows process : svchost.exe
Type : Remote RPC service
Named pipe : \PIPE\atsvc
Netbios name : \\427576-DB2-NEW

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 378e52b0-c0a9-11cf-822d-00aa0051e40f, version 1.0
Description : Scheduler Service
Windows process : svchost.exe
Type : Remote RPC service
Named pipe : \PIPE\atsvc
Netbios name : \\427576-DB2-NEW

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 86d35949-83c9-4044-b424-db363231fd0c, version 1.0
Description : Unknown RPC service
Type : Remote RPC service
Named pipe : \PIPE\atsvc
Netbios name : \\427576-DB2-NEW

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : a398e520-d59a-4bdd-aa7a-3c1e0303a511, version 1.0
Description : Unknown RPC service
Annotation : IKE/Authip API
Type : Remote RPC service
Named pipe : \PIPE\atsvc
Netbios name : \\427576-DB2-NEW

Object UUID : 73736573-6f69-656e-6e76-000000000000
UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0
Description : Unknown RPC service
Annotation : Impl friendly name
Type : Remote RPC service
Named pipe : \PIPE\atsvc
Netbios name : \\427576-DB2-NEW

Object UUID : 73736573-6f69-656e-6e76-000000000000
UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0
Description : Unknown RPC service
Annotation : Impl friendly name
Type : Remote RPC service
Named pipe : \PIPE\srvsvc
Netbios name : \\427576-DB2-NEW

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 30b044a5-a225-43f0-b3a4-e060df91f9c1, version 1.0
Description : Unknown RPC service
Type : Remote RPC service
Named pipe : \PIPE\atsvc
Netbios name : \\427576-DB2-NEW

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 30b044a5-a225-43f0-b3a4-e060df91f9c1, version 1.0
Description : Unknown RPC service
Type : Remote RPC service
Named pipe : \PIPE\srvsvc
Netbios name : \\427576-DB2-NEW

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 201ef99a-7fa0-444c-9399-19ba84f12a1a, version 1.0
Description : Unknown RPC service
Annotation : AppInfo
Type : Remote RPC service
Named pipe : \PIPE\atsvc
Netbios name : \\427576-DB2-NEW

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 201ef99a-7fa0-444c-9399-19ba84f12a1a, version 1.0
Description : Unknown RPC service
Annotation : AppInfo
Type : Remote RPC service
Named pipe : \PIPE\srvsvc
Netbios name : \\427576-DB2-NEW

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 201ef99a-7fa0-444c-9399-19ba84f12a1a, version 1.0
Description : Unknown RPC service
Annotation : AppInfo
Type : Remote RPC service
Named pipe : \PIPE\ROUTER
Netbios name : \\427576-DB2-NEW

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 5f54ce7d-5b79-4175-8584-cb65313a0e98, version 1.0
Description : Unknown RPC service
Annotation : AppInfo
Type : Remote RPC service
Named pipe : \PIPE\atsvc
Netbios name : \\427576-DB2-NEW

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 5f54ce7d-5b79-4175-8584-cb65313a0e98, version 1.0
Description : Unknown RPC service
Annotation : AppInfo
Type : Remote RPC service
Named pipe : \PIPE\srvsvc
Netbios name : \\427576-DB2-NEW

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 5f54ce7d-5b79-4175-8584-cb65313a0e98, version 1.0
Description : Unknown RPC service
Annotation : AppInfo
Type : Remote RPC service
Named pipe : \PIPE\ROUTER
Netbios name : \\427576-DB2-NEW

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : fd7a0523-dc70-43dd-9b2e-9c5ed48225b1, version 1.0
Description : Unknown RPC service
Annotation : AppInfo
Type : Remote RPC service
Named pipe : \PIPE\atsvc
Netbios name : \\427576-DB2-NEW

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : fd7a0523-dc70-43dd-9b2e-9c5ed48225b1, version 1.0
Description : Unknown RPC service
Annotation : AppInfo
Type : Remote RPC service
Named pipe : \PIPE\srvsvc
Netbios name : \\427576-DB2-NEW

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : fd7a0523-dc70-43dd-9b2e-9c5ed48225b1, version 1.0
Description : Unknown RPC service
Annotation : AppInfo
Type : Remote RPC service
Named pipe : \PIPE\ROUTER
Netbios name : \\427576-DB2-NEW

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : f6beaff7-1e19-4fbb-9f8f-b89e2018337c, version 1.0
Description : Unknown RPC service
Annotation : Event log TCPIP
Type : Remote RPC service
Named pipe : \pipe\eventlog
Netbios name : \\427576-DB2-NEW

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d6, version 1.0
Description : Unknown RPC service
Annotation : DHCPv6 Client LRPC Endpoint
Type : Remote RPC service
Named pipe : \pipe\eventlog
Netbios name : \\427576-DB2-NEW

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d5, version 1.0
Description : DHCP Client Service
Windows process : svchost.exe
Annotation : DHCP Client LRPC Endpoint
Type : Remote RPC service
Named pipe : \pipe\eventlog
Netbios name : \\427576-DB2-NEW

Object UUID : b08669ee-8cb5-43a5-a017-84fe00000000
UUID : 76f226c3-ec14-4325-8a99-6a46348418af, version 1.0
Description : Unknown RPC service
Type : Remote RPC service
Named pipe : \PIPE\InitShutdown
Netbios name : \\427576-DB2-NEW

Object UUID : 765294ba-60bc-48b8-92e9-89fd77769d91
UUID : d95afe70-a6d5-4259-822e-2c84da1ddb0d, version 1.0
Description : Unknown RPC service
Type : Remote RPC service
Named pipe : \PIPE\InitShutdown
Netbios name : \\427576-DB2-NEW

Object UUID : 00736665-0000-0000-0000-000000000000
UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0
Description : Unknown RPC service
Annotation : Impl friendly name
Type : Remote RPC service
Named pipe : \pipe\lsass
Netbios name : \\427576-DB2-NEW

Object UUID : 00736665-0000-0000-0000-000000000000
UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0
Description : Unknown RPC service
Annotation : Impl friendly name
Type : Remote RPC service
Named pipe : \PIPE\protected_storage
Netbios name : \\427576-DB2-NEW

10.0.0.8 (tcp/49152)


The following DCERPC services are available on TCP port 49152 :

Object UUID : 765294ba-60bc-48b8-92e9-89fd77769d91
UUID : d95afe70-a6d5-4259-822e-2c84da1ddb0d, version 1.0
Description : Unknown RPC service
Type : Remote RPC service
TCP Port : 49152
IP : 10.0.0.8

10.0.0.8 (tcp/49153)


The following DCERPC services are available on TCP port 49153 :

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : f6beaff7-1e19-4fbb-9f8f-b89e2018337c, version 1.0
Description : Unknown RPC service
Annotation : Event log TCPIP
Type : Remote RPC service
TCP Port : 49153
IP : 10.0.0.8

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d6, version 1.0
Description : Unknown RPC service
Annotation : DHCPv6 Client LRPC Endpoint
Type : Remote RPC service
TCP Port : 49153
IP : 10.0.0.8

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d5, version 1.0
Description : DHCP Client Service
Windows process : svchost.exe
Annotation : DHCP Client LRPC Endpoint
Type : Remote RPC service
TCP Port : 49153
IP : 10.0.0.8

10.0.0.8 (tcp/49154)


The following DCERPC services are available on TCP port 49154 :

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 86d35949-83c9-4044-b424-db363231fd0c, version 1.0
Description : Unknown RPC service
Type : Remote RPC service
TCP Port : 49154
IP : 10.0.0.8

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : a398e520-d59a-4bdd-aa7a-3c1e0303a511, version 1.0
Description : Unknown RPC service
Annotation : IKE/Authip API
Type : Remote RPC service
TCP Port : 49154
IP : 10.0.0.8

Object UUID : 73736573-6f69-656e-6e76-000000000000
UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0
Description : Unknown RPC service
Annotation : Impl friendly name
Type : Remote RPC service
TCP Port : 49154
IP : 10.0.0.8

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 30b044a5-a225-43f0-b3a4-e060df91f9c1, version 1.0
Description : Unknown RPC service
Type : Remote RPC service
TCP Port : 49154
IP : 10.0.0.8

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 201ef99a-7fa0-444c-9399-19ba84f12a1a, version 1.0
Description : Unknown RPC service
Annotation : AppInfo
Type : Remote RPC service
TCP Port : 49154
IP : 10.0.0.8

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 5f54ce7d-5b79-4175-8584-cb65313a0e98, version 1.0
Description : Unknown RPC service
Annotation : AppInfo
Type : Remote RPC service
TCP Port : 49154
IP : 10.0.0.8

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : fd7a0523-dc70-43dd-9b2e-9c5ed48225b1, version 1.0
Description : Unknown RPC service
Annotation : AppInfo
Type : Remote RPC service
TCP Port : 49154
IP : 10.0.0.8

10.0.0.8 (tcp/49155)


The following DCERPC services are available on TCP port 49155 :

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0
Description : Security Account Manager
Windows process : lsass.exe
Type : Remote RPC service
TCP Port : 49155
IP : 10.0.0.8

10.0.0.8 (tcp/49161)


The following DCERPC services are available on TCP port 49161 :

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 6b5bdd1e-528c-422c-af8c-a4079be4fe48, version 1.0
Description : Unknown RPC service
Annotation : Remote Fw APIs
Type : Remote RPC service
TCP Port : 49161
IP : 10.0.0.8

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345678-1234-abcd-ef00-0123456789ab, version 1.0
Description : IPsec Services (Windows XP & 2003)
Windows process : lsass.exe
Annotation : IPSec Policy agent endpoint
Type : Remote RPC service
TCP Port : 49161
IP : 10.0.0.8

10.0.0.8 (tcp/49184)


The following DCERPC services are available on TCP port 49184 :

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 367abb81-9844-35f1-ad32-98f038001003, version 2.0
Description : Service Control Manager
Windows process : svchost.exe
Type : Remote RPC service
TCP Port : 49184
IP : 10.0.0.8

10.0.0.14 (tcp/135)


The following DCERPC services are available locally :

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0
Description : Security Account Manager
Windows process : lsass.exe
Type : Local RPC service
Named pipe : samss lpc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0
Description : Security Account Manager
Windows process : lsass.exe
Type : Local RPC service
Named pipe : dsrole

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0
Description : Security Account Manager
Windows process : lsass.exe
Type : Local RPC service
Named pipe : protected_storage

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0
Description : Security Account Manager
Windows process : lsass.exe
Type : Local RPC service
Named pipe : securityevent

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0
Description : Security Account Manager
Windows process : lsass.exe
Type : Local RPC service
Named pipe : audit

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0
Description : Security Account Manager
Windows process : lsass.exe
Type : Local RPC service
Named pipe : LRPC-5e4647b940e00e21bf

Object UUID : 00736665-0000-0000-0000-000000000000
UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0
Description : Unknown RPC service
Annotation : Impl friendly name
Type : Local RPC service
Named pipe : samss lpc

Object UUID : 856c8e9e-49b1-11e8-aeee-005056975aa3
UUID : f1ec59ab-4ca9-4c30-b2d0-54ef1db441b7, version 1.0
Description : Unknown RPC service
Annotation : Isolation Communication Endpoint
Type : Local RPC service
Named pipe : LRPC-a437026db03f8116b1

Object UUID : 856c8e9d-49b1-11e8-aeee-005056975aa3
UUID : f1ec59ab-4ca9-4c30-b2d0-54ef1db441b7, version 1.0
Description : Unknown RPC service
Annotation : Isolation Communication Endpoint
Type : Local RPC service
Named pipe : LRPC-c46d4ababef6690ac0

Object UUID : b08669ee-8cb5-43a5-a017-84fe00000005
UUID : 76f226c3-ec14-4325-8a99-6a46348418af, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : WMsgKRpc0B1B993C5

Object UUID : 52ef130c-08fd-4388-86b3-6edf00000005
UUID : 12e65dd8-887f-41ef-91bf-8d816c42c2e7, version 1.0
Description : Unknown RPC service
Annotation : Secure Desktop LRPC interface
Type : Local RPC service
Named pipe : WMsgKRpc0B1B993C5

Object UUID : 81a3faf5-4af8-4bd0-a6fe-80d70b22a949
UUID : 906b0ce0-c70b-1067-b317-00dd010662da, version 1.0
Description : Distributed Transaction Coordinator
Windows process : msdtc.exe
Type : Local RPC service
Named pipe : LRPC-dfa209ec18bfd587a4

Object UUID : 2f9b99ca-ab6d-4136-8346-94796e688612
UUID : 906b0ce0-c70b-1067-b317-00dd010662da, version 1.0
Description : Distributed Transaction Coordinator
Windows process : msdtc.exe
Type : Local RPC service
Named pipe : LRPC-dfa209ec18bfd587a4

Object UUID : c651c255-39e0-443c-a781-507cd5dd1f26
UUID : 906b0ce0-c70b-1067-b317-00dd010662da, version 1.0
Description : Distributed Transaction Coordinator
Windows process : msdtc.exe
Type : Local RPC service
Named pipe : LRPC-dfa209ec18bfd587a4

Object UUID : 2055f57d-bc29-407d-997f-14086214d031
UUID : 906b0ce0-c70b-1067-b317-00dd010662da, version 1.0
Description : Distributed Transaction Coordinator
Windows process : msdtc.exe
Type : Local RPC service
Named pipe : LRPC-dfa209ec18bfd587a4

Object UUID : bce8ac21-ac7a-4933-9bad-99b88f96eb92
UUID : 906b0ce0-c70b-1067-b317-00dd010662da, version 1.0
Description : Distributed Transaction Coordinator
Windows process : msdtc.exe
Type : Local RPC service
Named pipe : OLEEB439AF88E7C4463924592105D90

Object UUID : bce8ac21-ac7a-4933-9bad-99b88f96eb92
UUID : 906b0ce0-c70b-1067-b317-00dd010662da, version 1.0
Description : Distributed Transaction Coordinator
Windows process : msdtc.exe
Type : Local RPC service
Named pipe : LRPC-d9b3c81682a98856d1

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 2f5f6521-cb55-1059-b446-00df0bce31db, version 1.0
Description : Telephony service
Windows process : svchost.exe
Annotation : Unimodem LRPC Endpoint
Type : Local RPC service
Named pipe : tapsrvlpc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 2f5f6521-cb55-1059-b446-00df0bce31db, version 1.0
Description : Telephony service
Windows process : svchost.exe
Annotation : Unimodem LRPC Endpoint
Type : Local RPC service
Named pipe : unimdmsvc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 82ad4280-036b-11cf-972c-00aa006887b0, version 2.0
Description : Internet Information Service (IISAdmin)
Windows process : inetinfo.exe
Type : Local RPC service
Named pipe : OLE684A45BF1E1C4F10A9BE658CC4BF

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 82ad4280-036b-11cf-972c-00aa006887b0, version 2.0
Description : Internet Information Service (IISAdmin)
Windows process : inetinfo.exe
Type : Local RPC service
Named pipe : INETINFO_LPC

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345678-1234-abcd-ef00-0123456789ab, version 1.0
Description : IPsec Services (Windows XP & 2003)
Windows process : lsass.exe
Annotation : IPSec Policy agent endpoint
Type : Local RPC service
Named pipe : LRPC-396a5d69d404480e4e

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 0b6edbfa-4a24-4fc6-8a23-942b1eca65d1, version 1.0
Description : Unknown RPC service
Annotation : Spooler function endpoint
Type : Local RPC service
Named pipe : spoolss

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : ae33069b-a2a8-46ee-a235-ddfd339be281, version 1.0
Description : Unknown RPC service
Annotation : Spooler base remote object endpoint
Type : Local RPC service
Named pipe : spoolss

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 4a452661-8290-4b36-8fbe-7f4093a94978, version 1.0
Description : Unknown RPC service
Annotation : Spooler function endpoint
Type : Local RPC service
Named pipe : spoolss

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : dd490425-5325-4565-b774-7e27d6c09c24, version 1.0
Description : Unknown RPC service
Annotation : Base Firewall Engine API
Type : Local RPC service
Named pipe : LRPC-8dacdcb8a423d8b2f8

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 7f9d11bf-7fb9-436b-a812-b2d50c5d4c03, version 1.0
Description : Unknown RPC service
Annotation : Fw APIs
Type : Local RPC service
Named pipe : LRPC-8dacdcb8a423d8b2f8

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 2fb92682-6599-42dc-ae13-bd2ca89bd11c, version 1.0
Description : Unknown RPC service
Annotation : Fw APIs
Type : Local RPC service
Named pipe : LRPC-8dacdcb8a423d8b2f8

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 7ea70bcf-48af-4f6a-8968-6a440754d5fa, version 1.0
Description : Unknown RPC service
Annotation : NSI server endpoint
Type : Local RPC service
Named pipe : OLE8DACCB8EB6EC4DFAB844F0D14DB8

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 7ea70bcf-48af-4f6a-8968-6a440754d5fa, version 1.0
Description : Unknown RPC service
Annotation : NSI server endpoint
Type : Local RPC service
Named pipe : LRPC-3a5a729f6f6bf38720

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 3473dd4d-2e88-4006-9cba-22570909dd10, version 5.0
Description : Unknown RPC service
Annotation : WinHttp Auto-Proxy Service
Type : Local RPC service
Named pipe : OLE8DACCB8EB6EC4DFAB844F0D14DB8

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 3473dd4d-2e88-4006-9cba-22570909dd10, version 5.0
Description : Unknown RPC service
Annotation : WinHttp Auto-Proxy Service
Type : Local RPC service
Named pipe : LRPC-3a5a729f6f6bf38720

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 3473dd4d-2e88-4006-9cba-22570909dd10, version 5.0
Description : Unknown RPC service
Annotation : WinHttp Auto-Proxy Service
Type : Local RPC service
Named pipe : W32TIME_ALT

Object UUID : 3bdb59a0-d736-4d44-9074-c1ee00000001
UUID : 24019106-a203-4642-b88d-82dae9158929, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-7d9770e8dbae9cee6c

Object UUID : 666f7270-6c69-7365-0000-000000000000
UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0
Description : Unknown RPC service
Annotation : Impl friendly name
Type : Local RPC service
Named pipe : IUserProfile2

Object UUID : 736e6573-0000-0000-0000-000000000000
UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0
Description : Unknown RPC service
Annotation : Impl friendly name
Type : Local RPC service
Named pipe : IUserProfile2

Object UUID : 736e6573-0000-0000-0000-000000000000
UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0
Description : Unknown RPC service
Annotation : Impl friendly name
Type : Local RPC service
Named pipe : senssvc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 0a74ef1c-41a4-4e06-83ae-dc74fb1cdd53, version 1.0
Description : Scheduler Service
Windows process : svchost.exe
Type : Local RPC service
Named pipe : IUserProfile2

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 0a74ef1c-41a4-4e06-83ae-dc74fb1cdd53, version 1.0
Description : Scheduler Service
Windows process : svchost.exe
Type : Local RPC service
Named pipe : senssvc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 0a74ef1c-41a4-4e06-83ae-dc74fb1cdd53, version 1.0
Description : Scheduler Service
Windows process : svchost.exe
Type : Local RPC service
Named pipe : OLE0694F4B52F9745D2A82744F26798

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 1ff70682-0a51-30e8-076d-740be8cee98b, version 1.0
Description : Scheduler Service
Windows process : svchost.exe
Type : Local RPC service
Named pipe : IUserProfile2

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 1ff70682-0a51-30e8-076d-740be8cee98b, version 1.0
Description : Scheduler Service
Windows process : svchost.exe
Type : Local RPC service
Named pipe : senssvc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 1ff70682-0a51-30e8-076d-740be8cee98b, version 1.0
Description : Scheduler Service
Windows process : svchost.exe
Type : Local RPC service
Named pipe : OLE0694F4B52F9745D2A82744F26798

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 378e52b0-c0a9-11cf-822d-00aa0051e40f, version 1.0
Description : Scheduler Service
Windows process : svchost.exe
Type : Local RPC service
Named pipe : IUserProfile2

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 378e52b0-c0a9-11cf-822d-00aa0051e40f, version 1.0
Description : Scheduler Service
Windows process : svchost.exe
Type : Local RPC service
Named pipe : senssvc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 378e52b0-c0a9-11cf-822d-00aa0051e40f, version 1.0
Description : Scheduler Service
Windows process : svchost.exe
Type : Local RPC service
Named pipe : OLE0694F4B52F9745D2A82744F26798

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 86d35949-83c9-4044-b424-db363231fd0c, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : IUserProfile2

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 86d35949-83c9-4044-b424-db363231fd0c, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : senssvc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 86d35949-83c9-4044-b424-db363231fd0c, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : OLE0694F4B52F9745D2A82744F26798

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : a398e520-d59a-4bdd-aa7a-3c1e0303a511, version 1.0
Description : Unknown RPC service
Annotation : IKE/Authip API
Type : Local RPC service
Named pipe : IUserProfile2

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : a398e520-d59a-4bdd-aa7a-3c1e0303a511, version 1.0
Description : Unknown RPC service
Annotation : IKE/Authip API
Type : Local RPC service
Named pipe : senssvc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : a398e520-d59a-4bdd-aa7a-3c1e0303a511, version 1.0
Description : Unknown RPC service
Annotation : IKE/Authip API
Type : Local RPC service
Named pipe : OLE0694F4B52F9745D2A82744F26798

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : a398e520-d59a-4bdd-aa7a-3c1e0303a511, version 1.0
Description : Unknown RPC service
Annotation : IKE/Authip API
Type : Local RPC service
Named pipe : SECLOGON

Object UUID : 73736573-6f69-656e-6e76-000000000000
UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0
Description : Unknown RPC service
Annotation : Impl friendly name
Type : Local RPC service
Named pipe : IUserProfile2

Object UUID : 73736573-6f69-656e-6e76-000000000000
UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0
Description : Unknown RPC service
Annotation : Impl friendly name
Type : Local RPC service
Named pipe : senssvc

Object UUID : 73736573-6f69-656e-6e76-000000000000
UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0
Description : Unknown RPC service
Annotation : Impl friendly name
Type : Local RPC service
Named pipe : OLE0694F4B52F9745D2A82744F26798

Object UUID : 73736573-6f69-656e-6e76-000000000000
UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0
Description : Unknown RPC service
Annotation : Impl friendly name
Type : Local RPC service
Named pipe : SECLOGON

Object UUID : 73736573-6f69-656e-6e76-000000000000
UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0
Description : Unknown RPC service
Annotation : Impl friendly name
Type : Local RPC service
Named pipe : RasmanRpc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 30b044a5-a225-43f0-b3a4-e060df91f9c1, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : IUserProfile2

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 30b044a5-a225-43f0-b3a4-e060df91f9c1, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : senssvc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 30b044a5-a225-43f0-b3a4-e060df91f9c1, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : OLE0694F4B52F9745D2A82744F26798

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 30b044a5-a225-43f0-b3a4-e060df91f9c1, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : SECLOGON

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 30b044a5-a225-43f0-b3a4-e060df91f9c1, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : RasmanRpc

Object UUID : 6c637067-6569-746e-0000-000000000000
UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0
Description : Unknown RPC service
Annotation : Impl friendly name
Type : Local RPC service
Named pipe : LRPC-77d6b4e5dc9dbe69ad

Object UUID : 24d1f7c7-76af-4f28-9ccd-7f6cb6468601
UUID : 2eb08e3e-639f-4fba-97b1-14f878961076, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-77d6b4e5dc9dbe69ad

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : f6beaff7-1e19-4fbb-9f8f-b89e2018337c, version 1.0
Description : Unknown RPC service
Annotation : Event log TCPIP
Type : Local RPC service
Named pipe : eventlog

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d5, version 1.0
Description : DHCP Client Service
Windows process : svchost.exe
Annotation : DHCP Client LRPC Endpoint
Type : Local RPC service
Named pipe : eventlog

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d5, version 1.0
Description : DHCP Client Service
Windows process : svchost.exe
Annotation : DHCP Client LRPC Endpoint
Type : Local RPC service
Named pipe : dhcpcsvc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d6, version 1.0
Description : Unknown RPC service
Annotation : DHCPv6 Client LRPC Endpoint
Type : Local RPC service
Named pipe : eventlog

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d6, version 1.0
Description : Unknown RPC service
Annotation : DHCPv6 Client LRPC Endpoint
Type : Local RPC service
Named pipe : dhcpcsvc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d6, version 1.0
Description : Unknown RPC service
Annotation : DHCPv6 Client LRPC Endpoint
Type : Local RPC service
Named pipe : dhcpcsvc6

Object UUID : b08669ee-8cb5-43a5-a017-84fe00000001
UUID : 76f226c3-ec14-4325-8a99-6a46348418af, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : WMsgKRpc0ED921

Object UUID : b08669ee-8cb5-43a5-a017-84fe00000000
UUID : 76f226c3-ec14-4325-8a99-6a46348418af, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : WMsgKRpc0EB460

Object UUID : b08669ee-8cb5-43a5-a017-84fe00000000
UUID : 76f226c3-ec14-4325-8a99-6a46348418af, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : WindowsShutdown

Object UUID : 765294ba-60bc-48b8-92e9-89fd77769d91
UUID : d95afe70-a6d5-4259-822e-2c84da1ddb0d, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : WMsgKRpc0EB460

Object UUID : 765294ba-60bc-48b8-92e9-89fd77769d91
UUID : d95afe70-a6d5-4259-822e-2c84da1ddb0d, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : WindowsShutdown

Object UUID : 6d726574-7273-0076-0000-000000000000
UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0
Description : Unknown RPC service
Annotation : Impl friendly name
Type : Local RPC service
Named pipe : LRPC-885fbaa116c7c3eee2

Object UUID : 00736665-0000-0000-0000-000000000000
UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0
Description : Unknown RPC service
Annotation : Impl friendly name
Type : Local RPC service
Named pipe : LRPC-5e4647b940e00e21bf

Object UUID : 00736665-0000-0000-0000-000000000000
UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0
Description : Unknown RPC service
Annotation : Impl friendly name
Type : Local RPC service
Named pipe : audit

Object UUID : 00736665-0000-0000-0000-000000000000
UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0
Description : Unknown RPC service
Annotation : Impl friendly name
Type : Local RPC service
Named pipe : securityevent

Object UUID : 00736665-0000-0000-0000-000000000000
UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0
Description : Unknown RPC service
Annotation : Impl friendly name
Type : Local RPC service
Named pipe : protected_storage

Object UUID : 00736665-0000-0000-0000-000000000000
UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0
Description : Unknown RPC service
Annotation : Impl friendly name
Type : Local RPC service
Named pipe : dsrole

10.0.0.14 (tcp/445)


The following DCERPC services are available remotely :

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0
Description : Security Account Manager
Windows process : lsass.exe
Type : Remote RPC service
Named pipe : \PIPE\protected_storage
Netbios name : \\QUEEN

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0
Description : Security Account Manager
Windows process : lsass.exe
Type : Remote RPC service
Named pipe : \pipe\lsass
Netbios name : \\QUEEN

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 2f5f6521-cb55-1059-b446-00df0bce31db, version 1.0
Description : Telephony service
Windows process : svchost.exe
Annotation : Unimodem LRPC Endpoint
Type : Remote RPC service
Named pipe : \pipe\tapsrv
Netbios name : \\QUEEN

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 82ad4280-036b-11cf-972c-00aa006887b0, version 2.0
Description : Internet Information Service (IISAdmin)
Windows process : inetinfo.exe
Type : Remote RPC service
Named pipe : \PIPE\INETINFO
Netbios name : \\QUEEN

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 3473dd4d-2e88-4006-9cba-22570909dd10, version 5.0
Description : Unknown RPC service
Annotation : WinHttp Auto-Proxy Service
Type : Remote RPC service
Named pipe : \PIPE\wkssvc
Netbios name : \\QUEEN

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 3473dd4d-2e88-4006-9cba-22570909dd10, version 5.0
Description : Unknown RPC service
Annotation : WinHttp Auto-Proxy Service
Type : Remote RPC service
Named pipe : \PIPE\W32TIME_ALT
Netbios name : \\QUEEN

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 1ff70682-0a51-30e8-076d-740be8cee98b, version 1.0
Description : Scheduler Service
Windows process : svchost.exe
Type : Remote RPC service
Named pipe : \PIPE\atsvc
Netbios name : \\QUEEN

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 378e52b0-c0a9-11cf-822d-00aa0051e40f, version 1.0
Description : Scheduler Service
Windows process : svchost.exe
Type : Remote RPC service
Named pipe : \PIPE\atsvc
Netbios name : \\QUEEN

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 86d35949-83c9-4044-b424-db363231fd0c, version 1.0
Description : Unknown RPC service
Type : Remote RPC service
Named pipe : \PIPE\atsvc
Netbios name : \\QUEEN

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : a398e520-d59a-4bdd-aa7a-3c1e0303a511, version 1.0
Description : Unknown RPC service
Annotation : IKE/Authip API
Type : Remote RPC service
Named pipe : \PIPE\atsvc
Netbios name : \\QUEEN

Object UUID : 73736573-6f69-656e-6e76-000000000000
UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0
Description : Unknown RPC service
Annotation : Impl friendly name
Type : Remote RPC service
Named pipe : \PIPE\atsvc
Netbios name : \\QUEEN

Object UUID : 73736573-6f69-656e-6e76-000000000000
UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0
Description : Unknown RPC service
Annotation : Impl friendly name
Type : Remote RPC service
Named pipe : \PIPE\srvsvc
Netbios name : \\QUEEN

Object UUID : 73736573-6f69-656e-6e76-000000000000
UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0
Description : Unknown RPC service
Annotation : Impl friendly name
Type : Remote RPC service
Named pipe : \PIPE\ROUTER
Netbios name : \\QUEEN

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 30b044a5-a225-43f0-b3a4-e060df91f9c1, version 1.0
Description : Unknown RPC service
Type : Remote RPC service
Named pipe : \PIPE\atsvc
Netbios name : \\QUEEN

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 30b044a5-a225-43f0-b3a4-e060df91f9c1, version 1.0
Description : Unknown RPC service
Type : Remote RPC service
Named pipe : \PIPE\srvsvc
Netbios name : \\QUEEN

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 30b044a5-a225-43f0-b3a4-e060df91f9c1, version 1.0
Description : Unknown RPC service
Type : Remote RPC service
Named pipe : \PIPE\ROUTER
Netbios name : \\QUEEN

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : f6beaff7-1e19-4fbb-9f8f-b89e2018337c, version 1.0
Description : Unknown RPC service
Annotation : Event log TCPIP
Type : Remote RPC service
Named pipe : \pipe\eventlog
Netbios name : \\QUEEN

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d5, version 1.0
Description : DHCP Client Service
Windows process : svchost.exe
Annotation : DHCP Client LRPC Endpoint
Type : Remote RPC service
Named pipe : \pipe\eventlog
Netbios name : \\QUEEN

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d6, version 1.0
Description : Unknown RPC service
Annotation : DHCPv6 Client LRPC Endpoint
Type : Remote RPC service
Named pipe : \pipe\eventlog
Netbios name : \\QUEEN

Object UUID : b08669ee-8cb5-43a5-a017-84fe00000000
UUID : 76f226c3-ec14-4325-8a99-6a46348418af, version 1.0
Description : Unknown RPC service
Type : Remote RPC service
Named pipe : \PIPE\InitShutdown
Netbios name : \\QUEEN

Object UUID : 765294ba-60bc-48b8-92e9-89fd77769d91
UUID : d95afe70-a6d5-4259-822e-2c84da1ddb0d, version 1.0
Description : Unknown RPC service
Type : Remote RPC service
Named pipe : \PIPE\InitShutdown
Netbios name : \\QUEEN

Object UUID : 00736665-0000-0000-0000-000000000000
UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0
Description : Unknown RPC service
Annotation : Impl friendly name
Type : Remote RPC service
Named pipe : \pipe\lsass
Netbios name : \\QUEEN

Object UUID : 00736665-0000-0000-0000-000000000000
UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0
Description : Unknown RPC service
Annotation : Impl friendly name
Type : Remote RPC service
Named pipe : \PIPE\protected_storage
Netbios name : \\QUEEN

10.0.0.14 (tcp/49152)


The following DCERPC services are available on TCP port 49152 :

Object UUID : 765294ba-60bc-48b8-92e9-89fd77769d91
UUID : d95afe70-a6d5-4259-822e-2c84da1ddb0d, version 1.0
Description : Unknown RPC service
Type : Remote RPC service
TCP Port : 49152
IP : 10.0.0.14

10.0.0.14 (tcp/49153)


The following DCERPC services are available on TCP port 49153 :

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : f6beaff7-1e19-4fbb-9f8f-b89e2018337c, version 1.0
Description : Unknown RPC service
Annotation : Event log TCPIP
Type : Remote RPC service
TCP Port : 49153
IP : 10.0.0.14

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d5, version 1.0
Description : DHCP Client Service
Windows process : svchost.exe
Annotation : DHCP Client LRPC Endpoint
Type : Remote RPC service
TCP Port : 49153
IP : 10.0.0.14

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d6, version 1.0
Description : Unknown RPC service
Annotation : DHCPv6 Client LRPC Endpoint
Type : Remote RPC service
TCP Port : 49153
IP : 10.0.0.14

10.0.0.14 (tcp/49154)


The following DCERPC services are available on TCP port 49154 :

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 86d35949-83c9-4044-b424-db363231fd0c, version 1.0
Description : Unknown RPC service
Type : Remote RPC service
TCP Port : 49154
IP : 10.0.0.14

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : a398e520-d59a-4bdd-aa7a-3c1e0303a511, version 1.0
Description : Unknown RPC service
Annotation : IKE/Authip API
Type : Remote RPC service
TCP Port : 49154
IP : 10.0.0.14

Object UUID : 73736573-6f69-656e-6e76-000000000000
UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0
Description : Unknown RPC service
Annotation : Impl friendly name
Type : Remote RPC service
TCP Port : 49154
IP : 10.0.0.14

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 30b044a5-a225-43f0-b3a4-e060df91f9c1, version 1.0
Description : Unknown RPC service
Type : Remote RPC service
TCP Port : 49154
IP : 10.0.0.14

10.0.0.14 (tcp/57695)


The following DCERPC services are available on TCP port 57695 :

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0
Description : Security Account Manager
Windows process : lsass.exe
Type : Remote RPC service
TCP Port : 57695
IP : 10.0.0.14

10.0.0.14 (tcp/57696)


The following DCERPC services are available on TCP port 57696 :

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 6b5bdd1e-528c-422c-af8c-a4079be4fe48, version 1.0
Description : Unknown RPC service
Annotation : Remote Fw APIs
Type : Remote RPC service
TCP Port : 57696
IP : 10.0.0.14

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345678-1234-abcd-ef00-0123456789ab, version 1.0
Description : IPsec Services (Windows XP & 2003)
Windows process : lsass.exe
Annotation : IPSec Policy agent endpoint
Type : Remote RPC service
TCP Port : 57696
IP : 10.0.0.14

10.0.0.14 (tcp/57715)


The following DCERPC services are available on TCP port 57715 :

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 82ad4280-036b-11cf-972c-00aa006887b0, version 2.0
Description : Internet Information Service (IISAdmin)
Windows process : inetinfo.exe
Type : Remote RPC service
TCP Port : 57715
IP : 10.0.0.14

10.0.0.14 (tcp/57716)


The following DCERPC services are available on TCP port 57716 :

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 367abb81-9844-35f1-ad32-98f038001003, version 2.0
Description : Service Control Manager
Windows process : svchost.exe
Type : Remote RPC service
TCP Port : 57716
IP : 10.0.0.14

10.0.0.21 (tcp/135)


The following DCERPC services are available locally :

Object UUID : 765294ba-60bc-48b8-92e9-89fd77769d91
UUID : d95afe70-a6d5-4259-822e-2c84da1ddb0d, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : WindowsShutdown

Object UUID : 765294ba-60bc-48b8-92e9-89fd77769d91
UUID : d95afe70-a6d5-4259-822e-2c84da1ddb0d, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : WMsgKRpc0E9E60

Object UUID : b08669ee-8cb5-43a5-a017-84fe00000000
UUID : 76f226c3-ec14-4325-8a99-6a46348418af, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : WindowsShutdown

Object UUID : b08669ee-8cb5-43a5-a017-84fe00000000
UUID : 76f226c3-ec14-4325-8a99-6a46348418af, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : WMsgKRpc0E9E60

Object UUID : 6d726574-7273-0076-0000-000000000000
UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0
Description : Unknown RPC service
Annotation : Impl friendly name
Type : Local RPC service
Named pipe : LRPC-716100a00c640d825d

Object UUID : b08669ee-8cb5-43a5-a017-84fe00000001
UUID : 76f226c3-ec14-4325-8a99-6a46348418af, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : WMsgKRpc0F51B1

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d6, version 1.0
Description : Unknown RPC service
Annotation : DHCPv6 Client LRPC Endpoint
Type : Local RPC service
Named pipe : dhcpcsvc6

Object UUID : ed4f5636-5764-4d7c-9cbc-86a28b69b12a
UUID : 906b0ce0-c70b-1067-b317-00dd010662da, version 1.0
Description : Distributed Transaction Coordinator
Windows process : msdtc.exe
Type : Local RPC service
Named pipe : LRPC-a3c36383b58afe1d83

Object UUID : ce5b0151-a728-4589-a62d-4696816a7227
UUID : 906b0ce0-c70b-1067-b317-00dd010662da, version 1.0
Description : Distributed Transaction Coordinator
Windows process : msdtc.exe
Type : Local RPC service
Named pipe : LRPC-a3c36383b58afe1d83

Object UUID : bbb6ff82-ebf8-457f-b673-cff4ad3c841f
UUID : 906b0ce0-c70b-1067-b317-00dd010662da, version 1.0
Description : Distributed Transaction Coordinator
Windows process : msdtc.exe
Type : Local RPC service
Named pipe : LRPC-a3c36383b58afe1d83

Object UUID : c482b21a-17c0-4a3a-9c1a-f675e25c63a9
UUID : 906b0ce0-c70b-1067-b317-00dd010662da, version 1.0
Description : Distributed Transaction Coordinator
Windows process : msdtc.exe
Type : Local RPC service
Named pipe : LRPC-a3c36383b58afe1d83

Object UUID : 66b54273-5a24-46ba-8a6d-a9847cb32a13
UUID : 906b0ce0-c70b-1067-b317-00dd010662da, version 1.0
Description : Distributed Transaction Coordinator
Windows process : msdtc.exe
Type : Local RPC service
Named pipe : OLE4CFDFD072444499F85D88363A79C

Object UUID : 66b54273-5a24-46ba-8a6d-a9847cb32a13
UUID : 906b0ce0-c70b-1067-b317-00dd010662da, version 1.0
Description : Distributed Transaction Coordinator
Windows process : msdtc.exe
Type : Local RPC service
Named pipe : LRPC-b39f5ad81998655a39

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345678-1234-abcd-ef00-0123456789ab, version 1.0
Description : IPsec Services (Windows XP & 2003)
Windows process : lsass.exe
Annotation : IPSec Policy agent endpoint
Type : Local RPC service
Named pipe : LRPC-6764a533dbd4bf915b

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0
Description : Security Account Manager
Windows process : lsass.exe
Type : Local RPC service
Named pipe : LRPC-90f10f4341f94913a7

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0
Description : Security Account Manager
Windows process : lsass.exe
Type : Local RPC service
Named pipe : audit

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0
Description : Security Account Manager
Windows process : lsass.exe
Type : Local RPC service
Named pipe : securityevent

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0
Description : Security Account Manager
Windows process : lsass.exe
Type : Local RPC service
Named pipe : LSARPC_ENDPOINT

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0
Description : Security Account Manager
Windows process : lsass.exe
Type : Local RPC service
Named pipe : lsapolicylookup

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0
Description : Security Account Manager
Windows process : lsass.exe
Type : Local RPC service
Named pipe : lsasspirpc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0
Description : Security Account Manager
Windows process : lsass.exe
Type : Local RPC service
Named pipe : protected_storage

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0
Description : Security Account Manager
Windows process : lsass.exe
Type : Local RPC service
Named pipe : dsrole

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0
Description : Security Account Manager
Windows process : lsass.exe
Type : Local RPC service
Named pipe : samss lpc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 0b6edbfa-4a24-4fc6-8a23-942b1eca65d1, version 1.0
Description : Unknown RPC service
Annotation : Spooler function endpoint
Type : Local RPC service
Named pipe : spoolss

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : ae33069b-a2a8-46ee-a235-ddfd339be281, version 1.0
Description : Unknown RPC service
Annotation : Spooler base remote object endpoint
Type : Local RPC service
Named pipe : spoolss

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 4a452661-8290-4b36-8fbe-7f4093a94978, version 1.0
Description : Unknown RPC service
Annotation : Spooler function endpoint
Type : Local RPC service
Named pipe : spoolss

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : dd490425-5325-4565-b774-7e27d6c09c24, version 1.0
Description : Unknown RPC service
Annotation : Base Firewall Engine API
Type : Local RPC service
Named pipe : LRPC-2a8ab2372ae9b78553

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 7f9d11bf-7fb9-436b-a812-b2d50c5d4c03, version 1.0
Description : Unknown RPC service
Annotation : Fw APIs
Type : Local RPC service
Named pipe : LRPC-2a8ab2372ae9b78553

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 2fb92682-6599-42dc-ae13-bd2ca89bd11c, version 1.0
Description : Unknown RPC service
Annotation : Fw APIs
Type : Local RPC service
Named pipe : LRPC-2a8ab2372ae9b78553

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 7ea70bcf-48af-4f6a-8968-6a440754d5fa, version 1.0
Description : Unknown RPC service
Annotation : NSI server endpoint
Type : Local RPC service
Named pipe : OLE316BD90EDBC0406D8E5992E2E3ED

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 7ea70bcf-48af-4f6a-8968-6a440754d5fa, version 1.0
Description : Unknown RPC service
Annotation : NSI server endpoint
Type : Local RPC service
Named pipe : LRPC-6d531a4789a15b34de

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 3473dd4d-2e88-4006-9cba-22570909dd10, version 5.0
Description : Unknown RPC service
Annotation : WinHttp Auto-Proxy Service
Type : Local RPC service
Named pipe : OLE316BD90EDBC0406D8E5992E2E3ED

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 3473dd4d-2e88-4006-9cba-22570909dd10, version 5.0
Description : Unknown RPC service
Annotation : WinHttp Auto-Proxy Service
Type : Local RPC service
Named pipe : LRPC-6d531a4789a15b34de

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 3473dd4d-2e88-4006-9cba-22570909dd10, version 5.0
Description : Unknown RPC service
Annotation : WinHttp Auto-Proxy Service
Type : Local RPC service
Named pipe : W32TIME_ALT

Object UUID : 3bdb59a0-d736-4d44-9074-c1ee00000001
UUID : 24019106-a203-4642-b88d-82dae9158929, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-d360324bc0d1a2bbcf

Object UUID : 666f7270-6c69-7365-0000-000000000000
UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0
Description : Unknown RPC service
Annotation : Impl friendly name
Type : Local RPC service
Named pipe : IUserProfile2

Object UUID : 6c637067-6569-746e-0000-000000000000
UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0
Description : Unknown RPC service
Annotation : Impl friendly name
Type : Local RPC service
Named pipe : IUserProfile2

Object UUID : 24d1f7c7-76af-4f28-9ccd-7f6cb6468601
UUID : 2eb08e3e-639f-4fba-97b1-14f878961076, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : IUserProfile2

Object UUID : 736e6573-0000-0000-0000-000000000000
UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0
Description : Unknown RPC service
Annotation : Impl friendly name
Type : Local RPC service
Named pipe : IUserProfile2

Object UUID : 736e6573-0000-0000-0000-000000000000
UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0
Description : Unknown RPC service
Annotation : Impl friendly name
Type : Local RPC service
Named pipe : OLE4C5B34BF328747D09D4B9D70E9F9

Object UUID : 736e6573-0000-0000-0000-000000000000
UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0
Description : Unknown RPC service
Annotation : Impl friendly name
Type : Local RPC service
Named pipe : senssvc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 0a74ef1c-41a4-4e06-83ae-dc74fb1cdd53, version 1.0
Description : Scheduler Service
Windows process : svchost.exe
Type : Local RPC service
Named pipe : IUserProfile2

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 0a74ef1c-41a4-4e06-83ae-dc74fb1cdd53, version 1.0
Description : Scheduler Service
Windows process : svchost.exe
Type : Local RPC service
Named pipe : OLE4C5B34BF328747D09D4B9D70E9F9

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 0a74ef1c-41a4-4e06-83ae-dc74fb1cdd53, version 1.0
Description : Scheduler Service
Windows process : svchost.exe
Type : Local RPC service
Named pipe : senssvc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 1ff70682-0a51-30e8-076d-740be8cee98b, version 1.0
Description : Scheduler Service
Windows process : svchost.exe
Type : Local RPC service
Named pipe : IUserProfile2

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 1ff70682-0a51-30e8-076d-740be8cee98b, version 1.0
Description : Scheduler Service
Windows process : svchost.exe
Type : Local RPC service
Named pipe : OLE4C5B34BF328747D09D4B9D70E9F9

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 1ff70682-0a51-30e8-076d-740be8cee98b, version 1.0
Description : Scheduler Service
Windows process : svchost.exe
Type : Local RPC service
Named pipe : senssvc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 378e52b0-c0a9-11cf-822d-00aa0051e40f, version 1.0
Description : Scheduler Service
Windows process : svchost.exe
Type : Local RPC service
Named pipe : IUserProfile2

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 378e52b0-c0a9-11cf-822d-00aa0051e40f, version 1.0
Description : Scheduler Service
Windows process : svchost.exe
Type : Local RPC service
Named pipe : OLE4C5B34BF328747D09D4B9D70E9F9

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 378e52b0-c0a9-11cf-822d-00aa0051e40f, version 1.0
Description : Scheduler Service
Windows process : svchost.exe
Type : Local RPC service
Named pipe : senssvc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 86d35949-83c9-4044-b424-db363231fd0c, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : IUserProfile2

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 86d35949-83c9-4044-b424-db363231fd0c, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : OLE4C5B34BF328747D09D4B9D70E9F9

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 86d35949-83c9-4044-b424-db363231fd0c, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : senssvc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : a398e520-d59a-4bdd-aa7a-3c1e0303a511, version 1.0
Description : Unknown RPC service
Annotation : IKE/Authip API
Type : Local RPC service
Named pipe : IUserProfile2

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : a398e520-d59a-4bdd-aa7a-3c1e0303a511, version 1.0
Description : Unknown RPC service
Annotation : IKE/Authip API
Type : Local RPC service
Named pipe : OLE4C5B34BF328747D09D4B9D70E9F9

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : a398e520-d59a-4bdd-aa7a-3c1e0303a511, version 1.0
Description : Unknown RPC service
Annotation : IKE/Authip API
Type : Local RPC service
Named pipe : senssvc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 552d076a-cb29-4e44-8b6a-d15e59e2c0af, version 1.0
Description : Unknown RPC service
Annotation : IP Transition Configuration endpoint
Type : Local RPC service
Named pipe : IUserProfile2

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 552d076a-cb29-4e44-8b6a-d15e59e2c0af, version 1.0
Description : Unknown RPC service
Annotation : IP Transition Configuration endpoint
Type : Local RPC service
Named pipe : OLE4C5B34BF328747D09D4B9D70E9F9

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 552d076a-cb29-4e44-8b6a-d15e59e2c0af, version 1.0
Description : Unknown RPC service
Annotation : IP Transition Configuration endpoint
Type : Local RPC service
Named pipe : senssvc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 98716d03-89ac-44c7-bb8c-285824e51c4a, version 1.0
Description : Unknown RPC service
Annotation : XactSrv service
Type : Local RPC service
Named pipe : IUserProfile2

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 98716d03-89ac-44c7-bb8c-285824e51c4a, version 1.0
Description : Unknown RPC service
Annotation : XactSrv service
Type : Local RPC service
Named pipe : OLE4C5B34BF328747D09D4B9D70E9F9

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 98716d03-89ac-44c7-bb8c-285824e51c4a, version 1.0
Description : Unknown RPC service
Annotation : XactSrv service
Type : Local RPC service
Named pipe : senssvc

Object UUID : 73736573-6f69-656e-6e76-000000000000
UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0
Description : Unknown RPC service
Annotation : Impl friendly name
Type : Local RPC service
Named pipe : IUserProfile2

Object UUID : 73736573-6f69-656e-6e76-000000000000
UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0
Description : Unknown RPC service
Annotation : Impl friendly name
Type : Local RPC service
Named pipe : OLE4C5B34BF328747D09D4B9D70E9F9

Object UUID : 73736573-6f69-656e-6e76-000000000000
UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0
Description : Unknown RPC service
Annotation : Impl friendly name
Type : Local RPC service
Named pipe : senssvc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 30b044a5-a225-43f0-b3a4-e060df91f9c1, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : IUserProfile2

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 30b044a5-a225-43f0-b3a4-e060df91f9c1, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : OLE4C5B34BF328747D09D4B9D70E9F9

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 30b044a5-a225-43f0-b3a4-e060df91f9c1, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : senssvc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : f6beaff7-1e19-4fbb-9f8f-b89e2018337c, version 1.0
Description : Unknown RPC service
Annotation : Event log TCPIP
Type : Local RPC service
Named pipe : eventlog

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 30adc50c-5cbc-46ce-9a0e-91914789e23c, version 1.0
Description : Unknown RPC service
Annotation : NRP server endpoint
Type : Local RPC service
Named pipe : eventlog

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d5, version 1.0
Description : DHCP Client Service
Windows process : svchost.exe
Annotation : DHCP Client LRPC Endpoint
Type : Local RPC service
Named pipe : eventlog

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d5, version 1.0
Description : DHCP Client Service
Windows process : svchost.exe
Annotation : DHCP Client LRPC Endpoint
Type : Local RPC service
Named pipe : dhcpcsvc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d6, version 1.0
Description : Unknown RPC service
Annotation : DHCPv6 Client LRPC Endpoint
Type : Local RPC service
Named pipe : eventlog

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d6, version 1.0
Description : Unknown RPC service
Annotation : DHCPv6 Client LRPC Endpoint
Type : Local RPC service
Named pipe : dhcpcsvc

10.0.0.21 (tcp/139)


The following DCERPC services are available remotely :

Object UUID : 765294ba-60bc-48b8-92e9-89fd77769d91
UUID : d95afe70-a6d5-4259-822e-2c84da1ddb0d, version 1.0
Description : Unknown RPC service
Type : Remote RPC service
Named pipe : \PIPE\InitShutdown
Netbios name : \\DYNAMICS-TS

Object UUID : b08669ee-8cb5-43a5-a017-84fe00000000
UUID : 76f226c3-ec14-4325-8a99-6a46348418af, version 1.0
Description : Unknown RPC service
Type : Remote RPC service
Named pipe : \PIPE\InitShutdown
Netbios name : \\DYNAMICS-TS

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0
Description : Security Account Manager
Windows process : lsass.exe
Type : Remote RPC service
Named pipe : \pipe\lsass
Netbios name : \\DYNAMICS-TS

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0
Description : Security Account Manager
Windows process : lsass.exe
Type : Remote RPC service
Named pipe : \PIPE\protected_storage
Netbios name : \\DYNAMICS-TS

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 3473dd4d-2e88-4006-9cba-22570909dd10, version 5.0
Description : Unknown RPC service
Annotation : WinHttp Auto-Proxy Service
Type : Remote RPC service
Named pipe : \PIPE\W32TIME_ALT
Netbios name : \\DYNAMICS-TS

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 1ff70682-0a51-30e8-076d-740be8cee98b, version 1.0
Description : Scheduler Service
Windows process : svchost.exe
Type : Remote RPC service
Named pipe : \PIPE\atsvc
Netbios name : \\DYNAMICS-TS

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 378e52b0-c0a9-11cf-822d-00aa0051e40f, version 1.0
Description : Scheduler Service
Windows process : svchost.exe
Type : Remote RPC service
Named pipe : \PIPE\atsvc
Netbios name : \\DYNAMICS-TS

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 86d35949-83c9-4044-b424-db363231fd0c, version 1.0
Description : Unknown RPC service
Type : Remote RPC service
Named pipe : \PIPE\atsvc
Netbios name : \\DYNAMICS-TS

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : a398e520-d59a-4bdd-aa7a-3c1e0303a511, version 1.0
Description : Unknown RPC service
Annotation : IKE/Authip API
Type : Remote RPC service
Named pipe : \PIPE\atsvc
Netbios name : \\DYNAMICS-TS

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 552d076a-cb29-4e44-8b6a-d15e59e2c0af, version 1.0
Description : Unknown RPC service
Annotation : IP Transition Configuration endpoint
Type : Remote RPC service
Named pipe : \PIPE\atsvc
Netbios name : \\DYNAMICS-TS

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 98716d03-89ac-44c7-bb8c-285824e51c4a, version 1.0
Description : Unknown RPC service
Annotation : XactSrv service
Type : Remote RPC service
Named pipe : \PIPE\atsvc
Netbios name : \\DYNAMICS-TS

Object UUID : 73736573-6f69-656e-6e76-000000000000
UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0
Description : Unknown RPC service
Annotation : Impl friendly name
Type : Remote RPC service
Named pipe : \PIPE\atsvc
Netbios name : \\DYNAMICS-TS

Object UUID : 73736573-6f69-656e-6e76-000000000000
UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0
Description : Unknown RPC service
Annotation : Impl friendly name
Type : Remote RPC service
Named pipe : \PIPE\srvsvc
Netbios name : \\DYNAMICS-TS

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 30b044a5-a225-43f0-b3a4-e060df91f9c1, version 1.0
Description : Unknown RPC service
Type : Remote RPC service
Named pipe : \PIPE\atsvc
Netbios name : \\DYNAMICS-TS

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 30b044a5-a225-43f0-b3a4-e060df91f9c1, version 1.0
Description : Unknown RPC service
Type : Remote RPC service
Named pipe : \PIPE\srvsvc
Netbios name : \\DYNAMICS-TS

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : f6beaff7-1e19-4fbb-9f8f-b89e2018337c, version 1.0
Description : Unknown RPC service
Annotation : Event log TCPIP
Type : Remote RPC service
Named pipe : \pipe\eventlog
Netbios name : \\DYNAMICS-TS

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 30adc50c-5cbc-46ce-9a0e-91914789e23c, version 1.0
Description : Unknown RPC service
Annotation : NRP server endpoint
Type : Remote RPC service
Named pipe : \pipe\eventlog
Netbios name : \\DYNAMICS-TS

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d5, version 1.0
Description : DHCP Client Service
Windows process : svchost.exe
Annotation : DHCP Client LRPC Endpoint
Type : Remote RPC service
Named pipe : \pipe\eventlog
Netbios name : \\DYNAMICS-TS

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d6, version 1.0
Description : Unknown RPC service
Annotation : DHCPv6 Client LRPC Endpoint
Type : Remote RPC service
Named pipe : \pipe\eventlog
Netbios name : \\DYNAMICS-TS

10.0.0.21 (tcp/49152)


The following DCERPC services are available on TCP port 49152 :

Object UUID : 765294ba-60bc-48b8-92e9-89fd77769d91
UUID : d95afe70-a6d5-4259-822e-2c84da1ddb0d, version 1.0
Description : Unknown RPC service
Type : Remote RPC service
TCP Port : 49152
IP : 10.0.0.21

10.0.0.21 (tcp/49153)


The following DCERPC services are available on TCP port 49153 :

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : f6beaff7-1e19-4fbb-9f8f-b89e2018337c, version 1.0
Description : Unknown RPC service
Annotation : Event log TCPIP
Type : Remote RPC service
TCP Port : 49153
IP : 10.0.0.21

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 30adc50c-5cbc-46ce-9a0e-91914789e23c, version 1.0
Description : Unknown RPC service
Annotation : NRP server endpoint
Type : Remote RPC service
TCP Port : 49153
IP : 10.0.0.21

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d5, version 1.0
Description : DHCP Client Service
Windows process : svchost.exe
Annotation : DHCP Client LRPC Endpoint
Type : Remote RPC service
TCP Port : 49153
IP : 10.0.0.21

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d6, version 1.0
Description : Unknown RPC service
Annotation : DHCPv6 Client LRPC Endpoint
Type : Remote RPC service
TCP Port : 49153
IP : 10.0.0.21

10.0.0.21 (tcp/49154)


The following DCERPC services are available on TCP port 49154 :

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 86d35949-83c9-4044-b424-db363231fd0c, version 1.0
Description : Unknown RPC service
Type : Remote RPC service
TCP Port : 49154
IP : 10.0.0.21

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : a398e520-d59a-4bdd-aa7a-3c1e0303a511, version 1.0
Description : Unknown RPC service
Annotation : IKE/Authip API
Type : Remote RPC service
TCP Port : 49154
IP : 10.0.0.21

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 552d076a-cb29-4e44-8b6a-d15e59e2c0af, version 1.0
Description : Unknown RPC service
Annotation : IP Transition Configuration endpoint
Type : Remote RPC service
TCP Port : 49154
IP : 10.0.0.21

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 98716d03-89ac-44c7-bb8c-285824e51c4a, version 1.0
Description : Unknown RPC service
Annotation : XactSrv service
Type : Remote RPC service
TCP Port : 49154
IP : 10.0.0.21

Object UUID : 73736573-6f69-656e-6e76-000000000000
UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0
Description : Unknown RPC service
Annotation : Impl friendly name
Type : Remote RPC service
TCP Port : 49154
IP : 10.0.0.21

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 30b044a5-a225-43f0-b3a4-e060df91f9c1, version 1.0
Description : Unknown RPC service
Type : Remote RPC service
TCP Port : 49154
IP : 10.0.0.21

10.0.0.21 (tcp/49175)


The following DCERPC services are available on TCP port 49175 :

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0
Description : Security Account Manager
Windows process : lsass.exe
Type : Remote RPC service
TCP Port : 49175
IP : 10.0.0.21

10.0.0.21 (tcp/55336)


The following DCERPC services are available on TCP port 55336 :

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 367abb81-9844-35f1-ad32-98f038001003, version 2.0
Description : Service Control Manager
Windows process : svchost.exe
Type : Remote RPC service
TCP Port : 55336
IP : 10.0.0.21

10.0.0.21 (tcp/55341)


The following DCERPC services are available on TCP port 55341 :

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 6b5bdd1e-528c-422c-af8c-a4079be4fe48, version 1.0
Description : Unknown RPC service
Annotation : Remote Fw APIs
Type : Remote RPC service
TCP Port : 55341
IP : 10.0.0.21

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345678-1234-abcd-ef00-0123456789ab, version 1.0
Description : IPsec Services (Windows XP & 2003)
Windows process : lsass.exe
Annotation : IPSec Policy agent endpoint
Type : Remote RPC service
TCP Port : 55341
IP : 10.0.0.21

10.0.0.22 (tcp/135)


The following DCERPC services are available locally :

Object UUID : 765294ba-60bc-48b8-92e9-89fd77769d91
UUID : d95afe70-a6d5-4259-822e-2c84da1ddb0d, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : WindowsShutdown

Object UUID : 765294ba-60bc-48b8-92e9-89fd77769d91
UUID : d95afe70-a6d5-4259-822e-2c84da1ddb0d, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : WMsgKRpc0D2C30

Object UUID : b08669ee-8cb5-43a5-a017-84fe00000000
UUID : 76f226c3-ec14-4325-8a99-6a46348418af, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : WindowsShutdown

Object UUID : b08669ee-8cb5-43a5-a017-84fe00000000
UUID : 76f226c3-ec14-4325-8a99-6a46348418af, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : WMsgKRpc0D2C30

Object UUID : 6d726574-7273-0076-0000-000000000000
UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0
Description : Unknown RPC service
Annotation : Impl friendly name
Type : Local RPC service
Named pipe : LRPC-39ed2b78baad1756ba

Object UUID : b08669ee-8cb5-43a5-a017-84fe00000001
UUID : 76f226c3-ec14-4325-8a99-6a46348418af, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : WMsgKRpc0DDC41

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d5, version 1.0
Description : DHCP Client Service
Windows process : svchost.exe
Annotation : DHCP Client LRPC Endpoint
Type : Local RPC service
Named pipe : dhcpcsvc

Object UUID : 2a61c013-f32f-4c0a-8d9e-9e3f6733aa1e
UUID : 906b0ce0-c70b-1067-b317-00dd010662da, version 1.0
Description : Distributed Transaction Coordinator
Windows process : msdtc.exe
Type : Local RPC service
Named pipe : LRPC-693455f361a5bf8107

Object UUID : ef4173a1-d8eb-42ad-af88-0a5749f7d428
UUID : 906b0ce0-c70b-1067-b317-00dd010662da, version 1.0
Description : Distributed Transaction Coordinator
Windows process : msdtc.exe
Type : Local RPC service
Named pipe : LRPC-693455f361a5bf8107

Object UUID : a6a6533b-7d13-44d5-a46d-ecb5769a9068
UUID : 906b0ce0-c70b-1067-b317-00dd010662da, version 1.0
Description : Distributed Transaction Coordinator
Windows process : msdtc.exe
Type : Local RPC service
Named pipe : LRPC-693455f361a5bf8107

Object UUID : 9ccca778-27b7-4e7c-b0fb-35ffb3fdb577
UUID : 906b0ce0-c70b-1067-b317-00dd010662da, version 1.0
Description : Distributed Transaction Coordinator
Windows process : msdtc.exe
Type : Local RPC service
Named pipe : LRPC-693455f361a5bf8107

Object UUID : 791d0306-851a-4321-b1d5-e92b0db5287b
UUID : 906b0ce0-c70b-1067-b317-00dd010662da, version 1.0
Description : Distributed Transaction Coordinator
Windows process : msdtc.exe
Type : Local RPC service
Named pipe : OLE3F0A6FF4739F493BA05A6653E861

Object UUID : 791d0306-851a-4321-b1d5-e92b0db5287b
UUID : 906b0ce0-c70b-1067-b317-00dd010662da, version 1.0
Description : Distributed Transaction Coordinator
Windows process : msdtc.exe
Type : Local RPC service
Named pipe : LRPC-26a9e6db94a1db6ac7

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345678-1234-abcd-ef00-0123456789ab, version 1.0
Description : IPsec Services (Windows XP & 2003)
Windows process : lsass.exe
Annotation : IPSec Policy agent endpoint
Type : Local RPC service
Named pipe : LRPC-1650dcdbbb061ae936

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0
Description : Security Account Manager
Windows process : lsass.exe
Type : Local RPC service
Named pipe : LRPC-66886142d1b19d2367

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0
Description : Security Account Manager
Windows process : lsass.exe
Type : Local RPC service
Named pipe : audit

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0
Description : Security Account Manager
Windows process : lsass.exe
Type : Local RPC service
Named pipe : securityevent

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0
Description : Security Account Manager
Windows process : lsass.exe
Type : Local RPC service
Named pipe : LSARPC_ENDPOINT

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0
Description : Security Account Manager
Windows process : lsass.exe
Type : Local RPC service
Named pipe : lsapolicylookup

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0
Description : Security Account Manager
Windows process : lsass.exe
Type : Local RPC service
Named pipe : lsasspirpc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0
Description : Security Account Manager
Windows process : lsass.exe
Type : Local RPC service
Named pipe : protected_storage

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0
Description : Security Account Manager
Windows process : lsass.exe
Type : Local RPC service
Named pipe : dsrole

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0
Description : Security Account Manager
Windows process : lsass.exe
Type : Local RPC service
Named pipe : samss lpc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 0b6edbfa-4a24-4fc6-8a23-942b1eca65d1, version 1.0
Description : Unknown RPC service
Annotation : Spooler function endpoint
Type : Local RPC service
Named pipe : spoolss

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : ae33069b-a2a8-46ee-a235-ddfd339be281, version 1.0
Description : Unknown RPC service
Annotation : Spooler base remote object endpoint
Type : Local RPC service
Named pipe : spoolss

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 4a452661-8290-4b36-8fbe-7f4093a94978, version 1.0
Description : Unknown RPC service
Annotation : Spooler function endpoint
Type : Local RPC service
Named pipe : spoolss

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : dd490425-5325-4565-b774-7e27d6c09c24, version 1.0
Description : Unknown RPC service
Annotation : Base Firewall Engine API
Type : Local RPC service
Named pipe : LRPC-c95e1212e21055589e

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 7f9d11bf-7fb9-436b-a812-b2d50c5d4c03, version 1.0
Description : Unknown RPC service
Annotation : Fw APIs
Type : Local RPC service
Named pipe : LRPC-c95e1212e21055589e

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 2fb92682-6599-42dc-ae13-bd2ca89bd11c, version 1.0
Description : Unknown RPC service
Annotation : Fw APIs
Type : Local RPC service
Named pipe : LRPC-c95e1212e21055589e

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 7ea70bcf-48af-4f6a-8968-6a440754d5fa, version 1.0
Description : Unknown RPC service
Annotation : NSI server endpoint
Type : Local RPC service
Named pipe : OLE318750A1C69F4544862C9AD74E3D

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 7ea70bcf-48af-4f6a-8968-6a440754d5fa, version 1.0
Description : Unknown RPC service
Annotation : NSI server endpoint
Type : Local RPC service
Named pipe : LRPC-01ab657c15427caa5c

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 3473dd4d-2e88-4006-9cba-22570909dd10, version 5.0
Description : Unknown RPC service
Annotation : WinHttp Auto-Proxy Service
Type : Local RPC service
Named pipe : OLE318750A1C69F4544862C9AD74E3D

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 3473dd4d-2e88-4006-9cba-22570909dd10, version 5.0
Description : Unknown RPC service
Annotation : WinHttp Auto-Proxy Service
Type : Local RPC service
Named pipe : LRPC-01ab657c15427caa5c

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 3473dd4d-2e88-4006-9cba-22570909dd10, version 5.0
Description : Unknown RPC service
Annotation : WinHttp Auto-Proxy Service
Type : Local RPC service
Named pipe : W32TIME_ALT

Object UUID : 3bdb59a0-d736-4d44-9074-c1ee00000001
UUID : 24019106-a203-4642-b88d-82dae9158929, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-7a6c9d687cfd502fbe

Object UUID : 666f7270-6c69-7365-0000-000000000000
UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0
Description : Unknown RPC service
Annotation : Impl friendly name
Type : Local RPC service
Named pipe : IUserProfile2

Object UUID : 6c637067-6569-746e-0000-000000000000
UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0
Description : Unknown RPC service
Annotation : Impl friendly name
Type : Local RPC service
Named pipe : IUserProfile2

Object UUID : 24d1f7c7-76af-4f28-9ccd-7f6cb6468601
UUID : 2eb08e3e-639f-4fba-97b1-14f878961076, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : IUserProfile2

Object UUID : 736e6573-0000-0000-0000-000000000000
UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0
Description : Unknown RPC service
Annotation : Impl friendly name
Type : Local RPC service
Named pipe : IUserProfile2

Object UUID : 736e6573-0000-0000-0000-000000000000
UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0
Description : Unknown RPC service
Annotation : Impl friendly name
Type : Local RPC service
Named pipe : OLE64B1EB8027434366A7ACE7AB79F7

Object UUID : 736e6573-0000-0000-0000-000000000000
UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0
Description : Unknown RPC service
Annotation : Impl friendly name
Type : Local RPC service
Named pipe : senssvc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 0a74ef1c-41a4-4e06-83ae-dc74fb1cdd53, version 1.0
Description : Scheduler Service
Windows process : svchost.exe
Type : Local RPC service
Named pipe : IUserProfile2

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 0a74ef1c-41a4-4e06-83ae-dc74fb1cdd53, version 1.0
Description : Scheduler Service
Windows process : svchost.exe
Type : Local RPC service
Named pipe : OLE64B1EB8027434366A7ACE7AB79F7

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 0a74ef1c-41a4-4e06-83ae-dc74fb1cdd53, version 1.0
Description : Scheduler Service
Windows process : svchost.exe
Type : Local RPC service
Named pipe : senssvc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 1ff70682-0a51-30e8-076d-740be8cee98b, version 1.0
Description : Scheduler Service
Windows process : svchost.exe
Type : Local RPC service
Named pipe : IUserProfile2

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 1ff70682-0a51-30e8-076d-740be8cee98b, version 1.0
Description : Scheduler Service
Windows process : svchost.exe
Type : Local RPC service
Named pipe : OLE64B1EB8027434366A7ACE7AB79F7

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 1ff70682-0a51-30e8-076d-740be8cee98b, version 1.0
Description : Scheduler Service
Windows process : svchost.exe
Type : Local RPC service
Named pipe : senssvc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 378e52b0-c0a9-11cf-822d-00aa0051e40f, version 1.0
Description : Scheduler Service
Windows process : svchost.exe
Type : Local RPC service
Named pipe : IUserProfile2

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 378e52b0-c0a9-11cf-822d-00aa0051e40f, version 1.0
Description : Scheduler Service
Windows process : svchost.exe
Type : Local RPC service
Named pipe : OLE64B1EB8027434366A7ACE7AB79F7

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 378e52b0-c0a9-11cf-822d-00aa0051e40f, version 1.0
Description : Scheduler Service
Windows process : svchost.exe
Type : Local RPC service
Named pipe : senssvc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 86d35949-83c9-4044-b424-db363231fd0c, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : IUserProfile2

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 86d35949-83c9-4044-b424-db363231fd0c, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : OLE64B1EB8027434366A7ACE7AB79F7

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 86d35949-83c9-4044-b424-db363231fd0c, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : senssvc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : a398e520-d59a-4bdd-aa7a-3c1e0303a511, version 1.0
Description : Unknown RPC service
Annotation : IKE/Authip API
Type : Local RPC service
Named pipe : IUserProfile2

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : a398e520-d59a-4bdd-aa7a-3c1e0303a511, version 1.0
Description : Unknown RPC service
Annotation : IKE/Authip API
Type : Local RPC service
Named pipe : OLE64B1EB8027434366A7ACE7AB79F7

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : a398e520-d59a-4bdd-aa7a-3c1e0303a511, version 1.0
Description : Unknown RPC service
Annotation : IKE/Authip API
Type : Local RPC service
Named pipe : senssvc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 552d076a-cb29-4e44-8b6a-d15e59e2c0af, version 1.0
Description : Unknown RPC service
Annotation : IP Transition Configuration endpoint
Type : Local RPC service
Named pipe : IUserProfile2

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 552d076a-cb29-4e44-8b6a-d15e59e2c0af, version 1.0
Description : Unknown RPC service
Annotation : IP Transition Configuration endpoint
Type : Local RPC service
Named pipe : OLE64B1EB8027434366A7ACE7AB79F7

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 552d076a-cb29-4e44-8b6a-d15e59e2c0af, version 1.0
Description : Unknown RPC service
Annotation : IP Transition Configuration endpoint
Type : Local RPC service
Named pipe : senssvc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 98716d03-89ac-44c7-bb8c-285824e51c4a, version 1.0
Description : Unknown RPC service
Annotation : XactSrv service
Type : Local RPC service
Named pipe : IUserProfile2

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 98716d03-89ac-44c7-bb8c-285824e51c4a, version 1.0
Description : Unknown RPC service
Annotation : XactSrv service
Type : Local RPC service
Named pipe : OLE64B1EB8027434366A7ACE7AB79F7

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 98716d03-89ac-44c7-bb8c-285824e51c4a, version 1.0
Description : Unknown RPC service
Annotation : XactSrv service
Type : Local RPC service
Named pipe : senssvc

Object UUID : 73736573-6f69-656e-6e76-000000000000
UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0
Description : Unknown RPC service
Annotation : Impl friendly name
Type : Local RPC service
Named pipe : IUserProfile2

Object UUID : 73736573-6f69-656e-6e76-000000000000
UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0
Description : Unknown RPC service
Annotation : Impl friendly name
Type : Local RPC service
Named pipe : OLE64B1EB8027434366A7ACE7AB79F7

Object UUID : 73736573-6f69-656e-6e76-000000000000
UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0
Description : Unknown RPC service
Annotation : Impl friendly name
Type : Local RPC service
Named pipe : senssvc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 30b044a5-a225-43f0-b3a4-e060df91f9c1, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : IUserProfile2

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 30b044a5-a225-43f0-b3a4-e060df91f9c1, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : OLE64B1EB8027434366A7ACE7AB79F7

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 30b044a5-a225-43f0-b3a4-e060df91f9c1, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : senssvc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : f6beaff7-1e19-4fbb-9f8f-b89e2018337c, version 1.0
Description : Unknown RPC service
Annotation : Event log TCPIP
Type : Local RPC service
Named pipe : eventlog

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 30adc50c-5cbc-46ce-9a0e-91914789e23c, version 1.0
Description : Unknown RPC service
Annotation : NRP server endpoint
Type : Local RPC service
Named pipe : eventlog

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d6, version 1.0
Description : Unknown RPC service
Annotation : DHCPv6 Client LRPC Endpoint
Type : Local RPC service
Named pipe : eventlog

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d6, version 1.0
Description : Unknown RPC service
Annotation : DHCPv6 Client LRPC Endpoint
Type : Local RPC service
Named pipe : dhcpcsvc6

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d5, version 1.0
Description : DHCP Client Service
Windows process : svchost.exe
Annotation : DHCP Client LRPC Endpoint
Type : Local RPC service
Named pipe : eventlog

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d5, version 1.0
Description : DHCP Client Service
Windows process : svchost.exe
Annotation : DHCP Client LRPC Endpoint
Type : Local RPC service
Named pipe : dhcpcsvc6

10.0.0.22 (tcp/139)


The following DCERPC services are available remotely :

Object UUID : 765294ba-60bc-48b8-92e9-89fd77769d91
UUID : d95afe70-a6d5-4259-822e-2c84da1ddb0d, version 1.0
Description : Unknown RPC service
Type : Remote RPC service
Named pipe : \PIPE\InitShutdown
Netbios name : \\DYNAMICS-APP

Object UUID : b08669ee-8cb5-43a5-a017-84fe00000000
UUID : 76f226c3-ec14-4325-8a99-6a46348418af, version 1.0
Description : Unknown RPC service
Type : Remote RPC service
Named pipe : \PIPE\InitShutdown
Netbios name : \\DYNAMICS-APP

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0
Description : Security Account Manager
Windows process : lsass.exe
Type : Remote RPC service
Named pipe : \pipe\lsass
Netbios name : \\DYNAMICS-APP

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0
Description : Security Account Manager
Windows process : lsass.exe
Type : Remote RPC service
Named pipe : \PIPE\protected_storage
Netbios name : \\DYNAMICS-APP

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 3473dd4d-2e88-4006-9cba-22570909dd10, version 5.0
Description : Unknown RPC service
Annotation : WinHttp Auto-Proxy Service
Type : Remote RPC service
Named pipe : \PIPE\W32TIME_ALT
Netbios name : \\DYNAMICS-APP

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 1ff70682-0a51-30e8-076d-740be8cee98b, version 1.0
Description : Scheduler Service
Windows process : svchost.exe
Type : Remote RPC service
Named pipe : \PIPE\atsvc
Netbios name : \\DYNAMICS-APP

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 378e52b0-c0a9-11cf-822d-00aa0051e40f, version 1.0
Description : Scheduler Service
Windows process : svchost.exe
Type : Remote RPC service
Named pipe : \PIPE\atsvc
Netbios name : \\DYNAMICS-APP

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 86d35949-83c9-4044-b424-db363231fd0c, version 1.0
Description : Unknown RPC service
Type : Remote RPC service
Named pipe : \PIPE\atsvc
Netbios name : \\DYNAMICS-APP

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : a398e520-d59a-4bdd-aa7a-3c1e0303a511, version 1.0
Description : Unknown RPC service
Annotation : IKE/Authip API
Type : Remote RPC service
Named pipe : \PIPE\atsvc
Netbios name : \\DYNAMICS-APP

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 552d076a-cb29-4e44-8b6a-d15e59e2c0af, version 1.0
Description : Unknown RPC service
Annotation : IP Transition Configuration endpoint
Type : Remote RPC service
Named pipe : \PIPE\atsvc
Netbios name : \\DYNAMICS-APP

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 98716d03-89ac-44c7-bb8c-285824e51c4a, version 1.0
Description : Unknown RPC service
Annotation : XactSrv service
Type : Remote RPC service
Named pipe : \PIPE\atsvc
Netbios name : \\DYNAMICS-APP

Object UUID : 73736573-6f69-656e-6e76-000000000000
UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0
Description : Unknown RPC service
Annotation : Impl friendly name
Type : Remote RPC service
Named pipe : \PIPE\atsvc
Netbios name : \\DYNAMICS-APP

Object UUID : 73736573-6f69-656e-6e76-000000000000
UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0
Description : Unknown RPC service
Annotation : Impl friendly name
Type : Remote RPC service
Named pipe : \PIPE\srvsvc
Netbios name : \\DYNAMICS-APP

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 30b044a5-a225-43f0-b3a4-e060df91f9c1, version 1.0
Description : Unknown RPC service
Type : Remote RPC service
Named pipe : \PIPE\atsvc
Netbios name : \\DYNAMICS-APP

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 30b044a5-a225-43f0-b3a4-e060df91f9c1, version 1.0
Description : Unknown RPC service
Type : Remote RPC service
Named pipe : \PIPE\srvsvc
Netbios name : \\DYNAMICS-APP

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : f6beaff7-1e19-4fbb-9f8f-b89e2018337c, version 1.0
Description : Unknown RPC service
Annotation : Event log TCPIP
Type : Remote RPC service
Named pipe : \pipe\eventlog
Netbios name : \\DYNAMICS-APP

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 30adc50c-5cbc-46ce-9a0e-91914789e23c, version 1.0
Description : Unknown RPC service
Annotation : NRP server endpoint
Type : Remote RPC service
Named pipe : \pipe\eventlog
Netbios name : \\DYNAMICS-APP

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d6, version 1.0
Description : Unknown RPC service
Annotation : DHCPv6 Client LRPC Endpoint
Type : Remote RPC service
Named pipe : \pipe\eventlog
Netbios name : \\DYNAMICS-APP

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d5, version 1.0
Description : DHCP Client Service
Windows process : svchost.exe
Annotation : DHCP Client LRPC Endpoint
Type : Remote RPC service
Named pipe : \pipe\eventlog
Netbios name : \\DYNAMICS-APP

10.0.0.22 (tcp/49152)


The following DCERPC services are available on TCP port 49152 :

Object UUID : 765294ba-60bc-48b8-92e9-89fd77769d91
UUID : d95afe70-a6d5-4259-822e-2c84da1ddb0d, version 1.0
Description : Unknown RPC service
Type : Remote RPC service
TCP Port : 49152
IP : 10.0.0.22

10.0.0.22 (tcp/49153)


The following DCERPC services are available on TCP port 49153 :

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : f6beaff7-1e19-4fbb-9f8f-b89e2018337c, version 1.0
Description : Unknown RPC service
Annotation : Event log TCPIP
Type : Remote RPC service
TCP Port : 49153
IP : 10.0.0.22

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 30adc50c-5cbc-46ce-9a0e-91914789e23c, version 1.0
Description : Unknown RPC service
Annotation : NRP server endpoint
Type : Remote RPC service
TCP Port : 49153
IP : 10.0.0.22

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d6, version 1.0
Description : Unknown RPC service
Annotation : DHCPv6 Client LRPC Endpoint
Type : Remote RPC service
TCP Port : 49153
IP : 10.0.0.22

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d5, version 1.0
Description : DHCP Client Service
Windows process : svchost.exe
Annotation : DHCP Client LRPC Endpoint
Type : Remote RPC service
TCP Port : 49153
IP : 10.0.0.22

10.0.0.22 (tcp/49154)


The following DCERPC services are available on TCP port 49154 :

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 86d35949-83c9-4044-b424-db363231fd0c, version 1.0
Description : Unknown RPC service
Type : Remote RPC service
TCP Port : 49154
IP : 10.0.0.22

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : a398e520-d59a-4bdd-aa7a-3c1e0303a511, version 1.0
Description : Unknown RPC service
Annotation : IKE/Authip API
Type : Remote RPC service
TCP Port : 49154
IP : 10.0.0.22

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 552d076a-cb29-4e44-8b6a-d15e59e2c0af, version 1.0
Description : Unknown RPC service
Annotation : IP Transition Configuration endpoint
Type : Remote RPC service
TCP Port : 49154
IP : 10.0.0.22

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 98716d03-89ac-44c7-bb8c-285824e51c4a, version 1.0
Description : Unknown RPC service
Annotation : XactSrv service
Type : Remote RPC service
TCP Port : 49154
IP : 10.0.0.22

Object UUID : 73736573-6f69-656e-6e76-000000000000
UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0
Description : Unknown RPC service
Annotation : Impl friendly name
Type : Remote RPC service
TCP Port : 49154
IP : 10.0.0.22

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 30b044a5-a225-43f0-b3a4-e060df91f9c1, version 1.0
Description : Unknown RPC service
Type : Remote RPC service
TCP Port : 49154
IP : 10.0.0.22

10.0.0.22 (tcp/49172)


The following DCERPC services are available on TCP port 49172 :

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0
Description : Security Account Manager
Windows process : lsass.exe
Type : Remote RPC service
TCP Port : 49172
IP : 10.0.0.22

10.0.0.22 (tcp/49180)


The following DCERPC services are available on TCP port 49180 :

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 367abb81-9844-35f1-ad32-98f038001003, version 2.0
Description : Service Control Manager
Windows process : svchost.exe
Type : Remote RPC service
TCP Port : 49180
IP : 10.0.0.22

10.0.0.22 (tcp/49182)


The following DCERPC services are available on TCP port 49182 :

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 6b5bdd1e-528c-422c-af8c-a4079be4fe48, version 1.0
Description : Unknown RPC service
Annotation : Remote Fw APIs
Type : Remote RPC service
TCP Port : 49182
IP : 10.0.0.22

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345678-1234-abcd-ef00-0123456789ab, version 1.0
Description : IPsec Services (Windows XP & 2003)
Windows process : lsass.exe
Annotation : IPSec Policy agent endpoint
Type : Remote RPC service
TCP Port : 49182
IP : 10.0.0.22

10.0.0.25 (tcp/135)


The following DCERPC services are available locally :

Object UUID : 765294ba-60bc-48b8-92e9-89fd77769d91
UUID : d95afe70-a6d5-4259-822e-2c84da1ddb0d, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : WindowsShutdown

Object UUID : 765294ba-60bc-48b8-92e9-89fd77769d91
UUID : d95afe70-a6d5-4259-822e-2c84da1ddb0d, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : WMsgKRpc0C41B0

Object UUID : b08669ee-8cb5-43a5-a017-84fe00000000
UUID : 76f226c3-ec14-4325-8a99-6a46348418af, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : WindowsShutdown

Object UUID : b08669ee-8cb5-43a5-a017-84fe00000000
UUID : 76f226c3-ec14-4325-8a99-6a46348418af, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : WMsgKRpc0C41B0

Object UUID : 6d726574-7273-0076-0000-000000000000
UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0
Description : Unknown RPC service
Annotation : Impl friendly name
Type : Local RPC service
Named pipe : LRPC-f93a020d170fb66a78

Object UUID : 52ef130c-08fd-4388-86b3-6edf00000001
UUID : 12e65dd8-887f-41ef-91bf-8d816c42c2e7, version 1.0
Description : Unknown RPC service
Annotation : Secure Desktop LRPC interface
Type : Local RPC service
Named pipe : WMsgKRpc0C5B51

Object UUID : b08669ee-8cb5-43a5-a017-84fe00000001
UUID : 76f226c3-ec14-4325-8a99-6a46348418af, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : WMsgKRpc0C5B51

Object UUID : 3bdb59a0-d736-4d44-9074-c1ee00000001
UUID : 24019106-a203-4642-b88d-82dae9158929, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-de4fbab454e4ae6ffb

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 6bffd098-a112-3610-9833-46c3f874532d, version 1.0
Description : DHCP Server Service
Windows process : unknown
Type : Local RPC service
Named pipe : OLEEA61FBA55FBB4A1D8513752254F4

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 5b821720-f63b-11d0-aad2-00c04fc324db, version 1.0
Description : DHCP Server Service
Windows process : unknown
Type : Local RPC service
Named pipe : OLEEA61FBA55FBB4A1D8513752254F4

Object UUID : f1405883-70d4-41c1-99c8-21923bd14fd9
UUID : 906b0ce0-c70b-1067-b317-00dd010662da, version 1.0
Description : Distributed Transaction Coordinator
Windows process : msdtc.exe
Type : Local RPC service
Named pipe : LRPC-51ad047ff2fcbba1db

Object UUID : ded6624a-86f4-4b67-ac6d-88e579ba2127
UUID : 906b0ce0-c70b-1067-b317-00dd010662da, version 1.0
Description : Distributed Transaction Coordinator
Windows process : msdtc.exe
Type : Local RPC service
Named pipe : LRPC-51ad047ff2fcbba1db

Object UUID : 98d6c30b-cf2b-45f6-b27b-58a545fe6b32
UUID : 906b0ce0-c70b-1067-b317-00dd010662da, version 1.0
Description : Distributed Transaction Coordinator
Windows process : msdtc.exe
Type : Local RPC service
Named pipe : LRPC-51ad047ff2fcbba1db

Object UUID : 63305fa0-617a-4964-86e7-db9946d81b48
UUID : 906b0ce0-c70b-1067-b317-00dd010662da, version 1.0
Description : Distributed Transaction Coordinator
Windows process : msdtc.exe
Type : Local RPC service
Named pipe : LRPC-51ad047ff2fcbba1db

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 91ae6020-9e3c-11cf-8d7c-00aa00c091be, version 0.0
Description : Certificate Service
Windows process : unknown
Type : Local RPC service
Named pipe : OLE5789E176D8C243F8AB689FFC70A4

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345678-1234-abcd-ef00-0123456789ab, version 1.0
Description : IPsec Services (Windows XP & 2003)
Windows process : lsass.exe
Annotation : IPSec Policy agent endpoint
Type : Local RPC service
Named pipe : LRPC-39cb842951071b61c5

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 3d267954-eeb7-11d1-b94e-00c04fa3080d, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-60f2b8f33406ae2f3e

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12d4b7c8-77d5-11d1-8c24-00c04fa3080d, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-60f2b8f33406ae2f3e

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : f5cc59b4-4264-101a-8c59-08002b2f8426, version 1.0
Description : File Replication Service
Windows process : ntfrs.exe
Annotation : NtFrs Service
Type : Local RPC service
Named pipe : OLE901BC0700ED040D9B5D0916921B8

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : f5cc59b4-4264-101a-8c59-08002b2f8426, version 1.0
Description : File Replication Service
Windows process : ntfrs.exe
Annotation : NtFrs Service
Type : Local RPC service
Named pipe : LRPC-b3c03bbe7930866137

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : d049b186-814f-11d1-9a3c-00c04fc9b232, version 1.0
Description : File Replication Service
Windows process : ntfrs.exe
Annotation : NtFrs API
Type : Local RPC service
Named pipe : OLE901BC0700ED040D9B5D0916921B8

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : d049b186-814f-11d1-9a3c-00c04fc9b232, version 1.0
Description : File Replication Service
Windows process : ntfrs.exe
Annotation : NtFrs API
Type : Local RPC service
Named pipe : LRPC-b3c03bbe7930866137

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : a00c021c-2be2-11d2-b678-0000f87a8f8e, version 1.0
Description : File Replication Service
Windows process : ntfrs.exe
Annotation : PERFMON SERVICE
Type : Local RPC service
Named pipe : OLE901BC0700ED040D9B5D0916921B8

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : a00c021c-2be2-11d2-b678-0000f87a8f8e, version 1.0
Description : File Replication Service
Windows process : ntfrs.exe
Annotation : PERFMON SERVICE
Type : Local RPC service
Named pipe : LRPC-b3c03bbe7930866137

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 0b6edbfa-4a24-4fc6-8a23-942b1eca65d1, version 1.0
Description : Unknown RPC service
Annotation : Spooler function endpoint
Type : Local RPC service
Named pipe : spoolss

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : ae33069b-a2a8-46ee-a235-ddfd339be281, version 1.0
Description : Unknown RPC service
Annotation : Spooler base remote object endpoint
Type : Local RPC service
Named pipe : spoolss

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 4a452661-8290-4b36-8fbe-7f4093a94978, version 1.0
Description : Unknown RPC service
Annotation : Spooler function endpoint
Type : Local RPC service
Named pipe : spoolss

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : e3514235-4b06-11d1-ab04-00c04fc2dcd2, version 4.0
Description : Active Directory Replication Interface
Windows process : unknown
Annotation : MS NT Directory DRS Interface
Type : Local RPC service
Named pipe : LRPC-2b1a89ed0b21cd5c3d

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : e3514235-4b06-11d1-ab04-00c04fc2dcd2, version 4.0
Description : Active Directory Replication Interface
Windows process : unknown
Annotation : MS NT Directory DRS Interface
Type : Local RPC service
Named pipe : audit

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : e3514235-4b06-11d1-ab04-00c04fc2dcd2, version 4.0
Description : Active Directory Replication Interface
Windows process : unknown
Annotation : MS NT Directory DRS Interface
Type : Local RPC service
Named pipe : securityevent

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : e3514235-4b06-11d1-ab04-00c04fc2dcd2, version 4.0
Description : Active Directory Replication Interface
Windows process : unknown
Annotation : MS NT Directory DRS Interface
Type : Local RPC service
Named pipe : LSARPC_ENDPOINT

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : e3514235-4b06-11d1-ab04-00c04fc2dcd2, version 4.0
Description : Active Directory Replication Interface
Windows process : unknown
Annotation : MS NT Directory DRS Interface
Type : Local RPC service
Named pipe : lsapolicylookup

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : e3514235-4b06-11d1-ab04-00c04fc2dcd2, version 4.0
Description : Active Directory Replication Interface
Windows process : unknown
Annotation : MS NT Directory DRS Interface
Type : Local RPC service
Named pipe : lsasspirpc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : e3514235-4b06-11d1-ab04-00c04fc2dcd2, version 4.0
Description : Active Directory Replication Interface
Windows process : unknown
Annotation : MS NT Directory DRS Interface
Type : Local RPC service
Named pipe : protected_storage

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : e3514235-4b06-11d1-ab04-00c04fc2dcd2, version 4.0
Description : Active Directory Replication Interface
Windows process : unknown
Annotation : MS NT Directory DRS Interface
Type : Local RPC service
Named pipe : dsrole

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : e3514235-4b06-11d1-ab04-00c04fc2dcd2, version 4.0
Description : Active Directory Replication Interface
Windows process : unknown
Annotation : MS NT Directory DRS Interface
Type : Local RPC service
Named pipe : samss lpc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : e3514235-4b06-11d1-ab04-00c04fc2dcd2, version 4.0
Description : Active Directory Replication Interface
Windows process : unknown
Annotation : MS NT Directory DRS Interface
Type : Local RPC service
Named pipe : OLE46B27AEBF62B4054B91F7CCB08F2

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : e3514235-4b06-11d1-ab04-00c04fc2dcd2, version 4.0
Description : Active Directory Replication Interface
Windows process : unknown
Annotation : MS NT Directory DRS Interface
Type : Local RPC service
Named pipe : NTDS_LPC

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : f5cc5a18-4264-101a-8c59-08002b2f8426, version 56.0
Description : Active Directory Name Service Provider (NSP)
Windows process : unknown
Annotation : MS NT Directory NSP Interface
Type : Local RPC service
Named pipe : LRPC-2b1a89ed0b21cd5c3d

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : f5cc5a18-4264-101a-8c59-08002b2f8426, version 56.0
Description : Active Directory Name Service Provider (NSP)
Windows process : unknown
Annotation : MS NT Directory NSP Interface
Type : Local RPC service
Named pipe : audit

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : f5cc5a18-4264-101a-8c59-08002b2f8426, version 56.0
Description : Active Directory Name Service Provider (NSP)
Windows process : unknown
Annotation : MS NT Directory NSP Interface
Type : Local RPC service
Named pipe : securityevent

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : f5cc5a18-4264-101a-8c59-08002b2f8426, version 56.0
Description : Active Directory Name Service Provider (NSP)
Windows process : unknown
Annotation : MS NT Directory NSP Interface
Type : Local RPC service
Named pipe : LSARPC_ENDPOINT

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : f5cc5a18-4264-101a-8c59-08002b2f8426, version 56.0
Description : Active Directory Name Service Provider (NSP)
Windows process : unknown
Annotation : MS NT Directory NSP Interface
Type : Local RPC service
Named pipe : lsapolicylookup

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : f5cc5a18-4264-101a-8c59-08002b2f8426, version 56.0
Description : Active Directory Name Service Provider (NSP)
Windows process : unknown
Annotation : MS NT Directory NSP Interface
Type : Local RPC service
Named pipe : lsasspirpc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : f5cc5a18-4264-101a-8c59-08002b2f8426, version 56.0
Description : Active Directory Name Service Provider (NSP)
Windows process : unknown
Annotation : MS NT Directory NSP Interface
Type : Local RPC service
Named pipe : protected_storage

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : f5cc5a18-4264-101a-8c59-08002b2f8426, version 56.0
Description : Active Directory Name Service Provider (NSP)
Windows process : unknown
Annotation : MS NT Directory NSP Interface
Type : Local RPC service
Named pipe : dsrole

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : f5cc5a18-4264-101a-8c59-08002b2f8426, version 56.0
Description : Active Directory Name Service Provider (NSP)
Windows process : unknown
Annotation : MS NT Directory NSP Interface
Type : Local RPC service
Named pipe : samss lpc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : f5cc5a18-4264-101a-8c59-08002b2f8426, version 56.0
Description : Active Directory Name Service Provider (NSP)
Windows process : unknown
Annotation : MS NT Directory NSP Interface
Type : Local RPC service
Named pipe : OLE46B27AEBF62B4054B91F7CCB08F2

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : f5cc5a18-4264-101a-8c59-08002b2f8426, version 56.0
Description : Active Directory Name Service Provider (NSP)
Windows process : unknown
Annotation : MS NT Directory NSP Interface
Type : Local RPC service
Named pipe : NTDS_LPC

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345778-1234-abcd-ef00-0123456789ab, version 0.0
Description : Local Security Authority
Windows process : lsass.exe
Type : Local RPC service
Named pipe : LRPC-2b1a89ed0b21cd5c3d

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345778-1234-abcd-ef00-0123456789ab, version 0.0
Description : Local Security Authority
Windows process : lsass.exe
Type : Local RPC service
Named pipe : audit

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345778-1234-abcd-ef00-0123456789ab, version 0.0
Description : Local Security Authority
Windows process : lsass.exe
Type : Local RPC service
Named pipe : securityevent

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345778-1234-abcd-ef00-0123456789ab, version 0.0
Description : Local Security Authority
Windows process : lsass.exe
Type : Local RPC service
Named pipe : LSARPC_ENDPOINT

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345778-1234-abcd-ef00-0123456789ab, version 0.0
Description : Local Security Authority
Windows process : lsass.exe
Type : Local RPC service
Named pipe : lsapolicylookup

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345778-1234-abcd-ef00-0123456789ab, version 0.0
Description : Local Security Authority
Windows process : lsass.exe
Type : Local RPC service
Named pipe : lsasspirpc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345778-1234-abcd-ef00-0123456789ab, version 0.0
Description : Local Security Authority
Windows process : lsass.exe
Type : Local RPC service
Named pipe : protected_storage

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345778-1234-abcd-ef00-0123456789ab, version 0.0
Description : Local Security Authority
Windows process : lsass.exe
Type : Local RPC service
Named pipe : dsrole

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345778-1234-abcd-ef00-0123456789ab, version 0.0
Description : Local Security Authority
Windows process : lsass.exe
Type : Local RPC service
Named pipe : samss lpc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345778-1234-abcd-ef00-0123456789ab, version 0.0
Description : Local Security Authority
Windows process : lsass.exe
Type : Local RPC service
Named pipe : OLE46B27AEBF62B4054B91F7CCB08F2

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345778-1234-abcd-ef00-0123456789ab, version 0.0
Description : Local Security Authority
Windows process : lsass.exe
Type : Local RPC service
Named pipe : NTDS_LPC

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0
Description : Security Account Manager
Windows process : lsass.exe
Type : Local RPC service
Named pipe : LRPC-2b1a89ed0b21cd5c3d

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0
Description : Security Account Manager
Windows process : lsass.exe
Type : Local RPC service
Named pipe : audit

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0
Description : Security Account Manager
Windows process : lsass.exe
Type : Local RPC service
Named pipe : securityevent

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0
Description : Security Account Manager
Windows process : lsass.exe
Type : Local RPC service
Named pipe : LSARPC_ENDPOINT

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0
Description : Security Account Manager
Windows process : lsass.exe
Type : Local RPC service
Named pipe : lsapolicylookup

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0
Description : Security Account Manager
Windows process : lsass.exe
Type : Local RPC service
Named pipe : lsasspirpc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0
Description : Security Account Manager
Windows process : lsass.exe
Type : Local RPC service
Named pipe : protected_storage

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0
Description : Security Account Manager
Windows process : lsass.exe
Type : Local RPC service
Named pipe : dsrole

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0
Description : Security Account Manager
Windows process : lsass.exe
Type : Local RPC service
Named pipe : samss lpc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0
Description : Security Account Manager
Windows process : lsass.exe
Type : Local RPC service
Named pipe : OLE46B27AEBF62B4054B91F7CCB08F2

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0
Description : Security Account Manager
Windows process : lsass.exe
Type : Local RPC service
Named pipe : NTDS_LPC

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345678-1234-abcd-ef00-01234567cffb, version 1.0
Description : Network Logon Service
Windows process : lsass.exe
Type : Local RPC service
Named pipe : LRPC-2b1a89ed0b21cd5c3d

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345678-1234-abcd-ef00-01234567cffb, version 1.0
Description : Network Logon Service
Windows process : lsass.exe
Type : Local RPC service
Named pipe : audit

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345678-1234-abcd-ef00-01234567cffb, version 1.0
Description : Network Logon Service
Windows process : lsass.exe
Type : Local RPC service
Named pipe : securityevent

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345678-1234-abcd-ef00-01234567cffb, version 1.0
Description : Network Logon Service
Windows process : lsass.exe
Type : Local RPC service
Named pipe : LSARPC_ENDPOINT

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345678-1234-abcd-ef00-01234567cffb, version 1.0
Description : Network Logon Service
Windows process : lsass.exe
Type : Local RPC service
Named pipe : lsapolicylookup

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345678-1234-abcd-ef00-01234567cffb, version 1.0
Description : Network Logon Service
Windows process : lsass.exe
Type : Local RPC service
Named pipe : lsasspirpc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345678-1234-abcd-ef00-01234567cffb, version 1.0
Description : Network Logon Service
Windows process : lsass.exe
Type : Local RPC service
Named pipe : protected_storage

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345678-1234-abcd-ef00-01234567cffb, version 1.0
Description : Network Logon Service
Windows process : lsass.exe
Type : Local RPC service
Named pipe : dsrole

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345678-1234-abcd-ef00-01234567cffb, version 1.0
Description : Network Logon Service
Windows process : lsass.exe
Type : Local RPC service
Named pipe : samss lpc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345678-1234-abcd-ef00-01234567cffb, version 1.0
Description : Network Logon Service
Windows process : lsass.exe
Type : Local RPC service
Named pipe : OLE46B27AEBF62B4054B91F7CCB08F2

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345678-1234-abcd-ef00-01234567cffb, version 1.0
Description : Network Logon Service
Windows process : lsass.exe
Type : Local RPC service
Named pipe : NTDS_LPC

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 1.0
Description : Unknown RPC service
Annotation : KeyIso
Type : Local RPC service
Named pipe : LRPC-2b1a89ed0b21cd5c3d

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 1.0
Description : Unknown RPC service
Annotation : KeyIso
Type : Local RPC service
Named pipe : audit

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 1.0
Description : Unknown RPC service
Annotation : KeyIso
Type : Local RPC service
Named pipe : securityevent

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 1.0
Description : Unknown RPC service
Annotation : KeyIso
Type : Local RPC service
Named pipe : LSARPC_ENDPOINT

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 1.0
Description : Unknown RPC service
Annotation : KeyIso
Type : Local RPC service
Named pipe : lsapolicylookup

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 1.0
Description : Unknown RPC service
Annotation : KeyIso
Type : Local RPC service
Named pipe : lsasspirpc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 1.0
Description : Unknown RPC service
Annotation : KeyIso
Type : Local RPC service
Named pipe : protected_storage

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 1.0
Description : Unknown RPC service
Annotation : KeyIso
Type : Local RPC service
Named pipe : dsrole

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 1.0
Description : Unknown RPC service
Annotation : KeyIso
Type : Local RPC service
Named pipe : samss lpc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 1.0
Description : Unknown RPC service
Annotation : KeyIso
Type : Local RPC service
Named pipe : OLE46B27AEBF62B4054B91F7CCB08F2

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 1.0
Description : Unknown RPC service
Annotation : KeyIso
Type : Local RPC service
Named pipe : NTDS_LPC

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : dd490425-5325-4565-b774-7e27d6c09c24, version 1.0
Description : Unknown RPC service
Annotation : Base Firewall Engine API
Type : Local RPC service
Named pipe : LRPC-42faea247d2064a05b

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 7f9d11bf-7fb9-436b-a812-b2d50c5d4c03, version 1.0
Description : Unknown RPC service
Annotation : Fw APIs
Type : Local RPC service
Named pipe : LRPC-42faea247d2064a05b

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 2fb92682-6599-42dc-ae13-bd2ca89bd11c, version 1.0
Description : Unknown RPC service
Annotation : Fw APIs
Type : Local RPC service
Named pipe : LRPC-42faea247d2064a05b

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 7ea70bcf-48af-4f6a-8968-6a440754d5fa, version 1.0
Description : Unknown RPC service
Annotation : NSI server endpoint
Type : Local RPC service
Named pipe : OLE518A524ABF8A4C4BB18870D71C3C

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 7ea70bcf-48af-4f6a-8968-6a440754d5fa, version 1.0
Description : Unknown RPC service
Annotation : NSI server endpoint
Type : Local RPC service
Named pipe : LRPC-8ad230ef23ab8e3fed

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 3473dd4d-2e88-4006-9cba-22570909dd10, version 5.0
Description : Unknown RPC service
Annotation : WinHttp Auto-Proxy Service
Type : Local RPC service
Named pipe : OLE518A524ABF8A4C4BB18870D71C3C

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 3473dd4d-2e88-4006-9cba-22570909dd10, version 5.0
Description : Unknown RPC service
Annotation : WinHttp Auto-Proxy Service
Type : Local RPC service
Named pipe : LRPC-8ad230ef23ab8e3fed

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 3473dd4d-2e88-4006-9cba-22570909dd10, version 5.0
Description : Unknown RPC service
Annotation : WinHttp Auto-Proxy Service
Type : Local RPC service
Named pipe : W32TIME_ALT

Object UUID : 666f7270-6c69-7365-0000-000000000000
UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0
Description : Unknown RPC service
Annotation : Impl friendly name
Type : Local RPC service
Named pipe : IUserProfile2

Object UUID : 6c637067-6569-746e-0000-000000000000
UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0
Description : Unknown RPC service
Annotation : Impl friendly name
Type : Local RPC service
Named pipe : IUserProfile2

Object UUID : 24d1f7c7-76af-4f28-9ccd-7f6cb6468601
UUID : 2eb08e3e-639f-4fba-97b1-14f878961076, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : IUserProfile2

Object UUID : 736e6573-0000-0000-0000-000000000000
UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0
Description : Unknown RPC service
Annotation : Impl friendly name
Type : Local RPC service
Named pipe : IUserProfile2

Object UUID : 736e6573-0000-0000-0000-000000000000
UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0
Description : Unknown RPC service
Annotation : Impl friendly name
Type : Local RPC service
Named pipe : OLEF6FCB46438254290A12D58AAC1EE

Object UUID : 736e6573-0000-0000-0000-000000000000
UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0
Description : Unknown RPC service
Annotation : Impl friendly name
Type : Local RPC service
Named pipe : senssvc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 0a74ef1c-41a4-4e06-83ae-dc74fb1cdd53, version 1.0
Description : Scheduler Service
Windows process : svchost.exe
Type : Local RPC service
Named pipe : IUserProfile2

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 0a74ef1c-41a4-4e06-83ae-dc74fb1cdd53, version 1.0
Description : Scheduler Service
Windows process : svchost.exe
Type : Local RPC service
Named pipe : OLEF6FCB46438254290A12D58AAC1EE

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 0a74ef1c-41a4-4e06-83ae-dc74fb1cdd53, version 1.0
Description : Scheduler Service
Windows process : svchost.exe
Type : Local RPC service
Named pipe : senssvc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 1ff70682-0a51-30e8-076d-740be8cee98b, version 1.0
Description : Scheduler Service
Windows process : svchost.exe
Type : Local RPC service
Named pipe : IUserProfile2

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 1ff70682-0a51-30e8-076d-740be8cee98b, version 1.0
Description : Scheduler Service
Windows process : svchost.exe
Type : Local RPC service
Named pipe : OLEF6FCB46438254290A12D58AAC1EE

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 1ff70682-0a51-30e8-076d-740be8cee98b, version 1.0
Description : Scheduler Service
Windows process : svchost.exe
Type : Local RPC service
Named pipe : senssvc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 378e52b0-c0a9-11cf-822d-00aa0051e40f, version 1.0
Description : Scheduler Service
Windows process : svchost.exe
Type : Local RPC service
Named pipe : IUserProfile2

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 378e52b0-c0a9-11cf-822d-00aa0051e40f, version 1.0
Description : Scheduler Service
Windows process : svchost.exe
Type : Local RPC service
Named pipe : OLEF6FCB46438254290A12D58AAC1EE

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 378e52b0-c0a9-11cf-822d-00aa0051e40f, version 1.0
Description : Scheduler Service
Windows process : svchost.exe
Type : Local RPC service
Named pipe : senssvc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 86d35949-83c9-4044-b424-db363231fd0c, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : IUserProfile2

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 86d35949-83c9-4044-b424-db363231fd0c, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : OLEF6FCB46438254290A12D58AAC1EE

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 86d35949-83c9-4044-b424-db363231fd0c, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : senssvc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 98716d03-89ac-44c7-bb8c-285824e51c4a, version 1.0
Description : Unknown RPC service
Annotation : XactSrv service
Type : Local RPC service
Named pipe : IUserProfile2

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 98716d03-89ac-44c7-bb8c-285824e51c4a, version 1.0
Description : Unknown RPC service
Annotation : XactSrv service
Type : Local RPC service
Named pipe : OLEF6FCB46438254290A12D58AAC1EE

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 98716d03-89ac-44c7-bb8c-285824e51c4a, version 1.0
Description : Unknown RPC service
Annotation : XactSrv service
Type : Local RPC service
Named pipe : senssvc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : a398e520-d59a-4bdd-aa7a-3c1e0303a511, version 1.0
Description : Unknown RPC service
Annotation : IKE/Authip API
Type : Local RPC service
Named pipe : IUserProfile2

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : a398e520-d59a-4bdd-aa7a-3c1e0303a511, version 1.0
Description : Unknown RPC service
Annotation : IKE/Authip API
Type : Local RPC service
Named pipe : OLEF6FCB46438254290A12D58AAC1EE

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : a398e520-d59a-4bdd-aa7a-3c1e0303a511, version 1.0
Description : Unknown RPC service
Annotation : IKE/Authip API
Type : Local RPC service
Named pipe : senssvc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 552d076a-cb29-4e44-8b6a-d15e59e2c0af, version 1.0
Description : Unknown RPC service
Annotation : IP Transition Configuration endpoint
Type : Local RPC service
Named pipe : IUserProfile2

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 552d076a-cb29-4e44-8b6a-d15e59e2c0af, version 1.0
Description : Unknown RPC service
Annotation : IP Transition Configuration endpoint
Type : Local RPC service
Named pipe : OLEF6FCB46438254290A12D58AAC1EE

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 552d076a-cb29-4e44-8b6a-d15e59e2c0af, version 1.0
Description : Unknown RPC service
Annotation : IP Transition Configuration endpoint
Type : Local RPC service
Named pipe : senssvc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 30b044a5-a225-43f0-b3a4-e060df91f9c1, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : IUserProfile2

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 30b044a5-a225-43f0-b3a4-e060df91f9c1, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : OLEF6FCB46438254290A12D58AAC1EE

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 30b044a5-a225-43f0-b3a4-e060df91f9c1, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : senssvc

Object UUID : 73736573-6f69-656e-6e76-000000000000
UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0
Description : Unknown RPC service
Annotation : Impl friendly name
Type : Local RPC service
Named pipe : IUserProfile2

Object UUID : 73736573-6f69-656e-6e76-000000000000
UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0
Description : Unknown RPC service
Annotation : Impl friendly name
Type : Local RPC service
Named pipe : OLEF6FCB46438254290A12D58AAC1EE

Object UUID : 73736573-6f69-656e-6e76-000000000000
UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0
Description : Unknown RPC service
Annotation : Impl friendly name
Type : Local RPC service
Named pipe : senssvc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 201ef99a-7fa0-444c-9399-19ba84f12a1a, version 1.0
Description : Unknown RPC service
Annotation : AppInfo
Type : Local RPC service
Named pipe : IUserProfile2

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 201ef99a-7fa0-444c-9399-19ba84f12a1a, version 1.0
Description : Unknown RPC service
Annotation : AppInfo
Type : Local RPC service
Named pipe : OLEF6FCB46438254290A12D58AAC1EE

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 201ef99a-7fa0-444c-9399-19ba84f12a1a, version 1.0
Description : Unknown RPC service
Annotation : AppInfo
Type : Local RPC service
Named pipe : senssvc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 5f54ce7d-5b79-4175-8584-cb65313a0e98, version 1.0
Description : Unknown RPC service
Annotation : AppInfo
Type : Local RPC service
Named pipe : IUserProfile2

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 5f54ce7d-5b79-4175-8584-cb65313a0e98, version 1.0
Description : Unknown RPC service
Annotation : AppInfo
Type : Local RPC service
Named pipe : OLEF6FCB46438254290A12D58AAC1EE

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 5f54ce7d-5b79-4175-8584-cb65313a0e98, version 1.0
Description : Unknown RPC service
Annotation : AppInfo
Type : Local RPC service
Named pipe : senssvc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : fd7a0523-dc70-43dd-9b2e-9c5ed48225b1, version 1.0
Description : Unknown RPC service
Annotation : AppInfo
Type : Local RPC service
Named pipe : IUserProfile2

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : fd7a0523-dc70-43dd-9b2e-9c5ed48225b1, version 1.0
Description : Unknown RPC service
Annotation : AppInfo
Type : Local RPC service
Named pipe : OLEF6FCB46438254290A12D58AAC1EE

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : fd7a0523-dc70-43dd-9b2e-9c5ed48225b1, version 1.0
Description : Unknown RPC service
Annotation : AppInfo
Type : Local RPC service
Named pipe : senssvc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 58e604e8-9adb-4d2e-a464-3b0683fb1480, version 1.0
Description : Unknown RPC service
Annotation : AppInfo
Type : Local RPC service
Named pipe : IUserProfile2

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 58e604e8-9adb-4d2e-a464-3b0683fb1480, version 1.0
Description : Unknown RPC service
Annotation : AppInfo
Type : Local RPC service
Named pipe : OLEF6FCB46438254290A12D58AAC1EE

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 58e604e8-9adb-4d2e-a464-3b0683fb1480, version 1.0
Description : Unknown RPC service
Annotation : AppInfo
Type : Local RPC service
Named pipe : senssvc

Object UUID : 8c7daf44-b6dc-11d1-9a4c-0020af6e7c57
UUID : 8c7daf44-b6dc-11d1-9a4c-0020af6e7c57, version 1.0
Description : Application Management service
Windows process : svchost.exe
Type : Local RPC service
Named pipe : IUserProfile2

Object UUID : 8c7daf44-b6dc-11d1-9a4c-0020af6e7c57
UUID : 8c7daf44-b6dc-11d1-9a4c-0020af6e7c57, version 1.0
Description : Application Management service
Windows process : svchost.exe
Type : Local RPC service
Named pipe : OLEF6FCB46438254290A12D58AAC1EE

Object UUID : 8c7daf44-b6dc-11d1-9a4c-0020af6e7c57
UUID : 8c7daf44-b6dc-11d1-9a4c-0020af6e7c57, version 1.0
Description : Application Management service
Windows process : svchost.exe
Type : Local RPC service
Named pipe : senssvc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : f6beaff7-1e19-4fbb-9f8f-b89e2018337c, version 1.0
Description : Unknown RPC service
Annotation : Event log TCPIP
Type : Local RPC service
Named pipe : eventlog

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 30adc50c-5cbc-46ce-9a0e-91914789e23c, version 1.0
Description : Unknown RPC service
Annotation : NRP server endpoint
Type : Local RPC service
Named pipe : eventlog

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d5, version 1.0
Description : DHCP Client Service
Windows process : svchost.exe
Annotation : DHCP Client LRPC Endpoint
Type : Local RPC service
Named pipe : eventlog

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d5, version 1.0
Description : DHCP Client Service
Windows process : svchost.exe
Annotation : DHCP Client LRPC Endpoint
Type : Local RPC service
Named pipe : dhcpcsvc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d6, version 1.0
Description : Unknown RPC service
Annotation : DHCPv6 Client LRPC Endpoint
Type : Local RPC service
Named pipe : eventlog

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d6, version 1.0
Description : Unknown RPC service
Annotation : DHCPv6 Client LRPC Endpoint
Type : Local RPC service
Named pipe : dhcpcsvc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d6, version 1.0
Description : Unknown RPC service
Annotation : DHCPv6 Client LRPC Endpoint
Type : Local RPC service
Named pipe : dhcpcsvc6

10.0.0.25 (tcp/139)

report output too big - ending list here

14274 (107) - Nessus SNMP Scanner
Synopsis
SNMP information is enumerated to learn about other open ports.
Description
This plugin runs an SNMP scan against the remote machine to find open ports.

See the section 'plugins options' to configure it.
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2004/08/15, Modified: 2018/01/29
Plugin Output

10.0.0.5 (tcp/0)


Nessus SNMP scanner was able to retrieve the open port list
with the community name: p*****
It found 1 open TCP ports and 9 open UDP ports.

10.0.0.5 (udp/69)

Port 69/udp was found to be open

10.0.0.5 (udp/2362)

Port 2362/udp was found to be open

10.0.0.5 (udp/4679)

Port 4679/udp was found to be open

10.0.0.5 (tcp/5000)

Port 5000/tcp was found to be open

10.0.0.5 (udp/34563)

Port 34563/udp was found to be open

10.0.0.5 (udp/45618)

Port 45618/udp was found to be open

10.0.0.5 (udp/51400)

Port 51400/udp was found to be open

10.0.0.5 (udp/57320)

Port 57320/udp was found to be open

10.0.0.5 (udp/61428)

Port 61428/udp was found to be open

10.0.0.5 (udp/62865)

Port 62865/udp was found to be open

10.0.0.11 (tcp/0)


Nessus SNMP scanner was able to retrieve the open port list
with the community name: p*****
It found 7 open TCP ports and 5 open UDP ports.

10.0.0.11 (udp/69)

Port 69/udp was found to be open

10.0.0.11 (udp/161)

Port 161/udp was found to be open

10.0.0.11 (udp/3702)

Port 3702/udp was found to be open

10.0.0.11 (tcp/5000)

Port 5000/tcp was found to be open

10.0.0.11 (udp/5353)

Port 5353/udp was found to be open

10.0.0.11 (udp/9580)

Port 9580/udp was found to be open

10.0.0.11 (tcp/65001)

Port 65001/tcp was found to be open

10.0.0.11 (tcp/65488)

Port 65488/tcp was found to be open

10.0.0.11 (tcp/65492)

Port 65492/tcp was found to be open

10.0.0.11 (tcp/65498)

Port 65498/tcp was found to be open

10.0.0.11 (tcp/65500)

Port 65500/tcp was found to be open

10.0.0.11 (tcp/65509)

Port 65509/tcp was found to be open

10.0.0.12 (tcp/0)


Nessus SNMP scanner was able to retrieve the open port list
with the community name: p*****
It found 7 open TCP ports and 5 open UDP ports.

10.0.0.12 (udp/69)

Port 69/udp was found to be open

10.0.0.12 (udp/161)

Port 161/udp was found to be open

10.0.0.12 (udp/3702)

Port 3702/udp was found to be open

10.0.0.12 (tcp/5000)

Port 5000/tcp was found to be open

10.0.0.12 (udp/5353)

Port 5353/udp was found to be open

10.0.0.12 (udp/9580)

Port 9580/udp was found to be open

10.0.0.12 (tcp/65001)

Port 65001/tcp was found to be open

10.0.0.12 (tcp/65488)

Port 65488/tcp was found to be open

10.0.0.12 (tcp/65492)

Port 65492/tcp was found to be open

10.0.0.12 (tcp/65498)

Port 65498/tcp was found to be open

10.0.0.12 (tcp/65500)

Port 65500/tcp was found to be open

10.0.0.12 (tcp/65509)

Port 65509/tcp was found to be open

10.0.0.17 (tcp/0)


Nessus SNMP scanner was able to retrieve the open port list
with the community name: p*****
It found 7 open TCP ports and 5 open UDP ports.

10.0.0.17 (udp/69)

Port 69/udp was found to be open

10.0.0.17 (udp/161)

Port 161/udp was found to be open

10.0.0.17 (udp/3702)

Port 3702/udp was found to be open

10.0.0.17 (tcp/5000)

Port 5000/tcp was found to be open

10.0.0.17 (udp/5353)

Port 5353/udp was found to be open

10.0.0.17 (udp/9580)

Port 9580/udp was found to be open

10.0.0.17 (tcp/65001)

Port 65001/tcp was found to be open

10.0.0.17 (tcp/65488)

Port 65488/tcp was found to be open

10.0.0.17 (tcp/65492)

Port 65492/tcp was found to be open

10.0.0.17 (tcp/65498)

Port 65498/tcp was found to be open

10.0.0.17 (tcp/65500)

Port 65500/tcp was found to be open

10.0.0.17 (tcp/65509)

Port 65509/tcp was found to be open

10.0.0.19 (tcp/0)


Nessus SNMP scanner was able to retrieve the open port list
with the community name: p*****
It found 7 open TCP ports and 5 open UDP ports.

10.0.0.19 (udp/69)

Port 69/udp was found to be open

10.0.0.19 (udp/161)

Port 161/udp was found to be open

10.0.0.19 (udp/3702)

Port 3702/udp was found to be open

10.0.0.19 (tcp/5000)

Port 5000/tcp was found to be open

10.0.0.19 (udp/5353)

Port 5353/udp was found to be open

10.0.0.19 (udp/9580)

Port 9580/udp was found to be open

10.0.0.19 (tcp/65001)

Port 65001/tcp was found to be open

10.0.0.19 (tcp/65488)

Port 65488/tcp was found to be open

10.0.0.19 (tcp/65492)

Port 65492/tcp was found to be open

10.0.0.19 (tcp/65498)

Port 65498/tcp was found to be open

10.0.0.19 (tcp/65500)

Port 65500/tcp was found to be open

10.0.0.19 (tcp/65509)

Port 65509/tcp was found to be open

10.0.0.26 (tcp/0)


Nessus SNMP scanner was able to retrieve the open port list
with the community name: p*****
It found 13 open TCP ports and 11 open UDP ports.

10.0.0.26 (tcp/80)

Port 80/tcp was found to be open

10.0.0.26 (udp/137)

Port 137/udp was found to be open

10.0.0.26 (udp/138)

Port 138/udp was found to be open

10.0.0.26 (udp/161)

Port 161/udp was found to be open

10.0.0.26 (tcp/427)

Port 427/tcp was found to be open

10.0.0.26 (udp/427)

Port 427/udp was found to be open

10.0.0.26 (tcp/443)

Port 443/tcp was found to be open

10.0.0.26 (tcp/515)

Port 515/tcp was found to be open

10.0.0.26 (tcp/631)

Port 631/tcp was found to be open

10.0.0.26 (udp/1900)

Port 1900/udp was found to be open

10.0.0.26 (udp/5355)

Port 5355/udp was found to be open

10.0.0.26 (tcp/9100)

Port 9100/tcp was found to be open

10.0.0.26 (tcp/9112)

Port 9112/tcp was found to be open

10.0.0.26 (tcp/9113)

Port 9113/tcp was found to be open

10.0.0.26 (tcp/9114)

Port 9114/tcp was found to be open

10.0.0.26 (tcp/9115)

Port 9115/tcp was found to be open

10.0.0.26 (tcp/9116)

Port 9116/tcp was found to be open

10.0.0.26 (udp/12121)

Port 12121/udp was found to be open

10.0.0.26 (udp/37173)

Port 37173/udp was found to be open

10.0.0.26 (udp/48828)

Port 48828/udp was found to be open

10.0.0.26 (tcp/50001)

Port 50001/tcp was found to be open

10.0.0.26 (udp/51900)

Port 51900/udp was found to be open

10.0.0.26 (udp/58730)

Port 58730/udp was found to be open

10.0.0.26 (tcp/59158)

Port 59158/tcp was found to be open

10.0.0.87 (tcp/0)


Nessus SNMP scanner was able to retrieve the open port list
with the community name: p*****
It found 1 open TCP ports and 1 open UDP ports.

10.0.0.87 (tcp/80)

Port 80/tcp was found to be open

10.0.0.87 (udp/161)

Port 161/udp was found to be open

10.0.0.248 (tcp/0)


Nessus SNMP scanner was able to retrieve the open port list
with the community name: p*****
It found 4 open TCP ports and 3 open UDP ports.

10.0.0.248 (tcp/23)

Port 23/tcp was found to be open

10.0.0.248 (udp/69)

Port 69/udp was found to be open

10.0.0.248 (tcp/80)

Port 80/tcp was found to be open

10.0.0.248 (udp/161)

Port 161/udp was found to be open

10.0.0.248 (tcp/1506)

Port 1506/tcp was found to be open

10.0.0.248 (udp/1507)

Port 1507/udp was found to be open

10.0.0.248 (tcp/1513)

Port 1513/tcp was found to be open

10.0.0.249 (tcp/0)


Nessus SNMP scanner was able to retrieve the open port list
with the community name: p*****
It found 4 open TCP ports and 3 open UDP ports.

10.0.0.249 (tcp/23)

Port 23/tcp was found to be open

10.0.0.249 (udp/69)

Port 69/udp was found to be open

10.0.0.249 (tcp/80)

Port 80/tcp was found to be open

10.0.0.249 (udp/161)

Port 161/udp was found to be open

10.0.0.249 (tcp/1506)

Port 1506/tcp was found to be open

10.0.0.249 (udp/1507)

Port 1507/udp was found to be open

10.0.0.249 (tcp/1513)

Port 1513/tcp was found to be open
34220 (76) - Netstat Portscanner (WMI)
Synopsis
Remote open ports can be enumerated via WMI.
Description
Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.
See Also
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2008/09/16, Modified: 2018/04/18
Plugin Output

10.0.0.14 (tcp/0)


Nessus was able to find 33 open ports.

10.0.0.14 (tcp/21)

Port 21/tcp was found to be open

10.0.0.14 (udp/37)

Port 37/udp was found to be open

10.0.0.14 (tcp/80)

Port 80/tcp was found to be open

10.0.0.14 (udp/123)

Port 123/udp was found to be open

10.0.0.14 (tcp/135)

Port 135/tcp was found to be open

10.0.0.14 (udp/137)

Port 137/udp was found to be open

10.0.0.14 (udp/138)

Port 138/udp was found to be open

10.0.0.14 (tcp/139)

Port 139/tcp was found to be open

10.0.0.14 (udp/161)

Port 161/udp was found to be open

10.0.0.14 (tcp/445)

Port 445/tcp was found to be open

10.0.0.14 (udp/500)

Port 500/udp was found to be open

10.0.0.14 (tcp/3389)

Port 3389/tcp was found to be open

10.0.0.14 (udp/3456)

Port 3456/udp was found to be open

10.0.0.14 (udp/4500)

Port 4500/udp was found to be open

10.0.0.14 (udp/5355)

Port 5355/udp was found to be open

10.0.0.14 (udp/6001)

Port 6001/udp was found to be open

10.0.0.14 (tcp/6002)

Port 6002/tcp was found to be open

10.0.0.14 (tcp/7001)

Port 7001/tcp was found to be open

10.0.0.14 (udp/7001)

Port 7001/udp was found to be open

10.0.0.14 (tcp/7002)

Port 7002/tcp was found to be open

10.0.0.14 (tcp/47001)

Port 47001/tcp was found to be open

10.0.0.14 (tcp/49152)

Port 49152/tcp was found to be open

10.0.0.14 (tcp/49153)

Port 49153/tcp was found to be open

10.0.0.14 (tcp/49154)

Port 49154/tcp was found to be open

10.0.0.14 (tcp/50791)

Port 50791/tcp was found to be open

10.0.0.14 (udp/50791)

Port 50791/udp was found to be open

10.0.0.14 (udp/50800)

Port 50800/udp was found to be open

10.0.0.14 (tcp/57695)

Port 57695/tcp was found to be open

10.0.0.14 (tcp/57696)

Port 57696/tcp was found to be open

10.0.0.14 (tcp/57715)

Port 57715/tcp was found to be open

10.0.0.14 (tcp/57716)

Port 57716/tcp was found to be open

10.0.0.14 (udp/57911)

Port 57911/udp was found to be open

10.0.0.14 (udp/60727)

Port 60727/udp was found to be open

10.0.0.64 (tcp/0)


Nessus was able to find 41 open ports.

10.0.0.64 (tcp/111)

Port 111/tcp was found to be open

10.0.0.64 (udp/111)

Port 111/udp was found to be open

10.0.0.64 (udp/123)

Port 123/udp was found to be open

10.0.0.64 (tcp/135)

Port 135/tcp was found to be open

10.0.0.64 (udp/137)

Port 137/udp was found to be open

10.0.0.64 (udp/138)

Port 138/udp was found to be open

10.0.0.64 (tcp/139)

Port 139/tcp was found to be open

10.0.0.64 (tcp/445)

Port 445/tcp was found to be open

10.0.0.64 (udp/500)

Port 500/udp was found to be open

10.0.0.64 (tcp/1063)

Port 1063/tcp was found to be open

10.0.0.64 (udp/1063)

Port 1063/udp was found to be open

10.0.0.64 (udp/1434)

Port 1434/udp was found to be open

10.0.0.64 (udp/1900)

Port 1900/udp was found to be open

10.0.0.64 (tcp/2049)

Port 2049/tcp was found to be open

10.0.0.64 (udp/2049)

Port 2049/udp was found to be open

10.0.0.64 (tcp/3306)

Port 3306/tcp was found to be open

10.0.0.64 (tcp/3389)

Port 3389/tcp was found to be open

10.0.0.64 (udp/4500)

Port 4500/udp was found to be open

10.0.0.64 (tcp/4502)

Port 4502/tcp was found to be open

10.0.0.64 (udp/5355)

Port 5355/udp was found to be open

10.0.0.64 (tcp/6160)

Port 6160/tcp was found to be open

10.0.0.64 (tcp/6161)

Port 6161/tcp was found to be open

10.0.0.64 (tcp/6162)

Port 6162/tcp was found to be open

10.0.0.64 (tcp/6169)

Port 6169/tcp was found to be open

10.0.0.64 (tcp/9392)

Port 9392/tcp was found to be open

10.0.0.64 (tcp/9393)

Port 9393/tcp was found to be open

10.0.0.64 (tcp/10001)

Port 10001/tcp was found to be open

10.0.0.64 (tcp/10003)

Port 10003/tcp was found to be open

10.0.0.64 (tcp/49152)

Port 49152/tcp was found to be open

10.0.0.64 (tcp/49153)

Port 49153/tcp was found to be open

10.0.0.64 (tcp/49154)

Port 49154/tcp was found to be open

10.0.0.64 (tcp/49155)

Port 49155/tcp was found to be open

10.0.0.64 (tcp/49184)

Port 49184/tcp was found to be open

10.0.0.64 (tcp/49231)

Port 49231/tcp was found to be open

10.0.0.64 (tcp/49234)

Port 49234/tcp was found to be open

10.0.0.64 (tcp/49570)

Port 49570/tcp was found to be open

10.0.0.64 (udp/50800)

Port 50800/udp was found to be open

10.0.0.64 (udp/54030)

Port 54030/udp was found to be open

10.0.0.64 (udp/54031)

Port 54031/udp was found to be open

10.0.0.64 (udp/54672)

Port 54672/udp was found to be open

10.0.0.64 (udp/56798)

Port 56798/udp was found to be open
34252 (74) - Microsoft Windows Remote Listeners Enumeration (WMI)
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.
Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2008/09/23, Modified: 2018/04/18
Plugin Output

10.0.0.14 (tcp/21)


The Win32 process 'inetinfo.exe' is listening on this port (pid 1608).

This process 'inetinfo.exe' (pid 1608) is hosting the following Windows services :
IISADMIN (@%windir%\system32\inetsrv\iisres.dll,-30007)
MSFTPSVC (@%windir%\system32\inetsrv\iisres.dll,-30005)

10.0.0.14 (udp/37)


The Win32 process 'VMProV5Svc.exe' is listening on this port (pid 820).

This process 'VMProV5Svc.exe' (pid 820) is hosting the following Windows services :
VoicemailProServer (Voicemail Pro Service)

10.0.0.14 (tcp/80)


The Win32 process 'System' is listening on this port (pid 4).

10.0.0.14 (udp/123)


The Win32 process 'svchost.exe' is listening on this port (pid 1132).

This process 'svchost.exe' (pid 1132) is hosting the following Windows services :
EventSystem (@comres.dll,-2450)
LanmanWorkstation (@%systemroot%\system32\wkssvc.dll,-100)
netprofm (@%SystemRoot%\system32\netprof.dll,-246)
nsi (@%SystemRoot%\system32\nsisvc.dll,-200)
SstpSvc (@%SystemRoot%\system32\sstpsvc.dll,-200)
W32Time (@%SystemRoot%\system32\w32time.dll,-200)

10.0.0.14 (tcp/135)


The Win32 process 'svchost.exe' is listening on this port (pid 888).

This process 'svchost.exe' (pid 888) is hosting the following Windows services :
RpcSs (@oleres.dll,-5010)

10.0.0.14 (udp/137)


The Win32 process 'System' is listening on this port (pid 4).

10.0.0.14 (udp/138)


The Win32 process 'System' is listening on this port (pid 4).

10.0.0.14 (tcp/139)


The Win32 process 'System' is listening on this port (pid 4).

10.0.0.14 (udp/161)


The Win32 process 'snmp.exe' is listening on this port (pid 1952).

This process 'snmp.exe' (pid 1952) is hosting the following Windows services :
SNMP (@%SystemRoot%\system32\snmp.exe,-3)

10.0.0.14 (tcp/445)


The Win32 process 'System' is listening on this port (pid 4).

10.0.0.14 (udp/500)


The Win32 process 'svchost.exe' is listening on this port (pid 1040).

This process 'svchost.exe' (pid 1040) is hosting the following Windows services :
AeLookupSvc (@%SystemRoot%\system32\aelupsvc.dll,-1)
BITS (@%SystemRoot%\system32\qmgr.dll,-1000)
CertPropSvc (@%SystemRoot%\System32\certprop.dll,-11)
IKEEXT (@%SystemRoot%\system32\ikeext.dll,-501)
iphlpsvc (@%SystemRoot%\system32\iphlpsvc.dll,-200)
LanmanServer (@%systemroot%\system32\srvsvc.dll,-100)
ProfSvc (@%systemroot%\system32\profsvc.dll,-300)
RasMan (@%Systemroot%\system32\rasmans.dll,-200)
Schedule (@%SystemRoot%\system32\schedsvc.dll,-100)
seclogon (@%SystemRoot%\system32\seclogon.dll,-7001)
SENS (@%SystemRoot%\system32\Sens.dll,-200)
SessionEnv (@%SystemRoot%\System32\SessEnv.dll,-1026)
ShellHWDetection (@%SystemRoot%\System32\shsvcs.dll,-12288)
Winmgmt (@%Systemroot%\system32\wbem\wmisvc.dll,-205)
wuauserv (@%systemroot%\system32\wuaueng.dll,-105)

10.0.0.14 (tcp/3389)


The Win32 process 'svchost.exe' is listening on this port (pid 1240).

This process 'svchost.exe' (pid 1240) is hosting the following Windows services :
CryptSvc (@%SystemRoot%\system32\cryptsvc.dll,-1001)
Dnscache (@%SystemRoot%\System32\dnsapi.dll,-101)
KtmRm (@comres.dll,-2946)
NlaSvc (@%SystemRoot%\System32\nlasvc.dll,-1)
TermService (@%SystemRoot%\System32\termsrv.dll,-268)
Wecsvc (@%SystemRoot%\system32\wecsvc.dll,-200)
WinRM (@%Systemroot%\system32\wsmsvc.dll,-101)

10.0.0.14 (udp/3456)


The Win32 process 'inetinfo.exe' is listening on this port (pid 1608).

This process 'inetinfo.exe' (pid 1608) is hosting the following Windows services :
IISADMIN (@%windir%\system32\inetsrv\iisres.dll,-30007)
MSFTPSVC (@%windir%\system32\inetsrv\iisres.dll,-30005)

10.0.0.14 (udp/4500)


The Win32 process 'svchost.exe' is listening on this port (pid 1040).

This process 'svchost.exe' (pid 1040) is hosting the following Windows services :
AeLookupSvc (@%SystemRoot%\system32\aelupsvc.dll,-1)
BITS (@%SystemRoot%\system32\qmgr.dll,-1000)
CertPropSvc (@%SystemRoot%\System32\certprop.dll,-11)
IKEEXT (@%SystemRoot%\system32\ikeext.dll,-501)
iphlpsvc (@%SystemRoot%\system32\iphlpsvc.dll,-200)
LanmanServer (@%systemroot%\system32\srvsvc.dll,-100)
ProfSvc (@%systemroot%\system32\profsvc.dll,-300)
RasMan (@%Systemroot%\system32\rasmans.dll,-200)
Schedule (@%SystemRoot%\system32\schedsvc.dll,-100)
seclogon (@%SystemRoot%\system32\seclogon.dll,-7001)
SENS (@%SystemRoot%\system32\Sens.dll,-200)
SessionEnv (@%SystemRoot%\System32\SessEnv.dll,-1026)
ShellHWDetection (@%SystemRoot%\System32\shsvcs.dll,-12288)
Winmgmt (@%Systemroot%\system32\wbem\wmisvc.dll,-205)
wuauserv (@%systemroot%\system32\wuaueng.dll,-105)

10.0.0.14 (udp/5355)


The Win32 process 'svchost.exe' is listening on this port (pid 1240).

This process 'svchost.exe' (pid 1240) is hosting the following Windows services :
CryptSvc (@%SystemRoot%\system32\cryptsvc.dll,-1001)
Dnscache (@%SystemRoot%\System32\dnsapi.dll,-101)
KtmRm (@comres.dll,-2946)
NlaSvc (@%SystemRoot%\System32\nlasvc.dll,-1)
TermService (@%SystemRoot%\System32\termsrv.dll,-268)
Wecsvc (@%SystemRoot%\system32\wecsvc.dll,-200)
WinRM (@%Systemroot%\system32\wsmsvc.dll,-101)

10.0.0.14 (udp/6001)


The Win32 process 'spnsrvnt.exe' is listening on this port (pid 1896).

This process 'spnsrvnt.exe' (pid 1896) is hosting the following Windows services :
SentinelProtectionServer (Sentinel Protection Server)

10.0.0.14 (tcp/6002)


The Win32 process 'spnsrvnt.exe' is listening on this port (pid 1896).

This process 'spnsrvnt.exe' (pid 1896) is hosting the following Windows services :
SentinelProtectionServer (Sentinel Protection Server)

10.0.0.14 (tcp/7001)


The Win32 process 'sntlkeyssrvr.exe' is listening on this port (pid 1788).

This process 'sntlkeyssrvr.exe' (pid 1788) is hosting the following Windows services :
SentinelKeysServer (Sentinel Keys Server)

10.0.0.14 (udp/7001)


The Win32 process 'sntlkeyssrvr.exe' is listening on this port (pid 1788).

This process 'sntlkeyssrvr.exe' (pid 1788) is hosting the following Windows services :
SentinelKeysServer (Sentinel Keys Server)

10.0.0.14 (tcp/7002)


The Win32 process 'sntlkeyssrvr.exe' is listening on this port (pid 1788).

This process 'sntlkeyssrvr.exe' (pid 1788) is hosting the following Windows services :
SentinelKeysServer (Sentinel Keys Server)

10.0.0.14 (tcp/47001)


The Win32 process 'System' is listening on this port (pid 4).

10.0.0.14 (tcp/49152)


The Win32 process 'wininit.exe' is listening on this port (pid 576).

10.0.0.14 (tcp/49153)


The Win32 process 'svchost.exe' is listening on this port (pid 964).

This process 'svchost.exe' (pid 964) is hosting the following Windows services :
Dhcp (@%SystemRoot%\system32\dhcpcsvc.dll,-100)
EventLog (@%SystemRoot%\system32\wevtsvc.dll,-200)
lmhosts (@%SystemRoot%\system32\lmhsvc.dll,-101)

10.0.0.14 (tcp/49154)


The Win32 process 'svchost.exe' is listening on this port (pid 1040).

This process 'svchost.exe' (pid 1040) is hosting the following Windows services :
AeLookupSvc (@%SystemRoot%\system32\aelupsvc.dll,-1)
BITS (@%SystemRoot%\system32\qmgr.dll,-1000)
CertPropSvc (@%SystemRoot%\System32\certprop.dll,-11)
IKEEXT (@%SystemRoot%\system32\ikeext.dll,-501)
iphlpsvc (@%SystemRoot%\system32\iphlpsvc.dll,-200)
LanmanServer (@%systemroot%\system32\srvsvc.dll,-100)
ProfSvc (@%systemroot%\system32\profsvc.dll,-300)
RasMan (@%Systemroot%\system32\rasmans.dll,-200)
Schedule (@%SystemRoot%\system32\schedsvc.dll,-100)
seclogon (@%SystemRoot%\system32\seclogon.dll,-7001)
SENS (@%SystemRoot%\system32\Sens.dll,-200)
SessionEnv (@%SystemRoot%\System32\SessEnv.dll,-1026)
ShellHWDetection (@%SystemRoot%\System32\shsvcs.dll,-12288)
Winmgmt (@%Systemroot%\system32\wbem\wmisvc.dll,-205)
wuauserv (@%systemroot%\system32\wuaueng.dll,-105)

10.0.0.14 (tcp/50791)


The Win32 process 'VMProV5Svc.exe' is listening on this port (pid 820).

This process 'VMProV5Svc.exe' (pid 820) is hosting the following Windows services :
VoicemailProServer (Voicemail Pro Service)

10.0.0.14 (udp/50791)


The Win32 process 'VMProV5Svc.exe' is listening on this port (pid 820).

This process 'VMProV5Svc.exe' (pid 820) is hosting the following Windows services :
VoicemailProServer (Voicemail Pro Service)

10.0.0.14 (udp/50800)


The Win32 process 'KeyServe.exe' is listening on this port (pid 3364).

10.0.0.14 (tcp/57695)


The Win32 process 'lsass.exe' is listening on this port (pid 668).

This process 'lsass.exe' (pid 668) is hosting the following Windows services :
Netlogon (@%SystemRoot%\System32\netlogon.dll,-102)
ProtectedStorage (@%systemroot%\system32\psbase.dll,-300)
SamSs (@%SystemRoot%\system32\samsrv.dll,-1)

10.0.0.14 (tcp/57696)


The Win32 process 'svchost.exe' is listening on this port (pid 1748).

This process 'svchost.exe' (pid 1748) is hosting the following Windows services :
PolicyAgent (@%SystemRoot%\System32\polstore.dll,-5010)

10.0.0.14 (tcp/57715)


The Win32 process 'inetinfo.exe' is listening on this port (pid 1608).

This process 'inetinfo.exe' (pid 1608) is hosting the following Windows services :
IISADMIN (@%windir%\system32\inetsrv\iisres.dll,-30007)
MSFTPSVC (@%windir%\system32\inetsrv\iisres.dll,-30005)

10.0.0.14 (tcp/57716)


The Win32 process 'services.exe' is listening on this port (pid 656).

10.0.0.14 (udp/57911)


The Win32 process 'VMProV5Svc.exe' is listening on this port (pid 820).

This process 'VMProV5Svc.exe' (pid 820) is hosting the following Windows services :
VoicemailProServer (Voicemail Pro Service)

10.0.0.14 (udp/60727)


The Win32 process 'KeyServe.exe' is listening on this port (pid 3364).

10.0.0.64 (tcp/111)


The Win32 process 'VeeamNFSSvc.exe' is listening on this port (pid 4364).

This process 'VeeamNFSSvc.exe' (pid 4364) is hosting the following Windows services :
VeeamNFSSvc

10.0.0.64 (udp/111)


The Win32 process 'VeeamNFSSvc.exe' is listening on this port (pid 4364).

This process 'VeeamNFSSvc.exe' (pid 4364) is hosting the following Windows services :
VeeamNFSSvc

10.0.0.64 (udp/123)


The Win32 process 'svchost.exe' is listening on this port (pid 472).

This process 'svchost.exe' (pid 472) is hosting the following Windows services :
EventSystem
FontCache
netprofm
nsi
SstpSvc
W32Time
WdiServiceHost
WinHttpAutoProxySvc

10.0.0.64 (tcp/135)


The Win32 process 'svchost.exe' is listening on this port (pid 868).

This process 'svchost.exe' (pid 868) is hosting the following Windows services :
RpcEptMapper
RpcSs

10.0.0.64 (udp/137)


The Win32 process 'System' is listening on this port (pid 4).

10.0.0.64 (udp/138)


The Win32 process 'System' is listening on this port (pid 4).

10.0.0.64 (tcp/139)


The Win32 process 'System' is listening on this port (pid 4).

10.0.0.64 (tcp/445)


The Win32 process 'System' is listening on this port (pid 4).

10.0.0.64 (udp/500)


The Win32 process 'svchost.exe' is listening on this port (pid 536).

This process 'svchost.exe' (pid 536) is hosting the following Windows services :
Appinfo
BITS
Browser
CertPropSvc
IKEEXT
iphlpsvc
LanmanServer
MSiSCSI
ProfSvc
RasMan
Schedule
seclogon
SENS
SessionEnv
ShellHWDetection
Themes
Winmgmt
wuauserv

10.0.0.64 (tcp/1063)


The Win32 process 'VeeamNFSSvc.exe' is listening on this port (pid 4364).

This process 'VeeamNFSSvc.exe' (pid 4364) is hosting the following Windows services :
VeeamNFSSvc

10.0.0.64 (udp/1063)


The Win32 process 'VeeamNFSSvc.exe' is listening on this port (pid 4364).

This process 'VeeamNFSSvc.exe' (pid 4364) is hosting the following Windows services :
VeeamNFSSvc

10.0.0.64 (udp/1434)


The Win32 process 'sqlbrowser.exe' is listening on this port (pid 2304).

This process 'sqlbrowser.exe' (pid 2304) is hosting the following Windows services :
SQLBrowser

10.0.0.64 (udp/1900)


The Win32 process 'svchost.exe' is listening on this port (pid 6552).

This process 'svchost.exe' (pid 6552) is hosting the following Windows services :
SSDPSRV

10.0.0.64 (tcp/2049)


The Win32 process 'VeeamNFSSvc.exe' is listening on this port (pid 4364).

This process 'VeeamNFSSvc.exe' (pid 4364) is hosting the following Windows services :
VeeamNFSSvc

10.0.0.64 (udp/2049)


The Win32 process 'VeeamNFSSvc.exe' is listening on this port (pid 4364).

This process 'VeeamNFSSvc.exe' (pid 4364) is hosting the following Windows services :
VeeamNFSSvc

10.0.0.64 (tcp/3306)


The Win32 process 'mysqld.exe' is listening on this port (pid 740).

This process 'mysqld.exe' (pid 740) is hosting the following Windows services :
MySQL55

10.0.0.64 (tcp/3389)


The Win32 process 'svchost.exe' is listening on this port (pid 1260).

This process 'svchost.exe' (pid 1260) is hosting the following Windows services :
CryptSvc
Dnscache
LanmanWorkstation
NlaSvc
TapiSrv
TermService

10.0.0.64 (udp/4500)


The Win32 process 'svchost.exe' is listening on this port (pid 536).

This process 'svchost.exe' (pid 536) is hosting the following Windows services :
Appinfo
BITS
Browser
CertPropSvc
IKEEXT
iphlpsvc
LanmanServer
MSiSCSI
ProfSvc
RasMan
Schedule
seclogon
SENS
SessionEnv
ShellHWDetection
Themes
Winmgmt
wuauserv

10.0.0.64 (tcp/4502)


The Win32 process 'DDService.exe' is listening on this port (pid 1248).

This process 'DDService.exe' (pid 1248) is hosting the following Windows services :
DDService

10.0.0.64 (udp/5355)


The Win32 process 'svchost.exe' is listening on this port (pid 1260).

This process 'svchost.exe' (pid 1260) is hosting the following Windows services :
CryptSvc
Dnscache
LanmanWorkstation
NlaSvc
TapiSrv
TermService

10.0.0.64 (tcp/6160)


The Win32 process 'VeeamDeploymentSvc.exe' is listening on this port (pid 4480).

This process 'VeeamDeploymentSvc.exe' (pid 4480) is hosting the following Windows services :
VeeamDeploymentService

10.0.0.64 (tcp/6161)


The Win32 process 'VeeamNFSSvc.exe' is listening on this port (pid 4364).

This process 'VeeamNFSSvc.exe' (pid 4364) is hosting the following Windows services :
VeeamNFSSvc

10.0.0.64 (tcp/6162)


The Win32 process 'VeeamTransportSvc.exe' is listening on this port (pid 3380).

This process 'VeeamTransportSvc.exe' (pid 3380) is hosting the following Windows services :
VeeamTransportSvc

10.0.0.64 (tcp/6169)


The Win32 process 'Veeam.Backup.CloudService.exe' is listening on this port (pid 5376).

10.0.0.64 (tcp/9392)


The Win32 process 'Veeam.Backup.Service.exe' is listening on this port (pid 3452).

This process 'Veeam.Backup.Service.exe' (pid 3452) is hosting the following Windows services :
Veeam Backup and Replication Service

10.0.0.64 (tcp/9393)


The Win32 process 'Veeam.Backup.CatalogDataService.exe' is listening on this port (pid 5552).

10.0.0.64 (tcp/10001)


The Win32 process 'Veeam.Backup.Service.exe' is listening on this port (pid 3452).

This process 'Veeam.Backup.Service.exe' (pid 3452) is hosting the following Windows services :
Veeam Backup and Replication Service

10.0.0.64 (tcp/10003)


The Win32 process 'Veeam.Backup.CloudService.exe' is listening on this port (pid 5376).

10.0.0.64 (tcp/49152)


The Win32 process 'wininit.exe' is listening on this port (pid 556).

10.0.0.64 (tcp/49153)


The Win32 process 'svchost.exe' is listening on this port (pid 1012).

This process 'svchost.exe' (pid 1012) is hosting the following Windows services :
AudioSrv
Dhcp
eventlog
lmhosts
wscsvc

10.0.0.64 (tcp/49154)


The Win32 process 'svchost.exe' is listening on this port (pid 536).

This process 'svchost.exe' (pid 536) is hosting the following Windows services :
Appinfo
BITS
Browser
CertPropSvc
IKEEXT
iphlpsvc
LanmanServer
MSiSCSI
ProfSvc
RasMan
Schedule
seclogon
SENS
SessionEnv
ShellHWDetection
Themes
Winmgmt
wuauserv

10.0.0.64 (tcp/49155)


The Win32 process 'lsass.exe' is listening on this port (pid 672).

This process 'lsass.exe' (pid 672) is hosting the following Windows services :
Netlogon
SamSs

10.0.0.64 (tcp/49184)


The Win32 process 'DDService.exe' is listening on this port (pid 1248).

This process 'DDService.exe' (pid 1248) is hosting the following Windows services :
DDService

10.0.0.64 (tcp/49231)


The Win32 process 'services.exe' is listening on this port (pid 664).

10.0.0.64 (tcp/49234)


The Win32 process 'svchost.exe' is listening on this port (pid 5520).

This process 'svchost.exe' (pid 5520) is hosting the following Windows services :
PolicyAgent

10.0.0.64 (tcp/49570)


The Win32 process 'sqlservr.exe' is listening on this port (pid 1972).

This process 'sqlservr.exe' (pid 1972) is hosting the following Windows services :
MSSQL$VEEAMSQL2012

10.0.0.64 (udp/50800)


The Win32 process 'KeyServe.exe' is listening on this port (pid 1828).

This process 'KeyServe.exe' (pid 1828) is hosting the following Windows services :
KeyServ

10.0.0.64 (udp/54030)


The Win32 process 'KeyServe.exe' is listening on this port (pid 1828).

This process 'KeyServe.exe' (pid 1828) is hosting the following Windows services :
KeyServ

10.0.0.64 (udp/54031)


The Win32 process 'DDService.exe' is listening on this port (pid 1248).

This process 'DDService.exe' (pid 1248) is hosting the following Windows services :
DDService

10.0.0.64 (udp/54672)


The Win32 process 'spoolsv.exe' is listening on this port (pid 1528).

This process 'spoolsv.exe' (pid 1528) is hosting the following Windows services :
Spooler

10.0.0.64 (udp/56798)


The Win32 process 'svchost.exe' is listening on this port (pid 6552).

This process 'svchost.exe' (pid 6552) is hosting the following Windows services :
SSDPSRV
19506 (52) - Nessus Scan Information
Synopsis
This plugin displays information about the Nessus scan.
Description
This plugin displays, for each tested host, information about the scan itself :

- The version of the plugin set.
- The type of scanner (Nessus or Nessus Home).
- The version of the Nessus Engine.
- The port scanner(s) used.
- The port range scanned.
- Whether credentialed or third-party patch management checks are possible.
- The date of the scan.
- The duration of the scan.
- The number of hosts scanned in parallel.
- The number of checks done in parallel.
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2005/08/26, Modified: 2017/10/26
Plugin Output

10.0.0.1 (tcp/0)

Information about this scan :

Nessus version : 7.0.3
Plugin feed version : 201804270615
Scanner edition used : Nessus
Scan type : Normal
Scan policy used : Basic Network Scan
Scanner IP : 172.23.6.11
Port scanner(s) : nessus_syn_scanner
Port range : default
Thorough tests : no
Experimental tests : no
Paranoia level : 1
Report verbosity : 1
Safe checks : yes
Optimize the test : yes
Credentialed checks : no
Patch management checks : None
CGI scanning : disabled
Web application tests : disabled
Max hosts : 6
Max checks : 5
Recv timeout : 5
Backports : None
Allow post-scan editing: Yes
Scan Start Date : 2018/4/27 11:17 US Mountain Standard Time
Scan duration : 827 sec

10.0.0.5 (tcp/0)

Information about this scan :

Nessus version : 7.0.3
Plugin feed version : 201804270615
Scanner edition used : Nessus
Scan type : Normal
Scan policy used : Basic Network Scan
Scanner IP : 172.23.6.11
Port scanner(s) : snmp_scanner
Port range : default
Thorough tests : no
Experimental tests : no
Paranoia level : 1
Report verbosity : 1
Safe checks : yes
Optimize the test : yes
Credentialed checks : no
Patch management checks : None
CGI scanning : disabled
Web application tests : disabled
Max hosts : 6
Max checks : 5
Recv timeout : 5
Backports : None
Allow post-scan editing: Yes
Scan Start Date : 2018/4/27 11:17 US Mountain Standard Time
Scan duration : 138 sec

10.0.0.8 (tcp/0)

Information about this scan :

Nessus version : 7.0.3
Plugin feed version : 201804270615
Scanner edition used : Nessus
Scan type : Normal
Scan policy used : Basic Network Scan
Scanner IP : 172.23.6.11
Port scanner(s) : nessus_syn_scanner
Port range : default
Thorough tests : no
Experimental tests : no
Paranoia level : 1
Report verbosity : 1
Safe checks : yes
Optimize the test : yes
Credentialed checks : no
Patch management checks : None
CGI scanning : disabled
Web application tests : disabled
Max hosts : 6
Max checks : 5
Recv timeout : 5
Backports : None
Allow post-scan editing: Yes
Scan Start Date : 2018/4/27 11:17 US Mountain Standard Time
Scan duration : 345 sec

10.0.0.11 (tcp/0)

Information about this scan :

Nessus version : 7.0.3
Plugin feed version : 201804270615
Scanner edition used : Nessus
Scan type : Normal
Scan policy used : Basic Network Scan
Scanner IP : 172.23.6.11
Port scanner(s) : snmp_scanner
Port range : default
Thorough tests : no
Experimental tests : no
Paranoia level : 1
Report verbosity : 1
Safe checks : yes
Optimize the test : yes
Credentialed checks : no
Patch management checks : None
CGI scanning : disabled
Web application tests : disabled
Max hosts : 6
Max checks : 5
Recv timeout : 5
Backports : None
Allow post-scan editing: Yes
Scan Start Date : 2018/4/27 11:17 US Mountain Standard Time
Scan duration : 234 sec

10.0.0.12 (tcp/0)

Information about this scan :

Nessus version : 7.0.3
Plugin feed version : 201804270615
Scanner edition used : Nessus
Scan type : Normal
Scan policy used : Basic Network Scan
Scanner IP : 172.23.6.11
Port scanner(s) : snmp_scanner
Port range : default
Thorough tests : no
Experimental tests : no
Paranoia level : 1
Report verbosity : 1
Safe checks : yes
Optimize the test : yes
Credentialed checks : no
Patch management checks : None
CGI scanning : disabled
Web application tests : disabled
Max hosts : 6
Max checks : 5
Recv timeout : 5
Backports : None
Allow post-scan editing: Yes
Scan Start Date : 2018/4/27 11:17 US Mountain Standard Time
Scan duration : 224 sec

10.0.0.14 (tcp/0)

Information about this scan :

Nessus version : 7.0.3
Plugin feed version : 201804270615
Scanner edition used : Nessus
Scan type : Normal
Scan policy used : Basic Network Scan
Scanner IP : 172.23.6.11
Port scanner(s) : wmi_netstat
Port range : default
Thorough tests : no
Experimental tests : no
Paranoia level : 1
Report verbosity : 1
Safe checks : yes
Optimize the test : yes
Credentialed checks : yes, as 'demo\trapp_admin' via SMB
Patch management checks : None
CGI scanning : disabled
Web application tests : disabled
Max hosts : 6
Max checks : 5
Recv timeout : 5
Backports : None
Allow post-scan editing: Yes
Scan Start Date : 2018/4/27 11:17 US Mountain Standard Time
Scan duration : 3175 sec

10.0.0.17 (tcp/0)

Information about this scan :

Nessus version : 7.0.3
Plugin feed version : 201804270615
Scanner edition used : Nessus
Scan type : Normal
Scan policy used : Basic Network Scan
Scanner IP : 172.23.6.11
Port scanner(s) : snmp_scanner
Port range : default
Thorough tests : no
Experimental tests : no
Paranoia level : 1
Report verbosity : 1
Safe checks : yes
Optimize the test : yes
Credentialed checks : no
Patch management checks : None
CGI scanning : disabled
Web application tests : disabled
Max hosts : 6
Max checks : 5
Recv timeout : 5
Backports : None
Allow post-scan editing: Yes
Scan Start Date : 2018/4/27 11:19 US Mountain Standard Time
Scan duration : 230 sec

10.0.0.19 (tcp/0)

Information about this scan :

Nessus version : 7.0.3
Plugin feed version : 201804270615
Scanner edition used : Nessus
Scan type : Normal
Scan policy used : Basic Network Scan
Scanner IP : 172.23.6.11
Port scanner(s) : snmp_scanner
Port range : default
Thorough tests : no
Experimental tests : no
Paranoia level : 1
Report verbosity : 1
Safe checks : yes
Optimize the test : yes
Credentialed checks : no
Patch management checks : None
CGI scanning : disabled
Web application tests : disabled
Max hosts : 6
Max checks : 5
Recv timeout : 5
Backports : None
Allow post-scan editing: Yes
Scan Start Date : 2018/4/27 11:21 US Mountain Standard Time
Scan duration : 231 sec

10.0.0.21 (tcp/0)

Information about this scan :

Nessus version : 7.0.3
Plugin feed version : 201804270615
Scanner edition used : Nessus
Scan type : Normal
Scan policy used : Basic Network Scan
Scanner IP : 172.23.6.11
Port scanner(s) : nessus_syn_scanner
Port range : default
Thorough tests : no
Experimental tests : no
Paranoia level : 1
Report verbosity : 1
Safe checks : yes
Optimize the test : yes
Credentialed checks : no
Patch management checks : None
CGI scanning : disabled
Web application tests : disabled
Max hosts : 6
Max checks : 5
Recv timeout : 5
Backports : None
Allow post-scan editing: Yes
Scan Start Date : 2018/4/27 11:21 US Mountain Standard Time
Scan duration : 442 sec

10.0.0.22 (tcp/0)

Information about this scan :

Nessus version : 7.0.3
Plugin feed version : 201804270615
Scanner edition used : Nessus
Scan type : Normal
Scan policy used : Basic Network Scan
Scanner IP : 172.23.6.11
Port scanner(s) : nessus_syn_scanner
Port range : default
Thorough tests : no
Experimental tests : no
Paranoia level : 1
Report verbosity : 1
Safe checks : yes
Optimize the test : yes
Credentialed checks : no
Patch management checks : None
CGI scanning : disabled
Web application tests : disabled
Max hosts : 6
Max checks : 5
Recv timeout : 5
Backports : None
Allow post-scan editing: Yes
Scan Start Date : 2018/4/27 11:23 US Mountain Standard Time
Scan duration : 852 sec

10.0.0.25 (tcp/0)

Information about this scan :

Nessus version : 7.0.3
Plugin feed version : 201804270615
Scanner edition used : Nessus
Scan type : Normal
Scan policy used : Basic Network Scan
Scanner IP : 172.23.6.11
Port scanner(s) : nessus_syn_scanner
Port range : default
Thorough tests : no
Experimental tests : no
Paranoia level : 1
Report verbosity : 1
Safe checks : yes
Optimize the test : yes
Credentialed checks : no
Patch management checks : None
CGI scanning : disabled
Web application tests : disabled
Max hosts : 6
Max checks : 5
Recv timeout : 5
Backports : None
Allow post-scan editing: Yes
Scan Start Date : 2018/4/27 11:23 US Mountain Standard Time
Scan duration : 642 sec

10.0.0.26 (tcp/0)

Information about this scan :

Nessus version : 7.0.3
Plugin feed version : 201804270615
Scanner edition used : Nessus
Scan type : Normal
Scan policy used : Basic Network Scan
Scanner IP : 172.23.6.11
Port scanner(s) : snmp_scanner
Port range : default
Thorough tests : no
Experimental tests : no
Paranoia level : 1
Report verbosity : 1
Safe checks : yes
Optimize the test : yes
Credentialed checks : no
Patch management checks : None
CGI scanning : disabled
Web application tests : disabled
Max hosts : 6
Max checks : 5
Recv timeout : 5
Backports : None
Allow post-scan editing: Yes
Scan Start Date : 2018/4/27 11:25 US Mountain Standard Time
Scan duration : 6 sec

10.0.0.27 (tcp/0)

Information about this scan :

Nessus version : 7.0.3
Plugin feed version : 201804270615
Scanner edition used : Nessus
Scan type : Normal
Scan policy used : Basic Network Scan
Scanner IP : 172.23.6.11
Port scanner(s) : nessus_syn_scanner
Port range : default
Thorough tests : no
Experimental tests : no
Paranoia level : 1
Report verbosity : 1
Safe checks : yes
Optimize the test : yes
Credentialed checks : no
Patch management checks : None
CGI scanning : disabled
Web application tests : disabled
Max hosts : 6
Max checks : 5
Recv timeout : 5
Backports : None
Allow post-scan editing: Yes
Scan Start Date : 2018/4/27 11:25 US Mountain Standard Time
Scan duration : 516 sec

10.0.0.39 (tcp/0)

Information about this scan :

Nessus version : 7.0.3
Plugin feed version : 201804270615
Scanner edition used : Nessus
Scan type : Normal
Scan policy used : Basic Network Scan
Scanner IP : 172.23.6.11
Port scanner(s) : nessus_syn_scanner
Port range : default
Thorough tests : no
Experimental tests : no
Paranoia level : 1
Report verbosity : 1
Safe checks : yes
Optimize the test : yes
Credentialed checks : no
Patch management checks : None
CGI scanning : disabled
Web application tests : disabled
Max hosts : 6
Max checks : 5
Recv timeout : 5
Backports : None
Allow post-scan editing: Yes
Scan Start Date : 2018/4/27 11:29 US Mountain Standard Time
Scan duration : 178 sec

10.0.0.43 (tcp/0)

Information about this scan :

Nessus version : 7.0.3
Plugin feed version : 201804270615
Scanner edition used : Nessus
Scan type : Normal
Scan policy used : Basic Network Scan
Scanner IP : 172.23.6.11
Port scanner(s) : nessus_syn_scanner
Port range : default
Thorough tests : no
Experimental tests : no
Paranoia level : 1
Report verbosity : 1
Safe checks : yes
Optimize the test : yes
Credentialed checks : no
Patch management checks : None
CGI scanning : disabled
Web application tests : disabled
Max hosts : 6
Max checks : 5
Recv timeout : 5
Backports : None
Allow post-scan editing: Yes
Scan Start Date : 2018/4/27 11:31 US Mountain Standard Time
Scan duration : 1427 sec

10.0.0.44 (tcp/0)

Information about this scan :

Nessus version : 7.0.3
Plugin feed version : 201804270615
Scanner edition used : Nessus
Scan type : Normal
Scan policy used : Basic Network Scan
Scanner IP : 172.23.6.11
Port scanner(s) : nessus_syn_scanner
Port range : default
Thorough tests : no
Experimental tests : no
Paranoia level : 1
Report verbosity : 1
Safe checks : yes
Optimize the test : yes
Credentialed checks : no
Patch management checks : None
CGI scanning : disabled
Web application tests : disabled
Max hosts : 6
Max checks : 5
Recv timeout : 5
Backports : None
Allow post-scan editing: Yes
Scan Start Date : 2018/4/27 11:33 US Mountain Standard Time
Scan duration : 1581 sec

10.0.0.45 (tcp/0)

Information about this scan :

Nessus version : 7.0.3
Plugin feed version : 201804270615
Scanner edition used : Nessus
Scan type : Normal
Scan policy used : Basic Network Scan
Scanner IP : 172.23.6.11
Port scanner(s) : nessus_syn_scanner
Port range : default
Thorough tests : no
Experimental tests : no
Paranoia level : 1
Report verbosity : 1
Safe checks : yes
Optimize the test : yes
Credentialed checks : no
Patch management checks : None
CGI scanning : disabled
Web application tests : disabled
Max hosts : 6
Max checks : 5
Recv timeout : 5
Backports : None
Allow post-scan editing: Yes
Scan Start Date : 2018/4/27 11:33 US Mountain Standard Time
Scan duration : 1419 sec

10.0.0.46 (tcp/0)

Information about this scan :

Nessus version : 7.0.3
Plugin feed version : 201804270615
Scanner edition used : Nessus
Scan type : Normal
Scan policy used : Basic Network Scan
Scanner IP : 172.23.6.11
Port scanner(s) : nessus_syn_scanner
Port range : default
Thorough tests : no
Experimental tests : no
Paranoia level : 1
Report verbosity : 1
Safe checks : yes
Optimize the test : yes
Credentialed checks : no
Patch management checks : None
CGI scanning : disabled
Web application tests : disabled
Max hosts : 6
Max checks : 5
Recv timeout : 5
Backports : None
Allow post-scan editing: Yes
Scan Start Date : 2018/4/27 11:34 US Mountain Standard Time
Scan duration : 1653 sec

10.0.0.47 (tcp/0)

Information about this scan :

Nessus version : 7.0.3
Plugin feed version : 201804270615
Scanner edition used : Nessus
Scan type : Normal
Scan policy used : Basic Network Scan
Scanner IP : 172.23.6.11
Port scanner(s) : nessus_syn_scanner
Port range : default
Thorough tests : no
Experimental tests : no
Paranoia level : 1
Report verbosity : 1
Safe checks : yes
Optimize the test : yes
Credentialed checks : no
Patch management checks : None
CGI scanning : disabled
Web application tests : disabled
Max hosts : 6
Max checks : 5
Recv timeout : 5
Backports : Detected
Allow post-scan editing: Yes
Scan Start Date : 2018/4/27 11:37 US Mountain Standard Time
Scan duration : 2409 sec

10.0.0.50 (tcp/0)

Information about this scan :

Nessus version : 7.0.3
Plugin feed version : 201804270615
Scanner edition used : Nessus
Scan type : Normal
Scan policy used : Basic Network Scan
Scanner IP : 172.23.6.11
Port scanner(s) : nessus_syn_scanner
Port range : default
Thorough tests : no
Experimental tests : no
Paranoia level : 1
Report verbosity : 1
Safe checks : yes
Optimize the test : yes
Credentialed checks : no
Patch management checks : None
CGI scanning : disabled
Web application tests : disabled
Max hosts : 6
Max checks : 5
Recv timeout : 5
Backports : None
Allow post-scan editing: Yes
Scan Start Date : 2018/4/27 11:55 US Mountain Standard Time
Scan duration : 624 sec

10.0.0.51 (tcp/0)

Information about this scan :

Nessus version : 7.0.3
Plugin feed version : 201804270615
Scanner edition used : Nessus
Scan type : Normal
Scan policy used : Basic Network Scan
Scanner IP : 172.23.6.11
Port scanner(s) : nessus_syn_scanner
Port range : default
Thorough tests : no
Experimental tests : no
Paranoia level : 1
Report verbosity : 1
Safe checks : yes
Optimize the test : yes
Credentialed checks : no
Patch management checks : None
CGI scanning : disabled
Web application tests : disabled
Max hosts : 6
Max checks : 5
Recv timeout : 5
Backports : None
Allow post-scan editing: Yes
Scan Start Date : 2018/4/27 11:58 US Mountain Standard Time
Scan duration : 627 sec

10.0.0.52 (tcp/0)

Information about this scan :

Nessus version : 7.0.3
Plugin feed version : 201804270615
Scanner edition used : Nessus
Scan type : Normal
Scan policy used : Basic Network Scan
Scanner IP : 172.23.6.11
Port scanner(s) : nessus_syn_scanner
Port range : default
Thorough tests : no
Experimental tests : no
Paranoia level : 1
Report verbosity : 1
Safe checks : yes
Optimize the test : yes
Credentialed checks : no
Patch management checks : None
CGI scanning : disabled
Web application tests : disabled
Max hosts : 6
Max checks : 5
Recv timeout : 5
Backports : None
Allow post-scan editing: Yes
Scan Start Date : 2018/4/27 11:59 US Mountain Standard Time
Scan duration : 624 sec

10.0.0.53 (tcp/0)

Information about this scan :

Nessus version : 7.0.3
Plugin feed version : 201804270615
Scanner edition used : Nessus
Scan type : Normal
Scan policy used : Basic Network Scan
Scanner IP : 172.23.6.11
Port scanner(s) : nessus_syn_scanner
Port range : default
Thorough tests : no
Experimental tests : no
Paranoia level : 1
Report verbosity : 1
Safe checks : yes
Optimize the test : yes
Credentialed checks : no
Patch management checks : None
CGI scanning : disabled
Web application tests : disabled
Max hosts : 6
Max checks : 5
Recv timeout : 5
Backports : None
Allow post-scan editing: Yes
Scan Start Date : 2018/4/27 12:02 US Mountain Standard Time
Scan duration : 630 sec

10.0.0.54 (tcp/0)

Information about this scan :

Nessus version : 7.0.3
Plugin feed version : 201804270615
Scanner edition used : Nessus
Scan type : Normal
Scan policy used : Basic Network Scan
Scanner IP : 172.23.6.11
Port scanner(s) : nessus_syn_scanner
Port range : default
Thorough tests : no
Experimental tests : no
Paranoia level : 1
Report verbosity : 1
Safe checks : yes
Optimize the test : yes
Credentialed checks : no
Patch management checks : None
CGI scanning : disabled
Web application tests : disabled
Max hosts : 6
Max checks : 5
Recv timeout : 5
Backports : None
Allow post-scan editing: Yes
Scan Start Date : 2018/4/27 12:06 US Mountain Standard Time
Scan duration : 627 sec

10.0.0.60 (tcp/0)

Information about this scan :

Nessus version : 7.0.3
Plugin feed version : 201804270615
Scanner edition used : Nessus
Scan type : Normal
Scan policy used : Basic Network Scan
Scanner IP : 172.23.6.11
Port scanner(s) : nessus_syn_scanner
Port range : default
Thorough tests : no
Experimental tests : no
Paranoia level : 1
Report verbosity : 1
Safe checks : yes
Optimize the test : yes
Credentialed checks : no
Patch management checks : None
CGI scanning : disabled
Web application tests : disabled
Max hosts : 6
Max checks : 5
Recv timeout : 5
Backports : None
Allow post-scan editing: Yes
Scan Start Date : 2018/4/27 12:09 US Mountain Standard Time
Scan duration : 220 sec

10.0.0.64 (tcp/0)

Information about this scan :

Nessus version : 7.0.3
Plugin feed version : 201804270615
Scanner edition used : Nessus
Scan type : Normal
Scan policy used : Basic Network Scan
Scanner IP : 172.23.6.11
Port scanner(s) : wmi_netstat
Port range : default
Thorough tests : no
Experimental tests : no
Paranoia level : 1
Report verbosity : 1
Safe checks : yes
Optimize the test : yes
Credentialed checks : yes, as 'demo\trapp_admin' via SMB
Patch management checks : None
CGI scanning : disabled
Web application tests : disabled
Max hosts : 6
Max checks : 5
Recv timeout : 5
Backports : None
Allow post-scan editing: Yes
Scan Start Date : 2018/4/27 12:10 US Mountain Standard Time
Scan duration : 3853 sec

10.0.0.67 (tcp/0)

Information about this scan :

Nessus version : 7.0.3
Plugin feed version : 201804270615
Scanner edition used : Nessus
Scan type : Normal
Scan policy used : Basic Network Scan
Scanner IP : 172.23.6.11
Port scanner(s) : nessus_syn_scanner
Port range : default
Thorough tests : no
Experimental tests : no
Paranoia level : 1
Report verbosity : 1
Safe checks : yes
Optimize the test : yes
Credentialed checks : no
Patch management checks : None
CGI scanning : disabled
Web application tests : disabled
Max hosts : 6
Max checks : 5
Recv timeout : 5
Backports : None
Allow post-scan editing: Yes
Scan Start Date : 2018/4/27 12:11 US Mountain Standard Time
Scan duration : 629 sec

10.0.0.84 (tcp/0)

Information about this scan :

Nessus version : 7.0.3
Plugin feed version : 201804270615
Scanner edition used : Nessus
Scan type : Normal
Scan policy used : Basic Network Scan
Scanner IP : 172.23.6.11
Port scanner(s) : nessus_syn_scanner
Port range : default
Thorough tests : no
Experimental tests : no
Paranoia level : 1
Report verbosity : 1
Safe checks : yes
Optimize the test : yes
Credentialed checks : no
Patch management checks : None
CGI scanning : disabled
Web application tests : disabled
Max hosts : 6
Max checks : 5
Recv timeout : 5
Backports : None
Allow post-scan editing: Yes
Scan Start Date : 2018/4/27 12:14 US Mountain Standard Time
Scan duration : 587 sec

10.0.0.85 (tcp/0)

Information about this scan :

Nessus version : 7.0.3
Plugin feed version : 201804270615
Scanner edition used : Nessus
Scan type : Normal
Scan policy used : Basic Network Scan
Scanner IP : 172.23.6.11
Port scanner(s) : nessus_syn_scanner
Port range : default
Thorough tests : no
Experimental tests : no
Paranoia level : 1
Report verbosity : 1
Safe checks : yes
Optimize the test : yes
Credentialed checks : no
Patch management checks : None
CGI scanning : disabled
Web application tests : disabled
Max hosts : 6
Max checks : 5
Recv timeout : 5
Backports : None
Allow post-scan editing: Yes
Scan Start Date : 2018/4/27 12:13 US Mountain Standard Time
Scan duration : 515 sec

10.0.0.87 (tcp/0)

Information about this scan :

Nessus version : 7.0.3
Plugin feed version : 201804270615
Scanner edition used : Nessus
Scan type : Normal
Scan policy used : Basic Network Scan
Scanner IP : 172.23.6.11
Port scanner(s) : snmp_scanner
Port range : default
Thorough tests : no
Experimental tests : no
Paranoia level : 1
Report verbosity : 1
Safe checks : yes
Optimize the test : yes
Credentialed checks : no
Patch management checks : None
CGI scanning : disabled
Web application tests : disabled
Max hosts : 6
Max checks : 5
Recv timeout : 5
Backports : None
Allow post-scan editing: Yes
Scan Start Date : 2018/4/27 12:17 US Mountain Standard Time
Scan duration : 211 sec

10.0.0.91 (tcp/0)

Information about this scan :

Nessus version : 7.0.3
Plugin feed version : 201804270615
Scanner edition used : Nessus
Scan type : Normal
Scan policy used : Basic Network Scan
Scanner IP : 172.23.6.11
Port scanner(s) : nessus_syn_scanner
Port range : default
Thorough tests : no
Experimental tests : no
Paranoia level : 1
Report verbosity : 1
Safe checks : yes
Optimize the test : yes
Credentialed checks : no
Patch management checks : None
CGI scanning : disabled
Web application tests : disabled
Max hosts : 6
Max checks : 5
Recv timeout : 5
Backports : None
Allow post-scan editing: Yes
Scan Start Date : 2018/4/27 12:17 US Mountain Standard Time
Scan duration : 628 sec

10.0.0.94 (tcp/0)

Information about this scan :

Nessus version : 7.0.3
Plugin feed version : 201804270615
Scanner edition used : Nessus
Scan type : Normal
Scan policy used : Basic Network Scan
Scanner IP : 172.23.6.11
Port scanner(s) : nessus_syn_scanner
Port range : default
Thorough tests : no
Experimental tests : no
Paranoia level : 1
Report verbosity : 1
Safe checks : yes
Optimize the test : yes
Credentialed checks : no
Patch management checks : None
CGI scanning : disabled
Web application tests : disabled
Max hosts : 6
Max checks : 5
Recv timeout : 5
Backports : None
Allow post-scan editing: Yes
Scan Start Date : 2018/4/27 12:21 US Mountain Standard Time
Scan duration : 448 sec

10.0.0.99 (tcp/0)

Information about this scan :

Nessus version : 7.0.3
Plugin feed version : 201804270615
Scanner edition used : Nessus
Scan type : Normal
Scan policy used : Basic Network Scan
Scanner IP : 172.23.6.11
Port scanner(s) : nessus_syn_scanner
Port range : default
Thorough tests : no
Experimental tests : no
Paranoia level : 1
Report verbosity : 1
Safe checks : yes
Optimize the test : yes
Credentialed checks : no
Patch management checks : None
CGI scanning : disabled
Web application tests : disabled
Max hosts : 6
Max checks : 5
Recv timeout : 5
Backports : None
Allow post-scan editing: Yes
Scan Start Date : 2018/4/27 12:22 US Mountain Standard Time
Scan duration : 578 sec

10.0.0.100 (tcp/0)

Information about this scan :

Nessus version : 7.0.3
Plugin feed version : 201804270615
Scanner edition used : Nessus
Scan type : Normal
Scan policy used : Basic Network Scan
Scanner IP : 172.23.6.11
Port scanner(s) : nessus_syn_scanner
Port range : default
Thorough tests : no
Experimental tests : no
Paranoia level : 1
Report verbosity : 1
Safe checks : yes
Optimize the test : yes
Credentialed checks : no
Patch management checks : None
CGI scanning : disabled
Web application tests : disabled
Max hosts : 6
Max checks : 5
Recv timeout : 5
Backports : None
Allow post-scan editing: Yes
Scan Start Date : 2018/4/27 12:22 US Mountain Standard Time
Scan duration : 581 sec

10.0.0.105 (tcp/0)

Information about this scan :

Nessus version : 7.0.3
Plugin feed version : 201804270615
Scanner edition used : Nessus
Scan type : Normal
Scan policy used : Basic Network Scan
Scanner IP : 172.23.6.11
Port scanner(s) : nessus_syn_scanner
Port range : default
Thorough tests : no
Experimental tests : no
Paranoia level : 1
Report verbosity : 1
Safe checks : yes
Optimize the test : yes
Credentialed checks : no
Patch management checks : None
CGI scanning : disabled
Web application tests : disabled
Max hosts : 6
Max checks : 5
Recv timeout : 5
Backports : None
Allow post-scan editing: Yes
Scan Start Date : 2018/4/27 12:24 US Mountain Standard Time
Scan duration : 590 sec

10.0.0.110 (tcp/0)

Information about this scan :

Nessus version : 7.0.3
Plugin feed version : 201804270615
Scanner edition used : Nessus
Scan type : Normal
Scan policy used : Basic Network Scan
Scanner IP : 172.23.6.11
Port scanner(s) : nessus_syn_scanner
Port range : default
Thorough tests : no
Experimental tests : no
Paranoia level : 1
Report verbosity : 1
Safe checks : yes
Optimize the test : yes
Credentialed checks : no
Patch management checks : None
CGI scanning : disabled
Web application tests : disabled
Max hosts : 6
Max checks : 5
Recv timeout : 5
Backports : Detected
Allow post-scan editing: Yes
Scan Start Date : 2018/4/27 12:28 US Mountain Standard Time
Scan duration : 520 sec

10.0.0.111 (tcp/0)

Information about this scan :

Nessus version : 7.0.3
Plugin feed version : 201804270615
Scanner edition used : Nessus
Scan type : Normal
Scan policy used : Basic Network Scan
Scanner IP : 172.23.6.11
Port scanner(s) : nessus_syn_scanner
Port range : default
Thorough tests : no
Experimental tests : no
Paranoia level : 1
Report verbosity : 1
Safe checks : yes
Optimize the test : yes
Credentialed checks : no
Patch management checks : None
CGI scanning : disabled
Web application tests : disabled
Max hosts : 6
Max checks : 5
Recv timeout : 5
Backports : Detected
Allow post-scan editing: Yes
Scan Start Date : 2018/4/27 12:29 US Mountain Standard Time
Scan duration : 490 sec

10.0.0.112 (tcp/0)

Information about this scan :

Nessus version : 7.0.3
Plugin feed version : 201804270615
Scanner edition used : Nessus
Scan type : Normal
Scan policy used : Basic Network Scan
Scanner IP : 172.23.6.11
Port scanner(s) : nessus_syn_scanner
Port range : default
Thorough tests : no
Experimental tests : no
Paranoia level : 1
Report verbosity : 1
Safe checks : yes
Optimize the test : yes
Credentialed checks : no
Patch management checks : None
CGI scanning : disabled
Web application tests : disabled
Max hosts : 6
Max checks : 5
Recv timeout : 5
Backports : None
Allow post-scan editing: Yes
Scan Start Date : 2018/4/27 12:32 US Mountain Standard Time
Scan duration : 334 sec

10.0.0.114 (tcp/0)

Information about this scan :

Nessus version : 7.0.3
Plugin feed version : 201804270615
Scanner edition used : Nessus
Scan type : Normal
Scan policy used : Basic Network Scan
Scanner IP : 172.23.6.11
Port scanner(s) : nessus_syn_scanner
Port range : default
Thorough tests : no
Experimental tests : no
Paranoia level : 1
Report verbosity : 1
Safe checks : yes
Optimize the test : yes
Credentialed checks : no
Patch management checks : None
CGI scanning : disabled
Web application tests : disabled
Max hosts : 6
Max checks : 5
Recv timeout : 5
Backports : None
Allow post-scan editing: Yes
Scan Start Date : 2018/4/27 12:32 US Mountain Standard Time
Scan duration : 624 sec

10.0.0.122 (tcp/0)

Information about this scan :

Nessus version : 7.0.3
Plugin feed version : 201804270615
Scanner edition used : Nessus
Scan type : Normal
Scan policy used : Basic Network Scan
Scanner IP : 172.23.6.11
Port scanner(s) : nessus_syn_scanner
Port range : default
Thorough tests : no
Experimental tests : no
Paranoia level : 1
Report verbosity : 1
Safe checks : yes
Optimize the test : yes
Credentialed checks : no
Patch management checks : None
CGI scanning : disabled
Web application tests : disabled
Max hosts : 6
Max checks : 5
Recv timeout : 5
Backports : None
Allow post-scan editing: Yes
Scan Start Date : 2018/4/27 12:35 US Mountain Standard Time
Scan duration : 578 sec

10.0.0.131 (tcp/0)

Information about this scan :

Nessus version : 7.0.3
Plugin feed version : 201804270615
Scanner edition used : Nessus
Scan type : Normal
Scan policy used : Basic Network Scan
Scanner IP : 172.23.6.11
Port scanner(s) : nessus_syn_scanner
Port range : default
Thorough tests : no
Experimental tests : no
Paranoia level : 1
Report verbosity : 1
Safe checks : yes
Optimize the test : yes
Credentialed checks : no
Patch management checks : None
CGI scanning : disabled
Web application tests : disabled
Max hosts : 6
Max checks : 5
Recv timeout : 5
Backports : None
Allow post-scan editing: Yes
Scan Start Date : 2018/4/27 12:38 US Mountain Standard Time
Scan duration : 652 sec

10.0.0.133 (tcp/0)

Information about this scan :

Nessus version : 7.0.3
Plugin feed version : 201804270615
Scanner edition used : Nessus
Scan type : Normal
Scan policy used : Basic Network Scan
Scanner IP : 172.23.6.11
Port scanner(s) : nessus_syn_scanner
Port range : default
Thorough tests : no
Experimental tests : no
Paranoia level : 1
Report verbosity : 1
Safe checks : yes
Optimize the test : yes
Credentialed checks : no
Patch management checks : None
CGI scanning : disabled
Web application tests : disabled
Max hosts : 6
Max checks : 5
Recv timeout : 5
Backports : None
Allow post-scan editing: Yes
Scan Start Date : 2018/4/27 12:37 US Mountain Standard Time
Scan duration : 945 sec

10.0.0.147 (tcp/0)

Information about this scan :

Nessus version : 7.0.3
Plugin feed version : 201804270615
Scanner edition used : Nessus
Scan type : Normal
Scan policy used : Basic Network Scan
Scanner IP : 172.23.6.11
Port scanner(s) : nessus_syn_scanner
Port range : default
Thorough tests : no
Experimental tests : no
Paranoia level : 1
Report verbosity : 1
Safe checks : yes
Optimize the test : yes
Credentialed checks : no
Patch management checks : None
CGI scanning : disabled
Web application tests : disabled
Max hosts : 6
Max checks : 5
Recv timeout : 5
Backports : None
Allow post-scan editing: Yes
Scan Start Date : 2018/4/27 12:39 US Mountain Standard Time
Scan duration : 564 sec

10.0.0.148 (tcp/0)

Information about this scan :

Nessus version : 7.0.3
Plugin feed version : 201804270615
Scanner edition used : Nessus
Scan type : Normal
Scan policy used : Basic Network Scan
Scanner IP : 172.23.6.11
Port scanner(s) : nessus_syn_scanner
Port range : default
Thorough tests : no
Experimental tests : no
Paranoia level : 1
Report verbosity : 1
Safe checks : yes
Optimize the test : yes
Credentialed checks : no
Patch management checks : None
CGI scanning : disabled
Web application tests : disabled
Max hosts : 6
Max checks : 5
Recv timeout : 5
Backports : None
Allow post-scan editing: Yes
Scan Start Date : 2018/4/27 12:43 US Mountain Standard Time
Scan duration : 724 sec

10.0.0.153 (tcp/0)

Information about this scan :

Nessus version : 7.0.3
Plugin feed version : 201804270615
Scanner edition used : Nessus
Scan type : Normal
Scan policy used : Basic Network Scan
Scanner IP : 172.23.6.11
Port scanner(s) : nessus_syn_scanner
Port range : default
Thorough tests : no
Experimental tests : no
Paranoia level : 1
Report verbosity : 1
Safe checks : yes
Optimize the test : yes
Credentialed checks : no
Patch management checks : None
CGI scanning : disabled
Web application tests : disabled
Max hosts : 6
Max checks : 5
Recv timeout : 5
Backports : None
Allow post-scan editing: Yes
Scan Start Date : 2018/4/27 12:45 US Mountain Standard Time
Scan duration : 586 sec

10.0.0.158 (tcp/0)

Information about this scan :

Nessus version : 7.0.3
Plugin feed version : 201804270615
Scanner edition used : Nessus
Scan type : Normal
Scan policy used : Basic Network Scan
Scanner IP : 172.23.6.11
Port scanner(s) : nessus_syn_scanner
Port range : default
Thorough tests : no
Experimental tests : no
Paranoia level : 1
Report verbosity : 1
Safe checks : yes
Optimize the test : yes
Credentialed checks : no
Patch management checks : None
CGI scanning : disabled
Web application tests : disabled
Max hosts : 6
Max checks : 5
Recv timeout : 5
Backports : None
Allow post-scan editing: Yes
Scan Start Date : 2018/4/27 12:49 US Mountain Standard Time
Scan duration : 1013 sec

10.0.0.169 (tcp/0)

Information about this scan :

Nessus version : 7.0.3
Plugin feed version : 201804270615
Scanner edition used : Nessus
Scan type : Normal
Scan policy used : Basic Network Scan
Scanner IP : 172.23.6.11
Port scanner(s) : nessus_syn_scanner
Port range : default
Thorough tests : no
Experimental tests : no
Paranoia level : 1
Report verbosity : 1
Safe checks : yes
Optimize the test : yes
Credentialed checks : no
Patch management checks : None
CGI scanning : disabled
Web application tests : disabled
Max hosts : 6
Max checks : 5
Recv timeout : 5
Backports : Detected
Allow post-scan editing: Yes
Scan Start Date : 2018/4/27 12:50 US Mountain Standard Time
Scan duration : 525 sec

10.0.0.178 (tcp/0)

Information about this scan :

Nessus version : 7.0.3
Plugin feed version : 201804270615
Scanner edition used : Nessus
Scan type : Normal
Scan policy used : Basic Network Scan
Scanner IP : 172.23.6.11
Port scanner(s) : nessus_syn_scanner
Port range : default
Thorough tests : no
Experimental tests : no
Paranoia level : 1
Report verbosity : 1
Safe checks : yes
Optimize the test : yes
Credentialed checks : no
Patch management checks : None
CGI scanning : disabled
Web application tests : disabled
Max hosts : 6
Max checks : 5
Recv timeout : 5
Backports : None
Allow post-scan editing: Yes
Scan Start Date : 2018/4/27 12:54 US Mountain Standard Time
Scan duration : 580 sec

10.0.0.182 (tcp/0)

Information about this scan :

Nessus version : 7.0.3
Plugin feed version : 201804270615
Scanner edition used : Nessus
Scan type : Normal
Scan policy used : Basic Network Scan
Scanner IP : 172.23.6.11
Port scanner(s) : nessus_syn_scanner
Port range : default
Thorough tests : no
Experimental tests : no
Paranoia level : 1
Report verbosity : 1
Safe checks : yes
Optimize the test : yes
Credentialed checks : no
Patch management checks : None
CGI scanning : disabled
Web application tests : disabled
Max hosts : 6
Max checks : 5
Recv timeout : 5
Backports : None
Allow post-scan editing: Yes
Scan Start Date : 2018/4/27 12:55 US Mountain Standard Time
Scan duration : 737 sec

10.0.0.201 (tcp/0)

Information about this scan :

Nessus version : 7.0.3
Plugin feed version : 201804270615
Scanner edition used : Nessus
Scan type : Normal
Scan policy used : Basic Network Scan
Scanner IP : 172.23.6.11
Port scanner(s) : nessus_syn_scanner
Port range : default
Thorough tests : no
Experimental tests : no
Paranoia level : 1
Report verbosity : 1
Safe checks : yes
Optimize the test : yes
Credentialed checks : no
Patch management checks : None
CGI scanning : disabled
Web application tests : disabled
Max hosts : 6
Max checks : 5
Recv timeout : 5
Backports : Detected
Allow post-scan editing: Yes
Scan Start Date : 2018/4/27 12:57 US Mountain Standard Time
Scan duration : 186 sec

10.0.0.248 (tcp/0)

Information about this scan :

Nessus version : 7.0.3
Plugin feed version : 201804270615
Scanner edition used : Nessus
Scan type : Normal
Scan policy used : Basic Network Scan
Scanner IP : 172.23.6.11
Port scanner(s) : snmp_scanner
Port range : default
Thorough tests : no
Experimental tests : no
Paranoia level : 1
Report verbosity : 1
Safe checks : yes
Optimize the test : yes
Credentialed checks : no
Patch management checks : None
CGI scanning : disabled
Web application tests : disabled
Max hosts : 6
Max checks : 5
Recv timeout : 5
Backports : None
Allow post-scan editing: Yes
Scan Start Date : 2018/4/27 13:01 US Mountain Standard Time
Scan duration : 228 sec

10.0.0.249 (tcp/0)

Information about this scan :

Nessus version : 7.0.3
Plugin feed version : 201804270615
Scanner edition used : Nessus
Scan type : Normal
Scan policy used : Basic Network Scan
Scanner IP : 172.23.6.11
Port scanner(s) : snmp_scanner
Port range : default
Thorough tests : no
Experimental tests : no
Paranoia level : 1
Report verbosity : 1
Safe checks : yes
Optimize the test : yes
Credentialed checks : no
Patch management checks : None
CGI scanning : disabled
Web application tests : disabled
Max hosts : 6
Max checks : 5
Recv timeout : 5
Backports : None
Allow post-scan editing: Yes
Scan Start Date : 2018/4/27 13:01 US Mountain Standard Time
Scan duration : 220 sec
10287 (51) - Traceroute Information
Synopsis
It was possible to obtain traceroute information.
Description
Makes a traceroute to the remote host.
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 1999/11/27, Modified: 2017/08/22
Plugin Output

10.0.0.1 (udp/0)

For your information, here is the traceroute from 172.23.6.11 to 10.0.0.1 :
172.23.6.11
172.23.6.3
172.23.7.4
10.0.0.1

Hop Count: 3

10.0.0.5 (udp/0)

For your information, here is the traceroute from 172.23.6.11 to 10.0.0.5 :
172.23.6.11
172.23.6.2
172.23.7.4
172.30.9.27
10.0.255.4
?
10.0.0.5

Hop Count: 6

10.0.0.8 (udp/0)

For your information, here is the traceroute from 172.23.6.11 to 10.0.0.8 :
172.23.6.11
172.23.6.2
172.23.7.4
10.0.0.8

Hop Count: 3

10.0.0.11 (udp/0)

For your information, here is the traceroute from 172.23.6.11 to 10.0.0.11 :
172.23.6.11
172.23.6.2
172.23.7.4
172.30.9.27
10.0.255.4
?
10.0.0.11

Hop Count: 6

10.0.0.12 (udp/0)

For your information, here is the traceroute from 172.23.6.11 to 10.0.0.12 :
172.23.6.11
172.23.6.2
172.23.7.4
172.30.9.28
10.0.255.4
?
10.0.0.12

Hop Count: 6

10.0.0.14 (udp/0)

For your information, here is the traceroute from 172.23.6.11 to 10.0.0.14 :
172.23.6.11
172.23.6.2
172.23.7.4
172.30.9.28
10.0.255.4
?
10.0.0.14

Hop Count: 6

10.0.0.17 (udp/0)

For your information, here is the traceroute from 172.23.6.11 to 10.0.0.17 :
172.23.6.11
172.23.6.2
172.23.7.4
172.30.9.28
10.0.255.4
?
10.0.0.17

Hop Count: 6

10.0.0.19 (udp/0)

For your information, here is the traceroute from 172.23.6.11 to 10.0.0.19 :
172.23.6.11
172.23.6.3
172.23.7.4
172.30.9.27
10.0.255.4
?
10.0.0.19

Hop Count: 6

10.0.0.21 (udp/0)

For your information, here is the traceroute from 172.23.6.11 to 10.0.0.21 :
172.23.6.11
172.23.6.3
172.23.7.4
10.0.0.21

Hop Count: 3

10.0.0.22 (udp/0)

For your information, here is the traceroute from 172.23.6.11 to 10.0.0.22 :
172.23.6.11
172.23.6.2
172.23.7.4
172.30.9.28
10.0.255.4
?
10.0.0.22

Hop Count: 6

10.0.0.25 (udp/0)

For your information, here is the traceroute from 172.23.6.11 to 10.0.0.25 :
172.23.6.11
172.23.6.2
172.23.7.4
172.30.9.27
10.0.255.4
?
10.0.0.25

Hop Count: 6

10.0.0.27 (udp/0)

For your information, here is the traceroute from 172.23.6.11 to 10.0.0.27 :
172.23.6.11
172.23.6.2
172.23.7.4
172.30.9.27
10.0.255.4
?
10.0.0.27

Hop Count: 6

10.0.0.39 (udp/0)

For your information, here is the traceroute from 172.23.6.11 to 10.0.0.39 :
172.23.6.11
172.23.6.2
172.23.7.4
10.0.0.39

Hop Count: 3

10.0.0.43 (udp/0)

For your information, here is the traceroute from 172.23.6.11 to 10.0.0.43 :
172.23.6.11
172.23.6.2
172.23.7.4
172.30.9.27
10.0.255.4
?
10.0.0.43

Hop Count: 6

10.0.0.44 (udp/0)

For your information, here is the traceroute from 172.23.6.11 to 10.0.0.44 :
172.23.6.11
172.23.6.2
172.23.7.4
172.30.9.27
10.0.255.4
?
10.0.0.44

Hop Count: 6

10.0.0.45 (udp/0)

For your information, here is the traceroute from 172.23.6.11 to 10.0.0.45 :
172.23.6.11
172.23.6.3
172.23.7.4
172.30.9.27
10.0.255.4
?
10.0.0.45

Hop Count: 6

10.0.0.46 (udp/0)

For your information, here is the traceroute from 172.23.6.11 to 10.0.0.46 :
172.23.6.11
172.23.6.3
172.23.7.4
172.30.9.28
10.0.255.4
?
10.0.0.46

Hop Count: 6

10.0.0.47 (udp/0)

For your information, here is the traceroute from 172.23.6.11 to 10.0.0.47 :
172.23.6.11
172.23.6.3
172.23.7.4
172.30.9.27
10.0.255.4
?
10.0.0.47

Hop Count: 6

10.0.0.50 (udp/0)

For your information, here is the traceroute from 172.23.6.11 to 10.0.0.50 :
172.23.6.11
172.23.6.3
172.23.7.4
10.0.0.50

Hop Count: 3

10.0.0.51 (udp/0)

For your information, here is the traceroute from 172.23.6.11 to 10.0.0.51 :
172.23.6.11
172.23.6.2
172.23.7.4
10.0.0.51

Hop Count: 3

10.0.0.52 (udp/0)

For your information, here is the traceroute from 172.23.6.11 to 10.0.0.52 :
172.23.6.11
172.23.6.2
172.23.7.4
10.0.0.52

Hop Count: 3

10.0.0.53 (udp/0)

For your information, here is the traceroute from 172.23.6.11 to 10.0.0.53 :
172.23.6.11
172.23.6.3
172.23.7.4
10.0.0.53

Hop Count: 3

10.0.0.54 (udp/0)

For your information, here is the traceroute from 172.23.6.11 to 10.0.0.54 :
172.23.6.11
172.23.6.3
172.23.7.4
10.0.0.54

Hop Count: 3

10.0.0.60 (udp/0)

For your information, here is the traceroute from 172.23.6.11 to 10.0.0.60 :
172.23.6.11
172.23.6.3
172.23.7.4
10.0.0.60

Hop Count: 3

10.0.0.64 (udp/0)

For your information, here is the traceroute from 172.23.6.11 to 10.0.0.64 :
172.23.6.11
172.23.6.2
172.23.7.4
172.30.9.27
10.0.255.4
?
10.0.0.64

Hop Count: 6

10.0.0.67 (udp/0)

For your information, here is the traceroute from 172.23.6.11 to 10.0.0.67 :
172.23.6.11
172.23.6.3
172.23.7.4
10.0.0.67

Hop Count: 3

10.0.0.84 (udp/0)

For your information, here is the traceroute from 172.23.6.11 to 10.0.0.84 :
172.23.6.11
172.23.6.2
172.23.7.4
10.0.0.84

Hop Count: 3

10.0.0.85 (udp/0)

For your information, here is the traceroute from 172.23.6.11 to 10.0.0.85 :
172.23.6.11
172.23.6.3
172.23.7.4
10.0.0.85

Hop Count: 3

10.0.0.87 (udp/0)

For your information, here is the traceroute from 172.23.6.11 to 10.0.0.87 :
172.23.6.11
172.23.6.2
172.23.7.4
172.30.9.27
10.0.255.4
?
10.0.0.87

Hop Count: 6

10.0.0.91 (udp/0)

For your information, here is the traceroute from 172.23.6.11 to 10.0.0.91 :
172.23.6.11
172.23.6.3
172.23.7.4
10.0.0.91

Hop Count: 3

10.0.0.94 (udp/0)

For your information, here is the traceroute from 172.23.6.11 to 10.0.0.94 :
172.23.6.11
172.23.6.3
172.23.7.4
10.0.0.94

Hop Count: 3

10.0.0.99 (udp/0)

For your information, here is the traceroute from 172.23.6.11 to 10.0.0.99 :
172.23.6.11
172.23.6.3
172.23.7.4
10.0.0.99

Hop Count: 3

10.0.0.100 (udp/0)

For your information, here is the traceroute from 172.23.6.11 to 10.0.0.100 :
172.23.6.11
172.23.6.2
172.23.7.4
10.0.0.100

Hop Count: 3

10.0.0.105 (udp/0)

For your information, here is the traceroute from 172.23.6.11 to 10.0.0.105 :
172.23.6.11
172.23.6.3
172.23.7.4
10.0.0.105

Hop Count: 3

10.0.0.110 (udp/0)

For your information, here is the traceroute from 172.23.6.11 to 10.0.0.110 :
172.23.6.11
172.23.6.2
172.23.7.4
10.0.0.110

Hop Count: 3

10.0.0.111 (udp/0)

For your information, here is the traceroute from 172.23.6.11 to 10.0.0.111 :
172.23.6.11
172.23.6.3
172.23.7.4
172.30.9.27
10.0.255.4
?
10.0.0.111

Hop Count: 6

10.0.0.112 (udp/0)

For your information, here is the traceroute from 172.23.6.11 to 10.0.0.112 :
172.23.6.11
172.23.6.3
172.23.7.4
172.30.9.28
10.0.255.4
?
10.0.0.112

Hop Count: 6

10.0.0.114 (udp/0)

For your information, here is the traceroute from 172.23.6.11 to 10.0.0.114 :
172.23.6.11
172.23.6.3
172.23.7.4
10.0.0.114

Hop Count: 3

10.0.0.122 (udp/0)

For your information, here is the traceroute from 172.23.6.11 to 10.0.0.122 :
172.23.6.11
172.23.6.3
172.23.7.4
10.0.0.122

Hop Count: 3

10.0.0.131 (udp/0)

For your information, here is the traceroute from 172.23.6.11 to 10.0.0.131 :
172.23.6.11
172.23.6.2
172.23.7.4
10.0.0.131

Hop Count: 3

10.0.0.133 (udp/0)

For your information, here is the traceroute from 172.23.6.11 to 10.0.0.133 :
172.23.6.11
172.23.6.3
172.23.7.4
10.0.0.133

Hop Count: 3

10.0.0.147 (udp/0)

For your information, here is the traceroute from 172.23.6.11 to 10.0.0.147 :
172.23.6.11
172.23.6.2
172.23.7.4
10.0.0.147

Hop Count: 3

10.0.0.148 (udp/0)

For your information, here is the traceroute from 172.23.6.11 to 10.0.0.148 :
172.23.6.11
172.23.6.2
172.23.7.4
172.30.9.27
10.0.255.4
?
10.0.0.148

Hop Count: 6

10.0.0.153 (udp/0)

For your information, here is the traceroute from 172.23.6.11 to 10.0.0.153 :
172.23.6.11
172.23.6.3
172.23.7.4
10.0.0.153

Hop Count: 3

10.0.0.158 (udp/0)

For your information, here is the traceroute from 172.23.6.11 to 10.0.0.158 :
172.23.6.11
172.23.6.3
172.23.7.4
172.30.9.27
10.0.255.4
?
10.0.0.158

Hop Count: 6

10.0.0.169 (udp/0)

For your information, here is the traceroute from 172.23.6.11 to 10.0.0.169 :
172.23.6.11
172.23.6.3
172.23.7.4
172.30.9.28
10.0.255.4
?
10.0.0.169

Hop Count: 6

10.0.0.178 (udp/0)

For your information, here is the traceroute from 172.23.6.11 to 10.0.0.178 :
172.23.6.11
172.23.6.3
172.23.7.4
10.0.0.178

Hop Count: 3

10.0.0.182 (udp/0)

For your information, here is the traceroute from 172.23.6.11 to 10.0.0.182 :
172.23.6.11
172.23.6.2
172.23.7.4
172.30.9.27
10.0.255.4
?
10.0.0.182

Hop Count: 6

10.0.0.201 (udp/0)

For your information, here is the traceroute from 172.23.6.11 to 10.0.0.201 :
172.23.6.11
172.23.6.3
172.23.7.4
172.30.9.27
10.0.255.4
?
10.0.0.201

Hop Count: 6

10.0.0.248 (udp/0)

For your information, here is the traceroute from 172.23.6.11 to 10.0.0.248 :
172.23.6.11
172.23.6.3
172.23.7.4
172.30.9.27
10.0.255.4
?
10.0.0.248

Hop Count: 6

10.0.0.249 (udp/0)

For your information, here is the traceroute from 172.23.6.11 to 10.0.0.249 :
172.23.6.11
172.23.6.2
172.23.7.4
172.30.9.27
10.0.255.4
?
10.0.0.249

Hop Count: 6
25220 (47) - TCP/IP Timestamps Supported
Synopsis
The remote service implements TCP timestamps.
Description
The remote host implements TCP timestamps, as defined by RFC1323. A side effect of this feature is that the uptime of the remote host can sometimes be computed.
See Also
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2007/05/16, Modified: 2011/03/20
Plugin Output

10.0.0.1 (tcp/0)

10.0.0.5 (tcp/0)

10.0.0.8 (tcp/0)

10.0.0.11 (tcp/0)

10.0.0.14 (tcp/0)

10.0.0.17 (tcp/0)

10.0.0.19 (tcp/0)

10.0.0.21 (tcp/0)

10.0.0.22 (tcp/0)

10.0.0.25 (tcp/0)

10.0.0.27 (tcp/0)

10.0.0.39 (tcp/0)

10.0.0.43 (tcp/0)

10.0.0.44 (tcp/0)

10.0.0.45 (tcp/0)

10.0.0.46 (tcp/0)

10.0.0.47 (tcp/0)

10.0.0.50 (tcp/0)

10.0.0.51 (tcp/0)

10.0.0.52 (tcp/0)

10.0.0.53 (tcp/0)

10.0.0.54 (tcp/0)

10.0.0.60 (tcp/0)

10.0.0.64 (tcp/0)

10.0.0.67 (tcp/0)

10.0.0.84 (tcp/0)

10.0.0.85 (tcp/0)

10.0.0.87 (tcp/0)

10.0.0.91 (tcp/0)

10.0.0.94 (tcp/0)

10.0.0.100 (tcp/0)

10.0.0.105 (tcp/0)

10.0.0.110 (tcp/0)

10.0.0.111 (tcp/0)

10.0.0.112 (tcp/0)

10.0.0.114 (tcp/0)

10.0.0.122 (tcp/0)

10.0.0.131 (tcp/0)

10.0.0.133 (tcp/0)

10.0.0.147 (tcp/0)

10.0.0.148 (tcp/0)

10.0.0.153 (tcp/0)

10.0.0.158 (tcp/0)

10.0.0.169 (tcp/0)

10.0.0.178 (tcp/0)

10.0.0.182 (tcp/0)

10.0.0.201 (tcp/0)

11936 (41) - OS Identification
Synopsis
It is possible to guess the remote operating system.
Description
Using a combination of remote probes (e.g., TCP/IP, SMB, HTTP, NTP, SNMP, etc.), it is possible to guess the name of the remote operating system in use. It is also possible sometimes to guess the version of the operating system.
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2003/12/09, Modified: 2018/04/19
Plugin Output

10.0.0.1 (tcp/0)


Remote operating system : Linux Kernel 2.6
Confidence level : 65
Method : SinFP

Not all fingerprints could give a match. If you think some or all of
the following could be used to identify the host's operating system,
please email them to os-signatures@nessus.org. Be sure to include a
brief description of the host itself, such as the actual operating
system or product / model names.

NTP:!:unknown
SinFP:
P1:B10113:F0x12:W29200:O0204ffff:M1398:
P2:B10113:F0x12:W28960:O0204ffff0402080affffffff4445414401030307:M1398:
P3:B00000:F0x00:W0:O0:M0
P4:70003_7_p=8090R
HTTP:!:Server: lighttpd/1.4.39



The remote host is running Linux Kernel 2.6

10.0.0.5 (tcp/0)


Remote operating system : HP JetDirect Printer
Confidence level : 65
Method : SinFP


The remote host is running HP JetDirect Printer

10.0.0.8 (tcp/0)


Remote operating system : Microsoft Windows Vista
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows 7
Confidence level : 66
Method : RDP


The remote host is running one of these operating systems :
Microsoft Windows Vista
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows 7

10.0.0.11 (tcp/0)


Remote operating system : Linux Kernel 2.6
Confidence level : 98
Method : SNMP


The remote host is running Linux Kernel 2.6

10.0.0.12 (tcp/0)


Remote operating system : Linux Kernel 2.6
Confidence level : 98
Method : SNMP


The remote host is running Linux Kernel 2.6

10.0.0.14 (tcp/0)


Remote operating system : Microsoft Windows Server 2008 Standard Service Pack 2
Confidence level : 100
Method : SMB


The remote host is running Microsoft Windows Server 2008 Standard Service Pack 2

10.0.0.17 (tcp/0)


Remote operating system : Linux Kernel 2.6
Confidence level : 98
Method : SNMP


The remote host is running Linux Kernel 2.6

10.0.0.19 (tcp/0)


Remote operating system : Linux Kernel 2.6
Confidence level : 98
Method : SNMP


The remote host is running Linux Kernel 2.6

10.0.0.21 (tcp/0)


Remote operating system : Microsoft Windows Server 2008 R2
Confidence level : 75
Method : HTTP


The remote host is running Microsoft Windows Server 2008 R2

10.0.0.22 (tcp/0)


Remote operating system : Microsoft Windows Server 2008 R2
Confidence level : 75
Method : HTTP


The remote host is running Microsoft Windows Server 2008 R2

10.0.0.25 (tcp/0)


Remote operating system : Microsoft Windows Server 2008 R2
Confidence level : 75
Method : HTTP

Not all fingerprints could give a match. If you think some or all of
the following could be used to identify the host's operating system,
please email them to os-signatures@nessus.org. Be sure to include a
brief description of the host itself, such as the actual operating
system or product / model names.

RDP:000000000f00000010000100080001000900000001001000100010
NTP:!:unknown
HTTP:Server: Microsoft-IIS/7.5

SinFP:
P1:B11113:F0x12:W14600:O0204ffff:M1460:
P2:B11113:F0x12:W43440:O0204ffff0402080affffffff444541440103030d:M1460:
P3:B00000:F0x00:W0:O0:M0
P4:70003_7_p=5060R
SSLcert:!:i/CN:demoSFDC01.demo.orgs/CN:demoSFDC01.demo.org
286f5ae5ce11591277e5525536d92a30ddb9d7f0
i/CN:demoSFDC01.demo.orgs/CN:demoSFDC01.demo.org
286f5ae5ce11591277e5525536d92a30ddb9d7f0
i/CN:demoSFDC01.demo.orgs/CN:demoSFDC01.demo.org
286f5ae5ce11591277e5525536d92a30ddb9d7f0



The remote host is running Microsoft Windows Server 2008 R2

10.0.0.27 (tcp/0)


Remote operating system : Microsoft Windows Vista
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows 7
Confidence level : 66
Method : RDP

Not all fingerprints could give a match. If you think some or all of
the following could be used to identify the host's operating system,
please email them to os-signatures@nessus.org. Be sure to include a
brief description of the host itself, such as the actual operating
system or product / model names.

RDP:000000000f00000010000100080001000900000001001000100010
NTP:!:unknown
SinFP:
P1:B11113:F0x12:W14600:O0204ffff:M1460:
P2:B11113:F0x12:W43440:O0204ffff0402080affffffff444541440103030d:M1460:
P3:B00000:F0x00:W0:O0:M0
P4:70003_7_p=2000R
SSLcert:!:i/CN:demo-demoSFDC01-CAs/CN:demoSFDC02.demo.org
a7be503d52d0d7211e354dc3eb277d490e159277
i/CN:demo-demoSFDC01-CAs/CN:demoSFDC02.demo.org
a7be503d52d0d7211e354dc3eb277d490e159277
i/CN:demosfdc02.demo.orgs/CN:demosfdc02.demo.org
3f4f1646e9d3bfcb91fa4c04b0cf6287cb790b26



The remote host is running one of these operating systems :
Microsoft Windows Vista
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows 7

10.0.0.39 (tcp/0)


Remote operating system : Linux Kernel 2.2
Linux Kernel 2.4
Linux Kernel 2.6
Confidence level : 54
Method : SinFP


The remote host is running one of these operating systems :
Linux Kernel 2.2
Linux Kernel 2.4
Linux Kernel 2.6

10.0.0.43 (tcp/0)


Remote operating system : HP JetDirect Printer
Confidence level : 65
Method : SinFP


The remote host is running HP JetDirect Printer

10.0.0.44 (tcp/0)


Remote operating system : VMware ESXi 5.5.0 build-2068190
Confidence level : 100
Method : Misc

Primary method : HTML


The remote host is running VMware ESXi 5.5.0 build-2068190

10.0.0.45 (tcp/0)


Remote operating system : HP JetDirect Printer
Confidence level : 65
Method : SinFP


The remote host is running HP JetDirect Printer

10.0.0.46 (tcp/0)


Remote operating system : VMware ESXi 5.5.0 build-2068190
Confidence level : 100
Method : Misc

Primary method : HTML


The remote host is running VMware ESXi 5.5.0 build-2068190

10.0.0.47 (tcp/0)


Remote operating system : VMware vCenter Server 5.5.0 build-1623101
Confidence level : 98
Method : Misc


The remote host is running VMware vCenter Server 5.5.0 build-1623101

10.0.0.50 (tcp/0)


Remote operating system : Linux Kernel 2.2
Linux Kernel 2.4
Linux Kernel 2.6
Confidence level : 54
Method : SinFP


The remote host is running one of these operating systems :
Linux Kernel 2.2
Linux Kernel 2.4
Linux Kernel 2.6

10.0.0.51 (tcp/0)


Remote operating system : Linux Kernel 2.2
Linux Kernel 2.4
Linux Kernel 2.6
Confidence level : 54
Method : SinFP


The remote host is running one of these operating systems :
Linux Kernel 2.2
Linux Kernel 2.4
Linux Kernel 2.6

10.0.0.52 (tcp/0)


Remote operating system : Linux Kernel 2.2
Linux Kernel 2.4
Linux Kernel 2.6
Confidence level : 54
Method : SinFP


The remote host is running one of these operating systems :
Linux Kernel 2.2
Linux Kernel 2.4
Linux Kernel 2.6

10.0.0.53 (tcp/0)


Remote operating system : Linux Kernel 2.2
Linux Kernel 2.4
Linux Kernel 2.6
Confidence level : 54
Method : SinFP


The remote host is running one of these operating systems :
Linux Kernel 2.2
Linux Kernel 2.4
Linux Kernel 2.6

10.0.0.54 (tcp/0)


Remote operating system : Linux Kernel 2.2
Linux Kernel 2.4
Linux Kernel 2.6
Confidence level : 54
Method : SinFP


The remote host is running one of these operating systems :
Linux Kernel 2.2
Linux Kernel 2.4
Linux Kernel 2.6

10.0.0.60 (tcp/0)


Remote operating system : Linux Kernel 2.2
Linux Kernel 2.4
Linux Kernel 2.6
Confidence level : 54
Method : SinFP


The remote host is running one of these operating systems :
Linux Kernel 2.2
Linux Kernel 2.4
Linux Kernel 2.6

10.0.0.64 (tcp/0)


Remote operating system : Microsoft Windows 7 Professional Service Pack 1
Confidence level : 100
Method : SMB


The remote host is running Microsoft Windows 7 Professional Service Pack 1

10.0.0.67 (tcp/0)


Remote operating system : Linux Kernel 2.2
Linux Kernel 2.4
Linux Kernel 2.6
Confidence level : 54
Method : SinFP


The remote host is running one of these operating systems :
Linux Kernel 2.2
Linux Kernel 2.4
Linux Kernel 2.6

10.0.0.85 (tcp/0)


Remote operating system : Linux Kernel 2.2
Linux Kernel 2.4
Linux Kernel 2.6
Confidence level : 54
Method : SinFP


The remote host is running one of these operating systems :
Linux Kernel 2.2
Linux Kernel 2.4
Linux Kernel 2.6

10.0.0.87 (tcp/0)


Remote operating system : Linux Kernel 2.2
Linux Kernel 2.4
Linux Kernel 2.6
Confidence level : 54
Method : SinFP

Not all fingerprints could give a match. If you think some or all of
the following could be used to identify the host's operating system,
please email them to os-signatures@nessus.org. Be sure to include a
brief description of the host itself, such as the actual operating
system or product / model names.

SinFP:
P1:B10113:F0x12:W14600:O0204ffff:M1398:
P2:B10113:F0x12:W14480:O0204ffff0402080affffffff4445414401030304:M1398:
P3:B00000:F0x00:W0:O0:M0
P4:70003_7_p=80R
HTTP:!:Server: lighttpd

SNMP:!:HPE OfficeConnect Switch 1820 24G PoE+ (185W) J9983A, PT.02.01, Linux 3.6.5-79c95a77, U-Boot 2012.10-00116-g3ab515c (Jul 30 2014 - 10:52:01)


The remote host is running one of these operating systems :
Linux Kernel 2.2
Linux Kernel 2.4
Linux Kernel 2.6

10.0.0.91 (tcp/0)


Remote operating system : Linux Kernel 2.2
Linux Kernel 2.4
Linux Kernel 2.6
Confidence level : 54
Method : SinFP


The remote host is running one of these operating systems :
Linux Kernel 2.2
Linux Kernel 2.4
Linux Kernel 2.6

10.0.0.94 (tcp/0)


Remote operating system : Microsoft Windows Server 2008 R2
Confidence level : 75
Method : HTTP


The remote host is running Microsoft Windows Server 2008 R2

10.0.0.110 (tcp/0)


Remote operating system : Linux Kernel 2.6
Confidence level : 65
Method : SinFP


The remote host is running Linux Kernel 2.6

10.0.0.111 (tcp/0)


Remote operating system : Linux Kernel 2.6
Confidence level : 65
Method : SinFP


The remote host is running Linux Kernel 2.6

10.0.0.112 (tcp/0)


Remote operating system : Microsoft Windows Vista
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows 7
Confidence level : 66
Method : RDP


The remote host is running one of these operating systems :
Microsoft Windows Vista
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows 7

10.0.0.114 (tcp/0)


Remote operating system : Linux Kernel 2.2
Linux Kernel 2.4
Linux Kernel 2.6
Confidence level : 54
Method : SinFP


The remote host is running one of these operating systems :
Linux Kernel 2.2
Linux Kernel 2.4
Linux Kernel 2.6

10.0.0.133 (tcp/0)


Remote operating system : Windows 6.1
Confidence level : 70
Method : smb


The remote host is running Windows 6.1

10.0.0.148 (tcp/0)


Remote operating system : Windows Server 2016 Standard 14393
Confidence level : 70
Method : smb


The remote host is running Windows Server 2016 Standard 14393

10.0.0.158 (tcp/0)


Remote operating system : Microsoft Windows
Confidence level : 80
Method : SMTP


The remote host is running Microsoft Windows

10.0.0.169 (tcp/0)


Remote operating system : Linux Kernel 2.6
Confidence level : 65
Method : SinFP


The remote host is running Linux Kernel 2.6

10.0.0.201 (tcp/0)


Remote operating system : Linux Kernel 2.6
Confidence level : 65
Method : SinFP


The remote host is running Linux Kernel 2.6

10.0.0.248 (tcp/0)


Remote operating system : HP Switch
Confidence level : 100
Method : SNMP


The remote host is running HP Switch

10.0.0.249 (tcp/0)


Remote operating system : HP Switch
Confidence level : 100
Method : SNMP


The remote host is running HP Switch
54615 (41) - Device Type
Synopsis
It is possible to guess the remote device type.
Description
Based on the remote operating system, it is possible to determine what the remote system type is (eg: a printer, router, general-purpose computer, etc).
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2011/05/23, Modified: 2011/05/23
Plugin Output

10.0.0.1 (tcp/0)

Remote device type : general-purpose
Confidence level : 65

10.0.0.5 (tcp/0)

Remote device type : printer
Confidence level : 65

10.0.0.8 (tcp/0)

Remote device type : general-purpose
Confidence level : 66

10.0.0.11 (tcp/0)

Remote device type : general-purpose
Confidence level : 98

10.0.0.12 (tcp/0)

Remote device type : general-purpose
Confidence level : 98

10.0.0.14 (tcp/0)

Remote device type : general-purpose
Confidence level : 100

10.0.0.17 (tcp/0)

Remote device type : general-purpose
Confidence level : 98

10.0.0.19 (tcp/0)

Remote device type : general-purpose
Confidence level : 98

10.0.0.21 (tcp/0)

Remote device type : general-purpose
Confidence level : 75

10.0.0.22 (tcp/0)

Remote device type : general-purpose
Confidence level : 75

10.0.0.25 (tcp/0)

Remote device type : general-purpose
Confidence level : 75

10.0.0.27 (tcp/0)

Remote device type : general-purpose
Confidence level : 66

10.0.0.39 (tcp/0)

Remote device type : general-purpose
Confidence level : 54

10.0.0.43 (tcp/0)

Remote device type : printer
Confidence level : 65

10.0.0.44 (tcp/0)

Remote device type : hypervisor
Confidence level : 100

10.0.0.45 (tcp/0)

Remote device type : printer
Confidence level : 65

10.0.0.46 (tcp/0)

Remote device type : hypervisor
Confidence level : 100

10.0.0.47 (tcp/0)

Remote device type : hypervisor
Confidence level : 98

10.0.0.50 (tcp/0)

Remote device type : general-purpose
Confidence level : 54

10.0.0.51 (tcp/0)

Remote device type : general-purpose
Confidence level : 54

10.0.0.52 (tcp/0)

Remote device type : general-purpose
Confidence level : 54

10.0.0.53 (tcp/0)

Remote device type : general-purpose
Confidence level : 54

10.0.0.54 (tcp/0)

Remote device type : general-purpose
Confidence level : 54

10.0.0.60 (tcp/0)

Remote device type : general-purpose
Confidence level : 54

10.0.0.64 (tcp/0)

Remote device type : general-purpose
Confidence level : 100

10.0.0.67 (tcp/0)

Remote device type : general-purpose
Confidence level : 54

10.0.0.85 (tcp/0)

Remote device type : general-purpose
Confidence level : 54

10.0.0.87 (tcp/0)

Remote device type : general-purpose
Confidence level : 54

10.0.0.91 (tcp/0)

Remote device type : general-purpose
Confidence level : 54

10.0.0.94 (tcp/0)

Remote device type : general-purpose
Confidence level : 75

10.0.0.110 (tcp/0)

Remote device type : general-purpose
Confidence level : 65

10.0.0.111 (tcp/0)

Remote device type : general-purpose
Confidence level : 65

10.0.0.112 (tcp/0)

Remote device type : general-purpose
Confidence level : 66

10.0.0.114 (tcp/0)

Remote device type : general-purpose
Confidence level : 54

10.0.0.133 (tcp/0)

Remote device type : general-purpose
Confidence level : 70

10.0.0.148 (tcp/0)

Remote device type : general-purpose
Confidence level : 70

10.0.0.158 (tcp/0)

Remote device type : general-purpose
Confidence level : 80

10.0.0.169 (tcp/0)

Remote device type : general-purpose
Confidence level : 65

10.0.0.201 (tcp/0)

Remote device type : general-purpose
Confidence level : 65

10.0.0.248 (tcp/0)

Remote device type : switch
Confidence level : 100

10.0.0.249 (tcp/0)

Remote device type : switch
Confidence level : 100
10863 (38) - SSL Certificate Information
Synopsis
This plugin displays the SSL certificate.
Description
This plugin connects to every SSL-related port and attempts to extract and dump the X.509 certificate.
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2008/05/19, Modified: 2015/12/30
Plugin Output

10.0.0.8 (tcp/1433)

Subject Name:

Common Name: SSL_Self_Signed_Fallback

Issuer Name:

Common Name: SSL_Self_Signed_Fallback

Serial Number: 31 43 43 D1 8A 38 3B 9B 42 9F 31 18 99 C8 C5 7F

Version: 3

Signature Algorithm: SHA-1 With RSA Encryption

Not Valid Before: Jan 07 04:47:27 2018 GMT
Not Valid After: Jan 07 04:47:27 2048 GMT

Public Key Info:

Algorithm: RSA Encryption
Key Length: 1024 bits
Public Key: 00 D1 4D BD 2E 98 35 1C 34 E7 A7 D2 1C 70 76 97 8C 97 9A 3E
49 17 60 2B 9F 25 2C 01 0E 35 0B B2 C7 20 AB 29 17 CD B9 3F
6F B8 52 0C DB F4 C3 E6 4A DC 77 B9 17 05 6F A6 25 4A 53 B6
73 C5 E5 4B D1 55 6B C2 68 5E 3B FE 73 4C 0C EB 13 70 EA 41
C8 4D 89 32 04 85 82 DC BD 61 E4 9B DA E4 FA 46 B3 4B F6 84
FD E6 63 2A 1F 07 C6 94 71 62 0B 0E DF B9 76 7D 80 14 72 57
10 C4 6A A5 C7 D1 49 89 9D
Exponent: 01 00 01

Signature Length: 128 bytes / 1024 bits
Signature: 00 30 51 F1 79 12 6C C7 78 45 75 7D A1 0B E2 51 22 67 A3 77
24 F6 39 D4 F0 DA 78 45 DC AC D1 7C 2E 94 A7 EE 6E 70 90 2A
11 20 B3 44 2F 92 18 CD A8 D7 C5 9D AC ED F7 96 8E 6B A0 E3
E5 4D 98 4B 4F A0 4D 10 9A 81 D0 8F 1B C7 BC F1 72 DB 30 0A
AF 88 F5 9E BB DF 13 6B AD DA 5A 52 33 17 3C 05 74 28 44 E3
C6 82 C1 51 E0 12 53 79 F9 36 D9 3B 6D 28 52 34 35 A8 0E C0
6A F9 CA C7 FA 24 52 F1 3F

Fingerprints :

SHA-256 Fingerprint: F6 84 17 95 F5 05 9C 8A CC C3 87 B1 34 CB A1 E1 53 21 5B C6
27 85 64 47 0B 46 24 2A 1F 18 B2 29
SHA-1 Fingerprint: 45 59 B8 44 06 1C 3E 12 E4 16 99 C2 6A DC 4C B6 BD 54 A9 7E
MD5 Fingerprint: 7E 85 EA E9 7E BD 08 0B A3 76 88 8E 74 8C 24 16

10.0.0.8 (tcp/3389)

Subject Name:

Common Name: 427576-DB2-NEW.demo.org

Issuer Name:

Common Name: 427576-DB2-NEW.demo.org

Serial Number: 4E DC 1E B4 5A 51 C5 89 4B 45 EC 98 C1 E6 19 95

Version: 3

Signature Algorithm: SHA-1 With RSA Encryption

Not Valid Before: Jan 16 04:48:12 2018 GMT
Not Valid After: Jul 18 04:48:12 2018 GMT

Public Key Info:

Algorithm: RSA Encryption
Key Length: 2048 bits
Public Key: 00 90 7B 49 EA 18 11 D4 94 20 CE F0 03 BB 7A B9 75 BA 1C 40
2A 72 CE 18 8B 00 43 79 7E E3 F1 5F 80 DD 89 3F C8 75 AE F6
31 E5 F5 99 0A C9 EC 7A D3 32 54 6C C5 65 5B C3 7B 9E 1D DB
B7 72 FB AA 5A 09 2C 05 ED FE 91 44 D8 9D D0 A2 6A F4 E1 05
CC AB 26 A4 3E D4 9D D0 49 76 1E BD AD BE 87 47 AF D1 E7 37
20 AA E5 21 83 EB D0 45 A3 50 C4 F2 B3 72 43 C8 07 20 B7 2C
44 D5 36 CE 7B 1F C7 A7 E4 E9 67 93 A9 98 4E 5B 68 AD CF D8
96 1A A1 FD 77 2D CB E2 FD 28 A3 23 80 5F 05 DA E2 2E D9 3B
01 8E B7 F9 80 D1 C7 97 FA C2 75 85 0E 0B EE A7 0D 22 89 85
BE 14 8D EC AA 21 2C 11 F9 45 7A 04 50 92 58 49 F1 46 CF 2A
3B A9 D6 FD 28 71 85 C3 45 10 79 9B 8C 25 F7 E7 05 F9 97 01
7E 6E 07 05 5A E7 B5 EC 85 CC FA D6 32 EC 97 79 A1 FD 43 B2
25 C1 C8 EB 3E 2F 57 E6 F2 8A AA 80 57 E1 77 14 9B
Exponent: 01 00 01

Signature Length: 256 bytes / 2048 bits
Signature: 00 89 B9 55 46 36 4A 26 51 88 C4 D2 A9 3F 68 46 82 CF D6 BC
5D DB D1 87 87 AA DA 2C A3 68 83 BB 61 26 D0 5A C8 A6 A9 F5
53 08 01 AC 0C A7 67 52 10 95 C0 2A B3 3D 75 1F 14 DA 9E 6C
60 CE 87 51 47 3E 76 46 39 F2 9C 7E 15 24 FE A9 01 CB 69 32
FE 1C F9 64 44 54 F2 5A 82 15 01 1A 0C 60 80 19 1B BC FD E7
15 B6 F4 61 DB 95 80 F7 7E 60 F1 4A DE BF EE 0A E8 14 EC 54
5D 32 9C 67 85 11 97 86 9A 03 86 4F 7E CD 9C 33 AE 7E 27 72
34 7A F0 2C 94 1C 36 EC C3 17 F7 4A F3 45 76 E7 52 05 37 45
EE EE 72 28 DD 9B C8 E9 BA 22 F0 44 F2 23 34 81 FD DA E6 39
CF 50 2C 1F EE C3 37 7F 11 91 3F 21 F1 68 54 59 B5 F9 7C EB
F7 5E 7E 00 EC 3C CF AF A6 80 CC 3F BD 6E 05 D7 EB E5 72 D0
74 92 A7 01 CB 3E D7 FC 33 47 88 65 E2 6C D3 2C 25 4B 72 46
B4 FB 3A 23 80 C0 58 27 31 A9 1B 1C 0F 74 65 D0 67

Extension: Extended Key Usage (2.5.29.37)
Critical: 0
Purpose#1: Web Server Authentication (1.3.6.1.5.5.7.3.1)


Extension: Key Usage (2.5.29.15)
Critical: 0
Key Usage: Key Encipherment, Data Encipherment


Fingerprints :

SHA-256 Fingerprint: 8B 36 39 85 79 49 F0 5E A7 33 2D F6 B6 C5 81 8A B6 4F 56 B1
74 F0 D6 42 C7 AA 97 05 1C 0A D0 46
SHA-1 Fingerprint: 91 1B B8 FF 2E 86 F7 36 8B 2B B2 A9 79 D5 3A F7 A0 9E 21 0E
MD5 Fingerprint: 3F 8B DF 62 23 90 ED 7B 2F 5F 54 66 D4 90 1C 2A

10.0.0.14 (tcp/3389)

Subject Name:

Common Name: queen.demo.org

Issuer Name:

Common Name: queen.demo.org

Serial Number: 0F DB 23 EE 8D 8F CC 8E 47 D4 A2 B5 02 78 DE 8A

Version: 3

Signature Algorithm: SHA-1 With RSA Encryption

Not Valid Before: Apr 02 11:54:47 2018 GMT
Not Valid After: Oct 02 11:54:47 2018 GMT

Public Key Info:

Algorithm: RSA Encryption
Key Length: 2048 bits
Public Key: 00 AF 64 53 40 EB D3 CF 2E FD 5C 7B F4 A9 8A ED 27 67 F2 F5
C1 F7 56 0E CE 91 CF 60 2A CF AD 78 54 E1 DC 0E F4 0D 32 84
0B FD 22 02 B3 86 A7 E0 34 13 B8 99 34 06 63 F1 40 22 A9 36
18 24 6D 1E D0 3B F3 92 81 C2 A6 B2 48 F4 63 C8 9E A7 CA 2A
C7 E6 4C 9E 65 C3 11 31 C2 D6 1D 07 7E 74 7B F2 82 AE 46 1D
0F 77 15 F2 D8 DC 55 CF 9D 1B 97 A6 23 D7 BB DC 4C 2C 39 A9
64 32 7D C0 EB D9 F7 10 FD 61 DD CC 55 1F 15 C1 B7 C9 D9 0B
B7 78 9F 39 2D 79 2E 4B B8 23 84 B1 B9 B9 63 1B 3D 8B 34 CF
F8 23 31 7F D8 84 77 FB EF C8 99 C5 C7 77 FB 05 61 65 1A 58
86 2F B3 D0 ED 78 A9 63 0B 3F DF B5 98 84 0C 5E D9 EF AB B4
0A C6 4B 66 09 CC 02 F9 FF 00 C4 A8 F3 5A F8 85 81 92 94 9D
1F 9C F8 AA 35 B9 74 C0 0F B7 D3 56 02 EA F4 C0 5E 9C CE 8A
C4 D1 DC 35 86 26 D1 0D 9C FB 07 DC 5F 4E BD 23 4F
Exponent: 01 00 01

Signature Length: 256 bytes / 2048 bits
Signature: 00 4F D6 D8 D8 C1 BE 13 BB 9B 4B 46 55 49 82 01 CD 1C 91 76
51 C4 74 3A A5 0A 61 85 F8 6D B4 02 29 5F B6 BF DC AA 68 B9
90 58 89 4B 27 2E 72 39 7B A8 17 7F 2B CC DA 26 B4 B7 48 00
8F 77 F0 D4 47 CD 98 D8 03 79 80 DD 9C 19 62 AF 10 35 5D DB
5D F8 AC 98 B5 9B A9 86 8D 2C FB 6A 95 C7 1A 52 72 E8 4C F3
35 32 6A 75 06 62 F6 06 65 4D 5F 84 F0 02 84 70 47 C5 51 83
1D D0 ED 88 DD 06 A8 6A 02 42 85 48 62 9E 72 1A 47 3E B5 B3
06 D8 C8 B4 6D 19 96 B9 52 A4 D8 25 DE 1A 5F 29 2E 99 14 85
00 1F A0 CD 0A 3C 6A 16 4D EE 90 D4 C5 62 9B 15 80 7B 0B 3E
E0 89 C2 CB F0 D0 1A 8D F4 49 C9 41 42 48 71 23 73 CB C9 56
B3 37 85 4D A7 27 AF A1 03 71 01 20 AD B2 20 FC 4C 30 41 1F
A0 A5 F8 7A 34 1E 4A C3 AC A4 C3 36 2C 37 F5 A2 1E E1 3C 62
E4 AD 18 14 E5 CB 23 39 23 6E CD D5 94 D7 8E 93 F5

Extension: Extended Key Usage (2.5.29.37)
Critical: 0
Purpose#1: Web Server Authentication (1.3.6.1.5.5.7.3.1)


Extension: Key Usage (2.5.29.15)
Critical: 0
Key Usage: Key Encipherment, Data Encipherment


Fingerprints :

SHA-256 Fingerprint: A4 27 00 62 3D 76 A7 14 5A 98 AB 42 69 45 63 E4 AE 7B D9 78
E2 9F 80 EF 7C 5F 47 30 49 D3 28 19
SHA-1 Fingerprint: 08 AD 75 E5 32 80 81 D8 B5 1E BC D4 3E EF 49 4A 10 4E BB A1
MD5 Fingerprint: C2 57 18 76 CD 04 E5 08 BA 4D 81 3E CB 00 06 6E

10.0.0.21 (tcp/443)

Subject Name:

Common Name: 427580-ts.demo.org

Issuer Name:

Common Name: 427580-ts.demo.org

Serial Number: 58 CC 6F A2 D9 F2 FC 99 4D 69 AD 37 7B 2C 33 AF

Version: 3

Signature Algorithm: SHA-1 With RSA Encryption

Not Valid Before: Jul 09 15:15:59 2012 GMT
Not Valid After: Jan 08 15:15:59 2013 GMT

Public Key Info:

Algorithm: RSA Encryption
Key Length: 2048 bits
Public Key: 00 B3 A0 4B 61 CC 41 56 DE 21 1D 0E BC 3A 0B 67 3A 52 A4 54
B0 78 21 EB 66 92 57 D2 12 81 79 03 3F BE 94 33 FC F2 82 C1
9C 20 0B D4 CE 0C 4B AD CD 6A 37 DA DB CB 8E 57 2D 01 4F D2
5E 4C 9F BC 5B DB 40 FD 2D 1D 40 11 02 83 D3 63 DF F3 CA AE
F6 39 D9 86 2A B4 84 42 6F 5E AA 6C 73 7A 62 67 62 57 47 E7
A4 EF 3A E4 37 78 3E 25 76 DB 85 0D F8 B6 B9 2F 2C 24 05 41
EB 5A 83 A1 E5 BE 87 F5 44 5E 07 C3 8C D7 3C BF E4 28 E9 B1
94 26 B6 4B 42 E6 77 A3 41 49 14 0C B2 66 25 12 C6 25 5A 55
BF 7C E3 35 CD 3B CA 01 FA E9 44 69 A5 82 9B C7 77 AF AA 65
39 5E B1 8E 4F 82 34 AF F5 16 02 93 70 C2 EF 9E 72 19 8B 67
E4 AF 47 9D 12 C1 D0 26 1C 29 6F F8 B0 52 EB 56 74 94 00 E7
8B 44 FA 39 ED 2D A2 78 3B F7 CC A6 A2 DB 05 EE 74 86 6C 85
58 80 B9 D0 5D 2E 1D AB 26 98 E4 32 BB 58 34 D1 89
Exponent: 01 00 01

Signature Length: 256 bytes / 2048 bits
Signature: 00 7E 9A DB 29 17 7C DD 4E 78 64 AE B6 DE 70 69 9E A6 41 1A
F9 C0 6E 69 B7 62 53 0C 3F D3 64 5F 18 25 53 A8 92 3D 80 ED
1A 8F 82 72 22 18 C2 53 5B 01 1B DD CE 47 37 48 ED 3D 84 C5
18 76 60 76 B4 BD C7 3A B3 D1 62 BA 88 11 34 01 3A 48 9C 5C
0D 2F 1F FE FC 17 E6 61 FE 09 75 A3 60 C3 1B 88 18 29 5A A2
D0 EC 37 DB E4 6C C1 CD 91 73 DB 38 7E 62 86 8F 4C EC 8A 5A
1C D3 93 4A 44 FF 07 3B EE 65 E9 E2 3A 96 14 A2 00 C7 69 39
6C 89 14 F2 65 15 61 ED 34 F0 1A 43 07 B7 BC 88 8A 74 8B F3
BF C7 06 5B 0C 41 4B B7 BA AD 71 B6 C5 6B 86 56 A8 4E 85 16
7C DD 51 A0 0C F0 DA F2 5C 61 95 E9 0A A2 91 E1 0C 70 FF 17
2E 17 C4 CA 81 3F 10 92 6C 70 50 9A 3D 12 07 4C 82 1A 78 66
BE 74 6A C8 E6 42 7D FE D2 3D 18 A2 6A 3C CB E8 18 84 E0 D3
5F 91 03 33 ED 31 75 DE FA 23 04 63 3E 45 4C 6F 3B

Extension: Extended Key Usage (2.5.29.37)
Critical: 0
Purpose#1: Web Server Authentication (1.3.6.1.5.5.7.3.1)


Extension: Key Usage (2.5.29.15)
Critical: 0
Key Usage: Key Encipherment, Data Encipherment


Fingerprints :

SHA-256 Fingerprint: 2A FB ED A5 B2 28 23 0C F2 71 20 24 C8 E6 64 E6 90 6D A6 92
98 6E 40 DD 83 17 F0 C9 4E 0F FC 90
SHA-1 Fingerprint: 49 6A 96 90 2A 12 9C A5 6E EB 26 53 11 DF F4 37 1A 78 A2 1C
MD5 Fingerprint: 48 77 B9 40 36 19 B6 D8 12 45 7D 44 89 C3 A2 09

10.0.0.21 (tcp/3389)

Subject Name:

Common Name: dynamics-ts.demo.org

Issuer Name:

Common Name: dynamics-ts.demo.org

Serial Number: 1C 92 49 85 C7 ED BB B8 48 95 27 2A 77 46 38 25

Version: 3

Signature Algorithm: SHA-1 With RSA Encryption

Not Valid Before: Apr 11 10:27:16 2018 GMT
Not Valid After: Oct 11 10:27:16 2018 GMT

Public Key Info:

Algorithm: RSA Encryption
Key Length: 2048 bits
Public Key: 00 C8 A3 AA 48 26 58 BD 74 0F 74 40 0C 15 BC 6F B3 1C 9A E1
82 82 A3 7E 43 60 D6 B5 A4 6D 38 16 66 74 02 1B 5A A3 C6 AF
6D EF FA 60 A2 32 F3 8D DF 23 CF 35 37 2D 46 EE B4 BC 83 47
DB DD 77 CA D4 79 A2 1C A5 9B C0 18 3E AB 11 30 8A 04 B6 E3
B9 DC BA FF B1 51 FB 4B D6 98 CF B9 10 03 3D 5E 20 C3 AD BC
EB F3 60 E3 2A E5 54 DD CE 9C B0 2C D3 DF 46 9B 1B 06 62 C9
C3 CA 88 E8 8F E3 3D 5B 11 B0 45 87 3B FF C0 55 8D 6B 5F 42
C5 AC C7 41 B4 C2 C5 15 20 FE 9A BE B7 6A F4 D9 C9 97 EF E3
A8 03 27 14 23 DB CD EF B1 16 92 CE 25 F4 91 AD 6B C8 F6 86
0F 8D 41 2F A9 C4 29 A4 F0 75 1D C4 CE E5 C6 BB EC 60 47 88
69 66 32 CE 71 39 F0 39 9C C4 19 8E B0 D9 43 4D A5 52 85 DD
75 EB 87 9A B9 5B FB 5C E5 FA 38 9E 30 0A 0B 75 57 9A C2 52
FE EB 5C EE 4E C0 43 0C C1 39 E2 09 2B CC 82 F5 11
Exponent: 01 00 01

Signature Length: 256 bytes / 2048 bits
Signature: 00 44 C2 1C 0A 97 C1 13 47 6F DB 64 24 33 C9 60 E1 90 5F FE
3B 5D 3C 7F 19 78 06 71 0A BE A1 D2 D4 E0 46 94 DF C3 5E E3
06 91 37 C2 21 E6 9E C5 8D 1D 62 23 BD 25 D3 1D F2 F2 33 26
11 1F A3 1B EB 83 74 29 54 6A 1C A0 5F D6 82 F0 1F 24 AC 87
23 9B A9 F7 2B FB DD 35 85 F9 09 2E 9A 73 D5 20 8C 23 74 15
AE A6 19 19 3F D8 47 78 AF F0 02 28 5B 87 49 F7 46 B9 75 ED
11 ED F7 AD DD 6C CB BE E3 8E FB 26 DF 6D 3D 45 6D DB 77 69
D5 8A B3 E9 F9 EC 52 F4 2E B3 72 A3 BB FA 40 7E 92 CF 51 2B
BE 1B 80 3E 92 A6 11 E7 1B A4 5A E5 DA 0A 94 B7 AB DE 1C 08
AE 93 17 6C 43 C9 A2 51 35 50 AB B6 2E 9B 71 04 B8 7A 19 7B
C4 73 FB 61 79 75 B3 2C B2 8B 5A 67 77 27 F5 FE 8B A3 02 55
B0 01 94 09 7D 38 E9 F3 4B 3A 8A 8F BA F8 96 8C EF 25 59 95
3D 7F BF 06 26 A7 F0 D3 A5 4B E8 2E A7 04 10 83 CD

Extension: Extended Key Usage (2.5.29.37)
Critical: 0
Purpose#1: Web Server Authentication (1.3.6.1.5.5.7.3.1)


Extension: Key Usage (2.5.29.15)
Critical: 0
Key Usage: Key Encipherment, Data Encipherment


Fingerprints :

SHA-256 Fingerprint: DE 42 BB 17 26 39 15 FF 19 65 19 2B 69 D8 55 70 E2 8F 02 2A
A0 A0 AF 11 9F EB 26 B2 C1 C6 D0 27
SHA-1 Fingerprint: 53 69 70 82 70 D9 C5 A2 78 1E FA DD 37 B1 2C 6F BF E4 98 6A
MD5 Fingerprint: 48 C5 13 8F F4 DA 15 36 4C 85 6B 57 42 26 B2 D9

10.0.0.22 (tcp/3389)

Subject Name:

Common Name: dynamics-app.demo.org

Issuer Name:

Common Name: dynamics-app.demo.org

Serial Number: 25 DB 71 55 7A 34 65 BB 45 F7 46 E9 BB D1 2A 72

Version: 3

Signature Algorithm: SHA-1 With RSA Encryption

Not Valid Before: Apr 11 22:13:58 2018 GMT
Not Valid After: Oct 11 22:13:58 2018 GMT

Public Key Info:

Algorithm: RSA Encryption
Key Length: 2048 bits
Public Key: 00 8C 66 3C 55 5C B6 02 40 B4 69 34 B1 AC 1A DC C8 C8 EA 2C
64 52 A1 06 A3 A1 50 44 57 85 AB F2 28 F7 39 2B 67 E7 E0 5C
9C 15 55 34 69 5E 79 42 16 D8 F5 85 DA 9C C8 7E 08 15 E4 F5
F9 85 E8 8F B1 E1 B2 4F E1 35 FD A7 BF 62 6B A8 A9 06 09 A6
FF 89 03 4A DC E1 CF E1 DA 26 48 1F A7 8A 9A D0 92 86 11 23
69 C5 B6 8F BC 25 4F D2 B7 B1 44 5C 0D E2 BC 8F 99 EE 00 AA
2D F7 7D 3E AF 29 00 08 0B 92 1E 51 B2 D7 87 39 C9 8A EA D1
19 FE 9E F7 45 0E 37 C0 F3 5C BC 78 77 32 92 64 61 13 AD C3
10 75 C3 80 1F AB 11 E6 B4 19 8C 1A 50 63 78 6B 9E 55 76 F0
8A 6A 38 1B 72 87 91 E5 70 D8 CD 7F C7 FA 59 6D C5 A6 EB DA
B8 E6 FA 89 0C EC 62 0E D1 13 AC 7A DE 0C D5 32 CB E1 46 9B
1D 63 70 2F 8B 88 9B AE DA F9 20 F0 C3 2B CC 1C D1 56 0D 4B
3C 08 FE 93 CE EA 89 C2 EF C1 38 FA 5D B3 0C AD 61
Exponent: 01 00 01

Signature Length: 256 bytes / 2048 bits
Signature: 00 00 D4 8E C3 F0 8E 67 B8 1C B1 C6 84 48 90 97 E0 76 38 87
B4 44 11 EE 32 63 98 D6 11 40 FB BC 35 C6 64 A1 DB E2 D5 53
6C 45 16 54 36 59 40 22 5D 56 76 68 EA 94 DF 5E 1B 85 7E 2B
7D 81 52 92 AD 30 5F A4 42 35 4F 0E B1 55 7C 9E 24 A0 4B 46
61 8C 4D E1 BD A1 A1 01 4D 76 6F 55 74 71 09 2C 04 99 0A F8
91 3E 7C 9C F6 16 31 F9 18 60 53 3A B3 DB C9 18 EE 11 0B 57
43 92 C8 55 05 B5 92 C4 BB 6A 41 90 A0 96 ED 6C 9A 0E 38 E0
B7 2A 23 80 37 68 B1 A4 AB DF 73 EB 58 DD 24 9B 92 48 C4 D6
0D 78 37 82 75 C2 D0 EF C1 94 26 25 6D 77 6A 9F EB 89 98 7E
E9 70 EF 56 F7 36 38 A8 76 92 30 D0 B3 EC 8E B9 0D 88 6A 8D
88 5E F3 57 70 63 98 CB C8 25 0F 41 A9 A5 7A 15 05 E5 E2 C1
1A E5 67 F8 C8 73 C8 7E 5B CE 97 90 1C 9F 5C 1C 5F 83 D8 77
61 18 FE 99 A2 D2 43 6A 65 34 B4 85 32 7F 59 A5 D4

Extension: Extended Key Usage (2.5.29.37)
Critical: 0
Purpose#1: Web Server Authentication (1.3.6.1.5.5.7.3.1)


Extension: Key Usage (2.5.29.15)
Critical: 0
Key Usage: Key Encipherment, Data Encipherment


Fingerprints :

SHA-256 Fingerprint: D9 60 C9 EF 01 D8 B4 2A 44 8E 58 B7 4F FC 77 9D 50 38 01 20
EC 31 11 0A 6A B7 D4 DA FC 2A 16 4A
SHA-1 Fingerprint: 7D D3 F7 DC 54 7E D8 16 58 C0 F4 F7 4F 2F 84 06 6B 08 8A 4B
MD5 Fingerprint: 3B A9 3B 62 9B C2 AA 18 E1 3C 7C 4E 6E 21 65 34

10.0.0.22 (tcp/48000)

Subject Name:

State/Province: /Rackspace/ordhub01/911751-427578
Organization: Rackspace
Organization Unit: ordhub01
Organization Unit: 911751-427578
Common Name: 127.0.0.1

Issuer Name:

State/Province: /Rackspace/ordhub01/911751-427578
Organization: Rackspace
Organization Unit: ordhub01
Organization Unit: 911751-427578
Common Name: 127.0.0.1

Serial Number: 2A

Version: 3

Signature Algorithm: SHA-1 With RSA Encryption

Not Valid Before: Apr 10 10:13:47 2018 GMT
Not Valid After: Apr 11 10:13:47 2019 GMT

Public Key Info:

Algorithm: RSA Encryption
Key Length: 2048 bits
Public Key: 00 C1 F4 E5 8F 9E F9 77 8B 67 95 E8 9E 3B AF 1A DB 69 D8 A0
67 1F E6 89 6D 1D 6F E5 13 2A 07 A2 68 91 5D F5 A3 1E E4 9D
90 F9 EC 0E E6 BB DF A6 33 A2 F3 50 AC 45 98 E3 10 5E 70 41
F4 E5 CF 66 5C D0 D8 C5 81 56 AE 85 E6 25 38 5A 4B B9 07 91
F8 A5 8E 1F FC 05 4D D3 6F 73 FE 80 E9 3E 2A 2B 36 74 D9 47
1C 72 DF B8 63 33 7E 27 50 C8 C0 54 2B F8 5A 71 D9 EA F8 9B
62 7C 58 51 EF 25 FA 18 50 63 3A 6D 4C E9 A5 C0 AC 40 70 CC
D2 B5 DE 4F 3D 5D EC DA 8A ED C9 52 E1 DD A9 0E B3 90 04 9D
87 F9 4F 56 6E 45 7D B7 10 93 F1 8D C6 A3 29 86 4F F3 A6 01
10 81 09 58 BA 2B AE 33 DD C5 A8 FE 6B 54 C6 E4 08 EB C5 BE
CB F2 F7 C7 F9 76 5D F6 8D 91 57 1C 87 49 81 FC 33 C5 2D 74
17 64 28 77 B6 EF 81 91 85 E0 37 72 82 25 9A 95 3A 28 4B 93
84 C2 C4 07 F4 B1 1D 45 26 5E 5E E8 5C AB 43 E7 89
Exponent: 01 00 01

Signature Length: 256 bytes / 2048 bits
Signature: 00 29 0B 3D A6 DC 86 BD 38 16 EA 28 7E 07 CA 64 CA 40 43 8F
DA F6 DB 64 C6 58 EB 01 38 E9 42 03 CA 61 C4 DA A4 10 4A 8F
0B 12 1F D5 5E B8 18 92 3B E8 CF F7 80 E8 3D F3 4C 9B 3E 94
5F 04 D7 BD 84 F1 B9 06 9E A4 77 90 A6 99 1E 1C 07 00 16 1F
FB 00 3C 7A BE 8A 69 64 E3 1F 33 02 1F F4 87 AD 58 BA 36 A8
58 3D 5D 65 31 B3 11 AC DB C4 47 DE B3 74 A7 87 68 FE E7 25
1D 6B BC 12 3E A1 E6 19 09 31 42 07 2C 1A EA F8 CF B2 20 7F
36 16 C7 C6 58 AB 53 EC 97 E1 8B EB DF 18 D0 CE 3C 3D 5F 70
5D 01 EE 5A 43 A6 D0 83 FA 9E B5 43 1D CE 7C 89 AE 7F 9A 71
42 66 08 20 E3 B4 4B B5 FA 62 6B DD 1C 07 CB 0E 08 B3 87 85
39 FD 3A 15 9A F2 C2 3D 86 8B 14 04 7B 8B 8A B9 98 E9 A0 CC
6D FE 45 58 84 66 58 95 D1 BE 86 B2 E3 28 00 D1 13 77 C6 AE
30 2D F1 35 32 C8 49 76 37 25 50 65 95 1F F7 68 30

Extension: Basic Constraints (2.5.29.19)
Critical: 1


Extension: Comment (2.16.840.1.113730.1.13)
Critical: 0
Comment: NMS Robot Generated Certificate (Generated by: OpenSSL 1.0.0c 2 Dec 2010)


Fingerprints :

SHA-256 Fingerprint: 39 BB C9 B3 96 52 87 0C 9E 81 5D BB 99 A2 B6 B6 BD 12 AD 24
B6 D1 A5 53 40 8F B7 7A FD 50 69 CF
SHA-1 Fingerprint: F5 8D 1A 45 8E FF 86 AE D1 D4 64 98 A2 EE DC FF 9E 3A 10 FD
MD5 Fingerprint: B8 C5 0E 9B CA 84 0E 12 B3 EB A4 73 B1 6F B2 75

10.0.0.22 (tcp/48001)

Subject Name:

State/Province: /n/a/n/a/n/a
Organization: n/a
Organization Unit: n/a
Organization Unit: n/a
Common Name: 127.0.0.1

Issuer Name:

State/Province: /n/a/n/a/n/a
Organization: n/a
Organization Unit: n/a
Organization Unit: n/a
Common Name: 127.0.0.1

Serial Number: 2A

Version: 3

Signature Algorithm: SHA-1 With RSA Encryption

Not Valid Before: Apr 10 10:30:22 2018 GMT
Not Valid After: Apr 11 10:30:22 2019 GMT

Public Key Info:

Algorithm: RSA Encryption
Key Length: 2048 bits
Public Key: 00 C3 6D C1 94 73 68 18 54 2E 72 4D 84 22 00 A3 15 F7 60 4C
06 3A 17 7D 70 77 3E 7F 17 FD 0D E4 5E F6 21 DF 66 B1 AA C5
E2 73 FD 19 22 8B A3 7D 84 3C 2D 4B 2D 3C AC A5 CD FA A0 86
DF 23 94 67 77 23 61 CF 23 88 7F 59 F8 32 37 2F 0D E0 4C 4A
8F 03 3D B2 53 05 B2 FD BA 81 E4 9C 73 B1 51 6E 44 96 BB A8
CD 0C 00 B9 55 31 8B 5A FC CD 0D 5D C2 77 6F 5C 1D C3 23 7C
A6 C3 44 2F 88 EF 69 3A 70 6C 6C DD 5F 0C B8 42 C5 77 54 B5
09 7B BB 84 37 AD D0 36 69 81 BE 6C 7B 62 10 F7 BF 12 FD 69
50 B6 3A 5D 90 12 8B 17 19 CF 87 F1 30 19 2B E7 DD 67 1A 83
D1 CA FF 97 0D C3 C6 63 54 81 12 6D B7 63 83 DB 31 C0 5B B2
24 26 E0 BF 00 83 07 DF 0C 5A 39 CD F8 5D C3 6D 70 65 18 0E
08 3A 03 E0 E9 53 57 85 4D 3F 49 AA 1A 45 20 00 F6 A8 00 D2
F5 02 7B 98 1A 37 7D 39 3B 42 6A F3 26 0E 6A 19 EB
Exponent: 01 00 01

Signature Length: 256 bytes / 2048 bits
Signature: 00 6A AC 31 B8 49 7D 24 61 00 7D 05 52 A3 86 21 9E 66 56 A8
E2 DF 61 C7 88 6F AD 2C 1B 02 5F 81 D4 EC 86 5B 7E 2C 37 1C
D2 E9 74 55 A2 A3 DF 5F AF C3 DA B0 41 5A 76 D7 11 96 29 6C
42 26 AB 95 63 49 F0 74 64 1B 1A 42 6C 53 16 92 C4 5E 1F 0B
84 EE A1 6A C8 14 E1 AD B5 79 78 AE 65 5A D3 A8 AB 72 54 6E
63 80 07 34 83 B7 73 E8 7E 96 BF 97 B6 49 F0 9A EB 33 E5 BF
1B C6 29 6C 9B 61 2A B9 E6 5D B0 95 77 5E 09 33 64 AD 21 18
CE 0D E5 1B F7 78 72 F9 38 E7 17 8F 95 B1 D6 4D 72 28 C2 72
E4 AC D4 5C E1 78 53 F9 77 21 AB 5F B2 33 19 E5 4E 86 EB 9D
3D 66 08 C2 84 A0 C2 C6 5D 21 6D 30 C7 87 E0 AC CC AD 90 3C
E0 C6 45 69 D7 D9 3B 3E CC 4B C3 2D 68 A9 02 B7 68 BB 39 F6
1E 2E 7F B6 13 B5 02 7F C4 E1 01 B5 26 A1 99 51 C9 6F D3 A3
80 6C FD 3C E0 1C 12 21 74 AE 5C EA BA 08 A3 2A 49

Extension: Basic Constraints (2.5.29.19)
Critical: 1


Extension: Comment (2.16.840.1.113730.1.13)
Critical: 0
Comment: NMS Robot Generated Certificate (Generated by: OpenSSL 1.0.0c 2 Dec 2010)


Fingerprints :

SHA-256 Fingerprint: 45 96 FD 91 30 50 34 87 3E 27 E2 63 4C EE 99 C1 3B 4F 2E EE
55 06 06 1A 2D D5 7A 30 95 C5 08 FC
SHA-1 Fingerprint: 83 68 7B 3A 70 F8 27 61 19 44 7F 4A B4 60 11 05 3D E6 23 16
MD5 Fingerprint: 51 DF 53 15 65 CF 99 CC 66 BB 74 00 36 BB 18 7B

10.0.0.25 (tcp/443)

Subject Name:

Common Name: demoSFDC01.demo.org

Issuer Name:

Common Name: demoSFDC01.demo.org

Serial Number: 1B 86 96 C1 74 6B C1 94 41 F0 5C 16 75 56 CD 02

Version: 3

Signature Algorithm: SHA-1 With RSA Encryption

Not Valid Before: Apr 05 20:02:05 2011 GMT
Not Valid After: Apr 05 00:00:00 2012 GMT

Public Key Info:

Algorithm: RSA Encryption
Key Length: 2048 bits
Public Key: 00 DD F9 F2 ED A9 8E BB 81 2F 26 C2 C0 D2 2F 49 01 05 E1 2F
44 93 37 07 73 1F 98 63 FE BD 98 55 C9 D0 70 DC 80 64 8C 12
34 D9 60 82 8E D5 C3 0C 5E 22 2A 9F 4C 53 B0 99 6E 60 A8 EF
93 7D CE 33 96 20 88 FB 22 EA 43 F5 48 D8 71 EB 52 E8 7E 9D
B2 2F 56 32 1D 46 6D BA DF 49 09 1B 25 D6 9C 29 44 AF 2D D4
4F B6 9C 6D C8 79 56 9B F0 5A 4B FD 02 18 B7 8A 87 5F 14 5D
5E B0 5E 2B D1 31 08 1C 31 F3 8C 18 9B FD 54 98 DD DA 2C AF
FE 88 1C AA 26 57 22 62 7B B6 3E E0 58 28 9C 69 91 D5 4F D7
8D E0 20 CD 59 D7 67 D9 7C 69 4C B6 77 FB 74 45 DB CE 58 C6
FA 89 C3 51 04 3B CC C0 93 4B 5E 83 84 27 05 C2 A6 F2 44 6E
30 F6 E7 CC 19 41 FE 9E 33 81 00 82 2D 9B 05 C6 D4 92 24 07
7E C1 A8 7B 21 11 6E 42 CE 2F 89 52 27 F0 33 BC 3F 53 B9 D9
79 FF BC 42 79 41 E4 C4 68 27 A9 0A 4D 2D 1F 59 0D
Exponent: 01 00 01

Signature Length: 256 bytes / 2048 bits
Signature: 00 D3 48 E8 B0 B0 9E E6 03 6E 92 02 84 DB 45 37 7C 7A 10 38
F0 07 54 68 88 1E 26 F0 1A 25 F8 55 20 4B 68 C7 CC CA 21 2A
30 27 12 AF C2 36 5F 2E AF C8 BB 53 F3 1F 86 F7 F1 6D 8A 8C
0B 9F 00 1C 24 D1 50 3D 0F B6 A9 DF D7 ED 15 C2 37 A9 67 BD
E6 66 7D 44 40 7E D5 15 C1 23 1E C2 F3 F1 82 81 96 F2 08 6F
12 3E 4D E9 64 A0 19 9F 7E D0 19 F3 29 6A CA 87 B2 E5 19 B8
9D BA 8D E2 A0 6C 44 34 7E 7E 77 13 84 78 33 B4 D0 70 62 66
13 6C 31 81 77 77 8C 77 B3 81 55 EF E9 16 ED 03 89 45 66 78
98 BC EB 9B 45 BC 8F E4 90 F0 92 40 59 D3 4F 56 3F A2 E7 C5
20 94 DC 6C 46 7A BB A9 BE AB 42 EF 37 67 3C 2D 72 92 50 F9
3D BF B0 AC 1B 0A ED E4 80 89 F9 61 18 1E 16 96 19 73 B3 24
93 15 13 72 AC 71 39 B5 47 92 77 25 E3 B8 2E 7B 87 3B F4 51
DA 21 E4 C2 19 58 87 79 35 46 3B FF 02 3B B9 A0 F8

Extension: Key Usage (2.5.29.15)
Critical: 0
Key Usage: Key Encipherment, Data Encipherment


Extension: Extended Key Usage (2.5.29.37)
Critical: 0
Purpose#1: Web Server Authentication (1.3.6.1.5.5.7.3.1)


Fingerprints :

SHA-256 Fingerprint: E4 BE 25 61 B6 37 88 10 3F 82 4B 64 05 BB 8B D2 5E 2E 5C 1D
A3 0F 3D C1 39 84 22 92 DE 77 83 38
SHA-1 Fingerprint: 28 6F 5A E5 CE 11 59 12 77 E5 52 55 36 D9 2A 30 DD B9 D7 F0
MD5 Fingerprint: AF 84 E9 13 43 C7 2B C5 49 8B 40 46 B7 DE 00 B5

10.0.0.25 (tcp/636)

Subject Name:

Common Name: demoSFDC01.demo.org

Issuer Name:

Common Name: demoSFDC01.demo.org

Serial Number: 1B 86 96 C1 74 6B C1 94 41 F0 5C 16 75 56 CD 02

Version: 3

Signature Algorithm: SHA-1 With RSA Encryption

Not Valid Before: Apr 05 20:02:05 2011 GMT
Not Valid After: Apr 05 00:00:00 2012 GMT

Public Key Info:

Algorithm: RSA Encryption
Key Length: 2048 bits
Public Key: 00 DD F9 F2 ED A9 8E BB 81 2F 26 C2 C0 D2 2F 49 01 05 E1 2F
44 93 37 07 73 1F 98 63 FE BD 98 55 C9 D0 70 DC 80 64 8C 12
34 D9 60 82 8E D5 C3 0C 5E 22 2A 9F 4C 53 B0 99 6E 60 A8 EF
93 7D CE 33 96 20 88 FB 22 EA 43 F5 48 D8 71 EB 52 E8 7E 9D
B2 2F 56 32 1D 46 6D BA DF 49 09 1B 25 D6 9C 29 44 AF 2D D4
4F B6 9C 6D C8 79 56 9B F0 5A 4B FD 02 18 B7 8A 87 5F 14 5D
5E B0 5E 2B D1 31 08 1C 31 F3 8C 18 9B FD 54 98 DD DA 2C AF
FE 88 1C AA 26 57 22 62 7B B6 3E E0 58 28 9C 69 91 D5 4F D7
8D E0 20 CD 59 D7 67 D9 7C 69 4C B6 77 FB 74 45 DB CE 58 C6
FA 89 C3 51 04 3B CC C0 93 4B 5E 83 84 27 05 C2 A6 F2 44 6E
30 F6 E7 CC 19 41 FE 9E 33 81 00 82 2D 9B 05 C6 D4 92 24 07
7E C1 A8 7B 21 11 6E 42 CE 2F 89 52 27 F0 33 BC 3F 53 B9 D9
79 FF BC 42 79 41 E4 C4 68 27 A9 0A 4D 2D 1F 59 0D
Exponent: 01 00 01

Signature Length: 256 bytes / 2048 bits
Signature: 00 D3 48 E8 B0 B0 9E E6 03 6E 92 02 84 DB 45 37 7C 7A 10 38
F0 07 54 68 88 1E 26 F0 1A 25 F8 55 20 4B 68 C7 CC CA 21 2A
30 27 12 AF C2 36 5F 2E AF C8 BB 53 F3 1F 86 F7 F1 6D 8A 8C
0B 9F 00 1C 24 D1 50 3D 0F B6 A9 DF D7 ED 15 C2 37 A9 67 BD
E6 66 7D 44 40 7E D5 15 C1 23 1E C2 F3 F1 82 81 96 F2 08 6F
12 3E 4D E9 64 A0 19 9F 7E D0 19 F3 29 6A CA 87 B2 E5 19 B8
9D BA 8D E2 A0 6C 44 34 7E 7E 77 13 84 78 33 B4 D0 70 62 66
13 6C 31 81 77 77 8C 77 B3 81 55 EF E9 16 ED 03 89 45 66 78
98 BC EB 9B 45 BC 8F E4 90 F0 92 40 59 D3 4F 56 3F A2 E7 C5
20 94 DC 6C 46 7A BB A9 BE AB 42 EF 37 67 3C 2D 72 92 50 F9
3D BF B0 AC 1B 0A ED E4 80 89 F9 61 18 1E 16 96 19 73 B3 24
93 15 13 72 AC 71 39 B5 47 92 77 25 E3 B8 2E 7B 87 3B F4 51
DA 21 E4 C2 19 58 87 79 35 46 3B FF 02 3B B9 A0 F8

Extension: Key Usage (2.5.29.15)
Critical: 0
Key Usage: Key Encipherment, Data Encipherment


Extension: Extended Key Usage (2.5.29.37)
Critical: 0
Purpose#1: Web Server Authentication (1.3.6.1.5.5.7.3.1)


Fingerprints :

SHA-256 Fingerprint: E4 BE 25 61 B6 37 88 10 3F 82 4B 64 05 BB 8B D2 5E 2E 5C 1D
A3 0F 3D C1 39 84 22 92 DE 77 83 38
SHA-1 Fingerprint: 28 6F 5A E5 CE 11 59 12 77 E5 52 55 36 D9 2A 30 DD B9 D7 F0
MD5 Fingerprint: AF 84 E9 13 43 C7 2B C5 49 8B 40 46 B7 DE 00 B5

10.0.0.25 (tcp/3269)

Subject Name:

Common Name: demoSFDC01.demo.org

Issuer Name:

Common Name: demoSFDC01.demo.org

Serial Number: 1B 86 96 C1 74 6B C1 94 41 F0 5C 16 75 56 CD 02

Version: 3

Signature Algorithm: SHA-1 With RSA Encryption

Not Valid Before: Apr 05 20:02:05 2011 GMT
Not Valid After: Apr 05 00:00:00 2012 GMT

Public Key Info:

Algorithm: RSA Encryption
Key Length: 2048 bits
Public Key: 00 DD F9 F2 ED A9 8E BB 81 2F 26 C2 C0 D2 2F 49 01 05 E1 2F
44 93 37 07 73 1F 98 63 FE BD 98 55 C9 D0 70 DC 80 64 8C 12
34 D9 60 82 8E D5 C3 0C 5E 22 2A 9F 4C 53 B0 99 6E 60 A8 EF
93 7D CE 33 96 20 88 FB 22 EA 43 F5 48 D8 71 EB 52 E8 7E 9D
B2 2F 56 32 1D 46 6D BA DF 49 09 1B 25 D6 9C 29 44 AF 2D D4
4F B6 9C 6D C8 79 56 9B F0 5A 4B FD 02 18 B7 8A 87 5F 14 5D
5E B0 5E 2B D1 31 08 1C 31 F3 8C 18 9B FD 54 98 DD DA 2C AF
FE 88 1C AA 26 57 22 62 7B B6 3E E0 58 28 9C 69 91 D5 4F D7
8D E0 20 CD 59 D7 67 D9 7C 69 4C B6 77 FB 74 45 DB CE 58 C6
FA 89 C3 51 04 3B CC C0 93 4B 5E 83 84 27 05 C2 A6 F2 44 6E
30 F6 E7 CC 19 41 FE 9E 33 81 00 82 2D 9B 05 C6 D4 92 24 07
7E C1 A8 7B 21 11 6E 42 CE 2F 89 52 27 F0 33 BC 3F 53 B9 D9
79 FF BC 42 79 41 E4 C4 68 27 A9 0A 4D 2D 1F 59 0D
Exponent: 01 00 01

Signature Length: 256 bytes / 2048 bits
Signature: 00 D3 48 E8 B0 B0 9E E6 03 6E 92 02 84 DB 45 37 7C 7A 10 38
F0 07 54 68 88 1E 26 F0 1A 25 F8 55 20 4B 68 C7 CC CA 21 2A
30 27 12 AF C2 36 5F 2E AF C8 BB 53 F3 1F 86 F7 F1 6D 8A 8C
0B 9F 00 1C 24 D1 50 3D 0F B6 A9 DF D7 ED 15 C2 37 A9 67 BD
E6 66 7D 44 40 7E D5 15 C1 23 1E C2 F3 F1 82 81 96 F2 08 6F
12 3E 4D E9 64 A0 19 9F 7E D0 19 F3 29 6A CA 87 B2 E5 19 B8
9D BA 8D E2 A0 6C 44 34 7E 7E 77 13 84 78 33 B4 D0 70 62 66
13 6C 31 81 77 77 8C 77 B3 81 55 EF E9 16 ED 03 89 45 66 78
98 BC EB 9B 45 BC 8F E4 90 F0 92 40 59 D3 4F 56 3F A2 E7 C5
20 94 DC 6C 46 7A BB A9 BE AB 42 EF 37 67 3C 2D 72 92 50 F9
3D BF B0 AC 1B 0A ED E4 80 89 F9 61 18 1E 16 96 19 73 B3 24
93 15 13 72 AC 71 39 B5 47 92 77 25 E3 B8 2E 7B 87 3B F4 51
DA 21 E4 C2 19 58 87 79 35 46 3B FF 02 3B B9 A0 F8

Extension: Key Usage (2.5.29.15)
Critical: 0
Key Usage: Key Encipherment, Data Encipherment


Extension: Extended Key Usage (2.5.29.37)
Critical: 0
Purpose#1: Web Server Authentication (1.3.6.1.5.5.7.3.1)


Fingerprints :

SHA-256 Fingerprint: E4 BE 25 61 B6 37 88 10 3F 82 4B 64 05 BB 8B D2 5E 2E 5C 1D
A3 0F 3D C1 39 84 22 92 DE 77 83 38
SHA-1 Fingerprint: 28 6F 5A E5 CE 11 59 12 77 E5 52 55 36 D9 2A 30 DD B9 D7 F0
MD5 Fingerprint: AF 84 E9 13 43 C7 2B C5 49 8B 40 46 B7 DE 00 B5

10.0.0.25 (tcp/3389)

Subject Name:

Common Name: demoSFDC01.demo.org

Issuer Name:

Common Name: demoSFDC01.demo.org

Serial Number: 2C 49 FF 18 15 5E 3E 96 46 43 0C AC 3A 37 CB 42

Version: 3

Signature Algorithm: SHA-1 With RSA Encryption

Not Valid Before: Mar 21 22:02:50 2018 GMT
Not Valid After: Sep 20 22:02:50 2018 GMT

Public Key Info:

Algorithm: RSA Encryption
Key Length: 2048 bits
Public Key: 00 A0 28 E3 1B 09 E6 19 31 70 44 16 14 8B 5E 08 16 92 0D F6
17 A1 75 25 6D 7A FE 01 A2 A9 A7 CE 4D AD 38 E7 36 B3 5A D6
B3 29 1E 97 C1 79 E1 5A 0B 12 81 D1 B4 6D A1 2B 51 66 B6 E3
C3 53 1D F7 BD 7A 08 4A 02 25 13 0E 94 77 9D 6B B1 18 24 C2
3F 18 47 18 2F 81 6B D3 B2 73 1A B4 85 AA 18 12 49 C3 EB DF
21 D2 3A A9 4D B3 A7 F0 03 87 46 A9 45 A8 EF 2D 33 CE E2 8C
79 DB D8 A8 00 EE 7A 33 2C 25 F6 6C 40 A0 5C 7F 59 02 94 CE
7B EE A6 63 87 45 11 B0 E7 63 92 F3 04 A3 89 24 D3 09 33 6D
85 83 A3 58 03 CA FE 1A 2E F9 00 E9 D4 C0 17 65 52 7E 2E 51
4A 0B 02 44 33 02 82 EF D1 12 2F AD A7 8F C3 71 7E 06 F9 62
FC 5D 5E 5F 38 52 BF C3 2F D8 E1 66 E9 9F E0 14 68 A0 21 C4
31 ED 4E 7F 92 42 81 D5 01 DF C3 19 78 B9 E5 6B CE 2A C4 A3
37 3B 59 C1 02 2E CA 20 8A 18 3B 9C 2B 99 43 21 D9
Exponent: 01 00 01

Signature Length: 256 bytes / 2048 bits
Signature: 00 60 62 61 C4 99 D8 4F 36 E0 E0 AE 08 52 4B CB EA FB 87 5A
C6 00 88 B0 E5 EF 47 8C E0 4D 5E D6 B9 4F 06 C2 0E 18 0A AD
DC FB 6D 9B CB 9A D1 D9 D6 64 B3 4D 1C F4 C5 7B 22 4A A8 BF
0B 69 6B 1B 52 56 E5 81 7E 41 F9 97 62 DE 60 1A AB D0 23 CB
3B 40 A0 2A 80 1B 80 47 CC CE 67 85 DD 28 BA 36 71 B0 6B D3
49 C4 59 16 84 BA FD 22 2B 9B 71 E1 78 7F AE 5E 12 8A E2 6F
B4 33 6A C9 62 5F 19 77 72 F0 FE CC 52 BB 3D 72 3E BF 3D 2F
7C 44 5A 9E E1 F5 E3 81 E9 B9 D7 CD 3B 44 D8 37 95 EC 5F 92
A9 95 6A 0A A6 A2 BC BA 99 C8 DC 4D 64 5B 75 7B 4A 3E 80 5F
BB C6 4F 09 14 72 67 99 F6 53 21 09 99 1B D2 B5 78 03 0F C2
45 26 F5 9F 95 F0 E2 FE 87 0A 58 EE AE 5E AE D1 88 8C DA 8E
2F 47 B6 65 31 CD 57 0F 42 8D 11 79 48 DF 3E 9B 60 84 34 EC
2D 84 C6 1F 90 10 3C D0 31 EB 36 47 94 61 60 70 40

Extension: Extended Key Usage (2.5.29.37)
Critical: 0
Purpose#1: Web Server Authentication (1.3.6.1.5.5.7.3.1)


Extension: Key Usage (2.5.29.15)
Critical: 0
Key Usage: Key Encipherment, Data Encipherment


Fingerprints :

SHA-256 Fingerprint: FB 03 FD 40 65 76 EC 71 13 C8 D7 79 C5 65 50 87 48 9D 48 7D
C5 09 C0 40 69 ED B7 BC ED DE 1E 68
SHA-1 Fingerprint: 3E 13 1D 0C 80 A9 95 A6 A1 34 C2 43 65 04 B4 95 30 72 E6 3F
MD5 Fingerprint: C5 04 23 82 40 16 4C 10 D1 FD 33 D8 B5 F8 74 A5

10.0.0.27 (tcp/636)

Subject Name:

Common Name: demoSFDC02.demo.org

Issuer Name:

Domain Component: org
Domain Component: demo
Common Name: demo-demoSFDC01-CA

Serial Number: 3D E0 28 BF 00 00 00 00 00 80

Version: 3

Signature Algorithm: SHA-1 With RSA Encryption

Not Valid Before: Mar 22 16:24:36 2016 GMT
Not Valid After: Mar 22 20:54:12 2016 GMT

Public Key Info:

Algorithm: RSA Encryption
Key Length: 1024 bits
Public Key: 00 9B 54 FA 45 D2 29 D1 3C D3 83 B7 7B 34 B7 52 68 EA 67 DF
66 5B 7E 6C A6 0B F2 E2 FA 5B 64 E9 6A 17 AB 95 E2 9D E7 28
5E 5E BC 23 D1 61 CC D1 7B 17 ED 13 8F 06 1B 03 D5 08 F2 EE
31 A6 0F 26 90 80 96 98 3F 2E 79 5E 92 89 EB 23 B0 DB E9 57
E8 52 2B 2B 70 6C 35 34 A5 DA 8C F1 5B E7 A8 53 D6 93 F0 BB
8D F4 86 5D 51 08 D9 2D 48 B6 DB F7 AD 63 DF 5C 7F 8A B5 E6
5A 56 4B 00 C2 34 2E A6 93
Exponent: 01 00 01

Signature Length: 256 bytes / 2048 bits
Signature: 00 35 1A 6B 66 D0 98 D1 30 7D E1 30 1F E4 1D 85 76 0B F8 F3
1F C1 68 75 FD F7 E8 26 A5 2A 9C 48 0B BB 0F 45 75 1D 39 6B
64 15 E7 79 7C F0 3B 60 01 07 9C 8E ED E3 51 19 B9 F3 0B BB
55 A1 9B 7E 60 C7 BD D4 74 87 83 1B B5 F1 A1 C7 5D 96 6C 68
1A 40 03 BB 94 73 F8 37 57 D4 4B AA 5A 5E C3 3F 9E 55 78 07
3D 86 E4 3B C1 A3 51 0E 46 EB 3B 05 3E 22 55 33 B1 37 5D D1
98 4C 0C CB 5A 4A A6 B3 4D D3 9E 3B 93 04 57 9E 86 3D A1 FD
34 21 17 63 B0 82 DC 59 B8 BC 6C 76 D4 0B 69 1F C4 EB 18 0D
BE B0 12 13 61 5F 8F 19 88 A3 2D 51 D7 6B 61 84 83 90 83 25
00 17 C6 C5 AF 42 D1 82 98 21 20 AE 10 E5 ED 82 16 84 3F 70
5B FD 6F CC D1 4B 74 CC 98 1F 46 71 A2 A2 05 28 B7 98 0D C9
C8 33 FC D4 C7 B3 60 FF 12 54 78 06 CE BD 04 BC B9 FB 04 A7
A8 C6 24 04 9F CD FB D8 9C DF 1A EA 84 D8 06 9E 49

Extension: Certificate Template Name (1.3.6.1.4.1.311.20.2)
Critical: 0
Template: DomainController


Extension: Extended Key Usage (2.5.29.37)
Critical: 0
Purpose#1: Web Client Authentication (1.3.6.1.5.5.7.3.2)
Purpose#2: Web Server Authentication (1.3.6.1.5.5.7.3.1)


Extension: Key Usage (2.5.29.15)
Critical: 0
Key Usage: Digital Signature, Key Encipherment


Extension: S/MIME Capabilities (1.2.840.113549.1.9.15)
Critical: 0
Data: 30 69 30 0E 06 08 2A 86 48 86 F7 0D 03 02 02 02 00 80 30 0E
06 08 2A 86 48 86 F7 0D 03 04 02 02 00 80 30 0B 06 09 60 86
48 01 65 03 04 01 2A 30 0B 06 09 60 86 48 01 65 03 04 01 2D
30 0B 06 09 60 86 48 01 65 03 04 01 02 30 0B 06 09 60 86 48
01 65 03 04 01 05 30 07 06 05 2B 0E 03 02 07 30 0A 06 08 2A
86 48 86 F7 0D 03 07


Extension: Subject Key Identifier (2.5.29.14)
Critical: 0
Subject Key Identifier: 0D 23 47 3A CC 21 D3 52 71 52 CC 34 A9 7D E5 52 11 B5 F3 6B


Extension: Authority Key Identifier (2.5.29.35)
Critical: 0
Key Identifier: EB D9 F1 31 C8 F9 E5 E6 AD 58 A7 57 B4 2C A2 76 DC E6 AD 09


Extension: CRL Distribution Points (2.5.29.31)
Critical: 0
URI: ldap:///CN=demo-demoSFDC01-CA,CN=demoSFDC01,CN=CDP,CN=Public%20Key%20Services,CN=Services,CN=Configuration,DC=demo,DC=org?certificateRevocationList?base?objectClass=cRLDistributionPoint


Extension: Authority Information Access (1.3.6.1.5.5.7.1.1)
Critical: 0
Method#1: Certificate Authority Issuers
URI: ldap:///CN=demo-demoSFDC01-CA,CN=AIA,CN=Public%20Key%20Services,CN=Services,CN=Configuration,DC=demo,DC=org?cACertificate?base?objectClass=certificationAuthority


Extension: Subject Alternative Name (2.5.29.17)
Critical: 0
Other Name: 06 09 2B 06 01 04 01 82 37 19 01 A0 12 04 10 20 1D 46 4C 71
E4 AA 4F BC 6D EF 5C 58 B6 0D 1D
DNS: demoSFDC02.demo.org


Fingerprints :

SHA-256 Fingerprint: AA 12 26 C0 A2 6B 43 B3 D1 08 5B 45 73 00 61 FA 53 55 6C 7F
43 F3 A9 AE 61 E0 EE 01 98 DA D7 71
SHA-1 Fingerprint: A7 BE 50 3D 52 D0 D7 21 1E 35 4D C3 EB 27 7D 49 0E 15 92 77
MD5 Fingerprint: BB 53 D4 49 5A 68 96 F2 DB 75 04 D2 B1 AE 4C 0A

10.0.0.27 (tcp/3269)

Subject Name:

Common Name: demoSFDC02.demo.org

Issuer Name:

Domain Component: org
Domain Component: demo
Common Name: demo-demoSFDC01-CA

Serial Number: 3D E0 28 BF 00 00 00 00 00 80

Version: 3

Signature Algorithm: SHA-1 With RSA Encryption

Not Valid Before: Mar 22 16:24:36 2016 GMT
Not Valid After: Mar 22 20:54:12 2016 GMT

Public Key Info:

Algorithm: RSA Encryption
Key Length: 1024 bits
Public Key: 00 9B 54 FA 45 D2 29 D1 3C D3 83 B7 7B 34 B7 52 68 EA 67 DF
66 5B 7E 6C A6 0B F2 E2 FA 5B 64 E9 6A 17 AB 95 E2 9D E7 28
5E 5E BC 23 D1 61 CC D1 7B 17 ED 13 8F 06 1B 03 D5 08 F2 EE
31 A6 0F 26 90 80 96 98 3F 2E 79 5E 92 89 EB 23 B0 DB E9 57
E8 52 2B 2B 70 6C 35 34 A5 DA 8C F1 5B E7 A8 53 D6 93 F0 BB
8D F4 86 5D 51 08 D9 2D 48 B6 DB F7 AD 63 DF 5C 7F 8A B5 E6
5A 56 4B 00 C2 34 2E A6 93
Exponent: 01 00 01

Signature Length: 256 bytes / 2048 bits
Signature: 00 35 1A 6B 66 D0 98 D1 30 7D E1 30 1F E4 1D 85 76 0B F8 F3
1F C1 68 75 FD F7 E8 26 A5 2A 9C 48 0B BB 0F 45 75 1D 39 6B
64 15 E7 79 7C F0 3B 60 01 07 9C 8E ED E3 51 19 B9 F3 0B BB
55 A1 9B 7E 60 C7 BD D4 74 87 83 1B B5 F1 A1 C7 5D 96 6C 68
1A 40 03 BB 94 73 F8 37 57 D4 4B AA 5A 5E C3 3F 9E 55 78 07
3D 86 E4 3B C1 A3 51 0E 46 EB 3B 05 3E 22 55 33 B1 37 5D D1
98 4C 0C CB 5A 4A A6 B3 4D D3 9E 3B 93 04 57 9E 86 3D A1 FD
34 21 17 63 B0 82 DC 59 B8 BC 6C 76 D4 0B 69 1F C4 EB 18 0D
BE B0 12 13 61 5F 8F 19 88 A3 2D 51 D7 6B 61 84 83 90 83 25
00 17 C6 C5 AF 42 D1 82 98 21 20 AE 10 E5 ED 82 16 84 3F 70
5B FD 6F CC D1 4B 74 CC 98 1F 46 71 A2 A2 05 28 B7 98 0D C9
C8 33 FC D4 C7 B3 60 FF 12 54 78 06 CE BD 04 BC B9 FB 04 A7
A8 C6 24 04 9F CD FB D8 9C DF 1A EA 84 D8 06 9E 49

Extension: Certificate Template Name (1.3.6.1.4.1.311.20.2)
Critical: 0
Template: DomainController


Extension: Extended Key Usage (2.5.29.37)
Critical: 0
Purpose#1: Web Client Authentication (1.3.6.1.5.5.7.3.2)
Purpose#2: Web Server Authentication (1.3.6.1.5.5.7.3.1)


Extension: Key Usage (2.5.29.15)
Critical: 0
Key Usage: Digital Signature, Key Encipherment


Extension: S/MIME Capabilities (1.2.840.113549.1.9.15)
Critical: 0
Data: 30 69 30 0E 06 08 2A 86 48 86 F7 0D 03 02 02 02 00 80 30 0E
06 08 2A 86 48 86 F7 0D 03 04 02 02 00 80 30 0B 06 09 60 86
48 01 65 03 04 01 2A 30 0B 06 09 60 86 48 01 65 03 04 01 2D
30 0B 06 09 60 86 48 01 65 03 04 01 02 30 0B 06 09 60 86 48
01 65 03 04 01 05 30 07 06 05 2B 0E 03 02 07 30 0A 06 08 2A
86 48 86 F7 0D 03 07


Extension: Subject Key Identifier (2.5.29.14)
Critical: 0
Subject Key Identifier: 0D 23 47 3A CC 21 D3 52 71 52 CC 34 A9 7D E5 52 11 B5 F3 6B


Extension: Authority Key Identifier (2.5.29.35)
Critical: 0
Key Identifier: EB D9 F1 31 C8 F9 E5 E6 AD 58 A7 57 B4 2C A2 76 DC E6 AD 09


Extension: CRL Distribution Points (2.5.29.31)
Critical: 0
URI: ldap:///CN=demo-demoSFDC01-CA,CN=demoSFDC01,CN=CDP,CN=Public%20Key%20Services,CN=Services,CN=Configuration,DC=demo,DC=org?certificateRevocationList?base?objectClass=cRLDistributionPoint


Extension: Authority Information Access (1.3.6.1.5.5.7.1.1)
Critical: 0
Method#1: Certificate Authority Issuers
URI: ldap:///CN=demo-demoSFDC01-CA,CN=AIA,CN=Public%20Key%20Services,CN=Services,CN=Configuration,DC=demo,DC=org?cACertificate?base?objectClass=certificationAuthority


Extension: Subject Alternative Name (2.5.29.17)
Critical: 0
Other Name: 06 09 2B 06 01 04 01 82 37 19 01 A0 12 04 10 20 1D 46 4C 71
E4 AA 4F BC 6D EF 5C 58 B6 0D 1D
DNS: demoSFDC02.demo.org


Fingerprints :

SHA-256 Fingerprint: AA 12 26 C0 A2 6B 43 B3 D1 08 5B 45 73 00 61 FA 53 55 6C 7F
43 F3 A9 AE 61 E0 EE 01 98 DA D7 71
SHA-1 Fingerprint: A7 BE 50 3D 52 D0 D7 21 1E 35 4D C3 EB 27 7D 49 0E 15 92 77
MD5 Fingerprint: BB 53 D4 49 5A 68 96 F2 DB 75 04 D2 B1 AE 4C 0A

10.0.0.27 (tcp/3389)

Subject Name:

Common Name: demosfdc02.demo.org

Issuer Name:

Common Name: demosfdc02.demo.org

Serial Number: 66 19 62 9D 25 8E 83 A4 4E C5 97 DA 18 19 5D EA

Version: 3

Signature Algorithm: SHA-1 With RSA Encryption

Not Valid Before: Mar 28 10:01:59 2018 GMT
Not Valid After: Sep 27 10:01:59 2018 GMT

Public Key Info:

Algorithm: RSA Encryption
Key Length: 2048 bits
Public Key: 00 AB C6 66 A7 6D 4D 96 F0 CE C2 5C FA 7E AE B7 84 55 59 54
34 F6 50 15 1C C1 A4 AD D5 1E C3 F1 25 79 BA F9 63 D9 FA F7
C9 50 D6 F7 B9 5D B9 45 C8 34 48 37 3F 59 5F 8E 54 DE A3 28
EB 24 4E 16 5E A9 58 E7 84 CC C7 91 FF D3 BB D4 A5 E0 AB 8B
8B B2 A5 11 C2 F8 69 2F CC 33 7B 3B F9 8C 44 FB A7 FE 83 0C
6F E6 A4 D8 66 E5 6A 94 3C CE 56 65 53 6B F5 98 49 90 8F 91
76 37 D0 BE C4 F8 AC 3F 1B 32 F2 2D 6F CF 55 0F B2 90 26 CF
E2 22 8B F9 05 4D 7D 5C 87 A0 28 B9 61 DC 90 D3 BA 89 12 73
FF 8F DC 9C 38 94 B2 B9 D8 CF 92 C3 75 AC CA D5 B2 BB 4C 48
66 0C DE 5D 22 01 E7 CA 4C C2 C8 86 B1 96 C2 27 74 EE 53 79
24 CF 2E 77 96 CF 1E BE 93 C5 2A 67 1E A4 D1 63 45 4F 40 45
D5 53 1C B4 9F 6B E8 04 EF D4 AF 1E 89 53 29 54 FF 27 31 26
AD 9A 8B 82 43 5E 43 3D F7 3B D1 61 28 3C 54 33 1B
Exponent: 01 00 01

Signature Length: 256 bytes / 2048 bits
Signature: 00 61 33 3A C0 A7 09 A8 F0 2E B9 BF 58 5E B6 C9 CF 3E 26 C9
9A B8 14 9A 32 86 D0 D5 43 B4 3E 0A 10 94 9C 8F E5 C4 48 75
16 2E 8C 3B 8C B3 5B 3E 90 AA 7D 45 14 C5 B3 E6 27 0A AC AA
04 40 B2 9F 65 0D 59 E0 B1 86 90 B7 24 5E 32 E8 80 F5 D3 3F
97 F2 85 8B DB 91 A5 6A BA D0 18 90 6E FB C6 D0 D9 14 DE 0B
02 4C 29 2F D9 83 41 55 3E 9F D4 6D 8A A5 59 78 25 F4 7D 0F
A2 5E AC 19 16 26 BC 5A 01 29 64 DB F8 A7 C8 98 0B F7 1C B2
39 4D 64 E2 AE 20 0E CC E7 88 E0 55 E7 7E A3 72 B8 03 31 E5
AC 3A F9 14 92 10 F9 44 CE 5F B3 01 C0 F5 DB F5 4B 3A F0 FD
DE 3D 22 C5 0F DE 4D BD 2C 77 BB 3B E0 F0 39 51 D2 37 A1 8E
2C 90 93 4F 34 88 FE 0A B6 D0 EE 2E 53 F0 BA 1A C1 2E B2 5B
9E 31 2D CB 55 F0 A6 5A 88 5F 90 AB 27 27 E7 BC 07 0D 12 BB
99 74 15 D5 DE 21 E1 DC E5 DD 91 C6 4A FA F8 21 BA

Extension: Extended Key Usage (2.5.29.37)
Critical: 0
Purpose#1: Web Server Authentication (1.3.6.1.5.5.7.3.1)


Extension: Key Usage (2.5.29.15)
Critical: 0
Key Usage: Key Encipherment, Data Encipherment


Fingerprints :

SHA-256 Fingerprint: 34 6B 18 A5 A1 55 FF 01 7B 33 14 32 74 EA 22 26 85 91 CB 3B
75 64 17 45 31 AF ED 25 DB F0 39 6E
SHA-1 Fingerprint: 3F 4F 16 46 E9 D3 BF CB 91 FA 4C 04 B0 CF 62 87 CB 79 0B 26
MD5 Fingerprint: 58 AA E4 34 53 60 73 6B D4 AC 1C A0 C7 6C F5 C4

10.0.0.43 (tcp/443)

Subject Name:

Common Name: ILOMXQ0420GGM.demo.org
Organization Unit: ISS
Organization: Hewlett-Packard Company
Locality: Houston
State/Province: Texas
Country: US

Issuer Name:

Country: US
State/Province: TX
Locality: Houston
Organization: Hewlett-Packard Company
Organization Unit: ISS
Common Name: iLO3 Default Issuer (Do not trust)

Serial Number: 4D 3E C6 7C

Version: 3

Signature Algorithm: SHA-1 With RSA Encryption

Not Valid Before: Jan 24 11:47:56 2011 GMT
Not Valid After: Jan 25 12:47:56 2036 GMT

Public Key Info:

Algorithm: RSA Encryption
Key Length: 1024 bits
Public Key: 00 F3 4C 53 37 DA C7 AF 8E BC 66 A1 71 89 9B AD 60 D9 8A D4
44 06 7A 56 16 88 3A 86 EF CE 34 63 AD 74 E3 F5 EA 72 37 71
FC C9 9B 3C 4B F8 23 11 DE 2D F7 59 D8 34 77 E6 6E FC 8D 29
5E BC EB F3 72 FD 5E E9 52 19 A7 1B 21 AC 23 2D 19 3B D5 5B
8D 1A 1D C2 6A 96 41 B5 55 F3 9D FB C3 0B 9D 05 D0 C2 28 A5
BD 78 54 04 83 C9 7A 13 B0 8F 49 F4 BB D9 86 23 0C ED 7A F3
02 5B EB 48 68 00 EE 83 55
Exponent: 01 00 01

Signature Length: 128 bytes / 1024 bits
Signature: 00 83 68 2B 9C 68 41 1E 8D 6F 5C B1 35 A4 85 2E 2E DB 79 B2
0C 0A 9C DD 4B E0 CB B2 46 2D 85 72 D9 70 6C 34 B1 42 C6 7A
4D 57 71 93 A9 3B 4E B5 1B 23 D7 D8 28 A3 35 E0 01 68 35 7B
C4 7D 81 0F 41 F2 9C E9 3F DB A7 3D 1D 43 07 D8 BB E4 4D 5E
22 55 61 73 B9 1D 6D 63 31 99 F0 6A 86 EB 4A 5C 94 85 85 AA
68 CC BA 01 A3 51 4B 80 B1 1A ED E4 C0 C0 47 67 45 4A 06 68
9D 8C 1D F9 EE 87 D9 40 F3

Extension: Authority Key Identifier (2.5.29.35)
Critical: 0


Extension: Key Usage (2.5.29.15)
Critical: 0
Key Usage: Decipher Only


Extension: Subject Alternative Name (2.5.29.17)
Critical: 0
DNS: ILOMXQ0420GGM
DNS: ILOMXQ0420GGM.demo.org


Fingerprints :

SHA-256 Fingerprint: 70 52 53 05 B9 ED D8 A0 72 A9 0C 1D 0C C9 41 0A FB 88 21 38
18 15 63 E8 8E 4E 4E A1 8F 9A 6C EB
SHA-1 Fingerprint: 27 70 A1 1E A8 3F C7 96 F9 5B 0E 3E 51 B5 5E 28 F8 F7 23 10
MD5 Fingerprint: D0 E1 28 B7 74 2B 6C A4 01 10 42 4E 29 87 B7 D3

10.0.0.44 (tcp/443)

Subject Name:

Country: US
State/Province: California
Locality: Palo Alto
Organization: VMware, Inc
Organization Unit: VMware ESX Server Default Certificate
Email Address: ssl-certificates@vmware.com
Common Name: sf-dgllgt1.demo.org
Unstructured Name: 1417891635,564d7761726520496e632e

Issuer Name:

Organization: VMware Installer

Serial Number: 00 9E B4 E0 5C 1D 52

Version: 3

Signature Algorithm: SHA-256 With RSA Encryption

Not Valid Before: Dec 06 18:47:16 2014 GMT
Not Valid After: Jun 06 18:47:16 2026 GMT

Public Key Info:

Algorithm: RSA Encryption
Key Length: 2048 bits
Public Key: 00 EA C6 E0 CB A5 56 A7 2D A2 6A 8B DE 22 F6 86 AC A2 DA D9
58 86 AE 45 0B D7 53 F9 84 48 3D 40 1B A4 48 A4 92 32 13 11
00 F6 BF C7 A0 23 D3 A1 D4 46 7E 4D 01 FB 0C F1 0D F3 F8 B4
3F C6 B7 26 0A BF 57 74 9A B8 45 B9 CE BC 30 F6 A6 1F 94 A6
4D 99 66 97 92 12 BC 39 C4 D0 B0 5D C5 4D 86 A8 FE E5 24 AA
12 94 83 49 07 80 54 77 57 F8 DF 42 76 09 49 F5 FE C9 F8 D9
00 2B 41 AD A6 3B 14 C3 8B 30 E6 A0 AF A8 55 AB 7F E9 10 77
50 D6 C5 B1 94 DB ED D3 95 77 61 C3 F8 87 73 8A 9C 79 31 AE
9F 21 C1 26 B8 65 E6 76 36 65 DF 74 E0 83 97 82 F5 5C BE 8B
BA 36 D2 1B 03 87 72 19 99 44 C7 A9 FC BC 58 3C 9F 6B D9 67
E4 D8 39 43 82 8B 1A CD F4 74 E9 EA 5B 90 21 F3 67 85 08 E2
7F 5C 20 D1 25 D5 0D 5E 3B 19 69 6E 4C 7E 11 2D 8E 66 32 63
C2 27 4D D7 86 7E 1D 4F 83 16 54 99 18 EC 4D 00 4F
Exponent: 01 00 01

Signature Length: 256 bytes / 2048 bits
Signature: 00 69 3B 3B F1 6E 65 96 1C F2 DC C9 CD 3C 61 25 03 F0 9B 6F
CF FC 63 26 4E 8A 0C 79 B2 88 6C 2A 4B 5C 13 D5 7C BE CA 58
F6 DD 41 68 F5 C2 3E 88 C3 2E 5D 92 2E 9E 9C E3 69 9B 28 32
F4 DD 2E 02 9A 78 57 95 91 E0 88 D3 CA 5B 77 ED 18 19 1F C3
9B 36 3C 5E 41 CE 15 84 34 8D E6 0D B1 A7 FB C1 9B 7F 32 95
48 6E E9 C5 3E 5B 52 20 70 24 67 69 0C B1 58 2B 2A 9A C7 AD
10 78 45 3D 71 A4 29 26 2C 1D 96 BA 37 AD C6 53 9D FA F6 E7
2C CA 1E AF 59 61 9B 8C 3C EE 2D 76 B6 79 63 C8 06 60 14 86
4A 19 4B B9 30 64 C2 0E EA DE CC 82 7A 84 E0 99 70 9D FA 44
AF 7D 0B DD AE C3 28 77 37 DB 63 BE 2A DC 8B 53 E4 9A 91 37
6F 39 B2 95 26 83 F0 65 62 20 01 39 2A BA 12 64 65 13 94 9F
B4 41 D5 FA 4C F0 E2 38 AA 7C A5 4A E8 F5 DB 84 75 C1 D3 F1
71 0C 35 9A 35 65 BA 55 F8 C5 32 8B 9E 81 3F 9A 5C

Extension: Basic Constraints (2.5.29.19)
Critical: 0


Extension: Key Usage (2.5.29.15)
Critical: 0
Key Usage: Digital Signature, Key Encipherment, Data Encipherment


Extension: Extended Key Usage (2.5.29.37)
Critical: 0
Purpose#1: Web Server Authentication (1.3.6.1.5.5.7.3.1)
Purpose#2: Web Client Authentication (1.3.6.1.5.5.7.3.2)


Extension: Subject Alternative Name (2.5.29.17)
Critical: 0
DNS: sf-dgllgt1.demo.org


Fingerprints :

SHA-256 Fingerprint: 7A 70 72 46 BA A4 6F D1 04 83 D9 34 D1 91 EE 22 00 CA C8 7A
08 3A E2 50 3A 01 D0 03 B8 47 34 1A
SHA-1 Fingerprint: A9 5F 16 56 D2 4B CC 8A B7 E6 08 ED C6 65 BD 0D D7 8B C9 93
MD5 Fingerprint: 09 6A A4 84 24 60 C5 52 C4 6F A4 A5 21 48 64 AD

10.0.0.44 (tcp/5989)

Subject Name:

Country: US
State/Province: California
Locality: Palo Alto
Organization: VMware, Inc
Organization Unit: VMware ESX Server Default Certificate
Email Address: ssl-certificates@vmware.com
Common Name: sf-dgllgt1.demo.org
Unstructured Name: 1417891635,564d7761726520496e632e

Issuer Name:

Organization: VMware Installer

Serial Number: 00 9E B4 E0 5C 1D 52

Version: 3

Signature Algorithm: SHA-256 With RSA Encryption

Not Valid Before: Dec 06 18:47:16 2014 GMT
Not Valid After: Jun 06 18:47:16 2026 GMT

Public Key Info:

Algorithm: RSA Encryption
Key Length: 2048 bits
Public Key: 00 EA C6 E0 CB A5 56 A7 2D A2 6A 8B DE 22 F6 86 AC A2 DA D9
58 86 AE 45 0B D7 53 F9 84 48 3D 40 1B A4 48 A4 92 32 13 11
00 F6 BF C7 A0 23 D3 A1 D4 46 7E 4D 01 FB 0C F1 0D F3 F8 B4
3F C6 B7 26 0A BF 57 74 9A B8 45 B9 CE BC 30 F6 A6 1F 94 A6
4D 99 66 97 92 12 BC 39 C4 D0 B0 5D C5 4D 86 A8 FE E5 24 AA
12 94 83 49 07 80 54 77 57 F8 DF 42 76 09 49 F5 FE C9 F8 D9
00 2B 41 AD A6 3B 14 C3 8B 30 E6 A0 AF A8 55 AB 7F E9 10 77
50 D6 C5 B1 94 DB ED D3 95 77 61 C3 F8 87 73 8A 9C 79 31 AE
9F 21 C1 26 B8 65 E6 76 36 65 DF 74 E0 83 97 82 F5 5C BE 8B
BA 36 D2 1B 03 87 72 19 99 44 C7 A9 FC BC 58 3C 9F 6B D9 67
E4 D8 39 43 82 8B 1A CD F4 74 E9 EA 5B 90 21 F3 67 85 08 E2
7F 5C 20 D1 25 D5 0D 5E 3B 19 69 6E 4C 7E 11 2D 8E 66 32 63
C2 27 4D D7 86 7E 1D 4F 83 16 54 99 18 EC 4D 00 4F
Exponent: 01 00 01

Signature Length: 256 bytes / 2048 bits
Signature: 00 69 3B 3B F1 6E 65 96 1C F2 DC C9 CD 3C 61 25 03 F0 9B 6F
CF FC 63 26 4E 8A 0C 79 B2 88 6C 2A 4B 5C 13 D5 7C BE CA 58
F6 DD 41 68 F5 C2 3E 88 C3 2E 5D 92 2E 9E 9C E3 69 9B 28 32
F4 DD 2E 02 9A 78 57 95 91 E0 88 D3 CA 5B 77 ED 18 19 1F C3
9B 36 3C 5E 41 CE 15 84 34 8D E6 0D B1 A7 FB C1 9B 7F 32 95
48 6E E9 C5 3E 5B 52 20 70 24 67 69 0C B1 58 2B 2A 9A C7 AD
10 78 45 3D 71 A4 29 26 2C 1D 96 BA 37 AD C6 53 9D FA F6 E7
2C CA 1E AF 59 61 9B 8C 3C EE 2D 76 B6 79 63 C8 06 60 14 86
4A 19 4B B9 30 64 C2 0E EA DE CC 82 7A 84 E0 99 70 9D FA 44
AF 7D 0B DD AE C3 28 77 37 DB 63 BE 2A DC 8B 53 E4 9A 91 37
6F 39 B2 95 26 83 F0 65 62 20 01 39 2A BA 12 64 65 13 94 9F
B4 41 D5 FA 4C F0 E2 38 AA 7C A5 4A E8 F5 DB 84 75 C1 D3 F1
71 0C 35 9A 35 65 BA 55 F8 C5 32 8B 9E 81 3F 9A 5C

Extension: Basic Constraints (2.5.29.19)
Critical: 0


Extension: Key Usage (2.5.29.15)
Critical: 0
Key Usage: Digital Signature, Key Encipherment, Data Encipherment


Extension: Extended Key Usage (2.5.29.37)
Critical: 0
Purpose#1: Web Server Authentication (1.3.6.1.5.5.7.3.1)
Purpose#2: Web Client Authentication (1.3.6.1.5.5.7.3.2)


Extension: Subject Alternative Name (2.5.29.17)
Critical: 0
DNS: sf-dgllgt1.demo.org


Fingerprints :

SHA-256 Fingerprint: 7A 70 72 46 BA A4 6F D1 04 83 D9 34 D1 91 EE 22 00 CA C8 7A
08 3A E2 50 3A 01 D0 03 B8 47 34 1A
SHA-1 Fingerprint: A9 5F 16 56 D2 4B CC 8A B7 E6 08 ED C6 65 BD 0D D7 8B C9 93
MD5 Fingerprint: 09 6A A4 84 24 60 C5 52 C4 6F A4 A5 21 48 64 AD

10.0.0.45 (tcp/443)

Subject Name:

Common Name: ILOMXQ0420GJ1.demo.org
Organization Unit: ISS
Organization: Hewlett-Packard Company
Locality: Houston
State/Province: Texas
Country: US

Issuer Name:

Country: US
State/Province: TX
Locality: Houston
Organization: Hewlett-Packard Company
Organization Unit: ISS
Common Name: iLO3 Default Issuer (Do not trust)

Serial Number: 57

Version: 3

Signature Algorithm: SHA-1 With RSA Encryption

Not Valid Before: Jul 24 23:00:00 2010 GMT
Not Valid After: Jul 26 00:00:00 2035 GMT

Public Key Info:

Algorithm: RSA Encryption
Key Length: 1024 bits
Public Key: 00 F3 4C 53 37 DA C7 AF 8E BC 66 A1 71 89 9B AD 60 D9 8A D4
44 06 7A 56 16 88 3A 86 EF CE 34 63 AD 74 E3 F5 EA 72 37 71
FC C9 9B 3C 4B F8 23 11 DE 2D F7 59 D8 34 77 E6 6E FC 8D 29
5E BC EB F3 72 FD 5E E9 52 19 A7 1B 21 AC 23 2D 19 3B D5 5B
8D 1A 1D C2 6A 96 41 B5 55 F3 9D FB C3 0B 9D 05 D0 C2 28 A5
BD 78 54 04 83 C9 7A 13 B0 8F 49 F4 BB D9 86 23 0C ED 7A F3
02 5B EB 48 68 00 EE 83 55
Exponent: 01 00 01

Signature Length: 128 bytes / 1024 bits
Signature: 00 51 94 94 F4 12 18 C1 A4 C4 EC FF CA 09 A7 CC A3 04 F1 98
47 C5 EE 7E C3 A3 64 68 6D 11 C4 AC ED D5 C7 37 A6 80 8A 21
C1 D2 85 4F 8A 3D F6 D8 50 5F 94 14 1A A4 85 A6 50 2A 91 43
A8 D1 A5 0E 13 05 35 98 8A B9 A5 ED 57 1A 1C 0F 9B 7C 1F A6
E5 80 05 68 BD E8 E7 EB 95 DE 79 97 7C 11 27 98 68 2F FA 63
C9 CD A1 88 D0 E3 1B 7C AD B1 E9 A5 3E 9C DC 37 BE 64 A2 89
5D 60 13 C1 41 60 88 5A F5

Extension: Authority Key Identifier (2.5.29.35)
Critical: 0


Extension: Key Usage (2.5.29.15)
Critical: 0
Key Usage: Decipher Only


Extension: Subject Alternative Name (2.5.29.17)
Critical: 0
DNS: ILOMXQ0420GJ1
DNS: ILOMXQ0420GJ1.demo.org


Fingerprints :

SHA-256 Fingerprint: C9 C0 48 EC 9E C9 62 52 17 D5 50 2D 95 F5 2C 8F F8 36 2B 4E
FC 1E F1 94 99 21 B5 75 2F A9 C0 C9
SHA-1 Fingerprint: 47 C9 B2 B5 43 93 81 CF B7 FE 55 DB 6A 86 A1 18 CF 65 3F 3E
MD5 Fingerprint: 03 B3 81 6D 48 21 EC 44 AF 65 32 6F 35 C5 11 96

10.0.0.46 (tcp/443)

Subject Name:

Country: US
State/Province: California
Locality: Palo Alto
Organization: VMware, Inc
Organization Unit: VMware ESX Server Default Certificate
Email Address: ssl-certificates@vmware.com
Common Name: localhost.demo.org
Unstructured Name: 1418416159,564d7761726520496e632e

Issuer Name:

Organization: VMware Installer

Serial Number: 00 82 05 F1 9B F6 F2

Version: 3

Signature Algorithm: SHA-256 With RSA Encryption

Not Valid Before: Dec 12 20:29:19 2014 GMT
Not Valid After: Jun 12 20:29:19 2026 GMT

Public Key Info:

Algorithm: RSA Encryption
Key Length: 2048 bits
Public Key: 00 D7 24 ED 61 D2 2D 6F 2C B4 C6 BE D1 D3 AD 4D 54 D3 20 1F
34 3F DD E9 43 E3 2E 65 78 91 89 D9 CE A5 27 06 99 13 FF F0
B2 94 C5 9B E7 A2 0F B6 62 19 5F FA 17 1E C8 9B 92 30 34 5D
E2 CB 10 80 63 95 25 69 56 BA 8E 14 16 D5 6C 6B 0D AF 68 8F
64 8D 05 0F 82 44 57 81 66 0A 9C 73 16 03 BA 3C 20 75 01 16
8E C9 18 33 13 26 A9 AF 94 A2 CC 32 35 22 C1 20 31 BB AD 23
87 F1 CA 67 5E 27 95 60 26 56 B9 69 77 1E 89 AC 6A 60 90 F3
09 18 B6 5B 00 16 DD E7 A7 E9 63 D7 32 FC 60 5C 04 0F 92 2C
87 4E 69 03 9B 10 64 54 07 92 0E 76 B6 71 09 89 32 3E 84 2F
2C E1 BC 1D 0B 54 08 C1 4C AF A4 6B 19 26 68 F3 99 AD E9 B9
2E 16 DF 31 0D 52 87 DC 02 E1 0F 2B DC 57 5C 97 41 37 7E 50
52 B0 29 57 9A 6C 6B EB 6E 42 33 E0 91 E8 17 AE B3 43 B9 C7
AD 66 64 9A 07 B5 A2 D0 20 F0 73 F4 D2 04 FF 41 77
Exponent: 01 00 01

Signature Length: 256 bytes / 2048 bits
Signature: 00 0B B5 C5 5E A6 97 53 AB 6F C1 0B 2E BD D2 44 7F 3B 09 D4
57 F7 FA B8 73 A2 A0 EE FA A9 36 34 19 EA 25 DE 61 41 98 2C
CB FE D2 52 99 E0 81 B8 D8 85 F0 5F FC C1 38 67 2E D1 2B 57
E0 26 6F 46 73 05 93 C1 87 B8 36 5A F6 10 C0 69 71 E3 25 38
E2 E6 5E 16 B9 79 68 93 D5 51 67 09 5F 72 8A 0F A8 EF 47 60
62 FA 6B 64 F1 23 A1 DB E2 F5 21 58 F3 7F A6 B4 A9 08 03 02
9C 05 B4 F5 05 E6 16 A5 3F FF A2 71 44 0A 42 33 E8 B6 7D 1F
D7 48 1C BB DD 3F 6F 8E 17 51 A7 3C 5A 1D 4A 36 C5 6B F1 39
0E 72 4C 87 B9 04 E2 E8 13 53 58 EE B3 AA FD 03 EB B2 F6 FC
D3 E6 A9 09 8D 63 B3 A1 2A 86 1F 19 88 2F 6E 68 F2 01 4B AB
7D FE A7 24 35 30 F5 9C BD 2B 9D A1 A8 AA E0 D8 49 A6 38 1F
8F 45 92 38 1D 7C E3 E6 CF 9B C0 21 26 D8 67 4E 51 99 3B A1
CE DE 5F DE B7 48 F7 75 83 4C CC 8C 84 CC E6 F8 8F

Extension: Basic Constraints (2.5.29.19)
Critical: 0


Extension: Key Usage (2.5.29.15)
Critical: 0
Key Usage: Digital Signature, Key Encipherment, Data Encipherment


Extension: Extended Key Usage (2.5.29.37)
Critical: 0
Purpose#1: Web Server Authentication (1.3.6.1.5.5.7.3.1)
Purpose#2: Web Client Authentication (1.3.6.1.5.5.7.3.2)


Extension: Subject Alternative Name (2.5.29.17)
Critical: 0
DNS: localhost.demo.org


Fingerprints :

SHA-256 Fingerprint: E3 58 5A 15 F0 D3 39 21 DB 88 B5 17 F7 E6 D2 CE 93 2C F0 92
30 C2 79 5A 9C A4 DC A2 4F 49 98 6D
SHA-1 Fingerprint: 1C 15 46 F1 C5 7D 42 36 B1 13 07 BD D6 0E DC D2 F4 D2 D0 D3
MD5 Fingerprint: E1 92 6C 1C C0 E3 E4 BB F4 59 56 59 EF 2E F8 7D

10.0.0.46 (tcp/5989)

Subject Name:

Country: US
State/Province: California
Locality: Palo Alto
Organization: VMware, Inc
Organization Unit: VMware ESX Server Default Certificate
Email Address: ssl-certificates@vmware.com
Common Name: localhost.demo.org
Unstructured Name: 1418416159,564d7761726520496e632e

Issuer Name:

Organization: VMware Installer

Serial Number: 00 82 05 F1 9B F6 F2

Version: 3

Signature Algorithm: SHA-256 With RSA Encryption

Not Valid Before: Dec 12 20:29:19 2014 GMT
Not Valid After: Jun 12 20:29:19 2026 GMT

Public Key Info:

Algorithm: RSA Encryption
Key Length: 2048 bits
Public Key: 00 D7 24 ED 61 D2 2D 6F 2C B4 C6 BE D1 D3 AD 4D 54 D3 20 1F
34 3F DD E9 43 E3 2E 65 78 91 89 D9 CE A5 27 06 99 13 FF F0
B2 94 C5 9B E7 A2 0F B6 62 19 5F FA 17 1E C8 9B 92 30 34 5D
E2 CB 10 80 63 95 25 69 56 BA 8E 14 16 D5 6C 6B 0D AF 68 8F
64 8D 05 0F 82 44 57 81 66 0A 9C 73 16 03 BA 3C 20 75 01 16
8E C9 18 33 13 26 A9 AF 94 A2 CC 32 35 22 C1 20 31 BB AD 23
87 F1 CA 67 5E 27 95 60 26 56 B9 69 77 1E 89 AC 6A 60 90 F3
09 18 B6 5B 00 16 DD E7 A7 E9 63 D7 32 FC 60 5C 04 0F 92 2C
87 4E 69 03 9B 10 64 54 07 92 0E 76 B6 71 09 89 32 3E 84 2F
2C E1 BC 1D 0B 54 08 C1 4C AF A4 6B 19 26 68 F3 99 AD E9 B9
2E 16 DF 31 0D 52 87 DC 02 E1 0F 2B DC 57 5C 97 41 37 7E 50
52 B0 29 57 9A 6C 6B EB 6E 42 33 E0 91 E8 17 AE B3 43 B9 C7
AD 66 64 9A 07 B5 A2 D0 20 F0 73 F4 D2 04 FF 41 77
Exponent: 01 00 01

Signature Length: 256 bytes / 2048 bits
Signature: 00 0B B5 C5 5E A6 97 53 AB 6F C1 0B 2E BD D2 44 7F 3B 09 D4
57 F7 FA B8 73 A2 A0 EE FA A9 36 34 19 EA 25 DE 61 41 98 2C
CB FE D2 52 99 E0 81 B8 D8 85 F0 5F FC C1 38 67 2E D1 2B 57
E0 26 6F 46 73 05 93 C1 87 B8 36 5A F6 10 C0 69 71 E3 25 38
E2 E6 5E 16 B9 79 68 93 D5 51 67 09 5F 72 8A 0F A8 EF 47 60
62 FA 6B 64 F1 23 A1 DB E2 F5 21 58 F3 7F A6 B4 A9 08 03 02
9C 05 B4 F5 05 E6 16 A5 3F FF A2 71 44 0A 42 33 E8 B6 7D 1F
D7 48 1C BB DD 3F 6F 8E 17 51 A7 3C 5A 1D 4A 36 C5 6B F1 39
0E 72 4C 87 B9 04 E2 E8 13 53 58 EE B3 AA FD 03 EB B2 F6 FC
D3 E6 A9 09 8D 63 B3 A1 2A 86 1F 19 88 2F 6E 68 F2 01 4B AB
7D FE A7 24 35 30 F5 9C BD 2B 9D A1 A8 AA E0 D8 49 A6 38 1F
8F 45 92 38 1D 7C E3 E6 CF 9B C0 21 26 D8 67 4E 51 99 3B A1
CE DE 5F DE B7 48 F7 75 83 4C CC 8C 84 CC E6 F8 8F

Extension: Basic Constraints (2.5.29.19)
Critical: 0


Extension: Key Usage (2.5.29.15)
Critical: 0
Key Usage: Digital Signature, Key Encipherment, Data Encipherment


Extension: Extended Key Usage (2.5.29.37)
Critical: 0
Purpose#1: Web Server Authentication (1.3.6.1.5.5.7.3.1)
Purpose#2: Web Client Authentication (1.3.6.1.5.5.7.3.2)


Extension: Subject Alternative Name (2.5.29.17)
Critical: 0
DNS: localhost.demo.org


Fingerprints :

SHA-256 Fingerprint: E3 58 5A 15 F0 D3 39 21 DB 88 B5 17 F7 E6 D2 CE 93 2C F0 92
30 C2 79 5A 9C A4 DC A2 4F 49 98 6D
SHA-1 Fingerprint: 1C 15 46 F1 C5 7D 42 36 B1 13 07 BD D6 0E DC D2 F4 D2 D0 D3
MD5 Fingerprint: E1 92 6C 1C C0 E3 E4 BB F4 59 56 59 EF 2E F8 7D

10.0.0.47 (tcp/443)

Subject Name:

Country: US
State/Province: California
Locality: Palo Alto
Organization: VMware, Inc.
Organization Unit: VMware vCenter Server Certificate
Email Address: ssl-certificates@vmware.com
Common Name: sf-gxwtwp1.demo.org
Unstructured Name: 1417892863,ab088874,564d7761726520496e632e

Issuer Name:

Country: US
State/Province: California
Locality: Palo Alto
Organization: VMware, Inc.
Common Name: sf-gxwtwp1.demo.org CA ed456d46
Email Address: ssl-certificates@vmware.com

Serial Number: 01

Version: 3

Signature Algorithm: SHA-256 With RSA Encryption

Not Valid Before: Dec 05 19:07:43 2014 GMT
Not Valid After: Dec 03 19:07:44 2024 GMT

Public Key Info:

Algorithm: RSA Encryption
Key Length: 2048 bits
Public Key: 00 B2 5D B1 4D 3A AF 5A E2 8D 25 A8 87 7F 06 57 B0 CA 39 9F
01 0D 65 BD 7E 24 C8 E9 26 64 6A 10 C8 5C 5B 4E 0B B4 FC C9
17 50 16 7D 73 F5 D0 F6 C2 4D 9D 07 A0 E5 12 94 D3 76 4C 15
09 55 FF 11 C7 44 50 09 0C 94 64 95 95 C0 8B A8 06 07 10 61
7E CC 2F E4 55 6B C4 41 12 2E 3A 8A A7 E8 42 42 5C DB 4F 68
C6 71 19 5A A7 E4 1D F8 6F 85 A0 DC 90 60 B6 49 7D B2 B4 17
33 C1 52 B6 57 00 D0 47 BD A4 35 54 37 14 79 AA A6 41 40 13
B1 48 1E AA 27 C0 1A B5 C7 E2 0C 67 E8 26 83 24 48 18 0D F0
C8 14 19 96 42 16 F7 4E 3B B6 81 14 55 58 44 47 51 1B 27 D9
A4 A3 53 CA 29 D7 BF ED 13 E9 00 61 B8 DA 01 B9 CE F3 A0 AA
60 4D C4 D0 46 C2 4B E0 AF 88 14 5A 3B 38 97 AD 68 EF CB D7
52 70 EB 6C C9 A8 E1 51 0A 61 23 F5 21 2F 30 35 4F BD 12 60
D4 D0 3A 40 42 19 E4 E5 D7 3C C8 1F DA BD EA 0C 61
Exponent: 01 00 01

Signature Length: 256 bytes / 2048 bits
Signature: 00 22 11 BC 7A 89 46 5E 7B DC 1D CC 64 B9 D5 42 31 9D 6E B5
F8 3C 7C F6 F2 09 DE 88 E5 B5 6B 7F 78 B8 96 B4 46 4F C0 71
C7 0A FD 40 A3 42 74 12 50 29 A2 77 F1 A1 B7 65 92 95 C4 C6
05 FE 2D A3 43 B8 63 89 4E 97 4B D5 0D A0 28 C2 0D ED 5B 6A
00 57 BA 09 FC 70 EF 5C DC 24 93 7A E5 61 6B 15 63 1E 8F 54
15 4C D0 92 7F 6C 42 BE F8 02 28 57 15 84 5A 79 28 0A D8 7A
C2 CF 13 01 43 0E 34 81 93 A8 46 39 32 B4 2F 44 BC 4A A5 D4
4F 0B 2F 98 04 81 F6 01 AB 7B DE DA EE 3D 17 E1 0B 45 3D 0D
A1 51 99 1C 5A CB 92 2B C2 51 12 50 C2 FD 5D 36 02 5F 28 5F
89 42 76 37 02 8B 8C 33 51 30 D6 38 9F 95 00 99 DF 98 86 D9
72 10 B7 C5 21 81 D8 E9 64 DD 4A 66 72 15 6B A1 FD AE 0D 9B
D6 87 B4 7B 72 23 60 CB 6C 51 A1 94 03 B8 85 1F 4F 49 0B 32
6E C8 62 C0 D6 9A 28 FA 35 B7 41 4E 10 64 BC E3 06

Extension: Basic Constraints (2.5.29.19)
Critical: 0


Extension: Key Usage (2.5.29.15)
Critical: 0
Key Usage: Digital Signature, Key Encipherment, Data Encipherment


Extension: Extended Key Usage (2.5.29.37)
Critical: 0
Purpose#1: Web Server Authentication (1.3.6.1.5.5.7.3.1)


Extension: Subject Alternative Name (2.5.29.17)
Critical: 0
DNS: sf-gxwtwp1.demo.org
DNS: sf-gxwtwp1


Fingerprints :

SHA-256 Fingerprint: 05 6E D4 CB F7 0A 8A 05 D3 81 BB D8 C8 EA 11 50 00 50 B7 F1
84 74 90 04 4E 4F DE 1F 84 7A 57 0C
SHA-1 Fingerprint: D1 AA F8 7A 89 84 85 B8 CA 37 5C C3 5F 96 16 94 C3 97 5F 93
MD5 Fingerprint: 74 71 94 12 47 BF 13 85 A8 97 A5 62 63 2F 79 0B

10.0.0.47 (tcp/1514)

Subject Name:

Country: US
State/Province: California
Locality: Palo Alto
Organization: VMware, Inc.
Organization Unit: VMware vCenter Server Certificate
Email Address: ssl-certificates@vmware.com
Common Name: sf-gxwtwp1.demo.org
Unstructured Name: 1417892863,ab088874,564d7761726520496e632e

Issuer Name:

Country: US
State/Province: California
Locality: Palo Alto
Organization: VMware, Inc.
Common Name: sf-gxwtwp1.demo.org CA ed456d46
Email Address: ssl-certificates@vmware.com

Serial Number: 01

Version: 3

Signature Algorithm: SHA-256 With RSA Encryption

Not Valid Before: Dec 05 19:07:43 2014 GMT
Not Valid After: Dec 03 19:07:44 2024 GMT

Public Key Info:

Algorithm: RSA Encryption
Key Length: 2048 bits
Public Key: 00 B2 5D B1 4D 3A AF 5A E2 8D 25 A8 87 7F 06 57 B0 CA 39 9F
01 0D 65 BD 7E 24 C8 E9 26 64 6A 10 C8 5C 5B 4E 0B B4 FC C9
17 50 16 7D 73 F5 D0 F6 C2 4D 9D 07 A0 E5 12 94 D3 76 4C 15
09 55 FF 11 C7 44 50 09 0C 94 64 95 95 C0 8B A8 06 07 10 61
7E CC 2F E4 55 6B C4 41 12 2E 3A 8A A7 E8 42 42 5C DB 4F 68
C6 71 19 5A A7 E4 1D F8 6F 85 A0 DC 90 60 B6 49 7D B2 B4 17
33 C1 52 B6 57 00 D0 47 BD A4 35 54 37 14 79 AA A6 41 40 13
B1 48 1E AA 27 C0 1A B5 C7 E2 0C 67 E8 26 83 24 48 18 0D F0
C8 14 19 96 42 16 F7 4E 3B B6 81 14 55 58 44 47 51 1B 27 D9
A4 A3 53 CA 29 D7 BF ED 13 E9 00 61 B8 DA 01 B9 CE F3 A0 AA
60 4D C4 D0 46 C2 4B E0 AF 88 14 5A 3B 38 97 AD 68 EF CB D7
52 70 EB 6C C9 A8 E1 51 0A 61 23 F5 21 2F 30 35 4F BD 12 60
D4 D0 3A 40 42 19 E4 E5 D7 3C C8 1F DA BD EA 0C 61
Exponent: 01 00 01

Signature Length: 256 bytes / 2048 bits
Signature: 00 22 11 BC 7A 89 46 5E 7B DC 1D CC 64 B9 D5 42 31 9D 6E B5
F8 3C 7C F6 F2 09 DE 88 E5 B5 6B 7F 78 B8 96 B4 46 4F C0 71
C7 0A FD 40 A3 42 74 12 50 29 A2 77 F1 A1 B7 65 92 95 C4 C6
05 FE 2D A3 43 B8 63 89 4E 97 4B D5 0D A0 28 C2 0D ED 5B 6A
00 57 BA 09 FC 70 EF 5C DC 24 93 7A E5 61 6B 15 63 1E 8F 54
15 4C D0 92 7F 6C 42 BE F8 02 28 57 15 84 5A 79 28 0A D8 7A
C2 CF 13 01 43 0E 34 81 93 A8 46 39 32 B4 2F 44 BC 4A A5 D4
4F 0B 2F 98 04 81 F6 01 AB 7B DE DA EE 3D 17 E1 0B 45 3D 0D
A1 51 99 1C 5A CB 92 2B C2 51 12 50 C2 FD 5D 36 02 5F 28 5F
89 42 76 37 02 8B 8C 33 51 30 D6 38 9F 95 00 99 DF 98 86 D9
72 10 B7 C5 21 81 D8 E9 64 DD 4A 66 72 15 6B A1 FD AE 0D 9B
D6 87 B4 7B 72 23 60 CB 6C 51 A1 94 03 B8 85 1F 4F 49 0B 32
6E C8 62 C0 D6 9A 28 FA 35 B7 41 4E 10 64 BC E3 06

Extension: Basic Constraints (2.5.29.19)
Critical: 0


Extension: Key Usage (2.5.29.15)
Critical: 0
Key Usage: Digital Signature, Key Encipherment, Data Encipherment


Extension: Extended Key Usage (2.5.29.37)
Critical: 0
Purpose#1: Web Server Authentication (1.3.6.1.5.5.7.3.1)


Extension: Subject Alternative Name (2.5.29.17)
Critical: 0
DNS: sf-gxwtwp1.demo.org
DNS: sf-gxwtwp1


Fingerprints :

SHA-256 Fingerprint: 05 6E D4 CB F7 0A 8A 05 D3 81 BB D8 C8 EA 11 50 00 50 B7 F1
84 74 90 04 4E 4F DE 1F 84 7A 57 0C
SHA-1 Fingerprint: D1 AA F8 7A 89 84 85 B8 CA 37 5C C3 5F 96 16 94 C3 97 5F 93
MD5 Fingerprint: 74 71 94 12 47 BF 13 85 A8 97 A5 62 63 2F 79 0B

10.0.0.47 (tcp/8191)

Subject Name:

Country: US
State/Province: California
Locality: Palo Alto
Organization: VMware, Inc.
Organization Unit: VMware vCenter Server Certificate
Email Address: ssl-certificates@vmware.com
Common Name: sf-gxwtwp1.demo.org
Unstructured Name: 1417892863,ab088874,564d7761726520496e632e

Issuer Name:

Country: US
State/Province: California
Locality: Palo Alto
Organization: VMware, Inc.
Common Name: sf-gxwtwp1.demo.org CA ed456d46
Email Address: ssl-certificates@vmware.com

Serial Number: 01

Version: 3

Signature Algorithm: SHA-256 With RSA Encryption

Not Valid Before: Dec 05 19:07:43 2014 GMT
Not Valid After: Dec 03 19:07:44 2024 GMT

Public Key Info:

Algorithm: RSA Encryption
Key Length: 2048 bits
Public Key: 00 B2 5D B1 4D 3A AF 5A E2 8D 25 A8 87 7F 06 57 B0 CA 39 9F
01 0D 65 BD 7E 24 C8 E9 26 64 6A 10 C8 5C 5B 4E 0B B4 FC C9
17 50 16 7D 73 F5 D0 F6 C2 4D 9D 07 A0 E5 12 94 D3 76 4C 15
09 55 FF 11 C7 44 50 09 0C 94 64 95 95 C0 8B A8 06 07 10 61
7E CC 2F E4 55 6B C4 41 12 2E 3A 8A A7 E8 42 42 5C DB 4F 68
C6 71 19 5A A7 E4 1D F8 6F 85 A0 DC 90 60 B6 49 7D B2 B4 17
33 C1 52 B6 57 00 D0 47 BD A4 35 54 37 14 79 AA A6 41 40 13
B1 48 1E AA 27 C0 1A B5 C7 E2 0C 67 E8 26 83 24 48 18 0D F0
C8 14 19 96 42 16 F7 4E 3B B6 81 14 55 58 44 47 51 1B 27 D9
A4 A3 53 CA 29 D7 BF ED 13 E9 00 61 B8 DA 01 B9 CE F3 A0 AA
60 4D C4 D0 46 C2 4B E0 AF 88 14 5A 3B 38 97 AD 68 EF CB D7
52 70 EB 6C C9 A8 E1 51 0A 61 23 F5 21 2F 30 35 4F BD 12 60
D4 D0 3A 40 42 19 E4 E5 D7 3C C8 1F DA BD EA 0C 61
Exponent: 01 00 01

Signature Length: 256 bytes / 2048 bits
Signature: 00 22 11 BC 7A 89 46 5E 7B DC 1D CC 64 B9 D5 42 31 9D 6E B5
F8 3C 7C F6 F2 09 DE 88 E5 B5 6B 7F 78 B8 96 B4 46 4F C0 71
C7 0A FD 40 A3 42 74 12 50 29 A2 77 F1 A1 B7 65 92 95 C4 C6
05 FE 2D A3 43 B8 63 89 4E 97 4B D5 0D A0 28 C2 0D ED 5B 6A
00 57 BA 09 FC 70 EF 5C DC 24 93 7A E5 61 6B 15 63 1E 8F 54
15 4C D0 92 7F 6C 42 BE F8 02 28 57 15 84 5A 79 28 0A D8 7A
C2 CF 13 01 43 0E 34 81 93 A8 46 39 32 B4 2F 44 BC 4A A5 D4
4F 0B 2F 98 04 81 F6 01 AB 7B DE DA EE 3D 17 E1 0B 45 3D 0D
A1 51 99 1C 5A CB 92 2B C2 51 12 50 C2 FD 5D 36 02 5F 28 5F
89 42 76 37 02 8B 8C 33 51 30 D6 38 9F 95 00 99 DF 98 86 D9
72 10 B7 C5 21 81 D8 E9 64 DD 4A 66 72 15 6B A1 FD AE 0D 9B
D6 87 B4 7B 72 23 60 CB 6C 51 A1 94 03 B8 85 1F 4F 49 0B 32
6E C8 62 C0 D6 9A 28 FA 35 B7 41 4E 10 64 BC E3 06

Extension: Basic Constraints (2.5.29.19)
Critical: 0


Extension: Key Usage (2.5.29.15)
Critical: 0
Key Usage: Digital Signature, Key Encipherment, Data Encipherment


Extension: Extended Key Usage (2.5.29.37)
Critical: 0
Purpose#1: Web Server Authentication (1.3.6.1.5.5.7.3.1)


Extension: Subject Alternative Name (2.5.29.17)
Critical: 0
DNS: sf-gxwtwp1.demo.org
DNS: sf-gxwtwp1


Fingerprints :

SHA-256 Fingerprint: 05 6E D4 CB F7 0A 8A 05 D3 81 BB D8 C8 EA 11 50 00 50 B7 F1
84 74 90 04 4E 4F DE 1F 84 7A 57 0C
SHA-1 Fingerprint: D1 AA F8 7A 89 84 85 B8 CA 37 5C C3 5F 96 16 94 C3 97 5F 93
MD5 Fingerprint: 74 71 94 12 47 BF 13 85 A8 97 A5 62 63 2F 79 0B

10.0.0.47 (tcp/8443)

Subject Name:

Country: US
State/Province: California
Locality: Palo Alto
Organization: VMware, Inc.
Organization Unit: VMware vCenter Server Certificate
Email Address: ssl-certificates@vmware.com
Common Name: sf-gxwtwp1.demo.org
Unstructured Name: 1417892863,ab088874,564d7761726520496e632e

Issuer Name:

Country: US
State/Province: California
Locality: Palo Alto
Organization: VMware, Inc.
Common Name: sf-gxwtwp1.demo.org CA ed456d46
Email Address: ssl-certificates@vmware.com

Serial Number: 01

Version: 3

Signature Algorithm: SHA-256 With RSA Encryption

Not Valid Before: Dec 05 19:07:43 2014 GMT
Not Valid After: Dec 03 19:07:44 2024 GMT

Public Key Info:

Algorithm: RSA Encryption
Key Length: 2048 bits
Public Key: 00 B2 5D B1 4D 3A AF 5A E2 8D 25 A8 87 7F 06 57 B0 CA 39 9F
01 0D 65 BD 7E 24 C8 E9 26 64 6A 10 C8 5C 5B 4E 0B B4 FC C9
17 50 16 7D 73 F5 D0 F6 C2 4D 9D 07 A0 E5 12 94 D3 76 4C 15
09 55 FF 11 C7 44 50 09 0C 94 64 95 95 C0 8B A8 06 07 10 61
7E CC 2F E4 55 6B C4 41 12 2E 3A 8A A7 E8 42 42 5C DB 4F 68
C6 71 19 5A A7 E4 1D F8 6F 85 A0 DC 90 60 B6 49 7D B2 B4 17
33 C1 52 B6 57 00 D0 47 BD A4 35 54 37 14 79 AA A6 41 40 13
B1 48 1E AA 27 C0 1A B5 C7 E2 0C 67 E8 26 83 24 48 18 0D F0
C8 14 19 96 42 16 F7 4E 3B B6 81 14 55 58 44 47 51 1B 27 D9
A4 A3 53 CA 29 D7 BF ED 13 E9 00 61 B8 DA 01 B9 CE F3 A0 AA
60 4D C4 D0 46 C2 4B E0 AF 88 14 5A 3B 38 97 AD 68 EF CB D7
52 70 EB 6C C9 A8 E1 51 0A 61 23 F5 21 2F 30 35 4F BD 12 60
D4 D0 3A 40 42 19 E4 E5 D7 3C C8 1F DA BD EA 0C 61
Exponent: 01 00 01

Signature Length: 256 bytes / 2048 bits
Signature: 00 22 11 BC 7A 89 46 5E 7B DC 1D CC 64 B9 D5 42 31 9D 6E B5
F8 3C 7C F6 F2 09 DE 88 E5 B5 6B 7F 78 B8 96 B4 46 4F C0 71
C7 0A FD 40 A3 42 74 12 50 29 A2 77 F1 A1 B7 65 92 95 C4 C6
05 FE 2D A3 43 B8 63 89 4E 97 4B D5 0D A0 28 C2 0D ED 5B 6A
00 57 BA 09 FC 70 EF 5C DC 24 93 7A E5 61 6B 15 63 1E 8F 54
15 4C D0 92 7F 6C 42 BE F8 02 28 57 15 84 5A 79 28 0A D8 7A
C2 CF 13 01 43 0E 34 81 93 A8 46 39 32 B4 2F 44 BC 4A A5 D4
4F 0B 2F 98 04 81 F6 01 AB 7B DE DA EE 3D 17 E1 0B 45 3D 0D
A1 51 99 1C 5A CB 92 2B C2 51 12 50 C2 FD 5D 36 02 5F 28 5F
89 42 76 37 02 8B 8C 33 51 30 D6 38 9F 95 00 99 DF 98 86 D9
72 10 B7 C5 21 81 D8 E9 64 DD 4A 66 72 15 6B A1 FD AE 0D 9B
D6 87 B4 7B 72 23 60 CB 6C 51 A1 94 03 B8 85 1F 4F 49 0B 32
6E C8 62 C0 D6 9A 28 FA 35 B7 41 4E 10 64 BC E3 06

Extension: Basic Constraints (2.5.29.19)
Critical: 0


Extension: Key Usage (2.5.29.15)
Critical: 0
Key Usage: Digital Signature, Key Encipherment, Data Encipherment


Extension: Extended Key Usage (2.5.29.37)
Critical: 0
Purpose#1: Web Server Authentication (1.3.6.1.5.5.7.3.1)


Extension: Subject Alternative Name (2.5.29.17)
Critical: 0
DNS: sf-gxwtwp1.demo.org
DNS: sf-gxwtwp1


Fingerprints :

SHA-256 Fingerprint: 05 6E D4 CB F7 0A 8A 05 D3 81 BB D8 C8 EA 11 50 00 50 B7 F1
84 74 90 04 4E 4F DE 1F 84 7A 57 0C
SHA-1 Fingerprint: D1 AA F8 7A 89 84 85 B8 CA 37 5C C3 5F 96 16 94 C3 97 5F 93
MD5 Fingerprint: 74 71 94 12 47 BF 13 85 A8 97 A5 62 63 2F 79 0B

10.0.0.47 (tcp/9443)

Subject Name:

Country: US
State/Province: California
Locality: Palo Alto
Organization: VMware, Inc.
Organization Unit: VMware vCenter Server Certificate
Email Address: ssl-certificates@vmware.com
Common Name: sf-gxwtwp1.demo.org
Unstructured Name: 1417892863,ab088874,564d7761726520496e632e

Issuer Name:

Country: US
State/Province: California
Locality: Palo Alto
Organization: VMware, Inc.
Common Name: sf-gxwtwp1.demo.org CA ed456d46
Email Address: ssl-certificates@vmware.com

Serial Number: 01

Version: 3

Signature Algorithm: SHA-256 With RSA Encryption

Not Valid Before: Dec 05 19:07:43 2014 GMT
Not Valid After: Dec 03 19:07:44 2024 GMT

Public Key Info:

Algorithm: RSA Encryption
Key Length: 2048 bits
Public Key: 00 B2 5D B1 4D 3A AF 5A E2 8D 25 A8 87 7F 06 57 B0 CA 39 9F
01 0D 65 BD 7E 24 C8 E9 26 64 6A 10 C8 5C 5B 4E 0B B4 FC C9
17 50 16 7D 73 F5 D0 F6 C2 4D 9D 07 A0 E5 12 94 D3 76 4C 15
09 55 FF 11 C7 44 50 09 0C 94 64 95 95 C0 8B A8 06 07 10 61
7E CC 2F E4 55 6B C4 41 12 2E 3A 8A A7 E8 42 42 5C DB 4F 68
C6 71 19 5A A7 E4 1D F8 6F 85 A0 DC 90 60 B6 49 7D B2 B4 17
33 C1 52 B6 57 00 D0 47 BD A4 35 54 37 14 79 AA A6 41 40 13
B1 48 1E AA 27 C0 1A B5 C7 E2 0C 67 E8 26 83 24 48 18 0D F0
C8 14 19 96 42 16 F7 4E 3B B6 81 14 55 58 44 47 51 1B 27 D9
A4 A3 53 CA 29 D7 BF ED 13 E9 00 61 B8 DA 01 B9 CE F3 A0 AA
60 4D C4 D0 46 C2 4B E0 AF 88 14 5A 3B 38 97 AD 68 EF CB D7
52 70 EB 6C C9 A8 E1 51 0A 61 23 F5 21 2F 30 35 4F BD 12 60
D4 D0 3A 40 42 19 E4 E5 D7 3C C8 1F DA BD EA 0C 61
Exponent: 01 00 01

Signature Length: 256 bytes / 2048 bits
Signature: 00 22 11 BC 7A 89 46 5E 7B DC 1D CC 64 B9 D5 42 31 9D 6E B5
F8 3C 7C F6 F2 09 DE 88 E5 B5 6B 7F 78 B8 96 B4 46 4F C0 71
C7 0A FD 40 A3 42 74 12 50 29 A2 77 F1 A1 B7 65 92 95 C4 C6
05 FE 2D A3 43 B8 63 89 4E 97 4B D5 0D A0 28 C2 0D ED 5B 6A
00 57 BA 09 FC 70 EF 5C DC 24 93 7A E5 61 6B 15 63 1E 8F 54
15 4C D0 92 7F 6C 42 BE F8 02 28 57 15 84 5A 79 28 0A D8 7A
C2 CF 13 01 43 0E 34 81 93 A8 46 39 32 B4 2F 44 BC 4A A5 D4
4F 0B 2F 98 04 81 F6 01 AB 7B DE DA EE 3D 17 E1 0B 45 3D 0D
A1 51 99 1C 5A CB 92 2B C2 51 12 50 C2 FD 5D 36 02 5F 28 5F
89 42 76 37 02 8B 8C 33 51 30 D6 38 9F 95 00 99 DF 98 86 D9
72 10 B7 C5 21 81 D8 E9 64 DD 4A 66 72 15 6B A1 FD AE 0D 9B
D6 87 B4 7B 72 23 60 CB 6C 51 A1 94 03 B8 85 1F 4F 49 0B 32
6E C8 62 C0 D6 9A 28 FA 35 B7 41 4E 10 64 BC E3 06

Extension: Basic Constraints (2.5.29.19)
Critical: 0


Extension: Key Usage (2.5.29.15)
Critical: 0
Key Usage: Digital Signature, Key Encipherment, Data Encipherment


Extension: Extended Key Usage (2.5.29.37)
Critical: 0
Purpose#1: Web Server Authentication (1.3.6.1.5.5.7.3.1)


Extension: Subject Alternative Name (2.5.29.17)
Critical: 0
DNS: sf-gxwtwp1.demo.org
DNS: sf-gxwtwp1


Fingerprints :

SHA-256 Fingerprint: 05 6E D4 CB F7 0A 8A 05 D3 81 BB D8 C8 EA 11 50 00 50 B7 F1
84 74 90 04 4E 4F DE 1F 84 7A 57 0C
SHA-1 Fingerprint: D1 AA F8 7A 89 84 85 B8 CA 37 5C C3 5F 96 16 94 C3 97 5F 93
MD5 Fingerprint: 74 71 94 12 47 BF 13 85 A8 97 A5 62 63 2F 79 0B

10.0.0.64 (tcp/3389)

Subject Name:

Common Name: SF-GXK9JS1.demo.org

Issuer Name:

Common Name: SF-GXK9JS1.demo.org

Serial Number: 5E 56 26 41 CC 79 0E 92 43 5C 25 75 22 4D 34 D8

Version: 3

Signature Algorithm: SHA-1 With RSA Encryption

Not Valid Before: Dec 21 22:22:49 2017 GMT
Not Valid After: Jun 22 22:22:49 2018 GMT

Public Key Info:

Algorithm: RSA Encryption
Key Length: 2048 bits
Public Key: 00 D3 7B A4 F0 7C BD D0 9C 18 FE 3C 4C E9 4E 84 8E 97 F5 F1
0C FF A6 88 42 03 F6 D9 B9 3F 11 05 96 52 61 C0 FA A6 B0 FC
77 3E 01 6D 12 67 37 A0 23 9A 86 77 74 4D 9F E3 E2 CD CE A3
8A 75 4D EC EF E1 F6 11 0A A8 85 6C 8D D7 C4 8C 19 C2 91 CE
8A 82 0B 65 D6 3D 70 E4 9E F1 B0 E1 3B A7 4B 32 68 ED 57 7D
7F E7 DB EA 67 61 48 9E 40 7E 60 23 43 F6 22 86 55 D1 6A 2D
FE 5E 00 F2 4B 19 CA 4F 95 6B 9B F4 6C 95 8F 8F EC 98 78 05
9F 47 FE 6C 2C CB ED 16 63 E2 36 08 C6 A4 A8 4B 78 98 0E D5
09 EB 6B A2 8A 07 39 2B BE 70 69 52 49 B7 F9 99 AC E2 68 68
02 2E 85 2D 17 84 CF 5E 0D 31 C3 64 41 50 45 61 6C 61 9F 80
88 13 40 EA 42 A0 D3 16 12 C6 3D F9 8A 35 03 B6 5E D9 CA BD
28 BE 32 2C 9B 6D E1 82 20 9A 47 5C A2 06 16 B3 FC 70 71 B9
AF DA E0 63 BF E8 78 C8 EC D2 B4 C9 61 0B B6 CC 0F
Exponent: 01 00 01

Signature Length: 256 bytes / 2048 bits
Signature: 00 46 C5 DC BD 3A BE 22 99 61 48 1E 04 37 7C B9 3C B0 9E 0C
9F E5 96 96 BE 1D 5E 16 46 5E 29 BF CD B7 AE 91 DF C8 74 74
2E D8 41 D1 38 28 C3 C1 95 B5 DC EF 5E BB 1E 7E F6 8D 89 C7
D9 8B 38 9F FC 06 D0 7D 6D 6D 36 CB EB F0 39 00 92 CF 03 57
B0 F9 8B 2E A5 0B 9B 21 B8 26 7E CF BC 09 89 25 51 1E 94 B0
31 82 71 D4 13 84 D2 85 CD FD 09 AD 6E 1D 05 C7 1B 48 09 04
3F 4E 86 EF 4E B0 02 A0 72 D5 39 BC 48 D0 EA 43 5C 65 4D A1
0E E9 5B 71 87 CB 50 61 4F 37 A7 2E DA AC 14 43 C6 AD 12 7D
E6 1E 03 0D 65 8B C6 6B AB 92 8F 42 CC 15 4D 25 6C 67 90 A0
EC F7 59 15 23 82 8F C5 4C 9F 2B 07 E4 BB 9D 90 67 06 D3 B8
B2 48 4F 9C 68 68 06 34 25 18 B8 E6 5C 4E FF 7A 95 FB C5 D8
0C 11 E4 DA 7E 84 A9 A7 D0 3B E5 DA 33 FA 75 35 32 0C 67 44
BA 8E A1 8A B6 DF B9 D4 99 08 40 CF 45 B8 72 38 7E

Extension: Extended Key Usage (2.5.29.37)
Critical: 0
Purpose#1: Web Server Authentication (1.3.6.1.5.5.7.3.1)


Extension: Key Usage (2.5.29.15)
Critical: 0
Key Usage: Key Encipherment, Data Encipherment


Fingerprints :

SHA-256 Fingerprint: EE 80 06 5A BF 4A 6F 3C 43 B6 93 79 61 6E D3 5B 62 8A 33 CB
29 61 51 D4 D6 A0 EF CB FB E9 D5 6D
SHA-1 Fingerprint: B0 2B 3C 45 DA 18 F5 E9 66 EC 94 10 10 0C F9 5D 71 B0 6B 5D
MD5 Fingerprint: 0D 97 4B 9D 36 E9 B2 04 5E FC E0 7F 6D 78 23 7B

10.0.0.64 (tcp/49570)

Subject Name:

Common Name: SSL_Self_Signed_Fallback

Issuer Name:

Common Name: SSL_Self_Signed_Fallback

Serial Number: 37 8A BA A7 5D 95 DC 81 47 1C C8 60 E7 CD 21 A0

Version: 3

Signature Algorithm: SHA-1 With RSA Encryption

Not Valid Before: Jan 19 01:02:38 2018 GMT
Not Valid After: Jan 19 01:02:38 2048 GMT

Public Key Info:

Algorithm: RSA Encryption
Key Length: 1024 bits
Public Key: 00 B3 18 4E F5 B9 74 69 3F 24 23 17 6E E4 E8 51 A8 B2 DD 93
75 0D AA 39 0A BA 18 5E B9 DA 96 4B 53 9C 39 0D 91 C0 2B A7
92 A6 40 EB 38 0F EC 1E A7 D4 9A 46 8E A8 B1 FE 64 EF 68 12
D8 39 46 49 A5 85 1D 4B 5D 66 40 08 67 55 E6 27 6A 3F 5F CB
9F 82 CE A1 8C 95 95 34 1B F5 15 6C D8 75 DC 79 B0 15 78 D9
CC 81 F1 94 26 E5 47 65 05 7B AD C6 4C DA 2B 28 7A 1A FB 1B
F3 70 85 0A 64 C5 49 B2 7B
Exponent: 01 00 01

Signature Length: 128 bytes / 1024 bits
Signature: 00 1B 2C A8 A4 DF E1 D2 15 82 6E E7 AB C8 0B BC 76 A2 99 A3
C1 0D AB 46 D9 8B 44 63 C0 F9 70 11 6E 01 22 4C 4B 41 AC 8A
37 B4 B7 51 7E 5C 93 FF A9 81 85 18 17 1C BF 98 12 F9 55 AD
C9 46 8B 67 85 BF 42 0D 71 27 B8 02 64 EF B6 57 CF C5 1A 82
C5 C7 05 D4 66 B4 0F 2F 1E 3E B3 E9 F9 A1 F1 91 BF 56 26 AA
A3 98 5C E1 5F 1A D3 07 C3 F3 67 BA 3E 64 D2 30 C9 CE A9 6C
35 D0 D2 0E 38 2B E4 C9 BE

Fingerprints :

SHA-256 Fingerprint: 04 A0 35 F6 9B 5E FB CC D8 8B F8 5F 57 B9 24 C2 0E 29 E4 E4
E2 0D EF B7 7B 67 27 AF 42 45 8D E9
SHA-1 Fingerprint: 5D 2D A1 09 13 06 DB BA D6 87 15 35 79 95 D9 CA 3D 4D 16 8F
MD5 Fingerprint: 9D CD 7E AD C0 52 4E 6D 13 CC EC E1 14 F1 36 86

10.0.0.94 (tcp/443)

Subject Name:

Organization: *.demo.org
Organization Unit: Domain Control Validated
Common Name: *.demo.org

Issuer Name:

Country: US
State/Province: Arizona
Locality: Scottsdale
Organization: GoDaddy.com, Inc.
Organization Unit: http://certificates.godaddy.com/repository
Common Name: Go Daddy Secure Certification Authority
2.5.4.5: 07969287

Serial Number: 27 E6 C3 D9 B7 71 9C

Version: 3

Signature Algorithm: SHA-1 With RSA Encryption

Not Valid Before: Oct 02 17:46:44 2012 GMT
Not Valid After: Oct 02 17:46:44 2013 GMT

Public Key Info:

Algorithm: RSA Encryption
Key Length: 2048 bits
Public Key: 00 BA EE F1 0C CB 2A 88 B4 CE E5 D6 D8 CD A0 A7 74 80 00 BA
98 7E 40 50 B6 5C 3D 92 42 E6 77 E4 46 73 EB 3A 42 67 5C CB
21 16 6C F8 B4 44 E2 3E 34 1A E3 E5 11 D8 91 C3 CB E5 89 39
E4 42 75 FE 4B C9 1C 97 C9 D2 C0 B9 E1 E3 F3 3C F9 0A FC A7
65 CA FA 0A 06 62 00 C3 D1 DA 4B 41 A7 1C 56 97 0E 5E 19 AF
97 99 F3 38 7E 73 71 6F BF 61 83 9A 72 A5 7E E4 23 CC C1 6A
08 39 D5 5F 7D 89 E7 F5 29 4E BD 6A D5 9B 91 DA F2 44 AB 8F
85 B8 AA 6F B8 75 C1 C3 26 8F 6D 27 E0 6B 9A EA 8F 11 CA B1
C0 93 9B B8 66 B5 13 47 24 F7 6C 55 8E 26 6A AF A9 91 34 69
1B 88 95 35 0D C1 70 D5 F9 E2 F5 87 2E 07 0D 2B F5 76 22 AE
B0 C5 D5 33 E7 53 71 2E 1C B2 B3 AA 47 E7 A8 AF 80 6D 0B A2
10 24 A9 8A DD 68 BA 91 0F 5A AE 4F 7F E5 58 1D 3C B7 0A 05
74 3D 11 A6 38 75 F9 70 CD 92 19 94 1E 11 4D AB 73
Exponent: 01 00 01

Signature Length: 256 bytes / 2048 bits
Signature: 00 37 F7 84 89 22 FB D1 D6 24 23 73 55 73 FF D1 85 B5 16 CF
42 55 6B 42 92 FB AD 80 06 1B CF 69 F2 DF 09 41 53 F5 F9 BD
32 58 04 E2 8C 0E 5E B8 70 20 C0 93 50 1A 80 5E 39 BC 3E FE
8F 44 40 BF 33 0B 34 4D 79 47 9E 5E 7C 73 09 44 3C 37 4F C7
53 D6 12 1B 03 C4 DC 74 79 B8 24 B3 DF 4E 25 2A 20 CC 80 D4
CB 63 1D 0A FE BB 71 0A F1 37 AB 48 48 7D D8 13 98 ED 75 31
40 39 D2 06 33 55 A1 CD 81 3F 3D 2D 96 40 9C D8 27 89 CD 67
5D AC 5B BF 5E 0B 89 2A E7 46 B9 A5 07 87 27 BB EA 5F A4 7C
29 E9 87 1A 37 48 3F C1 3B B1 E4 24 AE 16 75 60 B4 E2 CC C4
BA 1A E3 A9 36 24 3C 26 1F 29 9D 5A 05 20 13 CE BC 87 17 B5
E9 C9 52 CC 69 42 DA 34 00 B0 69 41 F1 6A C5 CC BB 98 44 51
71 00 53 DE FD 58 5A 49 64 66 31 BF E4 D5 A0 F0 11 44 86 D2
15 34 B6 98 98 65 9A CF C0 92 2D B2 03 05 B3 15 96

Extension: Basic Constraints (2.5.29.19)
Critical: 1
CA: FALSE


Extension: Extended Key Usage (2.5.29.37)
Critical: 0
Purpose#1: Web Server Authentication (1.3.6.1.5.5.7.3.1)
Purpose#2: Web Client Authentication (1.3.6.1.5.5.7.3.2)


Extension: Key Usage (2.5.29.15)
Critical: 1
Key Usage: Digital Signature, Key Encipherment


Extension: CRL Distribution Points (2.5.29.31)
Critical: 0
URI: http://crl.godaddy.com/gds1-77.crl


Extension: Policies (2.5.29.32)
Critical: 0
Policy ID #1: 2.16.840.1.114413.1.7.23.1
Qualifier ID #1: Certification Practice Statement (1.3.6.1.5.5.7.2.1)
CPS URI: http://certificates.godaddy.com/repository/


Extension: Authority Information Access (1.3.6.1.5.5.7.1.1)
Critical: 0
Method#1: Online Certificate Status Protocol
URI: http://ocsp.godaddy.com/
Method#2: Certificate Authority Issuers
URI: http://certificates.godaddy.com/repository/gd_intermediate.crt


Extension: Authority Key Identifier (2.5.29.35)
Critical: 0
Key Identifier: FD AC 61 32 93 6C 45 D6 E2 EE 85 5F 9A BA E7 76 99 68 CC E7


Extension: Subject Alternative Name (2.5.29.17)
Critical: 0
DNS: *.demo.org
DNS: demo.org


Extension: Subject Key Identifier (2.5.29.14)
Critical: 0
Subject Key Identifier: D5 71 FA 3D A3 E4 2D 25 E9 95 D9 EF 43 2F 78 D5 75 57 0E D9


Fingerprints :

SHA-256 Fingerprint: 46 94 65 1C 7C 1B B3 50 7C 4C F4 1F 3A 00 23 5F 00 FB BD 83
7A 6F B3 6E 72 F4 07 A6 4C DC 28 67
SHA-1 Fingerprint: BE D1 09 E2 4A C3 E0 CB C5 E0 D9 56 34 76 51 F9 4A A2 E9 9C
MD5 Fingerprint: 29 10 AE B7 0A 1A B2 4A 93 71 01 92 AE 24 9E 94

10.0.0.94 (tcp/3389)

Subject Name:

Common Name: demoFILER.demo.org

Issuer Name:

Common Name: demoFILER.demo.org

Serial Number: 13 71 CC 0A AD 0B 29 82 42 F5 1B 8A 3B 87 A4 87

Version: 3

Signature Algorithm: SHA-1 With RSA Encryption

Not Valid Before: Feb 27 19:35:03 2018 GMT
Not Valid After: Aug 29 19:35:03 2018 GMT

Public Key Info:

Algorithm: RSA Encryption
Key Length: 2048 bits
Public Key: 00 B8 5F F0 71 BB EA 9B 98 D2 63 42 69 84 3E EC 3B A0 06 76
59 76 1F E6 ED BF FE C8 92 D9 55 BF 02 5D BC 35 E0 BF ED 9A
7C FC 55 10 B1 A6 C8 8D 9A D0 7D 43 D3 42 57 D0 37 7F F3 89
4B 39 B9 E9 7A 33 09 DE 13 DB 62 78 B4 86 2A 95 F2 04 80 54
F6 24 6D B2 D2 32 B8 EA 25 79 42 87 37 0C D0 CE 46 98 1B 37
CF B4 29 9D 38 A0 B8 F4 EC CA 64 76 0D 14 9C 2B 45 C9 52 77
5E E5 10 5E E7 B3 24 E6 0F A0 CD 8C A7 1E C3 D0 58 7C 72 C3
25 D3 8E 98 E6 0C FB A7 CC 9B 96 BF 1E 9E C5 BD 8E B8 D0 A5
8D A9 B3 0B A6 FF 71 FA C2 E3 57 EB 2A 5E 06 CC E5 51 9F E8
EB A7 8E 70 2B 9C 85 EB C0 FB D9 74 5F EB 13 B8 4A 7B 4C 54
29 2B F6 B1 3C EE D7 88 7C 66 53 99 FA 1A 82 C7 CE 14 8F DD
3C 89 6A 93 A5 55 EF AB EA 85 39 03 F0 87 B5 84 FF AB 78 0F
51 1B 37 F5 4A 1A 64 6A E7 30 2A EF 0E DB D6 83 D5
Exponent: 01 00 01

Signature Length: 256 bytes / 2048 bits
Signature: 00 27 28 83 DC 11 D8 CC 6A F1 37 A3 E9 5E 27 EB 6D 24 8F C9
70 D8 1A B7 48 9A 46 A7 C5 DB EE 70 2C AE 11 1B EE D2 25 AF
11 F7 CA 37 AD A7 A5 60 BB EA 06 68 01 2A 1E D7 89 47 66 2D
E6 53 10 81 CC FA 58 89 F4 EE 5F 6D 4C 35 A7 09 8A 65 31 4D
5B 29 FA 4C 8E 6F 5C 12 C7 87 28 24 9D 9A 54 F9 3B 86 7B 15
F6 E9 07 97 99 52 8C 1A 32 27 61 0C AB FD DA 26 E9 1F C7 DC
64 D8 75 C4 8E 39 F1 37 4F E6 CF BD 6B 60 79 53 8F DE 97 2E
EC D7 67 49 C3 47 8F 0F B8 84 2B 3F 25 15 AF 3F 9E CF 53 6C
F7 73 8E 45 D2 AF D6 BD C7 5C BF 99 62 7C 65 DF 82 F0 AD EA
30 B9 F8 74 BC CB BF 5D 27 14 29 DE CE 4F 9B F0 A6 80 5B 0A
90 2E 73 11 27 8E BB F8 BA 29 1E 53 6B 93 10 31 DC DB 85 1C
7A 52 61 E8 66 4E 1E 1A D3 CE 55 46 21 B0 71 C8 8C 7F 59 2A
A9 3E 26 67 78 36 B5 98 25 88 87 74 66 EB F0 0C 5D

Extension: Extended Key Usage (2.5.29.37)
Critical: 0
Purpose#1: Web Server Authentication (1.3.6.1.5.5.7.3.1)


Extension: Key Usage (2.5.29.15)
Critical: 0
Key Usage: Key Encipherment, Data Encipherment


Fingerprints :

SHA-256 Fingerprint: D1 E9 6F 64 B1 D4 BE 64 A4 73 28 1E B8 76 6A 41 3E DA 94 57
E1 2A DE D8 71 81 16 CF A6 5E 1C 23
SHA-1 Fingerprint: 44 43 A7 FE 7D 13 B8 30 AE 0C 56 AD D4 DC 4B 2F 46 33 DC 50
MD5 Fingerprint: B4 A5 D6 61 47 55 A1 FA 24 D9 8A A2 A3 06 FE D5

10.0.0.112 (tcp/3389)

Subject Name:

Common Name: demoPRINT.demo.org

Issuer Name:

Common Name: demoPRINT.demo.org

Serial Number: 60 2A 91 AD 97 66 23 98 46 E1 B3 E2 63 E3 17 32

Version: 3

Signature Algorithm: SHA-1 With RSA Encryption

Not Valid Before: Jan 05 20:00:43 2018 GMT
Not Valid After: Jul 07 20:00:43 2018 GMT

Public Key Info:

Algorithm: RSA Encryption
Key Length: 2048 bits
Public Key: 00 B2 04 90 3A CB A8 4C CA 7C CB E3 97 0B 62 F6 EF 7A DC 67
AE 59 80 E0 5D A5 CB 16 D5 70 DD 6B 73 E7 27 2A CA 00 21 F8
06 0C B7 DC BB EF 57 3F 1F 9C B9 E9 21 92 27 96 52 28 0A 6D
B5 77 8E 5C 98 C7 1F AD FF 5A 45 0E 24 86 88 93 6F E2 5A B7
DF 3C 88 E4 7B 80 F5 EF 40 40 76 77 36 4E BB 3E DF 38 89 9D
BB 2A AF 10 7F F1 84 C1 0C 4B 2B F0 57 23 B5 02 9D 3D 5B 5C
51 1F 62 A2 5D A3 40 6F 6A B6 0C AC 9F 26 88 E6 9F AA 65 C9
9F B3 04 86 42 7B E1 61 0A CF FB E6 08 3E 56 1A C9 0C B6 02
42 ED 99 5A AC AB 0C CA 5D 5C 2B AA 0A 33 C1 0F CF D3 23 B2
87 6B FA F1 0F E5 14 7F 95 E0 F7 6A 33 0E 36 35 15 9B 0A 64
60 70 31 2A 9E FF 89 C8 E7 19 87 1E 4A CE 31 AE F0 32 51 13
A1 0A 42 7C 1C BA 4D 95 E1 7D 37 5D 5D 0E 4A E0 87 5B 8B CB
3F D0 BD 67 1A 95 65 59 A8 9D C9 EE 1C D0 36 E3 9D
Exponent: 01 00 01

Signature Length: 256 bytes / 2048 bits
Signature: 00 94 4F 8E 64 92 26 DD 4E 1A CA C7 2C ED BF CD 76 B3 66 0E
AD C5 55 F6 7B F2 15 75 57 30 BD 01 0C A4 71 9A 14 C2 04 16
AD 10 64 3E 03 E2 3C 7D CA 44 F2 75 5A 11 85 D3 37 DA 0F 5D
00 3A 63 31 06 93 9D A3 A1 FA DB BA A4 92 5B F6 34 36 EB C3
E4 8C 78 7C D6 FE 41 29 6D 3B E7 86 1D 0A 0D 54 42 AC D7 39
BE 6C EC 4F 26 30 1E 28 93 BD F1 AA A3 FD AA 32 BC DA 98 F7
7E BF AF 08 2B 6C 5D A0 78 E7 4D E6 E3 E8 E0 4B 71 4D F2 DB
5C 24 27 D0 59 1A 0D C7 DD EB C3 05 B5 FA 91 48 DD 0B 3F C3
87 78 8F B5 96 71 BC 61 F0 DB 43 99 E4 0A F6 F1 84 C2 8B CC
71 CF 02 CD FB AD 59 22 D6 95 B8 44 C0 88 10 66 62 F3 53 45
73 7E F9 9F 58 54 49 75 99 45 66 08 B6 0F 40 92 C9 1D 2E 49
50 1E 85 77 7D F7 33 30 35 1B 16 12 5E 33 04 98 9C C8 85 3C
57 DE 9D B8 4E 66 96 AA D2 26 98 9F 78 C2 6D 95 63

Extension: Extended Key Usage (2.5.29.37)
Critical: 0
Purpose#1: Web Server Authentication (1.3.6.1.5.5.7.3.1)


Extension: Key Usage (2.5.29.15)
Critical: 0
Key Usage: Key Encipherment, Data Encipherment


Fingerprints :

SHA-256 Fingerprint: 6E 44 BC A4 CE 10 64 7F E8 C4 45 8E 2D CD 87 39 09 60 57 2A
8A AE 9E 0D 15 64 19 E8 D6 D1 D0 EB
SHA-1 Fingerprint: 90 30 2F EC B8 D3 F6 C5 88 ED E8 91 42 A0 BA 30 B5 26 44 2D
MD5 Fingerprint: 6A 32 DB 24 F4 D9 CB B8 D0 7F F4 54 5E 67 42 9D

10.0.0.133 (tcp/443)

Subject Name:

Country: US
Common Name: nas-E6-DA-DE.local

Issuer Name:

Country: US
Common Name: nas-E6-DA-DE.local

Serial Number: 00 EC 8C 25 D6 7A 82 B4 FE

Version: 1

Signature Algorithm: SHA-256 With RSA Encryption

Not Valid Before: Nov 21 23:09:17 2016 GMT
Not Valid After: Jan 18 23:09:17 2038 GMT

Public Key Info:

Algorithm: RSA Encryption
Key Length: 2048 bits
Public Key: 00 E4 BB B4 76 DB AD FC 8B D9 8E BE 87 8D BC 1E 51 94 19 20
46 98 97 81 BA 2E 48 F0 48 26 F0 DC E7 27 6B 01 E1 5C 71 E2
86 92 18 24 BB 4D 62 8A 0A 3E 32 B6 3D 88 CD AA 7B 85 EB 3A
78 C3 88 39 A7 F0 A4 1C 85 3C AE 88 44 B4 97 77 B4 FE 71 C9
EF 75 94 2D FF 62 EA 24 89 FA 5A B6 F2 CB 28 02 D0 E4 E5 1E
7E B3 E0 E8 94 AD 9F A4 CF 41 E2 61 3E 64 2D E3 95 71 D3 69
84 F0 7D 2C FD 3C 7F 1B 76 21 EC E1 92 AD 13 BD E0 87 B1 EB
B3 DA F1 DB 7F DB C9 86 8B 4C D9 AF A2 F6 EC 43 A5 72 80 2E
FF D5 5A 91 2A EC AC E5 76 DE E7 A3 35 B2 F6 1F 92 54 11 2B
0E EC 35 07 43 89 69 89 3E 6E F3 74 8F 31 B9 A6 94 FE 16 77
7C 94 CC 9C 6D 2A FE 12 26 F9 CF B1 3D 29 25 D1 64 4A 25 7F
EA 40 A3 B0 E6 2E 54 91 D2 BD 7C 3B DF FA 65 A1 8D 8B ED A7
75 4A CE 1B BF 33 13 C0 78 A4 D1 D3 D1 A1 6A FF 4B
Exponent: 01 00 01

Signature Length: 256 bytes / 2048 bits
Signature: 00 C2 07 A3 89 1F 78 A8 AE 6C 18 43 58 B6 5F 83 FF B9 3F 5B
FF A9 01 C0 E6 F4 3D C1 1A C6 39 21 07 A6 CC B8 07 0F 80 71
F4 16 98 17 65 44 6E 60 C9 74 82 03 3A 23 18 0F 25 21 67 E1
77 E5 87 CD 6B 5A 8A C4 76 9A DB 08 5C 2B E2 83 39 A3 56 14
9D 08 40 BF 7E 37 5E F6 73 E3 0D 47 64 C5 C1 CF EC 7E 83 DB
CD 57 5B 9E 2F 68 48 DA 98 66 81 83 03 A2 35 81 E2 16 43 6A
2A 60 B3 20 15 C5 E4 57 66 FD F8 B1 54 7B F3 A4 DC BB AF 73
93 EC 3E DD 0A 24 9B A6 D7 0E 05 AC AF 44 EF BF BE A7 57 9E
03 1E F9 4C BC FA 0D 66 02 85 0F 94 C6 7A 30 6F 1C 01 E1 65
E4 9B 18 3F D6 8C 51 46 1E BD DF 92 95 36 02 AD 0F F2 6E B2
28 F4 F1 09 14 0C 43 B3 D6 BC 7E BE 77 55 43 BE B3 15 31 DF
43 D9 5E 3C 7B 81 B0 D5 CB 0E 0F B9 26 1E FE 71 82 BC 58 89
1C 5A F8 82 A8 95 B5 DD 0B 19 FB DB E7 D2 09 86 13

Fingerprints :

SHA-256 Fingerprint: 9F C5 01 A1 86 AE B0 36 EC FC 76 0F BD 0B 62 C3 00 AB 9A 01
4F B1 53 34 E8 CE 41 C1 91 05 4B B9
SHA-1 Fingerprint: AA F7 DC 0B 4D 26 90 C1 A4 A3 5A 08 3F 69 68 83 0B 48 CB 88
MD5 Fingerprint: D9 C7 FC 4F E9 F7 2E A2 6A 0A 71 E9 55 0E 16 55

10.0.0.148 (tcp/3389)

Subject Name:

Common Name: demoSFVeeam

Issuer Name:

Common Name: demoSFVeeam

Serial Number: 74 D8 21 EF A0 0F 83 AF 44 59 E2 89 21 51 F0 46

Version: 3

Signature Algorithm: SHA-256 With RSA Encryption

Not Valid Before: Feb 08 00:00:11 2018 GMT
Not Valid After: Aug 10 00:00:11 2018 GMT

Public Key Info:

Algorithm: RSA Encryption
Key Length: 2048 bits
Public Key: 00 C4 A3 E9 C5 4F F1 0A 6C 3F 6E 9F 62 59 32 A5 88 94 93 C3
FC 0B 98 9A 84 B1 EF BD 06 48 52 E6 27 93 FE 22 E8 ED 44 13
6F 2B 1C 86 C9 BA CF 9A B8 54 3E 89 74 2E 4F 64 7E 79 14 F0
9A 38 7C 83 FA 1E 52 22 E6 A3 08 44 03 5C 52 9F 1F 7B 13 62
E9 FF 9D 51 1A 2D B7 3E 74 B1 23 A7 99 98 D1 98 9B 0A A0 B8
16 CE 19 86 5E 0D 28 31 47 0A AD D4 6C FC 9F 57 BE FC 26 CE
73 9D DA 46 31 0C AE DD 45 FE 1C DC 8D 21 DB 98 38 34 79 F8
FB 7C 19 C4 C0 CE CF 60 02 C7 72 03 F5 DA 7F FF 01 3E 0A F1
BB CB D6 51 2C 31 4D FA 5C B7 17 B9 D8 ED 9D 32 78 CC 55 38
43 A4 EE 38 39 C5 06 01 E0 EF 6E 56 B7 4E EE 42 DB 3C 33 ED
10 6F 6F AC BC 48 AC 7C FD 76 27 57 6C 1F 8C 98 2F 92 C0 D0
52 87 B2 A6 62 E6 1B F3 6A C3 46 D4 98 F9 CD B7 0A 56 A2 8C
DD C5 6C CA C7 7D 18 33 39 4D 85 28 CA DD 35 6F 6B
Exponent: 01 00 01

Signature Length: 256 bytes / 2048 bits
Signature: 00 30 57 E5 7C 94 BC 8F BF 1A 3C 29 E8 AE 02 A3 A0 40 BA C8
C0 E4 20 35 CC A9 F9 8F A6 FF 99 4D 21 F6 2C 5F 61 7C D4 79
DC 13 BD 32 EE F2 FA 8A E2 E4 47 17 3C 72 24 58 7E 1F 6D 64
A4 FF 9A 0D F3 56 21 F5 9C FD 76 8E 88 F6 51 26 EB 43 41 59
BE F9 C7 CE 00 A2 F5 C0 00 32 7C 0B 80 91 E3 66 61 BE 79 07
A3 73 A0 18 E9 1A 83 17 D7 82 85 3A 70 5D 17 CF D0 60 0C 45
B8 B1 F7 9B E5 72 29 10 45 A4 B0 7A A9 FA 99 71 6E 43 D0 AE
0C 5F FC 21 17 76 EE E7 0A A0 AE E4 0D 07 7D DF BC 39 BA 99
90 24 A9 16 31 06 82 D3 88 E5 78 9F CB D2 73 80 D4 2D B0 CB
72 47 1E 2C 58 F5 2A 77 C5 D7 74 B0 F5 6F E0 F2 D8 E7 27 5F
82 0A F4 E6 99 60 76 1D 27 0C FB BA C3 58 44 34 3F 4A 0C 9A
A1 E7 94 8E 7C 25 40 B0 6C 75 39 CD 45 49 32 A7 73 A6 56 05
E1 3A 2F 60 E1 86 96 80 8B EC 7D 63 B3 47 40 BF FB

Extension: Extended Key Usage (2.5.29.37)
Critical: 0
Purpose#1: Web Server Authentication (1.3.6.1.5.5.7.3.1)


Extension: Key Usage (2.5.29.15)
Critical: 0
Key Usage: Key Encipherment, Data Encipherment


Fingerprints :

SHA-256 Fingerprint: B2 16 DF 84 0F 74 DA 78 E8 48 48 B0 DC 5F 80 58 C5 E5 81 40
A0 FC FF D4 36 38 98 99 34 75 EE 08
SHA-1 Fingerprint: 33 65 50 32 47 AB C7 3C BA 7D 40 7F 21 ED C7 72 A3 19 AC 21
MD5 Fingerprint: 68 EE 20 59 94 4A 6D AD 20 53 3C A6 A9 B4 99 0C

10.0.0.158 (tcp/25)

Subject Name:

Organization Unit: Domain Control Validated
Common Name: *.demo.org

Issuer Name:

Country: US
State/Province: Arizona
Locality: Scottsdale
Organization: GoDaddy.com, Inc.
Organization Unit: http://certs.godaddy.com/repository/
Common Name: Go Daddy Secure Certificate Authority - G2

Serial Number: 0A AF 09 FA EE 54 EA 01

Version: 3

Signature Algorithm: SHA-256 With RSA Encryption

Not Valid Before: Oct 02 18:54:38 2015 GMT
Not Valid After: Oct 02 18:54:38 2017 GMT

Public Key Info:

Algorithm: RSA Encryption
Key Length: 2048 bits
Public Key: 00 BF 49 73 48 AE 41 C9 25 77 4F 63 01 3D 91 C3 01 EB 59 A9
FD DB 47 83 0C B4 8F 74 E3 C6 47 7C B6 2F 40 70 51 13 32 18
83 2D 52 3C 24 E6 EA C7 E1 21 BC D6 CD EA F2 8C 3E E2 7E AD
2B 39 D0 74 87 C9 E8 20 2E A4 AC AE 60 9C AB 3B 7C 60 02 A7
58 50 1D 32 2E C2 4E 64 43 2B 91 55 3C 54 D9 3F 42 BD 6A D1
89 5C 40 88 1D 3B 09 20 EF AA 71 C4 6E 8C E0 52 77 36 47 F5
9D 59 82 CD CB 08 7F 2D D1 F6 47 59 79 39 68 E7 05 E6 62 66
4B 17 CD BA 89 53 00 EC C0 64 11 0C ED 5F E8 20 9D D2 5F C1
9C 23 E4 D8 6F 3F 89 3A 75 9D 43 EF 9F 14 EB 83 EB 98 A9 E1
2A A2 82 7F A8 82 11 A7 2F 88 9B 54 14 6F 93 9D 24 65 2D 8C
E3 D9 E9 64 5D A0 E4 E9 6C B1 04 B1 EF 67 63 70 59 75 8B 1B
3F 11 C4 88 E2 FC 52 37 58 60 F0 D5 90 BA 51 F7 AC 52 4E F3
90 85 4C D7 50 AE 3A CE B7 C2 A8 65 98 42 B2 76 05
Exponent: 01 00 01

Signature Length: 256 bytes / 2048 bits
Signature: 00 3A 2A BE 48 0A F5 58 D2 7C AF AB 75 EF 91 3E 14 4D 87 2A
4F D2 A0 7F 4F 24 D2 E0 B7 24 9C 24 3A 54 2F F8 AD 12 C2 5A
39 B8 14 70 28 36 33 F5 CE E4 43 E2 06 0B 66 0F 15 44 E1 E8
00 F3 64 BC CB E7 00 38 57 47 04 7F 2F AB E7 88 A9 4B AB D4
11 DB 80 A8 83 DB 7C E7 37 C6 69 0B E7 6C 16 48 E2 2C C4 35
01 D5 B6 F7 E0 55 3F 57 4D 5E 8A 72 54 3D 4B B8 E4 F2 AF 14
AB 25 31 FE 59 9C 2A EA F0 5C BB B4 7E 30 B1 74 6C 0D 6E 1A
A2 7D F3 01 DC 33 88 A4 CF CD CB 5B AD 52 96 ED A4 E7 AA 3D
BE 68 69 DC E7 FC 0A 3E 15 EC 89 82 85 F8 B5 43 C3 8B 4A 99
2C C3 A9 2F 71 48 5F 66 CF A8 1D 7B AB 1A D7 00 62 E2 A3 EC
39 FF 20 59 A7 36 DF D1 A1 15 7E 67 18 1F D9 30 0F EF 4C 70
F8 DD 5A A7 3D B2 9C 67 E1 B3 75 E5 04 F4 4B F3 3D 1A 6A A8
CF 4A D2 15 7C FC C4 C2 9C 2F A6 17 CA FA 3C BF 4C

Extension: Basic Constraints (2.5.29.19)
Critical: 1


Extension: Extended Key Usage (2.5.29.37)
Critical: 0
Purpose#1: Web Server Authentication (1.3.6.1.5.5.7.3.1)
Purpose#2: Web Client Authentication (1.3.6.1.5.5.7.3.2)


Extension: Key Usage (2.5.29.15)
Critical: 1
Key Usage: Digital Signature, Key Encipherment


Extension: CRL Distribution Points (2.5.29.31)
Critical: 0
URI: http://crl.godaddy.com/gdig2s1-132.crl


Extension: Policies (2.5.29.32)
Critical: 0
Policy ID #1: 2.16.840.1.114413.1.7.23.1
Qualifier ID #1: Certification Practice Statement (1.3.6.1.5.5.7.2.1)
CPS URI: http://certificates.godaddy.com/repository/


Extension: Authority Information Access (1.3.6.1.5.5.7.1.1)
Critical: 0
Method#1: Online Certificate Status Protocol
URI: http://ocsp.godaddy.com/
Method#2: Certificate Authority Issuers
URI: http://certificates.godaddy.com/repository/gdig2.crt


Extension: Authority Key Identifier (2.5.29.35)
Critical: 0
Key Identifier: 40 C2 BD 27 8E CC 34 83 30 A2 33 D7 FB 6C B3 F0 B4 2C 80 CE


Extension: Subject Alternative Name (2.5.29.17)
Critical: 0
DNS: *.demo.org
DNS: demo.org


Extension: Subject Key Identifier (2.5.29.14)
Critical: 0
Subject Key Identifier: A7 5A 2B 45 0A 85 E9 6E A5 AC 16 1C 16 BE FF 8C F6 DE 72 FC


Fingerprints :

SHA-256 Fingerprint: 20 7D F5 DE DD C6 FE 13 8D B6 55 E7 74 C6 12 4D 7F A4 59 70
6D D9 F2 E1 A1 F5 48 EA DF B4 1D 16
SHA-1 Fingerprint: 3A 59 D7 BF 40 A5 69 62 6E 29 7E AF C7 46 FE F7 17 77 D1 90
MD5 Fingerprint: 79 B6 96 52 6B 7F 62 98 78 A8 D2 6A 64 C7 E9 CC

10.0.0.158 (tcp/443)

Subject Name:

Organization Unit: Domain Control Validated
Common Name: *.demo.org

Issuer Name:

Country: US
State/Province: Arizona
Locality: Scottsdale
Organization: GoDaddy.com, Inc.
Organization Unit: http://certs.godaddy.com/repository/
Common Name: Go Daddy Secure Certificate Authority - G2

Serial Number: 0A AF 09 FA EE 54 EA 01

Version: 3

Signature Algorithm: SHA-256 With RSA Encryption

Not Valid Before: Oct 02 18:54:38 2015 GMT
Not Valid After: Oct 02 18:54:38 2017 GMT

Public Key Info:

Algorithm: RSA Encryption
Key Length: 2048 bits
Public Key: 00 BF 49 73 48 AE 41 C9 25 77 4F 63 01 3D 91 C3 01 EB 59 A9
FD DB 47 83 0C B4 8F 74 E3 C6 47 7C B6 2F 40 70 51 13 32 18
83 2D 52 3C 24 E6 EA C7 E1 21 BC D6 CD EA F2 8C 3E E2 7E AD
2B 39 D0 74 87 C9 E8 20 2E A4 AC AE 60 9C AB 3B 7C 60 02 A7
58 50 1D 32 2E C2 4E 64 43 2B 91 55 3C 54 D9 3F 42 BD 6A D1
89 5C 40 88 1D 3B 09 20 EF AA 71 C4 6E 8C E0 52 77 36 47 F5
9D 59 82 CD CB 08 7F 2D D1 F6 47 59 79 39 68 E7 05 E6 62 66
4B 17 CD BA 89 53 00 EC C0 64 11 0C ED 5F E8 20 9D D2 5F C1
9C 23 E4 D8 6F 3F 89 3A 75 9D 43 EF 9F 14 EB 83 EB 98 A9 E1
2A A2 82 7F A8 82 11 A7 2F 88 9B 54 14 6F 93 9D 24 65 2D 8C
E3 D9 E9 64 5D A0 E4 E9 6C B1 04 B1 EF 67 63 70 59 75 8B 1B
3F 11 C4 88 E2 FC 52 37 58 60 F0 D5 90 BA 51 F7 AC 52 4E F3
90 85 4C D7 50 AE 3A CE B7 C2 A8 65 98 42 B2 76 05
Exponent: 01 00 01

Signature Length: 256 bytes / 2048 bits
Signature: 00 3A 2A BE 48 0A F5 58 D2 7C AF AB 75 EF 91 3E 14 4D 87 2A
4F D2 A0 7F 4F 24 D2 E0 B7 24 9C 24 3A 54 2F F8 AD 12 C2 5A
39 B8 14 70 28 36 33 F5 CE E4 43 E2 06 0B 66 0F 15 44 E1 E8
00 F3 64 BC CB E7 00 38 57 47 04 7F 2F AB E7 88 A9 4B AB D4
11 DB 80 A8 83 DB 7C E7 37 C6 69 0B E7 6C 16 48 E2 2C C4 35
01 D5 B6 F7 E0 55 3F 57 4D 5E 8A 72 54 3D 4B B8 E4 F2 AF 14
AB 25 31 FE 59 9C 2A EA F0 5C BB B4 7E 30 B1 74 6C 0D 6E 1A
A2 7D F3 01 DC 33 88 A4 CF CD CB 5B AD 52 96 ED A4 E7 AA 3D
BE 68 69 DC E7 FC 0A 3E 15 EC 89 82 85 F8 B5 43 C3 8B 4A 99
2C C3 A9 2F 71 48 5F 66 CF A8 1D 7B AB 1A D7 00 62 E2 A3 EC
39 FF 20 59 A7 36 DF D1 A1 15 7E 67 18 1F D9 30 0F EF 4C 70
F8 DD 5A A7 3D B2 9C 67 E1 B3 75 E5 04 F4 4B F3 3D 1A 6A A8
CF 4A D2 15 7C FC C4 C2 9C 2F A6 17 CA FA 3C BF 4C

Extension: Basic Constraints (2.5.29.19)
Critical: 1


Extension: Extended Key Usage (2.5.29.37)
Critical: 0
Purpose#1: Web Server Authentication (1.3.6.1.5.5.7.3.1)
Purpose#2: Web Client Authentication (1.3.6.1.5.5.7.3.2)


Extension: Key Usage (2.5.29.15)
Critical: 1
Key Usage: Digital Signature, Key Encipherment


Extension: CRL Distribution Points (2.5.29.31)
Critical: 0
URI: http://crl.godaddy.com/gdig2s1-132.crl


Extension: Policies (2.5.29.32)
Critical: 0
Policy ID #1: 2.16.840.1.114413.1.7.23.1
Qualifier ID #1: Certification Practice Statement (1.3.6.1.5.5.7.2.1)
CPS URI: http://certificates.godaddy.com/repository/


Extension: Authority Information Access (1.3.6.1.5.5.7.1.1)
Critical: 0
Method#1: Online Certificate Status Protocol
URI: http://ocsp.godaddy.com/
Method#2: Certificate Authority Issuers
URI: http://certificates.godaddy.com/repository/gdig2.crt


Extension: Authority Key Identifier (2.5.29.35)
Critical: 0
Key Identifier: 40 C2 BD 27 8E CC 34 83 30 A2 33 D7 FB 6C B3 F0 B4 2C 80 CE


Extension: Subject Alternative Name (2.5.29.17)
Critical: 0
DNS: *.demo.org
DNS: demo.org


Extension: Subject Key Identifier (2.5.29.14)
Critical: 0
Subject Key Identifier: A7 5A 2B 45 0A 85 E9 6E A5 AC 16 1C 16 BE FF 8C F6 DE 72 FC


Fingerprints :

SHA-256 Fingerprint: 20 7D F5 DE DD C6 FE 13 8D B6 55 E7 74 C6 12 4D 7F A4 59 70
6D D9 F2 E1 A1 F5 48 EA DF B4 1D 16
SHA-1 Fingerprint: 3A 59 D7 BF 40 A5 69 62 6E 29 7E AF C7 46 FE F7 17 77 D1 90
MD5 Fingerprint: 79 B6 96 52 6B 7F 62 98 78 A8 D2 6A 64 C7 E9 CC

10.0.0.158 (tcp/3389)

Subject Name:

Common Name: NEW427581-SPWFE.demo.org

Issuer Name:

Common Name: NEW427581-SPWFE.demo.org

Serial Number: 5F 82 05 17 32 08 8F BC 42 E4 44 08 D0 12 DE 53

Version: 3

Signature Algorithm: SHA-1 With RSA Encryption

Not Valid Before: Mar 04 20:02:55 2018 GMT
Not Valid After: Sep 03 20:02:55 2018 GMT

Public Key Info:

Algorithm: RSA Encryption
Key Length: 2048 bits
Public Key: 00 A5 D3 D3 B0 B6 E7 35 D0 E3 05 E7 48 25 F5 32 3A F6 69 B6
25 2B E8 6C 4A FE 21 88 53 4C F1 0F DD 36 FB 37 80 EA 31 34
67 33 D3 D9 81 35 82 1B 1F 88 B1 A1 F8 FF 3D 85 A9 C4 2E 61
DB EF DD 0B 0F 66 56 7F 57 71 32 DA 45 20 52 51 EB 9F E7 FA
24 1A A7 78 7C 49 EF D3 39 97 2C 8F 79 22 B4 23 69 62 FE B3
56 92 D6 BA B5 F9 00 DD FD FB D5 85 6F 4B 12 1B A2 C3 C2 E9
A4 92 EF 95 8E 5D 1A 4B FD 7C 9E A1 C7 C3 22 73 56 16 70 D2
AF D1 6E 70 7C CE 3E 58 E2 4A 55 CD D0 9A 42 6B 1B 60 92 78
8E 6C EB 01 13 60 9F 9F 88 05 9D E6 85 9C 60 72 AC 6C BE A8
2A 2E F5 2E 08 35 08 F6 84 58 38 A0 A7 70 BA BE 23 32 68 25
98 8B 7B 21 E8 B6 CC 04 2D 74 FB A7 6A C7 10 81 46 BE 91 05
81 7A 85 50 D7 4C A7 58 32 45 80 83 99 EF 3F 70 AB 2B EF A9
FA 31 CF B0 D5 F6 9B 7B AC 54 81 A0 3A 1D 1C 18 F9
Exponent: 01 00 01

Signature Length: 256 bytes / 2048 bits
Signature: 00 05 4A 4A C8 5A EB 35 26 C8 15 34 7D 42 82 B9 52 F9 19 50
C1 5D 25 7A 8B E2 83 68 D0 6D D7 B0 BB 7E 99 74 D8 74 DC F8
42 E5 D4 0E 94 32 78 02 05 F6 09 AC A5 3F F5 2F 96 03 60 32
93 41 75 2E 2C 2E 10 1C EF BE 69 07 2F 95 02 1D 78 1D B5 74
9E 63 3F 1B D3 88 E5 FD BD 97 9C 97 21 CA 06 54 1F E3 92 24
1E 07 5B ED E2 DE DD ED 70 77 BA 8F 12 57 0A C6 F2 D5 56 48
9E 0F EF EE D0 FC C6 6D 11 04 8F A4 A8 1B 16 95 83 5A A6 D8
CA 13 9D 6E 3D 7F F5 09 38 06 17 DE 9A 74 05 36 9E 12 32 54
8B 00 47 6F 26 7B 35 58 51 B7 4E 6F F2 29 F5 3A 17 3C D2 C6
5D 0F 13 33 3B 68 D1 11 DB 4C 83 EF 13 FE FC 8F CE F9 63 E8
FD 08 56 26 FB 60 CB 43 F6 40 51 1D 75 54 73 12 87 6D 30 87
37 D4 1C 6C D8 79 01 8B 02 09 12 E1 52 52 6C A9 34 F3 4D 8F
4D 81 99 89 5E 0A 93 B5 55 04 9B F4 3B DF B9 35 B3

Extension: Extended Key Usage (2.5.29.37)
Critical: 0
Purpose#1: Web Server Authentication (1.3.6.1.5.5.7.3.1)


Extension: Key Usage (2.5.29.15)
Critical: 0
Key Usage: Key Encipherment, Data Encipherment


Fingerprints :

SHA-256 Fingerprint: 06 DA 14 46 EE 2D 3C 80 D8 36 8F 15 82 5B D6 2C D7 BE 97 94
69 9C 28 7B 32 2D 18 28 77 BB B9 58
SHA-1 Fingerprint: EF 1B D1 B9 C8 FC 1B 6C DF 27 1A C1 7E 26 24 35 74 5B 46 54
MD5 Fingerprint: 6A F6 E7 D0 A9 7A E1 DF 68 1D A6 B1 EE 52 FD 57

10.0.0.158 (tcp/48000)

Subject Name:

State/Province: /Rackspace/ordhub01/911751-427581
Organization: Rackspace
Organization Unit: ordhub01
Organization Unit: 911751-427581
Common Name: 127.0.0.1

Issuer Name:

State/Province: /Rackspace/ordhub01/911751-427581
Organization: Rackspace
Organization Unit: ordhub01
Organization Unit: 911751-427581
Common Name: 127.0.0.1

Serial Number: 2A

Version: 3

Signature Algorithm: SHA-1 With RSA Encryption

Not Valid Before: Nov 06 02:46:35 2017 GMT
Not Valid After: Nov 07 02:46:35 2018 GMT

Public Key Info:

Algorithm: RSA Encryption
Key Length: 2048 bits
Public Key: 00 EF EC 8F 9B 7C 89 CA BA 80 EA 75 57 67 E6 FE 25 A3 54 16
D8 1E F4 F3 B8 D1 DA 65 46 F1 68 9F 47 85 94 64 A3 F5 4B B9
31 71 A6 08 0F D7 87 0F E6 7A C2 91 B6 7A C4 A9 EB 5D 1C A5
77 99 B4 4D C4 44 98 25 50 D0 53 09 A2 54 8F 41 6E 12 12 CD
7F D2 83 DE 97 C1 07 47 CB FB 5A 54 84 87 25 CF CF 57 82 63
88 0D D2 71 20 BB 6E 54 5D F1 BD 73 FD B9 A6 B8 60 20 2F 40
D6 0B C3 F5 93 61 72 1B B4 B1 DB 0C 80 A9 05 21 28 F6 B5 06
F2 CE E5 BC F5 88 B9 81 F0 43 B5 09 3F 08 A8 5F CE FA FA 8E
61 FB 43 31 D9 78 C1 67 F8 24 D3 A9 F5 05 E8 91 D2 C6 F2 6D
75 4E F4 57 8A F9 EA 7A 2C DC 1D C7 DA D2 65 CC 9C 0E 29 B7
18 F0 59 B6 2D B3 DE 0E FF 39 CA 66 21 5F 66 5B 2A 0B 39 5C
E8 C9 9C FF 77 B9 0C 35 D0 90 5D BA 06 20 CC 37 59 4D 55 E2
8C BD BA 81 0B 1A BF 4E C6 25 79 28 EA D9 6C 1C B7
Exponent: 01 00 01

Signature Length: 256 bytes / 2048 bits
Signature: 00 E9 1C 89 AC B7 BC 6D D7 BA 87 32 24 A7 A6 5C 47 C9 D1 3D
E8 4F AB 2D C2 43 31 C5 41 F4 87 C1 29 57 34 B0 78 E3 65 34
69 54 1E A1 28 DA F1 6C 49 13 82 3D 99 45 C1 D6 3F 75 88 DF
F7 ED B6 59 E6 76 F1 42 B6 0D 19 54 0B 1F BE 01 45 F3 75 58
B3 76 00 32 C5 0C F8 98 68 4D 35 ED A5 5E 03 18 42 F1 8B 26
7B BA 5B 4B 77 8F E6 F9 6D 0F E9 C0 A6 AA CC D8 FA 90 E3 C7
D3 C1 B0 03 95 1D 91 0D D1 22 65 F8 7F E1 76 00 97 3A 5E C5
60 74 91 7A 44 A3 8F 77 25 4B 2F 0D A2 9E 56 21 D1 47 C6 C5
10 C1 59 53 2E CE E3 C9 E0 5B 3E FC EA 98 93 BB BC A9 F9 61
88 E5 B9 1C 28 78 B0 20 47 F2 E4 B6 E7 DA 17 27 A6 BA B4 BF
E9 61 EF E6 AB C9 7B 49 F5 09 14 09 3F AC 7D 6E 19 F2 A4 DC
E5 1F C6 60 D7 C4 6A 2A E4 A6 F7 DD FA AB F6 81 8D F0 3E 92
E1 46 90 7F 62 91 76 51 59 03 2D 66 73 81 D5 55 8C

Extension: Basic Constraints (2.5.29.19)
Critical: 1


Extension: Comment (2.16.840.1.113730.1.13)
Critical: 0
Comment: NMS Robot Generated Certificate (Generated by: OpenSSL 1.0.0c 2 Dec 2010)


Fingerprints :

SHA-256 Fingerprint: 76 1A B5 FB 7B EB 22 13 B9 6D 9B C4 AA C9 48 3D 3B 77 19 43
5A BA 98 B7 40 16 67 D7 7D 8F 05 7B
SHA-1 Fingerprint: 0B 67 27 81 B5 EC DE 90 97 E6 15 70 CB 6C D1 F3 BC 78 7F E5
MD5 Fingerprint: 35 A3 D2 B2 78 EB F6 EC AC EE 61 15 C8 4C 31 91

10.0.0.158 (tcp/48001)

Subject Name:

State/Province: /n/a/n/a/n/a
Organization: n/a
Organization Unit: n/a
Organization Unit: n/a
Common Name: 127.0.0.1

Issuer Name:

State/Province: /n/a/n/a/n/a
Organization: n/a
Organization Unit: n/a
Organization Unit: n/a
Common Name: 127.0.0.1

Serial Number: 2A

Version: 3

Signature Algorithm: SHA-1 With RSA Encryption

Not Valid Before: Nov 06 03:03:18 2017 GMT
Not Valid After: Nov 07 03:03:18 2018 GMT

Public Key Info:

Algorithm: RSA Encryption
Key Length: 2048 bits
Public Key: 00 CA AF 3B 9B 49 DB 7B 8D 49 3A E6 BE 95 20 B7 9F A5 8C 4B
32 BB 46 D4 DF 59 BA C8 1C 46 58 6C 8F F0 E4 85 A4 2A F1 C0
54 7D 3D 88 6E 27 9A E1 86 9C E2 7F 43 6F 3E 48 9F E1 3B E2
2F EF CE 97 A5 8E 78 DA 23 CA CD DF EC 66 F7 66 7C 84 28 E4
02 A1 14 30 47 77 D0 7D 06 CC 12 F6 11 86 6F 76 7F BA 6C A2
2E 53 86 A8 E7 C2 5B 09 A1 B7 6A A9 05 78 62 89 40 88 2D 52
B7 98 65 19 AE B6 7B A8 62 A4 04 57 CB 77 D2 18 C8 C9 9B 51
D2 41 2D 38 70 CC E5 D5 32 CA 66 EC 8D 82 37 67 FD 83 DE 2D
2D 98 CE B9 7C E6 F4 E6 79 BB 48 B6 7A 8B B3 B9 B8 3F DD 75
61 1A E3 DD 7D 3D FA 02 42 04 B9 1B B8 D9 D4 6F CD 5B 29 36
73 C8 9B 98 9C 1E 28 FD B4 73 04 2F 8D 3D 27 FE 1B 96 7E F9
7F 74 1D 46 49 95 80 79 13 98 C1 79 E5 96 9D 3B C1 93 5E D1
CC E7 A7 8E 3A 9D 17 9C 6F 4A 8A 75 91 D1 7B 32 95
Exponent: 01 00 01

Signature Length: 256 bytes / 2048 bits
Signature: 00 C8 8C 89 07 D8 31 DB 4F 5D 7E 36 81 C3 94 4A 63 EF 35 FE
0D 1B A5 61 2D 19 50 0C 51 8F F6 65 DF 8C 14 CF 18 84 BC 2D
CE DF F8 0D 3B 38 97 0F 00 D4 10 87 09 EE 88 CD 6E CD 3C 79
B6 3C 9B BC BA B2 D3 CF 0F B5 3E D8 C0 07 35 7A 07 50 0A E1
E1 55 D0 B3 87 68 AD CB 94 DD 0C 2E 64 D9 E5 04 1F A8 67 61
13 16 63 C7 96 A8 D0 E5 BD 19 72 BD B5 AB D0 F4 04 17 B0 46
28 63 0F B4 24 87 81 93 7B DC 62 22 AF 61 49 25 9B C0 D8 C6
66 58 EE 8A AE 52 B9 8B 8A E1 16 CD 3C CD 7F 27 B6 98 AD 2F
34 60 E2 92 10 69 AB C2 A4 5A 1E 69 E2 E7 6F 7A A5 5C D9 46
5C 80 CA C7 60 4D 71 6D 16 F1 D0 04 A5 E6 B3 86 45 13 D5 5E
C5 93 17 D2 07 6B 74 5B 5A 24 82 50 65 9A 8C 30 03 F2 2C 55
98 14 F6 E3 AC D5 8A BD 4A 5B 7B 3C 6E F0 A4 CD 8B 69 7F 92
6E 97 77 49 B3 C7 D9 9D 27 57 14 56 E8 B3 B8 C8 F7

Extension: Basic Constraints (2.5.29.19)
Critical: 1


Extension: Comment (2.16.840.1.113730.1.13)
Critical: 0
Comment: NMS Robot Generated Certificate (Generated by: OpenSSL 1.0.0c 2 Dec 2010)


Fingerprints :

SHA-256 Fingerprint: A2 D3 16 0C 98 02 C2 DB 22 AA FF 0B AD FE 45 C1 BE A8 8A 10
F5 C7 A8 46 37 AD 60 57 E3 CE 7A 2B
SHA-1 Fingerprint: 08 5D C6 47 46 CC 7F 20 82 AD 79 B2 9D 32 5A 89 BD D7 B2 A7
MD5 Fingerprint: A0 82 7C 85 79 33 77 EF F3 F4 D4 6A 7B 2A CA F1
56984 (38) - SSL / TLS Versions Supported
Synopsis
The remote service encrypts communications.
Description
This plugin detects which SSL and TLS versions are supported by the remote service for encrypting communications.
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2011/12/01, Modified: 2018/02/15
Plugin Output

10.0.0.8 (tcp/1433)


This port supports SSLv3/TLSv1.0.

10.0.0.8 (tcp/3389)


This port supports TLSv1.0.

10.0.0.14 (tcp/3389)


This port supports TLSv1.0/TLSv1.1/TLSv1.2.

10.0.0.21 (tcp/443)


This port supports SSLv3/TLSv1.0.

10.0.0.21 (tcp/3389)


This port supports TLSv1.0/TLSv1.1/TLSv1.2.

10.0.0.22 (tcp/3389)


This port supports TLSv1.0/TLSv1.1/TLSv1.2.

10.0.0.22 (tcp/48000)


This port supports SSLv3.

10.0.0.22 (tcp/48001)


This port supports SSLv3.

10.0.0.25 (tcp/443)


This port supports SSLv3/TLSv1.0.

10.0.0.25 (tcp/636)


This port supports SSLv3/TLSv1.0.

10.0.0.25 (tcp/3269)


This port supports SSLv3/TLSv1.0.

10.0.0.25 (tcp/3389)


This port supports TLSv1.0/TLSv1.1/TLSv1.2.

10.0.0.27 (tcp/636)


This port supports SSLv3/TLSv1.0.

10.0.0.27 (tcp/3269)


This port supports SSLv3/TLSv1.0.

10.0.0.27 (tcp/3389)


This port supports TLSv1.0/TLSv1.1/TLSv1.2.

10.0.0.43 (tcp/443)


This port supports SSLv3/TLSv1.0/TLSv1.1.

10.0.0.44 (tcp/443)


This port supports SSLv3/TLSv1.0/TLSv1.1/TLSv1.2.

10.0.0.44 (tcp/5989)


This port supports SSLv3/TLSv1.0/TLSv1.1/TLSv1.2.

10.0.0.45 (tcp/443)


This port supports SSLv3/TLSv1.0/TLSv1.1.

10.0.0.46 (tcp/443)


This port supports SSLv3/TLSv1.0/TLSv1.1/TLSv1.2.

10.0.0.46 (tcp/5989)


This port supports SSLv3/TLSv1.0/TLSv1.1/TLSv1.2.

10.0.0.47 (tcp/443)


This port supports SSLv3/TLSv1.0.

10.0.0.47 (tcp/1514)


This port supports SSLv3/TLSv1.0.

10.0.0.47 (tcp/8191)


This port supports SSLv3/TLSv1.0/TLSv1.1/TLSv1.2.

10.0.0.47 (tcp/8443)


This port supports SSLv3/TLSv1.0/TLSv1.1/TLSv1.2.

10.0.0.47 (tcp/9443)


This port supports SSLv3/TLSv1.0/TLSv1.1/TLSv1.2.

10.0.0.64 (tcp/3389)


This port supports TLSv1.0/TLSv1.1/TLSv1.2.

10.0.0.64 (tcp/49570)


This port supports SSLv3/TLSv1.0/TLSv1.1/TLSv1.2.

10.0.0.94 (tcp/443)


This port supports SSLv3/TLSv1.0.

10.0.0.94 (tcp/3389)


This port supports TLSv1.0/TLSv1.1/TLSv1.2.

10.0.0.112 (tcp/3389)


This port supports TLSv1.0/TLSv1.1/TLSv1.2.

10.0.0.133 (tcp/443)


This port supports TLSv1.0/TLSv1.1/TLSv1.2.

10.0.0.148 (tcp/3389)


This port supports TLSv1.0/TLSv1.1/TLSv1.2.

10.0.0.158 (tcp/25)


This port supports SSLv3/TLSv1.0.

10.0.0.158 (tcp/443)


This port supports SSLv3/TLSv1.0.

10.0.0.158 (tcp/3389)


This port supports TLSv1.0/TLSv1.1/TLSv1.2.

10.0.0.158 (tcp/48000)


This port supports SSLv3.

10.0.0.158 (tcp/48001)


This port supports SSLv3.
45590 (36) - Common Platform Enumeration (CPE)
Synopsis
It was possible to enumerate CPE names that matched on the remote system.
Description
By using information obtained from a Nessus scan, this plugin reports CPE (Common Platform Enumeration) matches for various hardware and software products found on a host.

Note that if an official CPE is not available for the product, this plugin computes the best possible CPE based on the information available from the scan.
See Also
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2010/04/21, Modified: 2017/06/06
Plugin Output

10.0.0.1 (tcp/0)


The remote operating system matched the following CPE :

cpe:/o:linux:linux_kernel:2.6

10.0.0.8 (tcp/0)


The remote operating system matched the following CPE's :

cpe:/o:microsoft:windows_vista
cpe:/o:microsoft:windows_server_2008
cpe:/o:microsoft:windows_server_2008:r2 -> Microsoft Windows Server 2008 R2
cpe:/o:microsoft:windows_7

10.0.0.11 (tcp/0)


The remote operating system matched the following CPE :

cpe:/o:linux:linux_kernel:2.6

10.0.0.12 (tcp/0)


The remote operating system matched the following CPE :

cpe:/o:linux:linux_kernel:2.6

10.0.0.14 (tcp/0)


The remote operating system matched the following CPE :

cpe:/o:microsoft:windows_server_2008::sp2 -> Microsoft Windows Server 2008 Service Pack 2

Following application CPE's matched on the remote system :

cpe:/a:adobe:flash_player:10.2.159.1 -> Adobe Flash Player 10.2.159.1
cpe:/a:microsoft:ie:9.0.8112.16421
cpe:/a:oracle:jre:1.8.0:update151

10.0.0.17 (tcp/0)


The remote operating system matched the following CPE :

cpe:/o:linux:linux_kernel:2.6

10.0.0.19 (tcp/0)


The remote operating system matched the following CPE :

cpe:/o:linux:linux_kernel:2.6

10.0.0.21 (tcp/0)


The remote operating system matched the following CPE :

cpe:/o:microsoft:windows_server_2008:r2 -> Microsoft Windows Server 2008 R2

Following application CPE matched on the remote system :

cpe:/a:microsoft:iis:7.5 -> Microsoft Internet Information Services (IIS) 7.5

10.0.0.22 (tcp/0)


The remote operating system matched the following CPE :

cpe:/o:microsoft:windows_server_2008:r2 -> Microsoft Windows Server 2008 R2

Following application CPE matched on the remote system :

cpe:/a:microsoft:iis:7.5 -> Microsoft Internet Information Services (IIS) 7.5

10.0.0.25 (tcp/0)


The remote operating system matched the following CPE :

cpe:/o:microsoft:windows_server_2008:r2 -> Microsoft Windows Server 2008 R2

Following application CPE matched on the remote system :

cpe:/a:microsoft:iis:7.5 -> Microsoft Internet Information Services (IIS) 7.5

10.0.0.27 (tcp/0)


The remote operating system matched the following CPE's :

cpe:/o:microsoft:windows_vista
cpe:/o:microsoft:windows_server_2008
cpe:/o:microsoft:windows_server_2008:r2 -> Microsoft Windows Server 2008 R2
cpe:/o:microsoft:windows_7

10.0.0.39 (tcp/0)


The remote operating system matched the following CPE's :

cpe:/o:linux:linux_kernel:2.2
cpe:/o:linux:linux_kernel:2.4
cpe:/o:linux:linux_kernel:2.6

10.0.0.44 (tcp/0)


The remote operating system matched the following CPE :

cpe:/o:vmware:esx_server

10.0.0.46 (tcp/0)


The remote operating system matched the following CPE :

cpe:/o:vmware:esx_server

10.0.0.47 (tcp/0)


Following application CPE matched on the remote system :

cpe:/a:openbsd:openssh:5.1 -> OpenBSD OpenSSH 5.1

10.0.0.50 (tcp/0)


The remote operating system matched the following CPE's :

cpe:/o:linux:linux_kernel:2.2
cpe:/o:linux:linux_kernel:2.4
cpe:/o:linux:linux_kernel:2.6

10.0.0.51 (tcp/0)


The remote operating system matched the following CPE's :

cpe:/o:linux:linux_kernel:2.2
cpe:/o:linux:linux_kernel:2.4
cpe:/o:linux:linux_kernel:2.6

10.0.0.52 (tcp/0)


The remote operating system matched the following CPE's :

cpe:/o:linux:linux_kernel:2.2
cpe:/o:linux:linux_kernel:2.4
cpe:/o:linux:linux_kernel:2.6

10.0.0.53 (tcp/0)


The remote operating system matched the following CPE's :

cpe:/o:linux:linux_kernel:2.2
cpe:/o:linux:linux_kernel:2.4
cpe:/o:linux:linux_kernel:2.6

10.0.0.54 (tcp/0)


The remote operating system matched the following CPE's :

cpe:/o:linux:linux_kernel:2.2
cpe:/o:linux:linux_kernel:2.4
cpe:/o:linux:linux_kernel:2.6

10.0.0.60 (tcp/0)


The remote operating system matched the following CPE's :

cpe:/o:linux:linux_kernel:2.2
cpe:/o:linux:linux_kernel:2.4
cpe:/o:linux:linux_kernel:2.6

10.0.0.64 (tcp/0)


The remote operating system matched the following CPE :

cpe:/o:microsoft:windows_7::sp1:x64-professional

Following application CPE's matched on the remote system :

cpe:/a:google:chrome:63.0.3239.132
cpe:/a:adobe:acrobat_reader:15.8.20082.147029
cpe:/a:adobe:acrobat:9.5.5.316
cpe:/a:adobe:adobe_air:25.0.0
cpe:/a:adobe:flash_player:26.0.0.151
cpe:/a:microsoft:ie:11.0.9600.18762
cpe:/a:mozilla:firefox:42.0.0
cpe:/a:oracle:jre:1.8.0:update121

10.0.0.67 (tcp/0)


The remote operating system matched the following CPE's :

cpe:/o:linux:linux_kernel:2.2
cpe:/o:linux:linux_kernel:2.4
cpe:/o:linux:linux_kernel:2.6

10.0.0.85 (tcp/0)


The remote operating system matched the following CPE's :

cpe:/o:linux:linux_kernel:2.2
cpe:/o:linux:linux_kernel:2.4
cpe:/o:linux:linux_kernel:2.6

10.0.0.87 (tcp/0)


The remote operating system matched the following CPE's :

cpe:/o:linux:linux_kernel:2.2
cpe:/o:linux:linux_kernel:2.4
cpe:/o:linux:linux_kernel:2.6

10.0.0.91 (tcp/0)


The remote operating system matched the following CPE's :

cpe:/o:linux:linux_kernel:2.2
cpe:/o:linux:linux_kernel:2.4
cpe:/o:linux:linux_kernel:2.6

10.0.0.94 (tcp/0)


The remote operating system matched the following CPE :

cpe:/o:microsoft:windows_server_2008:r2 -> Microsoft Windows Server 2008 R2

Following application CPE matched on the remote system :

cpe:/a:microsoft:iis:7.5 -> Microsoft Internet Information Services (IIS) 7.5

10.0.0.110 (tcp/0)


The remote operating system matched the following CPE :

cpe:/o:linux:linux_kernel:2.6

Following application CPE matched on the remote system :

cpe:/a:openbsd:openssh:4.3 -> OpenBSD OpenSSH 4.3

10.0.0.111 (tcp/0)


The remote operating system matched the following CPE :

cpe:/o:linux:linux_kernel:2.6

Following application CPE matched on the remote system :

cpe:/a:openbsd:openssh:4.3 -> OpenBSD OpenSSH 4.3

10.0.0.112 (tcp/0)


The remote operating system matched the following CPE's :

cpe:/o:microsoft:windows_vista
cpe:/o:microsoft:windows_server_2008
cpe:/o:microsoft:windows_server_2008:r2 -> Microsoft Windows Server 2008 R2
cpe:/o:microsoft:windows_7

10.0.0.114 (tcp/0)


The remote operating system matched the following CPE's :

cpe:/o:linux:linux_kernel:2.2
cpe:/o:linux:linux_kernel:2.4
cpe:/o:linux:linux_kernel:2.6

10.0.0.133 (tcp/0)


The remote operating system matched the following CPE :

cpe:/o:microsoft:windows

Following application CPE's matched on the remote system :

cpe:/a:samba:samba:4.7.0
cpe:/a:apache:http_server:2.2.34

10.0.0.148 (tcp/0)


The remote operating system matched the following CPE :

cpe:/o:microsoft:windows_server_2016

10.0.0.158 (tcp/0)


The remote operating system matched the following CPE :

cpe:/o:microsoft:windows

Following application CPE matched on the remote system :

cpe:/a:microsoft:iis:7.5 -> Microsoft Internet Information Services (IIS) 7.5

10.0.0.169 (tcp/0)


The remote operating system matched the following CPE :

cpe:/o:linux:linux_kernel:2.6

Following application CPE matched on the remote system :

cpe:/a:openbsd:openssh:4.3 -> OpenBSD OpenSSH 4.3

10.0.0.201 (tcp/0)


The remote operating system matched the following CPE :

cpe:/o:linux:linux_kernel:2.6

Following application CPE matched on the remote system :

cpe:/a:openbsd:openssh:6.6 -> OpenBSD OpenSSH 6.6
21643 (35) - SSL Cipher Suites Supported
Synopsis
The remote service encrypts communications using SSL.
Description
This plugin detects which SSL ciphers are supported by the remote service for encrypting communications.
See Also
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2006/06/05, Modified: 2018/03/29
Plugin Output

10.0.0.8 (tcp/1433)


Here is the list of SSL ciphers supported by the remote server :
Each group is reported per SSL Version.

SSL Version : TLSv1
Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

DES-CBC3-SHA Kx=RSA Au=RSA Enc=3DES-CBC(168) Mac=SHA1

High Strength Ciphers (>= 112-bit key)

ECDHE-RSA-AES128-SHA Kx=ECDH Au=RSA Enc=AES-CBC(128) Mac=SHA1
ECDHE-RSA-AES256-SHA Kx=ECDH Au=RSA Enc=AES-CBC(256) Mac=SHA1
AES128-SHA Kx=RSA Au=RSA Enc=AES-CBC(128) Mac=SHA1
AES256-SHA Kx=RSA Au=RSA Enc=AES-CBC(256) Mac=SHA1
RC4-MD5 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5
RC4-SHA Kx=RSA Au=RSA Enc=RC4(128) Mac=SHA1


SSL Version : SSLv3
Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

DES-CBC3-SHA Kx=RSA Au=RSA Enc=3DES-CBC(168) Mac=SHA1

High Strength Ciphers (>= 112-bit key)

RC4-MD5 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5
RC4-SHA Kx=RSA Au=RSA Enc=RC4(128) Mac=SHA1

The fields above are :

{OpenSSL ciphername}
Kx={key exchange}
Au={authentication}
Enc={symmetric encryption method}
Mac={message authentication code}
{export flag}

10.0.0.8 (tcp/3389)


Here is the list of SSL ciphers supported by the remote server :
Each group is reported per SSL Version.

SSL Version : TLSv1
Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

DES-CBC3-SHA Kx=RSA Au=RSA Enc=3DES-CBC(168) Mac=SHA1

High Strength Ciphers (>= 112-bit key)

ECDHE-RSA-AES128-SHA Kx=ECDH Au=RSA Enc=AES-CBC(128) Mac=SHA1
ECDHE-RSA-AES256-SHA Kx=ECDH Au=RSA Enc=AES-CBC(256) Mac=SHA1
AES128-SHA Kx=RSA Au=RSA Enc=AES-CBC(128) Mac=SHA1
AES256-SHA Kx=RSA Au=RSA Enc=AES-CBC(256) Mac=SHA1
RC4-MD5 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5
RC4-SHA Kx=RSA Au=RSA Enc=RC4(128) Mac=SHA1

The fields above are :

{OpenSSL ciphername}
Kx={key exchange}
Au={authentication}
Enc={symmetric encryption method}
Mac={message authentication code}
{export flag}

10.0.0.14 (tcp/3389)


Here is the list of SSL ciphers supported by the remote server :
Each group is reported per SSL Version.

SSL Version : TLSv12
Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

DES-CBC3-SHA Kx=RSA Au=RSA Enc=3DES-CBC(168) Mac=SHA1

High Strength Ciphers (>= 112-bit key)

ECDHE-RSA-AES128-SHA Kx=ECDH Au=RSA Enc=AES-CBC(128) Mac=SHA1
ECDHE-RSA-AES256-SHA Kx=ECDH Au=RSA Enc=AES-CBC(256) Mac=SHA1
AES128-SHA Kx=RSA Au=RSA Enc=AES-CBC(128) Mac=SHA1
AES256-SHA Kx=RSA Au=RSA Enc=AES-CBC(256) Mac=SHA1
RC4-MD5 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5
RC4-SHA Kx=RSA Au=RSA Enc=RC4(128) Mac=SHA1


SSL Version : TLSv11
Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

DES-CBC3-SHA Kx=RSA Au=RSA Enc=3DES-CBC(168) Mac=SHA1

High Strength Ciphers (>= 112-bit key)

ECDHE-RSA-AES128-SHA Kx=ECDH Au=RSA Enc=AES-CBC(128) Mac=SHA1
ECDHE-RSA-AES256-SHA Kx=ECDH Au=RSA Enc=AES-CBC(256) Mac=SHA1
AES128-SHA Kx=RSA Au=RSA Enc=AES-CBC(128) Mac=SHA1
AES256-SHA Kx=RSA Au=RSA Enc=AES-CBC(256) Mac=SHA1
RC4-MD5 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5
RC4-SHA Kx=RSA Au=RSA Enc=RC4(128) Mac=SHA1


SSL Version : TLSv1
Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

DES-CBC3-SHA Kx=RSA Au=RSA Enc=3DES-CBC(168) Mac=SHA1

High Strength Ciphers (>= 112-bit key)

ECDHE-RSA-AES128-SHA Kx=ECDH Au=RSA Enc=AES-CBC(128) Mac=SHA1
ECDHE-RSA-AES256-SHA Kx=ECDH Au=RSA Enc=AES-CBC(256) Mac=SHA1
AES128-SHA Kx=RSA Au=RSA Enc=AES-CBC(128) Mac=SHA1
AES256-SHA Kx=RSA Au=RSA Enc=AES-CBC(256) Mac=SHA1
RC4-MD5 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5
RC4-SHA Kx=RSA Au=RSA Enc=RC4(128) Mac=SHA1

The fields above are :

{OpenSSL ciphername}
Kx={key exchange}
Au={authentication}
Enc={symmetric encryption method}
Mac={message authentication code}
{export flag}

10.0.0.21 (tcp/443)


Here is the list of SSL ciphers supported by the remote server :
Each group is reported per SSL Version.

SSL Version : TLSv1
Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

DES-CBC3-SHA Kx=RSA Au=RSA Enc=3DES-CBC(168) Mac=SHA1

High Strength Ciphers (>= 112-bit key)

DHE-RSA-AES128-SHA Kx=DH Au=RSA Enc=AES-CBC(128) Mac=SHA1
DHE-RSA-AES256-SHA Kx=DH Au=RSA Enc=AES-CBC(256) Mac=SHA1
ECDHE-RSA-AES128-SHA Kx=ECDH Au=RSA Enc=AES-CBC(128) Mac=SHA1
ECDHE-RSA-AES256-SHA Kx=ECDH Au=RSA Enc=AES-CBC(256) Mac=SHA1
AES128-SHA Kx=RSA Au=RSA Enc=AES-CBC(128) Mac=SHA1
AES256-SHA Kx=RSA Au=RSA Enc=AES-CBC(256) Mac=SHA1
RC4-MD5 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5
RC4-SHA Kx=RSA Au=RSA Enc=RC4(128) Mac=SHA1


SSL Version : SSLv3
Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

DES-CBC3-SHA Kx=RSA Au=RSA Enc=3DES-CBC(168) Mac=SHA1

High Strength Ciphers (>= 112-bit key)

RC4-MD5 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5
RC4-SHA Kx=RSA Au=RSA Enc=RC4(128) Mac=SHA1

The fields above are :

{OpenSSL ciphername}
Kx={key exchange}
Au={authentication}
Enc={symmetric encryption method}
Mac={message authentication code}
{export flag}

10.0.0.21 (tcp/3389)


Here is the list of SSL ciphers supported by the remote server :
Each group is reported per SSL Version.

SSL Version : TLSv12
Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

DES-CBC3-SHA Kx=RSA Au=RSA Enc=3DES-CBC(168) Mac=SHA1

High Strength Ciphers (>= 112-bit key)

DHE-RSA-AES128-SHA256 Kx=DH Au=RSA Enc=AES-GCM(128) Mac=SHA256
DHE-RSA-AES256-SHA384 Kx=DH Au=RSA Enc=AES-GCM(256) Mac=SHA384
RSA-AES128-SHA256 Kx=RSA Au=RSA Enc=AES-GCM(128) Mac=SHA256
RSA-AES256-SHA384 Kx=RSA Au=RSA Enc=AES-GCM(256) Mac=SHA384
DHE-RSA-AES128-SHA Kx=DH Au=RSA Enc=AES-CBC(128) Mac=SHA1
DHE-RSA-AES256-SHA Kx=DH Au=RSA Enc=AES-CBC(256) Mac=SHA1
ECDHE-RSA-AES128-SHA Kx=ECDH Au=RSA Enc=AES-CBC(128) Mac=SHA1
ECDHE-RSA-AES256-SHA Kx=ECDH Au=RSA Enc=AES-CBC(256) Mac=SHA1
AES128-SHA Kx=RSA Au=RSA Enc=AES-CBC(128) Mac=SHA1
AES256-SHA Kx=RSA Au=RSA Enc=AES-CBC(256) Mac=SHA1
RC4-MD5 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5
RC4-SHA Kx=RSA Au=RSA Enc=RC4(128) Mac=SHA1
ECDHE-RSA-AES128-SHA256 Kx=ECDH Au=RSA Enc=AES-CBC(128) Mac=SHA256
ECDHE-RSA-AES256-SHA384 Kx=ECDH Au=RSA Enc=AES-CBC(256) Mac=SHA384
RSA-AES128-SHA256 Kx=RSA Au=RSA Enc=AES-CBC(128) Mac=SHA256
RSA-AES256-SHA256 Kx=RSA Au=RSA Enc=AES-CBC(256) Mac=SHA256


SSL Version : TLSv11
Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

DES-CBC3-SHA Kx=RSA Au=RSA Enc=3DES-CBC(168) Mac=SHA1

High Strength Ciphers (>= 112-bit key)

DHE-RSA-AES128-SHA Kx=DH Au=RSA Enc=AES-CBC(128) Mac=SHA1
DHE-RSA-AES256-SHA Kx=DH Au=RSA Enc=AES-CBC(256) Mac=SHA1
ECDHE-RSA-AES128-SHA Kx=ECDH Au=RSA Enc=AES-CBC(128) Mac=SHA1
ECDHE-RSA-AES256-SHA Kx=ECDH Au=RSA Enc=AES-CBC(256) Mac=SHA1
AES128-SHA Kx=RSA Au=RSA Enc=AES-CBC(128) Mac=SHA1
AES256-SHA Kx=RSA Au=RSA Enc=AES-CBC(256) Mac=SHA1
RC4-MD5 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5
RC4-SHA Kx=RSA Au=RSA Enc=RC4(128) Mac=SHA1


SSL Version : TLSv1
Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

DES-CBC3-SHA Kx=RSA Au=RSA Enc=3DES-CBC(168) Mac=SHA1

High Strength Ciphers (>= 112-bit key)

DHE-RSA-AES128-SHA Kx=DH Au=RSA Enc=AES-CBC(128) Mac=SHA1
DHE-RSA-AES256-SHA Kx=DH Au=RSA Enc=AES-CBC(256) Mac=SHA1
ECDHE-RSA-AES128-SHA Kx=ECDH Au=RSA Enc=AES-CBC(128) Mac=SHA1
ECDHE-RSA-AES256-SHA Kx=ECDH Au=RSA Enc=AES-CBC(256) Mac=SHA1
AES128-SHA Kx=RSA Au=RSA Enc=AES-CBC(128) Mac=SHA1
AES256-SHA Kx=RSA Au=RSA Enc=AES-CBC(256) Mac=SHA1
RC4-MD5 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5
RC4-SHA Kx=RSA Au=RSA Enc=RC4(128) Mac=SHA1

The fields above are :

{OpenSSL ciphername}
Kx={key exchange}
Au={authentication}
Enc={symmetric encryption method}
Mac={message authentication code}
{export flag}

10.0.0.22 (tcp/3389)


Here is the list of SSL ciphers supported by the remote server :
Each group is reported per SSL Version.

SSL Version : TLSv12
Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

DES-CBC3-SHA Kx=RSA Au=RSA Enc=3DES-CBC(168) Mac=SHA1

High Strength Ciphers (>= 112-bit key)

DHE-RSA-AES128-SHA256 Kx=DH Au=RSA Enc=AES-GCM(128) Mac=SHA256
DHE-RSA-AES256-SHA384 Kx=DH Au=RSA Enc=AES-GCM(256) Mac=SHA384
RSA-AES128-SHA256 Kx=RSA Au=RSA Enc=AES-GCM(128) Mac=SHA256
RSA-AES256-SHA384 Kx=RSA Au=RSA Enc=AES-GCM(256) Mac=SHA384
DHE-RSA-AES128-SHA Kx=DH Au=RSA Enc=AES-CBC(128) Mac=SHA1
DHE-RSA-AES256-SHA Kx=DH Au=RSA Enc=AES-CBC(256) Mac=SHA1
ECDHE-RSA-AES128-SHA Kx=ECDH Au=RSA Enc=AES-CBC(128) Mac=SHA1
ECDHE-RSA-AES256-SHA Kx=ECDH Au=RSA Enc=AES-CBC(256) Mac=SHA1
AES128-SHA Kx=RSA Au=RSA Enc=AES-CBC(128) Mac=SHA1
AES256-SHA Kx=RSA Au=RSA Enc=AES-CBC(256) Mac=SHA1
RC4-MD5 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5
RC4-SHA Kx=RSA Au=RSA Enc=RC4(128) Mac=SHA1
ECDHE-RSA-AES128-SHA256 Kx=ECDH Au=RSA Enc=AES-CBC(128) Mac=SHA256
ECDHE-RSA-AES256-SHA384 Kx=ECDH Au=RSA Enc=AES-CBC(256) Mac=SHA384
RSA-AES128-SHA256 Kx=RSA Au=RSA Enc=AES-CBC(128) Mac=SHA256
RSA-AES256-SHA256 Kx=RSA Au=RSA Enc=AES-CBC(256) Mac=SHA256


SSL Version : TLSv11
Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

DES-CBC3-SHA Kx=RSA Au=RSA Enc=3DES-CBC(168) Mac=SHA1

High Strength Ciphers (>= 112-bit key)

DHE-RSA-AES128-SHA Kx=DH Au=RSA Enc=AES-CBC(128) Mac=SHA1
DHE-RSA-AES256-SHA Kx=DH Au=RSA Enc=AES-CBC(256) Mac=SHA1
ECDHE-RSA-AES128-SHA Kx=ECDH Au=RSA Enc=AES-CBC(128) Mac=SHA1
ECDHE-RSA-AES256-SHA Kx=ECDH Au=RSA Enc=AES-CBC(256) Mac=SHA1
AES128-SHA Kx=RSA Au=RSA Enc=AES-CBC(128) Mac=SHA1
AES256-SHA Kx=RSA Au=RSA Enc=AES-CBC(256) Mac=SHA1
RC4-MD5 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5
RC4-SHA Kx=RSA Au=RSA Enc=RC4(128) Mac=SHA1


SSL Version : TLSv1
Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

DES-CBC3-SHA Kx=RSA Au=RSA Enc=3DES-CBC(168) Mac=SHA1

High Strength Ciphers (>= 112-bit key)

DHE-RSA-AES128-SHA Kx=DH Au=RSA Enc=AES-CBC(128) Mac=SHA1
DHE-RSA-AES256-SHA Kx=DH Au=RSA Enc=AES-CBC(256) Mac=SHA1
ECDHE-RSA-AES128-SHA Kx=ECDH Au=RSA Enc=AES-CBC(128) Mac=SHA1
ECDHE-RSA-AES256-SHA Kx=ECDH Au=RSA Enc=AES-CBC(256) Mac=SHA1
AES128-SHA Kx=RSA Au=RSA Enc=AES-CBC(128) Mac=SHA1
AES256-SHA Kx=RSA Au=RSA Enc=AES-CBC(256) Mac=SHA1
RC4-MD5 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5
RC4-SHA Kx=RSA Au=RSA Enc=RC4(128) Mac=SHA1

The fields above are :

{OpenSSL ciphername}
Kx={key exchange}
Au={authentication}
Enc={symmetric encryption method}
Mac={message authentication code}
{export flag}

10.0.0.22 (tcp/48000)


Here is the list of SSL ciphers supported by the remote server :
Each group is reported per SSL Version.

SSL Version : SSLv3
Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

DES-CBC3-SHA Kx=RSA Au=RSA Enc=3DES-CBC(168) Mac=SHA1

High Strength Ciphers (>= 112-bit key)

IDEA-CBC-SHA Kx=RSA Au=RSA Enc=IDEA-CBC(128) Mac=SHA1
RC4-MD5 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5
RC4-SHA Kx=RSA Au=RSA Enc=RC4(128) Mac=SHA1
SEED-SHA Kx=RSA Au=RSA Enc=SEED-CBC(128) Mac=SHA1

The fields above are :

{OpenSSL ciphername}
Kx={key exchange}
Au={authentication}
Enc={symmetric encryption method}
Mac={message authentication code}
{export flag}

10.0.0.22 (tcp/48001)


Here is the list of SSL ciphers supported by the remote server :
Each group is reported per SSL Version.

SSL Version : SSLv3
Low Strength Ciphers (<= 64-bit key)

DES-CBC-SHA Kx=RSA Au=RSA Enc=DES-CBC(56) Mac=SHA1

Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

DES-CBC3-SHA Kx=RSA Au=RSA Enc=3DES-CBC(168) Mac=SHA1

High Strength Ciphers (>= 112-bit key)

AES128-SHA Kx=RSA Au=RSA Enc=AES-CBC(128) Mac=SHA1
AES256-SHA Kx=RSA Au=RSA Enc=AES-CBC(256) Mac=SHA1
CAMELLIA128-SHA Kx=RSA Au=RSA Enc=Camellia-CBC(128) Mac=SHA1
CAMELLIA256-SHA Kx=RSA Au=RSA Enc=Camellia-CBC(256) Mac=SHA1
IDEA-CBC-SHA Kx=RSA Au=RSA Enc=IDEA-CBC(128) Mac=SHA1
RC4-MD5 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5
RC4-SHA Kx=RSA Au=RSA Enc=RC4(128) Mac=SHA1
SEED-SHA Kx=RSA Au=RSA Enc=SEED-CBC(128) Mac=SHA1

The fields above are :

{OpenSSL ciphername}
Kx={key exchange}
Au={authentication}
Enc={symmetric encryption method}
Mac={message authentication code}
{export flag}

10.0.0.25 (tcp/443)


Here is the list of SSL ciphers supported by the remote server :
Each group is reported per SSL Version.

SSL Version : TLSv1
Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

DES-CBC3-SHA Kx=RSA Au=RSA Enc=3DES-CBC(168) Mac=SHA1

High Strength Ciphers (>= 112-bit key)

DHE-RSA-AES128-SHA Kx=DH Au=RSA Enc=AES-CBC(128) Mac=SHA1
DHE-RSA-AES256-SHA Kx=DH Au=RSA Enc=AES-CBC(256) Mac=SHA1
ECDHE-RSA-AES128-SHA Kx=ECDH Au=RSA Enc=AES-CBC(128) Mac=SHA1
ECDHE-RSA-AES256-SHA Kx=ECDH Au=RSA Enc=AES-CBC(256) Mac=SHA1
AES128-SHA Kx=RSA Au=RSA Enc=AES-CBC(128) Mac=SHA1
AES256-SHA Kx=RSA Au=RSA Enc=AES-CBC(256) Mac=SHA1
RC4-MD5 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5
RC4-SHA Kx=RSA Au=RSA Enc=RC4(128) Mac=SHA1


SSL Version : SSLv3
Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

DES-CBC3-SHA Kx=RSA Au=RSA Enc=3DES-CBC(168) Mac=SHA1

High Strength Ciphers (>= 112-bit key)

RC4-MD5 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5
RC4-SHA Kx=RSA Au=RSA Enc=RC4(128) Mac=SHA1

The fields above are :

{OpenSSL ciphername}
Kx={key exchange}
Au={authentication}
Enc={symmetric encryption method}
Mac={message authentication code}
{export flag}

10.0.0.25 (tcp/636)


Here is the list of SSL ciphers supported by the remote server :
Each group is reported per SSL Version.

SSL Version : TLSv1
Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

DES-CBC3-SHA Kx=RSA Au=RSA Enc=3DES-CBC(168) Mac=SHA1

High Strength Ciphers (>= 112-bit key)

DHE-RSA-AES128-SHA Kx=DH Au=RSA Enc=AES-CBC(128) Mac=SHA1
DHE-RSA-AES256-SHA Kx=DH Au=RSA Enc=AES-CBC(256) Mac=SHA1
ECDHE-RSA-AES128-SHA Kx=ECDH Au=RSA Enc=AES-CBC(128) Mac=SHA1
ECDHE-RSA-AES256-SHA Kx=ECDH Au=RSA Enc=AES-CBC(256) Mac=SHA1
AES128-SHA Kx=RSA Au=RSA Enc=AES-CBC(128) Mac=SHA1
AES256-SHA Kx=RSA Au=RSA Enc=AES-CBC(256) Mac=SHA1
RC4-MD5 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5
RC4-SHA Kx=RSA Au=RSA Enc=RC4(128) Mac=SHA1


SSL Version : SSLv3
Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

DES-CBC3-SHA Kx=RSA Au=RSA Enc=3DES-CBC(168) Mac=SHA1

High Strength Ciphers (>= 112-bit key)

RC4-MD5 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5
RC4-SHA Kx=RSA Au=RSA Enc=RC4(128) Mac=SHA1

The fields above are :

{OpenSSL ciphername}
Kx={key exchange}
Au={authentication}
Enc={symmetric encryption method}
Mac={message authentication code}
{export flag}

10.0.0.25 (tcp/3269)


Here is the list of SSL ciphers supported by the remote server :
Each group is reported per SSL Version.

SSL Version : TLSv1
Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

DES-CBC3-SHA Kx=RSA Au=RSA Enc=3DES-CBC(168) Mac=SHA1

High Strength Ciphers (>= 112-bit key)

DHE-RSA-AES128-SHA Kx=DH Au=RSA Enc=AES-CBC(128) Mac=SHA1
DHE-RSA-AES256-SHA Kx=DH Au=RSA Enc=AES-CBC(256) Mac=SHA1
ECDHE-RSA-AES128-SHA Kx=ECDH Au=RSA Enc=AES-CBC(128) Mac=SHA1
ECDHE-RSA-AES256-SHA Kx=ECDH Au=RSA Enc=AES-CBC(256) Mac=SHA1
AES128-SHA Kx=RSA Au=RSA Enc=AES-CBC(128) Mac=SHA1
AES256-SHA Kx=RSA Au=RSA Enc=AES-CBC(256) Mac=SHA1
RC4-MD5 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5
RC4-SHA Kx=RSA Au=RSA Enc=RC4(128) Mac=SHA1


SSL Version : SSLv3
Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

DES-CBC3-SHA Kx=RSA Au=RSA Enc=3DES-CBC(168) Mac=SHA1

High Strength Ciphers (>= 112-bit key)

RC4-MD5 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5
RC4-SHA Kx=RSA Au=RSA Enc=RC4(128) Mac=SHA1

The fields above are :

{OpenSSL ciphername}
Kx={key exchange}
Au={authentication}
Enc={symmetric encryption method}
Mac={message authentication code}
{export flag}

10.0.0.25 (tcp/3389)


Here is the list of SSL ciphers supported by the remote server :
Each group is reported per SSL Version.

SSL Version : TLSv12
Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

DES-CBC3-SHA Kx=RSA Au=RSA Enc=3DES-CBC(168) Mac=SHA1

High Strength Ciphers (>= 112-bit key)

DHE-RSA-AES128-SHA256 Kx=DH Au=RSA Enc=AES-GCM(128) Mac=SHA256
DHE-RSA-AES256-SHA384 Kx=DH Au=RSA Enc=AES-GCM(256) Mac=SHA384
RSA-AES128-SHA256 Kx=RSA Au=RSA Enc=AES-GCM(128) Mac=SHA256
RSA-AES256-SHA384 Kx=RSA Au=RSA Enc=AES-GCM(256) Mac=SHA384
DHE-RSA-AES128-SHA Kx=DH Au=RSA Enc=AES-CBC(128) Mac=SHA1
DHE-RSA-AES256-SHA Kx=DH Au=RSA Enc=AES-CBC(256) Mac=SHA1
ECDHE-RSA-AES128-SHA Kx=ECDH Au=RSA Enc=AES-CBC(128) Mac=SHA1
ECDHE-RSA-AES256-SHA Kx=ECDH Au=RSA Enc=AES-CBC(256) Mac=SHA1
AES128-SHA Kx=RSA Au=RSA Enc=AES-CBC(128) Mac=SHA1
AES256-SHA Kx=RSA Au=RSA Enc=AES-CBC(256) Mac=SHA1
RC4-MD5 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5
RC4-SHA Kx=RSA Au=RSA Enc=RC4(128) Mac=SHA1
ECDHE-RSA-AES128-SHA256 Kx=ECDH Au=RSA Enc=AES-CBC(128) Mac=SHA256
ECDHE-RSA-AES256-SHA384 Kx=ECDH Au=RSA Enc=AES-CBC(256) Mac=SHA384
RSA-AES128-SHA256 Kx=RSA Au=RSA Enc=AES-CBC(128) Mac=SHA256
RSA-AES256-SHA256 Kx=RSA Au=RSA Enc=AES-CBC(256) Mac=SHA256


SSL Version : TLSv11
Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

DES-CBC3-SHA Kx=RSA Au=RSA Enc=3DES-CBC(168) Mac=SHA1

High Strength Ciphers (>= 112-bit key)

DHE-RSA-AES128-SHA Kx=DH Au=RSA Enc=AES-CBC(128) Mac=SHA1
DHE-RSA-AES256-SHA Kx=DH Au=RSA Enc=AES-CBC(256) Mac=SHA1
ECDHE-RSA-AES128-SHA Kx=ECDH Au=RSA Enc=AES-CBC(128) Mac=SHA1
ECDHE-RSA-AES256-SHA Kx=ECDH Au=RSA Enc=AES-CBC(256) Mac=SHA1
AES128-SHA Kx=RSA Au=RSA Enc=AES-CBC(128) Mac=SHA1
AES256-SHA Kx=RSA Au=RSA Enc=AES-CBC(256) Mac=SHA1
RC4-MD5 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5
RC4-SHA Kx=RSA Au=RSA Enc=RC4(128) Mac=SHA1


SSL Version : TLSv1
Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

DES-CBC3-SHA Kx=RSA Au=RSA Enc=3DES-CBC(168) Mac=SHA1

High Strength Ciphers (>= 112-bit key)

DHE-RSA-AES128-SHA Kx=DH Au=RSA Enc=AES-CBC(128) Mac=SHA1
DHE-RSA-AES256-SHA Kx=DH Au=RSA Enc=AES-CBC(256) Mac=SHA1
ECDHE-RSA-AES128-SHA Kx=ECDH Au=RSA Enc=AES-CBC(128) Mac=SHA1
ECDHE-RSA-AES256-SHA Kx=ECDH Au=RSA Enc=AES-CBC(256) Mac=SHA1
AES128-SHA Kx=RSA Au=RSA Enc=AES-CBC(128) Mac=SHA1
AES256-SHA Kx=RSA Au=RSA Enc=AES-CBC(256) Mac=SHA1
RC4-MD5 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5
RC4-SHA Kx=RSA Au=RSA Enc=RC4(128) Mac=SHA1

The fields above are :

{OpenSSL ciphername}
Kx={key exchange}
Au={authentication}
Enc={symmetric encryption method}
Mac={message authentication code}
{export flag}

10.0.0.27 (tcp/636)


Here is the list of SSL ciphers supported by the remote server :
Each group is reported per SSL Version.

SSL Version : TLSv1
Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

DES-CBC3-SHA Kx=RSA Au=RSA Enc=3DES-CBC(168) Mac=SHA1

High Strength Ciphers (>= 112-bit key)

DHE-RSA-AES128-SHA Kx=DH Au=RSA Enc=AES-CBC(128) Mac=SHA1
DHE-RSA-AES256-SHA Kx=DH Au=RSA Enc=AES-CBC(256) Mac=SHA1
ECDHE-RSA-AES128-SHA Kx=ECDH Au=RSA Enc=AES-CBC(128) Mac=SHA1
ECDHE-RSA-AES256-SHA Kx=ECDH Au=RSA Enc=AES-CBC(256) Mac=SHA1
AES128-SHA Kx=RSA Au=RSA Enc=AES-CBC(128) Mac=SHA1
AES256-SHA Kx=RSA Au=RSA Enc=AES-CBC(256) Mac=SHA1
RC4-MD5 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5
RC4-SHA Kx=RSA Au=RSA Enc=RC4(128) Mac=SHA1


SSL Version : SSLv3
Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

DES-CBC3-SHA Kx=RSA Au=RSA Enc=3DES-CBC(168) Mac=SHA1

High Strength Ciphers (>= 112-bit key)

RC4-MD5 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5
RC4-SHA Kx=RSA Au=RSA Enc=RC4(128) Mac=SHA1

The fields above are :

{OpenSSL ciphername}
Kx={key exchange}
Au={authentication}
Enc={symmetric encryption method}
Mac={message authentication code}
{export flag}

10.0.0.27 (tcp/3269)


Here is the list of SSL ciphers supported by the remote server :
Each group is reported per SSL Version.

SSL Version : TLSv1
Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

DES-CBC3-SHA Kx=RSA Au=RSA Enc=3DES-CBC(168) Mac=SHA1

High Strength Ciphers (>= 112-bit key)

DHE-RSA-AES128-SHA Kx=DH Au=RSA Enc=AES-CBC(128) Mac=SHA1
DHE-RSA-AES256-SHA Kx=DH Au=RSA Enc=AES-CBC(256) Mac=SHA1
ECDHE-RSA-AES128-SHA Kx=ECDH Au=RSA Enc=AES-CBC(128) Mac=SHA1
ECDHE-RSA-AES256-SHA Kx=ECDH Au=RSA Enc=AES-CBC(256) Mac=SHA1
AES128-SHA Kx=RSA Au=RSA Enc=AES-CBC(128) Mac=SHA1
AES256-SHA Kx=RSA Au=RSA Enc=AES-CBC(256) Mac=SHA1
RC4-MD5 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5
RC4-SHA Kx=RSA Au=RSA Enc=RC4(128) Mac=SHA1


SSL Version : SSLv3
Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

DES-CBC3-SHA Kx=RSA Au=RSA Enc=3DES-CBC(168) Mac=SHA1

High Strength Ciphers (>= 112-bit key)

RC4-MD5 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5
RC4-SHA Kx=RSA Au=RSA Enc=RC4(128) Mac=SHA1

The fields above are :

{OpenSSL ciphername}
Kx={key exchange}
Au={authentication}
Enc={symmetric encryption method}
Mac={message authentication code}
{export flag}

10.0.0.27 (tcp/3389)


Here is the list of SSL ciphers supported by the remote server :
Each group is reported per SSL Version.

SSL Version : TLSv12
Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

DES-CBC3-SHA Kx=RSA Au=RSA Enc=3DES-CBC(168) Mac=SHA1

High Strength Ciphers (>= 112-bit key)

DHE-RSA-AES128-SHA256 Kx=DH Au=RSA Enc=AES-GCM(128) Mac=SHA256
DHE-RSA-AES256-SHA384 Kx=DH Au=RSA Enc=AES-GCM(256) Mac=SHA384
RSA-AES128-SHA256 Kx=RSA Au=RSA Enc=AES-GCM(128) Mac=SHA256
RSA-AES256-SHA384 Kx=RSA Au=RSA Enc=AES-GCM(256) Mac=SHA384
DHE-RSA-AES128-SHA Kx=DH Au=RSA Enc=AES-CBC(128) Mac=SHA1
DHE-RSA-AES256-SHA Kx=DH Au=RSA Enc=AES-CBC(256) Mac=SHA1
ECDHE-RSA-AES128-SHA Kx=ECDH Au=RSA Enc=AES-CBC(128) Mac=SHA1
ECDHE-RSA-AES256-SHA Kx=ECDH Au=RSA Enc=AES-CBC(256) Mac=SHA1
AES128-SHA Kx=RSA Au=RSA Enc=AES-CBC(128) Mac=SHA1
AES256-SHA Kx=RSA Au=RSA Enc=AES-CBC(256) Mac=SHA1
RC4-MD5 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5
RC4-SHA Kx=RSA Au=RSA Enc=RC4(128) Mac=SHA1
ECDHE-RSA-AES128-SHA256 Kx=ECDH Au=RSA Enc=AES-CBC(128) Mac=SHA256
ECDHE-RSA-AES256-SHA384 Kx=ECDH Au=RSA Enc=AES-CBC(256) Mac=SHA384
RSA-AES128-SHA256 Kx=RSA Au=RSA Enc=AES-CBC(128) Mac=SHA256
RSA-AES256-SHA256 Kx=RSA Au=RSA Enc=AES-CBC(256) Mac=SHA256


SSL Version : TLSv11
Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

DES-CBC3-SHA Kx=RSA Au=RSA Enc=3DES-CBC(168) Mac=SHA1

High Strength Ciphers (>= 112-bit key)

DHE-RSA-AES128-SHA Kx=DH Au=RSA Enc=AES-CBC(128) Mac=SHA1
DHE-RSA-AES256-SHA Kx=DH Au=RSA Enc=AES-CBC(256) Mac=SHA1
ECDHE-RSA-AES128-SHA Kx=ECDH Au=RSA Enc=AES-CBC(128) Mac=SHA1
ECDHE-RSA-AES256-SHA Kx=ECDH Au=RSA Enc=AES-CBC(256) Mac=SHA1
AES128-SHA Kx=RSA Au=RSA Enc=AES-CBC(128) Mac=SHA1
AES256-SHA Kx=RSA Au=RSA Enc=AES-CBC(256) Mac=SHA1
RC4-MD5 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5
RC4-SHA Kx=RSA Au=RSA Enc=RC4(128) Mac=SHA1


SSL Version : TLSv1
Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

DES-CBC3-SHA Kx=RSA Au=RSA Enc=3DES-CBC(168) Mac=SHA1

High Strength Ciphers (>= 112-bit key)

DHE-RSA-AES128-SHA Kx=DH Au=RSA Enc=AES-CBC(128) Mac=SHA1
DHE-RSA-AES256-SHA Kx=DH Au=RSA Enc=AES-CBC(256) Mac=SHA1
ECDHE-RSA-AES128-SHA Kx=ECDH Au=RSA Enc=AES-CBC(128) Mac=SHA1
ECDHE-RSA-AES256-SHA Kx=ECDH Au=RSA Enc=AES-CBC(256) Mac=SHA1
AES128-SHA Kx=RSA Au=RSA Enc=AES-CBC(128) Mac=SHA1
AES256-SHA Kx=RSA Au=RSA Enc=AES-CBC(256) Mac=SHA1
RC4-MD5 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5
RC4-SHA Kx=RSA Au=RSA Enc=RC4(128) Mac=SHA1

The fields above are :

{OpenSSL ciphername}
Kx={key exchange}
Au={authentication}
Enc={symmetric encryption method}
Mac={message authentication code}
{export flag}

10.0.0.43 (tcp/443)


Here is the list of SSL ciphers supported by the remote server :
Each group is reported per SSL Version.

SSL Version : TLSv11
Low Strength Ciphers (<= 64-bit key)

EXP-EDH-RSA-DES-CBC-SHA Kx=DH(512) Au=RSA Enc=DES-CBC(40) Mac=SHA1 export
EDH-RSA-DES-CBC-SHA Kx=DH Au=RSA Enc=DES-CBC(56) Mac=SHA1
EXP1024-DES-CBC-SHA Kx=RSA(1024) Au=RSA Enc=DES-CBC(56) Mac=SHA1 export
EXP1024-RC4-SHA Kx=RSA(1024) Au=RSA Enc=RC4(56) Mac=SHA1 export
EXP-DES-CBC-SHA Kx=RSA(512) Au=RSA Enc=DES-CBC(40) Mac=SHA1 export
EXP-RC4-MD5 Kx=RSA(512) Au=RSA Enc=RC4(40) Mac=MD5 export
DES-CBC-SHA Kx=RSA Au=RSA Enc=DES-CBC(56) Mac=SHA1

Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

EDH-RSA-DES-CBC3-SHA Kx=DH Au=RSA Enc=3DES-CBC(168) Mac=SHA1
DES-CBC3-SHA Kx=RSA Au=RSA Enc=3DES-CBC(168) Mac=SHA1

High Strength Ciphers (>= 112-bit key)

RC4-MD5 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5
RC4-SHA Kx=RSA Au=RSA Enc=RC4(128) Mac=SHA1


SSL Version : TLSv1
Low Strength Ciphers (<= 64-bit key)

EXP-EDH-RSA-DES-CBC-SHA Kx=DH(512) Au=RSA Enc=DES-CBC(40) Mac=SHA1 export
EDH-RSA-DES-CBC-SHA Kx=DH Au=RSA Enc=DES-CBC(56) Mac=SHA1
EXP1024-DES-CBC-SHA Kx=RSA(1024) Au=RSA Enc=DES-CBC(56) Mac=SHA1 export
EXP1024-RC4-SHA Kx=RSA(1024) Au=RSA Enc=RC4(56) Mac=SHA1 export
EXP-DES-CBC-SHA Kx=RSA(512) Au=RSA Enc=DES-CBC(40) Mac=SHA1 export
EXP-RC4-MD5 Kx=RSA(512) Au=RSA Enc=RC4(40) Mac=MD5 export
DES-CBC-SHA Kx=RSA Au=RSA Enc=DES-CBC(56) Mac=SHA1

Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

EDH-RSA-DES-CBC3-SHA Kx=DH Au=RSA Enc=3DES-CBC(168) Mac=SHA1
DES-CBC3-SHA Kx=RSA Au=RSA Enc=3DES-CBC(168) Mac=SHA1

High Strength Ciphers (>= 112-bit key)

RC4-MD5 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5
RC4-SHA Kx=RSA Au=RSA Enc=RC4(128) Mac=SHA1


SSL Version : SSLv3
Low Strength Ciphers (<= 64-bit key)

EXP-EDH-RSA-DES-CBC-SHA Kx=DH(512) Au=RSA Enc=DES-CBC(40) Mac=SHA1 export
EDH-RSA-DES-CBC-SHA Kx=DH Au=RSA Enc=DES-CBC(56) Mac=SHA1
EXP1024-DES-CBC-SHA Kx=RSA(1024) Au=RSA Enc=DES-CBC(56) Mac=SHA1 export
EXP1024-RC4-SHA Kx=RSA(1024) Au=RSA Enc=RC4(56) Mac=SHA1 export
EXP-DES-CBC-SHA Kx=RSA(512) Au=RSA Enc=DES-CBC(40) Mac=SHA1 export
EXP-RC4-MD5 Kx=RSA(512) Au=RSA Enc=RC4(40) Mac=MD5 export
DES-CBC-SHA Kx=RSA Au=RSA Enc=DES-CBC(56) Mac=SHA1

Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

EDH-RSA-DES-CBC3-SHA Kx=DH Au=RSA Enc=3DES-CBC(168) Mac=SHA1
DES-CBC3-SHA Kx=RSA Au=RSA Enc=3DES-CBC(168) Mac=SHA1

High Strength Ciphers (>= 112-bit key)

RC4-MD5 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5
RC4-SHA Kx=RSA Au=RSA Enc=RC4(128) Mac=SHA1

The fields above are :

{OpenSSL ciphername}
Kx={key exchange}
Au={authentication}
Enc={symmetric encryption method}
Mac={message authentication code}
{export flag}

10.0.0.44 (tcp/443)


Here is the list of SSL ciphers supported by the remote server :
Each group is reported per SSL Version.

SSL Version : TLSv12
High Strength Ciphers (>= 112-bit key)

RSA-AES128-SHA256 Kx=RSA Au=RSA Enc=AES-GCM(128) Mac=SHA256
RSA-AES256-SHA384 Kx=RSA Au=RSA Enc=AES-GCM(256) Mac=SHA384
AES128-SHA Kx=RSA Au=RSA Enc=AES-CBC(128) Mac=SHA1
AES256-SHA Kx=RSA Au=RSA Enc=AES-CBC(256) Mac=SHA1
RSA-AES128-SHA256 Kx=RSA Au=RSA Enc=AES-CBC(128) Mac=SHA256
RSA-AES256-SHA256 Kx=RSA Au=RSA Enc=AES-CBC(256) Mac=SHA256


SSL Version : TLSv11
High Strength Ciphers (>= 112-bit key)

AES128-SHA Kx=RSA Au=RSA Enc=AES-CBC(128) Mac=SHA1
AES256-SHA Kx=RSA Au=RSA Enc=AES-CBC(256) Mac=SHA1


SSL Version : TLSv1
High Strength Ciphers (>= 112-bit key)

AES128-SHA Kx=RSA Au=RSA Enc=AES-CBC(128) Mac=SHA1
AES256-SHA Kx=RSA Au=RSA Enc=AES-CBC(256) Mac=SHA1


SSL Version : SSLv3
High Strength Ciphers (>= 112-bit key)

AES128-SHA Kx=RSA Au=RSA Enc=AES-CBC(128) Mac=SHA1
AES256-SHA Kx=RSA Au=RSA Enc=AES-CBC(256) Mac=SHA1

The fields above are :

{OpenSSL ciphername}
Kx={key exchange}
Au={authentication}
Enc={symmetric encryption method}
Mac={message authentication code}
{export flag}

10.0.0.44 (tcp/5989)


Here is the list of SSL ciphers supported by the remote server :
Each group is reported per SSL Version.

SSL Version : TLSv12
Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

DES-CBC3-SHA Kx=RSA Au=RSA Enc=3DES-CBC(168) Mac=SHA1

High Strength Ciphers (>= 112-bit key)

RSA-AES128-SHA256 Kx=RSA Au=RSA Enc=AES-GCM(128) Mac=SHA256
RSA-AES256-SHA384 Kx=RSA Au=RSA Enc=AES-GCM(256) Mac=SHA384
AES128-SHA Kx=RSA Au=RSA Enc=AES-CBC(128) Mac=SHA1
AES256-SHA Kx=RSA Au=RSA Enc=AES-CBC(256) Mac=SHA1
CAMELLIA128-SHA Kx=RSA Au=RSA Enc=Camellia-CBC(128) Mac=SHA1
CAMELLIA256-SHA Kx=RSA Au=RSA Enc=Camellia-CBC(256) Mac=SHA1
RSA-AES128-SHA256 Kx=RSA Au=RSA Enc=AES-CBC(128) Mac=SHA256
RSA-AES256-SHA256 Kx=RSA Au=RSA Enc=AES-CBC(256) Mac=SHA256


SSL Version : TLSv11
Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

DES-CBC3-SHA Kx=RSA Au=RSA Enc=3DES-CBC(168) Mac=SHA1

High Strength Ciphers (>= 112-bit key)

AES128-SHA Kx=RSA Au=RSA Enc=AES-CBC(128) Mac=SHA1
AES256-SHA Kx=RSA Au=RSA Enc=AES-CBC(256) Mac=SHA1
CAMELLIA128-SHA Kx=RSA Au=RSA Enc=Camellia-CBC(128) Mac=SHA1
CAMELLIA256-SHA Kx=RSA Au=RSA Enc=Camellia-CBC(256) Mac=SHA1


SSL Version : TLSv1
Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

DES-CBC3-SHA Kx=RSA Au=RSA Enc=3DES-CBC(168) Mac=SHA1

High Strength Ciphers (>= 112-bit key)

AES128-SHA Kx=RSA Au=RSA Enc=AES-CBC(128) Mac=SHA1
AES256-SHA Kx=RSA Au=RSA Enc=AES-CBC(256) Mac=SHA1
CAMELLIA128-SHA Kx=RSA Au=RSA Enc=Camellia-CBC(128) Mac=SHA1
CAMELLIA256-SHA Kx=RSA Au=RSA Enc=Camellia-CBC(256) Mac=SHA1


SSL Version : SSLv3
Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

DES-CBC3-SHA Kx=RSA Au=RSA Enc=3DES-CBC(168) Mac=SHA1

High Strength Ciphers (>= 112-bit key)

AES128-SHA Kx=RSA Au=RSA Enc=AES-CBC(128) Mac=SHA1
AES256-SHA Kx=RSA Au=RSA Enc=AES-CBC(256) Mac=SHA1
CAMELLIA128-SHA Kx=RSA Au=RSA Enc=Camellia-CBC(128) Mac=SHA1
CAMELLIA256-SHA Kx=RSA Au=RSA Enc=Camellia-CBC(256) Mac=SHA1

The fields above are :

{OpenSSL ciphername}
Kx={key exchange}
Au={authentication}
Enc={symmetric encryption method}
Mac={message authentication code}
{export flag}

10.0.0.45 (tcp/443)


Here is the list of SSL ciphers supported by the remote server :
Each group is reported per SSL Version.

SSL Version : TLSv11
Low Strength Ciphers (<= 64-bit key)

EXP-EDH-RSA-DES-CBC-SHA Kx=DH(512) Au=RSA Enc=DES-CBC(40) Mac=SHA1 export
EDH-RSA-DES-CBC-SHA Kx=DH Au=RSA Enc=DES-CBC(56) Mac=SHA1
EXP1024-DES-CBC-SHA Kx=RSA(1024) Au=RSA Enc=DES-CBC(56) Mac=SHA1 export
EXP1024-RC4-SHA Kx=RSA(1024) Au=RSA Enc=RC4(56) Mac=SHA1 export
EXP-DES-CBC-SHA Kx=RSA(512) Au=RSA Enc=DES-CBC(40) Mac=SHA1 export
EXP-RC4-MD5 Kx=RSA(512) Au=RSA Enc=RC4(40) Mac=MD5 export
DES-CBC-SHA Kx=RSA Au=RSA Enc=DES-CBC(56) Mac=SHA1

Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

EDH-RSA-DES-CBC3-SHA Kx=DH Au=RSA Enc=3DES-CBC(168) Mac=SHA1
DES-CBC3-SHA Kx=RSA Au=RSA Enc=3DES-CBC(168) Mac=SHA1

High Strength Ciphers (>= 112-bit key)

RC4-MD5 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5
RC4-SHA Kx=RSA Au=RSA Enc=RC4(128) Mac=SHA1


SSL Version : TLSv1
Low Strength Ciphers (<= 64-bit key)

EXP-EDH-RSA-DES-CBC-SHA Kx=DH(512) Au=RSA Enc=DES-CBC(40) Mac=SHA1 export
EDH-RSA-DES-CBC-SHA Kx=DH Au=RSA Enc=DES-CBC(56) Mac=SHA1
EXP1024-DES-CBC-SHA Kx=RSA(1024) Au=RSA Enc=DES-CBC(56) Mac=SHA1 export
EXP1024-RC4-SHA Kx=RSA(1024) Au=RSA Enc=RC4(56) Mac=SHA1 export
EXP-DES-CBC-SHA Kx=RSA(512) Au=RSA Enc=DES-CBC(40) Mac=SHA1 export
EXP-RC4-MD5 Kx=RSA(512) Au=RSA Enc=RC4(40) Mac=MD5 export
DES-CBC-SHA Kx=RSA Au=RSA Enc=DES-CBC(56) Mac=SHA1

Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

EDH-RSA-DES-CBC3-SHA Kx=DH Au=RSA Enc=3DES-CBC(168) Mac=SHA1
DES-CBC3-SHA Kx=RSA Au=RSA Enc=3DES-CBC(168) Mac=SHA1

High Strength Ciphers (>= 112-bit key)

RC4-MD5 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5
RC4-SHA Kx=RSA Au=RSA Enc=RC4(128) Mac=SHA1


SSL Version : SSLv3
Low Strength Ciphers (<= 64-bit key)

EXP-EDH-RSA-DES-CBC-SHA Kx=DH(512) Au=RSA Enc=DES-CBC(40) Mac=SHA1 export
EDH-RSA-DES-CBC-SHA Kx=DH Au=RSA Enc=DES-CBC(56) Mac=SHA1
EXP1024-DES-CBC-SHA Kx=RSA(1024) Au=RSA Enc=DES-CBC(56) Mac=SHA1 export
EXP1024-RC4-SHA Kx=RSA(1024) Au=RSA Enc=RC4(56) Mac=SHA1 export
EXP-DES-CBC-SHA Kx=RSA(512) Au=RSA Enc=DES-CBC(40) Mac=SHA1 export
EXP-RC4-MD5 Kx=RSA(512) Au=RSA Enc=RC4(40) Mac=MD5 export
DES-CBC-SHA Kx=RSA Au=RSA Enc=DES-CBC(56) Mac=SHA1

Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

EDH-RSA-DES-CBC3-SHA Kx=DH Au=RSA Enc=3DES-CBC(168) Mac=SHA1
DES-CBC3-SHA Kx=RSA Au=RSA Enc=3DES-CBC(168) Mac=SHA1

High Strength Ciphers (>= 112-bit key)

RC4-MD5 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5
RC4-SHA Kx=RSA Au=RSA Enc=RC4(128) Mac=SHA1

The fields above are :

{OpenSSL ciphername}
Kx={key exchange}
Au={authentication}
Enc={symmetric encryption method}
Mac={message authentication code}
{export flag}

10.0.0.46 (tcp/443)


Here is the list of SSL ciphers supported by the remote server :
Each group is reported per SSL Version.

SSL Version : TLSv12
High Strength Ciphers (>= 112-bit key)

RSA-AES128-SHA256 Kx=RSA Au=RSA Enc=AES-GCM(128) Mac=SHA256
RSA-AES256-SHA384 Kx=RSA Au=RSA Enc=AES-GCM(256) Mac=SHA384
AES128-SHA Kx=RSA Au=RSA Enc=AES-CBC(128) Mac=SHA1
AES256-SHA Kx=RSA Au=RSA Enc=AES-CBC(256) Mac=SHA1
RSA-AES128-SHA256 Kx=RSA Au=RSA Enc=AES-CBC(128) Mac=SHA256
RSA-AES256-SHA256 Kx=RSA Au=RSA Enc=AES-CBC(256) Mac=SHA256


SSL Version : TLSv11
High Strength Ciphers (>= 112-bit key)

AES128-SHA Kx=RSA Au=RSA Enc=AES-CBC(128) Mac=SHA1
AES256-SHA Kx=RSA Au=RSA Enc=AES-CBC(256) Mac=SHA1


SSL Version : TLSv1
High Strength Ciphers (>= 112-bit key)

AES128-SHA Kx=RSA Au=RSA Enc=AES-CBC(128) Mac=SHA1
AES256-SHA Kx=RSA Au=RSA Enc=AES-CBC(256) Mac=SHA1


SSL Version : SSLv3
High Strength Ciphers (>= 112-bit key)

AES128-SHA Kx=RSA Au=RSA Enc=AES-CBC(128) Mac=SHA1
AES256-SHA Kx=RSA Au=RSA Enc=AES-CBC(256) Mac=SHA1

The fields above are :

{OpenSSL ciphername}
Kx={key exchange}
Au={authentication}
Enc={symmetric encryption method}
Mac={message authentication code}
{export flag}

10.0.0.46 (tcp/5989)


Here is the list of SSL ciphers supported by the remote server :
Each group is reported per SSL Version.

SSL Version : TLSv12
Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

DES-CBC3-SHA Kx=RSA Au=RSA Enc=3DES-CBC(168) Mac=SHA1

High Strength Ciphers (>= 112-bit key)

RSA-AES128-SHA256 Kx=RSA Au=RSA Enc=AES-GCM(128) Mac=SHA256
RSA-AES256-SHA384 Kx=RSA Au=RSA Enc=AES-GCM(256) Mac=SHA384
AES128-SHA Kx=RSA Au=RSA Enc=AES-CBC(128) Mac=SHA1
AES256-SHA Kx=RSA Au=RSA Enc=AES-CBC(256) Mac=SHA1
CAMELLIA128-SHA Kx=RSA Au=RSA Enc=Camellia-CBC(128) Mac=SHA1
CAMELLIA256-SHA Kx=RSA Au=RSA Enc=Camellia-CBC(256) Mac=SHA1
RSA-AES128-SHA256 Kx=RSA Au=RSA Enc=AES-CBC(128) Mac=SHA256
RSA-AES256-SHA256 Kx=RSA Au=RSA Enc=AES-CBC(256) Mac=SHA256


SSL Version : TLSv11
Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

DES-CBC3-SHA Kx=RSA Au=RSA Enc=3DES-CBC(168) Mac=SHA1

High Strength Ciphers (>= 112-bit key)

AES128-SHA Kx=RSA Au=RSA Enc=AES-CBC(128) Mac=SHA1
AES256-SHA Kx=RSA Au=RSA Enc=AES-CBC(256) Mac=SHA1
CAMELLIA128-SHA Kx=RSA Au=RSA Enc=Camellia-CBC(128) Mac=SHA1
CAMELLIA256-SHA Kx=RSA Au=RSA Enc=Camellia-CBC(256) Mac=SHA1


SSL Version : TLSv1
Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

DES-CBC3-SHA Kx=RSA Au=RSA Enc=3DES-CBC(168) Mac=SHA1

High Strength Ciphers (>= 112-bit key)

AES128-SHA Kx=RSA Au=RSA Enc=AES-CBC(128) Mac=SHA1
AES256-SHA Kx=RSA Au=RSA Enc=AES-CBC(256) Mac=SHA1
CAMELLIA128-SHA Kx=RSA Au=RSA Enc=Camellia-CBC(128) Mac=SHA1
CAMELLIA256-SHA Kx=RSA Au=RSA Enc=Camellia-CBC(256) Mac=SHA1


SSL Version : SSLv3
Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

DES-CBC3-SHA Kx=RSA Au=RSA Enc=3DES-CBC(168) Mac=SHA1

High Strength Ciphers (>= 112-bit key)

AES128-SHA Kx=RSA Au=RSA Enc=AES-CBC(128) Mac=SHA1
AES256-SHA Kx=RSA Au=RSA Enc=AES-CBC(256) Mac=SHA1
CAMELLIA128-SHA Kx=RSA Au=RSA Enc=Camellia-CBC(128) Mac=SHA1
CAMELLIA256-SHA Kx=RSA Au=RSA Enc=Camellia-CBC(256) Mac=SHA1

The fields above are :

{OpenSSL ciphername}
Kx={key exchange}
Au={authentication}
Enc={symmetric encryption method}
Mac={message authentication code}
{export flag}

10.0.0.47 (tcp/1514)


Here is the list of SSL ciphers supported by the remote server :
Each group is reported per SSL Version.

SSL Version : TLSv1
High Strength Ciphers (>= 112-bit key)

AES128-SHA Kx=RSA Au=RSA Enc=AES-CBC(128) Mac=SHA1
AES256-SHA Kx=RSA Au=RSA Enc=AES-CBC(256) Mac=SHA1


SSL Version : SSLv3
High Strength Ciphers (>= 112-bit key)

AES128-SHA Kx=RSA Au=RSA Enc=AES-CBC(128) Mac=SHA1
AES256-SHA Kx=RSA Au=RSA Enc=AES-CBC(256) Mac=SHA1

The fields above are :

{OpenSSL ciphername}
Kx={key exchange}
Au={authentication}
Enc={symmetric encryption method}
Mac={message authentication code}
{export flag}

10.0.0.47 (tcp/8191)


Here is the list of SSL ciphers supported by the remote server :
Each group is reported per SSL Version.

SSL Version : TLSv12
High Strength Ciphers (>= 112-bit key)

ECDHE-RSA-AES256-SHA Kx=ECDH Au=RSA Enc=AES-CBC(256) Mac=SHA1
AES128-SHA Kx=RSA Au=RSA Enc=AES-CBC(128) Mac=SHA1
AES256-SHA Kx=RSA Au=RSA Enc=AES-CBC(256) Mac=SHA1


SSL Version : TLSv11
High Strength Ciphers (>= 112-bit key)

ECDHE-RSA-AES256-SHA Kx=ECDH Au=RSA Enc=AES-CBC(256) Mac=SHA1
AES128-SHA Kx=RSA Au=RSA Enc=AES-CBC(128) Mac=SHA1
AES256-SHA Kx=RSA Au=RSA Enc=AES-CBC(256) Mac=SHA1


SSL Version : TLSv1
High Strength Ciphers (>= 112-bit key)

ECDHE-RSA-AES256-SHA Kx=ECDH Au=RSA Enc=AES-CBC(256) Mac=SHA1
AES128-SHA Kx=RSA Au=RSA Enc=AES-CBC(128) Mac=SHA1
AES256-SHA Kx=RSA Au=RSA Enc=AES-CBC(256) Mac=SHA1


SSL Version : SSLv3
High Strength Ciphers (>= 112-bit key)

ECDHE-RSA-AES256-SHA Kx=ECDH Au=RSA Enc=AES-CBC(256) Mac=SHA1
AES128-SHA Kx=RSA Au=RSA Enc=AES-CBC(128) Mac=SHA1
AES256-SHA Kx=RSA Au=RSA Enc=AES-CBC(256) Mac=SHA1

The fields above are :

{OpenSSL ciphername}
Kx={key exchange}
Au={authentication}
Enc={symmetric encryption method}
Mac={message authentication code}
{export flag}

10.0.0.64 (tcp/3389)


Here is the list of SSL ciphers supported by the remote server :
Each group is reported per SSL Version.

SSL Version : TLSv12
Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

DES-CBC3-SHA Kx=RSA Au=RSA Enc=3DES-CBC(168) Mac=SHA1

High Strength Ciphers (>= 112-bit key)

DHE-RSA-AES128-SHA256 Kx=DH Au=RSA Enc=AES-GCM(128) Mac=SHA256
DHE-RSA-AES256-SHA384 Kx=DH Au=RSA Enc=AES-GCM(256) Mac=SHA384
RSA-AES128-SHA256 Kx=RSA Au=RSA Enc=AES-GCM(128) Mac=SHA256
RSA-AES256-SHA384 Kx=RSA Au=RSA Enc=AES-GCM(256) Mac=SHA384
DHE-RSA-AES128-SHA Kx=DH Au=RSA Enc=AES-CBC(128) Mac=SHA1
DHE-RSA-AES256-SHA Kx=DH Au=RSA Enc=AES-CBC(256) Mac=SHA1
ECDHE-RSA-AES128-SHA Kx=ECDH Au=RSA Enc=AES-CBC(128) Mac=SHA1
ECDHE-RSA-AES256-SHA Kx=ECDH Au=RSA Enc=AES-CBC(256) Mac=SHA1
AES128-SHA Kx=RSA Au=RSA Enc=AES-CBC(128) Mac=SHA1
AES256-SHA Kx=RSA Au=RSA Enc=AES-CBC(256) Mac=SHA1
RC4-MD5 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5
RC4-SHA Kx=RSA Au=RSA Enc=RC4(128) Mac=SHA1
ECDHE-RSA-AES128-SHA256 Kx=ECDH Au=RSA Enc=AES-CBC(128) Mac=SHA256
ECDHE-RSA-AES256-SHA384 Kx=ECDH Au=RSA Enc=AES-CBC(256) Mac=SHA384
RSA-AES128-SHA256 Kx=RSA Au=RSA Enc=AES-CBC(128) Mac=SHA256
RSA-AES256-SHA256 Kx=RSA Au=RSA Enc=AES-CBC(256) Mac=SHA256


SSL Version : TLSv11
Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

DES-CBC3-SHA Kx=RSA Au=RSA Enc=3DES-CBC(168) Mac=SHA1

High Strength Ciphers (>= 112-bit key)

DHE-RSA-AES128-SHA Kx=DH Au=RSA Enc=AES-CBC(128) Mac=SHA1
DHE-RSA-AES256-SHA Kx=DH Au=RSA Enc=AES-CBC(256) Mac=SHA1
ECDHE-RSA-AES128-SHA Kx=ECDH Au=RSA Enc=AES-CBC(128) Mac=SHA1
ECDHE-RSA-AES256-SHA Kx=ECDH Au=RSA Enc=AES-CBC(256) Mac=SHA1
AES128-SHA Kx=RSA Au=RSA Enc=AES-CBC(128) Mac=SHA1
AES256-SHA Kx=RSA Au=RSA Enc=AES-CBC(256) Mac=SHA1
RC4-MD5 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5
RC4-SHA Kx=RSA Au=RSA Enc=RC4(128) Mac=SHA1


SSL Version : TLSv1
Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

DES-CBC3-SHA Kx=RSA Au=RSA Enc=3DES-CBC(168) Mac=SHA1

High Strength Ciphers (>= 112-bit key)

DHE-RSA-AES128-SHA Kx=DH Au=RSA Enc=AES-CBC(128) Mac=SHA1
DHE-RSA-AES256-SHA Kx=DH Au=RSA Enc=AES-CBC(256) Mac=SHA1
ECDHE-RSA-AES128-SHA Kx=ECDH Au=RSA Enc=AES-CBC(128) Mac=SHA1
ECDHE-RSA-AES256-SHA Kx=ECDH Au=RSA Enc=AES-CBC(256) Mac=SHA1
AES128-SHA Kx=RSA Au=RSA Enc=AES-CBC(128) Mac=SHA1
AES256-SHA Kx=RSA Au=RSA Enc=AES-CBC(256) Mac=SHA1
RC4-MD5 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5
RC4-SHA Kx=RSA Au=RSA Enc=RC4(128) Mac=SHA1

The fields above are :

{OpenSSL ciphername}
Kx={key exchange}
Au={authentication}
Enc={symmetric encryption method}
Mac={message authentication code}
{export flag}

10.0.0.64 (tcp/49570)


Here is the list of SSL ciphers supported by the remote server :
Each group is reported per SSL Version.

SSL Version : TLSv12
Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

DES-CBC3-SHA Kx=RSA Au=RSA Enc=3DES-CBC(168) Mac=SHA1

High Strength Ciphers (>= 112-bit key)

DHE-RSA-AES128-SHA256 Kx=DH Au=RSA Enc=AES-GCM(128) Mac=SHA256
DHE-RSA-AES256-SHA384 Kx=DH Au=RSA Enc=AES-GCM(256) Mac=SHA384
RSA-AES128-SHA256 Kx=RSA Au=RSA Enc=AES-GCM(128) Mac=SHA256
RSA-AES256-SHA384 Kx=RSA Au=RSA Enc=AES-GCM(256) Mac=SHA384
DHE-RSA-AES128-SHA Kx=DH Au=RSA Enc=AES-CBC(128) Mac=SHA1
DHE-RSA-AES256-SHA Kx=DH Au=RSA Enc=AES-CBC(256) Mac=SHA1
ECDHE-RSA-AES128-SHA Kx=ECDH Au=RSA Enc=AES-CBC(128) Mac=SHA1
ECDHE-RSA-AES256-SHA Kx=ECDH Au=RSA Enc=AES-CBC(256) Mac=SHA1
AES128-SHA Kx=RSA Au=RSA Enc=AES-CBC(128) Mac=SHA1
AES256-SHA Kx=RSA Au=RSA Enc=AES-CBC(256) Mac=SHA1
RC4-MD5 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5
RC4-SHA Kx=RSA Au=RSA Enc=RC4(128) Mac=SHA1
ECDHE-RSA-AES128-SHA256 Kx=ECDH Au=RSA Enc=AES-CBC(128) Mac=SHA256
ECDHE-RSA-AES256-SHA384 Kx=ECDH Au=RSA Enc=AES-CBC(256) Mac=SHA384
RSA-AES128-SHA256 Kx=RSA Au=RSA Enc=AES-CBC(128) Mac=SHA256
RSA-AES256-SHA256 Kx=RSA Au=RSA Enc=AES-CBC(256) Mac=SHA256


SSL Version : TLSv11
Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

DES-CBC3-SHA Kx=RSA Au=RSA Enc=3DES-CBC(168) Mac=SHA1

High Strength Ciphers (>= 112-bit key)

DHE-RSA-AES128-SHA Kx=DH Au=RSA Enc=AES-CBC(128) Mac=SHA1
DHE-RSA-AES256-SHA Kx=DH Au=RSA Enc=AES-CBC(256) Mac=SHA1
ECDHE-RSA-AES128-SHA Kx=ECDH Au=RSA Enc=AES-CBC(128) Mac=SHA1
ECDHE-RSA-AES256-SHA Kx=ECDH Au=RSA Enc=AES-CBC(256) Mac=SHA1
AES128-SHA Kx=RSA Au=RSA Enc=AES-CBC(128) Mac=SHA1
AES256-SHA Kx=RSA Au=RSA Enc=AES-CBC(256) Mac=SHA1
RC4-MD5 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5
RC4-SHA Kx=RSA Au=RSA Enc=RC4(128) Mac=SHA1


SSL Version : TLSv1
Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

DES-CBC3-SHA Kx=RSA Au=RSA Enc=3DES-CBC(168) Mac=SHA1

High Strength Ciphers (>= 112-bit key)

DHE-RSA-AES128-SHA Kx=DH Au=RSA Enc=AES-CBC(128) Mac=SHA1
DHE-RSA-AES256-SHA Kx=DH Au=RSA Enc=AES-CBC(256) Mac=SHA1
ECDHE-RSA-AES128-SHA Kx=ECDH Au=RSA Enc=AES-CBC(128) Mac=SHA1
ECDHE-RSA-AES256-SHA Kx=ECDH Au=RSA Enc=AES-CBC(256) Mac=SHA1
AES128-SHA Kx=RSA Au=RSA Enc=AES-CBC(128) Mac=SHA1
AES256-SHA Kx=RSA Au=RSA Enc=AES-CBC(256) Mac=SHA1
RC4-MD5 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5
RC4-SHA Kx=RSA Au=RSA Enc=RC4(128) Mac=SHA1


SSL Version : SSLv3
Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

DES-CBC3-SHA Kx=RSA Au=RSA Enc=3DES-CBC(168) Mac=SHA1

High Strength Ciphers (>= 112-bit key)

RC4-MD5 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5
RC4-SHA Kx=RSA Au=RSA Enc=RC4(128) Mac=SHA1

The fields above are :

{OpenSSL ciphername}
Kx={key exchange}
Au={authentication}
Enc={symmetric encryption method}
Mac={message authentication code}
{export flag}

10.0.0.94 (tcp/443)


Here is the list of SSL ciphers supported by the remote server :
Each group is reported per SSL Version.

SSL Version : TLSv1
Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

DES-CBC3-SHA Kx=RSA Au=RSA Enc=3DES-CBC(168) Mac=SHA1

High Strength Ciphers (>= 112-bit key)

DHE-RSA-AES128-SHA Kx=DH Au=RSA Enc=AES-CBC(128) Mac=SHA1
DHE-RSA-AES256-SHA Kx=DH Au=RSA Enc=AES-CBC(256) Mac=SHA1
ECDHE-RSA-AES128-SHA Kx=ECDH Au=RSA Enc=AES-CBC(128) Mac=SHA1
ECDHE-RSA-AES256-SHA Kx=ECDH Au=RSA Enc=AES-CBC(256) Mac=SHA1
AES128-SHA Kx=RSA Au=RSA Enc=AES-CBC(128) Mac=SHA1
AES256-SHA Kx=RSA Au=RSA Enc=AES-CBC(256) Mac=SHA1
RC4-MD5 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5
RC4-SHA Kx=RSA Au=RSA Enc=RC4(128) Mac=SHA1


SSL Version : SSLv3
Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

DES-CBC3-SHA Kx=RSA Au=RSA Enc=3DES-CBC(168) Mac=SHA1

High Strength Ciphers (>= 112-bit key)

RC4-MD5 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5
RC4-SHA Kx=RSA Au=RSA Enc=RC4(128) Mac=SHA1

The fields above are :

{OpenSSL ciphername}
Kx={key exchange}
Au={authentication}
Enc={symmetric encryption method}
Mac={message authentication code}
{export flag}

10.0.0.94 (tcp/3389)


Here is the list of SSL ciphers supported by the remote server :
Each group is reported per SSL Version.

SSL Version : TLSv12
Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

DES-CBC3-SHA Kx=RSA Au=RSA Enc=3DES-CBC(168) Mac=SHA1

High Strength Ciphers (>= 112-bit key)

DHE-RSA-AES128-SHA256 Kx=DH Au=RSA Enc=AES-GCM(128) Mac=SHA256
DHE-RSA-AES256-SHA384 Kx=DH Au=RSA Enc=AES-GCM(256) Mac=SHA384
RSA-AES128-SHA256 Kx=RSA Au=RSA Enc=AES-GCM(128) Mac=SHA256
RSA-AES256-SHA384 Kx=RSA Au=RSA Enc=AES-GCM(256) Mac=SHA384
DHE-RSA-AES128-SHA Kx=DH Au=RSA Enc=AES-CBC(128) Mac=SHA1
DHE-RSA-AES256-SHA Kx=DH Au=RSA Enc=AES-CBC(256) Mac=SHA1
ECDHE-RSA-AES128-SHA Kx=ECDH Au=RSA Enc=AES-CBC(128) Mac=SHA1
ECDHE-RSA-AES256-SHA Kx=ECDH Au=RSA Enc=AES-CBC(256) Mac=SHA1
AES128-SHA Kx=RSA Au=RSA Enc=AES-CBC(128) Mac=SHA1
AES256-SHA Kx=RSA Au=RSA Enc=AES-CBC(256) Mac=SHA1
RC4-MD5 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5
RC4-SHA Kx=RSA Au=RSA Enc=RC4(128) Mac=SHA1
ECDHE-RSA-AES128-SHA256 Kx=ECDH Au=RSA Enc=AES-CBC(128) Mac=SHA256
ECDHE-RSA-AES256-SHA384 Kx=ECDH Au=RSA Enc=AES-CBC(256) Mac=SHA384
RSA-AES128-SHA256 Kx=RSA Au=RSA Enc=AES-CBC(128) Mac=SHA256
RSA-AES256-SHA256 Kx=RSA Au=RSA Enc=AES-CBC(256) Mac=SHA256


SSL Version : TLSv11
Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

DES-CBC3-SHA Kx=RSA Au=RSA Enc=3DES-CBC(168) Mac=SHA1

High Strength Ciphers (>= 112-bit key)

DHE-RSA-AES128-SHA Kx=DH Au=RSA Enc=AES-CBC(128) Mac=SHA1
DHE-RSA-AES256-SHA Kx=DH Au=RSA Enc=AES-CBC(256) Mac=SHA1
ECDHE-RSA-AES128-SHA Kx=ECDH Au=RSA Enc=AES-CBC(128) Mac=SHA1
ECDHE-RSA-AES256-SHA Kx=ECDH Au=RSA Enc=AES-CBC(256) Mac=SHA1
AES128-SHA Kx=RSA Au=RSA Enc=AES-CBC(128) Mac=SHA1
AES256-SHA Kx=RSA Au=RSA Enc=AES-CBC(256) Mac=SHA1
RC4-MD5 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5
RC4-SHA Kx=RSA Au=RSA Enc=RC4(128) Mac=SHA1


SSL Version : TLSv1
Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

DES-CBC3-SHA Kx=RSA Au=RSA Enc=3DES-CBC(168) Mac=SHA1

High Strength Ciphers (>= 112-bit key)

DHE-RSA-AES128-SHA Kx=DH Au=RSA Enc=AES-CBC(128) Mac=SHA1
DHE-RSA-AES256-SHA Kx=DH Au=RSA Enc=AES-CBC(256) Mac=SHA1
ECDHE-RSA-AES128-SHA Kx=ECDH Au=RSA Enc=AES-CBC(128) Mac=SHA1
ECDHE-RSA-AES256-SHA Kx=ECDH Au=RSA Enc=AES-CBC(256) Mac=SHA1
AES128-SHA Kx=RSA Au=RSA Enc=AES-CBC(128) Mac=SHA1
AES256-SHA Kx=RSA Au=RSA Enc=AES-CBC(256) Mac=SHA1
RC4-MD5 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5
RC4-SHA Kx=RSA Au=RSA Enc=RC4(128) Mac=SHA1

The fields above are :

{OpenSSL ciphername}
Kx={key exchange}
Au={authentication}
Enc={symmetric encryption method}
Mac={message authentication code}
{export flag}

10.0.0.112 (tcp/3389)


Here is the list of SSL ciphers supported by the remote server :
Each group is reported per SSL Version.

SSL Version : TLSv12
Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

DES-CBC3-SHA Kx=RSA Au=RSA Enc=3DES-CBC(168) Mac=SHA1

High Strength Ciphers (>= 112-bit key)

DHE-RSA-AES128-SHA256 Kx=DH Au=RSA Enc=AES-GCM(128) Mac=SHA256
DHE-RSA-AES256-SHA384 Kx=DH Au=RSA Enc=AES-GCM(256) Mac=SHA384
RSA-AES128-SHA256 Kx=RSA Au=RSA Enc=AES-GCM(128) Mac=SHA256
RSA-AES256-SHA384 Kx=RSA Au=RSA Enc=AES-GCM(256) Mac=SHA384
DHE-RSA-AES128-SHA Kx=DH Au=RSA Enc=AES-CBC(128) Mac=SHA1
DHE-RSA-AES256-SHA Kx=DH Au=RSA Enc=AES-CBC(256) Mac=SHA1
ECDHE-RSA-AES128-SHA Kx=ECDH Au=RSA Enc=AES-CBC(128) Mac=SHA1
ECDHE-RSA-AES256-SHA Kx=ECDH Au=RSA Enc=AES-CBC(256) Mac=SHA1
AES128-SHA Kx=RSA Au=RSA Enc=AES-CBC(128) Mac=SHA1
AES256-SHA Kx=RSA Au=RSA Enc=AES-CBC(256) Mac=SHA1
RC4-MD5 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5
RC4-SHA Kx=RSA Au=RSA Enc=RC4(128) Mac=SHA1
ECDHE-RSA-AES128-SHA256 Kx=ECDH Au=RSA Enc=AES-CBC(128) Mac=SHA256
ECDHE-RSA-AES256-SHA384 Kx=ECDH Au=RSA Enc=AES-CBC(256) Mac=SHA384
RSA-AES128-SHA256 Kx=RSA Au=RSA Enc=AES-CBC(128) Mac=SHA256
RSA-AES256-SHA256 Kx=RSA Au=RSA Enc=AES-CBC(256) Mac=SHA256


SSL Version : TLSv11
Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

DES-CBC3-SHA Kx=RSA Au=RSA Enc=3DES-CBC(168) Mac=SHA1

High Strength Ciphers (>= 112-bit key)

DHE-RSA-AES128-SHA Kx=DH Au=RSA Enc=AES-CBC(128) Mac=SHA1
DHE-RSA-AES256-SHA Kx=DH Au=RSA Enc=AES-CBC(256) Mac=SHA1
ECDHE-RSA-AES128-SHA Kx=ECDH Au=RSA Enc=AES-CBC(128) Mac=SHA1
ECDHE-RSA-AES256-SHA Kx=ECDH Au=RSA Enc=AES-CBC(256) Mac=SHA1
AES128-SHA Kx=RSA Au=RSA Enc=AES-CBC(128) Mac=SHA1
AES256-SHA Kx=RSA Au=RSA Enc=AES-CBC(256) Mac=SHA1
RC4-MD5 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5
RC4-SHA Kx=RSA Au=RSA Enc=RC4(128) Mac=SHA1


SSL Version : TLSv1
Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

DES-CBC3-SHA Kx=RSA Au=RSA Enc=3DES-CBC(168) Mac=SHA1

High Strength Ciphers (>= 112-bit key)

DHE-RSA-AES128-SHA Kx=DH Au=RSA Enc=AES-CBC(128) Mac=SHA1
DHE-RSA-AES256-SHA Kx=DH Au=RSA Enc=AES-CBC(256) Mac=SHA1
ECDHE-RSA-AES128-SHA Kx=ECDH Au=RSA Enc=AES-CBC(128) Mac=SHA1
ECDHE-RSA-AES256-SHA Kx=ECDH Au=RSA Enc=AES-CBC(256) Mac=SHA1
AES128-SHA Kx=RSA Au=RSA Enc=AES-CBC(128) Mac=SHA1
AES256-SHA Kx=RSA Au=RSA Enc=AES-CBC(256) Mac=SHA1
RC4-MD5 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5
RC4-SHA Kx=RSA Au=RSA Enc=RC4(128) Mac=SHA1

The fields above are :

{OpenSSL ciphername}
Kx={key exchange}
Au={authentication}
Enc={symmetric encryption method}
Mac={message authentication code}
{export flag}

10.0.0.133 (tcp/443)


Here is the list of SSL ciphers supported by the remote server :
Each group is reported per SSL Version.

SSL Version : TLSv12
Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

DES-CBC3-SHA Kx=RSA Au=RSA Enc=3DES-CBC(168) Mac=SHA1

High Strength Ciphers (>= 112-bit key)

DHE-RSA-AES128-SHA256 Kx=DH Au=RSA Enc=AES-GCM(128) Mac=SHA256
DHE-RSA-AES256-SHA384 Kx=DH Au=RSA Enc=AES-GCM(256) Mac=SHA384
ECDHE-RSA-AES128-SHA256 Kx=ECDH Au=RSA Enc=AES-GCM(128) Mac=SHA256
ECDHE-RSA-AES256-SHA384 Kx=ECDH Au=RSA Enc=AES-GCM(256) Mac=SHA384
RSA-AES128-SHA256 Kx=RSA Au=RSA Enc=AES-GCM(128) Mac=SHA256
RSA-AES256-SHA384 Kx=RSA Au=RSA Enc=AES-GCM(256) Mac=SHA384
DHE-RSA-AES128-SHA Kx=DH Au=RSA Enc=AES-CBC(128) Mac=SHA1
DHE-RSA-AES256-SHA Kx=DH Au=RSA Enc=AES-CBC(256) Mac=SHA1
DHE-RSA-CAMELLIA128-SHA Kx=DH Au=RSA Enc=Camellia-CBC(128) Mac=SHA1
DHE-RSA-CAMELLIA256-SHA Kx=DH Au=RSA Enc=Camellia-CBC(256) Mac=SHA1
ECDHE-RSA-AES128-SHA Kx=ECDH Au=RSA Enc=AES-CBC(128) Mac=SHA1
ECDHE-RSA-AES256-SHA Kx=ECDH Au=RSA Enc=AES-CBC(256) Mac=SHA1
AES128-SHA Kx=RSA Au=RSA Enc=AES-CBC(128) Mac=SHA1
AES256-SHA Kx=RSA Au=RSA Enc=AES-CBC(256) Mac=SHA1
CAMELLIA128-SHA Kx=RSA Au=RSA Enc=Camellia-CBC(128) Mac=SHA1
CAMELLIA256-SHA Kx=RSA Au=RSA Enc=Camellia-CBC(256) Mac=SHA1
DHE-RSA-AES128-SHA256 Kx=DH Au=RSA Enc=AES-CBC(128) Mac=SHA256
DHE-RSA-AES256-SHA256 Kx=DH Au=RSA Enc=AES-CBC(256) Mac=SHA256
ECDHE-RSA-AES128-SHA256 Kx=ECDH Au=RSA Enc=AES-CBC(128) Mac=SHA256
ECDHE-RSA-AES256-SHA384 Kx=ECDH Au=RSA Enc=AES-CBC(256) Mac=SHA384
RSA-AES128-SHA256 Kx=RSA Au=RSA Enc=AES-CBC(128) Mac=SHA256
RSA-AES256-SHA256 Kx=RSA Au=RSA Enc=AES-CBC(256) Mac=SHA256


SSL Version : TLSv11
Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

DES-CBC3-SHA Kx=RSA Au=RSA Enc=3DES-CBC(168) Mac=SHA1

High Strength Ciphers (>= 112-bit key)

DHE-RSA-AES128-SHA Kx=DH Au=RSA Enc=AES-CBC(128) Mac=SHA1
DHE-RSA-AES256-SHA Kx=DH Au=RSA Enc=AES-CBC(256) Mac=SHA1
DHE-RSA-CAMELLIA128-SHA Kx=DH Au=RSA Enc=Camellia-CBC(128) Mac=SHA1
DHE-RSA-CAMELLIA256-SHA Kx=DH Au=RSA Enc=Camellia-CBC(256) Mac=SHA1
ECDHE-RSA-AES128-SHA Kx=ECDH Au=RSA Enc=AES-CBC(128) Mac=SHA1
ECDHE-RSA-AES256-SHA Kx=ECDH Au=RSA Enc=AES-CBC(256) Mac=SHA1
AES128-SHA Kx=RSA Au=RSA Enc=AES-CBC(128) Mac=SHA1
AES256-SHA Kx=RSA Au=RSA Enc=AES-CBC(256) Mac=SHA1
CAMELLIA128-SHA Kx=RSA Au=RSA Enc=Camellia-CBC(128) Mac=SHA1
CAMELLIA256-SHA Kx=RSA Au=RSA Enc=Camellia-CBC(256) Mac=SHA1


SSL Version : TLSv1
Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

DES-CBC3-SHA Kx=RSA Au=RSA Enc=3DES-CBC(168) Mac=SHA1

High Strength Ciphers (>= 112-bit key)

DHE-RSA-AES128-SHA Kx=DH Au=RSA Enc=AES-CBC(128) Mac=SHA1
DHE-RSA-AES256-SHA Kx=DH Au=RSA Enc=AES-CBC(256) Mac=SHA1
DHE-RSA-CAMELLIA128-SHA Kx=DH Au=RSA Enc=Camellia-CBC(128) Mac=SHA1
DHE-RSA-CAMELLIA256-SHA Kx=DH Au=RSA Enc=Camellia-CBC(256) Mac=SHA1
ECDHE-RSA-AES128-SHA Kx=ECDH Au=RSA Enc=AES-CBC(128) Mac=SHA1
ECDHE-RSA-AES256-SHA Kx=ECDH Au=RSA Enc=AES-CBC(256) Mac=SHA1
AES128-SHA Kx=RSA Au=RSA Enc=AES-CBC(128) Mac=SHA1
AES256-SHA Kx=RSA Au=RSA Enc=AES-CBC(256) Mac=SHA1
CAMELLIA128-SHA Kx=RSA Au=RSA Enc=Camellia-CBC(128) Mac=SHA1
CAMELLIA256-SHA Kx=RSA Au=RSA Enc=Camellia-CBC(256) Mac=SHA1

The fields above are :

{OpenSSL ciphername}
Kx={key exchange}
Au={authentication}
Enc={symmetric encryption method}
Mac={message authentication code}
{export flag}

10.0.0.148 (tcp/3389)


Here is the list of SSL ciphers supported by the remote server :
Each group is reported per SSL Version.

SSL Version : TLSv12
Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

DES-CBC3-SHA Kx=RSA Au=RSA Enc=3DES-CBC(168) Mac=SHA1

High Strength Ciphers (>= 112-bit key)

DHE-RSA-AES128-SHA256 Kx=DH Au=RSA Enc=AES-GCM(128) Mac=SHA256
DHE-RSA-AES256-SHA384 Kx=DH Au=RSA Enc=AES-GCM(256) Mac=SHA384
ECDHE-RSA-AES128-SHA256 Kx=ECDH Au=RSA Enc=AES-GCM(128) Mac=SHA256
ECDHE-RSA-AES256-SHA384 Kx=ECDH Au=RSA Enc=AES-GCM(256) Mac=SHA384
RSA-AES128-SHA256 Kx=RSA Au=RSA Enc=AES-GCM(128) Mac=SHA256
RSA-AES256-SHA384 Kx=RSA Au=RSA Enc=AES-GCM(256) Mac=SHA384
DHE-RSA-AES128-SHA Kx=DH Au=RSA Enc=AES-CBC(128) Mac=SHA1
DHE-RSA-AES256-SHA Kx=DH Au=RSA Enc=AES-CBC(256) Mac=SHA1
ECDHE-RSA-AES128-SHA Kx=ECDH Au=RSA Enc=AES-CBC(128) Mac=SHA1
ECDHE-RSA-AES256-SHA Kx=ECDH Au=RSA Enc=AES-CBC(256) Mac=SHA1
AES128-SHA Kx=RSA Au=RSA Enc=AES-CBC(128) Mac=SHA1
AES256-SHA Kx=RSA Au=RSA Enc=AES-CBC(256) Mac=SHA1
RC4-MD5 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5
RC4-SHA Kx=RSA Au=RSA Enc=RC4(128) Mac=SHA1
ECDHE-RSA-AES128-SHA256 Kx=ECDH Au=RSA Enc=AES-CBC(128) Mac=SHA256
ECDHE-RSA-AES256-SHA384 Kx=ECDH Au=RSA Enc=AES-CBC(256) Mac=SHA384
RSA-AES128-SHA256 Kx=RSA Au=RSA Enc=AES-CBC(128) Mac=SHA256
RSA-AES256-SHA256 Kx=RSA Au=RSA Enc=AES-CBC(256) Mac=SHA256


SSL Version : TLSv11
Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

DES-CBC3-SHA Kx=RSA Au=RSA Enc=3DES-CBC(168) Mac=SHA1

High Strength Ciphers (>= 112-bit key)

DHE-RSA-AES128-SHA Kx=DH Au=RSA Enc=AES-CBC(128) Mac=SHA1
DHE-RSA-AES256-SHA Kx=DH Au=RSA Enc=AES-CBC(256) Mac=SHA1
ECDHE-RSA-AES128-SHA Kx=ECDH Au=RSA Enc=AES-CBC(128) Mac=SHA1
ECDHE-RSA-AES256-SHA Kx=ECDH Au=RSA Enc=AES-CBC(256) Mac=SHA1
AES128-SHA Kx=RSA Au=RSA Enc=AES-CBC(128) Mac=SHA1
AES256-SHA Kx=RSA Au=RSA Enc=AES-CBC(256) Mac=SHA1
RC4-MD5 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5
RC4-SHA Kx=RSA Au=RSA Enc=RC4(128) Mac=SHA1


SSL Version : TLSv1
Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

DES-CBC3-SHA Kx=RSA Au=RSA Enc=3DES-CBC(168) Mac=SHA1

High Strength Ciphers (>= 112-bit key)

DHE-RSA-AES128-SHA Kx=DH Au=RSA Enc=AES-CBC(128) Mac=SHA1
DHE-RSA-AES256-SHA Kx=DH Au=RSA Enc=AES-CBC(256) Mac=SHA1
ECDHE-RSA-AES128-SHA Kx=ECDH Au=RSA Enc=AES-CBC(128) Mac=SHA1
ECDHE-RSA-AES256-SHA Kx=ECDH Au=RSA Enc=AES-CBC(256) Mac=SHA1
AES128-SHA Kx=RSA Au=RSA Enc=AES-CBC(128) Mac=SHA1
AES256-SHA Kx=RSA Au=RSA Enc=AES-CBC(256) Mac=SHA1
RC4-MD5 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5
RC4-SHA Kx=RSA Au=RSA Enc=RC4(128) Mac=SHA1

The fields above are :

{OpenSSL ciphername}
Kx={key exchange}
Au={authentication}
Enc={symmetric encryption method}
Mac={message authentication code}
{export flag}

10.0.0.158 (tcp/25)


Here is the list of SSL ciphers supported by the remote server :
Each group is reported per SSL Version.

SSL Version : TLSv1
Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

DES-CBC3-SHA Kx=RSA Au=RSA Enc=3DES-CBC(168) Mac=SHA1

High Strength Ciphers (>= 112-bit key)

ECDHE-RSA-AES128-SHA Kx=ECDH Au=RSA Enc=AES-CBC(128) Mac=SHA1
ECDHE-RSA-AES256-SHA Kx=ECDH Au=RSA Enc=AES-CBC(256) Mac=SHA1
AES128-SHA Kx=RSA Au=RSA Enc=AES-CBC(128) Mac=SHA1
AES256-SHA Kx=RSA Au=RSA Enc=AES-CBC(256) Mac=SHA1
RC4-MD5 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5
RC4-SHA Kx=RSA Au=RSA Enc=RC4(128) Mac=SHA1


SSL Version : SSLv3
Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

DES-CBC3-SHA Kx=RSA Au=RSA Enc=3DES-CBC(168) Mac=SHA1

High Strength Ciphers (>= 112-bit key)

RC4-MD5 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5
RC4-SHA Kx=RSA Au=RSA Enc=RC4(128) Mac=SHA1

The fields above are :

{OpenSSL ciphername}
Kx={key exchange}
Au={authentication}
Enc={symmetric encryption method}
Mac={message authentication code}
{export flag}

10.0.0.158 (tcp/443)


Here is the list of SSL ciphers supported by the remote server :
Each group is reported per SSL Version.

SSL Version : TLSv1
Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

DES-CBC3-SHA Kx=RSA Au=RSA Enc=3DES-CBC(168) Mac=SHA1

High Strength Ciphers (>= 112-bit key)

ECDHE-RSA-AES128-SHA Kx=ECDH Au=RSA Enc=AES-CBC(128) Mac=SHA1
ECDHE-RSA-AES256-SHA Kx=ECDH Au=RSA Enc=AES-CBC(256) Mac=SHA1
AES128-SHA Kx=RSA Au=RSA Enc=AES-CBC(128) Mac=SHA1
AES256-SHA Kx=RSA Au=RSA Enc=AES-CBC(256) Mac=SHA1
RC4-MD5 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5
RC4-SHA Kx=RSA Au=RSA Enc=RC4(128) Mac=SHA1


SSL Version : SSLv3
Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

DES-CBC3-SHA Kx=RSA Au=RSA Enc=3DES-CBC(168) Mac=SHA1

High Strength Ciphers (>= 112-bit key)

RC4-MD5 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5
RC4-SHA Kx=RSA Au=RSA Enc=RC4(128) Mac=SHA1

The fields above are :

{OpenSSL ciphername}
Kx={key exchange}
Au={authentication}
Enc={symmetric encryption method}
Mac={message authentication code}
{export flag}

10.0.0.158 (tcp/3389)


Here is the list of SSL ciphers supported by the remote server :
Each group is reported per SSL Version.

SSL Version : TLSv12
Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

DES-CBC3-SHA Kx=RSA Au=RSA Enc=3DES-CBC(168) Mac=SHA1

High Strength Ciphers (>= 112-bit key)

ECDHE-RSA-AES128-SHA Kx=ECDH Au=RSA Enc=AES-CBC(128) Mac=SHA1
ECDHE-RSA-AES256-SHA Kx=ECDH Au=RSA Enc=AES-CBC(256) Mac=SHA1
AES128-SHA Kx=RSA Au=RSA Enc=AES-CBC(128) Mac=SHA1
AES256-SHA Kx=RSA Au=RSA Enc=AES-CBC(256) Mac=SHA1
RC4-MD5 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5
RC4-SHA Kx=RSA Au=RSA Enc=RC4(128) Mac=SHA1
ECDHE-RSA-AES128-SHA256 Kx=ECDH Au=RSA Enc=AES-CBC(128) Mac=SHA256
RSA-AES128-SHA256 Kx=RSA Au=RSA Enc=AES-CBC(128) Mac=SHA256
RSA-AES256-SHA256 Kx=RSA Au=RSA Enc=AES-CBC(256) Mac=SHA256


SSL Version : TLSv11
Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

DES-CBC3-SHA Kx=RSA Au=RSA Enc=3DES-CBC(168) Mac=SHA1

High Strength Ciphers (>= 112-bit key)

ECDHE-RSA-AES128-SHA Kx=ECDH Au=RSA Enc=AES-CBC(128) Mac=SHA1
ECDHE-RSA-AES256-SHA Kx=ECDH Au=RSA Enc=AES-CBC(256) Mac=SHA1
AES128-SHA Kx=RSA Au=RSA Enc=AES-CBC(128) Mac=SHA1
AES256-SHA Kx=RSA Au=RSA Enc=AES-CBC(256) Mac=SHA1
RC4-MD5 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5
RC4-SHA Kx=RSA Au=RSA Enc=RC4(128) Mac=SHA1


SSL Version : TLSv1
Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

DES-CBC3-SHA Kx=RSA Au=RSA Enc=3DES-CBC(168) Mac=SHA1

High Strength Ciphers (>= 112-bit key)

ECDHE-RSA-AES128-SHA Kx=ECDH Au=RSA Enc=AES-CBC(128) Mac=SHA1
ECDHE-RSA-AES256-SHA Kx=ECDH Au=RSA Enc=AES-CBC(256) Mac=SHA1
AES128-SHA Kx=RSA Au=RSA Enc=AES-CBC(128) Mac=SHA1
AES256-SHA Kx=RSA Au=RSA Enc=AES-CBC(256) Mac=SHA1
RC4-MD5 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5
RC4-SHA Kx=RSA Au=RSA Enc=RC4(128) Mac=SHA1

The fields above are :

{OpenSSL ciphername}
Kx={key exchange}
Au={authentication}
Enc={symmetric encryption method}
Mac={message authentication code}
{export flag}

10.0.0.158 (tcp/48000)


Here is the list of SSL ciphers supported by the remote server :
Each group is reported per SSL Version.

SSL Version : SSLv3
Low Strength Ciphers (<= 64-bit key)

DES-CBC-SHA Kx=RSA Au=RSA Enc=DES-CBC(56) Mac=SHA1

Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

DES-CBC3-SHA Kx=RSA Au=RSA Enc=3DES-CBC(168) Mac=SHA1

High Strength Ciphers (>= 112-bit key)

AES128-SHA Kx=RSA Au=RSA Enc=AES-CBC(128) Mac=SHA1
AES256-SHA Kx=RSA Au=RSA Enc=AES-CBC(256) Mac=SHA1
CAMELLIA128-SHA Kx=RSA Au=RSA Enc=Camellia-CBC(128) Mac=SHA1
CAMELLIA256-SHA Kx=RSA Au=RSA Enc=Camellia-CBC(256) Mac=SHA1
IDEA-CBC-SHA Kx=RSA Au=RSA Enc=IDEA-CBC(128) Mac=SHA1
RC4-MD5 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5
RC4-SHA Kx=RSA Au=RSA Enc=RC4(128) Mac=SHA1
SEED-SHA Kx=RSA Au=RSA Enc=SEED-CBC(128) Mac=SHA1

The fields above are :

{OpenSSL ciphername}
Kx={key exchange}
Au={authentication}
Enc={symmetric encryption method}
Mac={message authentication code}
{export flag}

10.0.0.158 (tcp/48001)


Here is the list of SSL ciphers supported by the remote server :
Each group is reported per SSL Version.

SSL Version : SSLv3
Low Strength Ciphers (<= 64-bit key)

DES-CBC-SHA Kx=RSA Au=RSA Enc=DES-CBC(56) Mac=SHA1

Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

DES-CBC3-SHA Kx=RSA Au=RSA Enc=3DES-CBC(168) Mac=SHA1

High Strength Ciphers (>= 112-bit key)

AES128-SHA Kx=RSA Au=RSA Enc=AES-CBC(128) Mac=SHA1
AES256-SHA Kx=RSA Au=RSA Enc=AES-CBC(256) Mac=SHA1
CAMELLIA128-SHA Kx=RSA Au=RSA Enc=Camellia-CBC(128) Mac=SHA1
CAMELLIA256-SHA Kx=RSA Au=RSA Enc=Camellia-CBC(256) Mac=SHA1
IDEA-CBC-SHA Kx=RSA Au=RSA Enc=IDEA-CBC(128) Mac=SHA1
RC4-MD5 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5
RC4-SHA Kx=RSA Au=RSA Enc=RC4(128) Mac=SHA1
SEED-SHA Kx=RSA Au=RSA Enc=SEED-CBC(128) Mac=SHA1

The fields above are :

{OpenSSL ciphername}
Kx={key exchange}
Au={authentication}
Enc={symmetric encryption method}
Mac={message authentication code}
{export flag}
70544 (35) - SSL Cipher Block Chaining Cipher Suites Supported
Synopsis
The remote service supports the use of SSL Cipher Block Chaining ciphers, which combine previous blocks with subsequent ones.
Description
The remote host supports the use of SSL ciphers that operate in Cipher Block Chaining (CBC) mode. These cipher suites offer additional security over Electronic Codebook (ECB) mode, but have the potential to leak information if used improperly.
See Also
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2013/10/22, Modified: 2013/10/22
Plugin Output

10.0.0.8 (tcp/1433)


Here is the list of SSL CBC ciphers supported by the remote server :

Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

DES-CBC3-SHA Kx=RSA Au=RSA Enc=3DES-CBC(168) Mac=SHA1

High Strength Ciphers (>= 112-bit key)

ECDHE-RSA-AES128-SHA Kx=ECDH Au=RSA Enc=AES-CBC(128) Mac=SHA1
ECDHE-RSA-AES256-SHA Kx=ECDH Au=RSA Enc=AES-CBC(256) Mac=SHA1
AES128-SHA Kx=RSA Au=RSA Enc=AES-CBC(128) Mac=SHA1
AES256-SHA Kx=RSA Au=RSA Enc=AES-CBC(256) Mac=SHA1

The fields above are :

{OpenSSL ciphername}
Kx={key exchange}
Au={authentication}
Enc={symmetric encryption method}
Mac={message authentication code}
{export flag}

10.0.0.8 (tcp/3389)


Here is the list of SSL CBC ciphers supported by the remote server :

Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

DES-CBC3-SHA Kx=RSA Au=RSA Enc=3DES-CBC(168) Mac=SHA1

High Strength Ciphers (>= 112-bit key)

ECDHE-RSA-AES128-SHA Kx=ECDH Au=RSA Enc=AES-CBC(128) Mac=SHA1
ECDHE-RSA-AES256-SHA Kx=ECDH Au=RSA Enc=AES-CBC(256) Mac=SHA1
AES128-SHA Kx=RSA Au=RSA Enc=AES-CBC(128) Mac=SHA1
AES256-SHA Kx=RSA Au=RSA Enc=AES-CBC(256) Mac=SHA1

The fields above are :

{OpenSSL ciphername}
Kx={key exchange}
Au={authentication}
Enc={symmetric encryption method}
Mac={message authentication code}
{export flag}

10.0.0.14 (tcp/3389)


Here is the list of SSL CBC ciphers supported by the remote server :

Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

DES-CBC3-SHA Kx=RSA Au=RSA Enc=3DES-CBC(168) Mac=SHA1

High Strength Ciphers (>= 112-bit key)

ECDHE-RSA-AES128-SHA Kx=ECDH Au=RSA Enc=AES-CBC(128) Mac=SHA1
ECDHE-RSA-AES256-SHA Kx=ECDH Au=RSA Enc=AES-CBC(256) Mac=SHA1
AES128-SHA Kx=RSA Au=RSA Enc=AES-CBC(128) Mac=SHA1
AES256-SHA Kx=RSA Au=RSA Enc=AES-CBC(256) Mac=SHA1

The fields above are :

{OpenSSL ciphername}
Kx={key exchange}
Au={authentication}
Enc={symmetric encryption method}
Mac={message authentication code}
{export flag}

10.0.0.21 (tcp/443)


Here is the list of SSL CBC ciphers supported by the remote server :

Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

DES-CBC3-SHA Kx=RSA Au=RSA Enc=3DES-CBC(168) Mac=SHA1

High Strength Ciphers (>= 112-bit key)

DHE-RSA-AES128-SHA Kx=DH Au=RSA Enc=AES-CBC(128) Mac=SHA1
DHE-RSA-AES256-SHA Kx=DH Au=RSA Enc=AES-CBC(256) Mac=SHA1
ECDHE-RSA-AES128-SHA Kx=ECDH Au=RSA Enc=AES-CBC(128) Mac=SHA1
ECDHE-RSA-AES256-SHA Kx=ECDH Au=RSA Enc=AES-CBC(256) Mac=SHA1
AES128-SHA Kx=RSA Au=RSA Enc=AES-CBC(128) Mac=SHA1
AES256-SHA Kx=RSA Au=RSA Enc=AES-CBC(256) Mac=SHA1

The fields above are :

{OpenSSL ciphername}
Kx={key exchange}
Au={authentication}
Enc={symmetric encryption method}
Mac={message authentication code}
{export flag}

10.0.0.21 (tcp/3389)


Here is the list of SSL CBC ciphers supported by the remote server :

Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

DES-CBC3-SHA Kx=RSA Au=RSA Enc=3DES-CBC(168) Mac=SHA1

High Strength Ciphers (>= 112-bit key)

DHE-RSA-AES128-SHA Kx=DH Au=RSA Enc=AES-CBC(128) Mac=SHA1
DHE-RSA-AES256-SHA Kx=DH Au=RSA Enc=AES-CBC(256) Mac=SHA1
ECDHE-RSA-AES128-SHA Kx=ECDH Au=RSA Enc=AES-CBC(128) Mac=SHA1
ECDHE-RSA-AES256-SHA Kx=ECDH Au=RSA Enc=AES-CBC(256) Mac=SHA1
AES128-SHA Kx=RSA Au=RSA Enc=AES-CBC(128) Mac=SHA1
AES256-SHA Kx=RSA Au=RSA Enc=AES-CBC(256) Mac=SHA1
ECDHE-RSA-AES128-SHA256 Kx=ECDH Au=RSA Enc=AES-CBC(128) Mac=SHA256
ECDHE-RSA-AES256-SHA384 Kx=ECDH Au=RSA Enc=AES-CBC(256) Mac=SHA384
RSA-AES128-SHA256 Kx=RSA Au=RSA Enc=AES-CBC(128) Mac=SHA256
RSA-AES256-SHA256 Kx=RSA Au=RSA Enc=AES-CBC(256) Mac=SHA256

The fields above are :

{OpenSSL ciphername}
Kx={key exchange}
Au={authentication}
Enc={symmetric encryption method}
Mac={message authentication code}
{export flag}

10.0.0.22 (tcp/3389)


Here is the list of SSL CBC ciphers supported by the remote server :

Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

DES-CBC3-SHA Kx=RSA Au=RSA Enc=3DES-CBC(168) Mac=SHA1

High Strength Ciphers (>= 112-bit key)

DHE-RSA-AES128-SHA Kx=DH Au=RSA Enc=AES-CBC(128) Mac=SHA1
DHE-RSA-AES256-SHA Kx=DH Au=RSA Enc=AES-CBC(256) Mac=SHA1
ECDHE-RSA-AES128-SHA Kx=ECDH Au=RSA Enc=AES-CBC(128) Mac=SHA1
ECDHE-RSA-AES256-SHA Kx=ECDH Au=RSA Enc=AES-CBC(256) Mac=SHA1
AES128-SHA Kx=RSA Au=RSA Enc=AES-CBC(128) Mac=SHA1
AES256-SHA Kx=RSA Au=RSA Enc=AES-CBC(256) Mac=SHA1
ECDHE-RSA-AES128-SHA256 Kx=ECDH Au=RSA Enc=AES-CBC(128) Mac=SHA256
ECDHE-RSA-AES256-SHA384 Kx=ECDH Au=RSA Enc=AES-CBC(256) Mac=SHA384
RSA-AES128-SHA256 Kx=RSA Au=RSA Enc=AES-CBC(128) Mac=SHA256
RSA-AES256-SHA256 Kx=RSA Au=RSA Enc=AES-CBC(256) Mac=SHA256

The fields above are :

{OpenSSL ciphername}
Kx={key exchange}
Au={authentication}
Enc={symmetric encryption method}
Mac={message authentication code}
{export flag}

10.0.0.22 (tcp/48000)


Here is the list of SSL CBC ciphers supported by the remote server :

Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

DES-CBC3-SHA Kx=RSA Au=RSA Enc=3DES-CBC(168) Mac=SHA1

High Strength Ciphers (>= 112-bit key)

IDEA-CBC-SHA Kx=RSA Au=RSA Enc=IDEA-CBC(128) Mac=SHA1
SEED-SHA Kx=RSA Au=RSA Enc=SEED-CBC(128) Mac=SHA1

The fields above are :

{OpenSSL ciphername}
Kx={key exchange}
Au={authentication}
Enc={symmetric encryption method}
Mac={message authentication code}
{export flag}

10.0.0.22 (tcp/48001)


Here is the list of SSL CBC ciphers supported by the remote server :

Low Strength Ciphers (<= 64-bit key)

DES-CBC-SHA Kx=RSA Au=RSA Enc=DES-CBC(56) Mac=SHA1

Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

DES-CBC3-SHA Kx=RSA Au=RSA Enc=3DES-CBC(168) Mac=SHA1

High Strength Ciphers (>= 112-bit key)

AES128-SHA Kx=RSA Au=RSA Enc=AES-CBC(128) Mac=SHA1
AES256-SHA Kx=RSA Au=RSA Enc=AES-CBC(256) Mac=SHA1
CAMELLIA128-SHA Kx=RSA Au=RSA Enc=Camellia-CBC(128) Mac=SHA1
CAMELLIA256-SHA Kx=RSA Au=RSA Enc=Camellia-CBC(256) Mac=SHA1
IDEA-CBC-SHA Kx=RSA Au=RSA Enc=IDEA-CBC(128) Mac=SHA1
SEED-SHA Kx=RSA Au=RSA Enc=SEED-CBC(128) Mac=SHA1

The fields above are :

{OpenSSL ciphername}
Kx={key exchange}
Au={authentication}
Enc={symmetric encryption method}
Mac={message authentication code}
{export flag}

10.0.0.25 (tcp/443)


Here is the list of SSL CBC ciphers supported by the remote server :

Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

DES-CBC3-SHA Kx=RSA Au=RSA Enc=3DES-CBC(168) Mac=SHA1

High Strength Ciphers (>= 112-bit key)

DHE-RSA-AES128-SHA Kx=DH Au=RSA Enc=AES-CBC(128) Mac=SHA1
DHE-RSA-AES256-SHA Kx=DH Au=RSA Enc=AES-CBC(256) Mac=SHA1
ECDHE-RSA-AES128-SHA Kx=ECDH Au=RSA Enc=AES-CBC(128) Mac=SHA1
ECDHE-RSA-AES256-SHA Kx=ECDH Au=RSA Enc=AES-CBC(256) Mac=SHA1
AES128-SHA Kx=RSA Au=RSA Enc=AES-CBC(128) Mac=SHA1
AES256-SHA Kx=RSA Au=RSA Enc=AES-CBC(256) Mac=SHA1

The fields above are :

{OpenSSL ciphername}
Kx={key exchange}
Au={authentication}
Enc={symmetric encryption method}
Mac={message authentication code}
{export flag}

10.0.0.25 (tcp/636)


Here is the list of SSL CBC ciphers supported by the remote server :

Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

DES-CBC3-SHA Kx=RSA Au=RSA Enc=3DES-CBC(168) Mac=SHA1

High Strength Ciphers (>= 112-bit key)

DHE-RSA-AES128-SHA Kx=DH Au=RSA Enc=AES-CBC(128) Mac=SHA1
DHE-RSA-AES256-SHA Kx=DH Au=RSA Enc=AES-CBC(256) Mac=SHA1
ECDHE-RSA-AES128-SHA Kx=ECDH Au=RSA Enc=AES-CBC(128) Mac=SHA1
ECDHE-RSA-AES256-SHA Kx=ECDH Au=RSA Enc=AES-CBC(256) Mac=SHA1
AES128-SHA Kx=RSA Au=RSA Enc=AES-CBC(128) Mac=SHA1
AES256-SHA Kx=RSA Au=RSA Enc=AES-CBC(256) Mac=SHA1

The fields above are :

{OpenSSL ciphername}
Kx={key exchange}
Au={authentication}
Enc={symmetric encryption method}
Mac={message authentication code}
{export flag}

10.0.0.25 (tcp/3269)


Here is the list of SSL CBC ciphers supported by the remote server :

Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

DES-CBC3-SHA Kx=RSA Au=RSA Enc=3DES-CBC(168) Mac=SHA1

High Strength Ciphers (>= 112-bit key)

DHE-RSA-AES128-SHA Kx=DH Au=RSA Enc=AES-CBC(128) Mac=SHA1
DHE-RSA-AES256-SHA Kx=DH Au=RSA Enc=AES-CBC(256) Mac=SHA1
ECDHE-RSA-AES128-SHA Kx=ECDH Au=RSA Enc=AES-CBC(128) Mac=SHA1
ECDHE-RSA-AES256-SHA Kx=ECDH Au=RSA Enc=AES-CBC(256) Mac=SHA1
AES128-SHA Kx=RSA Au=RSA Enc=AES-CBC(128) Mac=SHA1
AES256-SHA Kx=RSA Au=RSA Enc=AES-CBC(256) Mac=SHA1

The fields above are :

{OpenSSL ciphername}
Kx={key exchange}
Au={authentication}
Enc={symmetric encryption method}
Mac={message authentication code}
{export flag}

10.0.0.25 (tcp/3389)


Here is the list of SSL CBC ciphers supported by the remote server :

Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

DES-CBC3-SHA Kx=RSA Au=RSA Enc=3DES-CBC(168) Mac=SHA1

High Strength Ciphers (>= 112-bit key)

DHE-RSA-AES128-SHA Kx=DH Au=RSA Enc=AES-CBC(128) Mac=SHA1
DHE-RSA-AES256-SHA Kx=DH Au=RSA Enc=AES-CBC(256) Mac=SHA1
ECDHE-RSA-AES128-SHA Kx=ECDH Au=RSA Enc=AES-CBC(128) Mac=SHA1
ECDHE-RSA-AES256-SHA Kx=ECDH Au=RSA Enc=AES-CBC(256) Mac=SHA1
AES128-SHA Kx=RSA Au=RSA Enc=AES-CBC(128) Mac=SHA1
AES256-SHA Kx=RSA Au=RSA Enc=AES-CBC(256) Mac=SHA1
ECDHE-RSA-AES128-SHA256 Kx=ECDH Au=RSA Enc=AES-CBC(128) Mac=SHA256
ECDHE-RSA-AES256-SHA384 Kx=ECDH Au=RSA Enc=AES-CBC(256) Mac=SHA384
RSA-AES128-SHA256 Kx=RSA Au=RSA Enc=AES-CBC(128) Mac=SHA256
RSA-AES256-SHA256 Kx=RSA Au=RSA Enc=AES-CBC(256) Mac=SHA256

The fields above are :

{OpenSSL ciphername}
Kx={key exchange}
Au={authentication}
Enc={symmetric encryption method}
Mac={message authentication code}
{export flag}

10.0.0.27 (tcp/636)


Here is the list of SSL CBC ciphers supported by the remote server :

Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

DES-CBC3-SHA Kx=RSA Au=RSA Enc=3DES-CBC(168) Mac=SHA1

High Strength Ciphers (>= 112-bit key)

DHE-RSA-AES128-SHA Kx=DH Au=RSA Enc=AES-CBC(128) Mac=SHA1
DHE-RSA-AES256-SHA Kx=DH Au=RSA Enc=AES-CBC(256) Mac=SHA1
ECDHE-RSA-AES128-SHA Kx=ECDH Au=RSA Enc=AES-CBC(128) Mac=SHA1
ECDHE-RSA-AES256-SHA Kx=ECDH Au=RSA Enc=AES-CBC(256) Mac=SHA1
AES128-SHA Kx=RSA Au=RSA Enc=AES-CBC(128) Mac=SHA1
AES256-SHA Kx=RSA Au=RSA Enc=AES-CBC(256) Mac=SHA1

The fields above are :

{OpenSSL ciphername}
Kx={key exchange}
Au={authentication}
Enc={symmetric encryption method}
Mac={message authentication code}
{export flag}

10.0.0.27 (tcp/3269)


Here is the list of SSL CBC ciphers supported by the remote server :

Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

DES-CBC3-SHA Kx=RSA Au=RSA Enc=3DES-CBC(168) Mac=SHA1

High Strength Ciphers (>= 112-bit key)

DHE-RSA-AES128-SHA Kx=DH Au=RSA Enc=AES-CBC(128) Mac=SHA1
DHE-RSA-AES256-SHA Kx=DH Au=RSA Enc=AES-CBC(256) Mac=SHA1
ECDHE-RSA-AES128-SHA Kx=ECDH Au=RSA Enc=AES-CBC(128) Mac=SHA1
ECDHE-RSA-AES256-SHA Kx=ECDH Au=RSA Enc=AES-CBC(256) Mac=SHA1
AES128-SHA Kx=RSA Au=RSA Enc=AES-CBC(128) Mac=SHA1
AES256-SHA Kx=RSA Au=RSA Enc=AES-CBC(256) Mac=SHA1

The fields above are :

{OpenSSL ciphername}
Kx={key exchange}
Au={authentication}
Enc={symmetric encryption method}
Mac={message authentication code}
{export flag}

10.0.0.27 (tcp/3389)


Here is the list of SSL CBC ciphers supported by the remote server :

Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

DES-CBC3-SHA Kx=RSA Au=RSA Enc=3DES-CBC(168) Mac=SHA1

High Strength Ciphers (>= 112-bit key)

DHE-RSA-AES128-SHA Kx=DH Au=RSA Enc=AES-CBC(128) Mac=SHA1
DHE-RSA-AES256-SHA Kx=DH Au=RSA Enc=AES-CBC(256) Mac=SHA1
ECDHE-RSA-AES128-SHA Kx=ECDH Au=RSA Enc=AES-CBC(128) Mac=SHA1
ECDHE-RSA-AES256-SHA Kx=ECDH Au=RSA Enc=AES-CBC(256) Mac=SHA1
AES128-SHA Kx=RSA Au=RSA Enc=AES-CBC(128) Mac=SHA1
AES256-SHA Kx=RSA Au=RSA Enc=AES-CBC(256) Mac=SHA1
ECDHE-RSA-AES128-SHA256 Kx=ECDH Au=RSA Enc=AES-CBC(128) Mac=SHA256
ECDHE-RSA-AES256-SHA384 Kx=ECDH Au=RSA Enc=AES-CBC(256) Mac=SHA384
RSA-AES128-SHA256 Kx=RSA Au=RSA Enc=AES-CBC(128) Mac=SHA256
RSA-AES256-SHA256 Kx=RSA Au=RSA Enc=AES-CBC(256) Mac=SHA256

The fields above are :

{OpenSSL ciphername}
Kx={key exchange}
Au={authentication}
Enc={symmetric encryption method}
Mac={message authentication code}
{export flag}

10.0.0.43 (tcp/443)


Here is the list of SSL CBC ciphers supported by the remote server :

Low Strength Ciphers (<= 64-bit key)

EXP-EDH-RSA-DES-CBC-SHA Kx=DH(512) Au=RSA Enc=DES-CBC(40) Mac=SHA1 export
EDH-RSA-DES-CBC-SHA Kx=DH Au=RSA Enc=DES-CBC(56) Mac=SHA1
EXP1024-DES-CBC-SHA Kx=RSA(1024) Au=RSA Enc=DES-CBC(56) Mac=SHA1 export
EXP-DES-CBC-SHA Kx=RSA(512) Au=RSA Enc=DES-CBC(40) Mac=SHA1 export
DES-CBC-SHA Kx=RSA Au=RSA Enc=DES-CBC(56) Mac=SHA1

Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

EDH-RSA-DES-CBC3-SHA Kx=DH Au=RSA Enc=3DES-CBC(168) Mac=SHA1
DES-CBC3-SHA Kx=RSA Au=RSA Enc=3DES-CBC(168) Mac=SHA1

The fields above are :

{OpenSSL ciphername}
Kx={key exchange}
Au={authentication}
Enc={symmetric encryption method}
Mac={message authentication code}
{export flag}

10.0.0.44 (tcp/443)


Here is the list of SSL CBC ciphers supported by the remote server :

High Strength Ciphers (>= 112-bit key)

AES128-SHA Kx=RSA Au=RSA Enc=AES-CBC(128) Mac=SHA1
AES256-SHA Kx=RSA Au=RSA Enc=AES-CBC(256) Mac=SHA1
RSA-AES128-SHA256 Kx=RSA Au=RSA Enc=AES-CBC(128) Mac=SHA256
RSA-AES256-SHA256 Kx=RSA Au=RSA Enc=AES-CBC(256) Mac=SHA256

The fields above are :

{OpenSSL ciphername}
Kx={key exchange}
Au={authentication}
Enc={symmetric encryption method}
Mac={message authentication code}
{export flag}

10.0.0.44 (tcp/5989)


Here is the list of SSL CBC ciphers supported by the remote server :

Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

DES-CBC3-SHA Kx=RSA Au=RSA Enc=3DES-CBC(168) Mac=SHA1

High Strength Ciphers (>= 112-bit key)

AES128-SHA Kx=RSA Au=RSA Enc=AES-CBC(128) Mac=SHA1
AES256-SHA Kx=RSA Au=RSA Enc=AES-CBC(256) Mac=SHA1
CAMELLIA128-SHA Kx=RSA Au=RSA Enc=Camellia-CBC(128) Mac=SHA1
CAMELLIA256-SHA Kx=RSA Au=RSA Enc=Camellia-CBC(256) Mac=SHA1
RSA-AES128-SHA256 Kx=RSA Au=RSA Enc=AES-CBC(128) Mac=SHA256
RSA-AES256-SHA256 Kx=RSA Au=RSA Enc=AES-CBC(256) Mac=SHA256

The fields above are :

{OpenSSL ciphername}
Kx={key exchange}
Au={authentication}
Enc={symmetric encryption method}
Mac={message authentication code}
{export flag}

10.0.0.45 (tcp/443)


Here is the list of SSL CBC ciphers supported by the remote server :

Low Strength Ciphers (<= 64-bit key)

EXP-EDH-RSA-DES-CBC-SHA Kx=DH(512) Au=RSA Enc=DES-CBC(40) Mac=SHA1 export
EDH-RSA-DES-CBC-SHA Kx=DH Au=RSA Enc=DES-CBC(56) Mac=SHA1
EXP1024-DES-CBC-SHA Kx=RSA(1024) Au=RSA Enc=DES-CBC(56) Mac=SHA1 export
EXP-DES-CBC-SHA Kx=RSA(512) Au=RSA Enc=DES-CBC(40) Mac=SHA1 export
DES-CBC-SHA Kx=RSA Au=RSA Enc=DES-CBC(56) Mac=SHA1

Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

EDH-RSA-DES-CBC3-SHA Kx=DH Au=RSA Enc=3DES-CBC(168) Mac=SHA1
DES-CBC3-SHA Kx=RSA Au=RSA Enc=3DES-CBC(168) Mac=SHA1

The fields above are :

{OpenSSL ciphername}
Kx={key exchange}
Au={authentication}
Enc={symmetric encryption method}
Mac={message authentication code}
{export flag}

10.0.0.46 (tcp/443)


Here is the list of SSL CBC ciphers supported by the remote server :

High Strength Ciphers (>= 112-bit key)

AES128-SHA Kx=RSA Au=RSA Enc=AES-CBC(128) Mac=SHA1
AES256-SHA Kx=RSA Au=RSA Enc=AES-CBC(256) Mac=SHA1
RSA-AES128-SHA256 Kx=RSA Au=RSA Enc=AES-CBC(128) Mac=SHA256
RSA-AES256-SHA256 Kx=RSA Au=RSA Enc=AES-CBC(256) Mac=SHA256

The fields above are :

{OpenSSL ciphername}
Kx={key exchange}
Au={authentication}
Enc={symmetric encryption method}
Mac={message authentication code}
{export flag}

10.0.0.46 (tcp/5989)


Here is the list of SSL CBC ciphers supported by the remote server :

Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

DES-CBC3-SHA Kx=RSA Au=RSA Enc=3DES-CBC(168) Mac=SHA1

High Strength Ciphers (>= 112-bit key)

AES128-SHA Kx=RSA Au=RSA Enc=AES-CBC(128) Mac=SHA1
AES256-SHA Kx=RSA Au=RSA Enc=AES-CBC(256) Mac=SHA1
CAMELLIA128-SHA Kx=RSA Au=RSA Enc=Camellia-CBC(128) Mac=SHA1
CAMELLIA256-SHA Kx=RSA Au=RSA Enc=Camellia-CBC(256) Mac=SHA1
RSA-AES128-SHA256 Kx=RSA Au=RSA Enc=AES-CBC(128) Mac=SHA256
RSA-AES256-SHA256 Kx=RSA Au=RSA Enc=AES-CBC(256) Mac=SHA256

The fields above are :

{OpenSSL ciphername}
Kx={key exchange}
Au={authentication}
Enc={symmetric encryption method}
Mac={message authentication code}
{export flag}

10.0.0.47 (tcp/1514)


Here is the list of SSL CBC ciphers supported by the remote server :

High Strength Ciphers (>= 112-bit key)

AES128-SHA Kx=RSA Au=RSA Enc=AES-CBC(128) Mac=SHA1
AES256-SHA Kx=RSA Au=RSA Enc=AES-CBC(256) Mac=SHA1

The fields above are :

{OpenSSL ciphername}
Kx={key exchange}
Au={authentication}
Enc={symmetric encryption method}
Mac={message authentication code}
{export flag}

10.0.0.47 (tcp/8191)


Here is the list of SSL CBC ciphers supported by the remote server :

High Strength Ciphers (>= 112-bit key)

ECDHE-RSA-AES256-SHA Kx=ECDH Au=RSA Enc=AES-CBC(256) Mac=SHA1
AES128-SHA Kx=RSA Au=RSA Enc=AES-CBC(128) Mac=SHA1
AES256-SHA Kx=RSA Au=RSA Enc=AES-CBC(256) Mac=SHA1

The fields above are :

{OpenSSL ciphername}
Kx={key exchange}
Au={authentication}
Enc={symmetric encryption method}
Mac={message authentication code}
{export flag}

10.0.0.64 (tcp/3389)


Here is the list of SSL CBC ciphers supported by the remote server :

Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

DES-CBC3-SHA Kx=RSA Au=RSA Enc=3DES-CBC(168) Mac=SHA1

High Strength Ciphers (>= 112-bit key)

DHE-RSA-AES128-SHA Kx=DH Au=RSA Enc=AES-CBC(128) Mac=SHA1
DHE-RSA-AES256-SHA Kx=DH Au=RSA Enc=AES-CBC(256) Mac=SHA1
ECDHE-RSA-AES128-SHA Kx=ECDH Au=RSA Enc=AES-CBC(128) Mac=SHA1
ECDHE-RSA-AES256-SHA Kx=ECDH Au=RSA Enc=AES-CBC(256) Mac=SHA1
AES128-SHA Kx=RSA Au=RSA Enc=AES-CBC(128) Mac=SHA1
AES256-SHA Kx=RSA Au=RSA Enc=AES-CBC(256) Mac=SHA1
ECDHE-RSA-AES128-SHA256 Kx=ECDH Au=RSA Enc=AES-CBC(128) Mac=SHA256
ECDHE-RSA-AES256-SHA384 Kx=ECDH Au=RSA Enc=AES-CBC(256) Mac=SHA384
RSA-AES128-SHA256 Kx=RSA Au=RSA Enc=AES-CBC(128) Mac=SHA256
RSA-AES256-SHA256 Kx=RSA Au=RSA Enc=AES-CBC(256) Mac=SHA256

The fields above are :

{OpenSSL ciphername}
Kx={key exchange}
Au={authentication}
Enc={symmetric encryption method}
Mac={message authentication code}
{export flag}

10.0.0.64 (tcp/49570)


Here is the list of SSL CBC ciphers supported by the remote server :

Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

DES-CBC3-SHA Kx=RSA Au=RSA Enc=3DES-CBC(168) Mac=SHA1

High Strength Ciphers (>= 112-bit key)

DHE-RSA-AES128-SHA Kx=DH Au=RSA Enc=AES-CBC(128) Mac=SHA1
DHE-RSA-AES256-SHA Kx=DH Au=RSA Enc=AES-CBC(256) Mac=SHA1
ECDHE-RSA-AES128-SHA Kx=ECDH Au=RSA Enc=AES-CBC(128) Mac=SHA1
ECDHE-RSA-AES256-SHA Kx=ECDH Au=RSA Enc=AES-CBC(256) Mac=SHA1
AES128-SHA Kx=RSA Au=RSA Enc=AES-CBC(128) Mac=SHA1
AES256-SHA Kx=RSA Au=RSA Enc=AES-CBC(256) Mac=SHA1
ECDHE-RSA-AES128-SHA256 Kx=ECDH Au=RSA Enc=AES-CBC(128) Mac=SHA256
ECDHE-RSA-AES256-SHA384 Kx=ECDH Au=RSA Enc=AES-CBC(256) Mac=SHA384
RSA-AES128-SHA256 Kx=RSA Au=RSA Enc=AES-CBC(128) Mac=SHA256
RSA-AES256-SHA256 Kx=RSA Au=RSA Enc=AES-CBC(256) Mac=SHA256

The fields above are :

{OpenSSL ciphername}
Kx={key exchange}
Au={authentication}
Enc={symmetric encryption method}
Mac={message authentication code}
{export flag}

10.0.0.94 (tcp/443)


Here is the list of SSL CBC ciphers supported by the remote server :

Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

DES-CBC3-SHA Kx=RSA Au=RSA Enc=3DES-CBC(168) Mac=SHA1

High Strength Ciphers (>= 112-bit key)

DHE-RSA-AES128-SHA Kx=DH Au=RSA Enc=AES-CBC(128) Mac=SHA1
DHE-RSA-AES256-SHA Kx=DH Au=RSA Enc=AES-CBC(256) Mac=SHA1
ECDHE-RSA-AES128-SHA Kx=ECDH Au=RSA Enc=AES-CBC(128) Mac=SHA1
ECDHE-RSA-AES256-SHA Kx=ECDH Au=RSA Enc=AES-CBC(256) Mac=SHA1
AES128-SHA Kx=RSA Au=RSA Enc=AES-CBC(128) Mac=SHA1
AES256-SHA Kx=RSA Au=RSA Enc=AES-CBC(256) Mac=SHA1

The fields above are :

{OpenSSL ciphername}
Kx={key exchange}
Au={authentication}
Enc={symmetric encryption method}
Mac={message authentication code}
{export flag}

10.0.0.94 (tcp/3389)


Here is the list of SSL CBC ciphers supported by the remote server :

Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

DES-CBC3-SHA Kx=RSA Au=RSA Enc=3DES-CBC(168) Mac=SHA1

High Strength Ciphers (>= 112-bit key)

DHE-RSA-AES128-SHA Kx=DH Au=RSA Enc=AES-CBC(128) Mac=SHA1
DHE-RSA-AES256-SHA Kx=DH Au=RSA Enc=AES-CBC(256) Mac=SHA1
ECDHE-RSA-AES128-SHA Kx=ECDH Au=RSA Enc=AES-CBC(128) Mac=SHA1
ECDHE-RSA-AES256-SHA Kx=ECDH Au=RSA Enc=AES-CBC(256) Mac=SHA1
AES128-SHA Kx=RSA Au=RSA Enc=AES-CBC(128) Mac=SHA1
AES256-SHA Kx=RSA Au=RSA Enc=AES-CBC(256) Mac=SHA1
ECDHE-RSA-AES128-SHA256 Kx=ECDH Au=RSA Enc=AES-CBC(128) Mac=SHA256
ECDHE-RSA-AES256-SHA384 Kx=ECDH Au=RSA Enc=AES-CBC(256) Mac=SHA384
RSA-AES128-SHA256 Kx=RSA Au=RSA Enc=AES-CBC(128) Mac=SHA256
RSA-AES256-SHA256 Kx=RSA Au=RSA Enc=AES-CBC(256) Mac=SHA256

The fields above are :

{OpenSSL ciphername}
Kx={key exchange}
Au={authentication}
Enc={symmetric encryption method}
Mac={message authentication code}
{export flag}

10.0.0.112 (tcp/3389)


Here is the list of SSL CBC ciphers supported by the remote server :

Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

DES-CBC3-SHA Kx=RSA Au=RSA Enc=3DES-CBC(168) Mac=SHA1

High Strength Ciphers (>= 112-bit key)

DHE-RSA-AES128-SHA Kx=DH Au=RSA Enc=AES-CBC(128) Mac=SHA1
DHE-RSA-AES256-SHA Kx=DH Au=RSA Enc=AES-CBC(256) Mac=SHA1
ECDHE-RSA-AES128-SHA Kx=ECDH Au=RSA Enc=AES-CBC(128) Mac=SHA1
ECDHE-RSA-AES256-SHA Kx=ECDH Au=RSA Enc=AES-CBC(256) Mac=SHA1
AES128-SHA Kx=RSA Au=RSA Enc=AES-CBC(128) Mac=SHA1
AES256-SHA Kx=RSA Au=RSA Enc=AES-CBC(256) Mac=SHA1
ECDHE-RSA-AES128-SHA256 Kx=ECDH Au=RSA Enc=AES-CBC(128) Mac=SHA256
ECDHE-RSA-AES256-SHA384 Kx=ECDH Au=RSA Enc=AES-CBC(256) Mac=SHA384
RSA-AES128-SHA256 Kx=RSA Au=RSA Enc=AES-CBC(128) Mac=SHA256
RSA-AES256-SHA256 Kx=RSA Au=RSA Enc=AES-CBC(256) Mac=SHA256

The fields above are :

{OpenSSL ciphername}
Kx={key exchange}
Au={authentication}
Enc={symmetric encryption method}
Mac={message authentication code}
{export flag}

10.0.0.133 (tcp/443)


Here is the list of SSL CBC ciphers supported by the remote server :

Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

DES-CBC3-SHA Kx=RSA Au=RSA Enc=3DES-CBC(168) Mac=SHA1

High Strength Ciphers (>= 112-bit key)

DHE-RSA-AES128-SHA Kx=DH Au=RSA Enc=AES-CBC(128) Mac=SHA1
DHE-RSA-AES256-SHA Kx=DH Au=RSA Enc=AES-CBC(256) Mac=SHA1
DHE-RSA-CAMELLIA128-SHA Kx=DH Au=RSA Enc=Camellia-CBC(128) Mac=SHA1
DHE-RSA-CAMELLIA256-SHA Kx=DH Au=RSA Enc=Camellia-CBC(256) Mac=SHA1
ECDHE-RSA-AES128-SHA Kx=ECDH Au=RSA Enc=AES-CBC(128) Mac=SHA1
ECDHE-RSA-AES256-SHA Kx=ECDH Au=RSA Enc=AES-CBC(256) Mac=SHA1
AES128-SHA Kx=RSA Au=RSA Enc=AES-CBC(128) Mac=SHA1
AES256-SHA Kx=RSA Au=RSA Enc=AES-CBC(256) Mac=SHA1
CAMELLIA128-SHA Kx=RSA Au=RSA Enc=Camellia-CBC(128) Mac=SHA1
CAMELLIA256-SHA Kx=RSA Au=RSA Enc=Camellia-CBC(256) Mac=SHA1
DHE-RSA-AES128-SHA256 Kx=DH Au=RSA Enc=AES-CBC(128) Mac=SHA256
DHE-RSA-AES256-SHA256 Kx=DH Au=RSA Enc=AES-CBC(256) Mac=SHA256
ECDHE-RSA-AES128-SHA256 Kx=ECDH Au=RSA Enc=AES-CBC(128) Mac=SHA256
ECDHE-RSA-AES256-SHA384 Kx=ECDH Au=RSA Enc=AES-CBC(256) Mac=SHA384
RSA-AES128-SHA256 Kx=RSA Au=RSA Enc=AES-CBC(128) Mac=SHA256
RSA-AES256-SHA256 Kx=RSA Au=RSA Enc=AES-CBC(256) Mac=SHA256

The fields above are :

{OpenSSL ciphername}
Kx={key exchange}
Au={authentication}
Enc={symmetric encryption method}
Mac={message authentication code}
{export flag}

10.0.0.148 (tcp/3389)


Here is the list of SSL CBC ciphers supported by the remote server :

Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

DES-CBC3-SHA Kx=RSA Au=RSA Enc=3DES-CBC(168) Mac=SHA1

High Strength Ciphers (>= 112-bit key)

DHE-RSA-AES128-SHA Kx=DH Au=RSA Enc=AES-CBC(128) Mac=SHA1
DHE-RSA-AES256-SHA Kx=DH Au=RSA Enc=AES-CBC(256) Mac=SHA1
ECDHE-RSA-AES128-SHA Kx=ECDH Au=RSA Enc=AES-CBC(128) Mac=SHA1
ECDHE-RSA-AES256-SHA Kx=ECDH Au=RSA Enc=AES-CBC(256) Mac=SHA1
AES128-SHA Kx=RSA Au=RSA Enc=AES-CBC(128) Mac=SHA1
AES256-SHA Kx=RSA Au=RSA Enc=AES-CBC(256) Mac=SHA1
ECDHE-RSA-AES128-SHA256 Kx=ECDH Au=RSA Enc=AES-CBC(128) Mac=SHA256
ECDHE-RSA-AES256-SHA384 Kx=ECDH Au=RSA Enc=AES-CBC(256) Mac=SHA384
RSA-AES128-SHA256 Kx=RSA Au=RSA Enc=AES-CBC(128) Mac=SHA256
RSA-AES256-SHA256 Kx=RSA Au=RSA Enc=AES-CBC(256) Mac=SHA256

The fields above are :

{OpenSSL ciphername}
Kx={key exchange}
Au={authentication}
Enc={symmetric encryption method}
Mac={message authentication code}
{export flag}

10.0.0.158 (tcp/25)


Here is the list of SSL CBC ciphers supported by the remote server :

Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

DES-CBC3-SHA Kx=RSA Au=RSA Enc=3DES-CBC(168) Mac=SHA1

High Strength Ciphers (>= 112-bit key)

ECDHE-RSA-AES128-SHA Kx=ECDH Au=RSA Enc=AES-CBC(128) Mac=SHA1
ECDHE-RSA-AES256-SHA Kx=ECDH Au=RSA Enc=AES-CBC(256) Mac=SHA1
AES128-SHA Kx=RSA Au=RSA Enc=AES-CBC(128) Mac=SHA1
AES256-SHA Kx=RSA Au=RSA Enc=AES-CBC(256) Mac=SHA1

The fields above are :

{OpenSSL ciphername}
Kx={key exchange}
Au={authentication}
Enc={symmetric encryption method}
Mac={message authentication code}
{export flag}

10.0.0.158 (tcp/443)


Here is the list of SSL CBC ciphers supported by the remote server :

Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

DES-CBC3-SHA Kx=RSA Au=RSA Enc=3DES-CBC(168) Mac=SHA1

High Strength Ciphers (>= 112-bit key)

ECDHE-RSA-AES128-SHA Kx=ECDH Au=RSA Enc=AES-CBC(128) Mac=SHA1
ECDHE-RSA-AES256-SHA Kx=ECDH Au=RSA Enc=AES-CBC(256) Mac=SHA1
AES128-SHA Kx=RSA Au=RSA Enc=AES-CBC(128) Mac=SHA1
AES256-SHA Kx=RSA Au=RSA Enc=AES-CBC(256) Mac=SHA1

The fields above are :

{OpenSSL ciphername}
Kx={key exchange}
Au={authentication}
Enc={symmetric encryption method}
Mac={message authentication code}
{export flag}

10.0.0.158 (tcp/3389)


Here is the list of SSL CBC ciphers supported by the remote server :

Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

DES-CBC3-SHA Kx=RSA Au=RSA Enc=3DES-CBC(168) Mac=SHA1

High Strength Ciphers (>= 112-bit key)

ECDHE-RSA-AES128-SHA Kx=ECDH Au=RSA Enc=AES-CBC(128) Mac=SHA1
ECDHE-RSA-AES256-SHA Kx=ECDH Au=RSA Enc=AES-CBC(256) Mac=SHA1
AES128-SHA Kx=RSA Au=RSA Enc=AES-CBC(128) Mac=SHA1
AES256-SHA Kx=RSA Au=RSA Enc=AES-CBC(256) Mac=SHA1
ECDHE-RSA-AES128-SHA256 Kx=ECDH Au=RSA Enc=AES-CBC(128) Mac=SHA256
RSA-AES128-SHA256 Kx=RSA Au=RSA Enc=AES-CBC(128) Mac=SHA256
RSA-AES256-SHA256 Kx=RSA Au=RSA Enc=AES-CBC(256) Mac=SHA256

The fields above are :

{OpenSSL ciphername}
Kx={key exchange}
Au={authentication}
Enc={symmetric encryption method}
Mac={message authentication code}
{export flag}

10.0.0.158 (tcp/48000)


Here is the list of SSL CBC ciphers supported by the remote server :

Low Strength Ciphers (<= 64-bit key)

DES-CBC-SHA Kx=RSA Au=RSA Enc=DES-CBC(56) Mac=SHA1

Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

DES-CBC3-SHA Kx=RSA Au=RSA Enc=3DES-CBC(168) Mac=SHA1

High Strength Ciphers (>= 112-bit key)

AES128-SHA Kx=RSA Au=RSA Enc=AES-CBC(128) Mac=SHA1
AES256-SHA Kx=RSA Au=RSA Enc=AES-CBC(256) Mac=SHA1
CAMELLIA128-SHA Kx=RSA Au=RSA Enc=Camellia-CBC(128) Mac=SHA1
CAMELLIA256-SHA Kx=RSA Au=RSA Enc=Camellia-CBC(256) Mac=SHA1
IDEA-CBC-SHA Kx=RSA Au=RSA Enc=IDEA-CBC(128) Mac=SHA1
SEED-SHA Kx=RSA Au=RSA Enc=SEED-CBC(128) Mac=SHA1

The fields above are :

{OpenSSL ciphername}
Kx={key exchange}
Au={authentication}
Enc={symmetric encryption method}
Mac={message authentication code}
{export flag}

10.0.0.158 (tcp/48001)


Here is the list of SSL CBC ciphers supported by the remote server :

Low Strength Ciphers (<= 64-bit key)

DES-CBC-SHA Kx=RSA Au=RSA Enc=DES-CBC(56) Mac=SHA1

Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

DES-CBC3-SHA Kx=RSA Au=RSA Enc=3DES-CBC(168) Mac=SHA1

High Strength Ciphers (>= 112-bit key)

AES128-SHA Kx=RSA Au=RSA Enc=AES-CBC(128) Mac=SHA1
AES256-SHA Kx=RSA Au=RSA Enc=AES-CBC(256) Mac=SHA1
CAMELLIA128-SHA Kx=RSA Au=RSA Enc=Camellia-CBC(128) Mac=SHA1
CAMELLIA256-SHA Kx=RSA Au=RSA Enc=Camellia-CBC(256) Mac=SHA1
IDEA-CBC-SHA Kx=RSA Au=RSA Enc=IDEA-CBC(128) Mac=SHA1
SEED-SHA Kx=RSA Au=RSA Enc=SEED-CBC(128) Mac=SHA1

The fields above are :

{OpenSSL ciphername}
Kx={key exchange}
Au={authentication}
Enc={symmetric encryption method}
Mac={message authentication code}
{export flag}
104743 (31) - TLS Version 1.0 Protocol Detection
Synopsis
The remote service encrypts traffic using an older version of TLS.
Description
The remote service accepts connections encrypted using TLS 1.0. TLS 1.0 has a number of cryptographic design flaws. Modern implementations of TLS 1.0 mitigate these problems, but newer versions of TLS like 1.1 and 1.2 are designed against these flaws and should be used whenever possible.

PCI DSS v3.2 requires that TLS 1.0 be disabled entirely by June 30, 2018, except for POS POI terminals (and the SSL/TLS termination points to which they connect) that can be verified as not being susceptible to any known exploits.
Solution
Enable support for TLS 1.1 and 1.2, and disable support for TLS 1.0.
Risk Factor
None
Plugin Information:
Published: 2017/11/22, Modified: 2018/04/24
Plugin Output

10.0.0.8 (tcp/1433)

TLSv1 is enabled and the server supports at least one cipher.

10.0.0.8 (tcp/3389)

TLSv1 is enabled and the server supports at least one cipher.

10.0.0.14 (tcp/3389)

TLSv1 is enabled and the server supports at least one cipher.

10.0.0.21 (tcp/443)

TLSv1 is enabled and the server supports at least one cipher.

10.0.0.21 (tcp/3389)

TLSv1 is enabled and the server supports at least one cipher.

10.0.0.22 (tcp/3389)

TLSv1 is enabled and the server supports at least one cipher.

10.0.0.25 (tcp/443)

TLSv1 is enabled and the server supports at least one cipher.

10.0.0.25 (tcp/636)

TLSv1 is enabled and the server supports at least one cipher.

10.0.0.25 (tcp/3269)

TLSv1 is enabled and the server supports at least one cipher.

10.0.0.25 (tcp/3389)

TLSv1 is enabled and the server supports at least one cipher.

10.0.0.27 (tcp/636)

TLSv1 is enabled and the server supports at least one cipher.

10.0.0.27 (tcp/3269)

TLSv1 is enabled and the server supports at least one cipher.

10.0.0.27 (tcp/3389)

TLSv1 is enabled and the server supports at least one cipher.

10.0.0.43 (tcp/443)

TLSv1 is enabled and the server supports at least one cipher.

10.0.0.44 (tcp/443)

TLSv1 is enabled and the server supports at least one cipher.

10.0.0.44 (tcp/5989)

TLSv1 is enabled and the server supports at least one cipher.

10.0.0.45 (tcp/443)

TLSv1 is enabled and the server supports at least one cipher.

10.0.0.46 (tcp/443)

TLSv1 is enabled and the server supports at least one cipher.

10.0.0.46 (tcp/5989)

TLSv1 is enabled and the server supports at least one cipher.

10.0.0.47 (tcp/1514)

TLSv1 is enabled and the server supports at least one cipher.

10.0.0.47 (tcp/8191)

TLSv1 is enabled and the server supports at least one cipher.

10.0.0.64 (tcp/3389)

TLSv1 is enabled and the server supports at least one cipher.

10.0.0.64 (tcp/49570)

TLSv1 is enabled and the server supports at least one cipher.

10.0.0.94 (tcp/443)

TLSv1 is enabled and the server supports at least one cipher.

10.0.0.94 (tcp/3389)

TLSv1 is enabled and the server supports at least one cipher.

10.0.0.112 (tcp/3389)

TLSv1 is enabled and the server supports at least one cipher.

10.0.0.133 (tcp/443)

TLSv1 is enabled and the server supports at least one cipher.

10.0.0.148 (tcp/3389)

TLSv1 is enabled and the server supports at least one cipher.

10.0.0.158 (tcp/25)

TLSv1 is enabled and the server supports at least one cipher.

10.0.0.158 (tcp/443)

TLSv1 is enabled and the server supports at least one cipher.

10.0.0.158 (tcp/3389)

TLSv1 is enabled and the server supports at least one cipher.
57041 (26) - SSL Perfect Forward Secrecy Cipher Suites Supported
Synopsis
The remote service supports the use of SSL Perfect Forward Secrecy ciphers, which maintain confidentiality even if the key is stolen.
Description
The remote host supports the use of SSL ciphers that offer Perfect Forward Secrecy (PFS) encryption. These cipher suites ensure that recorded SSL traffic cannot be broken at a future date if the server's private key is compromised.
See Also
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2011/12/07, Modified: 2017/06/12
Plugin Output

10.0.0.8 (tcp/1433)


Here is the list of SSL PFS ciphers supported by the remote server :

High Strength Ciphers (>= 112-bit key)

ECDHE-RSA-AES128-SHA Kx=ECDH Au=RSA Enc=AES-CBC(128) Mac=SHA1
ECDHE-RSA-AES256-SHA Kx=ECDH Au=RSA Enc=AES-CBC(256) Mac=SHA1

The fields above are :

{OpenSSL ciphername}
Kx={key exchange}
Au={authentication}
Enc={symmetric encryption method}
Mac={message authentication code}
{export flag}

10.0.0.8 (tcp/3389)


Here is the list of SSL PFS ciphers supported by the remote server :

High Strength Ciphers (>= 112-bit key)

ECDHE-RSA-AES128-SHA Kx=ECDH Au=RSA Enc=AES-CBC(128) Mac=SHA1
ECDHE-RSA-AES256-SHA Kx=ECDH Au=RSA Enc=AES-CBC(256) Mac=SHA1

The fields above are :

{OpenSSL ciphername}
Kx={key exchange}
Au={authentication}
Enc={symmetric encryption method}
Mac={message authentication code}
{export flag}

10.0.0.14 (tcp/3389)


Here is the list of SSL PFS ciphers supported by the remote server :

High Strength Ciphers (>= 112-bit key)

ECDHE-RSA-AES128-SHA Kx=ECDH Au=RSA Enc=AES-CBC(128) Mac=SHA1
ECDHE-RSA-AES256-SHA Kx=ECDH Au=RSA Enc=AES-CBC(256) Mac=SHA1

The fields above are :

{OpenSSL ciphername}
Kx={key exchange}
Au={authentication}
Enc={symmetric encryption method}
Mac={message authentication code}
{export flag}

10.0.0.21 (tcp/443)


Here is the list of SSL PFS ciphers supported by the remote server :

High Strength Ciphers (>= 112-bit key)

DHE-RSA-AES128-SHA Kx=DH Au=RSA Enc=AES-CBC(128) Mac=SHA1
DHE-RSA-AES256-SHA Kx=DH Au=RSA Enc=AES-CBC(256) Mac=SHA1
ECDHE-RSA-AES128-SHA Kx=ECDH Au=RSA Enc=AES-CBC(128) Mac=SHA1
ECDHE-RSA-AES256-SHA Kx=ECDH Au=RSA Enc=AES-CBC(256) Mac=SHA1

The fields above are :

{OpenSSL ciphername}
Kx={key exchange}
Au={authentication}
Enc={symmetric encryption method}
Mac={message authentication code}
{export flag}

10.0.0.21 (tcp/3389)


Here is the list of SSL PFS ciphers supported by the remote server :

High Strength Ciphers (>= 112-bit key)

DHE-RSA-AES128-SHA256 Kx=DH Au=RSA Enc=AES-GCM(128) Mac=SHA256
DHE-RSA-AES256-SHA384 Kx=DH Au=RSA Enc=AES-GCM(256) Mac=SHA384
DHE-RSA-AES128-SHA Kx=DH Au=RSA Enc=AES-CBC(128) Mac=SHA1
DHE-RSA-AES256-SHA Kx=DH Au=RSA Enc=AES-CBC(256) Mac=SHA1
ECDHE-RSA-AES128-SHA Kx=ECDH Au=RSA Enc=AES-CBC(128) Mac=SHA1
ECDHE-RSA-AES256-SHA Kx=ECDH Au=RSA Enc=AES-CBC(256) Mac=SHA1
ECDHE-RSA-AES128-SHA256 Kx=ECDH Au=RSA Enc=AES-CBC(128) Mac=SHA256
ECDHE-RSA-AES256-SHA384 Kx=ECDH Au=RSA Enc=AES-CBC(256) Mac=SHA384

The fields above are :

{OpenSSL ciphername}
Kx={key exchange}
Au={authentication}
Enc={symmetric encryption method}
Mac={message authentication code}
{export flag}

10.0.0.22 (tcp/3389)


Here is the list of SSL PFS ciphers supported by the remote server :

High Strength Ciphers (>= 112-bit key)

DHE-RSA-AES128-SHA256 Kx=DH Au=RSA Enc=AES-GCM(128) Mac=SHA256
DHE-RSA-AES256-SHA384 Kx=DH Au=RSA Enc=AES-GCM(256) Mac=SHA384
DHE-RSA-AES128-SHA Kx=DH Au=RSA Enc=AES-CBC(128) Mac=SHA1
DHE-RSA-AES256-SHA Kx=DH Au=RSA Enc=AES-CBC(256) Mac=SHA1
ECDHE-RSA-AES128-SHA Kx=ECDH Au=RSA Enc=AES-CBC(128) Mac=SHA1
ECDHE-RSA-AES256-SHA Kx=ECDH Au=RSA Enc=AES-CBC(256) Mac=SHA1
ECDHE-RSA-AES128-SHA256 Kx=ECDH Au=RSA Enc=AES-CBC(128) Mac=SHA256
ECDHE-RSA-AES256-SHA384 Kx=ECDH Au=RSA Enc=AES-CBC(256) Mac=SHA384

The fields above are :

{OpenSSL ciphername}
Kx={key exchange}
Au={authentication}
Enc={symmetric encryption method}
Mac={message authentication code}
{export flag}

10.0.0.25 (tcp/443)


Here is the list of SSL PFS ciphers supported by the remote server :

High Strength Ciphers (>= 112-bit key)

DHE-RSA-AES128-SHA Kx=DH Au=RSA Enc=AES-CBC(128) Mac=SHA1
DHE-RSA-AES256-SHA Kx=DH Au=RSA Enc=AES-CBC(256) Mac=SHA1
ECDHE-RSA-AES128-SHA Kx=ECDH Au=RSA Enc=AES-CBC(128) Mac=SHA1
ECDHE-RSA-AES256-SHA Kx=ECDH Au=RSA Enc=AES-CBC(256) Mac=SHA1

The fields above are :

{OpenSSL ciphername}
Kx={key exchange}
Au={authentication}
Enc={symmetric encryption method}
Mac={message authentication code}
{export flag}

10.0.0.25 (tcp/636)


Here is the list of SSL PFS ciphers supported by the remote server :

High Strength Ciphers (>= 112-bit key)

DHE-RSA-AES128-SHA Kx=DH Au=RSA Enc=AES-CBC(128) Mac=SHA1
DHE-RSA-AES256-SHA Kx=DH Au=RSA Enc=AES-CBC(256) Mac=SHA1
ECDHE-RSA-AES128-SHA Kx=ECDH Au=RSA Enc=AES-CBC(128) Mac=SHA1
ECDHE-RSA-AES256-SHA Kx=ECDH Au=RSA Enc=AES-CBC(256) Mac=SHA1

The fields above are :

{OpenSSL ciphername}
Kx={key exchange}
Au={authentication}
Enc={symmetric encryption method}
Mac={message authentication code}
{export flag}

10.0.0.25 (tcp/3269)


Here is the list of SSL PFS ciphers supported by the remote server :

High Strength Ciphers (>= 112-bit key)

DHE-RSA-AES128-SHA Kx=DH Au=RSA Enc=AES-CBC(128) Mac=SHA1
DHE-RSA-AES256-SHA Kx=DH Au=RSA Enc=AES-CBC(256) Mac=SHA1
ECDHE-RSA-AES128-SHA Kx=ECDH Au=RSA Enc=AES-CBC(128) Mac=SHA1
ECDHE-RSA-AES256-SHA Kx=ECDH Au=RSA Enc=AES-CBC(256) Mac=SHA1

The fields above are :

{OpenSSL ciphername}
Kx={key exchange}
Au={authentication}
Enc={symmetric encryption method}
Mac={message authentication code}
{export flag}

10.0.0.25 (tcp/3389)


Here is the list of SSL PFS ciphers supported by the remote server :

High Strength Ciphers (>= 112-bit key)

DHE-RSA-AES128-SHA256 Kx=DH Au=RSA Enc=AES-GCM(128) Mac=SHA256
DHE-RSA-AES256-SHA384 Kx=DH Au=RSA Enc=AES-GCM(256) Mac=SHA384
DHE-RSA-AES128-SHA Kx=DH Au=RSA Enc=AES-CBC(128) Mac=SHA1
DHE-RSA-AES256-SHA Kx=DH Au=RSA Enc=AES-CBC(256) Mac=SHA1
ECDHE-RSA-AES128-SHA Kx=ECDH Au=RSA Enc=AES-CBC(128) Mac=SHA1
ECDHE-RSA-AES256-SHA Kx=ECDH Au=RSA Enc=AES-CBC(256) Mac=SHA1
ECDHE-RSA-AES128-SHA256 Kx=ECDH Au=RSA Enc=AES-CBC(128) Mac=SHA256
ECDHE-RSA-AES256-SHA384 Kx=ECDH Au=RSA Enc=AES-CBC(256) Mac=SHA384

The fields above are :

{OpenSSL ciphername}
Kx={key exchange}
Au={authentication}
Enc={symmetric encryption method}
Mac={message authentication code}
{export flag}

10.0.0.27 (tcp/636)


Here is the list of SSL PFS ciphers supported by the remote server :

High Strength Ciphers (>= 112-bit key)

DHE-RSA-AES128-SHA Kx=DH Au=RSA Enc=AES-CBC(128) Mac=SHA1
DHE-RSA-AES256-SHA Kx=DH Au=RSA Enc=AES-CBC(256) Mac=SHA1
ECDHE-RSA-AES128-SHA Kx=ECDH Au=RSA Enc=AES-CBC(128) Mac=SHA1
ECDHE-RSA-AES256-SHA Kx=ECDH Au=RSA Enc=AES-CBC(256) Mac=SHA1

The fields above are :

{OpenSSL ciphername}
Kx={key exchange}
Au={authentication}
Enc={symmetric encryption method}
Mac={message authentication code}
{export flag}

10.0.0.27 (tcp/3269)


Here is the list of SSL PFS ciphers supported by the remote server :

High Strength Ciphers (>= 112-bit key)

DHE-RSA-AES128-SHA Kx=DH Au=RSA Enc=AES-CBC(128) Mac=SHA1
DHE-RSA-AES256-SHA Kx=DH Au=RSA Enc=AES-CBC(256) Mac=SHA1
ECDHE-RSA-AES128-SHA Kx=ECDH Au=RSA Enc=AES-CBC(128) Mac=SHA1
ECDHE-RSA-AES256-SHA Kx=ECDH Au=RSA Enc=AES-CBC(256) Mac=SHA1

The fields above are :

{OpenSSL ciphername}
Kx={key exchange}
Au={authentication}
Enc={symmetric encryption method}
Mac={message authentication code}
{export flag}

10.0.0.27 (tcp/3389)


Here is the list of SSL PFS ciphers supported by the remote server :

High Strength Ciphers (>= 112-bit key)

DHE-RSA-AES128-SHA256 Kx=DH Au=RSA Enc=AES-GCM(128) Mac=SHA256
DHE-RSA-AES256-SHA384 Kx=DH Au=RSA Enc=AES-GCM(256) Mac=SHA384
DHE-RSA-AES128-SHA Kx=DH Au=RSA Enc=AES-CBC(128) Mac=SHA1
DHE-RSA-AES256-SHA Kx=DH Au=RSA Enc=AES-CBC(256) Mac=SHA1
ECDHE-RSA-AES128-SHA Kx=ECDH Au=RSA Enc=AES-CBC(128) Mac=SHA1
ECDHE-RSA-AES256-SHA Kx=ECDH Au=RSA Enc=AES-CBC(256) Mac=SHA1
ECDHE-RSA-AES128-SHA256 Kx=ECDH Au=RSA Enc=AES-CBC(128) Mac=SHA256
ECDHE-RSA-AES256-SHA384 Kx=ECDH Au=RSA Enc=AES-CBC(256) Mac=SHA384

The fields above are :

{OpenSSL ciphername}
Kx={key exchange}
Au={authentication}
Enc={symmetric encryption method}
Mac={message authentication code}
{export flag}

10.0.0.43 (tcp/443)


Here is the list of SSL PFS ciphers supported by the remote server :

Low Strength Ciphers (<= 64-bit key)

EXP-EDH-RSA-DES-CBC-SHA Kx=DH(512) Au=RSA Enc=DES-CBC(40) Mac=SHA1 export
EDH-RSA-DES-CBC-SHA Kx=DH Au=RSA Enc=DES-CBC(56) Mac=SHA1

Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

EDH-RSA-DES-CBC3-SHA Kx=DH Au=RSA Enc=3DES-CBC(168) Mac=SHA1

The fields above are :

{OpenSSL ciphername}
Kx={key exchange}
Au={authentication}
Enc={symmetric encryption method}
Mac={message authentication code}
{export flag}

10.0.0.45 (tcp/443)


Here is the list of SSL PFS ciphers supported by the remote server :

Low Strength Ciphers (<= 64-bit key)

EXP-EDH-RSA-DES-CBC-SHA Kx=DH(512) Au=RSA Enc=DES-CBC(40) Mac=SHA1 export
EDH-RSA-DES-CBC-SHA Kx=DH Au=RSA Enc=DES-CBC(56) Mac=SHA1

Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

EDH-RSA-DES-CBC3-SHA Kx=DH Au=RSA Enc=3DES-CBC(168) Mac=SHA1

The fields above are :

{OpenSSL ciphername}
Kx={key exchange}
Au={authentication}
Enc={symmetric encryption method}
Mac={message authentication code}
{export flag}

10.0.0.47 (tcp/8191)


Here is the list of SSL PFS ciphers supported by the remote server :

High Strength Ciphers (>= 112-bit key)

ECDHE-RSA-AES256-SHA Kx=ECDH Au=RSA Enc=AES-CBC(256) Mac=SHA1

The fields above are :

{OpenSSL ciphername}
Kx={key exchange}
Au={authentication}
Enc={symmetric encryption method}
Mac={message authentication code}
{export flag}

10.0.0.64 (tcp/3389)


Here is the list of SSL PFS ciphers supported by the remote server :

High Strength Ciphers (>= 112-bit key)

DHE-RSA-AES128-SHA256 Kx=DH Au=RSA Enc=AES-GCM(128) Mac=SHA256
DHE-RSA-AES256-SHA384 Kx=DH Au=RSA Enc=AES-GCM(256) Mac=SHA384
DHE-RSA-AES128-SHA Kx=DH Au=RSA Enc=AES-CBC(128) Mac=SHA1
DHE-RSA-AES256-SHA Kx=DH Au=RSA Enc=AES-CBC(256) Mac=SHA1
ECDHE-RSA-AES128-SHA Kx=ECDH Au=RSA Enc=AES-CBC(128) Mac=SHA1
ECDHE-RSA-AES256-SHA Kx=ECDH Au=RSA Enc=AES-CBC(256) Mac=SHA1
ECDHE-RSA-AES128-SHA256 Kx=ECDH Au=RSA Enc=AES-CBC(128) Mac=SHA256
ECDHE-RSA-AES256-SHA384 Kx=ECDH Au=RSA Enc=AES-CBC(256) Mac=SHA384

The fields above are :

{OpenSSL ciphername}
Kx={key exchange}
Au={authentication}
Enc={symmetric encryption method}
Mac={message authentication code}
{export flag}

10.0.0.64 (tcp/49570)


Here is the list of SSL PFS ciphers supported by the remote server :

High Strength Ciphers (>= 112-bit key)

DHE-RSA-AES128-SHA256 Kx=DH Au=RSA Enc=AES-GCM(128) Mac=SHA256
DHE-RSA-AES256-SHA384 Kx=DH Au=RSA Enc=AES-GCM(256) Mac=SHA384
DHE-RSA-AES128-SHA Kx=DH Au=RSA Enc=AES-CBC(128) Mac=SHA1
DHE-RSA-AES256-SHA Kx=DH Au=RSA Enc=AES-CBC(256) Mac=SHA1
ECDHE-RSA-AES128-SHA Kx=ECDH Au=RSA Enc=AES-CBC(128) Mac=SHA1
ECDHE-RSA-AES256-SHA Kx=ECDH Au=RSA Enc=AES-CBC(256) Mac=SHA1
ECDHE-RSA-AES128-SHA256 Kx=ECDH Au=RSA Enc=AES-CBC(128) Mac=SHA256
ECDHE-RSA-AES256-SHA384 Kx=ECDH Au=RSA Enc=AES-CBC(256) Mac=SHA384

The fields above are :

{OpenSSL ciphername}
Kx={key exchange}
Au={authentication}
Enc={symmetric encryption method}
Mac={message authentication code}
{export flag}

10.0.0.94 (tcp/443)


Here is the list of SSL PFS ciphers supported by the remote server :

High Strength Ciphers (>= 112-bit key)

DHE-RSA-AES128-SHA Kx=DH Au=RSA Enc=AES-CBC(128) Mac=SHA1
DHE-RSA-AES256-SHA Kx=DH Au=RSA Enc=AES-CBC(256) Mac=SHA1
ECDHE-RSA-AES128-SHA Kx=ECDH Au=RSA Enc=AES-CBC(128) Mac=SHA1
ECDHE-RSA-AES256-SHA Kx=ECDH Au=RSA Enc=AES-CBC(256) Mac=SHA1

The fields above are :

{OpenSSL ciphername}
Kx={key exchange}
Au={authentication}
Enc={symmetric encryption method}
Mac={message authentication code}
{export flag}

10.0.0.94 (tcp/3389)


Here is the list of SSL PFS ciphers supported by the remote server :

High Strength Ciphers (>= 112-bit key)

DHE-RSA-AES128-SHA256 Kx=DH Au=RSA Enc=AES-GCM(128) Mac=SHA256
DHE-RSA-AES256-SHA384 Kx=DH Au=RSA Enc=AES-GCM(256) Mac=SHA384
DHE-RSA-AES128-SHA Kx=DH Au=RSA Enc=AES-CBC(128) Mac=SHA1
DHE-RSA-AES256-SHA Kx=DH Au=RSA Enc=AES-CBC(256) Mac=SHA1
ECDHE-RSA-AES128-SHA Kx=ECDH Au=RSA Enc=AES-CBC(128) Mac=SHA1
ECDHE-RSA-AES256-SHA Kx=ECDH Au=RSA Enc=AES-CBC(256) Mac=SHA1
ECDHE-RSA-AES128-SHA256 Kx=ECDH Au=RSA Enc=AES-CBC(128) Mac=SHA256
ECDHE-RSA-AES256-SHA384 Kx=ECDH Au=RSA Enc=AES-CBC(256) Mac=SHA384

The fields above are :

{OpenSSL ciphername}
Kx={key exchange}
Au={authentication}
Enc={symmetric encryption method}
Mac={message authentication code}
{export flag}

10.0.0.112 (tcp/3389)


Here is the list of SSL PFS ciphers supported by the remote server :

High Strength Ciphers (>= 112-bit key)

DHE-RSA-AES128-SHA256 Kx=DH Au=RSA Enc=AES-GCM(128) Mac=SHA256
DHE-RSA-AES256-SHA384 Kx=DH Au=RSA Enc=AES-GCM(256) Mac=SHA384
DHE-RSA-AES128-SHA Kx=DH Au=RSA Enc=AES-CBC(128) Mac=SHA1
DHE-RSA-AES256-SHA Kx=DH Au=RSA Enc=AES-CBC(256) Mac=SHA1
ECDHE-RSA-AES128-SHA Kx=ECDH Au=RSA Enc=AES-CBC(128) Mac=SHA1
ECDHE-RSA-AES256-SHA Kx=ECDH Au=RSA Enc=AES-CBC(256) Mac=SHA1
ECDHE-RSA-AES128-SHA256 Kx=ECDH Au=RSA Enc=AES-CBC(128) Mac=SHA256
ECDHE-RSA-AES256-SHA384 Kx=ECDH Au=RSA Enc=AES-CBC(256) Mac=SHA384

The fields above are :

{OpenSSL ciphername}
Kx={key exchange}
Au={authentication}
Enc={symmetric encryption method}
Mac={message authentication code}
{export flag}

10.0.0.133 (tcp/443)


Here is the list of SSL PFS ciphers supported by the remote server :

High Strength Ciphers (>= 112-bit key)

DHE-RSA-AES128-SHA256 Kx=DH Au=RSA Enc=AES-GCM(128) Mac=SHA256
DHE-RSA-AES256-SHA384 Kx=DH Au=RSA Enc=AES-GCM(256) Mac=SHA384
ECDHE-RSA-AES128-SHA256 Kx=ECDH Au=RSA Enc=AES-GCM(128) Mac=SHA256
ECDHE-RSA-AES256-SHA384 Kx=ECDH Au=RSA Enc=AES-GCM(256) Mac=SHA384
DHE-RSA-AES128-SHA Kx=DH Au=RSA Enc=AES-CBC(128) Mac=SHA1
DHE-RSA-AES256-SHA Kx=DH Au=RSA Enc=AES-CBC(256) Mac=SHA1
DHE-RSA-CAMELLIA128-SHA Kx=DH Au=RSA Enc=Camellia-CBC(128) Mac=SHA1
DHE-RSA-CAMELLIA256-SHA Kx=DH Au=RSA Enc=Camellia-CBC(256) Mac=SHA1
ECDHE-RSA-AES128-SHA Kx=ECDH Au=RSA Enc=AES-CBC(128) Mac=SHA1
ECDHE-RSA-AES256-SHA Kx=ECDH Au=RSA Enc=AES-CBC(256) Mac=SHA1
DHE-RSA-AES128-SHA256 Kx=DH Au=RSA Enc=AES-CBC(128) Mac=SHA256
DHE-RSA-AES256-SHA256 Kx=DH Au=RSA Enc=AES-CBC(256) Mac=SHA256
ECDHE-RSA-AES128-SHA256 Kx=ECDH Au=RSA Enc=AES-CBC(128) Mac=SHA256
ECDHE-RSA-AES256-SHA384 Kx=ECDH Au=RSA Enc=AES-CBC(256) Mac=SHA384

The fields above are :

{OpenSSL ciphername}
Kx={key exchange}
Au={authentication}
Enc={symmetric encryption method}
Mac={message authentication code}
{export flag}

10.0.0.148 (tcp/3389)


Here is the list of SSL PFS ciphers supported by the remote server :

High Strength Ciphers (>= 112-bit key)

DHE-RSA-AES128-SHA256 Kx=DH Au=RSA Enc=AES-GCM(128) Mac=SHA256
DHE-RSA-AES256-SHA384 Kx=DH Au=RSA Enc=AES-GCM(256) Mac=SHA384
ECDHE-RSA-AES128-SHA256 Kx=ECDH Au=RSA Enc=AES-GCM(128) Mac=SHA256
ECDHE-RSA-AES256-SHA384 Kx=ECDH Au=RSA Enc=AES-GCM(256) Mac=SHA384
DHE-RSA-AES128-SHA Kx=DH Au=RSA Enc=AES-CBC(128) Mac=SHA1
DHE-RSA-AES256-SHA Kx=DH Au=RSA Enc=AES-CBC(256) Mac=SHA1
ECDHE-RSA-AES128-SHA Kx=ECDH Au=RSA Enc=AES-CBC(128) Mac=SHA1
ECDHE-RSA-AES256-SHA Kx=ECDH Au=RSA Enc=AES-CBC(256) Mac=SHA1
ECDHE-RSA-AES128-SHA256 Kx=ECDH Au=RSA Enc=AES-CBC(128) Mac=SHA256
ECDHE-RSA-AES256-SHA384 Kx=ECDH Au=RSA Enc=AES-CBC(256) Mac=SHA384

The fields above are :

{OpenSSL ciphername}
Kx={key exchange}
Au={authentication}
Enc={symmetric encryption method}
Mac={message authentication code}
{export flag}

10.0.0.158 (tcp/25)


Here is the list of SSL PFS ciphers supported by the remote server :

High Strength Ciphers (>= 112-bit key)

ECDHE-RSA-AES128-SHA Kx=ECDH Au=RSA Enc=AES-CBC(128) Mac=SHA1
ECDHE-RSA-AES256-SHA Kx=ECDH Au=RSA Enc=AES-CBC(256) Mac=SHA1

The fields above are :

{OpenSSL ciphername}
Kx={key exchange}
Au={authentication}
Enc={symmetric encryption method}
Mac={message authentication code}
{export flag}

10.0.0.158 (tcp/443)


Here is the list of SSL PFS ciphers supported by the remote server :

High Strength Ciphers (>= 112-bit key)

ECDHE-RSA-AES128-SHA Kx=ECDH Au=RSA Enc=AES-CBC(128) Mac=SHA1
ECDHE-RSA-AES256-SHA Kx=ECDH Au=RSA Enc=AES-CBC(256) Mac=SHA1

The fields above are :

{OpenSSL ciphername}
Kx={key exchange}
Au={authentication}
Enc={symmetric encryption method}
Mac={message authentication code}
{export flag}

10.0.0.158 (tcp/3389)


Here is the list of SSL PFS ciphers supported by the remote server :

High Strength Ciphers (>= 112-bit key)

ECDHE-RSA-AES128-SHA Kx=ECDH Au=RSA Enc=AES-CBC(128) Mac=SHA1
ECDHE-RSA-AES256-SHA Kx=ECDH Au=RSA Enc=AES-CBC(256) Mac=SHA1
ECDHE-RSA-AES128-SHA256 Kx=ECDH Au=RSA Enc=AES-CBC(128) Mac=SHA256

The fields above are :

{OpenSSL ciphername}
Kx={key exchange}
Au={authentication}
Enc={symmetric encryption method}
Mac={message authentication code}
{export flag}
10107 (25) - HTTP Server Type and Version
Synopsis
A web server is running on the remote host.
Description
This plugin attempts to determine the type and the version of the remote web server.
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2000/01/04, Modified: 2018/03/16
Plugin Output

10.0.0.1 (tcp/80)

The remote web server type is :

lighttpd/1.4.39

10.0.0.1 (tcp/8090)

The remote web server type is :

lighttpd/1.4.39

10.0.0.1 (tcp/8181)

The remote web server type is :

lighttpd/1.4.39

10.0.0.1 (tcp/8889)

The remote web server type is :

lighttpd/1.4.39

10.0.0.14 (tcp/6002)

The remote web server type is :

SentinelProtectionServer/7.3

10.0.0.14 (tcp/7002)

The remote web server type is :

SentinelKeysServer/1.0

10.0.0.21 (tcp/443)

The remote web server type is :

Microsoft-IIS/7.5

10.0.0.25 (tcp/443)

The remote web server type is :

Microsoft-IIS/7.5

10.0.0.43 (tcp/80)

The remote web server type is :

Allegro-Software-RomPager/4.62

10.0.0.43 (tcp/443)

The remote web server type is :

Allegro-Software-RomPager/4.62

10.0.0.45 (tcp/80)

The remote web server type is :

Allegro-Software-RomPager/4.62

10.0.0.45 (tcp/443)

The remote web server type is :

Allegro-Software-RomPager/4.62

10.0.0.47 (tcp/8190)

The remote web server type is :

Apache

10.0.0.47 (tcp/8191)

The remote web server type is :

Apache

10.0.0.47 (tcp/8443)

The remote web server type is :

Apache-Coyote/1.1

10.0.0.47 (tcp/9443)

The remote web server type is :

Apache-Coyote/1.1

10.0.0.47 (tcp/22000)

The remote web server type is :

Apache

10.0.0.87 (tcp/80)

The remote web server type is :

lighttpd

10.0.0.94 (tcp/443)

The remote web server type is :

Microsoft-IIS/7.5

10.0.0.133 (tcp/80)

The remote web server type is :

Apache/2.2.34 (Debian)

10.0.0.133 (tcp/443)

The remote web server type is :

Apache/2.2.34 (Debian)

10.0.0.133 (tcp/8200)

The remote web server type is :

4.1.30.alpine.1 DLNADOC/1.50 UPnP/1.0 ReadyDLNA/1.2.1

10.0.0.158 (tcp/443)

The remote web server type is :

Microsoft-IIS/7.5

10.0.0.248 (tcp/80)

The remote web server type is :

eHTTP v2.0

10.0.0.249 (tcp/80)

The remote web server type is :

eHTTP v2.0
24260 (24) - HyperText Transfer Protocol (HTTP) Information
Synopsis
Some information about the remote HTTP configuration can be extracted.
Description
This test gives some information about the remote HTTP protocol - the version used, whether HTTP Keep-Alive and HTTP pipelining are enabled, etc...

This test is informational only and does not denote any security problem.
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2007/01/30, Modified: 2017/11/13
Plugin Output

10.0.0.1 (tcp/80)


Response Code : HTTP/1.1 200 OK

Protocol version : HTTP/1.1
SSL : no
Keep-Alive : no
Options allowed : OPTIONS, GET, HEAD, POST
Headers :

X-Frame-Options: deny
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Content-Type: text/html
Accept-Ranges: bytes
Last-Modified: Fri, 08 Dec 2017 05:06:31 GMT
Content-Length: 46350
Connection: close
Server: lighttpd/1.4.39

Response Body :

<!DOCTYPE html>
<!--[if lt IE 7]> <html class="no-js lt-ie9 lt-ie8 lt-ie7"> <![endif]-->
<!--[if IE 7]> <html class="no-js lt-ie9 lt-ie8"> <![endif]-->
<!--[if IE 8]> <html class="no-js lt-ie9"> <![endif]-->
<!--[if gt IE 8]><!-->
<html class="no-js"> <!--<![endif]-->
<head>
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1">
<title></title>
<meta name="description" content="">
<meta name="viewport" content="width=device-width">
<link rel="stylesheet" href="css/normalize.css">
<link rel="stylesheet" href="css/main.css">
<script src="third_party/modernizr/modernizr-2.6.2-respond-1.1.0.min.js"></script>
<link rel="shortcut icon" href="/images/favicon.ico" type="image/x-icon" />
</head>
<body class="clearfix">
<div id="top" class="clearfix">
<div id="head">
<img src="images/cisco-meraki.png" width="120">
</div>
<header id="status">
<i class="icon-check-circled green" id="healthy_check" style="display: none;"></i>
<h1 id="healthy_status" style="display: none;">Healthy</h1>
<h2 id="healthy_message" style="display: none;">This <a class='device_noun'></a>&nbsp;is functioning normally</h2>
<i class="icon-alert" id="alert_x"style="display: none; color: #FFD700;"></i>
<h1 id="alert_status" style="display: none">Something's not right</h1>
<div id="status-text">
<h2 id="lan_check_text_scan_status" style="display: none;">
This <a class='device_noun'></a>&nbsp;is trying to join a network or find a working ethernet connection.
</h2>
<h2 id="lan_check_text_ipconflict_status" style="display: none;">
This <a class='device_noun'></a>&nbsp;has detected an IP conflict on its uplink connection with another machine.
</h2>
<h2 id="internet_check_text_bad_status" style="display: none;">
This <a class='device_noun'></a>&nbsp;is not connected to the Internet.
</h2>
<h2 id="internet_check_text_nodns_status" style="display: none;">
This <a class='device_noun'></a>&nbsp;does not have a working DNS server.
</h2>
<h2 id="config_check_text_bad_status" style="display: none;">
This <a class='device_noun'></a>&nbsp;is not connected to the Cisco Meraki cloud.
</h2>
<h2 id="config_check_text_mtunnel_bad_status" style="display: none;">
Make sure you can send outgoing traffic to UDP port 7351 through your firewall.
</h2>
<h2 id="config_check_text_config_bad_status" style="display: none;">
Make sure you can send outgoing traffic to TCP port 7734 through your firewall.
</h2>
</div>
<i class="icon-alert green" id="site_survey_alert" style="display: none;"></i>
<h1 id="site_survey_status" style="display: none;">Site Survey</h1>
<h2 id="site_survey_message" style="display: none;">This <a class='device_noun'></a>&nbsp;is in site survey mode. You can disable site survey mode on the Configure tab.</h2>
</header>
</div>
<div id="margin-clear">.</div>
<div id="details" data-spy="affix" data-offset-top="333" style="display:none;">
<div class="simple-tabs-container">
<ul class="simple-tabs container" style="white-space:nowrap;"><li class="connection_tab" style="display: none;">Connection</li><li class="neighbors_tab" style="display: none;">Neighbors</li><li class="configure_tab">Configure</li><li class="ethernet_tab" style="display: none;">Ethernet</li><li class="swports_status_tab" style="display: none;">Switch ports status</li><li class="swports_conf_tab" style="display: none;">Switch ports configuration</li></ul>
<ul class="simple-tabs-content container">
<!-- Connection -->
<li>
<section id="connection">
<div class="sub-section">
<h1>Your client connection</h1>
<table>
<tr id="your_ip_line" class="your_hideable_connection_info" style="display: none;">
<th scope="row">Client IP</th><td id="your_ip"></td>
</tr>
<tr id="your_mac_line" class="your_hideable_connection_info" style="display: none;">
<th scope="row">Client MAC</th><td id="your_mac"></td>
</tr>
<tr id="your_vlan_line" class="your_hideable_connection_info" style="display: none;">
<th scope="row">VLAN</th><td id="your_vlan"></td>
</tr>
<tr id="your_port_line" class="your_hideable_connection_info" style="display: none;">
<th scope="row">Port</th><td id="your_port"></td>
</tr>
<tr id="your_radio_line" style="display: none;">
<th scope="row">AP radio</th><td id="your_radio"></td>
</tr>
<tr id="your_channel_line" style="display: none;">
<th scope="row">Channel</th><td id="your_channel"></td>
</tr>
<tr id="your_mode_line" style="display: none;">
<th scope="row">Mode</th><td id="wireless_mode"></td>
</tr>
<tr id="your_max_bitrate_line" style="display: none;">
<th scope="row">Max bitrate</th><td id="max_device_bitrate"></td>
</tr>
<tr id="your_signal_line" style="display: none;">
<th scope="row">Signal</th>
<td><span id="signal_strength"></span>
<div class="meter" id="rssi_graph">
<div class="meter-bar" id="rssi_graph_bar"></div>
</div>
</td>
</tr>
</table>
</div>
<div id="speed-test" class="sub-section" style="display: none;">
<h1>Speed test</h1>
<p>Run a browser-based speed test to check your connection to this <a class='device_noun'></a>.</p>
<div id="toggle_speed_test" class="button button_speed_test" style="margin-right: 1%;"><span id="speed_test_button_text">Run speed test</span></div>
<div id="speed_test_spinner" style="height: 7px; width: 25px; display: none;"></div>
<div id='speed_test_out'></div>
</div>
<div class="sub-section">
<h1><a class='device_noun_camel'></a> details</h1>
<table>
<tr id="device_name_row_container" style="display: none;">
<th>Name</th><td id='device_name'></td>
</tr>
<tr>
<th>Network name</th><td id='device_network_name'></td>
</tr>
<tr>
<th>Hardware address</th><td class='device_mac'></td>
</tr>
<tr id="product_model_details" style="display: none;">
<th>Product model</th><td id='product_model_text'></td>
</tr>
<tr id="radio_1_util" style="display: none;">
<th id="radio_1_text"></th>
<td>
<span>
<div id="radio_1_wifi_text"></div>
</span>
<div class="meter">
<div class="meter-bar" id="radio_1_wifi_bar" style="background:#880000; float:left;"></div>
<div class="meter-bar" id="radio_1_non_wifi_bar" style="float:left;"></div>
</div>
<div id="radio_1_non_wifi_text"></div>
</td>
</tr>
<tr id="radio_2_util" style="display: none;">
<th id="radio_2_text"></th>
<td>
<span>
<div id="radio_2_wifi_text"></div>
</span>
<div class="meter">
<div class="meter-bar" id="radio_2_wifi_bar" style="background:#880000; float:left;"></div>
<div class="meter-bar" id="radio_2_non_wifi_bar" style="float:left;"></div>
</div>
<div id="radio_2_non_wifi_text"></div>
</td>
</tr>
<tr id="tr_ethernet_connectivity" style="display: none;">
<th>Ethernet</th>
<td>
<div id="lan_check_text_gateway" style="display: none;">
This <a class='device_noun'></a>&nbsp;is directly connected to a local network.
<div><span class="wired_nat_details">Primary&nbsp;</span>IP address: <span class="wired_ip"></span>&nbsp;</div>
</div>
<div id="lan_check_text_node" style="display: none;">
<div><span class="wired_nat_details">Primary&nbsp;</span>IP address: <span class="wired_ip"></span>&nbsp;</div>
This <a class='device_noun'></a>&nbsp;is acting as a repeater and has not detected a uplink connection on an Ethernet port.
</div>
<div id="lan_check_text_scan" style="display: none;">
This <a class='device_noun'></a>&nbsp;is trying to join a network or find a working Ethernet connection.
</div>
<div id="lan_check_text_ipconflict" style="display: none;">
<div><span class="wired_nat_details">Primary&nbsp;</span>IP address: <span class="wired_ip"></span>&nbsp;</div>
This <a class='device_noun'></a>&nbsp;has detected an IP conflict on its uplink connection with another machine.
</div>
<div class="details wired_nat_details" id="ip_details"></div>
</td>
</tr>
<tr id="tr_internet_check" style="display: none;">
<th>Internet</th>
<td>
<div id="internet_check_text_good" style="display: none;">
This <a class='device_noun'></a>&nbsp;is connected to the Internet.
</div>
<div id="internet_check_text_bad" style="display: none;">
This <a class='device_noun'></a>&nbsp;is not connected to the Internet.
</div>
<div id="internet_check_text_nodns" style="display: none;">
This <a class='device_noun'></a>&nbsp;does not have a working DNS server.
</div>
</td>
</tr>
<tr>
<th>Cisco Meraki cloud</th>
<td>
<div id="config_check_text_bad" style="display: none;">
This <a class='device_noun'></a>&nbsp;is not connected to the Cisco Meraki cloud.
</div>
<div id="config_check_text_mtunnel_bad" style="display: none;">
Make sure you can send outgoing traffic to UDP port 7351 through your firewall.
</div>
<div id="config_check_text_config_bad" style="display: none;">
Make sure you can send outgoing traffic to TCP port 7734 through your firewall.
</div>
<div id="config_check_text_good" style="display: none;">
This <a class='device_noun'></a>&nbsp;is successfully connected to the <a id="node_link" href="http://dashboard.meraki.com">Cisco Meraki cloud</a>.
</div>
</td>
</tr>
<tr id="firmware_check_text" style="display:none;">
<th>Firmware</th>
<td>
<div id="firmware_check_text_updating" style="display:none;"></div>
</td>
</tr>
</table>
</div>
<div id="stacking_status" class="sub-section" style="display:none;">
<h1>Stacking Status</h1>
<table id="stack_info" class="flip-table">
<thead>
<tr>
<th> Hardware Addresss </th>
<th> Product Model </th>
<th> Current </th>
</tr>
</thead>
<tbody></tbody>
</table>
</div>
</section>
</li>

<!-- Neighbors -->
<li>
<section id="meraki_peers" style="display:none;">
<h1>Meraki peers</h1>
<table class="flip-table sortable">
<thead>
<tr>
<th class="ssid_m" scope="col"><span style="cursor:pointer">SSID</span></th>
<th class="bssid_m" scope="col"><span style="cursor:pointer">BSSID</span></th>
<th class="channel_m" scope="col"><span style="cursor:pointer">Channel</span></th>
<th class="signal_m" scope="col" data-defaultsort='dsc'><span style="cursor:pointer">Signal (dB)</span></th>
<th class="mode_m" scope="col"><span style="cursor:pointer">Mode</span></th>
<th class="encryption_m" scope="col"><span style="cursor:pointer">Encryption</span></th>
</tr>
</thead>
<tbody></tbody>
</table>
</section>
<section id="neighbors">
<h1>Neighbors</h1>
<table class="flip-table sortable">
<thead>
<tr>
<th class="ssid" scope="col"><span style="cursor:pointer">SSID</span></th>
<th class="bssid" scope="col"><span style="cursor:pointer">BSSID</span></th>
<th class="channel" scope="col"><span style="cursor:pointer">Channel</span></th>
<th class="signal" scope="col" data-defaultsort='dsc'><span style="cursor:pointer">Signal (dB)</span></th>
<th class="mode" scope="col"><span style="cursor:pointer">Mode</span></th>
<th class="encryption" scope="col"><span style="cursor:pointer">Encryption</span></th>
</tr>
</thead>
<tbody></tbody>
</table>
</section>
</li>

<!-- Configure -->
<li>

<form class="clearfix" id="configure_form">

<section id="wired-uplink-config">
<h1>Uplink configuration</h1>
<p>Configure the uplink Internet connection on this <a class='device_noun'></a>.</p>
<fieldset id="ip_config" class="ip_config" style='height:100%'>
<h2>Internet 1</h2>
<ul>
<li>
<label for='vlan_tagging_enabled'>VLAN tagging</label>
<select class='vlan_tagging_enabled' name='vlan_tagging_enabled'>
<option value='disabled'>Don't use VLAN tagging</option>
<option value='enabled'>Use VLAN tagging</option>
</select>
</li>

<li class='vlan_id_config'>
<label for='vlan_tag'>VLAN ID</label>
<input id='vlan_tag' name='vlan_tag' type='text' size='5' />
</li>

<li class='connection_type_select_row' class='ip_config_group'>
<label for='connection_type_select'>Connection type</label>
<select class='connection_type_select' name='connection_type'>
<option id='connection_type_direct' value='direct'>Direct</option>
<option id='connection_type_pppoe' value='pppoe'>PPPoE</option>
</select>
</li>


<li class="direct_op direct_connection_options">
<label for='direct_ip_assignment_select'>IP assignment</label>
<select class='direct_ip_assignment_select' name='direct_ip_assignment'>
<option value='dhcp'>DHCP</option>
<option value='static'>Static</option>
</select>
</li>

<li class="direct_op direct_static_op">
<label for='static_wired_ip'>Address</label>
<input type='text' class='direct_op' name='static_wired_ip' size=15 value=''>
</li>

<li class="direct_op direct_static_op">
<label for='static_wired_netmask'>Netmask</label>
<input type='text' class='direct_op' name='static_wired_netmask' size=15 value=''>
</li>

<li class="direct_op direct_static_op">
<label for='static_wired_gateway'>Gateway</label>
<input type='text' class='direct_op' name='static_wired_gateway' size=15 value=''>
</li>

<li class="direct_op direct_static_op">
<label for='static_wired_dns1'>DNS server 1</label>
<input type='text' class='direct_op' name='static_wired_dns1' size=15 value=''>
</li>

<li class="direct_op direct_static_op">
<label for='static_wired_dns2'>DNS server 2</label>
<input type='text' class='direct_op' name='static_wired_dns2' size=15 value=''>
</li>

<li class="pppoe_op">
<label for="pppoe_authentication_enabled_select">Authentication</label>
<select class="pppoe_authentication_enabled_select" name='pppoe_authentication_enabled'>
<option value='false'>No authentication</option>
<option value='true'>Use authentication</option>
</select>
</li>

<li class="pppoe_op pppoe_auth_op">
<label for='pppoe_authentication_username'>Username</label>
<input type='text' name='pppoe_authentication_username' size=15 value=''>
</li>

<li class="pppoe_op pppoe_auth_op">
<label for='pppoe_authentication_password'>Password</label>
<input type='password' name='pppoe_authentication_password' size=15 value=''>
</li>

<li class="pppoe_op">
<label for="pppoe_ip_assignment_select">IP assignment</label>
<select class="pppoe_ip_assignment_select" name='pppoe_ip_assignment'>
<option value='dynamic'>Dynamic</option>
<option value='static'>Static</option>
</select>
</li>

<li class="pppoe_op pppoe_ip_op">
<label for='pppoe_static_ip'>Address</label>
<input type='text' id='pppoe_static_ip' name='pppoe_static_ip' size=15 value=''>
</li>
</ul>

</fieldset>

<fieldset id="ip_config_1" class="ip_config" style='height:100%'>
<h2>Internet 2</h2>


<ul>
<li id="wan1_role_op" class="wan1_enabled_op">
<label for='wired_wan1_enabled'>Role</label>
<select class='wired_wan1_enabled' name='wired_wan1_enabled'>
<option value='enabled'>Internet</option>
<option value='disabled'>LAN</option>
</select>
</li>

<li>
<label for='vlan_tagging_enabled'>VLAN tagging</label>
<select class='vlan_tagging_enabled' name='vlan_tagging_enabled_1'>
<option value='disabled'>Don't use VLAN tagging</option>
<option value='enabled'>Use VLAN tagging</option>
</select>
</li>

<li class='vlan_id_config'>
<label for='vlan_tag'>VLAN ID</label>
<input id='vlan_tag' name='vlan_tag_1' type='text' size='5' />
</li>

<li class='connection_type_select_row' class='ip_config_group'>
<label for='connection_type_select'>Connection Type</label>
<select class='connection_type_select' name='connection_type_1'>
<option id='connection_type_direct' value='direct'>Direct</option>
<option id='connection_type_pppoe' value='pppoe'>PPPoE</option>
</select>
</li>

<li class="direct_op direct_connection_options">
<label for='direct_ip_assignment_select'>IP assignment</label>
<select class='direct_ip_assignment_select' name='direct_ip_assignment_1'>
<option value='dhcp'>DHCP</option>
<option value='static'>Static</option>
</select>
</li>

<li class="direct_op direct_static_op">
<label for='static_wired_ip'>Address</label>
<input type='text' name='static_wired_ip_1' size=15 value=''>
</li>

<li class="direct_op direct_static_op">
<label for='static_wired_netmask'>Netmask</label>
<input type='text' name='static_wired_netmask_1' size=15 value=''>
</li>

<li class="direct_op direct_static_op">
<label for='static_wired_gateway'>Gateway</label>
<input type='text' name='static_wired_gateway_1' size=15 value=''>
</li>

<li class="direct_op direct_static_op">
<label for='static_wired_dns1'>DNS server 1</label>
<input type='text' name='static_wired_dns1_1' size=15 value=''>
</li>

<li class="direct_op direct_static_op">
<label for='static_wired_dns2'>DNS server 2</label>
<input type='text' name='static_wired_dns2_1' size=15 value=''>
</li>

<li class="pppoe_op">
<label for="pppoe_authentication_enabled_select">Authentication</label>
<select class="pppoe_authentication_enabled_select" name='pppoe_authentication_enabled_1'>
<option value='false'>No authentication</option>
<option value='true'>Use authentication</option>
</select>
</li>

<li class="pppoe_op pppoe_auth_op">
<label for='pppoe_authentication_username'>Username</label>
<input type='text' name='pppoe_authentication_username_1' size=15 value=''>
</li>

<li class="pppoe_op pppoe_auth_op">
<label for='pppoe_authentication_password'>Password</label>
<input type='password' name='pppoe_authentication_password_1' size=15 value=''>
</li>

<li class="pppoe_op">
<label for="pppoe_ip_assignment_select">IP assignment</label>
<select class="pppoe_ip_assignment_select" name='pppoe_ip_assignment_1'>
<option value='dynamic'>Dynamic</option>
<option value='static'>Static</option>
</select>
</li>

<li class="pppoe_op pppoe_ip_op">
<label for='pppoe_static_ip'>Address</label>
<input type='text' id='pppoe_static_ip' name='pppoe_static_ip_1' size=15 value=''>
</li>
</ul>

</section>

<section id="uplink-config">
<h1>Uplink configuration</h1>
<p>Configure the uplink Internet connection on this <a class='device_noun'></a>.</p>
<form class="clearfix">
<fieldset>
<h2>IP configuration</h2>
<ul>
<li>
<label for="direct_ip_assignment_select">IP assignment</label>
<select class="direct_ip_assignment_select" id="direct_ip_assignment_select" name="direct_ip_assignment">
<option value="dhcp">DHCP</option>
<option value="static">Static</option>
</select>
</li>
<li>
<label for="static_wired_vid">VLAN</label>
<input type="text" id="static_wired_vid" name="static_wired_vid" placeholder="vlan">
</li>
<li class="static_settings" style="display:none;">
<label for="static_wired_ip">Address</label>
<input type="text" id="static_wired_ip" name="static_wired_ip" placeholder="0.0.0.0">
</li>
<li class="static_settings" style="display:none;">
<label for="static_wired_netmask">Netmask</label>
<input type="text" id="static_wired_netmask" name="static_wired_netmask" placeholder="255.255.255.0">
</li>
<li class="static_settings" style="display:none;">
<label for="static_wired_gateway">Gateway</label>
<input type="text" id="static_wired_gateway" name="static_wired_gateway" placeholder="0.0.0.0">
</li>
<li class="static_settings" style="display:none;">
<label for="static_wired_dns1">DNS server 1</label>
<input type="text" id="static_wired_dns1" name="static_wired_dns1" placeholder="0.0.0.0">
</li>
<li class="static_settings" style="display:none;">
<label for="static_wired_dns2">DNS server 2</label>
<input type="text" id="static_wired_dns2" name="static_wired_dns2" placeholder="0.0.0.0">
</li>
<div id="ip6_settings" style="display:none">
<li>
<label for="direct_ip6_assignment_select">IPv6 assignment</label>
<select class="direct_ip6_assignment_select" id="direct_ip6_assignment_select" name="direct_ip6_assignment">
<option value="auto">Auto</option>
<option value="static">Static</option>
</select>
</li>
<li class="static6_settings" style="display:none;">
<label for="static_wired_vid6">IPv6 Static VLAN</label>
<input type="text" id="static_wired_vid6" name="static_wired_vid6" placeholder="vlan">
</li>
<li class="static6_settings" style="display:none;">
<label for="static_wired_ip6">Address/Prefix Len</label>
<input type="text" id="static_wired_ip6" name="static_wired_ip6" placeholder="::0" style="width:21em"> /
<input type="text" id="static_wired_ip6_plen" name="static_wired_ip6_plen" placeholder="64" style="width:3em">
</li>
<li class="static6_settings" style="display:none;">
<label for="static_wired_ip6_gateway">Gateway</label>
<input type="text" id="static_wired_ip6_gateway" name="static_wired_ip6_gateway" placeholder="::0" style="width:21em">
</li>
<li class="static6_settings" style="display:none;">
<label for="static_wired_dns6_1">DNS server 1</label>
<input type="text" id="static_wired_dns6_1" name="static_wired_dns6_1" placeholder="::0" style="width:21em">
</li>
<li class="static6_settings" style="display:none;">
<label for="static_wired_dns6_2">DNS server 2</label>
<input type="text" id="static_wired_dns6_2" name="static_wired_dns6_2" placeholder="::0" style="width:21em">
</li>
</div>
</ul>
</fieldset>

<fieldset id="site_survey_ctrl" style="display:none;">
<h2>Site survey</h2>
<p>In site survey mode, the AP will always broadcast the open SSID site_survey-&lt;MAC address&gt; and will not check for connectivity with the Cisco Meraki cloud.
This mode should only be used to perform a site survey, not for serving wireless clients.</p>
<ul>
<li>
<label for="site_survey_select">Survey mode?</label>
<select id="site_survey_select" name="site_survey">
<option value="false">Disable</option>
<option value="true">Enable</option>
</select>
</li>
</ul>
</fieldset>
<div id="power_adjust" style="display:none;"></div>
</section>

<section class="non-first-section" id="shared-config">
<fieldset>
<h2>Web proxy</h2>
<p>HTTP will be used for the device to communicate with the Cisco Meraki cloud if UDP communication is blocked</p>
<ul>
<li>
<label for="backend_access_proxy_enabled_select">Use a proxy?</label>
<select id="backend_access_proxy_enabled_select" name="backend_access_proxy_enabled">
<option value="false">No</option>
<option value="true">Yes</option>
</select>
</li>
<li class="proxy_op" style="display:none;">
<label for="backend_access_proxy_server">Hostname or IP</label>
<input type="text" class="backend_access_proxy_server" name="backend_access_proxy_server" placeholder="0.0.0.0">
</li>
<li class="proxy_op" style="display:none;">
<label for="backend_access_proxy_port">Port</label>
<input type="text" class="backend_access_proxy_port" name="backend_access_proxy_port" onkeypress="return numbersonly(this, event)" placeholder="Port #">
</li>
<li class="proxy_op" style="display:none;">
<label for="backend_access_proxy_userpwd_enabled_select">Authentication</label>
<select id="backend_access_proxy_userpwd_enabled_select" name="backend_access_proxy_userpwd_enabled">
<option value="false">No authentication</option>
<option value="true">Use authentication</option>
</select>
</li>
<li class="proxy_op proxy_auth_op" style="display:none;">
<label for="backend_access_proxy_user">Username</label>
<input type="text" name="backend_access_proxy_user" placeholder="Username">
</li>
<li class="proxy_op proxy_auth_op" style="display:none;">
<label for="backend_access_proxy_password">Password</label>
<input type="password" name="backend_access_proxy_password" placeholder="Password">
</li>
</ul>
</fieldset>
<div class="save_button button button_configure">
<span>Save</span>
</div>
<span class="save_config_text" style="display:none;"></span>
</section>

</form>
</li>
<li>
<section id='link_neg_section'>
<h1>Ethernet configuration</h1>
<p>Use this page to configure physical link settings on the Ethernet ports.</p>
<form action='/configure/set_link_neg.cgi' method='post'>
<table id='link_neg_table' class='table table-bordered table-striped'></table>
<div class="save_button button button_configure">
<span>Save</span>
</div>
<span class="save_config_text" style="display:none;"></span>
</form>
</section>
</li>
<!-- Switch port status -->
<li>
<section id="swports_status" style="display:none;">
<h1>Switch ports status</h1>
<table class="flip-table sortable" >
<thead>
<tr>
<th class="port" scope="col" data-defaultsort='dsc'><span style="cursor:pointer">Port</span></th>
<th class="native_vlan" scope="col"><span style="cursor:pointer">Native VLAN</span></th>
<th class="allowed_vlans" scope="col"><span style="cursor:pointer">Allowed VLANs</span></th>
<th class="flags" scope="col"><span style="cursor:pointer">Flags</span></th>
<th class="status" scope="col"><span style="cursor:pointer">Status</span></th>
<th class="bytes_in" scope="col"><span style="cursor:pointer">Bytes in</span></th>
<th class="bytes_out" scope="col"><span style="cursor:pointer">Bytes out</span></th>
</tr>
</thead>
<tbody></tbody>
</table>
</section>
</li>

<!-- Switch port adjust -->
<li>
<section id="swports_adjust" class = "swports_adjust_section" style="display:none;">
<form action='/configure/swports_adjust.cgi' method='post'>
<h1>Switch ports configuration</h1>
<div style='margin:1em 0'>
</div>

<div id="vlan_error" class="error_message">Invalid VLAN number. VLAN must be a value between 1 and 4094, or "none" for trunk ports<br></div>
<div id="stkportcount_error" class="error_message">Invalid Stackport configuration. No more than 2 stackports are supported<br></div>
<table class="flip-table sortable">
<thead>
<tr>
<th class="port" scope="col">Port</th>
<th class="port_name" scope="col">Port&nbsp;Name</th>
<th class="port_availability" scope="col">Enabled</th>
<th class="stacking_enabled" scope="col">Stacking</th>
<th class="port_schedule" scope="col">Port&nbsp;Schedule</th>
<th class="access_policy" scope="col">Access&nbsp;Policy</th>
<th class="native_vlan" scope="col">Native&nbsp;VLAN</th>
<th class="allowed_vlans" scope="col">Allowed&nbsp;VLANs</th>
<th class="link_negotiation" scope="col">Link&nbsp;Negotiation</th>
</tr>
</thead>
<tbody></tbody>
</table>
<br>
<div class="save_button button button_configure">
<span>Save</span>
</div>
<span id='or_cancel' class="changed_setting_swports_adjust" style='display:none;'> or <a href="#swports_adjust" onclick="cancel_link()">cancel</a></span>
<span class="save_config_text" style="display:none;"></span>
</form>
</section>
</li>

<li>
<section id="error-401">
<h1>Incorrect password</h1>
<h2>You've entered incorrect login credentials. The default login is the serial number (e.g. Qxxx-xxxx-xxxx), with no password. The serial number is on the bottom or back of the device.</h2>
<label></label>
<div id="try_config_again" class="button button_configure">
<span>Try again</span>
</div>
</section>
</li>

</ul>
</div>
<footer>
<div class="container">
&copy; Cisco Systems, Inc.
</div>
</footer>
</div>

<script src="third_party/jquery/jquery-1.10.1.min.js"></script>
<script src="my.min.js"></script>
<script src="third_party/spin/spin.min.js" type="text/javascript"></script>
<script src="third_party/bootstrap-sortable/bootstrap-sortable.js" type="text/javascript"></script>
<script type="text/javascript">
Mkilocal = window.Mkilocal || {};
Mkilocal.page_name = "/";
Mkilocal.bootstrap = true;
Mkilocal.active_subtab = "nav-index";
jQuery(index_js.init);
$(document).ready(function() {
$('.save_button').click(function() {
$('.save_config_text').hide();
var form = $(this).parents('form:first');
var form_data = $(form).serialize();
var url = form.attr('action') ? form.attr('action') : '/set_new_config.cgi';
$('.editable').removeClass('changed_setting_swports_adjust');
$.ajax({type: 'post',
data: form_data,
url: url,
success: function(data) {
var message = "&nbsp;&nbsp;&nbsp;";
if (!data.error_msg) {
$('#or_cancel').css('display', 'none');
message += "Configure changes saved";
}
else {
message += "<font color='red'>";
message += data.error_msg;
message += "</font>";
}
$('.save_config_text').html(message);
$('.save_config_text').fadeIn();
setTimeout(function() {
$('.save_config_text').fadeOut();
}, 8000);
}
});
});
});

$('.direct_ip_assignment_select').on('change', function() {
$(this).parents('section').find('.static_settings').toggle($(this).val() != "dhcp");
});
$('.direct_ip6_assignment_select').on('change', function() {
$(this).parents('section').find('.static6_settings').toggle($(this).val() != "auto");
});
</script>
<script type="text/javascript">
function cancel_link(){
$('.save_config_text').hide();
jQuery(swports_adjust_js.init);
}
</script>
</body>
</html>

10.0.0.1 (tcp/81)


Response Code : HTTP/1.1 404 Not Found

Protocol version : HTTP/1.1
SSL : no
Keep-Alive : no
Options allowed : (Not implemented)
Headers :

Content-Type: text/html
Date: Fri, 27 Apr 2018 18:26:20 GMT
Content-Length: 142
Connection: close

Response Body :

10.0.0.1 (tcp/8090)


Response Code : HTTP/1.1 200 OK

Protocol version : HTTP/1.1
SSL : no
Keep-Alive : no
Options allowed : OPTIONS, GET, HEAD, POST
Headers :

X-Frame-Options: deny
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Content-Type: text/html
Accept-Ranges: bytes
Last-Modified: Fri, 08 Dec 2017 05:06:31 GMT
Content-Length: 864
Connection: close
Server: lighttpd/1.4.39

Response Body :

<html>
<head>
<title>Error</title>
</head>

<style type="text/css">
<!--
div {
padding-top: 8px;
padding-bottom: 8px;
}
a {
color: #28A30F;
}
.type_style1 {
font-size: 30px;
color: #333333;
font-family: Arial, Helvetica, sans-serif;
}
.type_style2 {
font-size: 12px;
color: 333333;
font-family: Arial, Helvetica, sans-serif;
}
.type_style3 {
font-size: 12px;
color: 999999;
font-family: Arial, Helvetica, sans-serif;
}
-->
</style>

<body topmargin="0" bottommargin="0" marginheight="0">
<table width="760" border="0" align="center" cellpadding="0" cellspacing="0">
<tr>
<td height="84" valign="middle"><img src="images/logo.png" alt="Cisco Systems, Inc."></td>
</tr>
<tr>
<td bgcolor="dddddd" height="1"></td>
</tr>
<tr>
<td valign="top"><p class="type_style1"><br>
Access denied
</td>
</tr>
</table>
</body>
</html>

10.0.0.1 (tcp/8181)


Response Code : HTTP/1.1 307 Temporary Redirect

Protocol version : HTTP/1.1
SSL : no
Keep-Alive : no
Options allowed : (Not implemented)
Headers :

Location: http://mx.meraki.com/
Content-Length: 0
Connection: close
Server: lighttpd/1.4.39

Response Body :

10.0.0.1 (tcp/8889)


Response Code : HTTP/1.1 307 Temporary Redirect

Protocol version : HTTP/1.1
SSL : no
Keep-Alive : no
Options allowed : (Not implemented)
Headers :

X-Frame-Options: deny
Cache-Control: no-cache
Location: http://setup.meraki.com/bad_gateway_error.html
Content-Type: text/html
Pragma: no-cache
Expires: 0
Continue: close
Connection: close
Transfer-Encoding: chunked
Server: lighttpd/1.4.39

Response Body :

<html>
<body>You are being <a href='http://setup.meraki.com/bad_gateway_error.html'>redirected</a>.</body></html>

10.0.0.14 (tcp/6002)


Response Code : HTTP/1.0 200 OK

Protocol version : HTTP/1.0
SSL : no
Keep-Alive : yes
Headers :

Date: Fri, 27 Apr 2018 18:53:55 GMT
Server: SentinelProtectionServer/7.3
MIME-Version: 1.1
Content-Type: text/html
Keep-Alive:1
Content-Length: 2428

Response Body :

<!--
/*******************************************************************/
/* */
/* Copyright (C) 2006 SafeNet, Inc. All Rights Reserved */
/* */
/*******************************************************************/
-->

<html>
<head>
<title>Sentinel License Monitor</title>
</head>
<body>

<!--"CONVERTED_APPLET"-->
<!-- HTML CONVERTER -->
<SCRIPT LANGUAGE="JavaScript">
<!--
var _info = navigator.userAgent;
var _ns = false;
var _ns6 = false;
var _ie = (_info.indexOf("MSIE") > 0 && _info.indexOf("Win") > 0 && _info.indexOf("Windows 3.1") < 0);
//--></SCRIPT>

<COMMENT>
<SCRIPT LANGUAGE="JavaScript1.1">
<!--
var _ns = (navigator.appName.indexOf("Netscape") >= 0 && ((_info.indexOf("Win") > 0 && _info.indexOf("Win16") < 0 && java.lang.System.getProperty("os.version").indexOf("3.5") < 0) || (_info.indexOf("Sun") > 0) || (_info.indexOf("Linux") > 0) || (_info.indexOf("AIX") > 0) || (_info.indexOf("OS/2") > 0) || (_info.indexOf("IRIX") > 0)));
var _ns6 = ((_ns == true) && (_info.indexOf("Mozilla/5") >= 0));
//--></SCRIPT>
</COMMENT>

<SCRIPT LANGUAGE="JavaScript">
<!--

if (_ie == true) document.writeln('<OBJECT classid="clsid:8AD9C840-044E-11D1-B3E9-00805F499D93" WIDTH = "900" HEIGHT = "600" ALIGN = "baseline" VSPACE = "0" HSPACE = "0" codebase="http://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab#Version=1,5,0,0"><NO EMBED><XMP>');
else if (_ns == true && _ns6 == false) document.writeln('<EMBED type="application/x-java-applet;version=1.5" WIDTH = "900" HEIGHT = "600" ALIGN = "baseline" VSPACE = "0" HSPACE = "0" CODE = "KeyInfoApplet.class" CODEBASE = "" scriptable=false pluginspage="http://java.sun.com/products/plugin/1.5/plugin-install.html"><NO EMBED><XMP>');
//--></SCRIPT>
<APPLET WIDTH = "900" HEIGHT = "600"></XMP>
<PARAM NAME="type" VALUE="application/x-java-applet;version=1.5">
<PARAM NAME="scriptable" VALUE="false">
<PARAM NAME = CODE VALUE = "KeyInfoApplet.class" >
</APPLET>
</NOEMBED>
</EMBED>
</OBJECT>

<!--
<APPLET CODE = KeyInfoApplet.class WIDTH = 900 HEIGHT = 600>
alt="Your browser understands the &lt;APPLET&gt; tag but isn't running the applet, for some reason."
Your browser is completely ignoring the &lt;APPLET&gt; tag!
</APPLET>
-->

</body>
</html>

10.0.0.14 (tcp/7002)


Response Code : HTTP/1.0 200 OK

Protocol version : HTTP/1.0
SSL : no
Keep-Alive : yes
Headers :

Date: Fri, 27 Apr 2018 18:53:55 GMT
Server: SentinelKeysServer/1.0
MIME-Version: 1.1
Content-Type: text/html
Keep-Alive:1
Content-Length: 2433

Response Body :

<!--
/*******************************************************************/
/* */
/* Copyright (C) 2007 SafeNet, Inc. All Rights Reserved */
/* */
/*******************************************************************/
-->

<html>
<head>
<title>Sentinel Keys License Monitor</title>
</head>
<body>

<!--"CONVERTED_APPLET"-->
<!-- HTML CONVERTER -->
<SCRIPT LANGUAGE="JavaScript">
<!--
var _info = navigator.userAgent;
var _ns = false;
var _ns6 = false;
var _ie = (_info.indexOf("MSIE") > 0 && _info.indexOf("Win") > 0 && _info.indexOf("Windows 3.1") < 0);
//--></SCRIPT>

<COMMENT>
<SCRIPT LANGUAGE="JavaScript1.1">
<!--
var _ns = (navigator.appName.indexOf("Netscape") >= 0 && ((_info.indexOf("Win") > 0 && _info.indexOf("Win16") < 0 && java.lang.System.getProperty("os.version").indexOf("3.5") < 0) || (_info.indexOf("Sun") > 0) || (_info.indexOf("Linux") > 0) || (_info.indexOf("AIX") > 0) || (_info.indexOf("OS/2") > 0) || (_info.indexOf("IRIX") > 0)));
var _ns6 = ((_ns == true) && (_info.indexOf("Mozilla/5") >= 0));
//--></SCRIPT>
</COMMENT>

<SCRIPT LANGUAGE="JavaScript">
<!--

if (_ie == true) document.writeln('<OBJECT classid="clsid:8AD9C840-044E-11D1-B3E9-00805F499D93" WIDTH = "900" HEIGHT = "600" ALIGN = "baseline" VSPACE = "0" HSPACE = "0" codebase="http://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab#Version=1,5,0,0"><NO EMBED><XMP>');
else if (_ns == true && _ns6 == false) document.writeln('<EMBED type="application/x-java-applet;version=1.5" WIDTH = "900" HEIGHT = "600" ALIGN = "baseline" VSPACE = "0" HSPACE = "0" CODE = "KeyInfoApplet.class" CODEBASE = "" scriptable=false pluginspage="http://java.sun.com/products/plugin/1.5/plugin-install.html"><NO EMBED><XMP>');
//--></SCRIPT>
<APPLET WIDTH = "900" HEIGHT = "600"></XMP>
<PARAM NAME="type" VALUE="application/x-java-applet;version=1.5">
<PARAM NAME="scriptable" VALUE="false">
<PARAM NAME = CODE VALUE = "KeyInfoApplet.class" >
</APPLET>
</NOEMBED>
</EMBED>
</OBJECT>

<!--
<APPLET CODE = KeyInfoApplet.class WIDTH = 900 HEIGHT = 600>
alt="Your browser understands the &lt;APPLET&gt; tag but isn't running the applet, for some reason."
Your browser is completely ignoring the &lt;APPLET&gt; tag!
</APPLET>
-->

</body>
</html>

10.0.0.14 (tcp/47001)


Response Code : HTTP/1.1 404 Not Found

Protocol version : HTTP/1.1
SSL : no
Keep-Alive : no
Options allowed : (Not implemented)
Headers :

Content-Type: text/html; charset=us-ascii
Date: Fri, 27 Apr 2018 18:53:55 GMT
Connection: close
Content-Length: 315

Response Body :

10.0.0.21 (tcp/443)


Response Code : HTTP/1.1 200 OK

Protocol version : HTTP/1.1
SSL : yes
Keep-Alive : no
Options allowed : OPTIONS, TRACE, GET, HEAD, POST
Headers :

Content-Type: text/html
Last-Modified: Tue, 05 Jun 2012 23:24:11 GMT
Accept-Ranges: bytes
ETag: "6e7768507243cd1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Fri, 27 Apr 2018 18:24:20 GMT
Content-Length: 689

Response Body :

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>IIS7</title>
<style type="text/css">
<!--
body {
color:#000000;
background-color:#B3B3B3;
margin:0;
}

#container {
margin-left:auto;
margin-right:auto;
text-align:center;
}

a img {
border:none;
}

-->
</style>
</head>
<body>
<div id="container">
<a href="http://go.microsoft.com/fwlink/?linkid=66138&amp;clcid=0x409"><img src="welcome.png" alt="IIS7" width="571" height="411" /></a>
</div>
</body>
</html>

10.0.0.25 (tcp/443)


Response Code : HTTP/1.1 200 OK

Protocol version : HTTP/1.1
SSL : yes
Keep-Alive : no
Options allowed : OPTIONS, TRACE, GET, HEAD, POST
Headers :

Content-Type: text/html
Last-Modified: Tue, 22 Mar 2011 20:38:35 GMT
Accept-Ranges: bytes
ETag: "754cb61dd1e8cb1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Fri, 27 Apr 2018 18:27:16 GMT
Content-Length: 689

Response Body :

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>IIS7</title>
<style type="text/css">
<!--
body {
color:#000000;
background-color:#B3B3B3;
margin:0;
}

#container {
margin-left:auto;
margin-right:auto;
text-align:center;
}

a img {
border:none;
}

-->
</style>
</head>
<body>
<div id="container">
<a href="http://go.microsoft.com/fwlink/?linkid=66138&amp;clcid=0x409"><img src="welcome.png" alt="IIS7" width="571" height="411" /></a>
</div>
</body>
</html>

10.0.0.44 (tcp/80)


Response Code : HTTP/1.1 301 Moved Permanently

Protocol version : HTTP/1.1
SSL : no
Keep-Alive : no
Options allowed : (Not implemented)
Headers :

Date: Fri, 27 Apr 2018 18:40:05 GMT
Location: https://10.0.0.44/
Connection: close
Content-Type: text/html
Content-Length: 56

Response Body :

<HTML><BODY><H1>301 Moved Permanently</H1></BODY></HTML>

10.0.0.46 (tcp/80)


Response Code : HTTP/1.1 301 Moved Permanently

Protocol version : HTTP/1.1
SSL : no
Keep-Alive : no
Options allowed : (Not implemented)
Headers :

Date: Fri, 27 Apr 2018 18:41:58 GMT
Location: https://10.0.0.46/
Connection: close
Content-Type: text/html
Content-Length: 56

Response Body :

<HTML><BODY><H1>301 Moved Permanently</H1></BODY></HTML>

10.0.0.47 (tcp/80)


Response Code : HTTP/1.1 301 Moved Permanently

Protocol version : HTTP/1.1
SSL : no
Keep-Alive : no
Options allowed : (Not implemented)
Headers :

Date: Fri, 27 Apr 2018 18:21:59 GMT
Location: https://10.0.0.47/
Connection: close
Content-Type: text/html
Content-Length: 56

Response Body :

<HTML><BODY><H1>301 Moved Permanently</H1></BODY></HTML>

10.0.0.47 (tcp/443)


Response Code : HTTP/1.1 200 OK

Protocol version : HTTP/1.1
SSL : yes
Keep-Alive : yes
Options allowed : (Not implemented)
Headers :

Date: Fri, 27 Apr 2018 18:22:00 GMT
Connection: Keep-Alive
Content-Type: text/html
Content-Length: 3415

Response Body :

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html lang="en">
<head>
<meta http-equiv="content-type" content="text/html; charset=utf-8">
<script type="text/javascript" src="./en/welcomeRes.js"> type="text/javascript"></script>
<script type="text/javascript" src="./watermark.js"></script>
<script type="text/javascript">document.write("<title>" + ID_VC_Welcome + "</title>");</script>

<link rel="stylesheet" href="./default.css" type="text/css" />
<link rel="stylesheet" href="./print.css" type="text/css" media="print" />

<meta name="description" content="VMware vSphere is virtual infrastructure software for partitioning, consolidating and managing systems in mission-critical environments. VMware ESX Server provides a highly scalable platform with advanced resource management capabilities, which can be managed by vSphere.">
</head>

<body>
<div id="main">

<div id="header">
<h1><script type="text/javascript">document.write(ID_VMWVC2);</script></h1>
<h2><script type="text/javascript">document.write(ID_Welcome);</script></h2>
</div>

<div id="body">
<div id="content">
<h3><script type="text/javascript">document.write(ID_GettingStarted);</script></h3>

<p><script type="text/javascript">document.write(ID_VC_GettingStartedDesc);</script></p>

<ul>
<li><a href="/client/VMware-viclient.exe"><script type="text/javascript">document.write(ID_DownloadVIClient);</script></a></li>
</ul>

<p><script type="text/javascript">document.write(ID_DocDesc);</script></p>

<ul>
<li><a href="http://www.vmware.com/info?id=1134"><script type="text/javascript">document.write(ID_DownloadDoc);</script></a></li>
</ul>
</div>
</div>

<hr class="hide" />

<div id="sidebar">
<h3><script type="text/javascript">document.write(ID_ForAdmins);</script></h3>

<h4><script type="text/javascript">document.write(ID_VIFlexClient);</script></h4>

<p><script type="text/javascript">document.write(ID_VIFlexClientDesc);</script></p>

<ul>
<li><script type="text/javascript">document.write('<a href="/vsphere-client/">'+ ID_LogInFlexClient +'</a>');</script></li>
</ul>

<h4><script type="text/javascript">document.write(ID_VIDatacenters);</script></h4>

<p><script type="text/javascript">document.write(ID_VIDatacentersDesc);</script></p>

<ul>
<li><script type="text/javascript">document.write('<a href="/folder">'+ ID_BrowseVCDatacenters +'</a>');</script></li>
</ul>

<h3><script type="text/javascript">document.write(ID_ForDevs);</script></h3>

<h4><script type="text/javascript">document.write(ID_VISDK);</script></h4>

<p><script type="text/javascript">document.write(ID_VISDKDesc);</script></p>

<ul>
<li><script type="text/javascript">document.write('<a href="http://www.vmware.com/info?id=928">'+ ID_DownloadSDK +'</a>');</script></li>
<li><script type="text/javascript">document.write('<a href="/mob/">'+ ID_BrowseVC +'</a>');</script></li>
</ul>
</div>

<hr class="hide" />

<div id="footer">
<p><script type="text/javascript">document.write(ID_CopyrightText);</script></p>

<p><script type="text/javascript">document.write(ID_TrademarkText);</script></p>

<p><script type="text/javascript">document.write(ID_AboutOSSDesc);</script></p>
</div>
</div>
&nbsp;
</body>
</html>

10.0.0.47 (tcp/8190)


Response Code : HTTP/1.1 500 Internal Server Error

Protocol version : HTTP/1.1
SSL : no
Keep-Alive : no
Options allowed : GET, HEAD, POST, TRACE, OPTIONS
Headers :

Set-Cookie: vmware_soap_session=5a5448b4-fb95-4a18-95ff-dc4b51b5b0dd
Content-Type: text/xml;charset=utf-8
Transfer-Encoding: chunked
Date: Fri, 27 Apr 2018 18:22:00 GMT
Connection: close
Server: Apache

Response Body :

<?xml version='1.0' encoding='UTF-8'?><soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"><soapenv:Body><soapenv:Fault><faultcode>ServerFaultCode</faultcode><faultstring>Unexpected EOF in prolog
at [row,col {unknown-source}]: [1,0]</faultstring><detail><RuntimeFaultFault xsi:type="vim25:InvalidRequest" xmlns="urn:vim25" xmlns:vim25="urn:vim25"/></detail></soapenv:Fault></soapenv:Body></soapenv:Envelope>

10.0.0.47 (tcp/8191)


Response Code : HTTP/1.1 500 Internal Server Error

Protocol version : HTTP/1.1
SSL : yes
Keep-Alive : no
Options allowed : GET, HEAD, POST, TRACE, OPTIONS
Headers :

Set-Cookie: vmware_soap_session=4675bf81-0f6f-437e-a956-da2f3d1f6df9
Content-Type: text/xml;charset=utf-8
Transfer-Encoding: chunked
Date: Fri, 27 Apr 2018 18:22:00 GMT
Connection: close
Server: Apache

Response Body :

<?xml version='1.0' encoding='UTF-8'?><soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"><soapenv:Body><soapenv:Fault><faultcode>ServerFaultCode</faultcode><faultstring>Unexpected EOF in prolog
at [row,col {unknown-source}]: [1,0]</faultstring><detail><RuntimeFaultFault xsi:type="vim25:InvalidRequest" xmlns="urn:vim25" xmlns:vim25="urn:vim25"/></detail></soapenv:Fault></soapenv:Body></soapenv:Envelope>

10.0.0.47 (tcp/8443)


Response Code : HTTP/1.1 200 OK

Protocol version : HTTP/1.1
SSL : yes
Keep-Alive : no
Options allowed : GET, HEAD, POST, PUT, DELETE, OPTIONS
Headers :

Server: Apache-Coyote/1.1
Content-Type: text/html;charset=ISO-8859-1
Content-Length: 2415
Date: Fri, 27 Apr 2018 18:22:01 GMT
Connection: close

Response Body :


<!DOCTYPE HTML>
<html>

<head>
<link rel="shortcut icon" href="http://www.springsource.com/sites/all/themes/zen/springsource2/favicon.ico" type="image/x-icon">
<title>VMware vFabric tc Server &#8212; Standard Edition</title>
<link type="text/css" rel="stylesheet" href="splash.css">
</head>

<body>
<div id="container">

<!-- Header -->
<div id="hdr"><span class="utility"><a href="http://www.vmware.com/products/vfabric/" title="VMware vFabric, Cloud Application Platform">VMware vFabric, Cloud Application Platform</a></span><a href="http://www.vmware.com/" title="VMware"><h1>VMware</h1></a></div>
<div class="clearfix"></div>

<!-- Body -->
<div id="content">
<div id="intro">
<h4>VMware vFabric</h4>
<h2>tc Server &#8212; Standard Edition</h2>
<h3 class="title">Congratulations! You have successfully setup and started vFabric tc Server. You are ready to go!</h3>
</div>

<div class="bodyrule"><hr /></div>

<div>
<p>This is the default vFabric tc Server Runtime home page. It is located on the local filesystem at:</p>
<span class="code">$TC_RUNTIME_INSTANCE_HOME/webapps/ROOT/index.jsp</span>
<p>where <span class="code">$TC_RUNTIME_INSTANCE_HOME</span> is the root of the tc Runtime instance directory.</p>
<p>&nbsp;</p>
<h3>For additional information about vFabric tc Server, see the following links:</h3>
<ul>
<li><a href="http://www.vmware.com/products/vfabric-tcserver/">vFabric tc Server Product Details</a><br />The official home for the Standard Edition of vFabric tc Server.</li>
<li><a href="http://www.vmware.com/support/pubs/vfabric-tcserver.html">vFabric tc Server Documentation </a><br />Find out what it does, how to use it, and other useful information.</li>
<li><a href="http://forum.springsource.org/forumdisplay.php?f=62">vFabric tc Server Product Discussion</a><br />Tell us what you think, start a conversation with other users and discuss application performance.</li>
<li><a href="http://www.vmware.com/support">vFabric tc Server Support</a><br />Have a question about vFabric tc Server? Contact our Support team.</li>
</ul>
</div>
</div>

<div class="clearfix"></div>
<div id="versions">
VMware vFabric tc Server Standard Edition 2.8.1.RELEASE<br/>
VMware vFabric tc Runtime

</div>
<div id="ftr">&copy; 2012 VMware, Inc. All rights reserved.</div>
</div>

</body>
</html>

10.0.0.47 (tcp/9443)


Response Code : HTTP/1.1 302 Found

Protocol version : HTTP/1.1
SSL : yes
Keep-Alive : no
Options allowed : (Not implemented)
Headers :

Server: Apache-Coyote/1.1
Cache-Control: private
Expires: Thu, 01 Jan 1970 00:00:00 UTC
Location: https://10.0.0.47:9443/vsphere-client
Content-Type: text/html
Content-Length: 0
Date: Fri, 27 Apr 2018 18:22:01 GMT
Connection: close

Response Body :

10.0.0.47 (tcp/22000)


Response Code : HTTP/1.1 404 Not Found

Protocol version : HTTP/1.1
SSL : no
Keep-Alive : no
Options allowed : (Not implemented)
Headers :

Content-Type: text/html;charset=utf-8
Content-Length: 1021
Date: Fri, 27 Apr 2018 18:22:01 GMT
Connection: close
Server: Apache

Response Body :

10.0.0.87 (tcp/80)


Response Code : HTTP/1.1 302 Found

Protocol version : HTTP/1.1
SSL : no
Keep-Alive : no
Options allowed : OPTIONS, GET, HEAD, POST
Headers :

Location: /htdocs/pages/main/main.lsp
Content-Length: 0
Connection: close
Server: lighttpd

Response Body :

10.0.0.94 (tcp/443)


Response Code : HTTP/1.1 401 Unauthorized

Protocol version : HTTP/1.1
SSL : yes
Keep-Alive : no
Options allowed : (Not implemented)
Headers :

Content-Type: text/html
Server: Microsoft-IIS/7.5
WWW-Authenticate: Negotiate
WWW-Authenticate: NTLM
WWW-Authenticate: Basic realm="10.0.0.94"
X-Powered-By: ASP.NET
Date: Fri, 27 Apr 2018 19:24:06 GMT
Content-Length: 1293

Response Body :

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/>
<title>401 - Unauthorized: Access is denied due to invalid credentials.</title>
<style type="text/css">
<!--
body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;}
fieldset{padding:0 15px 10px 15px;}
h1{font-size:2.4em;margin:0;color:#FFF;}
h2{font-size:1.7em;margin:0;color:#CC0000;}
h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;}
#header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF;
background-color:#555555;}
#content{margin:0 0 0 2%;position:relative;}
.content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;}
-->
</style>
</head>
<body>
<div id="header"><h1>Server Error</h1></div>
<div id="content">
<div class="content-container"><fieldset>
<h2>401 - Unauthorized: Access is denied due to invalid credentials.</h2>
<h3>You do not have permission to view this directory or page using the credentials that you supplied.</h3>
</fieldset></div>
</div>
</body>
</html>

10.0.0.133 (tcp/80)


Response Code : HTTP/1.1 302 Found

Protocol version : HTTP/1.1
SSL : no
Keep-Alive : yes
Options allowed : (Not implemented)
Headers :

Date: Fri, 27 Apr 2018 19:42:24 GMT
Server: Apache/2.2.34 (Debian)
Location: http://10.0.0.133/admin
Vary: Accept-Encoding
Content-Length: 283
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

Response Body :

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://10.0.0.133/admin">here</a>.</p>
<hr>
<address>Apache/2.2.34 (Debian) Server at 10.0.0.133 Port 80</address>
</body></html>

10.0.0.133 (tcp/443)


Response Code : HTTP/1.1 302 Found

Protocol version : HTTP/1.1
SSL : yes
Keep-Alive : no
Options allowed : (Not implemented)
Headers :

Date: Fri, 27 Apr 2018 19:42:25 GMT
Server: Apache/2.2.34 (Debian)
Location: https://10.0.0.133/admin
Vary: Accept-Encoding
Content-Length: 285
Connection: close
Content-Type: text/html; charset=iso-8859-1

Response Body :

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="https://10.0.0.133/admin">here</a>.</p>
<hr>
<address>Apache/2.2.34 (Debian) Server at 10.0.0.133 Port 443</address>
</body></html>

10.0.0.158 (tcp/443)


Response Code : HTTP/1.1 401 Unauthorized

Protocol version : HTTP/1.1
SSL : yes
Keep-Alive : no
Options allowed : (Not implemented)
Headers :

Server: Microsoft-IIS/7.5
SPRequestGuid: c0826538-7d93-4e96-95fc-54c1fbb533e3
WWW-Authenticate: NTLM
X-Powered-By: ASP.NET
MicrosoftSharePointTeamServices: 14.0.0.6117
X-MS-InvokeApp: 1; RequireReadOnly
Date: Fri, 27 Apr 2018 19:52:17 GMT
Content-Length: 0

Response Body :
10114 (22) - ICMP Timestamp Request Remote Date Disclosure
Synopsis
It is possible to determine the exact time set on the remote host.
Description
The remote host answers to an ICMP timestamp request. This allows an attacker to know the date that is set on the targeted machine, which may assist an unauthenticated, remote attacker in defeating time-based authentication protocols.

Timestamps returned from machines running Windows Vista / 7 / 2008 / 2008 R2 are deliberately incorrect, but usually within 1000 seconds of the actual system time.
Solution
Filter out the ICMP timestamp requests (13), and the outgoing ICMP timestamp replies (14).
Risk Factor
None
References
CVE CVE-1999-0524
XREF OSVDB:94
XREF CWE:200
Plugin Information:
Published: 1999/08/01, Modified: 2012/06/18
Plugin Output

10.0.0.8 (icmp/0)

The ICMP timestamps seem to be in little endian format (not in network format)
The difference between the local and remote clocks is -588 seconds.

10.0.0.14 (icmp/0)

The ICMP timestamps seem to be in little endian format (not in network format)
The difference between the local and remote clocks is -803 seconds.

10.0.0.21 (icmp/0)

This host returns non-standard timestamps (high bit is set)
The ICMP timestamps might be in little endian format (not in network format)
The difference between the local and remote clocks is -2 seconds.

10.0.0.22 (icmp/0)

The ICMP timestamps seem to be in little endian format (not in network format)
The difference between the local and remote clocks is -2 seconds.

10.0.0.25 (icmp/0)

The ICMP timestamps seem to be in little endian format (not in network format)
The difference between the local and remote clocks is -1 seconds.

10.0.0.27 (icmp/0)

This host returns non-standard timestamps (high bit is set)
The ICMP timestamps might be in little endian format (not in network format)
The difference between the local and remote clocks is -1 seconds.

10.0.0.39 (icmp/0)

The difference between the local and remote clocks is -2 seconds.

10.0.0.44 (icmp/0)

The difference between the local and remote clocks is 1 second.

10.0.0.46 (icmp/0)

The difference between the local and remote clocks is 1 second.

10.0.0.47 (icmp/0)

The difference between the local and remote clocks is 1345 seconds.

10.0.0.64 (icmp/0)

The ICMP timestamps seem to be in little endian format (not in network format)
The difference between the local and remote clocks is -1 seconds.

10.0.0.87 (icmp/0)

The difference between the local and remote clocks is 5912 seconds.

10.0.0.94 (icmp/0)

The ICMP timestamps seem to be in little endian format (not in network format)
The difference between the local and remote clocks is 1 second.

10.0.0.110 (icmp/0)

The difference between the local and remote clocks is 1 second.

10.0.0.111 (icmp/0)

The difference between the local and remote clocks is 2427 seconds.

10.0.0.112 (icmp/0)

The ICMP timestamps seem to be in little endian format (not in network format)
The difference between the local and remote clocks is 1 second.

10.0.0.133 (icmp/0)

The remote clock is synchronized with the local clock.

10.0.0.158 (icmp/0)

The ICMP timestamps seem to be in little endian format (not in network format)
The difference between the local and remote clocks is 1 second.

10.0.0.169 (icmp/0)

The difference between the local and remote clocks is 1 second.

10.0.0.201 (icmp/0)

The difference between the local and remote clocks is 1343 seconds.

10.0.0.248 (icmp/0)

This host returns invalid timestamps (bigger than 24 hours).

10.0.0.249 (icmp/0)

This host returns invalid timestamps (bigger than 24 hours).
51891 (20) - SSL Session Resume Supported
Synopsis
The remote host allows resuming SSL sessions.
Description
This script detects whether a host allows resuming SSL sessions by performing a full SSL handshake to receive a session ID, and then reconnecting with the previously used session ID. If the server accepts the session ID in the second connection, the server maintains a cache of sessions that can be resumed.
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2011/02/07, Modified: 2013/10/18
Plugin Output

10.0.0.8 (tcp/1433)


This port supports resuming TLSv1 / SSLv3 sessions.

10.0.0.21 (tcp/443)


This port supports resuming TLSv1 / SSLv3 sessions.

10.0.0.21 (tcp/3389)


This port supports resuming TLSv1 sessions.

10.0.0.22 (tcp/3389)


This port supports resuming TLSv1 sessions.

10.0.0.25 (tcp/443)


This port supports resuming TLSv1 / SSLv3 sessions.

10.0.0.25 (tcp/636)


This port supports resuming TLSv1 / SSLv3 sessions.

10.0.0.25 (tcp/3269)


This port supports resuming TLSv1 / SSLv3 sessions.

10.0.0.25 (tcp/3389)


This port supports resuming TLSv1 sessions.

10.0.0.27 (tcp/636)


This port supports resuming TLSv1 / SSLv3 sessions.

10.0.0.27 (tcp/3269)


This port supports resuming TLSv1 / SSLv3 sessions.

10.0.0.27 (tcp/3389)


This port supports resuming TLSv1 sessions.

10.0.0.47 (tcp/1514)


This port supports resuming SSLv3 sessions.

10.0.0.64 (tcp/3389)


This port supports resuming TLSv1 sessions.

10.0.0.64 (tcp/49570)


This port supports resuming TLSv1 / SSLv3 sessions.

10.0.0.94 (tcp/443)


This port supports resuming TLSv1 / SSLv3 sessions.

10.0.0.94 (tcp/3389)


This port supports resuming TLSv1 sessions.

10.0.0.112 (tcp/3389)


This port supports resuming TLSv1 sessions.

10.0.0.148 (tcp/3389)


This port supports resuming TLSv1 sessions.

10.0.0.158 (tcp/443)


This port supports resuming TLSv1 / SSLv3 sessions.

10.0.0.158 (tcp/3389)


This port supports resuming TLSv1 sessions.
11011 (16) - Microsoft Windows SMB Service Detection
Synopsis
A file / print sharing service is listening on the remote host.
Description
The remote service understands the CIFS (Common Internet File System) or Server Message Block (SMB) protocol, used to provide shared access to files, printers, etc between nodes on a network.
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2002/06/05, Modified: 2015/06/02
Plugin Output

10.0.0.8 (tcp/139)


An SMB server is running on this port.

10.0.0.14 (tcp/139)


An SMB server is running on this port.

10.0.0.14 (tcp/445)


A CIFS server is running on this port.

10.0.0.21 (tcp/139)


An SMB server is running on this port.

10.0.0.22 (tcp/139)


An SMB server is running on this port.

10.0.0.25 (tcp/139)


An SMB server is running on this port.

10.0.0.27 (tcp/139)


An SMB server is running on this port.

10.0.0.64 (tcp/139)


An SMB server is running on this port.

10.0.0.64 (tcp/445)


A CIFS server is running on this port.

10.0.0.94 (tcp/139)


An SMB server is running on this port.

10.0.0.112 (tcp/139)


An SMB server is running on this port.

10.0.0.133 (tcp/139)


An SMB server is running on this port.

10.0.0.133 (tcp/445)


A CIFS server is running on this port.

10.0.0.148 (tcp/139)


An SMB server is running on this port.

10.0.0.148 (tcp/445)


A CIFS server is running on this port.

10.0.0.158 (tcp/139)


An SMB server is running on this port.
106716 (12) - Microsoft Windows SMB2 Dialects Supported (remote check)
Synopsis
It was possible to obtain information about the dialects of SMB2 available on the remote host.
Description
Nessus was able to obtain the set of SMB2 dialects running on the remote host by sending an authentication request to port 139 or 445.
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2018/02/09, Modified: 2018/02/09
Plugin Output

10.0.0.8 (tcp/139)


The remote host does NOT support the following SMB dialects :
_version_ _introduced in windows version_
2.0.2 Windows 2008
2.1 Windows 7
2.2.2 Windows 8 Beta
2.2.4 Windows 8 Beta
3.0 Windows 8
3.0.2 Windows 8.1
3.1 Windows 10
3.1.1 Windows 10

10.0.0.14 (tcp/445)


The remote host supports the following SMB dialects :
_version_ _introduced in windows version_
2.0.2 Windows 2008

The remote host does NOT support the following SMB dialects :
_version_ _introduced in windows version_
2.1 Windows 7
2.2.2 Windows 8 Beta
2.2.4 Windows 8 Beta
3.0 Windows 8
3.0.2 Windows 8.1
3.1 Windows 10
3.1.1 Windows 10

10.0.0.21 (tcp/139)


The remote host does NOT support the following SMB dialects :
_version_ _introduced in windows version_
2.0.2 Windows 2008
2.1 Windows 7
2.2.2 Windows 8 Beta
2.2.4 Windows 8 Beta
3.0 Windows 8
3.0.2 Windows 8.1
3.1 Windows 10
3.1.1 Windows 10

10.0.0.22 (tcp/139)


The remote host does NOT support the following SMB dialects :
_version_ _introduced in windows version_
2.0.2 Windows 2008
2.1 Windows 7
2.2.2 Windows 8 Beta
2.2.4 Windows 8 Beta
3.0 Windows 8
3.0.2 Windows 8.1
3.1 Windows 10
3.1.1 Windows 10

10.0.0.25 (tcp/139)


The remote host does NOT support the following SMB dialects :
_version_ _introduced in windows version_
2.0.2 Windows 2008
2.1 Windows 7
2.2.2 Windows 8 Beta
2.2.4 Windows 8 Beta
3.0 Windows 8
3.0.2 Windows 8.1
3.1 Windows 10
3.1.1 Windows 10

10.0.0.27 (tcp/139)


The remote host does NOT support the following SMB dialects :
_version_ _introduced in windows version_
2.0.2 Windows 2008
2.1 Windows 7
2.2.2 Windows 8 Beta
2.2.4 Windows 8 Beta
3.0 Windows 8
3.0.2 Windows 8.1
3.1 Windows 10
3.1.1 Windows 10

10.0.0.64 (tcp/445)


The remote host supports the following SMB dialects :
_version_ _introduced in windows version_
2.0.2 Windows 2008
2.1 Windows 7

The remote host does NOT support the following SMB dialects :
_version_ _introduced in windows version_
2.2.2 Windows 8 Beta
2.2.4 Windows 8 Beta
3.0 Windows 8
3.0.2 Windows 8.1
3.1 Windows 10
3.1.1 Windows 10

10.0.0.94 (tcp/139)


The remote host does NOT support the following SMB dialects :
_version_ _introduced in windows version_
2.0.2 Windows 2008
2.1 Windows 7
2.2.2 Windows 8 Beta
2.2.4 Windows 8 Beta
3.0 Windows 8
3.0.2 Windows 8.1
3.1 Windows 10
3.1.1 Windows 10

10.0.0.112 (tcp/139)


The remote host does NOT support the following SMB dialects :
_version_ _introduced in windows version_
2.0.2 Windows 2008
2.1 Windows 7
2.2.2 Windows 8 Beta
2.2.4 Windows 8 Beta
3.0 Windows 8
3.0.2 Windows 8.1
3.1 Windows 10
3.1.1 Windows 10

10.0.0.133 (tcp/445)


The remote host supports the following SMB dialects :
_version_ _introduced in windows version_
2.0.2 Windows 2008
2.1 Windows 7
2.2.2 Windows 8 Beta
2.2.4 Windows 8 Beta
3.0 Windows 8
3.0.2 Windows 8.1
3.1 Windows 10
3.1.1 Windows 10

10.0.0.148 (tcp/445)


The remote host supports the following SMB dialects :
_version_ _introduced in windows version_
2.0.2 Windows 2008
2.1 Windows 7
3.0 Windows 8
3.0.2 Windows 8.1
3.1.1 Windows 10

The remote host does NOT support the following SMB dialects :
_version_ _introduced in windows version_
2.2.2 Windows 8 Beta
2.2.4 Windows 8 Beta
3.1 Windows 10

10.0.0.158 (tcp/139)


The remote host does NOT support the following SMB dialects :
_version_ _introduced in windows version_
2.0.2 Windows 2008
2.1 Windows 7
2.2.2 Windows 8 Beta
2.2.4 Windows 8 Beta
3.0 Windows 8
3.0.2 Windows 8.1
3.1 Windows 10
3.1.1 Windows 10
10940 (11) - Windows Terminal Services Enabled
Synopsis
The remote Windows host has Terminal Services enabled.
Description
Terminal Services allows a Windows user to remotely obtain a graphical login (and therefore act as a local user on the remote host).

If an attacker gains a valid login and password, this service could be used to gain further access on the remote host. An attacker may also use this service to mount a dictionary attack against the remote host to try to log in remotely.

Note that RDP (the Remote Desktop Protocol) is vulnerable to Man-in-the-middle attacks, making it easy for attackers to steal the credentials of legitimate users by impersonating the Windows server.
Solution
Disable Terminal Services if you do not use it, and do not allow this service to run across the Internet.
Risk Factor
None
Plugin Information:
Published: 2002/04/20, Modified: 2017/08/07
Plugin Output

10.0.0.8 (tcp/3389)

10.0.0.14 (tcp/3389)

10.0.0.21 (tcp/3389)

10.0.0.22 (tcp/3389)

10.0.0.25 (tcp/3389)

10.0.0.27 (tcp/3389)

10.0.0.64 (tcp/3389)

10.0.0.94 (tcp/3389)

10.0.0.112 (tcp/3389)

10.0.0.148 (tcp/3389)

10.0.0.158 (tcp/3389)

64814 (11) - Terminal Services Use SSL/TLS
Synopsis
The remote Terminal Services use SSL/TLS.
Description
The remote Terminal Services is configured to use SSL/TLS.
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2013/02/22, Modified: 2018/03/29
Plugin Output

10.0.0.8 (tcp/3389)

Subject Name:

Common Name: 427576-DB2-NEW.demo.org

Issuer Name:

Common Name: 427576-DB2-NEW.demo.org

Serial Number: 4E DC 1E B4 5A 51 C5 89 4B 45 EC 98 C1 E6 19 95

Version: 3

Signature Algorithm: SHA-1 With RSA Encryption

Not Valid Before: Jan 16 04:48:12 2018 GMT
Not Valid After: Jul 18 04:48:12 2018 GMT

Public Key Info:

Algorithm: RSA Encryption
Key Length: 2048 bits
Public Key: 00 90 7B 49 EA 18 11 D4 94 20 CE F0 03 BB 7A B9 75 BA 1C 40
2A 72 CE 18 8B 00 43 79 7E E3 F1 5F 80 DD 89 3F C8 75 AE F6
31 E5 F5 99 0A C9 EC 7A D3 32 54 6C C5 65 5B C3 7B 9E 1D DB
B7 72 FB AA 5A 09 2C 05 ED FE 91 44 D8 9D D0 A2 6A F4 E1 05
CC AB 26 A4 3E D4 9D D0 49 76 1E BD AD BE 87 47 AF D1 E7 37
20 AA E5 21 83 EB D0 45 A3 50 C4 F2 B3 72 43 C8 07 20 B7 2C
44 D5 36 CE 7B 1F C7 A7 E4 E9 67 93 A9 98 4E 5B 68 AD CF D8
96 1A A1 FD 77 2D CB E2 FD 28 A3 23 80 5F 05 DA E2 2E D9 3B
01 8E B7 F9 80 D1 C7 97 FA C2 75 85 0E 0B EE A7 0D 22 89 85
BE 14 8D EC AA 21 2C 11 F9 45 7A 04 50 92 58 49 F1 46 CF 2A
3B A9 D6 FD 28 71 85 C3 45 10 79 9B 8C 25 F7 E7 05 F9 97 01
7E 6E 07 05 5A E7 B5 EC 85 CC FA D6 32 EC 97 79 A1 FD 43 B2
25 C1 C8 EB 3E 2F 57 E6 F2 8A AA 80 57 E1 77 14 9B
Exponent: 01 00 01

Signature Length: 256 bytes / 2048 bits
Signature: 00 89 B9 55 46 36 4A 26 51 88 C4 D2 A9 3F 68 46 82 CF D6 BC
5D DB D1 87 87 AA DA 2C A3 68 83 BB 61 26 D0 5A C8 A6 A9 F5
53 08 01 AC 0C A7 67 52 10 95 C0 2A B3 3D 75 1F 14 DA 9E 6C
60 CE 87 51 47 3E 76 46 39 F2 9C 7E 15 24 FE A9 01 CB 69 32
FE 1C F9 64 44 54 F2 5A 82 15 01 1A 0C 60 80 19 1B BC FD E7
15 B6 F4 61 DB 95 80 F7 7E 60 F1 4A DE BF EE 0A E8 14 EC 54
5D 32 9C 67 85 11 97 86 9A 03 86 4F 7E CD 9C 33 AE 7E 27 72
34 7A F0 2C 94 1C 36 EC C3 17 F7 4A F3 45 76 E7 52 05 37 45
EE EE 72 28 DD 9B C8 E9 BA 22 F0 44 F2 23 34 81 FD DA E6 39
CF 50 2C 1F EE C3 37 7F 11 91 3F 21 F1 68 54 59 B5 F9 7C EB
F7 5E 7E 00 EC 3C CF AF A6 80 CC 3F BD 6E 05 D7 EB E5 72 D0
74 92 A7 01 CB 3E D7 FC 33 47 88 65 E2 6C D3 2C 25 4B 72 46
B4 FB 3A 23 80 C0 58 27 31 A9 1B 1C 0F 74 65 D0 67

Extension: Extended Key Usage (2.5.29.37)
Critical: 0
Purpose#1: Web Server Authentication (1.3.6.1.5.5.7.3.1)


Extension: Key Usage (2.5.29.15)
Critical: 0
Key Usage: Key Encipherment, Data Encipherment

10.0.0.14 (tcp/3389)

Subject Name:

Common Name: queen.demo.org

Issuer Name:

Common Name: queen.demo.org

Serial Number: 0F DB 23 EE 8D 8F CC 8E 47 D4 A2 B5 02 78 DE 8A

Version: 3

Signature Algorithm: SHA-1 With RSA Encryption

Not Valid Before: Apr 02 11:54:47 2018 GMT
Not Valid After: Oct 02 11:54:47 2018 GMT

Public Key Info:

Algorithm: RSA Encryption
Key Length: 2048 bits
Public Key: 00 AF 64 53 40 EB D3 CF 2E FD 5C 7B F4 A9 8A ED 27 67 F2 F5
C1 F7 56 0E CE 91 CF 60 2A CF AD 78 54 E1 DC 0E F4 0D 32 84
0B FD 22 02 B3 86 A7 E0 34 13 B8 99 34 06 63 F1 40 22 A9 36
18 24 6D 1E D0 3B F3 92 81 C2 A6 B2 48 F4 63 C8 9E A7 CA 2A
C7 E6 4C 9E 65 C3 11 31 C2 D6 1D 07 7E 74 7B F2 82 AE 46 1D
0F 77 15 F2 D8 DC 55 CF 9D 1B 97 A6 23 D7 BB DC 4C 2C 39 A9
64 32 7D C0 EB D9 F7 10 FD 61 DD CC 55 1F 15 C1 B7 C9 D9 0B
B7 78 9F 39 2D 79 2E 4B B8 23 84 B1 B9 B9 63 1B 3D 8B 34 CF
F8 23 31 7F D8 84 77 FB EF C8 99 C5 C7 77 FB 05 61 65 1A 58
86 2F B3 D0 ED 78 A9 63 0B 3F DF B5 98 84 0C 5E D9 EF AB B4
0A C6 4B 66 09 CC 02 F9 FF 00 C4 A8 F3 5A F8 85 81 92 94 9D
1F 9C F8 AA 35 B9 74 C0 0F B7 D3 56 02 EA F4 C0 5E 9C CE 8A
C4 D1 DC 35 86 26 D1 0D 9C FB 07 DC 5F 4E BD 23 4F
Exponent: 01 00 01

Signature Length: 256 bytes / 2048 bits
Signature: 00 4F D6 D8 D8 C1 BE 13 BB 9B 4B 46 55 49 82 01 CD 1C 91 76
51 C4 74 3A A5 0A 61 85 F8 6D B4 02 29 5F B6 BF DC AA 68 B9
90 58 89 4B 27 2E 72 39 7B A8 17 7F 2B CC DA 26 B4 B7 48 00
8F 77 F0 D4 47 CD 98 D8 03 79 80 DD 9C 19 62 AF 10 35 5D DB
5D F8 AC 98 B5 9B A9 86 8D 2C FB 6A 95 C7 1A 52 72 E8 4C F3
35 32 6A 75 06 62 F6 06 65 4D 5F 84 F0 02 84 70 47 C5 51 83
1D D0 ED 88 DD 06 A8 6A 02 42 85 48 62 9E 72 1A 47 3E B5 B3
06 D8 C8 B4 6D 19 96 B9 52 A4 D8 25 DE 1A 5F 29 2E 99 14 85
00 1F A0 CD 0A 3C 6A 16 4D EE 90 D4 C5 62 9B 15 80 7B 0B 3E
E0 89 C2 CB F0 D0 1A 8D F4 49 C9 41 42 48 71 23 73 CB C9 56
B3 37 85 4D A7 27 AF A1 03 71 01 20 AD B2 20 FC 4C 30 41 1F
A0 A5 F8 7A 34 1E 4A C3 AC A4 C3 36 2C 37 F5 A2 1E E1 3C 62
E4 AD 18 14 E5 CB 23 39 23 6E CD D5 94 D7 8E 93 F5

Extension: Extended Key Usage (2.5.29.37)
Critical: 0
Purpose#1: Web Server Authentication (1.3.6.1.5.5.7.3.1)


Extension: Key Usage (2.5.29.15)
Critical: 0
Key Usage: Key Encipherment, Data Encipherment

10.0.0.21 (tcp/3389)

Subject Name:

Common Name: dynamics-ts.demo.org

Issuer Name:

Common Name: dynamics-ts.demo.org

Serial Number: 1C 92 49 85 C7 ED BB B8 48 95 27 2A 77 46 38 25

Version: 3

Signature Algorithm: SHA-1 With RSA Encryption

Not Valid Before: Apr 11 10:27:16 2018 GMT
Not Valid After: Oct 11 10:27:16 2018 GMT

Public Key Info:

Algorithm: RSA Encryption
Key Length: 2048 bits
Public Key: 00 C8 A3 AA 48 26 58 BD 74 0F 74 40 0C 15 BC 6F B3 1C 9A E1
82 82 A3 7E 43 60 D6 B5 A4 6D 38 16 66 74 02 1B 5A A3 C6 AF
6D EF FA 60 A2 32 F3 8D DF 23 CF 35 37 2D 46 EE B4 BC 83 47
DB DD 77 CA D4 79 A2 1C A5 9B C0 18 3E AB 11 30 8A 04 B6 E3
B9 DC BA FF B1 51 FB 4B D6 98 CF B9 10 03 3D 5E 20 C3 AD BC
EB F3 60 E3 2A E5 54 DD CE 9C B0 2C D3 DF 46 9B 1B 06 62 C9
C3 CA 88 E8 8F E3 3D 5B 11 B0 45 87 3B FF C0 55 8D 6B 5F 42
C5 AC C7 41 B4 C2 C5 15 20 FE 9A BE B7 6A F4 D9 C9 97 EF E3
A8 03 27 14 23 DB CD EF B1 16 92 CE 25 F4 91 AD 6B C8 F6 86
0F 8D 41 2F A9 C4 29 A4 F0 75 1D C4 CE E5 C6 BB EC 60 47 88
69 66 32 CE 71 39 F0 39 9C C4 19 8E B0 D9 43 4D A5 52 85 DD
75 EB 87 9A B9 5B FB 5C E5 FA 38 9E 30 0A 0B 75 57 9A C2 52
FE EB 5C EE 4E C0 43 0C C1 39 E2 09 2B CC 82 F5 11
Exponent: 01 00 01

Signature Length: 256 bytes / 2048 bits
Signature: 00 44 C2 1C 0A 97 C1 13 47 6F DB 64 24 33 C9 60 E1 90 5F FE
3B 5D 3C 7F 19 78 06 71 0A BE A1 D2 D4 E0 46 94 DF C3 5E E3
06 91 37 C2 21 E6 9E C5 8D 1D 62 23 BD 25 D3 1D F2 F2 33 26
11 1F A3 1B EB 83 74 29 54 6A 1C A0 5F D6 82 F0 1F 24 AC 87
23 9B A9 F7 2B FB DD 35 85 F9 09 2E 9A 73 D5 20 8C 23 74 15
AE A6 19 19 3F D8 47 78 AF F0 02 28 5B 87 49 F7 46 B9 75 ED
11 ED F7 AD DD 6C CB BE E3 8E FB 26 DF 6D 3D 45 6D DB 77 69
D5 8A B3 E9 F9 EC 52 F4 2E B3 72 A3 BB FA 40 7E 92 CF 51 2B
BE 1B 80 3E 92 A6 11 E7 1B A4 5A E5 DA 0A 94 B7 AB DE 1C 08
AE 93 17 6C 43 C9 A2 51 35 50 AB B6 2E 9B 71 04 B8 7A 19 7B
C4 73 FB 61 79 75 B3 2C B2 8B 5A 67 77 27 F5 FE 8B A3 02 55
B0 01 94 09 7D 38 E9 F3 4B 3A 8A 8F BA F8 96 8C EF 25 59 95
3D 7F BF 06 26 A7 F0 D3 A5 4B E8 2E A7 04 10 83 CD

Extension: Extended Key Usage (2.5.29.37)
Critical: 0
Purpose#1: Web Server Authentication (1.3.6.1.5.5.7.3.1)


Extension: Key Usage (2.5.29.15)
Critical: 0
Key Usage: Key Encipherment, Data Encipherment

10.0.0.22 (tcp/3389)

Subject Name:

Common Name: dynamics-app.demo.org

Issuer Name:

Common Name: dynamics-app.demo.org

Serial Number: 25 DB 71 55 7A 34 65 BB 45 F7 46 E9 BB D1 2A 72

Version: 3

Signature Algorithm: SHA-1 With RSA Encryption

Not Valid Before: Apr 11 22:13:58 2018 GMT
Not Valid After: Oct 11 22:13:58 2018 GMT

Public Key Info:

Algorithm: RSA Encryption
Key Length: 2048 bits
Public Key: 00 8C 66 3C 55 5C B6 02 40 B4 69 34 B1 AC 1A DC C8 C8 EA 2C
64 52 A1 06 A3 A1 50 44 57 85 AB F2 28 F7 39 2B 67 E7 E0 5C
9C 15 55 34 69 5E 79 42 16 D8 F5 85 DA 9C C8 7E 08 15 E4 F5
F9 85 E8 8F B1 E1 B2 4F E1 35 FD A7 BF 62 6B A8 A9 06 09 A6
FF 89 03 4A DC E1 CF E1 DA 26 48 1F A7 8A 9A D0 92 86 11 23
69 C5 B6 8F BC 25 4F D2 B7 B1 44 5C 0D E2 BC 8F 99 EE 00 AA
2D F7 7D 3E AF 29 00 08 0B 92 1E 51 B2 D7 87 39 C9 8A EA D1
19 FE 9E F7 45 0E 37 C0 F3 5C BC 78 77 32 92 64 61 13 AD C3
10 75 C3 80 1F AB 11 E6 B4 19 8C 1A 50 63 78 6B 9E 55 76 F0
8A 6A 38 1B 72 87 91 E5 70 D8 CD 7F C7 FA 59 6D C5 A6 EB DA
B8 E6 FA 89 0C EC 62 0E D1 13 AC 7A DE 0C D5 32 CB E1 46 9B
1D 63 70 2F 8B 88 9B AE DA F9 20 F0 C3 2B CC 1C D1 56 0D 4B
3C 08 FE 93 CE EA 89 C2 EF C1 38 FA 5D B3 0C AD 61
Exponent: 01 00 01

Signature Length: 256 bytes / 2048 bits
Signature: 00 00 D4 8E C3 F0 8E 67 B8 1C B1 C6 84 48 90 97 E0 76 38 87
B4 44 11 EE 32 63 98 D6 11 40 FB BC 35 C6 64 A1 DB E2 D5 53
6C 45 16 54 36 59 40 22 5D 56 76 68 EA 94 DF 5E 1B 85 7E 2B
7D 81 52 92 AD 30 5F A4 42 35 4F 0E B1 55 7C 9E 24 A0 4B 46
61 8C 4D E1 BD A1 A1 01 4D 76 6F 55 74 71 09 2C 04 99 0A F8
91 3E 7C 9C F6 16 31 F9 18 60 53 3A B3 DB C9 18 EE 11 0B 57
43 92 C8 55 05 B5 92 C4 BB 6A 41 90 A0 96 ED 6C 9A 0E 38 E0
B7 2A 23 80 37 68 B1 A4 AB DF 73 EB 58 DD 24 9B 92 48 C4 D6
0D 78 37 82 75 C2 D0 EF C1 94 26 25 6D 77 6A 9F EB 89 98 7E
E9 70 EF 56 F7 36 38 A8 76 92 30 D0 B3 EC 8E B9 0D 88 6A 8D
88 5E F3 57 70 63 98 CB C8 25 0F 41 A9 A5 7A 15 05 E5 E2 C1
1A E5 67 F8 C8 73 C8 7E 5B CE 97 90 1C 9F 5C 1C 5F 83 D8 77
61 18 FE 99 A2 D2 43 6A 65 34 B4 85 32 7F 59 A5 D4

Extension: Extended Key Usage (2.5.29.37)
Critical: 0
Purpose#1: Web Server Authentication (1.3.6.1.5.5.7.3.1)


Extension: Key Usage (2.5.29.15)
Critical: 0
Key Usage: Key Encipherment, Data Encipherment

10.0.0.25 (tcp/3389)

Subject Name:

Common Name: demoSFDC01.demo.org

Issuer Name:

Common Name: demoSFDC01.demo.org

Serial Number: 2C 49 FF 18 15 5E 3E 96 46 43 0C AC 3A 37 CB 42

Version: 3

Signature Algorithm: SHA-1 With RSA Encryption

Not Valid Before: Mar 21 22:02:50 2018 GMT
Not Valid After: Sep 20 22:02:50 2018 GMT

Public Key Info:

Algorithm: RSA Encryption
Key Length: 2048 bits
Public Key: 00 A0 28 E3 1B 09 E6 19 31 70 44 16 14 8B 5E 08 16 92 0D F6
17 A1 75 25 6D 7A FE 01 A2 A9 A7 CE 4D AD 38 E7 36 B3 5A D6
B3 29 1E 97 C1 79 E1 5A 0B 12 81 D1 B4 6D A1 2B 51 66 B6 E3
C3 53 1D F7 BD 7A 08 4A 02 25 13 0E 94 77 9D 6B B1 18 24 C2
3F 18 47 18 2F 81 6B D3 B2 73 1A B4 85 AA 18 12 49 C3 EB DF
21 D2 3A A9 4D B3 A7 F0 03 87 46 A9 45 A8 EF 2D 33 CE E2 8C
79 DB D8 A8 00 EE 7A 33 2C 25 F6 6C 40 A0 5C 7F 59 02 94 CE
7B EE A6 63 87 45 11 B0 E7 63 92 F3 04 A3 89 24 D3 09 33 6D
85 83 A3 58 03 CA FE 1A 2E F9 00 E9 D4 C0 17 65 52 7E 2E 51
4A 0B 02 44 33 02 82 EF D1 12 2F AD A7 8F C3 71 7E 06 F9 62
FC 5D 5E 5F 38 52 BF C3 2F D8 E1 66 E9 9F E0 14 68 A0 21 C4
31 ED 4E 7F 92 42 81 D5 01 DF C3 19 78 B9 E5 6B CE 2A C4 A3
37 3B 59 C1 02 2E CA 20 8A 18 3B 9C 2B 99 43 21 D9
Exponent: 01 00 01

Signature Length: 256 bytes / 2048 bits
Signature: 00 60 62 61 C4 99 D8 4F 36 E0 E0 AE 08 52 4B CB EA FB 87 5A
C6 00 88 B0 E5 EF 47 8C E0 4D 5E D6 B9 4F 06 C2 0E 18 0A AD
DC FB 6D 9B CB 9A D1 D9 D6 64 B3 4D 1C F4 C5 7B 22 4A A8 BF
0B 69 6B 1B 52 56 E5 81 7E 41 F9 97 62 DE 60 1A AB D0 23 CB
3B 40 A0 2A 80 1B 80 47 CC CE 67 85 DD 28 BA 36 71 B0 6B D3
49 C4 59 16 84 BA FD 22 2B 9B 71 E1 78 7F AE 5E 12 8A E2 6F
B4 33 6A C9 62 5F 19 77 72 F0 FE CC 52 BB 3D 72 3E BF 3D 2F
7C 44 5A 9E E1 F5 E3 81 E9 B9 D7 CD 3B 44 D8 37 95 EC 5F 92
A9 95 6A 0A A6 A2 BC BA 99 C8 DC 4D 64 5B 75 7B 4A 3E 80 5F
BB C6 4F 09 14 72 67 99 F6 53 21 09 99 1B D2 B5 78 03 0F C2
45 26 F5 9F 95 F0 E2 FE 87 0A 58 EE AE 5E AE D1 88 8C DA 8E
2F 47 B6 65 31 CD 57 0F 42 8D 11 79 48 DF 3E 9B 60 84 34 EC
2D 84 C6 1F 90 10 3C D0 31 EB 36 47 94 61 60 70 40

Extension: Extended Key Usage (2.5.29.37)
Critical: 0
Purpose#1: Web Server Authentication (1.3.6.1.5.5.7.3.1)


Extension: Key Usage (2.5.29.15)
Critical: 0
Key Usage: Key Encipherment, Data Encipherment

10.0.0.27 (tcp/3389)

Subject Name:

Common Name: demosfdc02.demo.org

Issuer Name:

Common Name: demosfdc02.demo.org

Serial Number: 66 19 62 9D 25 8E 83 A4 4E C5 97 DA 18 19 5D EA

Version: 3

Signature Algorithm: SHA-1 With RSA Encryption

Not Valid Before: Mar 28 10:01:59 2018 GMT
Not Valid After: Sep 27 10:01:59 2018 GMT

Public Key Info:

Algorithm: RSA Encryption
Key Length: 2048 bits
Public Key: 00 AB C6 66 A7 6D 4D 96 F0 CE C2 5C FA 7E AE B7 84 55 59 54
34 F6 50 15 1C C1 A4 AD D5 1E C3 F1 25 79 BA F9 63 D9 FA F7
C9 50 D6 F7 B9 5D B9 45 C8 34 48 37 3F 59 5F 8E 54 DE A3 28
EB 24 4E 16 5E A9 58 E7 84 CC C7 91 FF D3 BB D4 A5 E0 AB 8B
8B B2 A5 11 C2 F8 69 2F CC 33 7B 3B F9 8C 44 FB A7 FE 83 0C
6F E6 A4 D8 66 E5 6A 94 3C CE 56 65 53 6B F5 98 49 90 8F 91
76 37 D0 BE C4 F8 AC 3F 1B 32 F2 2D 6F CF 55 0F B2 90 26 CF
E2 22 8B F9 05 4D 7D 5C 87 A0 28 B9 61 DC 90 D3 BA 89 12 73
FF 8F DC 9C 38 94 B2 B9 D8 CF 92 C3 75 AC CA D5 B2 BB 4C 48
66 0C DE 5D 22 01 E7 CA 4C C2 C8 86 B1 96 C2 27 74 EE 53 79
24 CF 2E 77 96 CF 1E BE 93 C5 2A 67 1E A4 D1 63 45 4F 40 45
D5 53 1C B4 9F 6B E8 04 EF D4 AF 1E 89 53 29 54 FF 27 31 26
AD 9A 8B 82 43 5E 43 3D F7 3B D1 61 28 3C 54 33 1B
Exponent: 01 00 01

Signature Length: 256 bytes / 2048 bits
Signature: 00 61 33 3A C0 A7 09 A8 F0 2E B9 BF 58 5E B6 C9 CF 3E 26 C9
9A B8 14 9A 32 86 D0 D5 43 B4 3E 0A 10 94 9C 8F E5 C4 48 75
16 2E 8C 3B 8C B3 5B 3E 90 AA 7D 45 14 C5 B3 E6 27 0A AC AA
04 40 B2 9F 65 0D 59 E0 B1 86 90 B7 24 5E 32 E8 80 F5 D3 3F
97 F2 85 8B DB 91 A5 6A BA D0 18 90 6E FB C6 D0 D9 14 DE 0B
02 4C 29 2F D9 83 41 55 3E 9F D4 6D 8A A5 59 78 25 F4 7D 0F
A2 5E AC 19 16 26 BC 5A 01 29 64 DB F8 A7 C8 98 0B F7 1C B2
39 4D 64 E2 AE 20 0E CC E7 88 E0 55 E7 7E A3 72 B8 03 31 E5
AC 3A F9 14 92 10 F9 44 CE 5F B3 01 C0 F5 DB F5 4B 3A F0 FD
DE 3D 22 C5 0F DE 4D BD 2C 77 BB 3B E0 F0 39 51 D2 37 A1 8E
2C 90 93 4F 34 88 FE 0A B6 D0 EE 2E 53 F0 BA 1A C1 2E B2 5B
9E 31 2D CB 55 F0 A6 5A 88 5F 90 AB 27 27 E7 BC 07 0D 12 BB
99 74 15 D5 DE 21 E1 DC E5 DD 91 C6 4A FA F8 21 BA

Extension: Extended Key Usage (2.5.29.37)
Critical: 0
Purpose#1: Web Server Authentication (1.3.6.1.5.5.7.3.1)


Extension: Key Usage (2.5.29.15)
Critical: 0
Key Usage: Key Encipherment, Data Encipherment

10.0.0.64 (tcp/3389)

Subject Name:

Common Name: SF-GXK9JS1.demo.org

Issuer Name:

Common Name: SF-GXK9JS1.demo.org

Serial Number: 5E 56 26 41 CC 79 0E 92 43 5C 25 75 22 4D 34 D8

Version: 3

Signature Algorithm: SHA-1 With RSA Encryption

Not Valid Before: Dec 21 22:22:49 2017 GMT
Not Valid After: Jun 22 22:22:49 2018 GMT

Public Key Info:

Algorithm: RSA Encryption
Key Length: 2048 bits
Public Key: 00 D3 7B A4 F0 7C BD D0 9C 18 FE 3C 4C E9 4E 84 8E 97 F5 F1
0C FF A6 88 42 03 F6 D9 B9 3F 11 05 96 52 61 C0 FA A6 B0 FC
77 3E 01 6D 12 67 37 A0 23 9A 86 77 74 4D 9F E3 E2 CD CE A3
8A 75 4D EC EF E1 F6 11 0A A8 85 6C 8D D7 C4 8C 19 C2 91 CE
8A 82 0B 65 D6 3D 70 E4 9E F1 B0 E1 3B A7 4B 32 68 ED 57 7D
7F E7 DB EA 67 61 48 9E 40 7E 60 23 43 F6 22 86 55 D1 6A 2D
FE 5E 00 F2 4B 19 CA 4F 95 6B 9B F4 6C 95 8F 8F EC 98 78 05
9F 47 FE 6C 2C CB ED 16 63 E2 36 08 C6 A4 A8 4B 78 98 0E D5
09 EB 6B A2 8A 07 39 2B BE 70 69 52 49 B7 F9 99 AC E2 68 68
02 2E 85 2D 17 84 CF 5E 0D 31 C3 64 41 50 45 61 6C 61 9F 80
88 13 40 EA 42 A0 D3 16 12 C6 3D F9 8A 35 03 B6 5E D9 CA BD
28 BE 32 2C 9B 6D E1 82 20 9A 47 5C A2 06 16 B3 FC 70 71 B9
AF DA E0 63 BF E8 78 C8 EC D2 B4 C9 61 0B B6 CC 0F
Exponent: 01 00 01

Signature Length: 256 bytes / 2048 bits
Signature: 00 46 C5 DC BD 3A BE 22 99 61 48 1E 04 37 7C B9 3C B0 9E 0C
9F E5 96 96 BE 1D 5E 16 46 5E 29 BF CD B7 AE 91 DF C8 74 74
2E D8 41 D1 38 28 C3 C1 95 B5 DC EF 5E BB 1E 7E F6 8D 89 C7
D9 8B 38 9F FC 06 D0 7D 6D 6D 36 CB EB F0 39 00 92 CF 03 57
B0 F9 8B 2E A5 0B 9B 21 B8 26 7E CF BC 09 89 25 51 1E 94 B0
31 82 71 D4 13 84 D2 85 CD FD 09 AD 6E 1D 05 C7 1B 48 09 04
3F 4E 86 EF 4E B0 02 A0 72 D5 39 BC 48 D0 EA 43 5C 65 4D A1
0E E9 5B 71 87 CB 50 61 4F 37 A7 2E DA AC 14 43 C6 AD 12 7D
E6 1E 03 0D 65 8B C6 6B AB 92 8F 42 CC 15 4D 25 6C 67 90 A0
EC F7 59 15 23 82 8F C5 4C 9F 2B 07 E4 BB 9D 90 67 06 D3 B8
B2 48 4F 9C 68 68 06 34 25 18 B8 E6 5C 4E FF 7A 95 FB C5 D8
0C 11 E4 DA 7E 84 A9 A7 D0 3B E5 DA 33 FA 75 35 32 0C 67 44
BA 8E A1 8A B6 DF B9 D4 99 08 40 CF 45 B8 72 38 7E

Extension: Extended Key Usage (2.5.29.37)
Critical: 0
Purpose#1: Web Server Authentication (1.3.6.1.5.5.7.3.1)


Extension: Key Usage (2.5.29.15)
Critical: 0
Key Usage: Key Encipherment, Data Encipherment

10.0.0.94 (tcp/3389)

Subject Name:

Common Name: demoFILER.demo.org

Issuer Name:

Common Name: demoFILER.demo.org

Serial Number: 13 71 CC 0A AD 0B 29 82 42 F5 1B 8A 3B 87 A4 87

Version: 3

Signature Algorithm: SHA-1 With RSA Encryption

Not Valid Before: Feb 27 19:35:03 2018 GMT
Not Valid After: Aug 29 19:35:03 2018 GMT

Public Key Info:

Algorithm: RSA Encryption
Key Length: 2048 bits
Public Key: 00 B8 5F F0 71 BB EA 9B 98 D2 63 42 69 84 3E EC 3B A0 06 76
59 76 1F E6 ED BF FE C8 92 D9 55 BF 02 5D BC 35 E0 BF ED 9A
7C FC 55 10 B1 A6 C8 8D 9A D0 7D 43 D3 42 57 D0 37 7F F3 89
4B 39 B9 E9 7A 33 09 DE 13 DB 62 78 B4 86 2A 95 F2 04 80 54
F6 24 6D B2 D2 32 B8 EA 25 79 42 87 37 0C D0 CE 46 98 1B 37
CF B4 29 9D 38 A0 B8 F4 EC CA 64 76 0D 14 9C 2B 45 C9 52 77
5E E5 10 5E E7 B3 24 E6 0F A0 CD 8C A7 1E C3 D0 58 7C 72 C3
25 D3 8E 98 E6 0C FB A7 CC 9B 96 BF 1E 9E C5 BD 8E B8 D0 A5
8D A9 B3 0B A6 FF 71 FA C2 E3 57 EB 2A 5E 06 CC E5 51 9F E8
EB A7 8E 70 2B 9C 85 EB C0 FB D9 74 5F EB 13 B8 4A 7B 4C 54
29 2B F6 B1 3C EE D7 88 7C 66 53 99 FA 1A 82 C7 CE 14 8F DD
3C 89 6A 93 A5 55 EF AB EA 85 39 03 F0 87 B5 84 FF AB 78 0F
51 1B 37 F5 4A 1A 64 6A E7 30 2A EF 0E DB D6 83 D5
Exponent: 01 00 01

Signature Length: 256 bytes / 2048 bits
Signature: 00 27 28 83 DC 11 D8 CC 6A F1 37 A3 E9 5E 27 EB 6D 24 8F C9
70 D8 1A B7 48 9A 46 A7 C5 DB EE 70 2C AE 11 1B EE D2 25 AF
11 F7 CA 37 AD A7 A5 60 BB EA 06 68 01 2A 1E D7 89 47 66 2D
E6 53 10 81 CC FA 58 89 F4 EE 5F 6D 4C 35 A7 09 8A 65 31 4D
5B 29 FA 4C 8E 6F 5C 12 C7 87 28 24 9D 9A 54 F9 3B 86 7B 15
F6 E9 07 97 99 52 8C 1A 32 27 61 0C AB FD DA 26 E9 1F C7 DC
64 D8 75 C4 8E 39 F1 37 4F E6 CF BD 6B 60 79 53 8F DE 97 2E
EC D7 67 49 C3 47 8F 0F B8 84 2B 3F 25 15 AF 3F 9E CF 53 6C
F7 73 8E 45 D2 AF D6 BD C7 5C BF 99 62 7C 65 DF 82 F0 AD EA
30 B9 F8 74 BC CB BF 5D 27 14 29 DE CE 4F 9B F0 A6 80 5B 0A
90 2E 73 11 27 8E BB F8 BA 29 1E 53 6B 93 10 31 DC DB 85 1C
7A 52 61 E8 66 4E 1E 1A D3 CE 55 46 21 B0 71 C8 8C 7F 59 2A
A9 3E 26 67 78 36 B5 98 25 88 87 74 66 EB F0 0C 5D

Extension: Extended Key Usage (2.5.29.37)
Critical: 0
Purpose#1: Web Server Authentication (1.3.6.1.5.5.7.3.1)


Extension: Key Usage (2.5.29.15)
Critical: 0
Key Usage: Key Encipherment, Data Encipherment

10.0.0.112 (tcp/3389)

Subject Name:

Common Name: demoPRINT.demo.org

Issuer Name:

Common Name: demoPRINT.demo.org

Serial Number: 60 2A 91 AD 97 66 23 98 46 E1 B3 E2 63 E3 17 32

Version: 3

Signature Algorithm: SHA-1 With RSA Encryption

Not Valid Before: Jan 05 20:00:43 2018 GMT
Not Valid After: Jul 07 20:00:43 2018 GMT

Public Key Info:

Algorithm: RSA Encryption
Key Length: 2048 bits
Public Key: 00 B2 04 90 3A CB A8 4C CA 7C CB E3 97 0B 62 F6 EF 7A DC 67
AE 59 80 E0 5D A5 CB 16 D5 70 DD 6B 73 E7 27 2A CA 00 21 F8
06 0C B7 DC BB EF 57 3F 1F 9C B9 E9 21 92 27 96 52 28 0A 6D
B5 77 8E 5C 98 C7 1F AD FF 5A 45 0E 24 86 88 93 6F E2 5A B7
DF 3C 88 E4 7B 80 F5 EF 40 40 76 77 36 4E BB 3E DF 38 89 9D
BB 2A AF 10 7F F1 84 C1 0C 4B 2B F0 57 23 B5 02 9D 3D 5B 5C
51 1F 62 A2 5D A3 40 6F 6A B6 0C AC 9F 26 88 E6 9F AA 65 C9
9F B3 04 86 42 7B E1 61 0A CF FB E6 08 3E 56 1A C9 0C B6 02
42 ED 99 5A AC AB 0C CA 5D 5C 2B AA 0A 33 C1 0F CF D3 23 B2
87 6B FA F1 0F E5 14 7F 95 E0 F7 6A 33 0E 36 35 15 9B 0A 64
60 70 31 2A 9E FF 89 C8 E7 19 87 1E 4A CE 31 AE F0 32 51 13
A1 0A 42 7C 1C BA 4D 95 E1 7D 37 5D 5D 0E 4A E0 87 5B 8B CB
3F D0 BD 67 1A 95 65 59 A8 9D C9 EE 1C D0 36 E3 9D
Exponent: 01 00 01

Signature Length: 256 bytes / 2048 bits
Signature: 00 94 4F 8E 64 92 26 DD 4E 1A CA C7 2C ED BF CD 76 B3 66 0E
AD C5 55 F6 7B F2 15 75 57 30 BD 01 0C A4 71 9A 14 C2 04 16
AD 10 64 3E 03 E2 3C 7D CA 44 F2 75 5A 11 85 D3 37 DA 0F 5D
00 3A 63 31 06 93 9D A3 A1 FA DB BA A4 92 5B F6 34 36 EB C3
E4 8C 78 7C D6 FE 41 29 6D 3B E7 86 1D 0A 0D 54 42 AC D7 39
BE 6C EC 4F 26 30 1E 28 93 BD F1 AA A3 FD AA 32 BC DA 98 F7
7E BF AF 08 2B 6C 5D A0 78 E7 4D E6 E3 E8 E0 4B 71 4D F2 DB
5C 24 27 D0 59 1A 0D C7 DD EB C3 05 B5 FA 91 48 DD 0B 3F C3
87 78 8F B5 96 71 BC 61 F0 DB 43 99 E4 0A F6 F1 84 C2 8B CC
71 CF 02 CD FB AD 59 22 D6 95 B8 44 C0 88 10 66 62 F3 53 45
73 7E F9 9F 58 54 49 75 99 45 66 08 B6 0F 40 92 C9 1D 2E 49
50 1E 85 77 7D F7 33 30 35 1B 16 12 5E 33 04 98 9C C8 85 3C
57 DE 9D B8 4E 66 96 AA D2 26 98 9F 78 C2 6D 95 63

Extension: Extended Key Usage (2.5.29.37)
Critical: 0
Purpose#1: Web Server Authentication (1.3.6.1.5.5.7.3.1)


Extension: Key Usage (2.5.29.15)
Critical: 0
Key Usage: Key Encipherment, Data Encipherment

10.0.0.148 (tcp/3389)

Subject Name:

Common Name: demoSFVeeam

Issuer Name:

Common Name: demoSFVeeam

Serial Number: 74 D8 21 EF A0 0F 83 AF 44 59 E2 89 21 51 F0 46

Version: 3

Signature Algorithm: SHA-256 With RSA Encryption

Not Valid Before: Feb 08 00:00:11 2018 GMT
Not Valid After: Aug 10 00:00:11 2018 GMT

Public Key Info:

Algorithm: RSA Encryption
Key Length: 2048 bits
Public Key: 00 C4 A3 E9 C5 4F F1 0A 6C 3F 6E 9F 62 59 32 A5 88 94 93 C3
FC 0B 98 9A 84 B1 EF BD 06 48 52 E6 27 93 FE 22 E8 ED 44 13
6F 2B 1C 86 C9 BA CF 9A B8 54 3E 89 74 2E 4F 64 7E 79 14 F0
9A 38 7C 83 FA 1E 52 22 E6 A3 08 44 03 5C 52 9F 1F 7B 13 62
E9 FF 9D 51 1A 2D B7 3E 74 B1 23 A7 99 98 D1 98 9B 0A A0 B8
16 CE 19 86 5E 0D 28 31 47 0A AD D4 6C FC 9F 57 BE FC 26 CE
73 9D DA 46 31 0C AE DD 45 FE 1C DC 8D 21 DB 98 38 34 79 F8
FB 7C 19 C4 C0 CE CF 60 02 C7 72 03 F5 DA 7F FF 01 3E 0A F1
BB CB D6 51 2C 31 4D FA 5C B7 17 B9 D8 ED 9D 32 78 CC 55 38
43 A4 EE 38 39 C5 06 01 E0 EF 6E 56 B7 4E EE 42 DB 3C 33 ED
10 6F 6F AC BC 48 AC 7C FD 76 27 57 6C 1F 8C 98 2F 92 C0 D0
52 87 B2 A6 62 E6 1B F3 6A C3 46 D4 98 F9 CD B7 0A 56 A2 8C
DD C5 6C CA C7 7D 18 33 39 4D 85 28 CA DD 35 6F 6B
Exponent: 01 00 01

Signature Length: 256 bytes / 2048 bits
Signature: 00 30 57 E5 7C 94 BC 8F BF 1A 3C 29 E8 AE 02 A3 A0 40 BA C8
C0 E4 20 35 CC A9 F9 8F A6 FF 99 4D 21 F6 2C 5F 61 7C D4 79
DC 13 BD 32 EE F2 FA 8A E2 E4 47 17 3C 72 24 58 7E 1F 6D 64
A4 FF 9A 0D F3 56 21 F5 9C FD 76 8E 88 F6 51 26 EB 43 41 59
BE F9 C7 CE 00 A2 F5 C0 00 32 7C 0B 80 91 E3 66 61 BE 79 07
A3 73 A0 18 E9 1A 83 17 D7 82 85 3A 70 5D 17 CF D0 60 0C 45
B8 B1 F7 9B E5 72 29 10 45 A4 B0 7A A9 FA 99 71 6E 43 D0 AE
0C 5F FC 21 17 76 EE E7 0A A0 AE E4 0D 07 7D DF BC 39 BA 99
90 24 A9 16 31 06 82 D3 88 E5 78 9F CB D2 73 80 D4 2D B0 CB
72 47 1E 2C 58 F5 2A 77 C5 D7 74 B0 F5 6F E0 F2 D8 E7 27 5F
82 0A F4 E6 99 60 76 1D 27 0C FB BA C3 58 44 34 3F 4A 0C 9A
A1 E7 94 8E 7C 25 40 B0 6C 75 39 CD 45 49 32 A7 73 A6 56 05
E1 3A 2F 60 E1 86 96 80 8B EC 7D 63 B3 47 40 BF FB

Extension: Extended Key Usage (2.5.29.37)
Critical: 0
Purpose#1: Web Server Authentication (1.3.6.1.5.5.7.3.1)


Extension: Key Usage (2.5.29.15)
Critical: 0
Key Usage: Key Encipherment, Data Encipherment

10.0.0.158 (tcp/3389)

Subject Name:

Common Name: NEW427581-SPWFE.demo.org

Issuer Name:

Common Name: NEW427581-SPWFE.demo.org

Serial Number: 5F 82 05 17 32 08 8F BC 42 E4 44 08 D0 12 DE 53

Version: 3

Signature Algorithm: SHA-1 With RSA Encryption

Not Valid Before: Mar 04 20:02:55 2018 GMT
Not Valid After: Sep 03 20:02:55 2018 GMT

Public Key Info:

Algorithm: RSA Encryption
Key Length: 2048 bits
Public Key: 00 A5 D3 D3 B0 B6 E7 35 D0 E3 05 E7 48 25 F5 32 3A F6 69 B6
25 2B E8 6C 4A FE 21 88 53 4C F1 0F DD 36 FB 37 80 EA 31 34
67 33 D3 D9 81 35 82 1B 1F 88 B1 A1 F8 FF 3D 85 A9 C4 2E 61
DB EF DD 0B 0F 66 56 7F 57 71 32 DA 45 20 52 51 EB 9F E7 FA
24 1A A7 78 7C 49 EF D3 39 97 2C 8F 79 22 B4 23 69 62 FE B3
56 92 D6 BA B5 F9 00 DD FD FB D5 85 6F 4B 12 1B A2 C3 C2 E9
A4 92 EF 95 8E 5D 1A 4B FD 7C 9E A1 C7 C3 22 73 56 16 70 D2
AF D1 6E 70 7C CE 3E 58 E2 4A 55 CD D0 9A 42 6B 1B 60 92 78
8E 6C EB 01 13 60 9F 9F 88 05 9D E6 85 9C 60 72 AC 6C BE A8
2A 2E F5 2E 08 35 08 F6 84 58 38 A0 A7 70 BA BE 23 32 68 25
98 8B 7B 21 E8 B6 CC 04 2D 74 FB A7 6A C7 10 81 46 BE 91 05
81 7A 85 50 D7 4C A7 58 32 45 80 83 99 EF 3F 70 AB 2B EF A9
FA 31 CF B0 D5 F6 9B 7B AC 54 81 A0 3A 1D 1C 18 F9
Exponent: 01 00 01

Signature Length: 256 bytes / 2048 bits
Signature: 00 05 4A 4A C8 5A EB 35 26 C8 15 34 7D 42 82 B9 52 F9 19 50
C1 5D 25 7A 8B E2 83 68 D0 6D D7 B0 BB 7E 99 74 D8 74 DC F8
42 E5 D4 0E 94 32 78 02 05 F6 09 AC A5 3F F5 2F 96 03 60 32
93 41 75 2E 2C 2E 10 1C EF BE 69 07 2F 95 02 1D 78 1D B5 74
9E 63 3F 1B D3 88 E5 FD BD 97 9C 97 21 CA 06 54 1F E3 92 24
1E 07 5B ED E2 DE DD ED 70 77 BA 8F 12 57 0A C6 F2 D5 56 48
9E 0F EF EE D0 FC C6 6D 11 04 8F A4 A8 1B 16 95 83 5A A6 D8
CA 13 9D 6E 3D 7F F5 09 38 06 17 DE 9A 74 05 36 9E 12 32 54
8B 00 47 6F 26 7B 35 58 51 B7 4E 6F F2 29 F5 3A 17 3C D2 C6
5D 0F 13 33 3B 68 D1 11 DB 4C 83 EF 13 FE FC 8F CE F9 63 E8
FD 08 56 26 FB 60 CB 43 F6 40 51 1D 75 54 73 12 87 6D 30 87
37 D4 1C 6C D8 79 01 8B 02 09 12 E1 52 52 6C A9 34 F3 4D 8F
4D 81 99 89 5E 0A 93 B5 55 04 9B F4 3B DF B9 35 B3

Extension: Extended Key Usage (2.5.29.37)
Critical: 0
Purpose#1: Web Server Authentication (1.3.6.1.5.5.7.3.1)


Extension: Key Usage (2.5.29.15)
Critical: 0
Key Usage: Key Encipherment, Data Encipherment

21745 (10) - Authentication Failure - Local Checks Not Run
Synopsis
The local security checks are disabled.
Description
Local security checks have been disabled for this host because either the credentials supplied in the scan policy did not allow Nessus to log into it or some other problem occurred.
Solution
Address the problem(s) so that local security checks are enabled.
Risk Factor
None
Plugin Information:
Published: 2006/06/23, Modified: 2017/11/29
Plugin Output

10.0.0.8 (tcp/0)

- It was not possible to log into the remote host via smb (protocol failed).

10.0.0.21 (tcp/0)

- It was not possible to log into the remote host via smb (protocol failed).

10.0.0.22 (tcp/0)

- It was not possible to log into the remote host via smb (protocol failed).

10.0.0.25 (tcp/0)

- It was not possible to log into the remote host via smb (protocol failed).

10.0.0.27 (tcp/0)

- It was not possible to log into the remote host via smb (protocol failed).

10.0.0.94 (tcp/0)

- It was not possible to log into the remote host via smb (protocol failed).

10.0.0.112 (tcp/0)

- It was not possible to log into the remote host via smb (protocol failed).

10.0.0.133 (tcp/0)

- It was not possible to log into the remote host via smb (invalid credentials).

10.0.0.148 (tcp/0)

- It was not possible to log into the remote host via smb (protocol failed).

10.0.0.158 (tcp/0)

- It was not possible to log into the remote host via smb (protocol failed).
43111 (10) - HTTP Methods Allowed (per directory)
Synopsis
This plugin determines which HTTP methods are allowed on various CGI directories.
Description
By calling the OPTIONS method, it is possible to determine which HTTP methods are allowed on each directory.

As this list may be incomplete, the plugin also tests - if 'Thorough tests' are enabled or 'Enable web applications tests' is set to 'yes'
in the scan policy - various known HTTP methods on each directory and considers them as unsupported if it receives a response code of 400, 403, 405, or 501.

Note that the plugin output is only informational and does not necessarily indicate the presence of any security vulnerabilities.
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2009/12/10, Modified: 2013/05/09
Plugin Output

10.0.0.1 (tcp/80)

Based on the response to an OPTIONS request :

- HTTP methods GET HEAD POST OPTIONS are allowed on :

/

10.0.0.1 (tcp/8090)

Based on the response to an OPTIONS request :

- HTTP methods GET HEAD POST OPTIONS are allowed on :

/

10.0.0.21 (tcp/443)

Based on the response to an OPTIONS request :

- HTTP methods GET HEAD POST TRACE OPTIONS are allowed on :

/

10.0.0.25 (tcp/443)

Based on the response to an OPTIONS request :

- HTTP methods GET HEAD POST TRACE OPTIONS are allowed on :

/

10.0.0.43 (tcp/80)

Based on the response to an OPTIONS request :

- HTTP methods HEAD POST TRACE GET are allowed on :

/

10.0.0.43 (tcp/443)

Based on the response to an OPTIONS request :

- HTTP methods HEAD POST TRACE GET are allowed on :

/

10.0.0.45 (tcp/80)

Based on the response to an OPTIONS request :

- HTTP methods HEAD POST TRACE GET are allowed on :

/

10.0.0.45 (tcp/443)

Based on the response to an OPTIONS request :

- HTTP methods HEAD POST TRACE GET are allowed on :

/

10.0.0.47 (tcp/8190)

Based on the response to an OPTIONS request :

- HTTP methods HEAD OPTIONS POST TRACE GET are allowed on :

/

10.0.0.47 (tcp/8191)

Based on the response to an OPTIONS request :

- HTTP methods HEAD OPTIONS POST TRACE GET are allowed on :

/
45410 (10) - SSL Certificate 'commonName' Mismatch
Synopsis
The 'commonName' (CN) attribute in the SSL certificate does not match the hostname.
Description
The service running on the remote host presents an SSL certificate for which the 'commonName' (CN) attribute does not match the hostname on which the service listens.
Solution
If the machine has several names, make sure that users connect to the service through the DNS hostname that matches the common name in the certificate.
Risk Factor
None
Plugin Information:
Published: 2010/04/03, Modified: 2017/06/05
Plugin Output

10.0.0.14 (tcp/3389)


The host names known by Nessus are :

queen
queen.demo

The Common Name in the certificate is :

queen.demo.org

10.0.0.64 (tcp/3389)


The host names known by Nessus are :

sf-gxk9js1
sf-gxk9js1.demo

The Common Name in the certificate is :

sf-gxk9js1.demo.org

10.0.0.64 (tcp/49570)


The host names known by Nessus are :

sf-gxk9js1
sf-gxk9js1.demo

The Common Name in the certificate is :

ssl_self_signed_fallback

10.0.0.112 (tcp/3389)


The host name known by Nessus is :

demoprint

The Common Name in the certificate is :

demoprint.demo.org

10.0.0.133 (tcp/443)


The host name known by Nessus is :

demosfreadynas01

The Common Name in the certificate is :

nas-e6-da-de.local

10.0.0.158 (tcp/25)


The host name known by Nessus is :

new427581-spwfe

The Common Name in the certificate is :

*.demo.org

The Subject Alternate Names in the certificate are :

*.demo.org
demo.org

10.0.0.158 (tcp/443)


The host name known by Nessus is :

new427581-spwfe

The Common Name in the certificate is :

*.demo.org

The Subject Alternate Names in the certificate are :

*.demo.org
demo.org

10.0.0.158 (tcp/3389)


The host name known by Nessus is :

new427581-spwfe

The Common Name in the certificate is :

new427581-spwfe.demo.org

10.0.0.158 (tcp/48000)


The host name known by Nessus is :

new427581-spwfe

The Common Name in the certificate is :

127.0.0.1

10.0.0.158 (tcp/48001)


The host name known by Nessus is :

new427581-spwfe

The Common Name in the certificate is :

127.0.0.1
19689 (9) - Embedded Web Server Detection
Synopsis
The remote web server is embedded.
Description
The remote web server cannot host user-supplied CGIs. CGI scanning will be disabled on this server.
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2005/09/14, Modified: 2018/02/21
Plugin Output

10.0.0.43 (tcp/80)

10.0.0.43 (tcp/443)

10.0.0.44 (tcp/443)

10.0.0.45 (tcp/80)

10.0.0.45 (tcp/443)

10.0.0.46 (tcp/443)

10.0.0.133 (tcp/8200)

10.0.0.248 (tcp/80)

10.0.0.249 (tcp/80)

35716 (9) - Ethernet Card Manufacturer Detection
Synopsis
The manufacturer can be identified from the Ethernet OUI.
Description
Each ethernet MAC address starts with a 24-bit Organizationally Unique Identifier (OUI). These OUIs are registered by IEEE.
See Also
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2009/02/19, Modified: 2017/11/17
Plugin Output

10.0.0.11 (tcp/0)


The following card manufacturers were identified :

00:00:00:00:2d:e9 : XEROX CORPORATION
00:21:b7:44:2d:e9 : Lexmark International Inc.

10.0.0.12 (tcp/0)


The following card manufacturers were identified :

00:00:00:00:06:d4 : XEROX CORPORATION
00:21:b7:54:06:d4 : Lexmark International Inc.

10.0.0.17 (tcp/0)


The following card manufacturers were identified :

00:00:00:00:e9:ae : XEROX CORPORATION
00:21:b7:c4:e9:ae : Lexmark International Inc.

10.0.0.19 (tcp/0)


The following card manufacturers were identified :

00:00:00:00:21:b9 : XEROX CORPORATION
00:21:b7:c4:21:b9 : Lexmark International Inc.

10.0.0.87 (tcp/0)


The following card manufacturers were identified :

98:f2:b3:58:a0:22 : Hewlett Packard Enterprise
98:f2:b3:58:a0:20 : Hewlett Packard Enterprise

10.0.0.112 (tcp/0)


The following card manufacturers were identified :

00:50:56:97:29:ae : VMware, Inc.

10.0.0.158 (tcp/0)


The following card manufacturers were identified :

00:50:56:97:5f:09 : VMware, Inc.

10.0.0.248 (tcp/0)


The following card manufacturers were identified :

00:21:f7:9d:d7:18 : HPN Supply Chain
00:21:f7:9d:d7:1b : HPN Supply Chain
00:21:f7:9d:d7:2a : HPN Supply Chain
00:21:f7:9d:d7:30 : HPN Supply Chain
00:21:f7:9d:d7:23 : HPN Supply Chain
00:21:f7:9d:d7:3a : HPN Supply Chain
00:21:f7:9d:d7:15 : HPN Supply Chain
00:21:f7:9d:d7:34 : HPN Supply Chain
00:21:f7:9d:d7:1a : HPN Supply Chain
00:21:f7:9d:d7:12 : HPN Supply Chain
00:21:f7:9d:d7:19 : HPN Supply Chain
00:21:f7:9d:d7:21 : HPN Supply Chain
00:21:f7:9d:d7:28 : HPN Supply Chain
00:21:f7:9d:d7:33 : HPN Supply Chain
00:21:f7:9d:d7:37 : HPN Supply Chain
00:21:f7:9d:d7:36 : HPN Supply Chain
00:21:f7:9d:d7:2e : HPN Supply Chain
00:21:f7:9d:d7:00 : HPN Supply Chain
00:21:f7:9d:d7:1c : HPN Supply Chain
00:21:f7:9d:d7:3f : HPN Supply Chain
00:21:f7:9d:d7:11 : HPN Supply Chain
00:21:f7:9d:d7:1d : HPN Supply Chain
00:21:f7:9d:d7:2d : HPN Supply Chain
00:21:f7:9d:d7:24 : HPN Supply Chain
00:21:f7:9d:d7:1e : HPN Supply Chain
00:21:f7:9d:d7:38 : HPN Supply Chain
00:21:f7:9d:d7:10 : HPN Supply Chain
00:21:f7:9d:d7:27 : HPN Supply Chain
00:21:f7:9d:d7:35 : HPN Supply Chain
00:21:f7:9d:d7:22 : HPN Supply Chain
00:21:f7:9d:d7:14 : HPN Supply Chain
00:21:f7:9d:d7:13 : HPN Supply Chain
00:21:f7:9d:d7:16 : HPN Supply Chain
00:21:f7:9d:d7:3e : HPN Supply Chain
00:21:f7:9d:d7:39 : HPN Supply Chain
00:21:f7:9d:d7:20 : HPN Supply Chain
00:21:f7:9d:d7:17 : HPN Supply Chain
00:21:f7:9d:d7:3c : HPN Supply Chain
00:21:f7:9d:d7:31 : HPN Supply Chain
00:21:f7:9d:d7:3b : HPN Supply Chain
00:21:f7:9d:d7:2f : HPN Supply Chain
00:21:f7:9d:d7:29 : HPN Supply Chain
00:21:f7:9d:d7:26 : HPN Supply Chain
00:21:f7:9d:d7:3d : HPN Supply Chain
00:21:f7:9d:d7:2b : HPN Supply Chain
00:21:f7:9d:d7:2c : HPN Supply Chain
00:21:f7:9d:d7:1f : HPN Supply Chain
00:21:f7:9d:d7:25 : HPN Supply Chain
00:21:f7:9d:d7:32 : HPN Supply Chain

10.0.0.249 (tcp/0)


The following card manufacturers were identified :

00:21:f7:48:94:5f : HPN Supply Chain
00:21:f7:48:94:63 : HPN Supply Chain
00:21:f7:48:94:8e : HPN Supply Chain
00:21:f7:48:94:9f : HPN Supply Chain
00:21:f7:48:94:ba : HPN Supply Chain
00:21:f7:48:94:80 : HPN Supply Chain
00:21:f7:48:94:e1 : HPN Supply Chain
00:21:f7:48:94:f7 : HPN Supply Chain
00:21:f7:48:94:d2 : HPN Supply Chain
00:21:f7:48:94:fd : HPN Supply Chain
00:21:f7:48:94:fe : HPN Supply Chain
00:21:f7:48:94:5e : HPN Supply Chain
00:21:f7:48:94:ed : HPN Supply Chain
00:21:f7:48:94:c4 : HPN Supply Chain
00:21:f7:48:94:94 : HPN Supply Chain
00:21:f7:48:94:a2 : HPN Supply Chain
00:21:f7:48:94:a8 : HPN Supply Chain
00:21:f7:48:94:c8 : HPN Supply Chain
00:21:f7:48:94:95 : HPN Supply Chain
00:21:f7:48:94:cf : HPN Supply Chain
00:21:f7:48:94:9a : HPN Supply Chain
00:21:f7:48:94:e2 : HPN Supply Chain
00:21:f7:48:94:5c : HPN Supply Chain
00:21:f7:48:94:ad : HPN Supply Chain
00:21:f7:48:94:a6 : HPN Supply Chain
00:21:f7:48:94:a5 : HPN Supply Chain
00:21:f7:48:94:81 : HPN Supply Chain
00:21:f7:48:94:d7 : HPN Supply Chain
00:21:f7:48:94:97 : HPN Supply Chain
00:21:f7:48:94:be : HPN Supply Chain
00:21:f7:48:94:e8 : HPN Supply Chain
00:21:f7:48:94:91 : HPN Supply Chain
00:21:f7:48:94:b5 : HPN Supply Chain
00:21:f7:48:94:d0 : HPN Supply Chain
00:21:f7:48:94:f5 : HPN Supply Chain
00:21:f7:48:94:ca : HPN Supply Chain
00:21:f7:48:94:83 : HPN Supply Chain
00:21:f7:48:94:f1 : HPN Supply Chain
00:21:f7:48:94:f3 : HPN Supply Chain
00:21:f7:48:94:54 : HPN Supply Chain
00:21:f7:48:94:c2 : HPN Supply Chain
00:21:f7:48:94:dc : HPN Supply Chain
00:21:f7:48:94:86 : HPN Supply Chain
00:21:f7:48:94:b9 : HPN Supply Chain
00:21:f7:48:94:c3 : HPN Supply Chain
00:21:f7:48:94:ff : HPN Supply Chain
00:21:f7:48:94:92 : HPN Supply Chain
00:21:f7:48:94:82 : HPN Supply Chain
00:21:f7:48:94:56 : HPN Supply Chain
00:21:f7:48:94:9b : HPN Supply Chain
00:21:f7:48:94:b6 : HPN Supply Chain
00:21:f7:48:94:59 : HPN Supply Chain
00:21:f7:48:94:55 : HPN Supply Chain
00:21:f7:48:94:61 : HPN Supply Chain
00:21:f7:48:94:8f : HPN Supply Chain
00:21:f7:48:94:d5 : HPN Supply Chain
00:21:f7:48:94:e0 : HPN Supply Chain
00:21:f7:48:94:fc : HPN Supply Chain
00:21:f7:48:94:a9 : HPN Supply Chain
00:21:f7:48:94:c7 : HPN Supply Chain
00:21:f7:48:94:bf : HPN Supply Chain
00:21:f7:48:94:62 : HPN Supply Chain
00:21:f7:48:94:bd : HPN Supply Chain
00:21:f7:48:94:c1 : HPN Supply Chain
00:21:f7:48:94:db : HPN Supply Chain
00:21:f7:48:94:89 : HPN Supply Chain
00:21:f7:48:94:4d : HPN Supply Chain
00:21:f7:48:94:b0 : HPN Supply Chain
00:21:f7:48:94:00 : HPN Supply Chain
00:21:f7:48:94:5b : HPN Supply Chain
00:21:f7:48:94:eb : HPN Supply Chain
00:21:f7:48:94:ea : HPN Supply Chain
00:21:f7:48:94:a3 : HPN Supply Chain
00:21:f7:48:94:4f : HPN Supply Chain
00:21:f7:48:94:8d : HPN Supply Chain
00:21:f7:48:94:8c : HPN Supply Chain
00:21:f7:48:94:8a : HPN Supply Chain
00:21:f7:48:94:53 : HPN Supply Chain
00:21:f7:48:94:af : HPN Supply Chain
00:21:f7:48:94:f4 : HPN Supply Chain
00:21:f7:48:94:bb : HPN Supply Chain
00:21:f7:48:94:b4 : HPN Supply Chain
00:21:f7:48:94:d1 : HPN Supply Chain
00:21:f7:48:94:b7 : HPN Supply Chain
00:21:f7:48:94:ec : HPN Supply Chain
00:21:f7:48:94:a1 : HPN Supply Chain
00:21:f7:48:94:8b : HPN Supply Chain
00:21:f7:48:94:d3 : HPN Supply Chain
00:21:f7:48:94:e4 : HPN Supply Chain
00:21:f7:48:94:f8 : HPN Supply Chain
00:21:f7:48:94:88 : HPN Supply Chain
00:21:f7:48:94:de : HPN Supply Chain
00:21:f7:48:94:df : HPN Supply Chain
00:21:f7:48:94:96 : HPN Supply Chain
00:21:f7:48:94:93 : HPN Supply Chain
00:21:f7:48:94:f0 : HPN Supply Chain
00:21:f7:48:94:bc : HPN Supply Chain
00:21:f7:48:94:ae : HPN Supply Chain
00:21:f7:48:94:d4 : HPN Supply Chain
00:21:f7:48:94:84 : HPN Supply Chain
00:21:f7:48:94:ef : HPN Supply Chain
00:21:f7:48:94:a0 : HPN Supply Chain
00:21:f7:48:94:87 : HPN Supply Chain
00:21:f7:48:94:fb : HPN Supply Chain
00:21:f7:48:94:cb : HPN Supply Chain
00:21:f7:48:94:aa : HPN Supply Chain
00:21:f7:48:94:58 : HPN Supply Chain
00:21:f7:48:94:5a : HPN Supply Chain
00:21:f7:48:94:85 : HPN Supply Chain
00:21:f7:48:94:c0 : HPN Supply Chain
00:21:f7:48:94:9e : HPN Supply Chain
00:21:f7:48:94:fa : HPN Supply Chain
00:21:f7:48:94:50 : HPN Supply Chain
00:21:f7:48:94:ac : HPN Supply Chain
00:21:f7:48:94:57 : HPN Supply Chain
00:21:f7:48:94:f6 : HPN Supply Chain
00:21:f7:48:94:b1 : HPN Supply Chain
00:21:f7:48:94:9c : HPN Supply Chain
00:21:f7:48:94:d8 : HPN Supply Chain
00:21:f7:48:94:e5 : HPN Supply Chain
00:21:f7:48:94:c5 : HPN Supply Chain
00:21:f7:48:94:a7 : HPN Supply Chain
00:21:f7:48:94:ce : HPN Supply Chain
00:21:f7:48:94:4c : HPN Supply Chain
00:21:f7:48:94:60 : HPN Supply Chain
00:21:f7:48:94:52 : HPN Supply Chain
00:21:f7:48:94:ab : HPN Supply Chain
00:21:f7:48:94:a4 : HPN Supply Chain
00:21:f7:48:94:e9 : HPN Supply Chain
00:21:f7:48:94:5d : HPN Supply Chain
00:21:f7:48:94:da : HPN Supply Chain
00:21:f7:48:94:d6 : HPN Supply Chain
00:21:f7:48:94:9d : HPN Supply Chain
00:21:f7:48:94:4e : HPN Supply Chain
00:21:f7:48:94:51 : HPN Supply Chain
00:21:f7:48:94:d9 : HPN Supply Chain
00:21:f7:48:94:b8 : HPN Supply Chain
00:21:f7:48:94:f9 : HPN Supply Chain
00:21:f7:48:94:90 : HPN Supply Chain
00:21:f7:48:94:dd : HPN Supply Chain
00:21:f7:48:94:ee : HPN Supply Chain
00:21:f7:48:94:c9 : HPN Supply Chain
00:21:f7:48:94:f2 : HPN Supply Chain
00:21:f7:48:94:e3 : HPN Supply Chain
00:21:f7:48:94:c6 : HPN Supply Chain
84502 (9) - HSTS Missing From HTTPS Server
Synopsis
The remote web server is not enforcing HSTS.
Description
The remote HTTPS server is not enforcing HTTP Strict Transport Security (HSTS). The lack of HSTS allows downgrade attacks, SSL-stripping man-in-the-middle attacks, and weakens cookie-hijacking protections.
See Also
Solution
Configure the remote web server to use HSTS.
Risk Factor
None
Plugin Information:
Published: 2015/07/02, Modified: 2015/07/02
Plugin Output

10.0.0.21 (tcp/443)


The remote HTTPS server does not send the HTTP
"Strict-Transport-Security" header.

10.0.0.25 (tcp/443)


The remote HTTPS server does not send the HTTP
"Strict-Transport-Security" header.

10.0.0.47 (tcp/443)


The remote HTTPS server does not send the HTTP
"Strict-Transport-Security" header.

10.0.0.47 (tcp/8191)


The remote HTTPS server does not send the HTTP
"Strict-Transport-Security" header.

10.0.0.47 (tcp/8443)


The remote HTTPS server does not send the HTTP
"Strict-Transport-Security" header.

10.0.0.47 (tcp/9443)


The remote HTTPS server does not send the HTTP
"Strict-Transport-Security" header.

10.0.0.94 (tcp/443)


The remote HTTPS server does not send the HTTP
"Strict-Transport-Security" header.

10.0.0.133 (tcp/443)


The remote HTTPS server does not send the HTTP
"Strict-Transport-Security" header.

10.0.0.158 (tcp/443)


The remote HTTPS server does not send the HTTP
"Strict-Transport-Security" header.
10150 (8) - Windows NetBIOS / SMB Remote Host Information Disclosure
Synopsis
It was possible to obtain the network name of the remote host.
Description
The remote host is listening on UDP port 137 or TCP port 445, and replies to NetBIOS nbtscan or SMB requests.

Note that this plugin gathers information to be used in other plugins, but does not itself generate a report.
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 1999/10/12, Modified: 2017/09/27
Plugin Output

10.0.0.14 (tcp/445)

The following 2 NetBIOS names have been gathered :

QUEEN = Computer name
demo = Workgroup / Domain name

10.0.0.26 (udp/137)

The following 3 NetBIOS names have been gathered :

KMBAEA30 = File Server Service
KMBAEA30 = Computer name
WORKGROUP = Unknown usage

The remote host has the following MAC address on its adapter :

00:20:6b:ba:ea:30

10.0.0.60 (udp/137)

The following 1 NetBIOS names have been gathered :

NY-PC04GKCW = Computer name

This SMB server seems to be a Samba server - its MAC address is NULL.

10.0.0.64 (tcp/445)

The following 2 NetBIOS names have been gathered :

SF-GXK9JS1 = Computer name
demo = Workgroup / Domain name

10.0.0.112 (udp/137)

The following 3 NetBIOS names have been gathered :

demoPRINT = Computer name
demo = Workgroup / Domain name
demoPRINT = File Server Service

The remote host has the following MAC address on its adapter :

00:50:56:97:29:ae

10.0.0.133 (udp/137)

The following 7 NetBIOS names have been gathered :

demoSFREADYNAS01 = Computer name
demoSFREADYNAS01 = Messenger Service
demoSFREADYNAS01 = File Server Service
__MSBROWSE__ = Master Browser
WORKGROUP = Workgroup / Domain name
WORKGROUP = Master Browser
WORKGROUP = Browser Service Elections

This SMB server seems to be a Samba server - its MAC address is NULL.

10.0.0.148 (tcp/445)

The following 2 NetBIOS names have been gathered :

demoSFVEEAM = Computer name
demoSFVEEAM = Workgroup / Domain name

10.0.0.158 (udp/137)

The following 3 NetBIOS names have been gathered :

NEW427581-SPWFE = Computer name
demo = Workgroup / Domain name
NEW427581-SPWFE = File Server Service

The remote host has the following MAC address on its adapter :

00:50:56:97:5f:09
11111 (8) - RPC Services Enumeration
Synopsis
An ONC RPC service is running on the remote host.
Description
By sending a DUMP request to the portmapper, it was possible to enumerate the ONC RPC services running on the remote port. Using this information, it is possible to connect and bind to each service by sending an RPC request to the remote port.
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2002/08/24, Modified: 2011/05/24
Plugin Output

10.0.0.64 (tcp/111)


The following RPC services are available on TCP port 111 :

- program: 100000 (portmapper), version: 2

10.0.0.64 (udp/111)


The following RPC services are available on UDP port 111 :

- program: 100000 (portmapper), version: 2

10.0.0.64 (tcp/1063)


The following RPC services are available on TCP port 1063 :

- program: 100005 (mountd), version: 3

10.0.0.64 (tcp/2049)


The following RPC services are available on TCP port 2049 :

- program: 100003 (nfs), version: 3

10.0.0.148 (tcp/111)


The following RPC services are available on TCP port 111 :

- program: 100000 (portmapper), version: 2

10.0.0.148 (udp/111)


The following RPC services are available on UDP port 111 :

- program: 100000 (portmapper), version: 2

10.0.0.148 (tcp/1063)


The following RPC services are available on TCP port 1063 :

- program: 100005 (mountd), version: 3

10.0.0.148 (tcp/2049)


The following RPC services are available on TCP port 2049 :

- program: 100003 (nfs), version: 3
20870 (8) - LDAP Server Detection
Synopsis
An LDAP server was detected on the remote host.
Description
The remote host is running a Lightweight Directory Access Protocol (LDAP) server. LDAP is a protocol for providing access to directory services over TCP/IP.
See Also
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2006/02/10, Modified: 2018/04/26
Plugin Output

10.0.0.25 (tcp/389)

10.0.0.25 (tcp/636)

10.0.0.25 (tcp/3268)

10.0.0.25 (tcp/3269)

10.0.0.27 (tcp/389)

10.0.0.27 (tcp/636)

10.0.0.27 (tcp/3268)

10.0.0.27 (tcp/3269)

25701 (8) - LDAP Crafted Search Request Server Information Disclosure
Synopsis
It is possible to discover information about the remote LDAP server.
Description
By sending a search request with a filter set to 'objectClass=*', it is possible to extract information about the remote LDAP server.
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2007/07/12, Modified: 2012/02/20
Plugin Output

10.0.0.25 (tcp/389)

[+]-namingContexts:
| DC=demo,DC=org
| CN=Configuration,DC=demo,DC=org
| CN=Schema,CN=Configuration,DC=demo,DC=org
| DC=DomainDnsZones,DC=demo,DC=org
| DC=ForestDnsZones,DC=demo,DC=org
[+]-currentTime:
| 20180427182644.0Z
[+]-subschemaSubentry:
| CN=Aggregate,CN=Schema,CN=Configuration,DC=demo,DC=org
[+]-dsServiceName:
| CN=NTDS Settings,CN=demoSFDC01,CN=Servers,CN=SanFrancisco,CN=Sites,CN=Configuration,DC=demo,DC=org
[+]-namingContexts:
| DC=demo,DC=org
| CN=Configuration,DC=demo,DC=org
| CN=Schema,CN=Configuration,DC=demo,DC=org
| DC=DomainDnsZones,DC=demo,DC=org
| DC=ForestDnsZones,DC=demo,DC=org
[+]-defaultNamingContext:
| DC=demo,DC=org
[+]-schemaNamingContext:
| CN=Schema,CN=Configuration,DC=demo,DC=org
[+]-configurationNamingContext:
| CN=Configuration,DC=demo,DC=org
[+]-rootDomainNamingContext:
| DC=demo,DC=org
[+]-supportedControl:
| 1.2.840.113556.1.4.319
| 1.2.840.113556.1.4.801
| 1.2.840.113556.1.4.473
| 1.2.840.113556.1.4.528
| 1.2.840.113556.1.4.417
| 1.2.840.113556.1.4.619
| 1.2.840.113556.1.4.841
| 1.2.840.113556.1.4.529
| 1.2.840.113556.1.4.805
| 1.2.840.113556.1.4.521
| 1.2.840.113556.1.4.970
| 1.2.840.113556.1.4.1338
| 1.2.840.113556.1.4.474
| 1.2.840.113556.1.4.1339
| 1.2.840.113556.1.4.1340
| 1.2.840.113556.1.4.1413
| 2.16.840.1.113730.3.4.9
| 2.16.840.1.113730.3.4.10
| 1.2.840.113556.1.4.1504
| 1.2.840.113556.1.4.1852
| 1.2.840.113556.1.4.802
| 1.2.840.113556.1.4.1907
| 1.2.840.113556.1.4.1948
| 1.2.840.113556.1.4.1974
| 1.2.840.113556.1.4.1341
| 1.2.840.113556.1.4.2026
| 1.2.840.113556.1.4.2064
| 1.2.840.113556.1.4.2065
| 1.2.840.113556.1.4.2066
[+]-supportedLDAPVersion:
| 3
| 2
[+]-supportedLDAPPolicies:
| MaxPoolThreads
| MaxDatagramRecv
| MaxReceiveBuffer
| InitRecvTimeout
| MaxConnections
| MaxConnIdleTime
| MaxPageSize
| MaxQueryDuration
| MaxTempTableSize
| MaxResultSetSize
| MinResultSets
| MaxResultSetsPerConn
| MaxNotificationPerConn
| MaxValRange
| ThreadMemoryLimit
| SystemMemoryLimitPercent
[+]-highestCommittedUSN:
| 29462253
[+]-supportedSASLMechanisms:
| GSSAPI
| GSS-SPNEGO
| EXTERNAL
| DIGEST-MD5
[+]-dnsHostName:
| demoSFDC01.demo.org
[+]-ldapServiceName:
| demo.org:demosfdc01$@demo.ORG
[+]-serverName:
| CN=demoSFDC01,CN=Servers,CN=SanFrancisco,CN=Sites,CN=Configuration,DC=demo,DC=org
[+]-supportedCapabilities:
| 1.2.840.113556.1.4.800
| 1.2.840.113556.1.4.1670
| 1.2.840.113556.1.4.1791
| 1.2.840.113556.1.4.1935
| 1.2.840.113556.1.4.2080
[+]-isSynchronized:
| TRUE
[+]-isGlobalCatalogReady:
| TRUE
[+]-domainFunctionality:
| 2
[+]-forestFunctionality:
| 2
[+]-domainControllerFunctionality:
| 4

10.0.0.25 (tcp/636)

[+]-namingContexts:
| DC=demo,DC=org
| CN=Configuration,DC=demo,DC=org
| CN=Schema,CN=Configuration,DC=demo,DC=org
| DC=DomainDnsZones,DC=demo,DC=org
| DC=ForestDnsZones,DC=demo,DC=org
[+]-currentTime:
| 20180427182644.0Z
[+]-subschemaSubentry:
| CN=Aggregate,CN=Schema,CN=Configuration,DC=demo,DC=org
[+]-dsServiceName:
| CN=NTDS Settings,CN=demoSFDC01,CN=Servers,CN=SanFrancisco,CN=Sites,CN=Configuration,DC=demo,DC=org
[+]-namingContexts:
| DC=demo,DC=org
| CN=Configuration,DC=demo,DC=org
| CN=Schema,CN=Configuration,DC=demo,DC=org
| DC=DomainDnsZones,DC=demo,DC=org
| DC=ForestDnsZones,DC=demo,DC=org
[+]-defaultNamingContext:
| DC=demo,DC=org
[+]-schemaNamingContext:
| CN=Schema,CN=Configuration,DC=demo,DC=org
[+]-configurationNamingContext:
| CN=Configuration,DC=demo,DC=org
[+]-rootDomainNamingContext:
| DC=demo,DC=org
[+]-supportedControl:
| 1.2.840.113556.1.4.319
| 1.2.840.113556.1.4.801
| 1.2.840.113556.1.4.473
| 1.2.840.113556.1.4.528
| 1.2.840.113556.1.4.417
| 1.2.840.113556.1.4.619
| 1.2.840.113556.1.4.841
| 1.2.840.113556.1.4.529
| 1.2.840.113556.1.4.805
| 1.2.840.113556.1.4.521
| 1.2.840.113556.1.4.970
| 1.2.840.113556.1.4.1338
| 1.2.840.113556.1.4.474
| 1.2.840.113556.1.4.1339
| 1.2.840.113556.1.4.1340
| 1.2.840.113556.1.4.1413
| 2.16.840.1.113730.3.4.9
| 2.16.840.1.113730.3.4.10
| 1.2.840.113556.1.4.1504
| 1.2.840.113556.1.4.1852
| 1.2.840.113556.1.4.802
| 1.2.840.113556.1.4.1907
| 1.2.840.113556.1.4.1948
| 1.2.840.113556.1.4.1974
| 1.2.840.113556.1.4.1341
| 1.2.840.113556.1.4.2026
| 1.2.840.113556.1.4.2064
| 1.2.840.113556.1.4.2065
| 1.2.840.113556.1.4.2066
[+]-supportedLDAPVersion:
| 3
| 2
[+]-supportedLDAPPolicies:
| MaxPoolThreads
| MaxDatagramRecv
| MaxReceiveBuffer
| InitRecvTimeout
| MaxConnections
| MaxConnIdleTime
| MaxPageSize
| MaxQueryDuration
| MaxTempTableSize
| MaxResultSetSize
| MinResultSets
| MaxResultSetsPerConn
| MaxNotificationPerConn
| MaxValRange
| ThreadMemoryLimit
| SystemMemoryLimitPercent
[+]-highestCommittedUSN:
| 29462253
[+]-supportedSASLMechanisms:
| GSSAPI
| GSS-SPNEGO
| EXTERNAL
| DIGEST-MD5
[+]-dnsHostName:
| demoSFDC01.demo.org
[+]-ldapServiceName:
| demo.org:demosfdc01$@demo.ORG
[+]-serverName:
| CN=demoSFDC01,CN=Servers,CN=SanFrancisco,CN=Sites,CN=Configuration,DC=demo,DC=org
[+]-supportedCapabilities:
| 1.2.840.113556.1.4.800
| 1.2.840.113556.1.4.1670
| 1.2.840.113556.1.4.1791
| 1.2.840.113556.1.4.1935
| 1.2.840.113556.1.4.2080
[+]-isSynchronized:
| TRUE
[+]-isGlobalCatalogReady:
| TRUE
[+]-domainFunctionality:
| 2
[+]-forestFunctionality:
| 2
[+]-domainControllerFunctionality:
| 4

10.0.0.25 (tcp/3268)

[+]-namingContexts:
| DC=demo,DC=org
| CN=Configuration,DC=demo,DC=org
| CN=Schema,CN=Configuration,DC=demo,DC=org
| DC=DomainDnsZones,DC=demo,DC=org
| DC=ForestDnsZones,DC=demo,DC=org
[+]-currentTime:
| 20180427182644.0Z
[+]-subschemaSubentry:
| CN=Aggregate,CN=Schema,CN=Configuration,DC=demo,DC=org
[+]-dsServiceName:
| CN=NTDS Settings,CN=demoSFDC01,CN=Servers,CN=SanFrancisco,CN=Sites,CN=Configuration,DC=demo,DC=org
[+]-namingContexts:
| DC=demo,DC=org
| CN=Configuration,DC=demo,DC=org
| CN=Schema,CN=Configuration,DC=demo,DC=org
| DC=DomainDnsZones,DC=demo,DC=org
| DC=ForestDnsZones,DC=demo,DC=org
[+]-defaultNamingContext:
| DC=demo,DC=org
[+]-schemaNamingContext:
| CN=Schema,CN=Configuration,DC=demo,DC=org
[+]-configurationNamingContext:
| CN=Configuration,DC=demo,DC=org
[+]-rootDomainNamingContext:
| DC=demo,DC=org
[+]-supportedControl:
| 1.2.840.113556.1.4.319
| 1.2.840.113556.1.4.801
| 1.2.840.113556.1.4.473
| 1.2.840.113556.1.4.528
| 1.2.840.113556.1.4.417
| 1.2.840.113556.1.4.619
| 1.2.840.113556.1.4.841
| 1.2.840.113556.1.4.529
| 1.2.840.113556.1.4.805
| 1.2.840.113556.1.4.521
| 1.2.840.113556.1.4.970
| 1.2.840.113556.1.4.1338
| 1.2.840.113556.1.4.474
| 1.2.840.113556.1.4.1339
| 1.2.840.113556.1.4.1340
| 1.2.840.113556.1.4.1413
| 2.16.840.1.113730.3.4.9
| 2.16.840.1.113730.3.4.10
| 1.2.840.113556.1.4.1504
| 1.2.840.113556.1.4.1852
| 1.2.840.113556.1.4.802
| 1.2.840.113556.1.4.1907
| 1.2.840.113556.1.4.1948
| 1.2.840.113556.1.4.1974
| 1.2.840.113556.1.4.1341
| 1.2.840.113556.1.4.2026
| 1.2.840.113556.1.4.2064
| 1.2.840.113556.1.4.2065
| 1.2.840.113556.1.4.2066
[+]-supportedLDAPVersion:
| 3
| 2
[+]-supportedLDAPPolicies:
| MaxPoolThreads
| MaxDatagramRecv
| MaxReceiveBuffer
| InitRecvTimeout
| MaxConnections
| MaxConnIdleTime
| MaxPageSize
| MaxQueryDuration
| MaxTempTableSize
| MaxResultSetSize
| MinResultSets
| MaxResultSetsPerConn
| MaxNotificationPerConn
| MaxValRange
| ThreadMemoryLimit
| SystemMemoryLimitPercent
[+]-highestCommittedUSN:
| 29462253
[+]-supportedSASLMechanisms:
| GSSAPI
| GSS-SPNEGO
| EXTERNAL
| DIGEST-MD5
[+]-dnsHostName:
| demoSFDC01.demo.org
[+]-ldapServiceName:
| demo.org:demosfdc01$@demo.ORG
[+]-serverName:
| CN=demoSFDC01,CN=Servers,CN=SanFrancisco,CN=Sites,CN=Configuration,DC=demo,DC=org
[+]-supportedCapabilities:
| 1.2.840.113556.1.4.800
| 1.2.840.113556.1.4.1670
| 1.2.840.113556.1.4.1791
| 1.2.840.113556.1.4.1935
| 1.2.840.113556.1.4.2080
[+]-isSynchronized:
| TRUE
[+]-isGlobalCatalogReady:
| TRUE
[+]-domainFunctionality:
| 2
[+]-forestFunctionality:
| 2
[+]-domainControllerFunctionality:
| 4

10.0.0.25 (tcp/3269)

[+]-namingContexts:
| DC=demo,DC=org
| CN=Configuration,DC=demo,DC=org
| CN=Schema,CN=Configuration,DC=demo,DC=org
| DC=DomainDnsZones,DC=demo,DC=org
| DC=ForestDnsZones,DC=demo,DC=org
[+]-currentTime:
| 20180427182645.0Z
[+]-subschemaSubentry:
| CN=Aggregate,CN=Schema,CN=Configuration,DC=demo,DC=org
[+]-dsServiceName:
| CN=NTDS Settings,CN=demoSFDC01,CN=Servers,CN=SanFrancisco,CN=Sites,CN=Configuration,DC=demo,DC=org
[+]-namingContexts:
| DC=demo,DC=org
| CN=Configuration,DC=demo,DC=org
| CN=Schema,CN=Configuration,DC=demo,DC=org
| DC=DomainDnsZones,DC=demo,DC=org
| DC=ForestDnsZones,DC=demo,DC=org
[+]-defaultNamingContext:
| DC=demo,DC=org
[+]-schemaNamingContext:
| CN=Schema,CN=Configuration,DC=demo,DC=org
[+]-configurationNamingContext:
| CN=Configuration,DC=demo,DC=org
[+]-rootDomainNamingContext:
| DC=demo,DC=org
[+]-supportedControl:
| 1.2.840.113556.1.4.319
| 1.2.840.113556.1.4.801
| 1.2.840.113556.1.4.473
| 1.2.840.113556.1.4.528
| 1.2.840.113556.1.4.417
| 1.2.840.113556.1.4.619
| 1.2.840.113556.1.4.841
| 1.2.840.113556.1.4.529
| 1.2.840.113556.1.4.805
| 1.2.840.113556.1.4.521
| 1.2.840.113556.1.4.970
| 1.2.840.113556.1.4.1338
| 1.2.840.113556.1.4.474
| 1.2.840.113556.1.4.1339
| 1.2.840.113556.1.4.1340
| 1.2.840.113556.1.4.1413
| 2.16.840.1.113730.3.4.9
| 2.16.840.1.113730.3.4.10
| 1.2.840.113556.1.4.1504
| 1.2.840.113556.1.4.1852
| 1.2.840.113556.1.4.802
| 1.2.840.113556.1.4.1907
| 1.2.840.113556.1.4.1948
| 1.2.840.113556.1.4.1974
| 1.2.840.113556.1.4.1341
| 1.2.840.113556.1.4.2026
| 1.2.840.113556.1.4.2064
| 1.2.840.113556.1.4.2065
| 1.2.840.113556.1.4.2066
[+]-supportedLDAPVersion:
| 3
| 2
[+]-supportedLDAPPolicies:
| MaxPoolThreads
| MaxDatagramRecv
| MaxReceiveBuffer
| InitRecvTimeout
| MaxConnections
| MaxConnIdleTime
| MaxPageSize
| MaxQueryDuration
| MaxTempTableSize
| MaxResultSetSize
| MinResultSets
| MaxResultSetsPerConn
| MaxNotificationPerConn
| MaxValRange
| ThreadMemoryLimit
| SystemMemoryLimitPercent
[+]-highestCommittedUSN:
| 29462253
[+]-supportedSASLMechanisms:
| GSSAPI
| GSS-SPNEGO
| EXTERNAL
| DIGEST-MD5
[+]-dnsHostName:
| demoSFDC01.demo.org
[+]-ldapServiceName:
| demo.org:demosfdc01$@demo.ORG
[+]-serverName:
| CN=demoSFDC01,CN=Servers,CN=SanFrancisco,CN=Sites,CN=Configuration,DC=demo,DC=org
[+]-supportedCapabilities:
| 1.2.840.113556.1.4.800
| 1.2.840.113556.1.4.1670
| 1.2.840.113556.1.4.1791
| 1.2.840.113556.1.4.1935
| 1.2.840.113556.1.4.2080
[+]-isSynchronized:
| TRUE
[+]-isGlobalCatalogReady:
| TRUE
[+]-domainFunctionality:
| 2
[+]-forestFunctionality:
| 2
[+]-domainControllerFunctionality:
| 4

10.0.0.27 (tcp/389)

[+]-namingContexts:
| DC=demo,DC=org
| CN=Configuration,DC=demo,DC=org
| CN=Schema,CN=Configuration,DC=demo,DC=org
| DC=DomainDnsZones,DC=demo,DC=org
| DC=ForestDnsZones,DC=demo,DC=org
[+]-currentTime:
| 20180427182811.0Z
[+]-subschemaSubentry:
| CN=Aggregate,CN=Schema,CN=Configuration,DC=demo,DC=org
[+]-dsServiceName:
| CN=NTDS Settings,CN=demoSFDC02,CN=Servers,CN=SanFrancisco,CN=Sites,CN=Configuration,DC=demo,DC=org
[+]-namingContexts:
| DC=demo,DC=org
| CN=Configuration,DC=demo,DC=org
| CN=Schema,CN=Configuration,DC=demo,DC=org
| DC=DomainDnsZones,DC=demo,DC=org
| DC=ForestDnsZones,DC=demo,DC=org
[+]-defaultNamingContext:
| DC=demo,DC=org
[+]-schemaNamingContext:
| CN=Schema,CN=Configuration,DC=demo,DC=org
[+]-configurationNamingContext:
| CN=Configuration,DC=demo,DC=org
[+]-rootDomainNamingContext:
| DC=demo,DC=org
[+]-supportedControl:
| 1.2.840.113556.1.4.319
| 1.2.840.113556.1.4.801
| 1.2.840.113556.1.4.473
| 1.2.840.113556.1.4.528
| 1.2.840.113556.1.4.417
| 1.2.840.113556.1.4.619
| 1.2.840.113556.1.4.841
| 1.2.840.113556.1.4.529
| 1.2.840.113556.1.4.805
| 1.2.840.113556.1.4.521
| 1.2.840.113556.1.4.970
| 1.2.840.113556.1.4.1338
| 1.2.840.113556.1.4.474
| 1.2.840.113556.1.4.1339
| 1.2.840.113556.1.4.1340
| 1.2.840.113556.1.4.1413
| 2.16.840.1.113730.3.4.9
| 2.16.840.1.113730.3.4.10
| 1.2.840.113556.1.4.1504
| 1.2.840.113556.1.4.1852
| 1.2.840.113556.1.4.802
| 1.2.840.113556.1.4.1907
| 1.2.840.113556.1.4.1948
| 1.2.840.113556.1.4.1974
| 1.2.840.113556.1.4.1341
| 1.2.840.113556.1.4.2026
| 1.2.840.113556.1.4.2064
| 1.2.840.113556.1.4.2065
| 1.2.840.113556.1.4.2066
[+]-supportedLDAPVersion:
| 3
| 2
[+]-supportedLDAPPolicies:
| MaxPoolThreads
| MaxDatagramRecv
| MaxReceiveBuffer
| InitRecvTimeout
| MaxConnections
| MaxConnIdleTime
| MaxPageSize
| MaxQueryDuration
| MaxTempTableSize
| MaxResultSetSize
| MinResultSets
| MaxResultSetsPerConn
| MaxNotificationPerConn
| MaxValRange
| ThreadMemoryLimit
| SystemMemoryLimitPercent
[+]-highestCommittedUSN:
| 24448617
[+]-supportedSASLMechanisms:
| GSSAPI
| GSS-SPNEGO
| EXTERNAL
| DIGEST-MD5
[+]-dnsHostName:
| demosfdc02.demo.org
[+]-ldapServiceName:
| demo.org:demosfdc02$@demo.ORG
[+]-serverName:
| CN=demoSFDC02,CN=Servers,CN=SanFrancisco,CN=Sites,CN=Configuration,DC=demo,DC=org
[+]-supportedCapabilities:
| 1.2.840.113556.1.4.800
| 1.2.840.113556.1.4.1670
| 1.2.840.113556.1.4.1791
| 1.2.840.113556.1.4.1935
| 1.2.840.113556.1.4.2080
[+]-isSynchronized:
| TRUE
[+]-isGlobalCatalogReady:
| TRUE
[+]-domainFunctionality:
| 2
[+]-forestFunctionality:
| 2
[+]-domainControllerFunctionality:
| 4

10.0.0.27 (tcp/636)

[+]-namingContexts:
| DC=demo,DC=org
| CN=Configuration,DC=demo,DC=org
| CN=Schema,CN=Configuration,DC=demo,DC=org
| DC=DomainDnsZones,DC=demo,DC=org
| DC=ForestDnsZones,DC=demo,DC=org
[+]-currentTime:
| 20180427182812.0Z
[+]-subschemaSubentry:
| CN=Aggregate,CN=Schema,CN=Configuration,DC=demo,DC=org
[+]-dsServiceName:
| CN=NTDS Settings,CN=demoSFDC02,CN=Servers,CN=SanFrancisco,CN=Sites,CN=Configuration,DC=demo,DC=org
[+]-namingContexts:
| DC=demo,DC=org
| CN=Configuration,DC=demo,DC=org
| CN=Schema,CN=Configuration,DC=demo,DC=org
| DC=DomainDnsZones,DC=demo,DC=org
| DC=ForestDnsZones,DC=demo,DC=org
[+]-defaultNamingContext:
| DC=demo,DC=org
[+]-schemaNamingContext:
| CN=Schema,CN=Configuration,DC=demo,DC=org
[+]-configurationNamingContext:
| CN=Configuration,DC=demo,DC=org
[+]-rootDomainNamingContext:
| DC=demo,DC=org
[+]-supportedControl:
| 1.2.840.113556.1.4.319
| 1.2.840.113556.1.4.801
| 1.2.840.113556.1.4.473
| 1.2.840.113556.1.4.528
| 1.2.840.113556.1.4.417
| 1.2.840.113556.1.4.619
| 1.2.840.113556.1.4.841
| 1.2.840.113556.1.4.529
| 1.2.840.113556.1.4.805
| 1.2.840.113556.1.4.521
| 1.2.840.113556.1.4.970
| 1.2.840.113556.1.4.1338
| 1.2.840.113556.1.4.474
| 1.2.840.113556.1.4.1339
| 1.2.840.113556.1.4.1340
| 1.2.840.113556.1.4.1413
| 2.16.840.1.113730.3.4.9
| 2.16.840.1.113730.3.4.10
| 1.2.840.113556.1.4.1504
| 1.2.840.113556.1.4.1852
| 1.2.840.113556.1.4.802
| 1.2.840.113556.1.4.1907
| 1.2.840.113556.1.4.1948
| 1.2.840.113556.1.4.1974
| 1.2.840.113556.1.4.1341
| 1.2.840.113556.1.4.2026
| 1.2.840.113556.1.4.2064
| 1.2.840.113556.1.4.2065
| 1.2.840.113556.1.4.2066
[+]-supportedLDAPVersion:
| 3
| 2
[+]-supportedLDAPPolicies:
| MaxPoolThreads
| MaxDatagramRecv
| MaxReceiveBuffer
| InitRecvTimeout
| MaxConnections
| MaxConnIdleTime
| MaxPageSize
| MaxQueryDuration
| MaxTempTableSize
| MaxResultSetSize
| MinResultSets
| MaxResultSetsPerConn
| MaxNotificationPerConn
| MaxValRange
| ThreadMemoryLimit
| SystemMemoryLimitPercent
[+]-highestCommittedUSN:
| 24448617
[+]-supportedSASLMechanisms:
| GSSAPI
| GSS-SPNEGO
| EXTERNAL
| DIGEST-MD5
[+]-dnsHostName:
| demosfdc02.demo.org
[+]-ldapServiceName:
| demo.org:demosfdc02$@demo.ORG
[+]-serverName:
| CN=demoSFDC02,CN=Servers,CN=SanFrancisco,CN=Sites,CN=Configuration,DC=demo,DC=org
[+]-supportedCapabilities:
| 1.2.840.113556.1.4.800
| 1.2.840.113556.1.4.1670
| 1.2.840.113556.1.4.1791
| 1.2.840.113556.1.4.1935
| 1.2.840.113556.1.4.2080
[+]-isSynchronized:
| TRUE
[+]-isGlobalCatalogReady:
| TRUE
[+]-domainFunctionality:
| 2
[+]-forestFunctionality:
| 2
[+]-domainControllerFunctionality:
| 4

10.0.0.27 (tcp/3268)

[+]-namingContexts:
| DC=demo,DC=org
| CN=Configuration,DC=demo,DC=org
| CN=Schema,CN=Configuration,DC=demo,DC=org
| DC=DomainDnsZones,DC=demo,DC=org
| DC=ForestDnsZones,DC=demo,DC=org
[+]-currentTime:
| 20180427182812.0Z
[+]-subschemaSubentry:
| CN=Aggregate,CN=Schema,CN=Configuration,DC=demo,DC=org
[+]-dsServiceName:
| CN=NTDS Settings,CN=demoSFDC02,CN=Servers,CN=SanFrancisco,CN=Sites,CN=Configuration,DC=demo,DC=org
[+]-namingContexts:
| DC=demo,DC=org
| CN=Configuration,DC=demo,DC=org
| CN=Schema,CN=Configuration,DC=demo,DC=org
| DC=DomainDnsZones,DC=demo,DC=org
| DC=ForestDnsZones,DC=demo,DC=org
[+]-defaultNamingContext:
| DC=demo,DC=org
[+]-schemaNamingContext:
| CN=Schema,CN=Configuration,DC=demo,DC=org
[+]-configurationNamingContext:
| CN=Configuration,DC=demo,DC=org
[+]-rootDomainNamingContext:
| DC=demo,DC=org
[+]-supportedControl:
| 1.2.840.113556.1.4.319
| 1.2.840.113556.1.4.801
| 1.2.840.113556.1.4.473
| 1.2.840.113556.1.4.528
| 1.2.840.113556.1.4.417
| 1.2.840.113556.1.4.619
| 1.2.840.113556.1.4.841
| 1.2.840.113556.1.4.529
| 1.2.840.113556.1.4.805
| 1.2.840.113556.1.4.521
| 1.2.840.113556.1.4.970
| 1.2.840.113556.1.4.1338
| 1.2.840.113556.1.4.474
| 1.2.840.113556.1.4.1339
| 1.2.840.113556.1.4.1340
| 1.2.840.113556.1.4.1413
| 2.16.840.1.113730.3.4.9
| 2.16.840.1.113730.3.4.10
| 1.2.840.113556.1.4.1504
| 1.2.840.113556.1.4.1852
| 1.2.840.113556.1.4.802
| 1.2.840.113556.1.4.1907
| 1.2.840.113556.1.4.1948
| 1.2.840.113556.1.4.1974
| 1.2.840.113556.1.4.1341
| 1.2.840.113556.1.4.2026
| 1.2.840.113556.1.4.2064
| 1.2.840.113556.1.4.2065
| 1.2.840.113556.1.4.2066
[+]-supportedLDAPVersion:
| 3
| 2
[+]-supportedLDAPPolicies:
| MaxPoolThreads
| MaxDatagramRecv
| MaxReceiveBuffer
| InitRecvTimeout
| MaxConnections
| MaxConnIdleTime
| MaxPageSize
| MaxQueryDuration
| MaxTempTableSize
| MaxResultSetSize
| MinResultSets
| MaxResultSetsPerConn
| MaxNotificationPerConn
| MaxValRange
| ThreadMemoryLimit
| SystemMemoryLimitPercent
[+]-highestCommittedUSN:
| 24448617
[+]-supportedSASLMechanisms:
| GSSAPI
| GSS-SPNEGO
| EXTERNAL
| DIGEST-MD5
[+]-dnsHostName:
| demosfdc02.demo.org
[+]-ldapServiceName:
| demo.org:demosfdc02$@demo.ORG
[+]-serverName:
| CN=demoSFDC02,CN=Servers,CN=SanFrancisco,CN=Sites,CN=Configuration,DC=demo,DC=org
[+]-supportedCapabilities:
| 1.2.840.113556.1.4.800
| 1.2.840.113556.1.4.1670
| 1.2.840.113556.1.4.1791
| 1.2.840.113556.1.4.1935
| 1.2.840.113556.1.4.2080
[+]-isSynchronized:
| TRUE
[+]-isGlobalCatalogReady:
| TRUE
[+]-domainFunctionality:
| 2
[+]-forestFunctionality:
| 2
[+]-domainControllerFunctionality:
| 4

10.0.0.27 (tcp/3269)

[+]-namingContexts:
| DC=demo,DC=org
| CN=Configuration,DC=demo,DC=org
| CN=Schema,CN=Configuration,DC=demo,DC=org
| DC=DomainDnsZones,DC=demo,DC=org
| DC=ForestDnsZones,DC=demo,DC=org
[+]-currentTime:
| 20180427182812.0Z
[+]-subschemaSubentry:
| CN=Aggregate,CN=Schema,CN=Configuration,DC=demo,DC=org
[+]-dsServiceName:
| CN=NTDS Settings,CN=demoSFDC02,CN=Servers,CN=SanFrancisco,CN=Sites,CN=Configuration,DC=demo,DC=org
[+]-namingContexts:
| DC=demo,DC=org
| CN=Configuration,DC=demo,DC=org
| CN=Schema,CN=Configuration,DC=demo,DC=org
| DC=DomainDnsZones,DC=demo,DC=org
| DC=ForestDnsZones,DC=demo,DC=org
[+]-defaultNamingContext:
| DC=demo,DC=org
[+]-schemaNamingContext:
| CN=Schema,CN=Configuration,DC=demo,DC=org
[+]-configurationNamingContext:
| CN=Configuration,DC=demo,DC=org
[+]-rootDomainNamingContext:
| DC=demo,DC=org
[+]-supportedControl:
| 1.2.840.113556.1.4.319
| 1.2.840.113556.1.4.801
| 1.2.840.113556.1.4.473
| 1.2.840.113556.1.4.528
| 1.2.840.113556.1.4.417
| 1.2.840.113556.1.4.619
| 1.2.840.113556.1.4.841
| 1.2.840.113556.1.4.529
| 1.2.840.113556.1.4.805
| 1.2.840.113556.1.4.521
| 1.2.840.113556.1.4.970
| 1.2.840.113556.1.4.1338
| 1.2.840.113556.1.4.474
| 1.2.840.113556.1.4.1339
| 1.2.840.113556.1.4.1340
| 1.2.840.113556.1.4.1413
| 2.16.840.1.113730.3.4.9
| 2.16.840.1.113730.3.4.10
| 1.2.840.113556.1.4.1504
| 1.2.840.113556.1.4.1852
| 1.2.840.113556.1.4.802
| 1.2.840.113556.1.4.1907
| 1.2.840.113556.1.4.1948
| 1.2.840.113556.1.4.1974
| 1.2.840.113556.1.4.1341
| 1.2.840.113556.1.4.2026
| 1.2.840.113556.1.4.2064
| 1.2.840.113556.1.4.2065
| 1.2.840.113556.1.4.2066
[+]-supportedLDAPVersion:
| 3
| 2
[+]-supportedLDAPPolicies:
| MaxPoolThreads
| MaxDatagramRecv
| MaxReceiveBuffer
| InitRecvTimeout
| MaxConnections
| MaxConnIdleTime
| MaxPageSize
| MaxQueryDuration
| MaxTempTableSize
| MaxResultSetSize
| MinResultSets
| MaxResultSetsPerConn
| MaxNotificationPerConn
| MaxValRange
| ThreadMemoryLimit
| SystemMemoryLimitPercent
[+]-highestCommittedUSN:
| 24448617
[+]-supportedSASLMechanisms:
| GSSAPI
| GSS-SPNEGO
| EXTERNAL
| DIGEST-MD5
[+]-dnsHostName:
| demosfdc02.demo.org
[+]-ldapServiceName:
| demo.org:demosfdc02$@demo.ORG
[+]-serverName:
| CN=demoSFDC02,CN=Servers,CN=SanFrancisco,CN=Sites,CN=Configuration,DC=demo,DC=org
[+]-supportedCapabilities:
| 1.2.840.113556.1.4.800
| 1.2.840.113556.1.4.1670
| 1.2.840.113556.1.4.1791
| 1.2.840.113556.1.4.1935
| 1.2.840.113556.1.4.2080
[+]-isSynchronized:
| TRUE
[+]-isGlobalCatalogReady:
| TRUE
[+]-domainFunctionality:
| 2
[+]-forestFunctionality:
| 2
[+]-domainControllerFunctionality:
| 4
40448 (8) - SNMP Supported Protocols Detection
Synopsis
This plugin reports all the protocol versions successfully negotiated with the remote SNMP agent.
Description
Extend the SNMP settings data already gathered by testing for\ SNMP versions other than the highest negotiated.
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2009/07/31, Modified: 2013/01/19
Plugin Output

10.0.0.5 (udp/161)

This host supports SNMP version SNMPv1.
This host supports SNMP version SNMPv2c.

10.0.0.11 (udp/161)

This host supports SNMP version SNMPv1.
This host supports SNMP version SNMPv2c.

10.0.0.12 (udp/161)

This host supports SNMP version SNMPv1.
This host supports SNMP version SNMPv2c.

10.0.0.17 (udp/161)

This host supports SNMP version SNMPv1.
This host supports SNMP version SNMPv2c.

10.0.0.19 (udp/161)

This host supports SNMP version SNMPv1.
This host supports SNMP version SNMPv2c.

10.0.0.87 (udp/161)

This host supports SNMP version SNMPv1.
This host supports SNMP version SNMPv2c.

10.0.0.248 (udp/161)

This host supports SNMP version SNMPv1.
This host supports SNMP version SNMPv2c.

10.0.0.249 (udp/161)

This host supports SNMP version SNMPv1.
This host supports SNMP version SNMPv2c.
66173 (8) - RDP Screenshot
Synopsis
It is possible to take a screenshot of the remote login screen.
Description
This script attempts to connect to the remote host via RDP (Remote Desktop Protocol) and attempts to take a screenshot of the login screen.

While this is not a vulnerability by itself, some versions of Windows display the names of the users who can connect and which ones are connected already.
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2013/04/22, Modified: 2018/04/18
Plugin Output

10.0.0.8 (tcp/3389)

It was possible to gather the following screenshot of the remote login screen.

10.0.0.14 (tcp/3389)

It was possible to gather the following screenshot of the remote login screen.

10.0.0.22 (tcp/3389)

It was possible to gather the following screenshot of the remote login screen.

10.0.0.25 (tcp/3389)

It was possible to gather the following screenshot of the remote login screen.

10.0.0.27 (tcp/3389)

It was possible to gather the following screenshot of the remote login screen.

10.0.0.64 (tcp/3389)

It was possible to gather the following screenshot of the remote login screen.

10.0.0.94 (tcp/3389)

It was possible to gather the following screenshot of the remote login screen.

10.0.0.112 (tcp/3389)

It was possible to gather the following screenshot of the remote login screen.
10551 (7) - SNMP Request Network Interfaces Enumeration
Synopsis
The list of network interfaces cards of the remote host can be obtained via SNMP.
Description
It is possible to obtain the list of the network interfaces installed on the remote host by sending SNMP requests with the OID 1.3.6.1.2.1.2.1.0

An attacker may use this information to gain more knowledge about the target host.
Solution
Disable the SNMP service on the remote host if you do not use it, or filter incoming UDP packets going to this port.
Risk Factor
None
Plugin Information:
Published: 2000/11/13, Modified: 2011/05/24
Plugin Output

10.0.0.11 (udp/161)


Interface 1 information :
ifIndex : 1
ifDescr : lo
ifPhysAddress :


Interface 2 information :
ifIndex : 2
ifDescr : eth0
ifPhysAddress : 0021b7442de9


Interface 3 information :
ifIndex : 3
ifDescr : sit0
ifPhysAddress : 000000002de9

10.0.0.12 (udp/161)


Interface 1 information :
ifIndex : 1
ifDescr : lo
ifPhysAddress :


Interface 2 information :
ifIndex : 2
ifDescr : eth0
ifPhysAddress : 0021b75406d4


Interface 3 information :
ifIndex : 3
ifDescr : sit0
ifPhysAddress : 0000000006d4

10.0.0.17 (udp/161)


Interface 1 information :
ifIndex : 1
ifDescr : lo
ifPhysAddress :


Interface 2 information :
ifIndex : 2
ifDescr : eth0
ifPhysAddress : 0021b7c4e9ae


Interface 3 information :
ifIndex : 3
ifDescr : sit0
ifPhysAddress : 00000000e9ae

10.0.0.19 (udp/161)


Interface 1 information :
ifIndex : 1
ifDescr : lo
ifPhysAddress :


Interface 2 information :
ifIndex : 2
ifDescr : eth0
ifPhysAddress : 0021b7c421b9


Interface 3 information :
ifIndex : 3
ifDescr : sit0
ifPhysAddress : 0000000021b9

10.0.0.87 (udp/161)


Interface 1 information :
ifIndex : 1
ifDescr : 1 Gigabit - Level
ifPhysAddress : 98f2b358a022


Interface 2 information :
ifIndex : 2
ifDescr : 2 Gigabit - Level
ifPhysAddress : 98f2b358a022


Interface 3 information :
ifIndex : 3
ifDescr : 3 Gigabit - Level
ifPhysAddress : 98f2b358a022


Interface 4 information :
ifIndex : 4
ifDescr : 4 Gigabit - Level
ifPhysAddress : 98f2b358a022


Interface 5 information :
ifIndex : 5
ifDescr : 5 Gigabit - Level
ifPhysAddress : 98f2b358a022


Interface 6 information :
ifIndex : 6
ifDescr : 6 Gigabit - Level
ifPhysAddress : 98f2b358a022


Interface 7 information :
ifIndex : 7
ifDescr : 7 Gigabit - Level
ifPhysAddress : 98f2b358a022


Interface 8 information :
ifIndex : 8
ifDescr : 8 Gigabit - Level
ifPhysAddress : 98f2b358a022


Interface 9 information :
ifIndex : 9
ifDescr : 9 Gigabit - Level
ifPhysAddress : 98f2b358a022


Interface 10 information :
ifIndex : 10
ifDescr : 10 Gigabit - Level
ifPhysAddress : 98f2b358a022


Interface 11 information :
ifIndex : 11
ifDescr : 11 Gigabit - Level
ifPhysAddress : 98f2b358a022


Interface 12 information :
ifIndex : 12
ifDescr : 12 Gigabit - Level
ifPhysAddress : 98f2b358a022


Interface 13 information :
ifIndex : 13
ifDescr : 13 Gigabit - Level
ifPhysAddress : 98f2b358a022


Interface 14 information :
ifIndex : 14
ifDescr : 14 Gigabit - Level
ifPhysAddress : 98f2b358a022


Interface 15 information :
ifIndex : 15
ifDescr : 15 Gigabit - Level
ifPhysAddress : 98f2b358a022


Interface 16 information :
ifIndex : 16
ifDescr : 16 Gigabit - Level
ifPhysAddress : 98f2b358a022


Interface 17 information :
ifIndex : 17
ifDescr : 17 Gigabit - Level
ifPhysAddress : 98f2b358a022


Interface 18 information :
ifIndex : 18
ifDescr : 18 Gigabit - Level
ifPhysAddress : 98f2b358a022


Interface 19 information :
ifIndex : 19
ifDescr : 19 Gigabit - Level
ifPhysAddress : 98f2b358a022


Interface 20 information :
ifIndex : 20
ifDescr : 20 Gigabit - Level
ifPhysAddress : 98f2b358a022


Interface 21 information :
ifIndex : 21
ifDescr : 21 Gigabit - Level
ifPhysAddress : 98f2b358a022


Interface 22 information :
ifIndex : 22
ifDescr : 22 Gigabit - Level
ifPhysAddress : 98f2b358a022


Interface 23 information :
ifIndex : 23
ifDescr : 23 Gigabit - Level
ifPhysAddress : 98f2b358a022


Interface 24 information :
ifIndex : 24
ifDescr : 24 Gigabit - Level
ifPhysAddress : 98f2b358a022


Interface 25 information :
ifIndex : 25
ifDescr : 25 Gigabit - Level
ifPhysAddress : 98f2b358a022


Interface 26 information :
ifIndex : 26
ifDescr : 26 Gigabit - Level
ifPhysAddress : 98f2b358a022


Interface 27 information :
ifIndex : 53
ifDescr : CPU Interface
ifPhysAddress : 98f2b358a020


Interface 28 information :
ifIndex : 54
ifDescr : TRK1
ifPhysAddress : 98f2b358a022


Interface 29 information :
ifIndex : 55
ifDescr : TRK2
ifPhysAddress : 98f2b358a022


Interface 30 information :
ifIndex : 56
ifDescr : TRK3
ifPhysAddress : 98f2b358a022


Interface 31 information :
ifIndex : 57
ifDescr : TRK4
ifPhysAddress : 98f2b358a022


Interface 32 information :
ifIndex : 58
ifDescr : TRK5
ifPhysAddress : 98f2b358a022


Interface 33 information :
ifIndex : 59
ifDescr : TRK6
ifPhysAddress : 98f2b358a022


Interface 34 information :
ifIndex : 60
ifDescr : TRK7
ifPhysAddress : 98f2b358a022


Interface 35 information :
ifIndex : 61
ifDescr : TRK8
ifPhysAddress : 98f2b358a022

10.0.0.248 (udp/161)


Interface 1 information :
ifIndex : 1
ifDescr : 1
ifPhysAddress : 0021f79dd73f


Interface 2 information :
ifIndex : 2
ifDescr : 2
ifPhysAddress : 0021f79dd73e


Interface 3 information :
ifIndex : 3
ifDescr : 3
ifPhysAddress : 0021f79dd73d


Interface 4 information :
ifIndex : 4
ifDescr : 4
ifPhysAddress : 0021f79dd73c


Interface 5 information :
ifIndex : 5
ifDescr : 5
ifPhysAddress : 0021f79dd73b


Interface 6 information :
ifIndex : 6
ifDescr : 6
ifPhysAddress : 0021f79dd73a


Interface 7 information :
ifIndex : 7
ifDescr : 7
ifPhysAddress : 0021f79dd739


Interface 8 information :
ifIndex : 8
ifDescr : 8
ifPhysAddress : 0021f79dd738


Interface 9 information :
ifIndex : 9
ifDescr : 9
ifPhysAddress : 0021f79dd737


Interface 10 information :
ifIndex : 10
ifDescr : 10
ifPhysAddress : 0021f79dd736


Interface 11 information :
ifIndex : 11
ifDescr : 11
ifPhysAddress : 0021f79dd735


Interface 12 information :
ifIndex : 12
ifDescr : 12
ifPhysAddress : 0021f79dd734


Interface 13 information :
ifIndex : 13
ifDescr : 13
ifPhysAddress : 0021f79dd733


Interface 14 information :
ifIndex : 14
ifDescr : 14
ifPhysAddress : 0021f79dd732


Interface 15 information :
ifIndex : 15
ifDescr : 15
ifPhysAddress : 0021f79dd731


Interface 16 information :
ifIndex : 16
ifDescr : 16
ifPhysAddress : 0021f79dd730


Interface 17 information :
ifIndex : 17
ifDescr : 17
ifPhysAddress : 0021f79dd72f


Interface 18 information :
ifIndex : 18
ifDescr : 18
ifPhysAddress : 0021f79dd72e


Interface 19 information :
ifIndex : 19
ifDescr : 19
ifPhysAddress : 0021f79dd72d


Interface 20 information :
ifIndex : 20
ifDescr : 20
ifPhysAddress : 0021f79dd72c


Interface 21 information :
ifIndex : 21
ifDescr : 21
ifPhysAddress : 0021f79dd72b


Interface 22 information :
ifIndex : 22
ifDescr : 22
ifPhysAddress : 0021f79dd72a


Interface 23 information :
ifIndex : 23
ifDescr : 23
ifPhysAddress : 0021f79dd729


Interface 24 information :
ifIndex : 24
ifDescr : 24
ifPhysAddress : 0021f79dd728


Interface 25 information :
ifIndex : 25
ifDescr : 25
ifPhysAddress : 0021f79dd727


Interface 26 information :
ifIndex : 26
ifDescr : 26
ifPhysAddress : 0021f79dd726


Interface 27 information :
ifIndex : 27
ifDescr : 27
ifPhysAddress : 0021f79dd725


Interface 28 information :
ifIndex : 28
ifDescr : 28
ifPhysAddress : 0021f79dd724


Interface 29 information :
ifIndex : 29
ifDescr : 29
ifPhysAddress : 0021f79dd723


Interface 30 information :
ifIndex : 30
ifDescr : 30
ifPhysAddress : 0021f79dd722


Interface 31 information :
ifIndex : 31
ifDescr : 31
ifPhysAddress : 0021f79dd721


Interface 32 information :
ifIndex : 32
ifDescr : 32
ifPhysAddress : 0021f79dd720


Interface 33 information :
ifIndex : 33
ifDescr : 33
ifPhysAddress : 0021f79dd71f


Interface 34 information :
ifIndex : 34
ifDescr : 34
ifPhysAddress : 0021f79dd71e


Interface 35 information :
ifIndex : 35
ifDescr : 35
ifPhysAddress : 0021f79dd71d


Interface 36 information :
ifIndex : 36
ifDescr : 36
ifPhysAddress : 0021f79dd71c


Interface 37 information :
ifIndex : 37
ifDescr : 37
ifPhysAddress : 0021f79dd71b


Interface 38 information :
ifIndex : 38
ifDescr : 38
ifPhysAddress : 0021f79dd71a


Interface 39 information :
ifIndex : 39
ifDescr : 39
ifPhysAddress : 0021f79dd719


Interface 40 information :
ifIndex : 40
ifDescr : 40
ifPhysAddress : 0021f79dd718


Interface 41 information :
ifIndex : 41
ifDescr : 41
ifPhysAddress : 0021f79dd717


Interface 42 information :
ifIndex : 42
ifDescr : 42
ifPhysAddress : 0021f79dd716


Interface 43 information :
ifIndex : 43
ifDescr : 43
ifPhysAddress : 0021f79dd715


Interface 44 information :
ifIndex : 44
ifDescr : 44
ifPhysAddress : 0021f79dd714


Interface 45 information :
ifIndex : 45
ifDescr : 45
ifPhysAddress : 0021f79dd713


Interface 46 information :
ifIndex : 46
ifDescr : 46
ifPhysAddress : 0021f79dd712


Interface 47 information :
ifIndex : 47
ifDescr : 47
ifPhysAddress : 0021f79dd711


Interface 48 information :
ifIndex : 48
ifDescr : 48
ifPhysAddress : 0021f79dd710


Interface 49 information :
ifIndex : 49
ifDescr : Trk1
ifPhysAddress : 0021f79dd700


Interface 50 information :
ifIndex : 97
ifDescr : DEFAULT_VLAN
ifPhysAddress : 0021f79dd700


Interface 51 information :
ifIndex : 98
ifDescr : OUTSIDE
ifPhysAddress : 0021f79dd700


Interface 52 information :
ifIndex : 99
ifDescr : WLAN
ifPhysAddress : 0021f79dd700


Interface 53 information :
ifIndex : 100
ifDescr : PUBLIC
ifPhysAddress : 0021f79dd700


Interface 54 information :
ifIndex : 4192
ifDescr : HP ProCurve Switch software loopback interface
ifPhysAddress :

10.0.0.249 (udp/161)


Interface 1 information :
ifIndex : 1
ifDescr : A1
ifPhysAddress : 0021f74894ff


Interface 2 information :
ifIndex : 2
ifDescr : A2
ifPhysAddress : 0021f74894fe


Interface 3 information :
ifIndex : 3
ifDescr : A3
ifPhysAddress : 0021f74894fd


Interface 4 information :
ifIndex : 4
ifDescr : A4
ifPhysAddress : 0021f74894fc


Interface 5 information :
ifIndex : 5
ifDescr : A5
ifPhysAddress : 0021f74894fb


Interface 6 information :
ifIndex : 6
ifDescr : A6
ifPhysAddress : 0021f74894fa


Interface 7 information :
ifIndex : 7
ifDescr : A7
ifPhysAddress : 0021f74894f9


Interface 8 information :
ifIndex : 8
ifDescr : A8
ifPhysAddress : 0021f74894f8


Interface 9 information :
ifIndex : 9
ifDescr : A9
ifPhysAddress : 0021f74894f7


Interface 10 information :
ifIndex : 10
ifDescr : A10
ifPhysAddress : 0021f74894f6


Interface 11 information :
ifIndex : 11
ifDescr : A11
ifPhysAddress : 0021f74894f5


Interface 12 information :
ifIndex : 12
ifDescr : A12
ifPhysAddress : 0021f74894f4


Interface 13 information :
ifIndex : 13
ifDescr : A13
ifPhysAddress : 0021f74894f3


Interface 14 information :
ifIndex : 14
ifDescr : A14
ifPhysAddress : 0021f74894f2


Interface 15 information :
ifIndex : 15
ifDescr : A15
ifPhysAddress : 0021f74894f1


Interface 16 information :
ifIndex : 16
ifDescr : A16
ifPhysAddress : 0021f74894f0


Interface 17 information :
ifIndex : 17
ifDescr : A17
ifPhysAddress : 0021f74894ef


Interface 18 information :
ifIndex : 18
ifDescr : A18
ifPhysAddress : 0021f74894ee


Interface 19 information :
ifIndex : 19
ifDescr : A19
ifPhysAddress : 0021f74894ed


Interface 20 information :
ifIndex : 20
ifDescr : A20
ifPhysAddress : 0021f74894ec


Interface 21 information :
ifIndex : 21
ifDescr : A21
ifPhysAddress : 0021f74894eb


Interface 22 information :
ifIndex : 22
ifDescr : A22
ifPhysAddress : 0021f74894ea


Interface 23 information :
ifIndex : 23
ifDescr : A23
ifPhysAddress : 0021f74894e9


Interface 24 information :
ifIndex : 24
ifDescr : A24
ifPhysAddress : 0021f74894e8


Interface 25 information :
ifIndex : 27
ifDescr : B1
ifPhysAddress : 0021f74894e5


Interface 26 information :
ifIndex : 28
ifDescr : B2
ifPhysAddress : 0021f74894e4


Interface 27 information :
ifIndex : 29
ifDescr : B3
ifPhysAddress : 0021f74894e3


Interface 28 information :
ifIndex : 30
ifDescr : B4
ifPhysAddress : 0021f74894e2


Interface 29 information :
ifIndex : 31
ifDescr : B5
ifPhysAddress : 0021f74894e1


Interface 30 information :
ifIndex : 32
ifDescr : B6
ifPhysAddress : 0021f74894e0


Interface 31 information :
ifIndex : 33
ifDescr : B7
ifPhysAddress : 0021f74894df


Interface 32 information :
ifIndex : 34
ifDescr : B8
ifPhysAddress : 0021f74894de


Interface 33 information :
ifIndex : 35
ifDescr : B9
ifPhysAddress : 0021f74894dd


Interface 34 information :
ifIndex : 36
ifDescr : B10
ifPhysAddress : 0021f74894dc


Interface 35 information :
ifIndex : 37
ifDescr : B11
ifPhysAddress : 0021f74894db


Interface 36 information :
ifIndex : 38
ifDescr : B12
ifPhysAddress : 0021f74894da


Interface 37 information :
ifIndex : 39
ifDescr : B13
ifPhysAddress : 0021f74894d9


Interface 38 information :
ifIndex : 40
ifDescr : B14
ifPhysAddress : 0021f74894d8


Interface 39 information :
ifIndex : 41
ifDescr : B15
ifPhysAddress : 0021f74894d7


Interface 40 information :
ifIndex : 42
ifDescr : B16
ifPhysAddress : 0021f74894d6


Interface 41 information :
ifIndex : 43
ifDescr : B17
ifPhysAddress : 0021f74894d5


Interface 42 information :
ifIndex : 44
ifDescr : B18
ifPhysAddress : 0021f74894d4


Interface 43 information :
ifIndex : 45
ifDescr : B19
ifPhysAddress : 0021f74894d3


Interface 44 information :
ifIndex : 46
ifDescr : B20
ifPhysAddress : 0021f74894d2


Interface 45 information :
ifIndex : 47
ifDescr : B21
ifPhysAddress : 0021f74894d1


Interface 46 information :
ifIndex : 48
ifDescr : B22
ifPhysAddress : 0021f74894d0


Interface 47 information :
ifIndex : 49
ifDescr : B23
ifPhysAddress : 0021f74894cf


Interface 48 information :
ifIndex : 50
ifDescr : B24
ifPhysAddress : 0021f74894ce


Interface 49 information :
ifIndex : 53
ifDescr : C1
ifPhysAddress : 0021f74894cb


Interface 50 information :
ifIndex : 54
ifDescr : C2
ifPhysAddress : 0021f74894ca


Interface 51 information :
ifIndex : 55
ifDescr : C3
ifPhysAddress : 0021f74894c9


Interface 52 information :
ifIndex : 56
ifDescr : C4
ifPhysAddress : 0021f74894c8


Interface 53 information :
ifIndex : 57
ifDescr : C5
ifPhysAddress : 0021f74894c7


Interface 54 information :
ifIndex : 58
ifDescr : C6
ifPhysAddress : 0021f74894c6


Interface 55 information :
ifIndex : 59
ifDescr : C7
ifPhysAddress : 0021f74894c5


Interface 56 information :
ifIndex : 60
ifDescr : C8
ifPhysAddress : 0021f74894c4


Interface 57 information :
ifIndex : 61
ifDescr : C9
ifPhysAddress : 0021f74894c3


Interface 58 information :
ifIndex : 62
ifDescr : C10
ifPhysAddress : 0021f74894c2


Interface 59 information :
ifIndex : 63
ifDescr : C11
ifPhysAddress : 0021f74894c1


Interface 60 information :
ifIndex : 64
ifDescr : C12
ifPhysAddress : 0021f74894c0


Interface 61 information :
ifIndex : 65
ifDescr : C13
ifPhysAddress : 0021f74894bf


Interface 62 information :
ifIndex : 66
ifDescr : C14
ifPhysAddress : 0021f74894be


Interface 63 information :
ifIndex : 67
ifDescr : C15
ifPhysAddress : 0021f74894bd


Interface 64 information :
ifIndex : 68
ifDescr : C16
ifPhysAddress : 0021f74894bc


Interface 65 information :
ifIndex : 69
ifDescr : C17
ifPhysAddress : 0021f74894bb


Interface 66 information :
ifIndex : 70
ifDescr : C18
ifPhysAddress : 0021f74894ba


Interface 67 information :
ifIndex : 71
ifDescr : C19
ifPhysAddress : 0021f74894b9


Interface 68 information :
ifIndex : 72
ifDescr : C20
ifPhysAddress : 0021f74894b8


Interface 69 information :
ifIndex : 73
ifDescr : C21
ifPhysAddress : 0021f74894b7


Interface 70 information :
ifIndex : 74
ifDescr : C22
ifPhysAddress : 0021f74894b6


Interface 71 information :
ifIndex : 75
ifDescr : C23
ifPhysAddress : 0021f74894b5


Interface 72 information :
ifIndex : 76
ifDescr : C24
ifPhysAddress : 0021f74894b4


Interface 73 information :
ifIndex : 79
ifDescr : D1
ifPhysAddress : 0021f74894b1


Interface 74 information :
ifIndex : 80
ifDescr : D2
ifPhysAddress : 0021f74894b0


Interface 75 information :
ifIndex : 81
ifDescr : D3
ifPhysAddress : 0021f74894af


Interface 76 information :
ifIndex : 82
ifDescr : D4
ifPhysAddress : 0021f74894ae


Interface 77 information :
ifIndex : 83
ifDescr : D5
ifPhysAddress : 0021f74894ad


Interface 78 information :
ifIndex : 84
ifDescr : D6
ifPhysAddress : 0021f74894ac


Interface 79 information :
ifIndex : 85
ifDescr : D7
ifPhysAddress : 0021f74894ab


Interface 80 information :
ifIndex : 86
ifDescr : D8
ifPhysAddress : 0021f74894aa


Interface 81 information :
ifIndex : 87
ifDescr : D9
ifPhysAddress : 0021f74894a9


Interface 82 information :
ifIndex : 88
ifDescr : D10
ifPhysAddress : 0021f74894a8


Interface 83 information :
ifIndex : 89
ifDescr : D11
ifPhysAddress : 0021f74894a7


Interface 84 information :
ifIndex : 90
ifDescr : D12
ifPhysAddress : 0021f74894a6


Interface 85 information :
ifIndex : 91
ifDescr : D13
ifPhysAddress : 0021f74894a5


Interface 86 information :
ifIndex : 92
ifDescr : D14
ifPhysAddress : 0021f74894a4


Interface 87 information :
ifIndex : 93
ifDescr : D15
ifPhysAddress : 0021f74894a3


Interface 88 information :
ifIndex : 94
ifDescr : D16
ifPhysAddress : 0021f74894a2


Interface 89 information :
ifIndex : 95
ifDescr : D17
ifPhysAddress : 0021f74894a1


Interface 90 information :
ifIndex : 96
ifDescr : D18
ifPhysAddress : 0021f74894a0


Interface 91 information :
ifIndex : 97
ifDescr : D19
ifPhysAddress : 0021f748949f


Interface 92 information :
ifIndex : 98
ifDescr : D20
ifPhysAddress : 0021f748949e


Interface 93 information :
ifIndex : 99
ifDescr : D21
ifPhysAddress : 0021f748949d


Interface 94 information :
ifIndex : 100
ifDescr : D22
ifPhysAddress : 0021f748949c


Interface 95 information :
ifIndex : 101
ifDescr : D23
ifPhysAddress : 0021f748949b


Interface 96 information :
ifIndex : 102
ifDescr : D24
ifPhysAddress : 0021f748949a


Interface 97 information :
ifIndex : 105
ifDescr : E1
ifPhysAddress : 0021f7489497


Interface 98 information :
ifIndex : 106
ifDescr : E2
ifPhysAddress : 0021f7489496


Interface 99 information :
ifIndex : 107
ifDescr : E3
ifPhysAddress : 0021f7489495


Interface 100 information :
ifIndex : 108
ifDescr : E4
ifPhysAddress : 0021f7489494


Interface 101 information :
ifIndex : 109
ifDescr : E5
ifPhysAddress : 0021f7489493


Interface 102 information :
ifIndex : 110
ifDescr : E6
ifPhysAddress : 0021f7489492


Interface 103 information :
ifIndex : 111
ifDescr : E7
ifPhysAddress : 0021f7489491


Interface 104 information :
ifIndex : 112
ifDescr : E8
ifPhysAddress : 0021f7489490


Interface 105 information :
ifIndex : 113
ifDescr : E9
ifPhysAddress : 0021f748948f


Interface 106 information :
ifIndex : 114
ifDescr : E10
ifPhysAddress : 0021f748948e


Interface 107 information :
ifIndex : 115
ifDescr : E11
ifPhysAddress : 0021f748948d


Interface 108 information :
ifIndex : 116
ifDescr : E12
ifPhysAddress : 0021f748948c


Interface 109 information :
ifIndex : 117
ifDescr : E13
ifPhysAddress : 0021f748948b


Interface 110 information :
ifIndex : 118
ifDescr : E14
ifPhysAddress : 0021f748948a


Interface 111 information :
ifIndex : 119
ifDescr : E15
ifPhysAddress : 0021f7489489


Interface 112 information :
ifIndex : 120
ifDescr : E16
ifPhysAddress : 0021f7489488


Interface 113 information :
ifIndex : 121
ifDescr : E17
ifPhysAddress : 0021f7489487


Interface 114 information :
ifIndex : 122
ifDescr : E18
ifPhysAddress : 0021f7489486


Interface 115 information :
ifIndex : 123
ifDescr : E19
ifPhysAddress : 0021f7489485


Interface 116 information :
ifIndex : 124
ifDescr : E20
ifPhysAddress : 0021f7489484


Interface 117 information :
ifIndex : 125
ifDescr : E21
ifPhysAddress : 0021f7489483


Interface 118 information :
ifIndex : 126
ifDescr : E22
ifPhysAddress : 0021f7489482


Interface 119 information :
ifIndex : 127
ifDescr : E23
ifPhysAddress : 0021f7489481


Interface 120 information :
ifIndex : 128
ifDescr : E24
ifPhysAddress : 0021f7489480


Interface 121 information :
ifIndex : 157
ifDescr : G1
ifPhysAddress : 0021f7489463


Interface 122 information :
ifIndex : 158
ifDescr : G2
ifPhysAddress : 0021f7489462


Interface 123 information :
ifIndex : 159
ifDescr : G3
ifPhysAddress : 0021f7489461


Interface 124 information :
ifIndex : 160
ifDescr : G4
ifPhysAddress : 0021f7489460


Interface 125 information :
ifIndex : 161
ifDescr : G5
ifPhysAddress : 0021f748945f


Interface 126 information :
ifIndex : 162
ifDescr : G6
ifPhysAddress : 0021f748945e


Interface 127 information :
ifIndex : 163
ifDescr : G7
ifPhysAddress : 0021f748945d


Interface 128 information :
ifIndex : 164
ifDescr : G8
ifPhysAddress : 0021f748945c


Interface 129 information :
ifIndex : 165
ifDescr : G9
ifPhysAddress : 0021f748945b


Interface 130 information :
ifIndex : 166
ifDescr : G10
ifPhysAddress : 0021f748945a


Interface 131 information :
ifIndex : 167
ifDescr : G11
ifPhysAddress : 0021f7489459


Interface 132 information :
ifIndex : 168
ifDescr : G12
ifPhysAddress : 0021f7489458


Interface 133 information :
ifIndex : 169
ifDescr : G13
ifPhysAddress : 0021f7489457


Interface 134 information :
ifIndex : 170
ifDescr : G14
ifPhysAddress : 0021f7489456


Interface 135 information :
ifIndex : 171
ifDescr : G15
ifPhysAddress : 0021f7489455


Interface 136 information :
ifIndex : 172
ifDescr : G16
ifPhysAddress : 0021f7489454


Interface 137 information :
ifIndex : 173
ifDescr : G17
ifPhysAddress : 0021f7489453


Interface 138 information :
ifIndex : 174
ifDescr : G18
ifPhysAddress : 0021f7489452


Interface 139 information :
ifIndex : 175
ifDescr : G19
ifPhysAddress : 0021f7489451


Interface 140 information :
ifIndex : 176
ifDescr : G20
ifPhysAddress : 0021f7489450


Interface 141 information :
ifIndex : 177
ifDescr : G21
ifPhysAddress : 0021f748944f


Interface 142 information :
ifIndex : 178
ifDescr : G22
ifPhysAddress : 0021f748944e


Interface 143 information :
ifIndex : 179
ifDescr : G23
ifPhysAddress : 0021f748944d


Interface 144 information :
ifIndex : 180
ifDescr : G24
ifPhysAddress : 0021f748944c


Interface 145 information :
ifIndex : 209
ifDescr : Trk1
ifPhysAddress : 0021f7489400


Interface 146 information :
ifIndex : 281
ifDescr : DEFAULT_VLAN
ifPhysAddress : 0021f7489400


Interface 147 information :
ifIndex : 282
ifDescr : OUTSIDE
ifPhysAddress : 0021f7489400


Interface 148 information :
ifIndex : 283
ifDescr : WLAN
ifPhysAddress : 0021f7489400


Interface 149 information :
ifIndex : 284
ifDescr : PUBLIC
ifPhysAddress : 0021f7489400


Interface 150 information :
ifIndex : 330
ifDescr : WLAN_PRIV
ifPhysAddress : 0021f7489400


Interface 151 information :
ifIndex : 331
ifDescr : WLAN_PUB
ifPhysAddress : 0021f7489400


Interface 152 information :
ifIndex : 332
ifDescr : WLAN_NPRIV
ifPhysAddress : 0021f7489400


Interface 153 information :
ifIndex : 4376
ifDescr : HP ProCurve Switch software loopback interface
ifPhysAddress :
10800 (7) - SNMP Query System Information Disclosure
Synopsis
The System Information of the remote host can be obtained via SNMP.
Description
It is possible to obtain the system information about the remote host by sending SNMP requests with the OID 1.3.6.1.2.1.1.1.

An attacker may use this information to gain more knowledge about the target host.
Solution
Disable the SNMP service on the remote host if you do not use it, or filter incoming UDP packets going to this port.
Risk Factor
None
Plugin Information:
Published: 2001/11/06, Modified: 2011/05/24
Plugin Output

10.0.0.11 (udp/161)

System information :
sysDescr : Dell 2330dn Laser Printer version NR.APS.N449 kernel 2.6.18.5 All-N-1
sysObjectID : 1.3.6.1.4.1.674.10898.1.1.1094472241
sysUptime : 17d 4h 37m 50s
sysContact :
sysName : ET0021B7442DE9
sysLocation :
sysServices : 72

10.0.0.12 (udp/161)

System information :
sysDescr : Dell 2330dn Laser Printer version NR.APS.N449 kernel 2.6.18.5 All-N-1
sysObjectID : 1.3.6.1.4.1.674.10898.1.1.1094472241
sysUptime : 13d 0h 8m 17s
sysContact :
sysName : ET0021B75406D4
sysLocation :
sysServices : 72

10.0.0.17 (udp/161)

System information :
sysDescr : Dell 2330dn Laser Printer version NR.APS.N449 kernel 2.6.18.5 All-N-1
sysObjectID : 1.3.6.1.4.1.674.10898.1.1.1094472241
sysUptime : 18d 9h 33m 13s
sysContact :
sysName : ET0021B7C4E9AE
sysLocation :
sysServices : 72

10.0.0.19 (udp/161)

System information :
sysDescr : Dell 2330dn Laser Printer version NR.APS.N449 kernel 2.6.18.5 All-N-1
sysObjectID : 1.3.6.1.4.1.674.10898.1.1.1094472241
sysUptime : 9d 15h 57m 49s
sysContact :
sysName : ET0021B7C421B9
sysLocation :
sysServices : 72

10.0.0.87 (udp/161)

System information :
sysDescr : HPE OfficeConnect Switch 1820 24G PoE+ (185W) J9983A, PT.02.01, Linux 3.6.5-79c95a77, U-Boot 2012.10-00116-g3ab515c (Jul 30 2014 - 10:52:01)
sysObjectID : 1.3.6.1.4.1.11.2.3.7.11.171
sysUptime : 13d 8h 58m 2s
sysContact :
sysName :
sysLocation :
sysServices : 2

10.0.0.248 (udp/161)

System information :
sysDescr : ProCurve J9280A Switch 2510G-48, revision Y.11.12, ROM N.10.02 (/sw/code/build/cod(cod11))
sysObjectID : 1.3.6.1.4.1.11.2.3.7.11.89
sysUptime : 16d 18h 58m 6s
sysContact :
sysName : demo-A-1
sysLocation : Server Room
sysServices : 74

10.0.0.249 (udp/161)

System information :
sysDescr : ProCurve J8773A Switch 4208vl, revision L.11.47, ROM L.10.03 (/sw/code/build/rmm)
sysObjectID : 1.3.6.1.4.1.11.2.3.7.11.53
sysUptime : 12d 4h 34m 10s
sysContact :
sysName : demo-A-0
sysLocation : Wiring Closet
sysServices : 74
31422 (7) - Reverse NAT/Intercepting Proxy Detection
Synopsis
The remote IP address seems to connect to different hosts via reverse NAT, or an intercepting proxy is in the way.
Description
Reverse NAT is a technology which lets multiple computers offer public services on different ports via the same IP address.

Based on OS fingerprinting results, it seems that different operating systems are listening on different remote ports.

Note that this behavior may also indicate the presence of a intercepting proxy, a load balancer or a traffic shaper.
See Also
Solution
Make sure that this setup is authorized by your security policy
Risk Factor
None
Plugin Information:
Published: 2008/03/12, Modified: 2017/06/12
Plugin Output

10.0.0.1 (tcp/0)

+ On the following port(s) :
- 5060 (1 hops away)
- 2000 (1 hops away)

The operating system was identified as :

Linux Kernel 2.2
Linux Kernel 2.4
Linux Kernel 2.6

+ On the following port(s) :
- 8181 (5 hops away)
- 8090 (5 hops away)
- 8889 (5 hops away)
- 81 (5 hops away)
- 80 (5 hops away)

The operating system was identified as :

Linux Kernel 2.6

10.0.0.47 (tcp/0)

+ On the following port(s) :
- 8190 (5 hops away)
- 1514 (5 hops away)
- 88 (5 hops away)
- 514 (5 hops away)
- 8191 (5 hops away)
- 80 (5 hops away)
- 9443 (5 hops away)
- 111 (5 hops away)
- 22000 (5 hops away)
- 2012 (5 hops away)
- 2014 (5 hops away)
- 8443 (5 hops away)
- 22 (5 hops away)
- 443 (5 hops away)

The operating system was identified as :

Linux Kernel 2.6

+ On the following port(s) :
- 5060 (1 hops away)
- 2000 (1 hops away)

The operating system was identified as :

Linux Kernel 2.2
Linux Kernel 2.4
Linux Kernel 2.6

10.0.0.110 (tcp/0)

+ On the following port(s) :
- 2345 (5 hops away)
- 21 (5 hops away)
- 22 (5 hops away)

The operating system was identified as :

Linux Kernel 2.6

+ On the following port(s) :
- 5060 (1 hops away)
- 2000 (1 hops away)

The operating system was identified as :

Linux Kernel 2.2
Linux Kernel 2.4
Linux Kernel 2.6

10.0.0.111 (tcp/0)

+ On the following port(s) :
- 22 (5 hops away)

The operating system was identified as :

Linux Kernel 2.6

+ On the following port(s) :
- 5060 (1 hops away)
- 2000 (1 hops away)

The operating system was identified as :

Linux Kernel 2.2
Linux Kernel 2.4
Linux Kernel 2.6

10.0.0.133 (tcp/0)

+ On the following port(s) :
- 2000 (1 hops away)
- 5060 (1 hops away)

The operating system was identified as :

Linux Kernel 2.2
Linux Kernel 2.4
Linux Kernel 2.6

+ On the following port(s) :
- 10000 (5 hops away)
- 80 (5 hops away)
- 139 (5 hops away)
- 445 (5 hops away)
- 548 (5 hops away)
- 8200 (5 hops away)
- 5355 (5 hops away)
- 3702 (5 hops away)
- 443 (5 hops away)

The operating system was identified as :

Linux Kernel 2.6

10.0.0.169 (tcp/0)

+ On the following port(s) :
- 21 (5 hops away)
- 22 (5 hops away)

The operating system was identified as :

Linux Kernel 2.6

+ On the following port(s) :
- 5060 (1 hops away)
- 2000 (1 hops away)

The operating system was identified as :

Linux Kernel 2.2
Linux Kernel 2.4
Linux Kernel 2.6

10.0.0.201 (tcp/0)

+ On the following port(s) :
- 22 (5 hops away)

The operating system was identified as :

Linux Kernel 2.6

+ On the following port(s) :
- 5060 (1 hops away)
- 2000 (1 hops away)

The operating system was identified as :

Linux Kernel 2.2
Linux Kernel 2.4
Linux Kernel 2.6
34022 (7) - SNMP Query Routing Information Disclosure
Synopsis
The list of IP routes on the remote host can be obtained via SNMP.
Description
It is possible to obtain the routing information on the remote host by sending SNMP requests with the OID 1.3.6.1.2.1.4.21

An attacker may use this information to gain more knowledge about the network topology.
Solution
Disable the SNMP service on the remote host if you do not use it, or filter incoming UDP packets going to this port.
Risk Factor
None
Plugin Information:
Published: 2008/08/21, Modified: 2011/05/24
Plugin Output

10.0.0.11 (udp/161)


10.0.0.0/255.255.255.0
127.0.0.0/255.0.0.0
169.254.0.0/255.255.0.0

10.0.0.12 (udp/161)


10.0.0.0/255.255.255.0
127.0.0.0/255.0.0.0
169.254.0.0/255.255.0.0

10.0.0.17 (udp/161)


10.0.0.0/255.255.255.0
127.0.0.0/255.0.0.0
169.254.0.0/255.255.0.0

10.0.0.19 (udp/161)


10.0.0.0/255.255.255.0
127.0.0.0/255.0.0.0
169.254.0.0/255.255.0.0

10.0.0.87 (udp/161)


10.0.0.0/255.255.255.0
127.0.0.0/255.0.0.0

10.0.0.248 (udp/161)


10.0.0.0/255.255.255.0
127.0.0.1/255.255.255.255

10.0.0.249 (udp/161)


10.0.0.0/255.255.255.0
127.0.0.1/255.255.255.255
35296 (7) - SNMP Protocol Version Detection
Synopsis
This plugin reports the protocol version negotiated with the remote SNMP agent.
Description
By sending an SNMP 'get-next-request', it is possible to determine the protocol version of the remote SNMP agent.
See Also
Solution
Disable the SNMP service on the remote host if you do not use it, or filter incoming UDP packets going to this port.
Risk Factor
None
Plugin Information:
Published: 2009/01/06, Modified: 2017/06/12
Plugin Output

10.0.0.11 (udp/161)


Nessus has negotiated SNMP communications at SNMPv2c.

10.0.0.12 (udp/161)


Nessus has negotiated SNMP communications at SNMPv2c.

10.0.0.17 (udp/161)


Nessus has negotiated SNMP communications at SNMPv2c.

10.0.0.19 (udp/161)


Nessus has negotiated SNMP communications at SNMPv2c.

10.0.0.87 (udp/161)


Nessus has negotiated SNMP communications at SNMPv2c.

10.0.0.248 (udp/161)


Nessus has negotiated SNMP communications at SNMPv2c.

10.0.0.249 (udp/161)


Nessus has negotiated SNMP communications at SNMPv2c.
50845 (7) - OpenSSL Detection
Synopsis
The remote service appears to use OpenSSL to encrypt traffic.
Description
Based on its response to a TLS request with a specially crafted server name extension, it seems that the remote service is using the OpenSSL library to encrypt traffic.

Note that this plugin can only detect OpenSSL implementations that have enabled support for TLS extensions (RFC 4366).
See Also
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2010/11/30, Modified: 2013/10/18
Plugin Output

10.0.0.44 (tcp/443)

10.0.0.44 (tcp/5989)

10.0.0.46 (tcp/443)

10.0.0.46 (tcp/5989)

10.0.0.47 (tcp/443)

10.0.0.47 (tcp/1514)

10.0.0.133 (tcp/443)

10267 (5) - SSH Server Type and Version Information
Synopsis
An SSH server is listening on this port.
Description
It is possible to obtain information about the remote SSH server by sending an empty authentication request.
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 1999/10/12, Modified: 2017/12/19
Plugin Output

10.0.0.47 (tcp/22)


SSH version : SSH-2.0-OpenSSH_5.1
SSH supported authentication : publickey,password
SSH banner :
VMware vCenter Server Appliance

10.0.0.110 (tcp/22)


SSH version : SSH-2.0-OpenSSH_4.3
SSH supported authentication : publickey,gssapi-with-mic,password

10.0.0.111 (tcp/22)


SSH version : SSH-2.0-OpenSSH_4.3
SSH supported authentication : publickey,gssapi-with-mic,password

10.0.0.169 (tcp/22)


SSH version : SSH-2.0-OpenSSH_4.3
SSH supported authentication : publickey,gssapi-with-mic,password

10.0.0.201 (tcp/22)


SSH version : SSH-2.0-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2
SSH supported authentication : publickey,password
10881 (5) - SSH Protocol Versions Supported
Synopsis
A SSH server is running on the remote host.
Description
This plugin determines the versions of the SSH protocol supported by the remote SSH daemon.
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2002/03/06, Modified: 2017/05/30
Plugin Output

10.0.0.47 (tcp/22)

The remote SSH daemon supports the following versions of the
SSH protocol :

- 1.99
- 2.0

10.0.0.110 (tcp/22)

The remote SSH daemon supports the following versions of the
SSH protocol :

- 1.99
- 2.0

10.0.0.111 (tcp/22)

The remote SSH daemon supports the following versions of the
SSH protocol :

- 1.99
- 2.0

10.0.0.169 (tcp/22)

The remote SSH daemon supports the following versions of the
SSH protocol :

- 1.99
- 2.0

10.0.0.201 (tcp/22)

The remote SSH daemon supports the following versions of the
SSH protocol :

- 1.99
- 2.0
39520 (5) - Backported Security Patch Detection (SSH)
Synopsis
Security patches are backported.
Description
Security patches may have been 'backported' to the remote SSH server without changing its version number.

Banner-based checks have been disabled to avoid false positives.

Note that this test is informational only and does not denote any security problem.
See Also
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2009/06/25, Modified: 2015/07/07
Plugin Output

10.0.0.47 (tcp/22)


Give Nessus credentials to perform local checks.

10.0.0.110 (tcp/22)


Give Nessus credentials to perform local checks.

10.0.0.111 (tcp/22)


Give Nessus credentials to perform local checks.

10.0.0.169 (tcp/22)


Give Nessus credentials to perform local checks.

10.0.0.201 (tcp/22)


Give Nessus credentials to perform local checks.
48204 (5) - Apache HTTP Server Version
Synopsis
It is possible to obtain the version number of the remote Apache HTTP server.
Description
The remote host is running the Apache HTTP Server, an open source web server. It was possible to read the version number from the banner.
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2010/07/30, Modified: 2018/01/22
Plugin Output

10.0.0.47 (tcp/8190)


URL : http://10.0.0.47:8190/
Version : unknown
backported : 0

10.0.0.47 (tcp/8191)


URL : https://10.0.0.47:8191/
Version : unknown
backported : 0

10.0.0.47 (tcp/22000)


URL : http://10.0.0.47:22000/
Version : unknown
backported : 0

10.0.0.133 (tcp/80)


URL : http://10.0.0.133/
Version : 2.2.34
backported : 0
os : Debian

10.0.0.133 (tcp/443)


URL : https://10.0.0.133/
Version : 2.2.34
backported : 0
os : Debian
70657 (5) - SSH Algorithms and Languages Supported
Synopsis
An SSH server is listening on this port.
Description
This script detects which algorithms and languages are supported by the remote service for encrypting communications.
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2013/10/28, Modified: 2017/08/28
Plugin Output

10.0.0.47 (tcp/22)


Nessus negotiated the following encryption algorithm with the server :

The server supports the following options for kex_algorithms :

diffie-hellman-group-exchange-sha1
diffie-hellman-group-exchange-sha256
diffie-hellman-group1-sha1
diffie-hellman-group14-sha1

The server supports the following options for server_host_key_algorithms :

ssh-dss
ssh-rsa

The server supports the following options for encryption_algorithms_client_to_server :

aes128-ctr
aes256-ctr

The server supports the following options for encryption_algorithms_server_to_client :

aes128-ctr
aes256-ctr

The server supports the following options for mac_algorithms_client_to_server :

hmac-sha1

The server supports the following options for mac_algorithms_server_to_client :

hmac-sha1

The server supports the following options for compression_algorithms_client_to_server :

none
zlib@openssh.com

The server supports the following options for compression_algorithms_server_to_client :

none
zlib@openssh.com

10.0.0.110 (tcp/22)


Nessus negotiated the following encryption algorithm with the server :

The server supports the following options for kex_algorithms :

diffie-hellman-group-exchange-sha1
diffie-hellman-group1-sha1
diffie-hellman-group14-sha1

The server supports the following options for server_host_key_algorithms :

ssh-dss
ssh-rsa

The server supports the following options for encryption_algorithms_client_to_server :

3des-cbc
aes128-cbc
aes128-ctr
aes192-cbc
aes192-ctr
aes256-cbc
aes256-ctr
arcfour
arcfour128
arcfour256
blowfish-cbc
cast128-cbc
rijndael-cbc@lysator.liu.se

The server supports the following options for encryption_algorithms_server_to_client :

3des-cbc
aes128-cbc
aes128-ctr
aes192-cbc
aes192-ctr
aes256-cbc
aes256-ctr
arcfour
arcfour128
arcfour256
blowfish-cbc
cast128-cbc
rijndael-cbc@lysator.liu.se

The server supports the following options for mac_algorithms_client_to_server :

hmac-md5
hmac-md5-96
hmac-ripemd160
hmac-ripemd160@openssh.com
hmac-sha1
hmac-sha1-96

The server supports the following options for mac_algorithms_server_to_client :

hmac-md5
hmac-md5-96
hmac-ripemd160
hmac-ripemd160@openssh.com
hmac-sha1
hmac-sha1-96

The server supports the following options for compression_algorithms_client_to_server :

none
zlib@openssh.com

The server supports the following options for compression_algorithms_server_to_client :

none
zlib@openssh.com

10.0.0.111 (tcp/22)


Nessus negotiated the following encryption algorithm with the server :

The server supports the following options for kex_algorithms :

diffie-hellman-group-exchange-sha1
diffie-hellman-group1-sha1
diffie-hellman-group14-sha1

The server supports the following options for server_host_key_algorithms :

ssh-dss
ssh-rsa

The server supports the following options for encryption_algorithms_client_to_server :

3des-cbc
aes128-cbc
aes128-ctr
aes192-cbc
aes192-ctr
aes256-cbc
aes256-ctr
arcfour
arcfour128
arcfour256
blowfish-cbc
cast128-cbc
rijndael-cbc@lysator.liu.se

The server supports the following options for encryption_algorithms_server_to_client :

3des-cbc
aes128-cbc
aes128-ctr
aes192-cbc
aes192-ctr
aes256-cbc
aes256-ctr
arcfour
arcfour128
arcfour256
blowfish-cbc
cast128-cbc
rijndael-cbc@lysator.liu.se

The server supports the following options for mac_algorithms_client_to_server :

hmac-md5
hmac-md5-96
hmac-ripemd160
hmac-ripemd160@openssh.com
hmac-sha1
hmac-sha1-96

The server supports the following options for mac_algorithms_server_to_client :

hmac-md5
hmac-md5-96
hmac-ripemd160
hmac-ripemd160@openssh.com
hmac-sha1
hmac-sha1-96

The server supports the following options for compression_algorithms_client_to_server :

none
zlib@openssh.com

The server supports the following options for compression_algorithms_server_to_client :

none
zlib@openssh.com

10.0.0.169 (tcp/22)


Nessus negotiated the following encryption algorithm with the server :

The server supports the following options for kex_algorithms :

diffie-hellman-group-exchange-sha1
diffie-hellman-group1-sha1
diffie-hellman-group14-sha1

The server supports the following options for server_host_key_algorithms :

ssh-dss
ssh-rsa

The server supports the following options for encryption_algorithms_client_to_server :

3des-cbc
aes128-cbc
aes128-ctr
aes192-cbc
aes192-ctr
aes256-cbc
aes256-ctr
arcfour
arcfour128
arcfour256
blowfish-cbc
cast128-cbc
rijndael-cbc@lysator.liu.se

The server supports the following options for encryption_algorithms_server_to_client :

3des-cbc
aes128-cbc
aes128-ctr
aes192-cbc
aes192-ctr
aes256-cbc
aes256-ctr
arcfour
arcfour128
arcfour256
blowfish-cbc
cast128-cbc
rijndael-cbc@lysator.liu.se

The server supports the following options for mac_algorithms_client_to_server :

hmac-md5
hmac-md5-96
hmac-ripemd160
hmac-ripemd160@openssh.com
hmac-sha1
hmac-sha1-96

The server supports the following options for mac_algorithms_server_to_client :

hmac-md5
hmac-md5-96
hmac-ripemd160
hmac-ripemd160@openssh.com
hmac-sha1
hmac-sha1-96

The server supports the following options for compression_algorithms_client_to_server :

none
zlib@openssh.com

The server supports the following options for compression_algorithms_server_to_client :

none
zlib@openssh.com

10.0.0.201 (tcp/22)


Nessus negotiated the following encryption algorithm with the server :

The server supports the following options for kex_algorithms :

curve25519-sha256@libssh.org
diffie-hellman-group-exchange-sha1
diffie-hellman-group-exchange-sha256
diffie-hellman-group1-sha1
diffie-hellman-group14-sha1
ecdh-sha2-nistp256
ecdh-sha2-nistp384
ecdh-sha2-nistp521

The server supports the following options for server_host_key_algorithms :

ecdsa-sha2-nistp256
ssh-dss
ssh-ed25519
ssh-rsa

The server supports the following options for encryption_algorithms_client_to_server :

3des-cbc
aes128-cbc
aes128-ctr
aes128-gcm@openssh.com
aes192-cbc
aes192-ctr
aes256-cbc
aes256-ctr
aes256-gcm@openssh.com
arcfour
arcfour128
arcfour256
blowfish-cbc
cast128-cbc
chacha20-poly1305@openssh.com
rijndael-cbc@lysator.liu.se

The server supports the following options for encryption_algorithms_server_to_client :

3des-cbc
aes128-cbc
aes128-ctr
aes128-gcm@openssh.com
aes192-cbc
aes192-ctr
aes256-cbc
aes256-ctr
aes256-gcm@openssh.com
arcfour
arcfour128
arcfour256
blowfish-cbc
cast128-cbc
chacha20-poly1305@openssh.com
rijndael-cbc@lysator.liu.se

The server supports the following options for mac_algorithms_client_to_server :

hmac-md5
hmac-md5-96
hmac-md5-96-etm@openssh.com
hmac-md5-etm@openssh.com
hmac-ripemd160
hmac-ripemd160-etm@openssh.com
hmac-ripemd160@openssh.com
hmac-sha1
hmac-sha1-96
hmac-sha1-96-etm@openssh.com
hmac-sha1-etm@openssh.com
hmac-sha2-256
hmac-sha2-256-etm@openssh.com
hmac-sha2-512
hmac-sha2-512-etm@openssh.com
umac-128-etm@openssh.com
umac-128@openssh.com
umac-64-etm@openssh.com
umac-64@openssh.com

The server supports the following options for mac_algorithms_server_to_client :

hmac-md5
hmac-md5-96
hmac-md5-96-etm@openssh.com
hmac-md5-etm@openssh.com
hmac-ripemd160
hmac-ripemd160-etm@openssh.com
hmac-ripemd160@openssh.com
hmac-sha1
hmac-sha1-96
hmac-sha1-96-etm@openssh.com
hmac-sha1-etm@openssh.com
hmac-sha2-256
hmac-sha2-256-etm@openssh.com
hmac-sha2-512
hmac-sha2-512-etm@openssh.com
umac-128-etm@openssh.com
umac-128@openssh.com
umac-64-etm@openssh.com
umac-64@openssh.com

The server supports the following options for compression_algorithms_client_to_server :

none
zlib@openssh.com

The server supports the following options for compression_algorithms_server_to_client :

none
zlib@openssh.com
106628 (5) - lighttpd HTTP Server Detection
Synopsis
The lighttpd HTTP server was detected on the remote host.
Description
Nessus was able to detect the lighttpd HTTP server by looking at the HTTP banner on the remote host.
See Also
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2018/02/06, Modified: 2018/02/06
Plugin Output

10.0.0.1 (tcp/80)


URL : http://10.0.0.1/
Version : 1.4.39
source : Server: lighttpd/1.4.39

10.0.0.1 (tcp/8090)


URL : http://10.0.0.1:8090/
Version : 1.4.39
source : Server: lighttpd/1.4.39

10.0.0.1 (tcp/8181)


URL : http://10.0.0.1:8181/
Version : 1.4.39
source : Server: lighttpd/1.4.39

10.0.0.1 (tcp/8889)


URL : http://10.0.0.1:8889/
Version : 1.4.39
source : Server: lighttpd/1.4.39

10.0.0.87 (tcp/80)


URL : http://10.0.0.87/
Version : unknown
source : Server: lighttpd
10386 (4) - Web Server No 404 Error Code Check
Synopsis
The remote web server does not return 404 error codes.
Description
The remote web server is configured such that it does not return '404 Not Found' error codes when a nonexistent file is requested, perhaps returning instead a site map, search page or authentication page.

Nessus has enabled some counter measures for this. However, they might be insufficient. If a great number of security holes are produced for this port, they might not all be accurate.
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2000/04/28, Modified: 2015/10/13
Plugin Output

10.0.0.1 (tcp/80)


The following body tag will be used :
bgcolor="#ffffff"

10.0.0.44 (tcp/80)



CGI scanning will be disabled for this host because the host responds
to requests for non-existent URLs with HTTP code 301
rather than 404. The requested URL was :

http://10.0.0.44/Hw7YAr0pWnuY.html

10.0.0.46 (tcp/80)



CGI scanning will be disabled for this host because the host responds
to requests for non-existent URLs with HTTP code 301
rather than 404. The requested URL was :

http://10.0.0.46/9di8LIdACV1Q.html

10.0.0.47 (tcp/80)



CGI scanning will be disabled for this host because the host responds
to requests for non-existent URLs with HTTP code 301
rather than 404. The requested URL was :

http://10.0.0.47/2QVoMHWRInx2.html
10785 (4) - Microsoft Windows SMB NativeLanManager Remote System Information Disclosure
Synopsis
It was possible to obtain information about the remote operating system.
Description
Nessus was able to obtain the remote operating system name and version (Windows and/or Samba) by sending an authentication request to port 139 or 445. Note that this plugin requires SMB1 to be enabled on the host.
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2001/10/17, Modified: 2017/11/30
Plugin Output

10.0.0.14 (tcp/445)

The remote Operating System is : Windows Server (R) 2008 Standard 6002 Service Pack 2
The remote native LAN manager is : Windows Server (R) 2008 Standard 6.0
The remote SMB Domain Name is : demo

10.0.0.64 (tcp/445)

The remote Operating System is : Windows 7 Professional 7601 Service Pack 1
The remote native LAN manager is : Windows 7 Professional 6.1
The remote SMB Domain Name is : demo

10.0.0.133 (tcp/445)

The remote Operating System is : Windows 6.1
The remote native LAN manager is : Samba 4.7.0
The remote SMB Domain Name is : demoSFREADYNAS01

10.0.0.148 (tcp/445)

The remote Operating System is : Windows Server 2016 Standard 14393
The remote native LAN manager is : Windows Server 2016 Standard 6.3
The remote SMB Domain Name is : demoSFVEEAM
11002 (4) - DNS Server Detection
Synopsis
A DNS server is listening on the remote host.
Description
The remote service is a Domain Name System (DNS) server, which provides a mapping between hostnames and IP addresses.
See Also
Solution
Disable this service if it is not needed or restrict access to internal hosts only if the service is available externally.
Risk Factor
None
Plugin Information:
Published: 2003/02/13, Modified: 2017/05/16
Plugin Output

10.0.0.25 (tcp/53)

10.0.0.25 (udp/53)

10.0.0.27 (tcp/53)

10.0.0.27 (udp/53)

35297 (4) - SSL Service Requests Client Certificate
Synopsis
The remote service requests an SSL client certificate.
Description
The remote service encrypts communications using SSL/TLS, requests a client certificate, and may require a valid certificate in order to establish a connection to the underlying service.
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2009/01/06, Modified: 2017/06/15
Plugin Output

10.0.0.25 (tcp/636)


A TLSv1/SSLv3 server is listening on this port that requests a client certificate.

10.0.0.25 (tcp/3269)


A TLSv1/SSLv3 server is listening on this port that requests a client certificate.

10.0.0.27 (tcp/636)


A TLSv1/SSLv3 server is listening on this port that requests a client certificate.

10.0.0.27 (tcp/3269)


A TLSv1/SSLv3 server is listening on this port that requests a client certificate.
96982 (4) - Server Message Block (SMB) Protocol Version 1 Enabled (uncredentialed check)
Synopsis
The remote Windows host supports the SMBv1 protocol.
Description
The remote Windows host supports Server Message Block Protocol version 1 (SMBv1). Microsoft recommends that users discontinue the use of SMBv1 due to the lack of security features that were included in later SMB versions. Additionally, the Shadow Brokers group reportedly has an exploit that affects SMB; however, it is unknown if the exploit affects SMBv1 or another version. In response to this, US-CERT recommends that users disable SMBv1 per SMB best practices to mitigate these potential issues.
See Also
Solution
Disable SMBv1 according to the vendor instructions in Microsoft KB2696547. Additionally, block SMB directly by blocking TCP port 445 on all network boundary devices. For SMB over the NetBIOS API, block TCP ports 137 / 139 and UDP ports 137 / 138 on all network boundary devices.
Risk Factor
None
References
XREF OSVDB:151058
Plugin Information:
Published: 2017/02/03, Modified: 2017/02/16
Plugin Output

10.0.0.14 (tcp/445)


The remote host supports SMBv1.

10.0.0.64 (tcp/445)


The remote host supports SMBv1.

10.0.0.133 (tcp/445)


The remote host supports SMBv1.

10.0.0.148 (tcp/445)


The remote host supports SMBv1.
100871 (4) - Microsoft Windows SMB Versions Supported (remote check)
Synopsis
It was possible to obtain information about the version of SMB running on the remote host.
Description
Nessus was able to obtain the version of SMB running on the remote host by sending an authentication request to port 139 or 445.

Note that this plugin is a remote check and does not work on agents.
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2017/06/19, Modified: 2017/06/19
Plugin Output

10.0.0.14 (tcp/445)


The remote host supports the following versions of SMB :
SMBv1
SMBv2

10.0.0.64 (tcp/445)


The remote host supports the following versions of SMB :
SMBv1
SMBv2

10.0.0.133 (tcp/445)


The remote host supports the following versions of SMB :
SMBv1
SMBv2

10.0.0.148 (tcp/445)


The remote host supports the following versions of SMB :
SMBv1
SMBv2
10092 (3) - FTP Server Detection
Synopsis
An FTP server is listening on a remote port.
Description
It is possible to obtain the banner of the remote FTP server by connecting to a remote port.
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 1999/10/12, Modified: 2018/02/12
Plugin Output

10.0.0.14 (tcp/21)


The remote FTP banner is :

220 Microsoft FTP Service

10.0.0.110 (tcp/21)


The remote FTP banner is :

220 (vsFTPd 2.0.5)

10.0.0.169 (tcp/21)


The remote FTP banner is :

220 (vsFTPd 2.0.5)
10394 (3) - Microsoft Windows SMB Log In Possible
Synopsis
It was possible to log into the remote host.
Description
The remote host is running a Microsoft Windows operating system or Samba, a CIFS/SMB server for Unix. It was possible to log into it using one of the following accounts :

- NULL session
- Guest account
- Supplied credentials
See Also
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2000/05/09, Modified: 2017/11/06
Plugin Output

10.0.0.14 (tcp/445)

- NULL sessions are enabled on the remote host.
- The SMB tests will be done as demo\trapp_admin/******

10.0.0.64 (tcp/445)

- NULL sessions are enabled on the remote host.
- The SMB tests will be done as demo\trapp_admin/******

10.0.0.133 (tcp/445)

- NULL sessions are enabled on the remote host.
10395 (3) - Microsoft Windows SMB Shares Enumeration
Synopsis
It is possible to enumerate remote network shares.
Description
By connecting to the remote host, Nessus was able to enumerate the network share names.
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2000/05/09, Modified: 2015/01/12
Plugin Output

10.0.0.14 (tcp/445)


Here are the SMB shares available on the remote host when logged in as trapp_admin:

- ADMIN$
- C$
- D$
- Installer
- IPC$
- SampleReports
- SystemUpdate

10.0.0.64 (tcp/445)


Here are the SMB shares available on the remote host when logged in as trapp_admin:

- ADMIN$
- C$
- IPC$
- print$
- Users
- VBRCatalog

10.0.0.133 (tcp/445)


Here are the SMB shares available on the remote host :

- Backup
- IPC$
10859 (3) - Microsoft Windows SMB LsaQueryInformationPolicy Function SID Enumeration
Synopsis
It is possible to obtain the host SID for the remote host.
Description
By emulating the call to LsaQueryInformationPolicy(), it was possible to obtain the host SID (Security Identifier).

The host SID can then be used to get the list of local users.
See Also
Solution
You can prevent anonymous lookups of the host SID by setting the 'RestrictAnonymous' registry setting to an appropriate value.

Refer to the 'See also' section for guidance.
Risk Factor
None
References
BID 959
CVE CVE-2000-1200
XREF OSVDB:715
Plugin Information:
Published: 2002/02/13, Modified: 2015/11/18
Plugin Output

10.0.0.14 (tcp/445)


The remote host SID value is :

1-5-21-2733907408-164282405-2434571311

The value of 'RestrictAnonymous' setting is : 0

10.0.0.64 (tcp/445)


The remote host SID value is :

1-5-21-1002455619-2400799004-1662485122

The value of 'RestrictAnonymous' setting is : 0

10.0.0.133 (tcp/445)


The remote host SID value is :

1-5-21-1519292070-739106362-3439295607

The value of 'RestrictAnonymous' setting is : unknown
10860 (3) - SMB Use Host SID to Enumerate Local Users
Synopsis
Nessus was able to enumerate local users.
Description
Using the host security identifier (SID), Nessus was able to enumerate local users on the remote Windows system.
Solution
n/a
Risk Factor
None
References
XREF OSVDB:714
Plugin Information:
Published: 2002/02/13, Modified: 2017/02/02
Plugin Output

10.0.0.14 (tcp/445)


- Administrator (id 500, Administrator account)
- Guest (id 501, Guest account)
- SUPPORT_388945a0 (id 1001)
- IUSR_QUEEN (id 1003)
- IWAM_QUEEN (id 1004)
- ASPNET (id 1006)
- FileServiceUser (id 1009)
- avaya (id 1010)

Note that, in addition to the Administrator and Guest accounts, Nessus
has enumerated only those local users with IDs between 1000 and 1200.
To use a different range, edit the scan policy and change the 'Start
UID' and/or 'End UID' preferences for this plugin, then re-run the
scan.

10.0.0.64 (tcp/445)


- Administrator (id 500, Administrator account)
- Guest (id 501, Guest account)
- GXK9JS1 (id 1000)
- IT (id 1002)
- ASPNET (id 1004)
- oishelper (id 1005)

Note that, in addition to the Administrator and Guest accounts, Nessus
has enumerated only those local users with IDs between 1000 and 1200.
To use a different range, edit the scan policy and change the 'Start
UID' and/or 'End UID' preferences for this plugin, then re-run the
scan.

10.0.0.133 (tcp/445)


- guest (id 501, Guest account)
- admin (id 1000)
- demoadmin (id 1001)

Note that, in addition to the Administrator and Guest accounts, Nessus
has enumerated only those local users with IDs between 1000 and 1200.
To use a different range, edit the scan policy and change the 'Start
UID' and/or 'End UID' preferences for this plugin, then re-run the
scan.
10884 (3) - Network Time Protocol (NTP) Server Detection
Synopsis
An NTP server is listening on the remote host.
Description
An NTP server is listening on port 123. If not securely configured, it may provide information about its version, current date, current time, and possibly system information.
See Also
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2015/03/20, Modified: 2017/05/31
Plugin Output

10.0.0.1 (udp/123)


An NTP service has been discovered, listening on port 123.

No sensitive information has been disclosed.

Version : unknown

10.0.0.25 (udp/123)


An NTP service has been discovered, listening on port 123.

No sensitive information has been disclosed.

Version : unknown

10.0.0.27 (udp/123)


An NTP service has been discovered, listening on port 123.

No sensitive information has been disclosed.

Version : unknown
11422 (3) - Web Server Unconfigured - Default Install Page Present
Synopsis
The remote web server is not configured or is improperly configured.
Description
The remote web server uses its default welcome page. Therefore, it's probable that this server is not used at all or is serving content that is meant to be hidden.
Solution
Disable this service if you do not use it.
Risk Factor
None
References
XREF OSVDB:3233
Plugin Information:
Published: 2003/03/20, Modified: 2016/03/09
Plugin Output

10.0.0.21 (tcp/443)


The default welcome page is from IIS.

10.0.0.22 (tcp/80)


The default welcome page is from IIS.

10.0.0.25 (tcp/443)


The default welcome page is from IIS.
17651 (3) - Microsoft Windows SMB : Obtains the Password Policy
Synopsis
It is possible to retrieve the remote host's password policy using the supplied credentials.
Description
Using the supplied credentials it was possible to extract the password policy for the remote Windows host. The password policy must conform to the Informational System Policy.
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2005/03/30, Modified: 2015/01/12
Plugin Output

10.0.0.14 (tcp/445)

The following password policy is defined on the remote host:

Minimum password len: 0
Password history len: 0
Maximum password age (d): 42
Password must meet complexity requirements: Disabled
Minimum password age (d): 0
Forced logoff time (s): Not set
Locked account time (s): 600
Time between failed logon (s): 600
Number of invalid logon before locked out (s): 0

10.0.0.64 (tcp/445)

The following password policy is defined on the remote host:

Minimum password len: 0
Password history len: 0
Maximum password age (d): 42
Password must meet complexity requirements: Disabled
Minimum password age (d): 0
Forced logoff time (s): Not set
Locked account time (s): 600
Time between failed logon (s): 600
Number of invalid logon before locked out (s): 0

10.0.0.133 (tcp/445)

The following password policy is defined on the remote host:

Minimum password len: 5
Password history len: 0
Maximum password age (d): No limit
Password must meet complexity requirements: Disabled
Minimum password age (d): 0
Forced logoff time (s): Not set
Locked account time (s): 1800
Time between failed logon (s): 1800
Number of invalid logon before locked out (s): 0
42410 (3) - Microsoft Windows NTLMSSP Authentication Request Remote Network Name Disclosure
Synopsis
It is possible to obtain the network name of the remote host.
Description
The remote host listens on tcp port 445 and replies to SMB requests.

By sending an NTLMSSP authentication request it is possible to obtain the name of the remote system and the name of its domain.
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2009/11/06, Modified: 2011/03/27
Plugin Output

10.0.0.14 (tcp/445)

The following 2 NetBIOS names have been gathered :

QUEEN = Computer name
demo = Workgroup / Domain name

10.0.0.64 (tcp/445)

The following 2 NetBIOS names have been gathered :

SF-GXK9JS1 = Computer name
demo = Workgroup / Domain name

10.0.0.148 (tcp/445)

The following 2 NetBIOS names have been gathered :

demoSFVEEAM = Computer name
demoSFVEEAM = Workgroup / Domain name
60119 (3) - Microsoft Windows SMB Share Permissions Enumeration
Synopsis
It was possible to enumerate the permissions of remote network shares.
Description
By using the supplied credentials, Nessus was able to enumerate the permissions of network shares. User permissions are enumerated for each network share that has a list of access control entries (ACEs).
See Also
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2012/07/25, Modified: 2017/12/15
Plugin Output

10.0.0.14 (tcp/445)


Share path : \\QUEEN\Installer
Local path : D:\Installer
[*] Allow ACE for demo\ITstaff: 0x001301bf
FILE_GENERIC_READ: YES
FILE_GENERIC_WRITE: YES
FILE_GENERIC_EXECUTE: YES
[*] Allow ACE for demo\mepadm: 0x001301bf
FILE_GENERIC_READ: YES
FILE_GENERIC_WRITE: YES
FILE_GENERIC_EXECUTE: YES
[*] Allow ACE for demo\demoadm: 0x001301bf
FILE_GENERIC_READ: YES
FILE_GENERIC_WRITE: YES
FILE_GENERIC_EXECUTE: YES
[*] Allow ACE for demo\Domain Admins: 0x001f01ff
FILE_GENERIC_READ: YES
FILE_GENERIC_WRITE: YES
FILE_GENERIC_EXECUTE: YES
[*] Allow ACE for demo\oishelper: 0x001f01ff
FILE_GENERIC_READ: YES
FILE_GENERIC_WRITE: YES
FILE_GENERIC_EXECUTE: YES

Share path : \\QUEEN\SampleReports
Local path : C:\Program Files\Microsoft Dynamics\Business Portal\Applications\ReportsCatalog\SampleReports
[*] Allow ACE for QUEEN\FileServiceUser: 0x001f01ff
FILE_GENERIC_READ: YES
FILE_GENERIC_WRITE: YES
FILE_GENERIC_EXECUTE: YES
[*] Allow ACE for NT AUTHORITY\NETWORK SERVICE: 0x001f01ff
FILE_GENERIC_READ: YES
FILE_GENERIC_WRITE: YES
FILE_GENERIC_EXECUTE: YES

Share path : \\QUEEN\SystemUpdate
Local path : D:\TV_SU
[*] Allow ACE for demo\Domain Admins: 0x001f01ff
FILE_GENERIC_READ: YES
FILE_GENERIC_WRITE: YES
FILE_GENERIC_EXECUTE: YES
[*] Allow ACE for Everyone: 0x000012a9
FILE_GENERIC_READ: YES
FILE_GENERIC_WRITE: NO
FILE_GENERIC_EXECUTE: YES

10.0.0.64 (tcp/445)


Share path : \\SF-GXK9JS1\print$
Local path : C:\Windows\system32\spool\drivers
Comment : Printer Drivers
[*] Allow ACE for Everyone: 0x000012a9
FILE_GENERIC_READ: YES
FILE_GENERIC_WRITE: NO
FILE_GENERIC_EXECUTE: YES
[*] Allow ACE for BUILTIN\Administrators: 0x001f01ff
FILE_GENERIC_READ: YES
FILE_GENERIC_WRITE: YES
FILE_GENERIC_EXECUTE: YES

Share path : \\SF-GXK9JS1\Users
Local path : C:\Users
[*] Allow ACE for BUILTIN\Administrators: 0x001f01ff
FILE_GENERIC_READ: YES
FILE_GENERIC_WRITE: YES
FILE_GENERIC_EXECUTE: YES
[*] Allow ACE for Everyone: 0x001f01ff
FILE_GENERIC_READ: YES
FILE_GENERIC_WRITE: YES
FILE_GENERIC_EXECUTE: YES

Share path : \\SF-GXK9JS1\VBRCatalog
Local path : C:\VBRCatalog
[*] Allow ACE for BUILTIN\Administrators: 0x000012a9
FILE_GENERIC_READ: YES
FILE_GENERIC_WRITE: NO
FILE_GENERIC_EXECUTE: YES

10.0.0.133 (tcp/445)


Share path : \\demoSFREADYNAS01\Backup
Local path : C:\data\Backup
[*] Allow ACE for Everyone: 0x001f01ff
FILE_GENERIC_READ: YES
FILE_GENERIC_WRITE: YES
FILE_GENERIC_EXECUTE: YES

Share path : \\demoSFREADYNAS01\IPC$
Local path : C:\tmp
Comment : IPC Service ("demoSFReadyNAS01")
[*] Allow ACE for Everyone: 0x001f01ff
FILE_GENERIC_READ: YES
FILE_GENERIC_WRITE: YES
FILE_GENERIC_EXECUTE: YES
66334 (3) - Patch Report
Synopsis
The remote host is missing several patches.
Description
The remote host is missing one or more security patches. This plugin lists the newest version of each patch to install to make sure the remote host is up-to-date.
Solution
Install the patches listed below.
Risk Factor
None
Plugin Information:
Published: 2013/07/08, Modified: 2018/04/18
Plugin Output

10.0.0.14 (tcp/0)



. You need to take the following 18 actions :

+ Install the following Microsoft patches :
- KB4041093 (MS18-01) (5 vulnerabilities)
- KB4054174 (MS18-01) (5 vulnerabilities)
- KB4054996 (MS18-01) (5 vulnerabilities)
- KB977816
- KB4093478 (1 vulnerabilities)
- KB4093257
- KB4093227
- KB4093224 (2 vulnerabilities)
- KB4093223 (1 vulnerabilities)
- KB4092946 (1 vulnerabilities)
- KB4091756
- KB4089453
- KB4025872
- KB3125869
- KB2813707

[ Adobe Flash Player <= 29.0.0.113 (APSB18-08) (108958) ]

+ Action to take : Upgrade to Adobe Flash Player version 29.0.0.140 or later.

+Impact : Taking this action will resolve 879 different vulnerabilities (CVEs).



[ HP MFP Digital Sending Software < 4.18.3 Local Unspecified Authentication Bypass (46676) ]

+ Action to take : Upgrade to HP MFP Digital Sending Software 4.18.5 or later.

Note that HP initially recommended upgrading to version 4.18.3. While that version does address the vulnerability, it also introduces a non-security defect and HP now recommends upgrading to version 4.18.5.


[ Oracle Document Capture Multiple Vulnerabilities (51873) ]

+ Action to take : If using Oracle's Document Capture client, apply the patch from Oracle to disable the ActiveX controls.

If using a different application that includes the NCSEcw.dll control, set the kill bit for the affect control as discussed in Hexagon Geospatial's advisory.

+Impact : Taking this action will resolve 5 different vulnerabilities (CVEs).



[ Oracle Java SE Multiple Vulnerabilities (April 2018 CPU) (109202) ]

+ Action to take : Upgrade to Oracle JDK / JRE 10 Update 1, 8 Update 171 / 7 Update 181 / 6 Update 191 or later. If necessary, remove any affected versions.

Note that an Extended Support contract with Oracle is needed to obtain JDK / JRE 6 Update 95 or later.

+Impact : Taking this action will resolve 20 different vulnerabilities (CVEs).


10.0.0.47 (tcp/0)



. You need to take the following action :

[ VMware vCenter Server 5.5.x < 5.5U3g / 6.0.x < 6.0U3d / 6.5.x < 6.5U1e Hypervisor-Assisted Guest Remediation (VMSA-2018-0004) (Spectre) (105784) ]

+ Action to take : Upgrade to VMware vCenter Server version 5.5.U3g (5.5.0 build-7460778) / 6.0U3d (6.0.0 build-7464194) / 6.5U1e (6.5.0 build-7515524) or later.

+Impact : Taking this action will resolve 96 different vulnerabilities (CVEs).


10.0.0.64 (tcp/0)



. You need to take the following 14 actions :

+ Install the following Microsoft patches :
- KB4054183 (MS18-01) (5 vulnerabilities)
- KB4055002 (MS18-01) (5 vulnerabilities)
- KB4100480
- KB4093118 (23 vulnerabilities)
- KB4093108
- KB4092946 (8 vulnerabilities)
- KB4041090
- KB3125869
- KB2813707

[ Adobe Flash Player <= 29.0.0.113 (APSB18-08) (108958) ]

+ Action to take : Upgrade to Adobe Flash Player version 29.0.0.140 or later.

+Impact : Taking this action will resolve 20 different vulnerabilities (CVEs).



[ Adobe Reader < 11.0.23 / 2015.006.30392 / 2017.011.30068 / 2018.009.20044 Multiple Vulnerabilities (APSB17-36) (104627) ]

+ Action to take : Upgrade to Adobe Reader 11.0.23 / 2015.006.30392 / 2017.011.30068 / 2018.009.20044 or later.

+Impact : Taking this action will resolve 490 different vulnerabilities (CVEs).



[ Adobe Shockwave Player <= 12.2.9.199 Memory Corruption RCE (APSB17-40) (104628) ]

+ Action to take : Upgrade to Adobe Shockwave Player version 12.3.1.201 or later.

+Impact : Taking this action will resolve 2 different vulnerabilities (CVEs).



[ Google Chrome < 65.0.3325.146 Multiple Vulnerabilities (107220) ]

+ Action to take : Upgrade to Google Chrome version 65.0.3325.146 or later.

+Impact : Taking this action will resolve 54 different vulnerabilities (CVEs).



[ Mozilla Firefox ESR < 59.0.2 Denial of Service Vulnerability (108756) ]

+ Action to take : Upgrade to Mozilla Firefox ESR version 59.0.2 or later.

+Impact : Taking this action will resolve 412 different vulnerabilities (CVEs).



[ Oracle Java SE Multiple Vulnerabilities (April 2018 CPU) (109202) ]

+ Action to take : Upgrade to Oracle JDK / JRE 10 Update 1, 8 Update 171 / 7 Update 181 / 6 Update 191 or later. If necessary, remove any affected versions.

Note that an Extended Support contract with Oracle is needed to obtain JDK / JRE 6 Update 95 or later.

+Impact : Taking this action will resolve 78 different vulnerabilities (CVEs).


94761 (3) - SSL Root Certification Authority Certificate Information
Synopsis
A root Certification Authority certificate was found at the top of the certificate chain.
Description
The remote service uses an SSL certificate chain that contains a self-signed root Certification Authority certificate at the top of the chain.
See Also
Solution
Ensure that use of this root Certification Authority certificate complies with your organization's acceptable use and security policies.
Risk Factor
None
Plugin Information:
Published: 2016/11/14, Modified: 2016/11/14
Plugin Output

10.0.0.94 (tcp/443)


The following root Certification Authority certificate was found :

|-Subject : C=US/O=The Go Daddy Group, Inc./OU=Go Daddy Class 2 Certification Authority
|-Issuer : C=US/O=The Go Daddy Group, Inc./OU=Go Daddy Class 2 Certification Authority
|-Valid From : Jun 29 17:06:20 2004 GMT
|-Valid To : Jun 29 17:06:20 2034 GMT
|-Signature Algorithm : SHA-1 With RSA Encryption

10.0.0.158 (tcp/25)


The following root Certification Authority certificate was found :

|-Subject : C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com, Inc./CN=Go Daddy Root Certificate Authority - G2
|-Issuer : C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com, Inc./CN=Go Daddy Root Certificate Authority - G2
|-Valid From : Sep 01 00:00:00 2009 GMT
|-Valid To : Dec 31 23:59:59 2037 GMT
|-Signature Algorithm : SHA-256 With RSA Encryption

10.0.0.158 (tcp/443)


The following root Certification Authority certificate was found :

|-Subject : C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com, Inc./CN=Go Daddy Root Certificate Authority - G2
|-Issuer : C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com, Inc./CN=Go Daddy Root Certificate Authority - G2
|-Valid From : Sep 01 00:00:00 2009 GMT
|-Valid To : Dec 31 23:59:59 2037 GMT
|-Signature Algorithm : SHA-256 With RSA Encryption
106658 (3) - JQuery Detection
Synopsis
The web server on the remote host uses JQuery.
Description
Nessus was able to detect JQuery on the remote host.
See Also
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2018/02/07, Modified: 2018/02/07
Plugin Output

10.0.0.1 (tcp/80)


URL : http://10.0.0.1/third_party/jquery/jquery-1.10.1.min.js
Version : 1.10.1

10.0.0.1 (tcp/8181)


URL : http://10.0.0.1:8181/third_party/jquery/jquery-1.10.1.min.js
Version : 1.10.1

10.0.0.87 (tcp/80)


URL : http://10.0.0.87/htdocs/static/bt1478808613/jquery/jquery_1_7_1/jquery-1.7.1.min.js
Version : 1.7.1
10144 (2) - Microsoft SQL Server TCP/IP Listener Detection
Synopsis
A database server is listening on the remote port.
Description
The remote host is running MSSQL, a database server from Microsoft. It is possible to extract the version number of the remote installation from the server pre-login response.
Solution
Restrict access to the database to allowed IPs only.
Risk Factor
None
References
XREF OSVDB:112
Plugin Information:
Published: 1999/10/12, Modified: 2018/03/30
Plugin Output

10.0.0.8 (tcp/1433)


The remote MSSQL server accepts cleartext logins.
The remote SQL Server version is 10.50.6000.0.

The remote SQL Server instance name is MSSQLSERVER.

10.0.0.64 (tcp/49570)


The remote MSSQL server accepts cleartext logins.
The remote SQL Server version is 11.0.6251.0.

The remote SQL Server instance name is VEEAMSQL2012.
10223 (2) - RPC portmapper Service Detection
Synopsis
An ONC RPC portmapper is running on the remote host.
Description
The RPC portmapper is running on this port.

The portmapper allows someone to get the port number of each RPC service running on the remote host by sending either multiple lookup requests or a DUMP request.
Solution
n/a
Risk Factor
None
References
Plugin Information:
Published: 1999/08/19, Modified: 2014/02/19
Plugin Output

10.0.0.64 (udp/111)

10.0.0.148 (udp/111)

10281 (2) - Telnet Server Detection
Synopsis
A Telnet server is listening on the remote port.
Description
The remote host is running a Telnet server, a remote terminal server.
Solution
Disable this service if you do not use it.
Risk Factor
None
Plugin Information:
Published: 1999/10/12, Modified: 2018/02/12
Plugin Output

10.0.0.248 (tcp/23)

Here is the banner from the remote Telnet server :

------------------------------ snip ------------------------------
.[24;1H
.[?25h.[24;11H.[2J.[?7l.[3;23r.[?6l.[1;1H.[?25l.[1;1HProCurve J9280A Switch 2510G-48
Software revision Y.11.12

Copyright (C) 1991-2009 Hewlett-Packard Co. All Rights Reserved.

RESTRICTED RIGHTS LEGEND

Use, duplication, or disclosure by the Government is subject to restrictions
as set forth in subdivision (b) (3) (ii) of the Rights in Technical Data and
Computer Software clause at 52.227-7013.

HEWLETT-PACKARD COMPANY, 3000 Hanover St., Palo Alto, CA 94303

We'd like to keep you up to date about:
* Software feature updates
* New product announcements
* Special events

Please register your products now at: www.ProCurve.com


.[1;24r.[1;1H.[24;1HUsername: .[?25h.[24;1H.[?25h.[24;11H.[24;11H.[?25h.[24;11H
------------------------------ snip ------------------------------

10.0.0.249 (tcp/23)

Here is the banner from the remote Telnet server :

------------------------------ snip ------------------------------
.[2J.[?7l.[3;23r.[?6l.[1;1H.[?25l.[1;1HProCurve J8773A Switch 4208vl
Software revision L.11.47

Copyright (C) 1991-2017 Hewlett-Packard Co. All Rights Reserved.

RESTRICTED RIGHTS LEGEND

Use, duplication, or disclosure by the Government is subject to restrictions
as set forth in subdivision (b) (3) (ii) of the Rights in Technical Data and
Computer Software clause at 52.227-7013.

HEWLETT-PACKARD COMPANY, 3000 Hanover St., Palo Alto, CA 94303

We'd like to keep you up to date about:
* Software feature updates
* New product announcements
* Special events

Please register your products now at: www.ProCurve.com


.[24;1HPress any key to continue.[1;1H.[?25h.[24;27H
------------------------------ snip ------------------------------
10396 (2) - Microsoft Windows SMB Shares Access
Synopsis
It is possible to access a network share.
Description
The remote has one or more Windows shares that can be accessed through the network with the given credentials.

Depending on the share rights, it may allow an attacker to read / write confidential data.
Solution
To restrict access under Windows, open Explorer, do a right click on each share, go to the 'sharing' tab, and click on 'permissions'.
Risk Factor
None
References
CVE CVE-1999-0519
CVE CVE-1999-0520
XREF OSVDB:299
Plugin Information:
Published: 2000/05/09, Modified: 2015/11/18
Plugin Output

10.0.0.14 (tcp/445)


The following shares can be accessed as trapp_admin :

- SystemUpdate - (readable,writable)
+ Content of this share :
..
WHAT_IS_THIS.TXT

- ADMIN$ - (readable,writable)
+ Content of this share :
..
$Reconfig$
adam
addins
adfs
adfs.msp
adfsmig.log
AdfsOcm.log
Application Compatibility Scripts
AppPatch
assembly
bfsvc.exe
Boot
bootstat.dat
bosetup.mif
Branding
Cluster
comsetup.log
control.ini
Cursors
debug
desktop.ini
diagerr.xml
diagwrn.xml
DigitalLocker
Downloaded Installations
Downloaded Program Files
DtcInstall.log
en
en-US
explorer.exe
FltMgr
Fonts
fveupdate.exe
Globalization
Help
HelpPane.exe
hh.exe
ie8
ie8updates
ie8_main.log
IE9_main.log
IIS Temporary Compressed Files
iis7.log
iis7_gather.log
IME
inf
Installer
IsUninst.exe
java
L2Schemas
LiveKernelReports
Logs
Media
MEMORY.DMP
mib.bin
Microsoft.NET
Migration
Minidump
ModemLogs
MSAgent
msapps
msdfmap.ini
nap
netfx20.log
nfsocm.log
ocwss.log
ODBC.INI
ODBCINST.INI
Offline Web Pages
Panther
PCHEALTH
PFRO.log
PIF
PLA
PMCSnap
PolicyBackup
PolicyDefinitions
Provisioning
pss
regedit.exe
RegisteredPackages
Registration
RemotePackages
rescache
Resources
SchCache
schemas
security
ServerStandard.xml
ServiceProfiles
servicing
Setup
setupact.log

- C$ - (readable,writable)
+ Content of this share :
$Recycle.Bin
$WINDOWS.~Q
.rnd
ADFS
AUTOEXEC.BAT
Backup Exec AOFO Store
BEW-5bb71260a1c046e0b3a59f2b4a8f095b
BEW-7c678ddef72140498dcabcf5285503b3
Boot
Boot.BAK
Boot.ini.saved
bootmgr
BOOTSECT.BAK
Config.Msi
CONFIG.SYS
CPQSYSTEM
DbgOut.txt
Documents and Settings
Inetpub
IO.SYS
msde2000_setup.log
MSDOS.SYS
msizap.exe
NTDETECT.COM
ntldr
pagefile.sys
PerfLogs
Program Files
ProgramData
ScriptLogic
StorageReports
System Volume Information
Users
VxPushRA
Win32.Worm.Downladup.Gen.log
Windows
wmpub

- D$ - (readable,writable)
+ Content of this share :
1485adef94b63e5273e7bca519
16b4042413a9cc500724bc5bf6afed
355704dbbf3f7dc1bd7d898be9b5
47805acc1a47ccf5fbfab49d38404924
5f1e3b86cc99b67ac5b627d9f37d519b
81d17b642aafd3d894a1
8497c53fd5f8bf315b4bb0b1da
ActiveAdministrator Policies
ARCHIVE
avaya install
Backup Exec AOFO Store
BEW-6295dfcf333f4f42aec2cb324e87062f
BP Upgrade Utilities.zip
demoadm Desktop contents
c4cd6708406927b81fda820a6f
d2d327434bff90a771a294
Files Moved From C Drive
Installer
IPSets Firmware
ljmfpDSS
RAWS32
System Volume Information
TV_SU
VMfiles

- Installer - (readable,writable)
+ Content of this share :
..
.DS_Store
.TemporaryItems
7200E_PBrER4.0.0_rel220_PL1.6.1.48_A4.0.0.185.exe
Acrobat
Active Administrator
Adobe Creative Suite CS5
Adobe Plugins
AdobeKeys
Adobe_Acrobat_9_Pro
Adobe_Acrobat_9_Standard
Apple Quicktime
Autorun.exe
Avaya
bd_rem_tool
bd_rem_tool.zip
Blackberry 7230 software installation instructions 2006-02-15.pdf
Blackberry Desktop Manager
demo-dot-org
demo_Fonts
demo__Microsoft_LicenseKeys_2010728.csv
demo__Microsoft_LicenseKeys_2010728.xls
CentOS_ISO
Dell 2330dn
Dell E4310 Integrated Webcam
DellBroadcom
doc2pdf2_setup.exe
Dropbox
EMC AX100 storage array utilities and docs
EMC Sansurfer
Firefox
FontPack810_zh_CN.msi
Ghost Solution Suite 8.2
goodies
Google Pinyin
HP 6930
HP ProtectTools and related
HP SoftPaqs
HP_Laptop_XP_KEY
HTML
I386
IBM Access Connection V4.12
IBM Thinkpad Driver Wizard
IBM Utlities
IceSword122en.zip
IIS60ResourceKit
Instant Messaging
Internet Explorer
Java
Jing Screen Recorder
Lingoes
LiveMeeting2007
MacSoftware
Malwarebytes
MBS
MBSA
Microsoft .NET Framework 3.5 Service Pack 1

10.0.0.64 (tcp/445)


The following shares can be accessed as trapp_admin :

- VBRCatalog - (readable)
+ Content of this share :
..
Import
Index
Journal
Publications
Replication
Search
Tapes
WasteBin

- ADMIN$ - (readable,writable)
+ Content of this share :
..
addins
AppCompat
AppPatch
assembly
atiogl.xml
ativpsrm.bin
bfsvc.exe
Boot
bootstat.dat
Branding
CSC
csup.txt
Cursors
dasetup.log
debug
Dell
diagnostics
DigitalLocker
DirectX.log
Downloaded Installations
Downloaded Program Files
DPINST.LOG
DtcInstall.log
DYNAMICSSL70C.urg
ehome
en
en-US
erdnt
explorer.exe
Fonts
fveupdate.exe
Globalization
grep.exe
Help
HelpPane.exe
hh.exe
IE10_main.log
IE11_main.log
IE9_main.log
IME
inf
Installer
invcol.tmp
IsUninst.exe
KOBDrvAPIW64.EXE
L2Schemas
LiveKernelReports
Logs
MBR.exe
Media
mib.bin
Microsoft.NET
Migration
ModemLogs
msdfmap.ini
msxml4-KB954430-enu.LOG
msxml4-KB973688-enu.LOG
NIRCMD.exe
notepad.exe
ODBC.INI
ODBCINST.INI
Offline Web Pages
panther
PCHEALTH
Performance
PEV.exe
PFRO.log
PLA
PolicyDefinitions
Prefetch
Professional.xml
pss
regedit.exe
Registration
rescache
Resources
SchCache
schemas
security
sed.exe
ServiceProfiles
servicing
Setup
setupact.log
setuperr.log
ShellNew
SoftwareDistribution
SoftwareDistribution.bak
Speech
splwow64.exe
Starter.xml

- C$ - (readable,writable)
+ Content of this share :
.rnd
apps
ComboFix.txt
DbgOut.txt
dell
dell.sdr
Documents and Settings
Drivers
hiberfil.sys
Intel
MSOCache
pagefile.sys
PerfLogs
Program Files
Program Files (x86)
ProgramData
Qoobox
ScriptLogic
syncfusion_Install.log
System Volume Information
TEMP
Users
VBRCatalog
VeeamFLR
Windows

- Users - (readable,writable)
+ Content of this share :
..
Administrator
All Users
Default
Default User
desktop.ini
everynetwork
GXK9JS1
IT
jsilver
kgrant
kyu
oishelper
oishelper.SF-GXK9JS1
Public
swoods
syap
10398 (2) - Microsoft Windows SMB LsaQueryInformationPolicy Function NULL Session Domain SID Enumeration
Synopsis
It was possible to obtain the domain SID.
Description
By emulating the call to LsaQueryInformationPolicy(), it was possible to obtain the domain SID (Security Identifier).

The domain SID can then be used to get the list of users of the domain.
Solution
n/a
Risk Factor
None
References
BID 959
CVE CVE-2000-1200
XREF OSVDB:715
Plugin Information:
Published: 2000/05/09, Modified: 2016/11/15
Plugin Output

10.0.0.14 (tcp/445)

The remote domain SID value is :
1-5-21-484763869-1958367476-682003330

10.0.0.64 (tcp/445)

The remote domain SID value is :
1-5-21-484763869-1958367476-682003330
10399 (2) - SMB Use Domain SID to Enumerate Users
Synopsis
Nessus was able to enumerate domain users.
Description
Using the domain security identifier (SID), Nessus was able to enumerate the domain users on the remote Windows system.
Solution
n/a
Risk Factor
None
References
BID 959
CVE CVE-2000-1200
XREF OSVDB:714
XREF OSVDB:715
Plugin Information:
Published: 2000/05/09, Modified: 2017/02/02
Plugin Output

10.0.0.14 (tcp/445)


- demoadm (id 500, Administrator account)
- krbtgt (id 502, Kerberos account)
- Guest (id 501, Guest account)
- IUSR_demoMAIL (id 1001)
- IWAM_demoMAIL (id 1002)
- acramer (id 1112)
- dbannerman (id 1124)
- BART$ (id 1166)
- DB$ (id 1176)
- khurst (id 1196)

Note that, in addition to the Administrator, Guest, and Kerberos
accounts, Nessus has enumerated only those domain users with IDs
between 1000 and 1200. To use a different range, edit the scan policy
and change the 'Start UID' and/or 'End UID' preferences for this
plugin, then re-run the scan.

10.0.0.64 (tcp/445)


- demoadm (id 500, Administrator account)
- krbtgt (id 502, Kerberos account)
- Guest (id 501, Guest account)
- IUSR_demoMAIL (id 1001)
- IWAM_demoMAIL (id 1002)
- acramer (id 1112)
- dbannerman (id 1124)
- BART$ (id 1166)
- DB$ (id 1176)
- khurst (id 1196)

Note that, in addition to the Administrator, Guest, and Kerberos
accounts, Nessus has enumerated only those domain users with IDs
between 1000 and 1200. To use a different range, edit the scan policy
and change the 'Start UID' and/or 'End UID' preferences for this
plugin, then re-run the scan.
10400 (2) - Microsoft Windows SMB Registry Remotely Accessible
Synopsis
Access the remote Windows Registry.
Description
It was possible to access the remote Windows Registry using the login / password combination used for the Windows local checks (SMB tests).
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2000/05/09, Modified: 2015/01/12
Plugin Output

10.0.0.14 (tcp/445)

10.0.0.64 (tcp/445)

10456 (2) - Microsoft Windows SMB Service Enumeration
Synopsis
It is possible to enumerate remote services.
Description
This plugin implements the SvcOpenSCManager() and SvcEnumServices() calls to obtain, using the SMB protocol, the list of active and inactive services of the remote host.

An attacker may use this feature to gain better knowledge of the remote host.
Solution
To prevent the listing of the services from being obtained, you should either have tight login restrictions, so that only trusted users can access your host, and/or you should filter incoming traffic to this port.
Risk Factor
None
Plugin Information:
Published: 2000/07/03, Modified: 2015/01/12
Plugin Output

10.0.0.14 (tcp/445)


Active Services :

Application Experience [ AeLookupSvc ]
Application Host Helper Service [ AppHostSvc ]
Base Filtering Engine [ BFE ]
Background Intelligent Transfer Service [ BITS ]
Certificate Propagation [ CertPropSvc ]
COM+ System Application [ COMSysApp ]
Cryptographic Services [ CryptSvc ]
DCOM Server Process Launcher [ DcomLaunch ]
DHCP Client [ Dhcp ]
DNS Client [ Dnscache ]
Diagnostic Policy Service [ DPS ]
Windows Event Log [ EventLog ]
COM+ Event System [ EventSystem ]
Windows Font Cache Service [ FontCache ]
Group Policy Client [ gpsvc ]
IIS Admin Service [ IISADMIN ]
IKE and AuthIP IPsec Keying Modules [ IKEEXT ]
IP Helper [ iphlpsvc ]
KtmRm for Distributed Transaction Coordinator [ KtmRm ]
Server [ LanmanServer ]
Workstation [ LanmanWorkstation ]
TCP/IP NetBIOS Helper [ lmhosts ]
Windows Firewall [ MpsSvc ]
Distributed Transaction Coordinator [ MSDTC ]
FTP Publishing Service [ MSFTPSVC ]
Netlogon [ Netlogon ]
Network Connections [ Netman ]
Network List Service [ netprofm ]
Network Location Awareness [ NlaSvc ]
Network Store Interface Service [ nsi ]
Plug and Play [ PlugPlay ]
IPsec Policy Agent [ PolicyAgent ]
User Profile Service [ ProfSvc ]
Protected Storage [ ProtectedStorage ]
Remote Access Connection Manager [ RasMan ]
Remote Registry [ RemoteRegistry ]
Remote Procedure Call (RPC) [ RpcSs ]
Security Accounts Manager [ SamSs ]
Task Scheduler [ Schedule ]
Secondary Logon [ seclogon ]
System Event Notification Service [ SENS ]
Sentinel Keys Server [ SentinelKeysServer ]
Sentinel Protection Server [ SentinelProtectionServer ]
Terminal Services Configuration [ SessionEnv ]
Shell Hardware Detection [ ShellHWDetection ]
Software Licensing [ slsvc ]
SNMP Service [ SNMP ]
Print Spooler [ Spooler ]
File Server Resource Manager [ SrmSvc ]
Secure Socket Tunneling Protocol Service [ SstpSvc ]
Telephony [ TapiSrv ]
Terminal Services [ TermService ]
Distributed Link Tracking Client [ TrkWks ]
Terminal Services UserMode Port Redirector [ UmRdpService ]
Desktop Window Manager Session Manager [ UxSms ]
VMware Tools [ VMTools ]
Voicemail Pro Service [ VoicemailProServer ]
Windows Time [ W32Time ]
World Wide Web Publishing Service [ W3SVC ]
Windows Process Activation Service [ WAS ]
Diagnostic System Host [ WdiSystemHost ]
Windows Event Collector [ Wecsvc ]
Windows Error Reporting Service [ WerSvc ]
Windows Management Instrumentation [ Winmgmt ]
Windows Remote Management (WS-Management) [ WinRM ]
Windows Live ID Sign-in Assistant [ wlidsvc ]
Windows Update [ wuauserv ]

Inactive Services :

Application Layer Gateway Service [ ALG ]
Application Information [ Appinfo ]
Application Management [ AppMgmt ]
ASP.NET State Service [ aspnet_state ]
Windows Audio Endpoint Builder [ AudioEndpointBuilder ]
Windows Audio [ Audiosrv ]
Computer Browser [ Browser ]
Microsoft .NET Framework NGEN v2.0.50727_X86 [ clr_optimization_v2.0.50727_32 ]
Microsoft .NET Framework NGEN v4.0.30319_X86 [ clr_optimization_v4.0.30319_32 ]
Offline Files [ CscService ]
DFS Namespace [ Dfs ]
Wired AutoConfig [ dot3svc ]
Extensible Authentication Protocol [ EapHost ]
Microsoft Fibre Channel Platform Registration Service [ FCRegSvc ]
Function Discovery Provider Host [ fdPHost ]
Function Discovery Resource Publication [ FDResPub ]
Windows Presentation Foundation Font Cache 3.0.0.0 [ FontCache3.0.0.0 ]
Windows Live Family Safety Service [ fsssvc ]
Human Interface Device Access [ hidserv ]
Health Key and Certificate Management [ hkmsvc ]
HP MFP Digital Sending Software [ HPMfpDigitalSendingSoftware ]
Windows CardSpace [ idsvc ]
PnP-X IP Bus Enumerator [ IPBusEnum ]
CNG Key Isolation [ KeyIso ]
Link-Layer Topology Discovery Mapper [ lltdsvc ]
Microsoft Business Framework queued work item service [ MBFWorkflowService ]
Multimedia Class Scheduler [ MMCSS ]
Microsoft iSCSI Initiator Service [ MSiSCSI ]
Windows Installer [ msiserver ]
Network Access Protection Agent [ napagent ]
Net.Msmq Listener Adapter [ NetMsmqActivator ]
Net.Pipe Listener Adapter [ NetPipeActivator ]
Net.Tcp Listener Adapter [ NetTcpActivator ]
Net.Tcp Port Sharing Service [ NetTcpPortSharing ]
Removable Storage [ NtmsSvc ]
Performance Logs & Alerts [ pla ]
Remote Access Auto Connection Manager [ RasAuto ]
Routing and Remote Access [ RemoteAccess ]
Remote Procedure Call (RPC) Locator [ RpcLocator ]
Remote Access Quarantine Agent [ Rqs ]
Resultant Set of Policy Provider [ RSoPProv ]
Special Administration Console Helper [ sacsvr ]
Smart Card [ SCardSvr ]
Smart Card Removal Policy [ SCPolicySvc ]
Internet Connection Sharing (ICS) [ SharedAccess ]
SL UI Notification Service [ SLUINotify ]
SNMP Trap [ SNMPTRAP ]
File Server Storage Reports Manager [ SrmReports ]
SSDP Discovery [ SSDPSRV ]
Microsoft Software Shadow Copy Provider [ swprv ]
Superfetch [ SysMain ]
TPM Base Services [ TBS ]
Themes [ Themes ]
Thread Ordering Server [ THREADORDER ]
Telnet [ TlntSvr ]
Windows Modules Installer [ TrustedInstaller ]
Interactive Services Detection [ UI0Detect ]
UPnP Device Host [ upnphost ]
Virtual Disk [ vds ]
VMware Snapshot Provider [ vmvss ]
Volume Shadow Copy [ VSS ]
Windows Color System [ WcsPlugInService ]
Diagnostic Service Host [ WdiServiceHost ]
Problem Reports and Solutions Control Panel Support [ wercplsupport ]
WinHTTP Web Proxy Auto-Discovery Service [ WinHttpAutoProxySvc ]
Windows Live Mesh remote connections service [ wlcrasvc ]
WMI Performance Adapter [ wmiApSrv ]
Web Management Service [ WMSvc ]
Portable Device Enumerator Service [ WPDBusEnum ]
Windows Presentation Foundation Font Cache 4.0.0.0 [ WPFFontCache_v0400 ]
Windows Driver Foundation - User-mode Driver Framework [ wudfsvc ]

10.0.0.64 (tcp/445)


Active Services :

Adobe Acrobat Update Service [ AdobeARMservice ]
AMD External Events Utility [ AMD External Events Utility ]
Application Information [ Appinfo ]
Windows Audio Endpoint Builder [ AudioEndpointBuilder ]
Windows Audio [ AudioSrv ]
Base Filtering Engine [ BFE ]
Background Intelligent Transfer Service [ BITS ]
Computer Browser [ Browser ]
Certificate Propagation [ CertPropSvc ]
Cryptographic Services [ CryptSvc ]
Offline Files [ CscService ]
DCOM Server Process Launcher [ DcomLaunch ]
Dell System Manager Service [ dcpsysmgrsvc ]
Drobo Dashboard Service [ DDService ]
DHCP Client [ Dhcp ]
Diagnostics Tracking Service [ DiagTrack ]
DNS Client [ Dnscache ]
Diagnostic Policy Service [ DPS ]
Windows Event Log [ eventlog ]
COM+ Event System [ EventSystem ]
Windows Font Cache Service [ FontCache ]
Group Policy Client [ gpsvc ]
Human Interface Device Access [ hidserv ]
Intel(R) Rapid Storage Technology [ IAStorDataMgrSvc ]
IKE and AuthIP IPsec Keying Modules [ IKEEXT ]
IP Helper [ iphlpsvc ]
Key Server [ KeyServ ]
Server [ LanmanServer ]
Workstation [ LanmanWorkstation ]
TCP/IP NetBIOS Helper [ lmhosts ]
LMIGuardianSvc [ LMIGuardianSvc ]
Malwarebytes Service [ MBAMService ]
Windows Firewall [ MpsSvc ]
Microsoft iSCSI Initiator Service [ MSiSCSI ]
SQL Server (VEEAMSQL2012) [ MSSQL$VEEAMSQL2012 ]
MySQL55 [ MySQL55 ]
Netlogon [ Netlogon ]
Network Connections [ Netman ]
Network List Service [ netprofm ]
Endpoint Protection.cloud [ NIS ]
Network Location Awareness [ NlaSvc ]
Network Store Interface Service [ nsi ]
Program Compatibility Assistant Service [ PcaSvc ]
Plug and Play [ PlugPlay ]
IPsec Policy Agent [ PolicyAgent ]
Power [ Power ]
User Profile Service [ ProfSvc ]
Remote Access Connection Manager [ RasMan ]
Remote Registry [ RemoteRegistry ]
RPC Endpoint Mapper [ RpcEptMapper ]
Remote Procedure Call (RPC) [ RpcSs ]
Security Accounts Manager [ SamSs ]
Task Scheduler [ Schedule ]
Secondary Logon [ seclogon ]
System Event Notification Service [ SENS ]
Remote Desktop Configuration [ SessionEnv ]
Shell Hardware Detection [ ShellHWDetection ]
Print Spooler [ Spooler ]
SQL Server Browser [ SQLBrowser ]
SQL Server VSS Writer [ SQLWriter ]
SSDP Discovery [ SSDPSRV ]
Symantec.cloud Cloud Agent [ SsPaAdm ]
Symantec.cloud Scheduler [ ssPaSetMgr ]
Symantec.cloud Endpoint Protection [ ssSpnAv ]
Secure Socket Tunneling Protocol Service [ SstpSvc ]
Windows Image Acquisition (WIA) [ stisvc ]
Superfetch [ SysMain ]
Telephony [ TapiSrv ]
TdmService [ TdmService ]
Remote Desktop Services [ TermService ]
Themes [ Themes ]
Distributed Link Tracking Client [ TrkWks ]
Remote Desktop Services UserMode Port Redirector [ UmRdpService ]
Desktop Window Manager Session Manager [ UxSms ]
Veeam Backup Service [ Veeam Backup and Replication Service ]
Veeam Backup Catalog Data Service [ Veeam Backup Catalog Data Service ]
Veeam Cloud Connect Service [ VeeamCloudSvc ]
Veeam Installer Service [ VeeamDeploymentService ]
Veeam vPower NFS Service [ VeeamNFSSvc ]
Veeam Data Mover Service [ VeeamTransportSvc ]
Windows Time [ W32Time ]
Wave Authentication Manager Service [ Wave Authentication Manager Service ]
Diagnostic Service Host [ WdiServiceHost ]
WinHTTP Web Proxy Auto-Discovery Service [ WinHttpAutoProxySvc ]
Windows Management Instrumentation [ Winmgmt ]
Windows Live ID Sign-in Assistant [ wlidsvc ]
Security Center [ wscsvc ]
Windows Search [ WSearch ]
Windows Update [ wuauserv ]

Inactive Services :

Adobe Flash Player Update Service [ AdobeFlashPlayerUpdateSvc ]
Application Experience [ AeLookupSvc ]
Application Layer Gateway Service [ ALG ]
Application Identity [ AppIDSvc ]
Application Management [ AppMgmt ]
ASP.NET State Service [ aspnet_state ]
ActiveX Installer (AxInstSV) [ AxInstSV ]
BitLocker Drive Encryption Service [ BDESVC ]
Bluetooth Support Service [ bthserv ]
Microsoft .NET Framework NGEN v2.0.50727_X86 [ clr_optimization_v2.0.50727_32 ]
Microsoft .NET Framework NGEN v2.0.50727_X64 [ clr_optimization_v2.0.50727_64 ]
Microsoft .NET Framework NGEN v4.0.30319_X86 [ clr_optimization_v4.0.30319_32 ]
Microsoft .NET Framework NGEN v4.0.30319_X64 [ clr_optimization_v4.0.30319_64 ]
COM+ System Application [ COMSysApp ]
Disk Defragmenter [ defragsvc ]
Wired AutoConfig [ dot3svc ]
Extensible Authentication Protocol [ EapHost ]
Encrypting File System (EFS) [ EFS ]
Windows Media Center Receiver Service [ ehRecvr ]
Windows Media Center Scheduler Service [ ehSched ]
Fax [ Fax ]
Function Discovery Provider Host [ fdPHost ]
Function Discovery Resource Publication [ FDResPub ]
FLEXnet Licensing Service [ FLEXnet Licensing Service ]
Windows Presentation Foundation Font Cache 3.0.0.0 [ FontCache3.0.0.0 ]
Google Update Service (gupdate) [ gupdate ]
Google Update Service (gupdatem) [ gupdatem ]
Google Software Updater [ gusvc ]
Health Key and Certificate Management [ hkmsvc ]
HomeGroup Listener [ HomeGroupListener ]
HomeGroup Provider [ HomeGroupProvider ]
Windows CardSpace [ idsvc ]
Internet Explorer ETW Collector Service [ IEEtwCollectorService ]
PnP-X IP Bus Enumerator [ IPBusEnum ]
CNG Key Isolation [ KeyIso ]
KtmRm for Distributed Transaction Coordinator [ KtmRm ]
Link-Layer Topology Discovery Mapper [ lltdsvc ]
Media Center Extender Service [ Mcx2Svc ]
Multimedia Class Scheduler [ MMCSS ]
Mozilla Maintenance Service [ MozillaMaintenance ]
Distributed Transaction Coordinator [ MSDTC ]
Windows Installer [ msiserver ]
Network Access Protection Agent [ napagent ]
Net.Msmq Listener Adapter [ NetMsmqActivator ]
Net.Pipe Listener Adapter [ NetPipeActivator ]
Net.Tcp Listener Adapter [ NetTcpActivator ]
Net.Tcp Port Sharing Service [ NetTcpPortSharing ]
Office Source Engine [ ose ]
Office Software Protection Platform [ osppsvc ]
Peer Networking Identity Manager [ p2pimsvc ]
Peer Networking Grouping [ p2psvc ]
BranchCache [ PeerDistSvc ]
Performance Counter DLL Host [ PerfHost ]
Performance Logs & Alerts [ pla ]
PNRP Machine Name Publication Service [ PNRPAutoReg ]
Peer Name Resolution Protocol [ PNRPsvc ]
Protected Storage [ ProtectedStorage ]
Quality Windows Audio Video Experience [ QWAVE ]
Remote Access Auto Connection Manager [ RasAuto ]
Routing and Remote Access [ RemoteAccess ]
RoxMediaDB12OEM [ RoxMediaDB12OEM ]
Roxio Hard Drive Watcher 12 [ RoxWatch12 ]
Remote Procedure Call (RPC) Locator [ RpcLocator ]
Smart Card [ SCardSvr ]
Smart Card Removal Policy [ SCPolicySvc ]
Windows Backup [ SDRSVC ]
SecureStorageService [ SecureStorageService ]
Adaptive Brightness [ SensrSvc ]
Internet Connection Sharing (ICS) [ SharedAccess ]
Skype Updater [ SkypeUpdate ]
SNMP Trap [ SNMPTRAP ]
Software Protection [ sppsvc ]
SPP Notification Service [ sppuinotify ]
SQL Server Agent (VEEAMSQL2012) [ SQLAgent$VEEAMSQL2012 ]
stllssvr [ stllssvr ]
Storage Service [ StorSvc ]
Microsoft Software Shadow Copy Provider [ swprv ]
Tablet PC Input Service [ TabletInputService ]
NTRU TSS v1.2.1.36 TCS [ tcsd_win32.exe ]
Thread Ordering Server [ THREADORDER ]
Windows Modules Installer [ TrustedInstaller ]
Interactive Services Detection [ UI0Detect ]
UPnP Device Host [ upnphost ]
Credential Manager [ VaultSvc ]
Virtual Disk [ vds ]
Volume Shadow Copy [ VSS ]
Windows Activation Technologies Service [ WatAdminSvc ]
Block Level Backup Engine Service [ wbengine ]
Windows Biometric Service [ WbioSrvc ]
Windows Connect Now - Config Registrar [ wcncsvc ]
Windows Color System [ WcsPlugInService ]
Diagnostic System Host [ WdiSystemHost ]
WebClient [ WebClient ]
Windows Event Collector [ Wecsvc ]
Problem Reports and Solutions Control Panel Support [ wercplsupport ]
Windows Error Reporting Service [ WerSvc ]
Windows Defender [ WinDefend ]
Windows Remote Management (WS-Management) [ WinRM ]
WLAN AutoConfig [ Wlansvc ]
Windows Live Mesh remote connections service [ wlcrasvc ]
WMI Performance Adapter [ wmiApSrv ]
Windows Media Player Network Sharing Service [ WMPNetworkSvc ]
Parental Controls [ WPCSvc ]
Portable Device Enumerator Service [ WPDBusEnum ]
Windows Driver Foundation - User-mode Driver Framework [ wudfsvc ]
WWAN AutoConfig [ WwanSvc ]
10674 (2) - Microsoft SQL Server UDP Query Remote Version Disclosure
Synopsis
It is possible to determine the remote SQL server version.
Description
Microsoft SQL server has a function wherein remote users can query the database server for the version that is being run. The query takes place over the same UDP port that handles the mapping of multiple SQL server instances on the same machine.

It is important to note that, after Version 8.00.194, Microsoft decided not to update this function. This means that the data returned by the SQL ping is inaccurate for newer releases of SQL Server.
Solution
If there is only a single SQL instance installed on the remote host, consider filter incoming traffic to this port.
Risk Factor
None
Plugin Information:
Published: 2001/05/25, Modified: 2018/03/13
Plugin Output

10.0.0.8 (udp/1434)


A 'ping' request returned the following information about the remote
SQL instance :

ServerName : 427576-DB2-NEW
InstanceName : MSSQLSERVER
IsClustered : No
Version : 10.50.6000.34
tcp : 1433
np : \\427576-DB2-NEW\pipe\sql\query

10.0.0.64 (udp/1434)


A 'ping' request returned the following information about the remote
SQL instance :

ServerName : SF-GXK9JS1
InstanceName : VEEAMSQL2012
IsClustered : No
Version : 11.0.6020.0
tcp : 49570
np : \\SF-GXK9JS1\pipe\MSSQL$VEEAMSQL2012\sql\query
10897 (2) - Microsoft Windows - Users Information : Disabled Accounts
Synopsis
At least one user account has been disabled.
Description
Using the supplied credentials, Nessus was able to list user accounts that have been disabled.
Solution
Delete accounts that are no longer needed.
Risk Factor
None
References
XREF OSVDB:752
Plugin Information:
Published: 2002/03/15, Modified: 2017/01/26
Plugin Output

10.0.0.14 (tcp/0)


The following user account has been disabled :

- Guest


Note that, in addition to the Administrator, Guest, and Kerberos
accounts, Nessus has enumerated only those domain users with UIDs
between 1000 and 1200. To use a different range, edit the scan policy
and change the 'Start UID' and/or 'End UID' preferences for
'SMB use domain SID to enumerate users' setting, and then re-run the scan.

10.0.0.64 (tcp/0)


The following user account has been disabled :

- Guest


Note that, in addition to the Administrator, Guest, and Kerberos
accounts, Nessus has enumerated only those domain users with UIDs
between 1000 and 1200. To use a different range, edit the scan policy
and change the 'Start UID' and/or 'End UID' preferences for
'SMB use domain SID to enumerate users' setting, and then re-run the scan.
10899 (2) - Microsoft Windows - Users Information : User Has Never Logged In
Synopsis
At least one user has never logged into his or her account.
Description
Using the supplied credentials, Nessus was able to list users who have never logged into their accounts.
Solution
Delete accounts that are not needed.
Risk Factor
None
References
XREF OSVDB:754
Plugin Information:
Published: 2002/03/15, Modified: 2017/01/26
Plugin Output

10.0.0.14 (tcp/0)


The following user has never logged in :

- Guest


Note that, in addition to the Administrator, Guest, and Kerberos
accounts, Nessus has enumerated only those domain users with UIDs
between 1000 and 1200. To use a different range, edit the scan policy
and change the 'Start UID' and/or 'End UID' preferences for
'SMB use domain SID to enumerate users' setting, and then re-run the scan.

10.0.0.64 (tcp/0)


The following user has never logged in :

- Guest


Note that, in addition to the Administrator, Guest, and Kerberos
accounts, Nessus has enumerated only those domain users with UIDs
between 1000 and 1200. To use a different range, edit the scan policy
and change the 'Start UID' and/or 'End UID' preferences for
'SMB use domain SID to enumerate users' setting, and then re-run the scan.
10902 (2) - Microsoft Windows 'Administrators' Group User List
Synopsis
There is at least one user in the 'Administrators' group.
Description
Using the supplied credentials, it is possible to extract the member list of the 'Administrators' group. Members of this group have complete access to the remote system.
Solution
Verify that each member of the group should have this type of access.
Risk Factor
None
Plugin Information:
Published: 2002/03/15, Modified: 2016/08/24
Plugin Output

10.0.0.14 (tcp/445)


The following users are members of the 'Administrators' group :

- QUEEN\Administrator (User)
- demo\Domain Admins (Group)
- QUEEN\avaya (User)

10.0.0.64 (tcp/445)


The following users are members of the 'Administrators' group :

- SF-GXK9JS1\Administrator (User)
- SF-GXK9JS1\GXK9JS1 (User)
- demo\Domain Admins (Group)
- demo\JSilver (User)
- SF-GXK9JS1\IT (User)
- SF-GXK9JS1\oishelper (User)
- demo\oishelper (User)
10913 (2) - Microsoft Windows - Local Users Information : Disabled Accounts
Synopsis
At least one local user account has been disabled.
Description
Using the supplied credentials, Nessus was able to list local user accounts that have been disabled.
Solution
Delete accounts that are no longer needed.
Risk Factor
None
References
XREF OSVDB:752
Plugin Information:
Published: 2002/03/17, Modified: 2017/01/26
Plugin Output

10.0.0.14 (tcp/0)


The following local user accounts have been disabled :

- Guest
- SUPPORT_388945a0


Note that, in addition to the Administrator and Guest accounts, Nessus
has only checked for local users with UIDs between 1000 and 1200.
To use a different range, edit the scan policy and change the 'Start
UID' and/or 'End UID' preferences for 'SMB use host SID to enumerate
local users' setting, and then re-run the scan.

10.0.0.64 (tcp/0)


The following local user accounts have been disabled :

- Guest
- GXK9JS1


Note that, in addition to the Administrator and Guest accounts, Nessus
has only checked for local users with UIDs between 1000 and 1200.
To use a different range, edit the scan policy and change the 'Start
UID' and/or 'End UID' preferences for 'SMB use host SID to enumerate
local users' setting, and then re-run the scan.
10915 (2) - Microsoft Windows - Local Users Information : User Has Never Logged In
Synopsis
At least one local user has never logged into his or her account.
Description
Using the supplied credentials, Nessus was able to list local users who have never logged into their accounts.
Solution
Delete accounts that are not needed.
Risk Factor
None
References
XREF OSVDB:754
Plugin Information:
Published: 2002/03/17, Modified: 2017/01/26
Plugin Output

10.0.0.14 (tcp/0)


The following local users have never logged in :

- Guest
- SUPPORT_388945a0


Note that, in addition to the Administrator and Guest accounts, Nessus
has only checked for local users with UIDs between 1000 and 1200.
To use a different range, edit the scan policy and change the 'Start
UID' and/or 'End UID' preferences for 'SMB use host SID to enumerate
local users' setting, and then re-run the scan.

10.0.0.64 (tcp/0)


The following local users have never logged in :

- Guest
- ASPNET


Note that, in addition to the Administrator and Guest accounts, Nessus
has only checked for local users with UIDs between 1000 and 1200.
To use a different range, edit the scan policy and change the 'Start
UID' and/or 'End UID' preferences for 'SMB use host SID to enumerate
local users' setting, and then re-run the scan.
10916 (2) - Microsoft Windows - Local Users Information : Passwords Never Expire
Synopsis
At least one local user has a password that never expires.
Description
Using the supplied credentials, Nessus was able to list local users that are enabled and whose passwords never expire.
Solution
Allow or require users to change their passwords regularly.
Risk Factor
None
References
XREF OSVDB:755
Plugin Information:
Published: 2002/03/17, Modified: 2017/01/26
Plugin Output

10.0.0.14 (tcp/0)


The following local users have passwords that never expire :

- Administrator
- IUSR_QUEEN
- IWAM_QUEEN
- ASPNET
- FileServiceUser
- avaya


Note that, in addition to the Administrator and Guest accounts, Nessus
has only checked for local users with UIDs between 1000 and 1200.
To use a different range, edit the scan policy and change the 'Start
UID' and/or 'End UID' preferences for this plugin, then re-run the
scan.

10.0.0.64 (tcp/0)


The following local users have passwords that never expire :

- Administrator
- IT
- ASPNET
- oishelper


Note that, in addition to the Administrator and Guest accounts, Nessus
has only checked for local users with UIDs between 1000 and 1200.
To use a different range, edit the scan policy and change the 'Start
UID' and/or 'End UID' preferences for this plugin, then re-run the
scan.
11777 (2) - Microsoft Windows SMB Share Hosting Possibly Copyrighted Material
Synopsis
The remote host may contain material (movies/audio) infringing copyright.
Description
This plugin displays a list of media files (such as .mp3, .ogg, .mpg, .avi) which have been found on the remote SMB shares.

Some of these files may contain copyrighted materials, such as commercial movies or music files, that are being shared without the owner's permission.

If any of these files actually contain copyrighted material, and if they are freely swapped around, your organization might be held liable for copyright infringement by associations such as the RIAA or the MPAA.
Solution
Delete the files infringing copyright.
Risk Factor
None
Plugin Information:
Published: 2003/06/26, Modified: 2012/11/29
Plugin Output

10.0.0.14 (tcp/445)


Here is a list of files which have been found on the remote SMB shares.
Some of these files may contain copyrighted materials, such as commercial
movies or music files.

+ D$ :

\archive\archiveformerstaff\sseru\laptop desktop\big dog.mp3

10.0.0.64 (tcp/445)


Here is a list of files which have been found on the remote SMB shares.
Some of these files may contain copyrighted materials, such as commercial
movies or music files.

+ C$ :

\program files (x86)\roxio\oem\videoui 12\content\audio\xtreme.mp3
\program files (x86)\roxio\oem\videoui 12\content\audio\sports.mp3
\program files (x86)\roxio\oem\videoui 12\content\audio\snowing.mp3
\program files (x86)\roxio\oem\videoui 12\content\audio\leaves.mp3
\program files (x86)\roxio\oem\videoui 12\content\audio\droplet.mp3
\program files (x86)\roxio\oem\videoui 12\content\audio\cocktail2.mp3
\program files (x86)\roxio\oem\videoui 12\content\audio\cocktail.mp3
\program files (x86)\roxio\oem\videoui 12\content\audio\a1_corkboard.mp3
\program files (x86)\roxio\oem\videoui 12\content\audio\baby.mp3
\program files (x86)\roxio\oem\videoui 12\content\audio\bouquet.mp3
\program files (x86)\roxio\oem\videoui 12\content\audio\c10_cubes.mp3
\program files (x86)\roxio\oem\videoui 12\content\audio\candy.mp3
\program files (x86)\roxio\oem\videoui 12\content\audio\steelveins.mp3
\program files (x86)\roxio\oem\videoui 12\content\audio\theatre.mp3
\program files (x86)\roxio\oem\videoui 12\content\audio\travel.mp3
\program files (x86)\roxio\oem\videoui 12\content\audio\travelin.mp3
\program files (x86)\roxio\oem\videoui 12\content\audio\travelnew.mp3
\program files (x86)\roxio\oem\videoui 12\content\audio\tvcinemagic.mp3
\program files (x86)\roxio\oem\videoui 12\content\video\dj.mpg
\program files (x86)\roxio\oem\videoui 12\content\video\roxiologo.mpg
\program files (x86)\roxio\oem\videoui 12\content\video\roxiologo2.mpg
\program files\dell\dell data protection\access\advanced\wave\preboot manager\swipeall.avi
\program files\common files\spba\swipeall.avi
\program files (x86)\roxio\oem\videoui 12\skins\transcodevideo.avi
\program files (x86)\dell\dell data protection\access\drivers\upek touchchip fingerprint reader\swipeall.avi

11819 (2) - TFTP Daemon Detection
Synopsis
A TFTP server is listening on the remote port.
Description
The remote host is running a TFTP (Trivial File Transfer Protocol) daemon. TFTP is often used by routers and diskless hosts to retrieve their configuration. It can also be used by worms to propagate.
Solution
Disable this service if you do not use it.
Risk Factor
None
Plugin Information:
Published: 2003/08/13, Modified: 2016/02/22
Plugin Output

10.0.0.248 (udp/69)

10.0.0.249 (udp/69)

20094 (2) - VMware Virtual Machine Detection
Synopsis
The remote host is a VMware virtual machine.
Description
According to the MAC address of its network adapter, the remote host is a VMware virtual machine.
Solution
Since it is physically accessible through the network, ensure that its configuration matches your organization's security policy.
Risk Factor
None
Plugin Information:
Published: 2005/10/27, Modified: 2015/10/16
Plugin Output

10.0.0.112 (tcp/0)


The remote host is a VMware virtual machine.

10.0.0.158 (tcp/0)


The remote host is a VMware virtual machine.
20285 (2) - HP Integrated Lights-Out (iLO) Detection
Synopsis
The remote host is an HP Integrated Lights-Out (iLO) server.
Description
The remote host is an HP Integrated Lights-Out (iLO) server. These servers are embedded systems integrated into HP ProLiant servers for the purpose of out-of-band management.
Solution
Filter incoming traffic to this host if you do not use it.
Risk Factor
None
Plugin Information:
Published: 2005/12/09, Modified: 2014/03/07
Plugin Output

10.0.0.43 (tcp/0)


HP Integrated Lights-Out (iLO)

Generation : 3
Firmware Version : 1.10
Single Sign-On : Disabled

Associated ProLiant Server

Model : ProLiant DL360 G7

10.0.0.45 (tcp/0)


HP Integrated Lights-Out (iLO)

Generation : 3
Firmware Version : 1.10
Single Sign-On : Disabled

Associated ProLiant Server

Model : ProLiant DL360 G7
20301 (2) - VMware ESX/GSX Server detection
Synopsis
The remote host appears to be running VMware Server, ESX Server, or GSX Server.
Description
According to its banner, the remote host appears to be running a VMware server authentication daemon, which likely indicates the remote host is running VMware Server, ESX Server, or GSX Server.
See Also
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2005/12/14, Modified: 2012/08/10
Plugin Output

10.0.0.44 (tcp/902)

10.0.0.46 (tcp/902)

20811 (2) - Microsoft Windows Installed Software Enumeration (credentialed check)
Synopsis
It is possible to enumerate installed software.
Description
This plugin lists software potentially installed on the remote host by crawling the registry entries in :

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall HKLM\SOFTWARE\Microsoft\Updates

Note that these entries do not necessarily mean the applications are actually installed on the remote host - they may have been left behind by uninstallers, or the associated files may have been manually removed.
Solution
Remove any applications that are not compliant with your organization's acceptable use and security policies.
Risk Factor
None
Plugin Information:
Published: 2006/01/26, Modified: 2013/07/25
Plugin Output

10.0.0.14 (tcp/445)


The following software are installed on the remote host :

AWStats [version 6.6]
Adobe Flash Player 10 ActiveX [version 10.2.159.1]
IP Office Voicemail Pro [version 6.0.22.0] [installed on 2010/05/20]
Security Update for CAPICOM (KB931906) [version 2.1.0.2]
Microsoft .NET Framework 1.1 Security Update (KB2833941)
Malwarebytes Anti-Malware version 2.2.1.1043 [version 2.2.1.1043] [installed on 2016/11/10]
Matrox Graphics Software (remove only)
Microsoft .NET Framework 1.1
Windows Live Essentials [version 15.4.3555.0308]
Windows Internet Explorer 8 [version 20090308.140743] [installed on 2010/05/11]
Windows Live Installer [version 15.4.3502.0922] [installed on 2015/10/09]
Microsoft Robocopy GUI [version 1.0.0] [installed on 2008/03/22]
Windows Live Remote Service Resources [version 15.4.5722.2] [installed on 2015/10/09]
Windows Live Remote Client [version 15.4.5722.2] [installed on 2015/10/09]
Windows Live Movie Maker [version 15.4.3502.0922] [installed on 2015/10/09]
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 [version 9.0.30729.4148] [installed on 2015/10/02]
Junk Mail filter update [version 15.4.3502.0922] [installed on 2015/10/09]
Windows Live SOXE Definitions [version 15.4.3502.0922] [installed on 2015/10/09]
Windows Live Remote Service [version 15.4.5722.2] [installed on 2015/10/09]
Windows Live Family Safety [version 15.4.3555.0308] [installed on 2015/10/09]
Java 8 Update 151 [version 8.0.1510.12] [installed on 2017/10/20]
Windows Live Mesh ActiveX Control for Remote Connections [version 15.4.5722.2] [installed on 2015/10/09]
Windows Live Messenger [version 15.4.3538.0513] [installed on 2015/10/09]
Microsoft Dynamics SL Business Portal [version 3.0.1800.0] [installed on 2007/05/29]
HP MFP Digital Sending Software [version 4.16.3]
Microsoft .NET Framework 4.6.1 [version 4.6.01055] [installed on 2016/11/10]
Windows Live Photo Gallery [version 15.4.3502.0922] [installed on 2015/10/09]
Windows Live Remote Client Resources [version 15.4.5722.2] [installed on 2015/10/09]
Java Auto Updater [version 2.8.151.12] [installed on 2017/10/20]
HP Array Configuration Utility CLI [version 7.80.6.0] [installed on 2007/05/18]
Messenger Companion [version 15.4.3502.0922] [installed on 2015/10/09]
Windows Live UX Platform Language Pack [version 15.4.3508.1109] [installed on 2015/10/09]
{5A46DFE3-1C50-46A9-AD67-2841C738CA19} [version 3.0.1800.0] [installed on 2007/05/29]
Segoe UI [version 15.4.2271.0615] [installed on 2015/10/09]
Sentinel System Driver Installer 7.4.0 [version 7.4.0] [installed on 2015/10/08]
Windows Live SOXE [version 15.4.3502.0922] [installed on 2015/10/09]
VMware Tools [version 9.4.10.2068191] [installed on 2015/10/01]
PHP 5.2.6 [version 5.2.6] [installed on 2010/05/20]
Windows Live Messenger Companion Core [version 15.4.3502.0922] [installed on 2015/10/09]
HP Array Configuration Utility [version 7.80.6.0] [installed on 2007/05/18]
Windows Live PIMT Platform [version 15.4.3508.1109] [installed on 2015/10/09]
Apache HTTP Server 2.2.4 [version 2.2.4] [installed on 2007/05/29]
MSXML 4.0 SP2 (KB954430) [version 4.20.9870.0] [installed on 2009/03/04]
MSXML 6 Service Pack 2 (KB2957482) [version 6.20.2017.0] [installed on 2014/06/13]
Microsoft Silverlight [version 5.1.50907.0] [installed on 2017/06/28]
Mesh Runtime [version 15.4.5722.2] [installed on 2015/10/09]
MSVCRT [version 15.4.2862.0708] [installed on 2015/10/09]
MySQL Server 5.0 [version 5.0.37] [installed on 2007/05/30]
Microsoft Office 2003 English Web Parts and Components [version 11.0.5608.0] [installed on 2007/05/29]
Update for Microsoft .NET Framework 4.6.1 (KB3189052) [version 1]
Microsoft Application Error Reporting [version 12.0.6012.5000] [installed on 2015/10/09]
IP Office Admin Suite [version 6.0.8] [installed on 2011/05/27]
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 [version 9.0.30729.6161] [installed on 2015/10/05]
Windows Live Mail [version 15.4.3502.0922] [installed on 2015/10/09]
Windows Live Mesh [version 15.4.3502.0922] [installed on 2015/10/09]
Windows Live Writer [version 15.4.3502.0922] [installed on 2015/10/09]
Windows Live Photo Common [version 15.4.3502.0922] [installed on 2015/10/09]
Windows Live MIME IFilter [version 15.4.3502.0922] [installed on 2015/10/09]
ActivePerl 5.8.8 Build 820 [version 5.8.820] [installed on 2007/06/15]
MSXML 4.0 SP2 (KB936181) [version 4.20.9848.0] [installed on 2008/10/24]
Windows Live ID Sign-in Assistant [version 7.250.4232.0] [installed on 2015/10/09]
Business Portal Migration Utility [version 4.0.2422.0] [installed on 2009/10/01]
Microsoft .NET Framework 1.1 [version 1.1.4322] [installed on 2015/10/09]
Microsoft .NET Framework 3.5 SP1
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111) [version 1]
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416) [version 1]
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629) [version 1]
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697) [version 1]
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) [version 1]
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) [version 1]
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) [version 1]
Windows Live UX Platform [version 15.4.3502.0922] [installed on 2015/10/09]
Windows Live Communications Platform [version 15.4.3502.0922] [installed on 2015/10/09]
Microsoft Business Portal for Solomon - Soap 3.0 [version 3.0.1800.0] [installed on 2007/05/29]
Microsoft Easy Assist v2 [version 8.1.6401.0] [installed on 2008/11/20]
Windows Live Writer Resources [version 15.4.3502.0922] [installed on 2015/10/09]
D3DX10 [version 15.4.2368.0902] [installed on 2015/10/09]
PHP 5.2.1 [version 5.2.1] [installed on 2007/05/30]
Microsoft SQL Server 2005 Compact Edition [ENU] [version 3.1.0000] [installed on 2015/10/09]
MSXML 4.0 SP2 (KB973688) [version 4.20.9876.0] [installed on 2009/12/24]
Windows Resource Kit Tools [version 5.2.3790] [installed on 2008/03/22]
Windows Live Essentials [version 15.4.3502.0922] [installed on 2015/10/09]

The following updates are installed :

.NETFramework :
M2416447
M2572067
M2604044
M2656353
M2656370
M26563701033
M26980231033
M2742597
M2833941 [installed on 10/9/2015]
M884537
M885268
M885274
M8866861041
M886795
M886903
M887540
M887541
M887544
M887559
M887563
M888312
M888418
M888419
M888420
M8884201033
M888520
M888995
M888999
M889531
M890211
M890323
M890340
M890344
M890464
M890465
M890482
M890765
M890828
M890834
M890929
M890950
M891009
M891313
M891574
M891792
M891964
M892207
M892492
M892544
M893005
M8930051033
M893099
M893166
M893251
M893360
M894092
M8942631036
M894611
M895251
M8952511033
M8952621042
M895474
M8954741033
M89547410331
M895579
M895581
M895582
M895584
M895585
M895586
M895587
M895676
M896056
M896246
M896337
M896600
M896663
M896665
M8969821041
M898548
M8985481033
M898609
M8989011042
M899020
M899177
M899181
M899326
M899511
M8995111041
M899524
M900703
M900822
M901202
M9012021033
M90120210332
M901368
M903666
M904416
M9044161041
M904566
M904705
M905302
M905546
M905891
M906588
M907262
M9072621033
M9072621111
M907432
M907544
M9075441033
M9075441041
M907720
M907829
M908001
M9081271041
M908787
M908796
M909766
M910553
M911205
M911309
M9113091041
M912495
M912845
M913937
M915322
M915808
M9158083082
M920978
M922542
M923754
M925168
M9267641041
M9274951033
M928366
M9283661033
M928398
M929688
M929729
M9311081033
M933227
M934815
M935224
M937501
M939044
M940354
M940711
M940737
M942228
M953297
M974762
M975948
M9799061033
S867460 [installed on 10/8/2015]
Microsoft .NET Framework 3.5 SP1 :
KB2604111 [version 1] [installed on 10/8/2015]
KB2736416 [version 1] [installed on 10/8/2015]
KB2840629 [version 1] [installed on 10/8/2015]
KB2861697 [version 1] [installed on 10/8/2015]
KB953595 [version 1] [installed on 10/8/2015]
KB958484 [version 1] [installed on 10/8/2015]
Microsoft .NET Framework 4.6.1 :
KB3189052 [version 1] [installed on 11/10/2016]

10.0.0.64 (tcp/445)


The following software are installed on the remote host :

Windows Driver Package - Dell Inc. PBADRV System (09/11/2009 1.0.1.6) [version 09/11/2009 1.0.1.6]
Adobe AIR [version 25.0.0.134]
Adobe Flash Player 26 ActiveX [version 26.0.0.151]
Adobe Flash Player 26 NPAPI [version 26.0.0.151]
Adobe Shockwave Player 12.2 [version 12.2.8.198]
IP Office Admin Suite [version 3.0] [installed on 2015/10/09]
CyberLink PowerDVD 9.5 [version 9.5.1.4418] [installed on 2012/02/02]
KB2674319 [version 11.1.3000.0] [installed on 2014/12/04]
KB2793634 [version 11.1.3128.0] [installed on 2014/12/04]
KB2958429 [version 11.2.5058.0] [installed on 2015/01/14]
KB2977326 [version 11.1.3153.0] [installed on 2014/12/06]
KB3045321 [version 11.2.5343.0] [installed on 2015/07/15]
Service Pack 3 for SQL Server 2012 (KB3072779) (64-bit) [version 11.3.6020.0] [installed on 2016/04/08]
GDR 6248 for SQL Server 2012 (KB3194721) (64-bit) [version 11.3.6248.0] [installed on 2016/11/09]
GDR 6251 for SQL Server 2012 (KB4019092) (64-bit) [version 11.3.6251.0] [installed on 2017/08/09]
Security Update for CAPICOM (KB931906) [version 2.1.0.2]
Microsoft SQL Server 2012 (64-bit)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) [version 10.0.50903]
Mozilla Firefox 42.0 (x86 en-US) [version 42.0]
Mozilla Maintenance Service [version 42.0]
Symantec Endpoint Protection.cloud [version 22.9.3.13] [installed on 2017/06/14]
Microsoft Visio Premium 2010 [version 14.0.7015.1000]
Sentinel System Driver
Symantec.cloud [version 3.00.10.2737]
Veeam Backup & Replication [version 8.0.0.817]
WinCDEmu [version 4.0]
Windows Live Essentials [version 15.4.3508.1109]
WinRAR 5.31 (64-bit) [version 5.31.0]
CCC Help Norwegian [version 2011.0602.1129.18753] [installed on 2014/08/07]
Microsoft SQL Server 2012 RsFx Driver [version 11.3.6020.0] [installed on 2016/04/08]
ATI Catalyst Control Center [version 2.009.0710.1126]
Microsoft SQL Server 2012 Transact-SQL ScriptDom [version 11.3.6020.0] [installed on 2016/04/08]
Catalyst Control Center Localization All [version 2009.0710.1127.18698] [installed on 2012/02/02]
Wave Support Software Installer [version 05.13.00.033] [installed on 2012/02/02]
Private Information Manager [version 07.01.00.022] [installed on 2012/02/02]
Windows Live Installer [version 15.4.3502.0922] [installed on 2012/02/02]
Veeam Explorer for Microsoft SharePoint [version 8.0.0.950] [installed on 2014/12/04]
CCC Help Italian [version 2011.0602.1129.18753] [installed on 2014/08/07]
MySQL Server 5.5 [version 5.5.23] [installed on 2012/04/20]
Dell System Manager [version 1.5.00000] [installed on 2012/02/02]
CCC Help Spanish [version 2011.0602.1129.18753] [installed on 2014/08/07]
Microsoft System CLR Types for SQL Server 2012 (x64) [version 11.3.6020.0] [installed on 2016/04/08]
Meraki Systems Manager Agent [version 1.0.87] [installed on 2014/02/21]
Catalyst Control Center Graphics Full Existing [version 2009.0710.1127.18698] [installed on 2012/02/02]
MySQL Connector J [version 5.1.19.0] [installed on 2012/04/20]
Google Toolbar for Internet Explorer [version 1.0.0] [installed on 2012/11/19]
SQL Server 2012 Database Engine Services [version 11.3.6020.0] [installed on 2017/08/09]
Windows Live Movie Maker [version 15.4.3502.0922] [installed on 2012/02/02]
Windows Live ID Sign-in Assistant [version 7.250.4225.0] [installed on 2012/02/02]
Fuze Meeting [version 1.10.44835] [installed on 2013/05/20]
SQL Server 2012 Common Files [version 11.3.6020.0] [installed on 2016/04/08]
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 [version 10.0.40219] [installed on 2014/10/16]
Junk Mail filter update [version 15.4.3502.0922] [installed on 2012/02/02]
Windows Live SOXE Definitions [version 15.4.3502.0922] [installed on 2012/02/02]
Google Toolbar for Internet Explorer [version 7.5.8231.2252]
Skype" 7.0 [version 7.0.102] [installed on 2015/04/15]
ATI Catalyst Install Manager [version 3.0.825.0] [installed on 2014/08/07]
CCC Help French [version 2011.0602.1129.18753] [installed on 2014/08/07]
Java 8 Update 121 [version 8.0.1210.13] [installed on 2017/03/13]
Java 8 Update 121 (64-bit) [version 8.0.1210.13] [installed on 2017/03/13]
CCC Help Finnish [version 2009.0710.1126.18698] [installed on 2012/02/02]
CCC Help Russian [version 2009.0710.1126.18698] [installed on 2012/02/02]
Windows Live Mesh ActiveX Control for Remote Connections [version 15.4.5722.2] [installed on 2012/02/02]
MySQL Connector Net 6.4.4 [version 6.4.4] [installed on 2012/04/20]
SPBA 5.9 [version 5.9.4.6686] [installed on 2012/02/02]
CCC Help Greek [version 2009.0710.1126.18698] [installed on 2012/02/02]
PhotoShowExpress [version 2.0.063] [installed on 2012/02/02]
Windows Live Photo Gallery [version 15.4.3502.0922] [installed on 2012/02/02]
Malwarebytes version 3.3.1.2183 [version 3.3.1.2183] [installed on 2018/01/18]
CCC Help Japanese [version 2011.0602.1129.18753] [installed on 2014/08/07]
CCC Help Czech [version 2011.0602.1129.18753] [installed on 2014/08/07]
Catalyst Control Center - Branding [version 1.00.0000] [installed on 2012/02/02]
Catalyst Control Center Core Implementation [version 2009.0710.1127.18698] [installed on 2012/02/02]
Preboot Manager [version 03.03.00.074] [installed on 2012/02/02]
MySQL Connector C++ 1.1.0 [version 1.1.0] [installed on 2012/04/20]
PC-CCID [version 2.0.0] [installed on 2012/02/02]
Microsoft VSS Writer for SQL Server 2012 [version 11.3.6020.0] [installed on 2016/04/08]
Intel(R) Rapid Storage Technology [version 10.1.0.1008]
NTRU TCG Software Stack [version 2.1.36] [installed on 2012/02/02]
CCC Help Greek [version 2011.0602.1129.18753] [installed on 2014/08/07]
CCC Help English [version 2009.0710.1126.18698] [installed on 2012/02/02]
Catalyst Control Center Graphics Previews Vista [version 2009.0710.1127.18698] [installed on 2012/02/02]
Java Auto Updater [version 2.8.121.13] [installed on 2017/03/13]
Catalyst Control Center Localization All [version 2011.0602.1130.18753] [installed on 2014/08/07]
SQL Server Browser for SQL Server 2012 [version 11.3.6020.0] [installed on 2016/04/08]
CCC Help English [version 2011.0602.1129.18753] [installed on 2014/08/07]
Symantec.cloud - Endpoint Protection [version 4.40.10.670] [installed on 2014/08/07]
Dell Data Protection | Access | Drivers [version 2.01.018] [installed on 2012/02/02]
Upek Touchchip Fingerprint Reader [version 1.2.004] [installed on 2012/02/02]
CCC Help Thai [version 2011.0602.1129.18753] [installed on 2014/08/07]
AMD APP SDK Runtime [version 2.4.595.10] [installed on 2014/08/07]
SQL Server 2012 Database Engine Shared [version 11.3.6020.0] [installed on 2016/04/08]
MySQL Workbench 5.2 CE [version 5.2.39] [installed on 2012/04/20]
Windows Live UX Platform Language Pack [version 15.4.3508.1109] [installed on 2012/02/02]
MySQL Connector/ODBC 5.1 [version 5.1.10] [installed on 2012/04/20]
Roxio BackOnTrack [version 1.3.3] [installed on 2012/02/02]
CCC Help Danish [version 2009.0710.1126.18698] [installed on 2012/02/02]
MySQL Connector C 6.0.2 [version 6.0.2] [installed on 2012/04/20]
FRx 6.7 Client (\\Dynamo\Dynamics\SL\Applications\FRx67) [version 6.7.0.0]
Microsoft FRx 6.7 Programmability Support [version 6.7.9038.0] [installed on 2012/02/17]
CCC Help Turkish [version 2009.0710.1126.18698] [installed on 2012/02/02]
CCC Help Hungarian [version 2009.0710.1126.18698] [installed on 2012/02/02]
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 [version 9.0.30729.6161] [installed on 2012/02/17]
NetApp Plug-in [version 8.0.0.817] [installed on 2014/12/04]
Roxio File Backup [version 1.3.2] [installed on 2012/02/02]
CCC Help Finnish [version 2011.0602.1129.18753] [installed on 2014/08/07]
Google Update Helper [version 1.3.33.7] [installed on 2017/11/14]
swMSM [version 12.0.0.1] [installed on 2014/08/07]
Sentinel System Driver Installer 7.4.0 [version 7.4.0] [installed on 2015/10/09]
CCC Help German [version 2011.0602.1129.18753] [installed on 2014/08/07]
Windows Live Remote Service Resources [version 15.4.5722.2] [installed on 2012/02/02]
Roxio Express Labeler 3 [version 3.2.2] [installed on 2012/02/02]
ccc-core-static [version 2009.0710.1127.18698] [installed on 2012/02/02]
Windows Live SOXE [version 15.4.3502.0922] [installed on 2012/02/02]
Trusted Drive Manager [version 4.1.1.312] [installed on 2012/02/02]
Roxio Creator Starter [version 12.1.77.0]
Microsoft Visual C++ 2005 Redistributable (x64) [version 8.0.59192] [installed on 2012/02/02]
Microsoft Visual C++ 2005 Redistributable [version 8.0.61001] [installed on 2012/02/17]
Custom [version 01.00.00.000] [installed on 2012/02/02]
MySQL Installer [version 1.0.19.0] [installed on 2012/04/20]
Symantec.cloud - Cloud Agent [version 3.00.10.2737] [installed on 2017/02/14]
Roxio Burn [version 1.8] [installed on 2012/02/02]
Wave Infrastructure Installer [version 07.67.17.0010] [installed on 2012/02/02]
Catalyst Control Center Graphics Light [version 2009.0710.1127.18698] [installed on 2012/02/02]
Catalyst Control Center InstallProxy [version 2011.0602.1130.18753] [installed on 2014/08/07]
CCC Help Japanese [version 2009.0710.1126.18698] [installed on 2012/02/02]
Windows Live Messenger [version 15.4.3502.0922] [installed on 2012/02/02]
CCC Help Czech [version 2009.0710.1126.18698] [installed on 2012/02/02]
VS2005SP1CRUNTIME [version 1.10.0000] [installed on 2012/02/17]
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 [version 9.0.30729] [installed on 2012/02/02]
Windows Live PIMT Platform [version 15.4.3508.1109] [installed on 2012/02/02]
Dell Data Protection | Access | Middleware [version 2.01.010] [installed on 2012/02/02]
Windows Live Remote Client Resources [version 15.4.5722.2] [installed on 2012/02/02]
Veeam Backup Catalog [version 8.0.0.817] [installed on 2014/12/04]
Drobo Dashboard [version 2.7.0] [installed on 2015/11/02]
MSXML 4.0 SP2 (KB954430) [version 4.20.9870.0] [installed on 2012/02/17]
CCC Help Chinese Standard [version 2009.0710.1126.18698] [installed on 2012/02/02]
ccc-utility64 [version 2009.0710.1127.18698] [installed on 2012/02/02]
CCC Help German [version 2009.0710.1126.18698] [installed on 2012/02/02]
Microsoft Silverlight [version 5.1.50907.0] [installed on 2017/06/14]
CCC Help Portuguese [version 2011.0602.1129.18753] [installed on 2014/08/07]
Mesh Runtime [version 15.4.5722.2] [installed on 2012/02/02]
CCC Help French [version 2009.0710.1126.18698] [installed on 2012/02/02]
MSVCRT [version 15.4.2862.0708] [installed on 2012/02/02]
Dell Edoc Viewer [version 1.0.0] [installed on 2012/02/02]
Microsoft Office Proof (English) 2010 [version 14.0.7015.1000] [installed on 2015/09/09]
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition
Update for Microsoft Office 2010 (KB3055042) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553347) 32-Bit Edition
Microsoft Office Proof (French) 2010 [version 14.0.7015.1000] [installed on 2015/07/15]
Update for Microsoft Office 2010 (KB2889828) 32-Bit Edition
Microsoft Office Proof (Spanish) 2010 [version 14.0.7015.1000] [installed on 2015/07/15]
Update for Microsoft Office 2010 (KB2910896) 32-Bit Edition
Microsoft Office Office 64-bit Components 2010 [version 14.0.7015.1000] [installed on 2016/08/10]
Security Update for Microsoft Office 2010 (KB2553313) 32-Bit Edition
Security Update for Microsoft OneNote 2010 (KB3114885) 32-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2999508) 32-Bit Edition
Update for Microsoft Office 2010 (KB3054886) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB3114414) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition
Microsoft Office Shared 64-bit MUI (English) 2010 [version 14.0.7015.1000] [installed on 2015/07/15]
Microsoft Office Proofing (English) 2010 [version 14.0.7015.1000] [installed on 2015/07/15]
Microsoft Office Visio MUI (English) 2010 [version 14.0.7015.1000] [installed on 2015/07/15]
Update for Microsoft Visio 2010 (KB2881025) 32-Bit Edition
Microsoft Office Visio 2010 [version 14.0.7015.1000] [installed on 2017/07/12]
Update for Microsoft Office 2010 (KB2589318) 32-Bit Edition
Security Update for Microsoft Visio 2010 (KB3114872) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB3191844) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB3118389) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2494150)
Security Update for Microsoft Office 2010 (KB2881029) 32-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2880971) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2850016) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553140) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB3085528) 32-Bit Edition
Update for Microsoft Office 2010 (KB3054873) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553388) 32-Bit Edition
Update for Microsoft Office 2010 (KB3055047) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB3101520) 32-Bit Edition
Definition Update for Microsoft Office 2010 (KB3115475) 32-Bit Edition
Update for Microsoft Office 2010 (KB2883019) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB3213624) 32-Bit Edition
Update for Microsoft Office 2010 (KB3128031) 32-Bit Edition
Update for Microsoft Office 2010 (KB3114555) 32-Bit Edition
Microsoft Office Shared MUI (English) 2010 [version 14.0.7015.1000] [installed on 2017/06/14]
Security Update for Microsoft Office 2010 (KB3203461) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597089) 32-Bit Edition
Microsoft Office Shared Setup Metadata MUI (English) 2010 [version 14.0.7015.1000] [installed on 2015/07/15]
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 [version 14.0.7015.1000] [installed on 2015/07/15]
Gemalto [version 01.64.01.0010] [installed on 2012/02/02]
Microsoft .NET Framework 4.7 [version 4.7.02053]
Catalyst Control Center Graphics Previews Common [version 2009.0710.1127.18698] [installed on 2012/02/02]
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) [version 10.0.50908] [installed on 2014/10/16]
CCC Help Thai [version 2009.0710.1126.18698] [installed on 2012/02/02]
Microsoft Application Error Reporting [version 12.0.6015.5000] [installed on 2012/02/02]
CCC Help Portuguese [version 2009.0710.1126.18698] [installed on 2012/02/02]
Catalyst Control Center [version 2011.0602.1130.18753] [installed on 2014/08/07]
Broadcom NetXtreme-I Netlink Driver and Management Installer [version 14.0.3.2] [installed on 2012/02/02]
Veeam Explorer for Microsoft SQL Server [version 8.0.0.953] [installed on 2014/12/04]
Sonic CinePlayer Decoder Pack [version 4.3.0] [installed on 2012/02/02]
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 [version 9.0.30729] [installed on 2012/02/02]
Microsoft SQL Server 2012 Native Client [version 11.3.6020.0] [installed on 2016/04/08]
Catalyst Control Center Graphics Full New [version 2009.0710.1127.18698] [installed on 2012/02/02]
CCC Help Norwegian [version 2009.0710.1126.18698] [installed on 2012/02/02]
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 [version 9.0.30729.6161] [installed on 2012/02/17]
MySQL Documents 5.5 [version 5.5.23] [installed on 2012/04/20]
CCC Help Korean [version 2011.0602.1129.18753] [installed on 2014/08/07]
Windows Live Mail [version 15.4.3502.0922] [installed on 2012/02/02]
RBVirtualFolder64Inst [version 1.00.0000] [installed on 2012/02/02]
BioAPI Framework [version 1.0.2] [installed on 2012/02/02]
Windows Live Mesh [version 15.4.3502.0922] [installed on 2012/02/02]
Roxio Activation Module [version 1.0] [installed on 2012/02/02]
CCC Help Dutch [version 2009.0710.1126.18698] [installed on 2012/02/02]
CCC Help Turkish [version 2011.0602.1129.18753] [installed on 2014/08/07]
CCC Help Italian [version 2009.0710.1126.18698] [installed on 2012/02/02]
CCC Help Danish [version 2011.0602.1129.18753] [installed on 2014/08/07]
Windows Live Writer [version 15.4.3502.0922] [installed on 2012/02/02]
Dell Data Protection | Access [version 2.1.00001.002] [installed on 2012/02/02]
Google Update Helper [version 1.3.25.11] [installed on 2014/11/13]
Windows Live Photo Common [version 15.4.3502.0922] [installed on 2012/02/02]
CCC Help Chinese Standard [version 2011.0602.1129.18753] [installed on 2014/08/07]
Catalyst Control Center InstallProxy [version 2009.0710.1127.18698] [installed on 2012/02/02]
FRx 6.7 Supplemental Files [version 6.7.0.9329]
Dell Data Protection | Access [version 02.01.01.002]
Adobe Refresh Manager [version 1.8.0] [installed on 2018/02/28]
Adobe Acrobat 9 Standard [version 9.5.5] [installed on 2013/11/07]
Adobe Acrobat 9.5.5 - CPSID_83708
Adobe Acrobat Reader DC [version 15.008.20082] [installed on 2015/09/29]
CCC Help Dutch [version 2011.0602.1129.18753] [installed on 2014/08/07]
HP 3PAR StoreServ Plug-in [version 8.0.0.817] [installed on 2014/12/04]
DirectX 9 Runtime [version 1.00.0000] [installed on 2012/02/02]
Google Chrome [version 63.0.3239.132] [installed on 2017/03/13]
CCC Help Russian [version 2011.0602.1129.18753] [installed on 2014/08/07]
CCC Help Chinese Traditional [version 2011.0602.1129.18753] [installed on 2014/08/07]
Veeam Explorer for Microsoft Active Directory [version 8.0.0.952] [installed on 2014/12/04]
Microsoft SQL Server 2008 Setup Support Files [version 10.1.2731.0] [installed on 2014/12/04]
Sql Server Customer Experience Improvement Program [version 11.3.6020.0] [installed on 2016/04/08]
Veeam Explorer for Microsoft Exchange [version 8.0.0.951] [installed on 2014/12/04]
Microsoft .NET Framework 1.1 [version 1.1.4322] [installed on 2015/10/09]
WinZip 17.5 [version 17.5.10480] [installed on 2013/07/19]
CCC Help Hungarian [version 2011.0602.1129.18753] [installed on 2014/08/07]
Windows Live UX Platform [version 15.4.3502.0922] [installed on 2012/02/02]
Windows Live Language Selector [version 15.4.3508.1109] [installed on 2012/02/02]
MSVCRT_amd64 [version 15.4.2862.0708] [installed on 2012/02/02]
LogMeIn Rescue Technician Console [version 7.5.2366] [installed on 2015/01/22]
CCC Help Spanish [version 2009.0710.1126.18698] [installed on 2012/02/02]
CCC Help Swedish [version 2009.0710.1126.18698] [installed on 2012/02/02]
Windows Live Communications Platform [version 15.4.3502.0922] [installed on 2012/02/02]
ccc-utility64 [version 2011.0602.1130.18753] [installed on 2014/08/07]
CCC Help Swedish [version 2011.0602.1129.18753] [installed on 2014/08/07]
Windows Live MIME IFilter [version 15.4.3502.0922] [installed on 2012/02/02]
Catalyst Control Center Profiles Desktop [version 2011.0602.1130.18753] [installed on 2014/08/07]
HP StoreVirtual Plug-in [version 8.0.0.817] [installed on 2014/12/04]
CCC Help Polish [version 2011.0602.1129.18753] [installed on 2014/08/07]
Windows Live Writer Resources [version 15.4.3502.0922] [installed on 2012/02/02]
Windows Live Remote Client [version 15.4.5722.2] [installed on 2012/02/02]
Windows Live Remote Service [version 15.4.5722.2] [installed on 2012/02/02]
D3DX10 [version 15.4.2368.0902] [installed on 2012/02/02]
CCC Help Korean [version 2009.0710.1126.18698] [installed on 2012/02/02]
Catalyst Control Center Graphics Previews Common [version 2011.0602.1130.18753] [installed on 2014/08/07]
CCC Help Polish [version 2009.0710.1126.18698] [installed on 2012/02/02]
Dell Command | Update [version 2.0.0] [installed on 2015/01/22]
EMBASSY Security Center [version 04.03.00.121] [installed on 2012/02/02]
Roxio Creator Starter [version 1.0.439] [installed on 2012/02/02]
Roxio Creator Starter [version 5.0.0] [installed on 2012/02/02]
Microsoft SQL Server 2005 Compact Edition [ENU] [version 3.1.0000] [installed on 2012/02/02]
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 [version 10.0.40219] [installed on 2014/10/16]
CCC Help Chinese Traditional [version 2009.0710.1126.18698] [installed on 2012/02/02]
MSXML 4.0 SP2 (KB973688) [version 4.20.9876.0] [installed on 2012/02/17]
DellAccess [version 01.01.00.072] [installed on 2012/02/02]
MySQL Examples and Samples 5.5 [version 5.5.23] [installed on 2012/04/20]
Microsoft SQL Server 2012 Management Objects (x64) [version 11.0.2100.60] [installed on 2014/12/04]
Microsoft SQL Server 2012 Setup (English) [version 11.3.6251.0] [installed on 2017/08/09]
Skins [version 2009.0710.1127.18698] [installed on 2012/02/02]
Windows Live Essentials [version 15.4.3502.0922] [installed on 2012/02/02]
Microsoft Visual C++ 2005 Redistributable (x64) [version 8.0.61000] [installed on 2012/02/17]

The following updates are installed :

Microsoft .NET Framework 4.5.1 :
KB2898869 [version 1] [installed on 2/26/2014]
KB2901126 [version 1] [installed on 2/26/2014]
KB2931368 [version 1] [installed on 5/15/2014]
Microsoft .NET Framework 4.6.1 :
KB3122661 [version 1] [installed on 2/10/2016]
KB3127233 [version 1] [installed on 2/10/2016]
KB3136000 [version 1] [installed on 3/9/2016]
KB3142037 [version 1] [installed on 5/11/2016]
KB3143693 [version 1] [installed on 4/13/2016]
KB3164025 [version 1] [installed on 7/13/2016]
23777 (2) - SLP Server Detection (TCP)
Synopsis
The remote server supports the Service Location Protocol.
Description
The remote server understands Service Location Protocol (SLP), a protocol that allows network applications to discover the existence, location, and configuration of various services in an enterprise network environment. A server that understands SLP can either be a service agent (SA), which knows the location of various services, or a directory agent (DA), which acts as a central repository for service location information.
See Also
Solution
Limit incoming traffic to this port if desired.
Risk Factor
None
Plugin Information:
Published: 2006/12/07, Modified: 2011/03/06
Plugin Output

10.0.0.44 (tcp/427)


An SLP Service Agent is listening on this port.

In addition, Nessus was able to learn that the agent knows about
the following services :

service:VMwareInfrastructure
service:wbem:https

10.0.0.46 (tcp/427)


An SLP Service Agent is listening on this port.

In addition, Nessus was able to learn that the agent knows about
the following services :

service:VMwareInfrastructure
service:wbem:https
23778 (2) - SLP Server Detection (UDP)
Synopsis
The remote server supports the Service Location Protocol.
Description
The remote server understands Service Location Protocol (SLP), a protocol that allows network applications to discover the existence, location, and configuration of various services in an enterprise network environment. A server that understands SLP can either be a service agent (SA), which knows the location of various services, or a directory agent (DA), which acts as a central repository for service location information.
See Also
Solution
Limit incoming traffic to this port if desired.
Risk Factor
None
Plugin Information:
Published: 2006/12/07, Modified: 2011/05/24
Plugin Output

10.0.0.44 (udp/427)


An SLP Service Agent is listening on this port.

In addition, Nessus was able to learn that the agent knows about
the following services :

service:VMwareInfrastructure
service:wbem:https

10.0.0.46 (udp/427)


An SLP Service Agent is listening on this port.

In addition, Nessus was able to learn that the agent knows about
the following services :

service:VMwareInfrastructure
service:wbem:https
23974 (2) - Microsoft Windows SMB Share Hosting Office Files
Synopsis
The remote share contains Office-related files.
Description
This plugin connects to the remotely accessible SMB shares and attempts to find office related files (such as .doc, .ppt, .xls, .pdf etc).
Solution
Make sure that the files containing confidential information have proper access controls set on them.
Risk Factor
None
Plugin Information:
Published: 2007/01/04, Modified: 2011/03/21
Plugin Output

10.0.0.14 (tcp/445)


Here is a list of office files which have been found on the remote SMB
shares :

+ C$ :

- \users\demoadm\appdata\roaming\microsoft robocopy gui\documents\robocopy.doc
- \users\avaya\desktop\new install\ip3\lvmsound\g723 files\upgrade_to_3.0.doc
- \program files\robocopygui\documents\robocopy.doc
- \program files\avaya\ip office\voicemail pro\vm\wavs\custom\dynamic language selection.doc
- \program files\avaya\ip office\voicemail pro\vm\wavs\custom\conference.doc
- \program files\avaya\ip office\voicemail pro\vm\wavs\custom\auto attendant.doc
- \program files\avaya\ip office\manager\lvmgreeting\lvmgreeting.doc
- \program files\avaya\ip office\ccc\bo install files\readme.doc
- \program files\common files\microsoft shared\web server extensions\60\template\1033\bp\doctemp\word\wdtmpl.doc
- \program files\microsoft dynamics\business portal\documentation\soxdeploymentguide.doc
- \program files\resourcekitstools\kernrate.doc
- \program files\resourcekitstools\mqcast.doc
- \program files\resourcekitstools\prnadmin.doc
- \program files\resourcekitstools\robocopy.doc
- \program files\common files\microsoft shared\web server extensions\60\template\1033\bp\doctemp\xl\xltmpl.xls

+ D$ :

- \vmfiles\vm\wavs\custom\dynamic language selection.doc
- \vmfiles\vm\wavs\custom\conference.doc
- \vmfiles\vm\wavs\custom\auto attendant.doc
- \installer\windowsxpsp2deploytools\wfinf_guide.doc
- \installer\telecom\demo data - first vm installation\softconsole tips and tricks.doc
- \avaya install\ip3\lvmsound\g723 files\upgrade_to_3.0.doc
- \avaya install\ccc_4_0_42_intl\msde\sql server 2000 desktop engine for ccc installation guide (issue 6).doc
- \avaya install\ccc_4_0_42_intl\database uplift\using the database uplift tool (issue 5).doc
- \avaya install\avaya\admin6_0_8\lvmgreeting\lvmgreeting.doc
- \avaya install\admin6_0_8\lvmgreeting\lvmgreeting.doc
- \avaya install\admin6_0_8\avaya\ip office\voicemail pro\vm\wavs\custom\dynamic language selection.doc
- \avaya install\admin6_0_8\avaya\ip office\voicemail pro\vm\wavs\custom\conference.doc
- \avaya install\admin6_0_8\avaya\ip office\voicemail pro\vm\wavs\custom\auto attendant.doc
- \archive\archiveformerstaff\sseruold\fromoldpc\desktop\placer cr\social inv bmarking 0505051with ss comments.doc
- \archive\archiveformerstaff\sseruold\fromoldpc\desktop\placer cr\rio tinto.doc
- \archive\archiveformerstaff\sseruold\fromoldpc\desktop\placer cr\interview protocol for rio tinto.doc
- \archive\archiveformerstaff\sseruold\fromoldpc\desktop\placer cr\interview protocol for placer dome ce.doc
- \archive\archiveformerstaff\sseruold\fromoldpc\desktop\placer cr\interview protocol for industry benchmarking.doc
- \archive\archiveformerstaff\sseruold\fromoldpc\desktop\placer cr\internal checklist for bmarking.doc
- \archive\archiveformerstaff\sseruold\fromoldpc\desktop\placer cr\final phase i report.doc
- \archive\archiveformerstaff\sseruold\fromoldpc\desktop\placer cr\anglo american.doc
- \archive\archiveformerstaff\sseruold\fromoldpc\desktop\most recent desktop\resource monitor timeline.doc
- \archive\archiveformerstaff\sseruold\fromoldpc\desktop\most recent desktop\resource monitor for eloise.doc
- \archive\archiveformerstaff\sseruold\fromoldpc\desktop\most recent desktop\resource monitor calendar.doc
- \archive\archiveformerstaff\sseruold\fromoldpc\desktop\most recent desktop\remo_blurbs_03may05.doc
- \archive\archiveformerstaff\sseruold\fromoldpc\desktop\most recent desktop\remo.doc
- \archive\archiveformerstaff\sseruold\fromoldpc\desktop\most recent desktop\remo summaries june 2005.doc
- \archive\archiveformerstaff\sseruold\fromoldpc\desktop\most recent desktop\remo may 1.doc
- \archive\archiveformerstaff\sseruold\fromoldpc\desktop\most recent desktop\remo for eloise.doc
- \archive\archiveformerstaff\sseruold\fromoldpc\desktop\most recent desktop\placer ss report cr.doc
- \archive\archiveformerstaff\sseruold\fromoldpc\desktop\most recent desktop\placer phase ii ss.doc
- \archive\archiveformerstaff\sseruold\fromoldpc\desktop\most recent desktop\placer final cr.doc
- \archive\archiveformerstaff\sseruold\fromoldpc\desktop\most recent desktop\old sda graph.doc
- \archive\archiveformerstaff\sseruold\fromoldpc\desktop\most recent desktop\montana report with ss comments.doc
- \archive\archiveformerstaff\sseruold\fromoldpc\desktop\most recent desktop\mjproposal glamisjrcmntsss.doc
- \archive\archiveformerstaff\sseruold\fromoldpc\desktop\most recent desktop\mjproposal glamisjrcmnts.doc
- \archive\archiveformerstaff\sseruold\fromoldpc\desktop\most recent desktop\matrix.doc
- \archive\archiveformerstaff\sseruold\fromoldpc\desktop\most recent desktop\gfexplortraining.doc
- \archive\archiveformerstaff\sseruold\fromoldpc\desktop\most recent desktop\gfexplortraingletter06.04.05.doc
- \archive\archiveformerstaff\sseruold\fromoldpc\desktop\most recent desktop\from your list.doc
- \archive\archiveformerstaff\sseruold\fromoldpc\desktop\most recent desktop\finalreportdraftone.doc
- \archive\archiveformerstaff\sseruold\fromoldpc\desktop\most recent desktop\eiti, transparency summary.doc
- \archive\archiveformerstaff\sseruold\fromoldpc\desktop\most recent desktop\cvx sandra june 15.doc
- \archive\archiveformerstaff\sseruold\fromoldpc\desktop\most recent desktop\cvx rfp.doc
- \archive\archiveformerstaff\sseruold\fromoldpc\desktop\most recent desktop\csr policies benchmarking for extractive industry.doc
- \archive\archiveformerstaff\sseruold\fromoldpc\desktop\most recent desktop\cma ci benchmarking proposal.doc
- \archive\archiveformerstaff\sseruold\fromoldpc\desktop\most recent desktop\chevron_framework_proposal_ss.doc
- \archive\archiveformerstaff\sseruold\fromoldpc\desktop\most recent desktop\chevron rfp.doc
- \archive\archiveformerstaff\sseruold\fromoldpc\desktop\most recent desktop\cem_guide_draft_formatted.doc
- \archive\archiveformerstaff\sseruold\fromoldpc\desktop\most recent desktop\cemc_sumario_050505.doc
- \archive\archiveformerstaff\sseruold\fromoldpc\desktop\most recent desktop\business principles review final 102902.doc
- \archive\archiveformerstaff\sseruold\fromoldpc\desktop\most recent desktop\budget for ifc.doc
- \archive\archiveformerstaff\sseruold\fromoldpc\desktop\most recent desktop\demo comments for cortez.doc
- \archive\archiveformerstaff\sseruold\fromoldpc\desktop\glamis\programa para demo.doc
- \archive\archiveformerstaff\sseruold\fromoldpc\desktop\glamis\new kick ass preface[1].doc
- \archive\archiveformerstaff\sseruold\fromoldpc\desktop\glamis\montana workplan trip #4.doc
- \archive\archiveformerstaff\sseruold\fromoldpc\desktop\glamis\mj carta de presentacion julio2005.doc
- \archive\archiveformerstaff\sseruold\fromoldpc\desktop\glamis\mapping indigenous culture1.doc
- \archive\archiveformerstaff\sseruold\fromoldpc\desktop\glamis\lista de stakeholders.doc
- \archive\archiveformerstaff\sseruold\fromoldpc\desktop\glamis\internal glamis workplan.doc
- \archive\archiveformerstaff\sseruold\fromoldpc\desktop\glamis\glamis workplan.doc
- \archive\archiveformerstaff\sseruold\fromoldpc\desktop\glamis\cem final2.doc
- \archive\archiveformerstaff\sseruold\fromoldpc\desktop\glamis\cem final (esp).doc
- \archive\archiveformerstaff\sseruold\fromoldpc\desktop\glamis\carta de presentacion julio2005.doc
- \archive\archiveformerstaff\sseruold\fromoldpc\desktop\glamis\carta de presentacion julio 5, 2005.doc
- \archive\archiveformerstaff\sseruold\fromoldpc\desktop\glamis\carta de presentacion final.doc
- \archive\archiveformerstaff\sseruold\fromoldpc\desktop\glamis\becca demo schedule a 30june2005.doc
- \archive\archiveformerstaff\sseruold\fromoldpc\desktop\glamis\becca demo contract 30june200511.doc
- \archive\archiveformerstaff\sseruold\fromoldpc\desktop\glamis\becca demo contract 30june2005.doc
- \archive\archiveformerstaff\sseru\unzipped\tor and ref documents\conference call summary (may 20 2003).doc
- \archive\archiveformerstaff\sseru\unzipped\tor and ref documents\approved summary 2nd.doc
- \archive\archiveformerstaff\sseru\unzipped\tor and ref documents\approved summary 1st.doc
- \archive\archiveformerstaff\sseru\unzipped\tor and ref documents\12 month workplan_tentative.doc
- \archive\archiveformerstaff\sseru\unzipped\stakeholder project\stakeholder project\tools\stakeholder mapping research.doc
- \archive\archiveformerstaff\sseru\unzipped\stakeholder project\stakeholder project\tools\stakeholder mapping research part 2.doc
- \archive\archiveformerstaff\sseru\unzipped\stakeholder project\stakeholder project\tools\stakeholder mapping research 022003.doc
- \archive\archiveformerstaff\sseru\unzipped\stakeholder project\stakeholder project\stakeholder mapping research part 2.doc
- \archive\archiveformerstaff\sseru\unzipped\stakeholder project\stakeholder project\project management\gap stakeholder engagement workplan.doc
- \archive\archiveformerstaff\sseru\unzipped\stakeholder project\stakeholder project\project management\gap stakeholder engagement workplan 012203.doc
- \archive\archiveformerstaff\sseru\unzipped\stakeholder project\stakeholder project\project management\gap stakeholder engagement workplan 012103.doc
- \archive\archiveformerstaff\sseru\unzipped\stakeholder project\stakeholder project\prework\pre-workdob comments.doc
- \archive\archiveformerstaff\sseru\unzipped\stakeholder project\stakeholder project\prework\pre-work.doc
- \archive\archiveformerstaff\sseru\unzipped\stakeholder project\stakeholder project\prework\demostakeholder pre-work 022003.doc
- \archive\archiveformerstaff\sseru\unzipped\stakeholder project\stakeholder project\prework\demostakeholder pre-work 021103.doc
- \archive\archiveformerstaff\sseru\unzipped\stakeholder project\stakeholder project\prework\demomappingpre-work sa comments 012803.doc
- \archive\archiveformerstaff\sseru\unzipped\stakeholder project\stakeholder project\agenda\agenda & prework.doc
- \archive\archiveformerstaff\sseru\unzipped\placersustassess final report\placersustassess final report.doc
- \archive\archiveformerstaff\sseru\unzipped\newmont trainers guide2\newmont guide 1202\~$mmunity engagement.doc
- \archive\archiveformerstaff\sseru\unzipped\newmont trainers guide2\newmont guide 1202\values with guiding principles.doc
- \archive\archiveformerstaff\sseru\unzipped\newmont trainers guide2\newmont guide 1202\successful communication.doc
- \archive\archiveformerstaff\sseru\unzipped\newmont trainers guide2\newmont guide 1202\stakeholder mapping and analysis.doc
- \archive\archiveformerstaff\sseru\unzipped\newmont trainers guide2\newmont guide 1202\scenarios for engagement.doc
- \archive\archiveformerstaff\sseru\unzipped\newmont trainers guide2\newmont guide 1202\moody mining in nueva segovia.doc
- \archive\archiveformerstaff\sseru\unzipped\newmont trainers guide1\newmont guide 1202\community engagement.doc
- \archive\archiveformerstaff\sseru\unzipped\fivestar\fivestar\~$- ims 018 management review.doc
- \archive\archiveformerstaff\sseru\unzipped\fivestar\fivestar\~$- ims 017 audit & assessment program.doc
- \archive\archiveformerstaff\sseru\unzipped\fivestar\fivestar\~$- ims 016 contract management.doc
- \archive\archiveformerstaff\sseru\unzipped\fivestar\fivestar\~$- ims 015 records management.doc
- \archive\archiveformerstaff\sseru\unzipped\fivestar\fivestar\~$- ims 014 corrective & preventative actions.doc
- \archive\archiveformerstaff\sseru\unzipped\fivestar\fivestar\~$- ims 013 workplace inspections.doc
- \archive\archiveformerstaff\sseru\unzipped\fivestar\fivestar\~$- ims 012 performance, monitoring & measurement.doc
- \archive\archiveformerstaff\sseru\unzipped\fivestar\fivestar\~$- ims 004 legal compliance & other obligations.doc
- \archive\archiveformerstaff\sseru\unzipped\fivestar\fivestar\~$- ims 003 objectives, targets, cpis & improvement programs.doc
- \archive\archiveformerstaff\sseru\unzipped\fivestar\fivestar\~$- ims 002 risk & opportunity management.doc
- \archive\archiveformerstaff\sseru\unzipped\fivestar\fivestar\~$- ims 001 leadership & commitment.doc
- \archive\archiveformerstaff\sseru\unzipped\fivestar\fivestar\s - ims 020 - a glossary.doc
- \archive\archiveformerstaff\sseru\unzipped\fivestar\fivestar\s - ims 018 management review.doc
- \archive\archiveformerstaff\sseru\unzipped\fivestar\fivestar\s - ims 017 audit & assessment program.doc
- \archive\archiveformerstaff\sseru\unzipped\fivestar\fivestar\s - ims 016 contract management.doc
- \archive\archiveformerstaff\sseru\unzipped\fivestar\fivestar\s - ims 007 - 2 stakeholder engagement .doc
- \archive\archiveformerstaff\sseru\unzipped\fivestar\fivestar\s - ims 007 - 1 internal communication & consultation.doc
- \archive\archiveformerstaff\sseru\unzipped\fivestar\fivestar\s - ims 006 training, competency & awareness.doc
- \archive\archiveformerstaff\sseru\unzipped\fivestar\fivestar\s - ims 005 organization & responsibility.doc
- \archive\archiveformerstaff\sseru\unzipped\fivestar\fivestar\s - ims 004 legal compliance & other obligations.doc
- \archive\archiveformerstaff\sseru\unzipped\fivestar\fivestar\s - ims 003 objectives, targets, cpis & improvement programs.doc
- \archive\archiveformerstaff\sseru\unzipped\fivestar\fivestar\s - ims 002 risk & opportunity management.doc
- \archive\archiveformerstaff\sseru\unzipped\fivestar\fivestar\s - ims 001 leadership & commitment.doc
- \archive\archiveformerstaff\sseru\unzipped\ce guide1\ce guide\attributes of culture 1.doc
- \archive\archiveformerstaff\sseru\unzipped\ce guide\ce guide\values with guiding principles.doc
- \archive\archiveformerstaff\sseru\unzipped\ce guide\ce guide\tips for interviewing.doc
- \archive\archiveformerstaff\sseru\unzipped\ce guide\ce guide\stakeholder mapping and analysis.doc
- \archive\archiveformerstaff\sseru\unzipped\ce guide\ce guide\session index.doc
- \archive\archiveformerstaff\sseru\unzipped\ce guide\ce guide\evalulation.doc
- \archive\archiveformerstaff\sseru\unzipped\ce guide\ce guide\engagement guide 072204.doc
- \archive\archiveformerstaff\sseru\unzipped\ce guide\ce guide\community engagement.doc
- \archive\archiveformerstaff\sseru\unzipped\antamina community engagement guide\antamina community engagement guide\capacity continuum-trans.doc
- \archive\archiveformerstaff\sseru\unzipped\antamina community engagement guide\antamina community engagement guide\attributes of culture 2.doc
- \archive\archiveformerstaff\sseru\unzipped\antamina community engagement guide\antamina community engagement guide\attributes of culture 1.doc
- \archive\archiveformerstaff\sseru\unzipped\antamina community engagement guide\antamina community engagement guide\0cma guide-trans.doc
- \archive\archiveformerstaff\sseru\un human rights commission to draft standards and hold multinational firms accountable.doc
- \archive\archiveformerstaff\sseru\transcription.doc
- \archive\archiveformerstaff\sseru\trad technical1.doc
- \archive\archiveformerstaff\sseru\text of principles.doc
- \archive\archiveformerstaff\sseru\sandrappc my documents\personal\let.doc
- \archive\archiveformerstaff\sseru\sandra10.23cvx.doc
- \archive\archiveformerstaff\sseru\sandra's thoughts on database.doc
- \archive\archiveformerstaff\sseru\sandra seru bio.doc
- \archive\archiveformerstaff\sseru\russian enterprise offers model for corporate behavior.doc
- \archive\archiveformerstaff\sseru\rm 7[1].14.05.doc
- \archive\archiveformerstaff\sseru\rio tinto.doc
- \archive\archiveformerstaff\sseru\resource monitor timeline.doc
- \archive\archiveformerstaff\sseru\remo\july 1st analysis piece.doc
- \archive\archiveformerstaff\sseru\remo\final remo recovered.doc
- \archive\archiveformerstaff\sseru\remo\final remo august.doc
- \archive\archiveformerstaff\sseru\recommendation for april.doc
- \archive\archiveformerstaff\sseru\questions for gail snowden.doc
- \archive\archiveformerstaff\sseru\questions for gail snowden.2.doc
- \archive\archiveformerstaff\sseru\question and answer for newmont presentation.doc
- \archive\archiveformerstaff\sseru\potential stories.doc
- \archive\archiveformerstaff\sseru\placer cr\rio tinto.doc
- \archive\archiveformerstaff\sseru\placer cr\interview protocol for rio tinto.doc
- \archive\archiveformerstaff\sseru\placer cr\interview protocol for placer dome ce.doc
- \archive\archiveformerstaff\sseru\placer cr\interview protocol for industry benchmarking.doc
- \archive\archiveformerstaff\sseru\placer cr\internal checklist for bmarking.doc
- \archive\archiveformerstaff\sseru\placer cr\final phase i report.doc
- \archive\archiveformerstaff\sseru\placer cr\anglo american.doc
- \archive\archiveformerstaff\sseru\pfizer.doc
- \archive\archiveformerstaff\sseru\new desktop\sandra seru bio.doc
- \archive\archiveformerstaff\sseru\new desktop\rio tinto.doc
- \archive\archiveformerstaff\sseru\new desktop\resource monitor timeline.doc
- \archive\archiveformerstaff\sseru\new desktop\resource monitor for eloise.doc
- \archive\archiveformerstaff\sseru\new desktop\remo_blurbs_03may05.doc
- \archive\archiveformerstaff\sseru\new desktop\remo.doc
- \archive\archiveformerstaff\sseru\new desktop\remo may 1.doc
- \archive\archiveformerstaff\sseru\new desktop\remo for eloise.doc
- \archive\archiveformerstaff\sseru\new desktop\matrix.doc
- \archive\archiveformerstaff\sseru\new desktop\interview protocol for placer dome hr.doc
- \archive\archiveformerstaff\sseru\new desktop\ifc proposal 2.doc
- \archive\archiveformerstaff\sseru\new desktop\ifc proposa for sdal.doc
- \archive\archiveformerstaff\sseru\new desktop\ifc proposa for geir.doc
- \archive\archiveformerstaff\sseru\new desktop\ifc budget and deliverables.doc
- \archive\archiveformerstaff\sseru\new desktop\human rights risk assessment.doc
- \archive\archiveformerstaff\sseru\new desktop\gri interview with newmont.doc
- \archive\archiveformerstaff\sseru\new desktop\comments for cortezfinalk.doc
- \archive\archiveformerstaff\sseru\new desktop\comments for cortezfinal11.04.05with ss.doc
- \archive\archiveformerstaff\sseru\new desktop\comments for cortezfinal11.04.05.doc
- \archive\archiveformerstaff\sseru\new desktop\comments for cortez2.doc
- \archive\archiveformerstaff\sseru\new desktop\cma ci benchmarking proposal.doc
- \archive\archiveformerstaff\sseru\new desktop\business principles review final 102902.doc
- \archive\archiveformerstaff\sseru\new desktop\budget for ifc.doc
- \archive\archiveformerstaff\sseru\new desktop\demo comments for cortez.doc
- \archive\archiveformerstaff\sseru\most recent desktop\sandra seru bio.doc
- \archive\archiveformerstaff\sseru\most recent desktop\rio tinto.doc
- \archive\archiveformerstaff\sseru\most recent desktop\resource monitor timeline.doc
- \archive\archiveformerstaff\sseru\most recent desktop\resource monitor for eloise.doc
- \archive\archiveformerstaff\sseru\most recent desktop\resource monitor calendar.doc
- \archive\archiveformerstaff\sseru\most recent desktop\remo_blurbs_03may05.doc
- \archive\archiveformerstaff\sseru\most recent desktop\remo.doc
- \archive\archiveformerstaff\sseru\most recent desktop\remo summaries june 2005.doc
- \archive\archiveformerstaff\sseru\most recent desktop\possible news summaries.doc
- \archive\archiveformerstaff\sseru\most recent desktop\policies document.doc
- \archive\archiveformerstaff\sseru\most recent desktop\placer ss report cr.doc
- \archive\archiveformerstaff\sseru\most recent desktop\placer phase ii ss.doc
- \archive\archiveformerstaff\sseru\most recent desktop\placer final cr.doc
- \archive\archiveformerstaff\sseru\most recent desktop\old sda graph.doc
- \archive\archiveformerstaff\sseru\most recent desktop\montana report with ss comments.doc
- \archive\archiveformerstaff\sseru\most recent desktop\mjproposal glamisjrcmntsss.doc
- \archive\archiveformerstaff\sseru\most recent desktop\gri interview with newmont.doc
- \archive\archiveformerstaff\sseru\most recent desktop\glamis proposal.doc
- \archive\archiveformerstaff\sseru\most recent desktop\gfexplortraining.doc
- \archive\archiveformerstaff\sseru\most recent desktop\gfexplortraingletter06.04.05.doc
- \archive\archiveformerstaff\sseru\most recent desktop\from your list.doc
- \archive\archiveformerstaff\sseru\most recent desktop\finalreportdraftone.doc
- \archive\archiveformerstaff\sseru\most recent desktop\eiti, transparency summary.doc
- \archive\archiveformerstaff\sseru\most recent desktop\cvx sandra june 15.doc
- \archive\archiveformerstaff\sseru\most recent desktop\comments for cortezfinal11.04.05.doc
- \archive\archiveformerstaff\sseru\most recent desktop\comments for cortez2.doc
- \archive\archiveformerstaff\sseru\most recent desktop\cma ci benchmarking proposal.doc
- \archive\archiveformerstaff\sseru\most recent desktop\chevron_framework_proposal_ss.doc
- \archive\archiveformerstaff\sseru\most recent desktop\chevron rfp.doc
- \archive\archiveformerstaff\sseru\most recent desktop\cem_guide_draft_formatted.doc
- \archive\archiveformerstaff\sseru\most recent desktop\cemc_sumario_050505.doc
- \archive\archiveformerstaff\sseru\most recent desktop\business principles review final 102902.doc
- \archive\archiveformerstaff\sseru\moni 258-junk.doc
- \archive\archiveformerstaff\sseru\mjfinal marlin strategy document.doc
- \archive\archiveformerstaff\sseru\mj22jun05 hr security.doc
- \archive\archiveformerstaff\sseru\miserable transcription.doc
- \archive\archiveformerstaff\sseru\memo to karen re ford.doc
- \archive\archiveformerstaff\sseru\member csr companies.doc
- \archive\archiveformerstaff\sseru\matrix.doc
- \archive\archiveformerstaff\sseru\mass id letter.doc
- \archive\archiveformerstaff\sseru\laptop desktop\to do.doc
- \archive\archiveformerstaff\sseru\laptop desktop\tintaya experience.doc
- \archive\archiveformerstaff\sseru\laptop desktop\the greenhouse gas protocol initiative - for stefan.doc
- \archive\archiveformerstaff\sseru\laptop desktop\the great depression.doc
- \archive\archiveformerstaff\sseru\laptop desktop\text of principles.doc
- \archive\archiveformerstaff\sseru\laptop desktop\template for phase ii.doc
- \archive\archiveformerstaff\sseru\laptop desktop\survey_template_10may05sscomments.doc
- \archive\archiveformerstaff\sseru\laptop desktop\sukhee yoo.doc
- \archive\archiveformerstaff\sseru\laptop desktop\plane reading\remo summaries june 2005.doc
- \archive\archiveformerstaff\sseru\laptop desktop\plane reading\remo articles & summaries june 2005 - lm.doc
- \archive\archiveformerstaff\sseru\laptop desktop\plane reading\remo articles & summaries june 2005 - lm with ss edits.doc
- \archive\archiveformerstaff\sseru\laptop desktop\plane reading\placer hr_vp section.doc
- \archive\archiveformerstaff\sseru\laptop desktop\plane reading\placer hr timeline_draft.doc
- \archive\archiveformerstaff\sseru\laptop desktop\plane reading\placer hr case studies_draft1.doc
- \archive\archiveformerstaff\sseru\laptop desktop\plane reading\montanaproject-organizationsprofiles2.doc
- \archive\archiveformerstaff\sseru\laptop desktop\plane reading\human_rights_security_draft_19may05.doc
- \archive\archiveformerstaff\sseru\laptop desktop\placer 4-3-05.doc
- \archive\archiveformerstaff\sseru\laptop desktop\placer 4-1-05.doc
- \archive\archiveformerstaff\sseru\laptop desktop\peru primer final.doc
- \archive\archiveformerstaff\sseru\laptop desktop\notes glamis.doc


Note that Nessus has limited the report to 255 files although there
may be more.

10.0.0.64 (tcp/445)


Here is a list of office files which have been found on the remote SMB
shares :

+ C$ :

- \windows\serviceprofiles\localservice\appdata\local\temp\tfsstore\tfs_dav\guide%20to%20using%20etime%20codes%20for%20as%20consultant%20%20(updated%208-11)0.doc
- \users\swoods\desktop\projects\sharepoint upload\sean p-drive\tools\templates\avery5266 template(active).doc
- \users\swoods\desktop\projects\sharepoint upload\sean p-drive\tools\professional development\title options.doc
- \users\swoods\desktop\projects\sharepoint upload\sean p-drive\sean's\oct 2010 time off.doc
- \users\swoods\desktop\projects\sharepoint upload\sean p-drive\sean's\june 2011 time off.doc
- \users\swoods\desktop\projects\sharepoint upload\sean p-drive\sean's\july 2010 time off.doc
- \users\swoods\desktop\projects\sharepoint upload\sean p-drive\sean's\aug 27 swoods time off.doc
- \users\swoods\desktop\projects\sharepoint upload\sean p-drive\sean's\2009 mid-year self review (swoods).doc
- \users\jsilver\desktop\new install\ip3\lvmsound\g723 files\upgrade_to_3.0.doc
- \users\kgrant\desktop\2012 audit\participation forms\a&f herhealth china participation form 11-26-2012.doc
- \users\kgrant\desktop\ad hoc\mutual_nda_demo_birst.doc
- \users\kgrant\desktop\ad hoc\other\mutual_nda_demo_template_091908_dl.doc
- \users\kgrant\desktop\ad hoc\other\nda_demo_template_091908_dl.doc
- \users\swoods\desktop\projects\sharepoint upload\sean p-drive\tools\reference\mandarin references.doc
- \users\swoods\desktop\projects\sharepoint upload\sean p-drive\tools\reference\project profitability instructions(29-jun-2010).doc
- \users\swoods\desktop\projects\sharepoint upload\sean p-drive\tools\reference\project profitability instructions.doc
- \users\swoods\desktop\projects\sharepoint upload\sean p-drive\tools\reference\project v. grant characteristics.doc
- \users\swoods\desktop\projects\sharepoint upload\sean p-drive\tools\reference\weekly utilization reporting process.doc
- \users\swoods\desktop\projects\sharepoint upload\sean p-drive\tools\templates\avery5202 u-0238-01_p.doc
- \program files (x86)\microsoft office\office14\1033\prottplv.ppt
- \program files (x86)\microsoft office\office14\1033\prottpln.ppt
- \windows\serviceprofiles\localservice\appdata\local\temp\tfsstore\tfs_dav\regional%20income%20statement1.xls
- \users\swoods\documents\sharepoint drafts\2011 (02-february) regional statement of activites.xls
- \users\swoods\desktop\projects\sharepoint upload\sean time sheets\swoods timesheet (2011-8-7).xls
- \users\swoods\desktop\projects\sharepoint upload\sean time sheets\swoods timesheet (2011-8-21).xls
- \users\swoods\desktop\projects\sharepoint upload\sean p-drive\time mgmt\time sheets\swoods timesheet (2011-6-5).xls
- \users\swoods\desktop\projects\sharepoint upload\sean p-drive\time mgmt\time sheets\swoods timesheet (2011-6-19).xls
- \users\swoods\desktop\projects\sharepoint upload\sean p-drive\time mgmt\time sheets\swoods timesheet (2011-6-12).xls
- \users\swoods\desktop\projects\sharepoint upload\sean p-drive\time mgmt\time sheets\swoods timesheet (2011-5-8).xls
- \users\swoods\desktop\projects\sharepoint upload\sean p-drive\time mgmt\time sheets\swoods timesheet (2011-5-29).xls
- \users\swoods\desktop\projects\sharepoint upload\sean p-drive\time mgmt\time sheets\swoods timesheet (2011-5-22).xls
- \users\swoods\desktop\projects\sharepoint upload\sean p-drive\time mgmt\time sheets\swoods timesheet (2011-5-15).xls
- \users\swoods\desktop\projects\sharepoint upload\sean p-drive\time mgmt\time sheets\2011\swoods timesheet (2011-5-1).xls
- \users\swoods\desktop\projects\sharepoint upload\sean p-drive\time mgmt\time sheets\2011\swoods timesheet (2011-2-27).xls
- \users\swoods\desktop\projects\sharepoint upload\sean p-drive\time mgmt\time sheets\2011\swoods timesheet (2011-2-20).xls
- \users\swoods\desktop\projects\sharepoint upload\sean p-drive\time mgmt\time sheets\2011\swoods timesheet (2011-2-13).xls
- \users\swoods\desktop\projects\sharepoint upload\sean p-drive\time mgmt\time sheets\2011\swoods timesheet (2011-2-06).xls
- \users\swoods\desktop\projects\sharepoint upload\sean p-drive\time mgmt\time sheets\2011\swoods timesheet (2011-1-9).xls
- \users\swoods\desktop\projects\sharepoint upload\sean p-drive\time mgmt\time sheets\2011\swoods timesheet (2011-1-30).xls
- \users\swoods\desktop\projects\sharepoint upload\sean p-drive\time mgmt\time sheets\2011\swoods timesheet (2011-1-23).xls
- \users\swoods\desktop\projects\sharepoint upload\sean p-drive\time mgmt\time sheets\2011\swoods timesheet (2011-1-2).xls
- \users\swoods\desktop\projects\sharepoint upload\sean p-drive\time mgmt\time sheets\2010\swoods timesheet (2010-8-15).xls
- \users\swoods\desktop\projects\sharepoint upload\sean p-drive\time mgmt\time sheets\2010\swoods timesheet (2010-8-1).xls
- \users\swoods\desktop\projects\sharepoint upload\sean p-drive\time mgmt\time sheets\2010\swoods timesheet (2010-7-4).xls
- \users\swoods\desktop\projects\sharepoint upload\sean p-drive\time mgmt\time sheets\2010\swoods timesheet (2010-7-25).xls
- \users\swoods\desktop\projects\sharepoint upload\sean p-drive\time mgmt\time sheets\2010\swoods timesheet (2010-7-18).xls
- \users\swoods\desktop\projects\sharepoint upload\sean p-drive\time mgmt\time sheets\2010\swoods timesheet (2010-7-11).xls
- \users\swoods\desktop\projects\sharepoint upload\sean p-drive\time mgmt\time sheets\2010\swoods timesheet (2010-6-5).xls
- \users\swoods\desktop\projects\sharepoint upload\sean p-drive\time mgmt\time sheets\2010\swoods timesheet (2010-6-27).xls
- \users\swoods\desktop\projects\sharepoint upload\sean p-drive\time mgmt\time sheets\2010\swoods timesheet (2010-4-25).xls
- \users\swoods\desktop\projects\sharepoint upload\sean p-drive\time mgmt\time sheets\2010\swoods timesheet (2010-4-18).xls
- \users\swoods\desktop\projects\sharepoint upload\sean p-drive\time mgmt\time sheets\2010\swoods timesheet (2010-4-11).xls
- \users\swoods\desktop\projects\sharepoint upload\sean p-drive\time mgmt\time sheets\2010\swoods timesheet (2010-3-7).xls
- \users\swoods\desktop\projects\sharepoint upload\sean p-drive\time mgmt\time sheets\2010\swoods timesheet (2010-3-28).xls
- \users\swoods\desktop\projects\sharepoint upload\sean p-drive\time mgmt\time sheets\2010\swoods timesheet (2010-3-21).xls
- \users\swoods\desktop\projects\sharepoint upload\sean p-drive\time mgmt\time sheets\2010\swoods timesheet (2010-3-14).xls
- \users\swoods\desktop\projects\sharepoint upload\sean p-drive\time mgmt\time sheets\2010\swoods timesheet (2010-2-7).xls
- \users\swoods\desktop\projects\sharepoint upload\sean p-drive\time mgmt\time sheets\2010\swoods timesheet (2010-11-21).xls
- \users\swoods\desktop\projects\sharepoint upload\sean p-drive\time mgmt\time sheets\2010\swoods timesheet (2010-11-14).xls
- \users\swoods\desktop\projects\sharepoint upload\sean p-drive\time mgmt\time sheets\2010\swoods timesheet (2010-11-07).xls
- \users\swoods\desktop\projects\sharepoint upload\sean p-drive\time mgmt\time sheets\2010\swoods timesheet (2010-10-31).xls
- \users\swoods\desktop\projects\sharepoint upload\sean p-drive\time mgmt\time sheets\2010\swoods timesheet (2010-10-24).xls
- \users\swoods\desktop\projects\sharepoint upload\sean p-drive\time mgmt\time sheets\2010\swoods timesheet (2010-10-17).xls
- \users\swoods\desktop\projects\sharepoint upload\sean p-drive\time mgmt\time sheets\2010\swoods timesheet (2010-10-10).xls
- \users\swoods\desktop\projects\sharepoint upload\sean p-drive\time mgmt\time sheets\2010\swoods timesheet (2010-10-03).xls
- \users\swoods\desktop\projects\sharepoint upload\sean p-drive\time mgmt\time sheets\2009\swoods timesheet (2009-9-6).xls
- \users\swoods\desktop\projects\sharepoint upload\sean p-drive\time mgmt\time sheets\2009\swoods timesheet (2009-9-27).xls
- \users\swoods\desktop\projects\sharepoint upload\sean p-drive\time mgmt\time sheets\2009\swoods timesheet (2009-9-20).xls
- \users\swoods\desktop\projects\sharepoint upload\sean p-drive\time mgmt\time sheets\2009\swoods timesheet (2009-9-13).xls
- \users\swoods\desktop\projects\sharepoint upload\sean p-drive\time mgmt\time sheets\2009\swoods timesheet (2009-8-9).xls
- \users\swoods\desktop\projects\sharepoint upload\sean p-drive\time mgmt\time sheets\2009\swoods timesheet (2009-8-2).xls
- \users\swoods\desktop\projects\sharepoint upload\sean p-drive\time mgmt\time sheets\2009\swoods timesheet (2009-7-5).xls
- \users\swoods\desktop\projects\sharepoint upload\sean p-drive\time mgmt\time sheets\2009\swoods timesheet (2009-7-26).xls
- \users\swoods\desktop\projects\sharepoint upload\sean p-drive\time mgmt\time sheets\2009\swoods timesheet (2009-5-17).xls
- \users\swoods\desktop\projects\sharepoint upload\sean p-drive\time mgmt\time sheets\2009\swoods timesheet (2009-5-10).xls
- \users\swoods\desktop\projects\sharepoint upload\sean p-drive\time mgmt\time sheets\2009\swoods timesheet (2009-5-03).xls
- \users\swoods\desktop\projects\sharepoint upload\sean p-drive\time mgmt\time sheets\2009\swoods timesheet (2009-4-5).xls
- \users\swoods\desktop\projects\sharepoint upload\sean p-drive\time mgmt\time sheets\2009\swoods timesheet (2009-4-26).xls
- \users\swoods\desktop\projects\sharepoint upload\sean p-drive\time mgmt\time sheets\2009\swoods timesheet (2009-4-19).xls
- \users\swoods\desktop\projects\sharepoint upload\sean p-drive\time mgmt\time sheets\2009\swoods timesheet (2009-4-12).xls
- \users\swoods\desktop\projects\sharepoint upload\sean p-drive\time mgmt\time sheets\2009\swoods timesheet (2009-3-29).xls
- \users\swoods\desktop\projects\sharepoint upload\sean p-drive\time mgmt\time sheets\2009\swoods timesheet (2009-11-22).xls
- \users\swoods\desktop\projects\sharepoint upload\sean p-drive\time mgmt\time sheets\2009\swoods timesheet (2009-11-15).xls
- \users\swoods\desktop\projects\sharepoint upload\sean p-drive\time mgmt\time sheets\2009\swoods timesheet (2009-11-1).xls
- \users\swoods\desktop\projects\sharepoint upload\sean p-drive\time mgmt\time sheets\2009\swoods timesheet (2009-10-4).xls
- \users\swoods\desktop\projects\sharepoint upload\sean p-drive\time mgmt\time sheets\2009\swoods timesheet (2009-10-25).xls
- \users\swoods\desktop\projects\sharepoint upload\sean p-drive\time mgmt\time sheets\2009\swoods timesheet (2009-10-18).xls
- \users\swoods\desktop\projects\sharepoint upload\sean p-drive\time mgmt\time sheets\2009\swoods timesheet (2009-10-11).xls
- \users\swoods\desktop\projects\sharepoint upload\sean p-drive\time mgmt\time sheets\2009\swoods timesheet (2009-08-30).xls
- \users\swoods\desktop\projects\sharepoint upload\sean p-drive\time mgmt\time sheets\2009\(2009-2-22)timesheet.xls
- \users\swoods\desktop\projects\sharepoint upload\sean p-drive\time mgmt\time sheets\2009\(2009-2-15)timesheet.xls
- \users\swoods\desktop\projects\sharepoint upload\sean p-drive\time mgmt\time sheets\2009\(2009-1-31)timesheet.xls
- \users\swoods\desktop\projects\sharepoint upload\sean p-drive\time mgmt\time sheets\2009\(2009-1-25)timesheet.xls
- \users\swoods\desktop\projects\sharepoint upload\sean p-drive\time mgmt\time sheets\2009\(2009-1-18)timesheet.xls
- \users\swoods\desktop\projects\sharepoint upload\sean p-drive\time mgmt\time sheets\2009\(2009-1-11)timesheet.xls
- \users\swoods\desktop\projects\sharepoint upload\sean p-drive\time mgmt\time sheets\2009\(2009-1-04)timesheet.xls
- \users\swoods\desktop\projects\sharepoint upload\sean p-drive\time mgmt\time sheets\2008\(2008-12-28)timesheet.xls
- \users\swoods\desktop\projects\sharepoint upload\sean p-drive\time mgmt\time sheets\2008\(2008-10-5)timesheet.xls
- \users\swoods\desktop\projects\sharepoint upload\sean p-drive\time mgmt\time sheets\2008\(2008-10-26)timesheet.xls
- \users\swoods\desktop\projects\sharepoint upload\sean p-drive\time mgmt\time sheets\2008\(2008-10-19)timesheet.xls
- \users\swoods\desktop\projects\sharepoint upload\sean p-drive\time mgmt\time sheets\2008\(2008-10-12)timesheet.xls
- \users\swoods\desktop\projects\sharepoint upload\sean p-drive\time mgmt\time sheets\2008\(2008-09-28)timesheet.xls
- \users\swoods\desktop\projects\sharepoint upload\sean p-drive\time mgmt\time sheets\2008\(2008-09-21)timesheet.xls
- \users\swoods\desktop\projects\sharepoint upload\sean p-drive\time mgmt\time sheets\2008\(2008-09-14)timesheet.xls
- \users\swoods\desktop\projects\sharepoint upload\sean p-drive\time mgmt\time sheets\2008\(2008-09-07)timesheet.xls
- \users\swoods\desktop\projects\sharepoint upload\sean p-drive\sean's\crwt form (swoods 4.18.11).xls
- \users\swoods\desktop\projects\ms project\demo_2011 panasonic reporting_revised work plan_2011 may 11.xls
- \users\swoods\desktop\projects\japan foundation\grant monthly reports.xls
- \users\swoods\desktop\projects\japan foundation\copy of japan foundation financials.xls
- \users\swoods\desktop\projects\japan foundation\demo final financial report (may 2012).xls
- \users\swoods\desktop\projects\in-dev\old\sagittarius mines\time sql querry-days detail.xls
- \users\swoods\desktop\projects\in-dev\old\2011-04 industry p&l (consumer products) example2.xls
- \users\swoods\desktop\projects\compleded analysis\depts\membership\2010-03 membership.xls
- \users\kyu\documents\hsbc bank statement usd conference 11152013.xls
- \users\kyu\documents\hsbc bank statement usd conference 10312013.xls
- \users\kyu\documents\hsbc bank statement usd conference 10112013.xls
- \users\kyu\documents\hsbc bank statement usd conference 09302013.xls
- \users\kyu\documents\hsbc bank statement usd conference 09202013.xls
- \users\kyu\documents\hsbc bank statement usd conference 09132013.xls
- \users\kyu\documents\hsbc bank statement usd conference 08312013.xls
- \users\kyu\documents\hsbc bank statement usd conference 08232013.xls
- \users\kyu\documents\hsbc bank statement usd conference 06102013.xls
- \users\kyu\documents\hsbc bank statement usd conference 05312013.xls
- \users\kyu\documents\hsbc bank statement usd conference 05242013.xls
- \users\kyu\documents\hsbc bank statement usd 11152013.xls
- \users\kyu\documents\hsbc bank statement usd 10312013.xls
- \users\kyu\documents\hsbc bank statement usd 10112013.xls
- \users\kyu\documents\hsbc bank statement usd 09302013.xls
- \users\kyu\documents\hsbc bank statement usd 09202013.xls
- \users\kyu\documents\hsbc bank statement usd 07082013.xls
- \users\kyu\documents\hsbc bank statement usd 06302013.xls
- \users\kyu\documents\hsbc bank statement usd 06212013.xls
- \users\kyu\documents\hsbc bank statement usd 06142013.xls
- \users\kyu\documents\hsbc bank statement usd 06012013.xls
- \users\kyu\documents\hsbc bank statement usd 05312013.xls
- \users\kyu\documents\hsbc bank statement usd 05242013.xls
- \users\kyu\documents\hsbc bank statement usd 03312013.xls
- \users\kyu\documents\hsbc bank statement hkd 11152013.xls
- \users\kyu\documents\hsbc bank statement hkd 10312013.xls
- \users\kyu\documents\hsbc bank statement hkd 10112013.xls
- \users\kyu\documents\hsbc bank statement hkd 09302013.xls
- \users\kyu\documents\hsbc bank statement hkd 09202013.xls
- \users\kyu\documents\hsbc bank statement hkd 09132013.xls
- \users\kyu\documents\hsbc bank statement hkd 06302013.xls
- \users\kyu\documents\hsbc bank statement hkd 06212013.xls
- \users\kyu\documents\hsbc bank statement hkd 06142013.xls
- \users\kyu\documents\hsbc bank statement hkd 06102013.xls
- \users\kyu\documents\hsbc bank statement hkd 05312013.xls
- \users\kyu\documents\hsbc bank statement hkd 05242013.xls
- \users\kyu\documents\hsbc bank statement hkd 05172013.xls
- \users\kyu\documents\hsbc bank statement eur 11152013.xls
- \users\kyu\documents\hsbc bank statement eur 10312013.xls
- \users\kyu\documents\hsbc bank statement eur 10112013.xls
- \users\kyu\documents\hsbc bank statement eur 09302013.xls
- \users\kyu\documents\hsbc bank statement eur 09202013.xls
- \users\kyu\documents\hsbc bank statement eur 09132013.xls
- \users\kyu\documents\hsbc bank statement eur 08312013.xls
- \users\kyu\documents\hsbc bank statement eur 06212013.xls
- \users\kyu\documents\hsbc bank statement eur 06142013.xls
- \users\kyu\documents\hsbc bank statement eur 06102013.xls
- \users\kyu\documents\hsbc bank statement eur 05312013.xls
- \users\kyu\documents\hsbc bank statement eur 05242013.xls
- \users\kyu\documents\hsbc bank statement eur 05172013.xls
- \users\kyu\documents\hsbc bank statement eur 05102013.xls
- \users\kyu\appdata\local\microsoft\windows\temporary internet files\content.outlook\f44ljjm2\swapna-mamata reimbusement convening 2013.xls
- \users\kyu\appdata\local\microsoft\windows\temporary internet files\content.outlook\f44ljjm2\steve - crwt_form_6 20 2013.xls
- \users\kyu\appdata\local\microsoft\windows\temporary internet files\content.outlook\f44ljjm2\smis ambattur final installment 7-15-2013.xls
- \users\kyu\appdata\local\microsoft\windows\temporary internet files\content.outlook\f44ljjm2\mohammad balzur payment 7-16-2013.xls
- \users\kyu\appdata\local\microsoft\windows\temporary internet files\content.outlook\f44ljjm2\kt care glanfield implementation pymt 7-15-2013.xls
- \users\kyu\appdata\local\microsoft\windows\temporary internet files\content.outlook\f44ljjm2\du feng msic reimbursement malaysia convening july 2013.xls
- \users\kyu\appdata\local\microsoft\windows\temporary internet files\content.outlook\f44ljjm2\dr khalid-hands 2013 convening reimbursement 7-15-13.xls
- \users\kyu\appdata\local\microsoft\windows\temporary internet files\content.outlook\f44ljjm2\091513.xls
- \users\kgrant\desktop\sa xmo bdgt.xls
- \users\kgrant\desktop\is-r.xls
- \users\kgrant\desktop\grants detail.xls
- \users\kgrant\desktop\grants detail 2.xls
- \users\kgrant\desktop\frx\sa xmo bdgt v3.xls
- \users\kgrant\desktop\frx\sa xmo bdgt v2.xls
- \users\kgrant\desktop\frx\sa xmo bdgt 2013.xls
- \users\kgrant\desktop\frx\sa xmo 2.xls
- \users\kgrant\desktop\frx\sa nov ytd.xls
- \users\kgrant\desktop\frx\new folder\balance sheet.xls
- \users\kgrant\desktop\frx\is-r.xls
- \users\kgrant\desktop\frx\is-r 2012.xls
- \users\kgrant\desktop\frx\is-r 2012.10.19 v1.xls
- \users\kgrant\desktop\frx\grants detail.xls
- \users\kgrant\desktop\downloads\sa oct 2012.xls
- \users\kgrant\desktop\downloads\sa nov 12 prelim.xls
- \users\kgrant\desktop\downloads\new folder (3)\smtact.xls
- \users\kgrant\desktop\downloads\new folder (3)\sa.xls
- \users\kgrant\desktop\downloads\new folder (3)\is-r fr 2010-2012.xls
- \users\kgrant\desktop\downloads\new folder (2)\is-r.xls
- \users\kgrant\desktop\downloads\new folder (2)\is-d.xls
- \users\kgrant\desktop\downloads\new folder (2)\grants detail nov prelim 12.11.12.xls
- \users\kgrant\desktop\downloads\new folder\sa.xls
- \users\kgrant\desktop\downloads\new folder\grants detail.xls
- \users\kgrant\desktop\downloads\frx\is-r 2012.xls
- \users\kgrant\desktop\downloads\frx\grants detail.xls
- \users\kgrant\desktop\downloads\balance sheet nov 12 prelim.xls
- \users\kgrant\desktop\downloads\2012-10 grants detail.xls
- \users\kgrant\desktop\downloads\2012 (10-october) regional statement of activities.xls
- \users\kgrant\desktop\budget\final files\sa.xls
- \users\kgrant\desktop\budget\2013 regional budget p1 (2012.10.19).xls
- \users\kgrant\desktop\budget\2013 regional budget p1 (2012.10.19) prelim.xls
- \users\kgrant\desktop\balance sheet.xls
- \users\kgrant\desktop\ad hoc\sa xmo bdgt 2013.xls
- \users\kgrant\desktop\ad hoc\monthly reporting\2013\mar\2013 (03-march) statement of activities.xls
- \users\kgrant\desktop\ad hoc\monthly reporting\2013\mar\2013 (03-march) statement of activities 04.18.13.xls
- \users\kgrant\desktop\ad hoc\monthly reporting\2013\mar\2013 (03-march) balance sheet.xls
- \users\kgrant\desktop\ad hoc\monthly reporting\2013\jan\2013 (january) statement of activities.xls
- \users\kgrant\desktop\ad hoc\monthly reporting\2013\jan\2013 (january) grants detail.xls
- \users\kgrant\desktop\ad hoc\monthly reporting\2012\nov\sa nov final (2012.12.12).xls
- \users\kgrant\desktop\ad hoc\monthly reporting\2012\nov\is-r nov final (2012.12.12).xls
- \users\kgrant\desktop\ad hoc\monthly reporting\2012\nov\is-d nov final (2012.12.12).xls
- \users\kgrant\desktop\ad hoc\monthly reporting\2012\nov\grants detail nov final (2012.12.12).xls
- \users\kgrant\desktop\ad hoc\monthly reporting\2012\nov\grants detail (12-november) prelim.xls
- \users\kgrant\desktop\ad hoc\monthly reporting\2012\dec\grants detail.xls
- \users\kgrant\desktop\ad hoc\monthly reporting\2012\dec\grants detail - dec.xls
- \users\kgrant\desktop\ad hoc\monthly reporting\2012\dec\grants detail - 01.28.xls
- \users\kgrant\desktop\ad hoc\monthly reporting\2012\dec\balance sheet- dec 12 (2013.03.07).xls
- \users\kgrant\desktop\ad hoc\monthly reporting\2012\dec\balance sheet- dec 12 (2013.01.30).xls
- \users\kgrant\desktop\ad hoc\grants\sida\sida01 detail - 2010 to 2012.xls
- \users\kgrant\desktop\ad hoc\grants\sida\grants detail.xls
- \users\kgrant\desktop\ad hoc\grants\grants detail.xls
- \users\kgrant\desktop\ad hoc\financial report for zwalther01 - disney foundation herfinance - kg edit.xls
- \users\kgrant\desktop\ad hoc\copy of preso_tables2012.xls
- \users\kgrant\desktop\2012 audit\74 - summary gl for federal awards.xls
- \program files (x86)\microsoft office\office14\visio content\1033\projtl.xls
- \program files (x86)\microsoft office\office14\visio content\1033\prjmgt.xls
- \program files (x86)\microsoft office\office14\visio content\1033\prcimp.xls
- \program files (x86)\microsoft office\office14\visio content\1033\orgdata.xls
- \program files (x86)\microsoft office\office14\visio content\1033\astmgt.xls
- \program files (x86)\microsoft office\office14\visio content\1033\salsum.xls
- \temp\personal.xls
- \users\kgrant\appdata\local\microsoft\windows\temporary internet files\content.outlook\pluul6q1\preso_tables2012.xls
- \users\kgrant\appdata\roaming\microsoft\excel\2012%20revenue%20sample%20selections302944952742008622\2012%20revenue%20sample%20selections((unsaved-302944894225448256)).xls
- \users\kgrant\appdata\roaming\microsoft\excel\sida%20herproject%20budget_2012-2013_w%20hours302941163985288123\sida%20herproject%20budget_2012-2013_w%20hours((unsaved-302940592006905536)).xls
- \users\kgrant\desktop\2012 audit\45 - 2012 grants spend detail.xls
- \users\kgrant\desktop\ad hoc\grants\sida\sida02 - revised financial summary 04.05.2013.xls
- \users\kgrant\desktop\ad hoc\monthly reporting\2012\2012 (10-october) regional statement of activities.xls
- \users\kgrant\desktop\ad hoc\monthly reporting\2012\2012-10 grants detail.xls
- \users\kgrant\desktop\ad hoc\monthly reporting\2012\dec\2012 (12-december) grants detail.xls
- \users\kgrant\desktop\ad hoc\monthly reporting\2012\dec\asia sa (2012.12.31).xls
- \users\kgrant\desktop\ad hoc\monthly reporting\2012\dec\sa (2013.01.28).xls
- \users\kgrant\desktop\ad hoc\monthly reporting\2012\dec\sa (2013.01.30).xls
- \users\kgrant\desktop\ad hoc\monthly reporting\2012\dec\sa - dec 12 (2013.02.15).xls
- \users\kgrant\desktop\ad hoc\monthly reporting\2012\dec\sa - dec 12 (2013.03.07).xls
- \users\kgrant\desktop\ad hoc\monthly reporting\2012\nov\balance sheet nov final (2012.12.12).xls
- \users\kgrant\desktop\ad hoc\monthly reporting\2013\feb\2013 (02-february) grants detail.xls
- \users\kgrant\desktop\ad hoc\monthly reporting\2013\feb\2013 (02-february) regional statement of activities.xls
- \users\kgrant\desktop\ad hoc\monthly reporting\2013\feb\balance sheet - feb 13 (2013.03.08).xls
- \users\kgrant\desktop\ad hoc\monthly reporting\2013\feb\is-d 2013.xls
- \users\kgrant\desktop\ad hoc\monthly reporting\2013\jan\2013 (january) balance sheet.xls
- \users\kgrant\desktop\ad hoc\monthly reporting\2013\mar\grants detail - 2013 prelim.xls
- \users\kgrant\desktop\ad hoc\monthly reporting\2013\mar\grants detail - march final.xls
- \users\kgrant\desktop\ad hoc\monthly reporting\2013\mar\smtact.xls


Note that Nessus has limited the report to 255 files although there
may be more.
24269 (2) - Windows Management Instrumentation (WMI) Available
Synopsis
WMI queries can be made against the remote host.
Description
The supplied credentials can be used to make WMI (Windows Management Instrumentation) requests against the remote host over DCOM.

These requests can be used to gather information about the remote host, such as its current state, network interface configuration, etc.
See Also
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2007/02/03, Modified: 2018/04/18
Plugin Output

10.0.0.14 (tcp/0)

10.0.0.64 (tcp/0)

24270 (2) - Computer Manufacturer Information (WMI)
Synopsis
It is possible to obtain the name of the remote computer manufacturer.
Description
By making certain WMI queries, it is possible to obtain the model of the remote computer as well as the name of its manufacturer and its serial number.
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2007/02/02, Modified: 2018/04/18
Plugin Output

10.0.0.14 (tcp/0)


Computer Manufacturer : VMware, Inc.
Computer Model : VMware Virtual Platform
Computer SerialNumber : VMware-42 17 d0 a4 58 fa 73 33-da 1f 41 53 f1 ce fc 14
Computer Type : Other

Computer Physical CPU's : 1
Computer Logical CPU's : 2
CPU0
Architecture : x64
Physical Cores: 2
Logical Cores : 2

Computer Memory : 4094 MB
RAM slot #0
Form Factor: DIMM
Type : DRAM
Capacity : 4096 MB

10.0.0.64 (tcp/0)


Computer Manufacturer : Dell Inc.
Computer Model : Precision WorkStation T3500
Computer SerialNumber : GXK9JS1
Computer Type : Tower

Computer Physical CPU's : 1
Computer Logical CPU's : 6
CPU0
Architecture : x64
Physical Cores: 6
Logical Cores : 6

Computer Memory : 10237 MB

Form Factor: DIMM
Type : Unknown
Capacity : 2048 MB

Form Factor: DIMM
Type : Unknown
Capacity : 2048 MB

Form Factor: DIMM
Type : Unknown
Capacity : 2048 MB

Form Factor: DIMM
Type : Unknown
Capacity : 4096 MB
24272 (2) - Network Interfaces Enumeration (WMI)
Synopsis
Nessus was able to obtain the list of network interfaces on the remote host.
Description
Nessus was able, via WMI queries, to extract a list of network interfaces on the remote host and the IP addresses attached to them.
Note that this plugin only enumerates IPv6 addresses for systems running Windows Vista or later.
See Also
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2007/02/03, Modified: 2018/04/18
Plugin Output

10.0.0.14 (tcp/0)

+ Network Interface Information :

- Network Interface = [00000006] VMware Accelerated AMD PCNet Adapter
- MAC Address = 00:50:56:97:5A:A3
- IPAddress/IPSubnet = 10.0.0.14/255.255.255.0
- IPAddress/IPSubnet = fe80::a54d:c849:f133:6cb7/64


+ Routing Information :

Destination Netmask Gateway
----------- ------- -------
0.0.0.0 0.0.0.0 10.0.0.1
10.0.0.0 255.255.255.0 0.0.0.0
10.0.0.14 255.255.255.255 0.0.0.0
10.0.0.255 255.255.255.255 0.0.0.0
127.0.0.0 255.0.0.0 0.0.0.0
127.0.0.1 255.255.255.255 0.0.0.0
127.255.255.255 255.255.255.255 0.0.0.0
224.0.0.0 240.0.0.0 0.0.0.0
224.0.0.0 240.0.0.0 0.0.0.0
255.255.255.255 255.255.255.255 0.0.0.0
255.255.255.255 255.255.255.255 0.0.0.0

10.0.0.64 (tcp/0)

+ Network Interface Information :

- Network Interface = [00000007] Broadcom NetXtreme 57xx Gigabit Controller
- MAC Address = D0:67:E5:EE:F9:A7
- IPAddress/IPSubnet = 10.0.0.64/255.255.255.0
- IPAddress/IPSubnet = fe80::74c9:6af4:1882:8b05/64


+ Routing Information :

Destination Netmask Gateway
----------- ------- -------
0.0.0.0 0.0.0.0 10.0.0.1
10.0.0.0 255.255.255.0 0.0.0.0
10.0.0.64 255.255.255.255 0.0.0.0
10.0.0.255 255.255.255.255 0.0.0.0
127.0.0.0 255.0.0.0 0.0.0.0
127.0.0.1 255.255.255.255 0.0.0.0
127.255.255.255 255.255.255.255 0.0.0.0
224.0.0.0 240.0.0.0 0.0.0.0
224.0.0.0 240.0.0.0 0.0.0.0
255.255.255.255 255.255.255.255 0.0.0.0
255.255.255.255 255.255.255.255 0.0.0.0
28211 (2) - Flash Player Detection
Synopsis
The remote Windows host contains a browser enhancement for displaying multimedia content.
Description
There is at least one instance of Adobe Flash Player installed on the remote Windows host.
See Also
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2007/11/14, Modified: 2015/01/12
Plugin Output

10.0.0.14 (tcp/445)

Nessus found the following instances of Flash Player installed on the
remote host :

- ActiveX control (for Internet Explorer) :
C:\WINDOWS\system32\Macromed\Flash\Flash10p.ocx, 10.2.159.1

10.0.0.64 (tcp/445)

Nessus found the following instances of Flash Player installed on the
remote host :

- Browser Plugin (for Firefox / Netscape / Opera) :
C:\Windows\system32\Macromed\Flash\NPSWF64_26_0_0_151.dll, 26.0.0.151
- ActiveX control (for Internet Explorer) :
C:\Windows\system32\Macromed\Flash\Flash64_26_0_0_151.ocx, 26.0.0.151
33545 (2) - Oracle Java Runtime Environment (JRE) Detection
Synopsis
There is a Java runtime environment installed on the remote Windows host.
Description
One or more instances of Oracle's (formerly Sun's) Java Runtime Environment (JRE) is installed on the remote host. This may include private JREs bundled with the Java Development Kit (JDK).
See Also
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2008/07/18, Modified: 2018/04/20
Plugin Output

10.0.0.14 (tcp/445)


The following instance of Oracle's JRE is installed on the remote
host :

Path : C:\Program Files\Java\jre1.8.0_151
Version : 1.8.0_151

10.0.0.64 (tcp/445)


The following instances of Oracle's JRE are installed on the remote
host :

Path : C:\Program Files\Java\jre1.8.0_121
Version : 1.8.0_121

Path : C:\Program Files (x86)\Java\jre1.8.0_121
Version : 1.8.0_121
34096 (2) - BIOS Version (WMI)
Synopsis
The BIOS version could be read.
Description
It is possible to get information about the BIOS vendor and its version via the host's WMI interface.
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2008/09/05, Modified: 2018/04/18
Plugin Output

10.0.0.14 (tcp/0)


Vendor : Phoenix Technologies LTD
Version : 6.00
Release date : 20140414000000.000000+000
UUID : A4D01742-FA58-3373-DA1F-4153F1CEFC14

10.0.0.64 (tcp/0)


Vendor : Dell Inc.
Version : A17
Release date : 20130528000000.000000+000
UUID : 4C4C4544-0058-4B10-8039-C7C04F4A5331
38153 (2) - Microsoft Windows Summary of Missing Patches
Synopsis
The remote host is missing several Microsoft security patches.
Description
This plugin summarizes updates for Microsoft Security Bulletins or Knowledge Base (KB) security updates that have not been installed on the remote Windows host based on the results of either a credentialed check using the supplied credentials or a check done using a supported third-party patch management tool.

Review the summary and apply any missing updates in order to be up to date.
Solution
Run Windows Update on the remote host or use a patch management solution.
Risk Factor
None
Plugin Information:
Published: 2009/04/24, Modified: 2017/05/25
Plugin Output

10.0.0.14 (tcp/445)

The patches for the following bulletins or KBs are missing on the remote host :

- MS03-037 ( http://technet.microsoft.com/en-us/security/bulletin/ms03-037 )
- MS10-026 ( http://technet.microsoft.com/en-us/security/bulletin/ms10-026 )
- MS13-045 ( http://technet.microsoft.com/en-us/security/bulletin/ms13-045 )
- MS15-124 ( http://technet.microsoft.com/en-us/security/bulletin/ms15-124 )
- KB4021558 ( https://support.microsoft.com/en-us/help/4021558 )
- KB4025872 ( https://support.microsoft.com/en-us/help/4025872 )
- KB4041086 ( https://support.microsoft.com/en-us/help/4041086 )
- KB4041093 ( https://support.microsoft.com/en-us/help/4041093 )
- KB4041086 ( https://support.microsoft.com/en-us/help/4041086 )
- KB4041093 ( https://support.microsoft.com/en-us/help/4041093 )
- KB4054174 ( https://support.microsoft.com/en-us/help/4054174 )
- KB4054996 ( https://support.microsoft.com/en-us/help/4054996 )
- KB4089453 ( https://support.microsoft.com/en-us/help/4089453 )
- KB4091756 ( https://support.microsoft.com/en-us/help/4091756 )
- KB4092946 ( https://support.microsoft.com/en-us/help/4092946 )
- KB4093223 ( https://support.microsoft.com/en-us/help/4093223 )
- KB4093224 ( https://support.microsoft.com/en-us/help/4093224 )
- KB4093227 ( https://support.microsoft.com/en-us/help/4093227 )
- KB4093257 ( https://support.microsoft.com/en-us/help/4093257 )
- KB4093478 ( https://support.microsoft.com/en-us/help/4093478 )

10.0.0.64 (tcp/445)

The patches for the following bulletins or KBs are missing on the remote host :

- MS13-045 ( http://technet.microsoft.com/en-us/security/bulletin/ms13-045 )
- MS15-124 ( http://technet.microsoft.com/en-us/security/bulletin/ms15-124 )
- MS16-087 ( http://technet.microsoft.com/en-us/security/bulletin/ms16-087 )
- KB4021558 ( https://support.microsoft.com/en-us/help/4021558 )
- KB4036586 ( https://support.microsoft.com/en-us/help/4036586 )
- KB4038777 ( https://support.microsoft.com/en-us/help/4038777 )
- KB4038779 ( https://support.microsoft.com/en-us/help/4038779 )
- KB4041083 ( https://support.microsoft.com/en-us/help/4041083 )
- KB4041090 ( https://support.microsoft.com/en-us/help/4041090 )
- KB4040685 ( https://support.microsoft.com/en-us/help/4040685 )
- KB4041678 ( https://support.microsoft.com/en-us/help/4041678 )
- KB4041681 ( https://support.microsoft.com/en-us/help/4041681 )
- KB4047206 ( https://support.microsoft.com/en-us/help/4047206 )
- KB4048957 ( https://support.microsoft.com/en-us/help/4048957 )
- KB4048960 ( https://support.microsoft.com/en-us/help/4048960 )
- KB4052978 ( https://support.microsoft.com/en-us/help/4052978 )
- KB4054518 ( https://support.microsoft.com/en-us/help/4054518 )
- KB4054521 ( https://support.microsoft.com/en-us/help/4054521 )
- KB4054183 ( https://support.microsoft.com/en-us/help/4054183 )
- KB4055002 ( https://support.microsoft.com/en-us/help/4055002 )
- KB4056568 ( https://support.microsoft.com/en-us/help/4056568 )
- KB4056894 ( https://support.microsoft.com/en-us/help/4056894 )
- KB4056897 ( https://support.microsoft.com/en-us/help/4056897 )
- KB4074587 ( https://support.microsoft.com/en-us/help/4074587 )
- KB4074598 ( https://support.microsoft.com/en-us/help/4074598 )
- KB4074736 ( https://support.microsoft.com/en-us/help/4074736 )
- KB4088875 ( https://support.microsoft.com/en-us/help/4088875 )
- KB4088878 ( https://support.microsoft.com/en-us/help/4088878 )
- KB4089187 ( https://support.microsoft.com/en-us/help/4089187 )
- KB4100480 ( https://support.microsoft.com/en-us/help/4100480 )
- KB4092946 ( https://support.microsoft.com/en-us/help/4092946 )
- KB4093108 ( https://support.microsoft.com/en-us/help/4093108 )
- KB4093118 ( https://support.microsoft.com/en-us/help/4093118 )
39446 (2) - Apache Tomcat Detection
Synopsis
The remote web server is an Apache Tomcat server.
Description
Nessus was able to detect a remote Apache Tomcat web server.
See Also
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2009/06/18, Modified: 2018/01/24
Plugin Output

10.0.0.47 (tcp/8443)


URL : https://10.0.0.47:8443/
Version : unknown

10.0.0.47 (tcp/9443)


URL : https://10.0.0.47:9443/
Version : unknown
42399 (2) - Microsoft Silverlight Detection
Synopsis
The remote host has Microsoft Silverlight installed.
Description
A version of Microsoft's Silverlight is installed on this host.

Microsoft Silverlight is a web application framework that provides functionalities similar to those in Adobe Flash, integrating multimedia, graphics, animations and interactivity into a single runtime environment.
See Also
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2009/11/05, Modified: 2015/01/12
Plugin Output

10.0.0.14 (tcp/445)


Path : C:\Program Files\Microsoft Silverlight\5.1.50907.0
Version : 5.1.50907.0

10.0.0.64 (tcp/445)


Path : c:\Program Files\Microsoft Silverlight\5.1.50907.0
Version : 5.1.50907.0
43829 (2) - Kerberos Information Disclosure
Synopsis
The remote Kerberos server is leaking information.
Description
Nessus was able to retrieve the realm name and/or server time of the remote Kerberos server.
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2010/01/08, Modified: 2015/09/24
Plugin Output

10.0.0.25 (tcp/88)


Nessus gathered the following information :

Server time : 2018-04-27 18:25:59 UTC
Realm : demo.ORG

10.0.0.27 (tcp/88)


Nessus gathered the following information :

Server time : 2018-04-27 18:27:18 UTC
Realm : demo.ORG
44401 (2) - Microsoft Windows SMB Service Config Enumeration
Synopsis
It was possible to enumerate configuration parameters of remote services.
Description
Nessus was able to obtain, via the SMB protocol, the launch parameters of each active service on the remote host (executable path, logon type, etc.).
Solution
Ensure that each service is configured properly.
Risk Factor
None
Plugin Information:
Published: 2010/02/05, Modified: 2017/06/14
Plugin Output

10.0.0.14 (tcp/445)


The following services are set to start automatically :

AeLookupSvc startup parameters :
Display name : Application Experience
Service name : AeLookupSvc
Log on as : localSystem
Executable path : C:\Windows\system32\svchost.exe -k netsvcs

AppHostSvc startup parameters :
Display name : Application Host Helper Service
Service name : AppHostSvc
Log on as : localSystem
Executable path : C:\Windows\system32\svchost.exe -k apphost

BFE startup parameters :
Display name : Base Filtering Engine
Service name : BFE
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
Dependencies : RpcSs/

BITS startup parameters :
Display name : Background Intelligent Transfer Service
Service name : BITS
Log on as : LocalSystem
Executable path : C:\Windows\System32\svchost.exe -k netsvcs
Dependencies : RpcSs/EventSystem/

CryptSvc startup parameters :
Display name : Cryptographic Services
Service name : CryptSvc
Log on as : NT Authority\NetworkService
Executable path : C:\Windows\system32\svchost.exe -k NetworkService
Dependencies : RpcSs/

Dhcp startup parameters :
Display name : DHCP Client
Service name : Dhcp
Log on as : NT Authority\LocalService
Executable path : C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted
Dependencies : NSI/Tdx/Afd/

Dnscache startup parameters :
Display name : DNS Client
Service name : Dnscache
Log on as : NT AUTHORITY\NetworkService
Executable path : C:\Windows\system32\svchost.exe -k NetworkService
Dependencies : Tdx/

EventLog startup parameters :
Display name : Windows Event Log
Service name : EventLog
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

EventSystem startup parameters :
Display name : COM+ Event System
Service name : EventSystem
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\system32\svchost.exe -k LocalService
Dependencies : rpcss/

FontCache startup parameters :
Display name : Windows Font Cache Service
Service name : FontCache
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

IISADMIN startup parameters :
Display name : IIS Admin Service
Service name : IISADMIN
Log on as : localSystem
Executable path : C:\Windows\system32\inetsrv\inetinfo.exe
Dependencies : RPCSS/SamSS/HTTP/

IKEEXT startup parameters :
Display name : IKE and AuthIP IPsec Keying Modules
Service name : IKEEXT
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k netsvcs
Dependencies : BFE/

KtmRm startup parameters :
Display name : KtmRm for Distributed Transaction Coordinator
Service name : KtmRm
Log on as : NT AUTHORITY\NetworkService
Executable path : C:\Windows\System32\svchost.exe -k NetworkService
Dependencies : RPCSS/SamSS/

LanmanServer startup parameters :
Display name : Server
Service name : LanmanServer
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k netsvcs
Dependencies : SamSS/Srv/

LanmanWorkstation startup parameters :
Display name : Workstation
Service name : LanmanWorkstation
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\System32\svchost.exe -k LocalService
Dependencies : Bowser/MRxSmb10/MRxSmb20/NSI/

MSFTPSVC startup parameters :
Display name : FTP Publishing Service
Service name : MSFTPSVC
Log on as : localSystem
Executable path : C:\Windows\system32\inetsrv\inetinfo.exe
Dependencies : IISADMIN/

MpsSvc startup parameters :
Display name : Windows Firewall
Service name : MpsSvc
Log on as : NT Authority\LocalService
Executable path : C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
Dependencies : mpsdrv/bfe/

Netlogon startup parameters :
Display name : Netlogon
Service name : Netlogon
Log on as : LocalSystem
Executable path : C:\Windows\system32\lsass.exe
Dependencies : LanmanWorkstation/

NlaSvc startup parameters :
Display name : Network Location Awareness
Service name : NlaSvc
Log on as : NT AUTHORITY\NetworkService
Executable path : C:\Windows\System32\svchost.exe -k NetworkService
Dependencies : NSI/RpcSs/TcpIp/

PlugPlay startup parameters :
Display name : Plug and Play
Service name : PlugPlay
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k DcomLaunch

PolicyAgent startup parameters :
Display name : IPsec Policy Agent
Service name : PolicyAgent
Log on as : NT Authority\NetworkService
Executable path : C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
Dependencies : Tcpip/bfe/

ProfSvc startup parameters :
Display name : User Profile Service
Service name : ProfSvc
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k netsvcs
Dependencies : RpcSs/

RemoteRegistry startup parameters :
Display name : Remote Registry
Service name : RemoteRegistry
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\system32\svchost.exe -k regsvc
Dependencies : RPCSS/

RpcSs startup parameters :
Display name : Remote Procedure Call (RPC)
Service name : RpcSs
Log on as : NT AUTHORITY\NetworkService
Executable path : C:\Windows\system32\svchost.exe -k rpcss
Dependencies : DcomLaunch/

SENS startup parameters :
Display name : System Event Notification Service
Service name : SENS
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k netsvcs
Dependencies : EventSystem/

SNMP startup parameters :
Display name : SNMP Service
Service name : SNMP
Log on as : LocalSystem
Executable path : C:\Windows\System32\snmp.exe

SamSs startup parameters :
Display name : Security Accounts Manager
Service name : SamSs
Log on as : LocalSystem
Executable path : C:\Windows\system32\lsass.exe
Dependencies : RPCSS/

Schedule startup parameters :
Display name : Task Scheduler
Service name : Schedule
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k netsvcs
Dependencies : RPCSS/EventLog/

SentinelKeysServer startup parameters :
Display name : Sentinel Keys Server
Service name : SentinelKeysServer
Log on as : LocalSystem
Executable path : "C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe"

SentinelProtectionServer startup parameters :
Display name : Sentinel Protection Server
Service name : SentinelProtectionServer
Log on as : LocalSystem
Executable path : "C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe"

SharedAccess startup parameters :
Display name : Internet Connection Sharing (ICS)
Service name : SharedAccess
Log on as : LocalSystem
Executable path : C:\Windows\System32\svchost.exe -k netsvcs
Dependencies : Netman/WinMgmt/RasMan/BFE/

ShellHWDetection startup parameters :
Display name : Shell Hardware Detection
Service name : ShellHWDetection
Log on as : LocalSystem
Executable path : C:\Windows\System32\svchost.exe -k netsvcs
Dependencies : RpcSs/

Spooler startup parameters :
Display name : Print Spooler
Service name : Spooler
Log on as : LocalSystem
Executable path : C:\Windows\System32\spoolsv.exe
Dependencies : RPCSS/http/

SrmSvc startup parameters :
Display name : File Server Resource Manager
Service name : SrmSvc
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost -k srmsvcs
Dependencies : RPCSS/

TBS startup parameters :
Display name : TPM Base Services
Service name : TBS
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\System32\svchost.exe -k LocalService

TermService startup parameters :
Display name : Terminal Services
Service name : TermService
Log on as : NT Authority\NetworkService
Executable path : C:\Windows\System32\svchost.exe -k NetworkService
Dependencies : RPCSS/TermDD/

TrkWks startup parameters :
Display name : Distributed Link Tracking Client
Service name : TrkWks
Log on as : LocalSystem
Executable path : C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
Dependencies : RpcSs/

UxSms startup parameters :
Display name : Desktop Window Manager Session Manager
Service name : UxSms
Log on as : localSystem
Executable path : C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

VMTools startup parameters :
Display name : VMware Tools
Service name : VMTools
Log on as : LocalSystem
Executable path : "C:\Program Files\VMware\VMware Tools\vmtoolsd.exe"

VoicemailProServer startup parameters :
Display name : Voicemail Pro Service
Service name : VoicemailProServer
Log on as : .\avaya
Executable path : "C:\Program Files\Avaya\IP Office\Voicemail Pro\VM\vmprov5svc.exe"
Dependencies : RPCSS/

W32Time startup parameters :
Display name : Windows Time
Service name : W32Time
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\system32\svchost.exe -k LocalService

W3SVC startup parameters :
Display name : World Wide Web Publishing Service
Service name : W3SVC
Log on as : localSystem
Executable path : C:\Windows\system32\svchost.exe -k iissvcs
Dependencies : WAS/HTTP/

Wecsvc startup parameters :
Display name : Windows Event Collector
Service name : Wecsvc
Log on as : NT AUTHORITY\NetworkService
Executable path : C:\Windows\system32\svchost.exe -k NetworkService
Dependencies : HTTP/Eventlog/

WerSvc startup parameters :
Display name : Windows Error Reporting Service
Service name : WerSvc
Log on as : localSystem
Executable path : C:\Windows\System32\svchost.exe -k WerSvcGroup

WinRM startup parameters :
Display name : Windows Remote Management (WS-Management)
Service name : WinRM
Log on as : NT AUTHORITY\NetworkService
Executable path : C:\Windows\System32\svchost.exe -k NetworkService
Dependencies : RPCSS/HTTP/

Winmgmt startup parameters :
Display name : Windows Management Instrumentation
Service name : Winmgmt
Log on as : localSystem
Executable path : C:\Windows\system32\svchost.exe -k netsvcs
Dependencies : RPCSS/

clr_optimization_v4.0.30319_32 startup parameters :
Display name : Microsoft .NET Framework NGEN v4.0.30319_X86
Service name : clr_optimization_v4.0.30319_32
Log on as : LocalSystem
Executable path : C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

iphlpsvc startup parameters :
Display name : IP Helper
Service name : iphlpsvc
Log on as : LocalSystem
Executable path : C:\Windows\System32\svchost.exe -k NetSvcs
Dependencies : RpcSS/Tdx/winmgmt/tcpip/nsi/

lmhosts startup parameters :
Display name : TCP/IP NetBIOS Helper
Service name : lmhosts
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted
Dependencies : NetBT/Afd/

netprofm startup parameters :
Display name : Network List Service
Service name : netprofm
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\System32\svchost.exe -k LocalService
Dependencies : RpcSs/nlasvc/

nsi startup parameters :
Display name : Network Store Interface Service
Service name : nsi
Log on as : NT Authority\LocalService
Executable path : C:\Windows\system32\svchost.exe -k LocalService
Dependencies : nsiproxy/

seclogon startup parameters :
Display name : Secondary Logon
Service name : seclogon
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k netsvcs

slsvc startup parameters :
Display name : Software Licensing
Service name : slsvc
Log on as : NT AUTHORITY\NetworkService
Executable path : C:\Windows\system32\SLsvc.exe
Dependencies : RpcSs/

wlidsvc startup parameters :
Display name : Windows Live ID Sign-in Assistant
Service name : wlidsvc
Log on as : LocalSystem
Executable path : "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
Dependencies : RpcSs/

wuauserv startup parameters :
Display name : Windows Update
Service name : wuauserv
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k netsvcs
Dependencies : rpcss/

The following services must be started manually :

ALG startup parameters :
Display name : Application Layer Gateway Service
Service name : ALG
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\System32\alg.exe

AppMgmt startup parameters :
Display name : Application Management
Service name : AppMgmt
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k netsvcs

Appinfo startup parameters :
Display name : Application Information
Service name : Appinfo
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k netsvcs
Dependencies : RpcSs/ProfSvc/

AudioEndpointBuilder startup parameters :
Display name : Windows Audio Endpoint Builder
Service name : AudioEndpointBuilder
Log on as : LocalSystem
Executable path : C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
Dependencies : PlugPlay/

Audiosrv startup parameters :
Display name : Windows Audio
Service name : Audiosrv
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
Dependencies : AudioEndpointBuilder/RpcSs/MMCSS/

COMSysApp startup parameters :
Display name : COM+ System Application
Service name : COMSysApp
Log on as : LocalSystem
Executable path : C:\Windows\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
Dependencies : RpcSs/EventSystem/SENS/

Dfs startup parameters :
Display name : DFS Namespace
Service name : Dfs
Log on as : LocalSystem
Executable path : C:\Windows\system32\dfssvc.exe
Dependencies : LanmanWorkstation/LanmanServer/DfsDriver/Mup/SamSS/RemoteRegistry/

EapHost startup parameters :
Display name : Extensible Authentication Protocol
Service name : EapHost
Log on as : localSystem
Executable path : C:\Windows\System32\svchost.exe -k netsvcs
Dependencies : RPCSS/KeyIso/

FCRegSvc startup parameters :
Display name : Microsoft Fibre Channel Platform Registration Service
Service name : FCRegSvc
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted

FDResPub startup parameters :
Display name : Function Discovery Resource Publication
Service name : FDResPub
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\system32\svchost.exe -k LocalService
Dependencies : RpcSs/http/

FontCache3.0.0.0 startup parameters :
Display name : Windows Presentation Foundation Font Cache 3.0.0.0
Service name : FontCache3.0.0.0
Log on as : NT Authority\LocalService
Executable path : C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

KeyIso startup parameters :
Display name : CNG Key Isolation
Service name : KeyIso
Log on as : LocalSystem
Executable path : C:\Windows\system32\lsass.exe
Dependencies : RpcSs/

MBFWorkflowService startup parameters :
Display name : Microsoft Business Framework queued work item service
Service name : MBFWorkflowService
Log on as : NT AUTHORITY\NetworkService
Executable path : C:\inetpub\wwwroot\bin\QueuedWorkItemService.exe

MMCSS startup parameters :
Display name : Multimedia Class Scheduler
Service name : MMCSS
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k netsvcs

MSiSCSI startup parameters :
Display name : Microsoft iSCSI Initiator Service
Service name : MSiSCSI
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k netsvcs

Netman startup parameters :
Display name : Network Connections
Service name : Netman
Log on as : LocalSystem
Executable path : C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
Dependencies : RpcSs/nsi/

NtmsSvc startup parameters :
Display name : Removable Storage
Service name : NtmsSvc
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k rsmsvcs
Dependencies : RpcSs/

ProtectedStorage startup parameters :
Display name : Protected Storage
Service name : ProtectedStorage
Log on as : LocalSystem
Executable path : C:\Windows\system32\lsass.exe
Dependencies : RpcSs/

RSoPProv startup parameters :
Display name : Resultant Set of Policy Provider
Service name : RSoPProv
Log on as : LocalSystem
Executable path : C:\Windows\system32\RSoPProv.exe
Dependencies : RPCSS/

RasAuto startup parameters :
Display name : Remote Access Auto Connection Manager
Service name : RasAuto
Log on as : localSystem
Executable path : C:\Windows\System32\svchost.exe -k netsvcs
Dependencies : RasMan/TapiSrv/

RasMan startup parameters :
Display name : Remote Access Connection Manager
Service name : RasMan
Log on as : localSystem
Executable path : C:\Windows\System32\svchost.exe -k netsvcs
Dependencies : Tapisrv/SstpSvc/

RpcLocator startup parameters :
Display name : Remote Procedure Call (RPC) Locator
Service name : RpcLocator
Log on as : NT AUTHORITY\NetworkService
Executable path : C:\Windows\system32\locator.exe

Rqs startup parameters :
Display name : Remote Access Quarantine Agent
Service name : Rqs
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\system32\rqs.exe
Dependencies : remoteAccess/

SLUINotify startup parameters :
Display name : SL UI Notification Service
Service name : SLUINotify
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\system32\svchost.exe -k LocalService
Dependencies : SLSvc/netprofm/EventSystem/

SNMPTRAP startup parameters :
Display name : SNMP Trap
Service name : SNMPTRAP
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\System32\snmptrap.exe

SessionEnv startup parameters :
Display name : Terminal Services Configuration
Service name : SessionEnv
Log on as : localSystem
Executable path : C:\Windows\System32\svchost.exe -k netsvcs
Dependencies : RPCSS/LanmanWorkstation/

SrmReports startup parameters :
Display name : File Server Storage Reports Manager
Service name : SrmReports
Log on as : LocalSystem
Executable path : C:\Windows\system32\srmhost.exe
Dependencies : RPCSS/

SstpSvc startup parameters :
Display name : Secure Socket Tunneling Protocol Service
Service name : SstpSvc
Log on as : NT Authority\LocalService
Executable path : C:\Windows\system32\svchost.exe -k LocalService

THREADORDER startup parameters :
Display name : Thread Ordering Server
Service name : THREADORDER
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\system32\svchost.exe -k LocalService

TapiSrv startup parameters :
Display name : Telephony
Service name : TapiSrv
Log on as : NT AUTHORITY\NetworkService
Executable path : C:\Windows\System32\svchost.exe -k tapisrv
Dependencies : PlugPlay/RpcSs/

UI0Detect startup parameters :
Display name : Interactive Services Detection
Service name : UI0Detect
Log on as : LocalSystem
Executable path : C:\Windows\system32\UI0Detect.exe

UmRdpService startup parameters :
Display name : Terminal Services UserMode Port Redirector
Service name : UmRdpService
Log on as : localSystem
Executable path : C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
Dependencies : TermService/

VSS startup parameters :
Display name : Volume Shadow Copy
Service name : VSS
Log on as : LocalSystem
Executable path : C:\Windows\system32\vssvc.exe
Dependencies : RPCSS/

WAS startup parameters :
Display name : Windows Process Activation Service
Service name : WAS
Log on as : localSystem
Executable path : C:\Windows\system32\svchost.exe -k iissvcs
Dependencies : RPCSS/

WMSvc startup parameters :
Display name : Web Management Service
Service name : WMSvc
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\system32\inetsrv\wmsvc.exe
Dependencies : HTTP/

WPDBusEnum startup parameters :
Display name : Portable Device Enumerator Service
Service name : WPDBusEnum
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
Dependencies : RpcSs/

WPFFontCache_v0400 startup parameters :
Display name : Windows Presentation Foundation Font Cache 4.0.0.0
Service name : WPFFontCache_v0400
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe

WcsPlugInService startup parameters :
Display name : Windows Color System
Service name : WcsPlugInService
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\system32\svchost.exe -k wcssvc
Dependencies : RpcSs/

WinHttpAutoProxySvc startup parameters :
Display name : WinHTTP Web Proxy Auto-Discovery Service
Service name : WinHttpAutoProxySvc
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\system32\svchost.exe -k LocalService
Dependencies : Dhcp/

dot3svc startup parameters :
Display name : Wired AutoConfig
Service name : dot3svc
Log on as : localSystem
Executable path : C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
Dependencies : RpcSs/Ndisuio/Eaphost/

fdPHost startup parameters :
Display name : Function Discovery Provider Host
Service name : fdPHost
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\system32\svchost.exe -k LocalService
Dependencies : RpcSs/http/

fsssvc startup parameters :
Display name : Windows Live Family Safety Service
Service name : fsssvc
Log on as : LocalSystem
Executable path : "C:\Program Files\Windows Live\Family Safety\fsssvc.exe"
Dependencies : rpcss/

hidserv startup parameters :
Display name : Human Interface Device Access
Service name : hidserv
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted

hkmsvc startup parameters :
Display name : Health Key and Certificate Management
Service name : hkmsvc
Log on as : localSystem
Executable path : C:\Windows\System32\svchost.exe -k netsvcs
Dependencies : RpcSs/

lltdsvc startup parameters :
Display name : Link-Layer Topology Discovery Mapper
Service name : lltdsvc
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\System32\svchost.exe -k LocalService
Dependencies : rpcss/lltdio/

msiserver startup parameters :
Display name : Windows Installer
Service name : msiserver
Log on as : LocalSystem
Executable path : C:\Windows\system32\msiexec /V
Dependencies : rpcss/

napagent startup parameters :
Display name : Network Access Protection Agent
Service name : napagent
Log on as : NT AUTHORITY\NetworkService
Executable path : C:\Windows\System32\svchost.exe -k NetworkService
Dependencies : RpcSs/

pla startup parameters :
Display name : Performance Logs & Alerts
Service name : pla
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
Dependencies : RPCSS/

sacsvr startup parameters :
Display name : Special Administration Console Helper
Service name : sacsvr
Log on as : LocalSystem
Executable path : C:\Windows\System32\svchost.exe -k netsvcs

swprv startup parameters :
Display name : Microsoft Software Shadow Copy Provider
Service name : swprv
Log on as : LocalSystem
Executable path : C:\Windows\System32\svchost.exe -k swprv
Dependencies : RPCSS/

vds startup parameters :
Display name : Virtual Disk
Service name : vds
Log on as : LocalSystem
Executable path : C:\Windows\System32\vds.exe
Dependencies : RpcSs/PlugPlay/

vmvss startup parameters :
Display name : VMware Snapshot Provider
Service name : vmvss
Log on as : LocalSystem
Executable path : C:\Windows\system32\dllhost.exe /Processid:{4C5C4D33-5B21-48ED-97D7-847C6235A2AC}
Dependencies : rpcss/

wercplsupport startup parameters :
Display name : Problem Reports and Solutions Control Panel Support
Service name : wercplsupport
Log on as : localSystem
Executable path : C:\Windows\System32\svchost.exe -k netsvcs

wmiApSrv startup parameters :
Display name : WMI Performance Adapter
Service name : wmiApSrv
Log on as : localSystem
Executable path : C:\Windows\system32\wbem\WmiApSrv.exe

wudfsvc startup parameters :
Display name : Windows Driver Foundation - User-mode Driver Framework
Service name : wudfsvc
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
Dependencies : PlugPlay/WudfPf/

The following services are disabled :

Browser startup parameters :
Display name : Computer Browser
Service name : Browser
Log on as : LocalSystem
Executable path : C:\Windows\System32\svchost.exe -k netsvcs
Dependencies : LanmanWorkstation/LanmanServer/

CscService startup parameters :
Display name : Offline Files
Service name : CscService
Log on as : LocalSystem
Executable path : C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
Dependencies : RpcSs/

HPMfpDigitalSendingSoftware startup parameters :
Display name : HP MFP Digital Sending Software
Service name : HPMfpDigitalSendingSoftware
Log on as : LocalSystem
Executable path : C:\Program Files\Hewlett-Packard\HP MFP Digital Sending Software\hpbs2e.exe
Dependencies : Tcpip/RpcSs/EventLog/ntlmssp/MSSQL$HPDSDB/

IPBusEnum startup parameters :
Display name : PnP-X IP Bus Enumerator
Service name : IPBusEnum
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
Dependencies : RpcSs/fdPHost/

NetMsmqActivator startup parameters :
Display name : Net.Msmq Listener Adapter
Service name : NetMsmqActivator
Log on as : NT AUTHORITY\NetworkService
Executable path : "C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe" -NetMsmqActivator
Dependencies : was/msmq/

NetPipeActivator startup parameters :
Display name : Net.Pipe Listener Adapter
Service name : NetPipeActivator
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
Dependencies : was/

NetTcpActivator startup parameters :
Display name : Net.Tcp Listener Adapter
Service name : NetTcpActivator
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
Dependencies : was/NetTcpPortSharing/

NetTcpPortSharing startup parameters :
Display name : Net.Tcp Port Sharing Service
Service name : NetTcpPortSharing
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe

RemoteAccess startup parameters :
Display name : Routing and Remote Access
Service name : RemoteAccess
Log on as : localSystem
Executable path : C:\Windows\System32\svchost.exe -k netsvcs
Dependencies : RpcSS/Bfe/RasMan/Http/+NetBIOSGroup/

SSDPSRV startup parameters :
Display name : SSDP Discovery
Service name : SSDPSRV
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\system32\svchost.exe -k LocalService
Dependencies : HTTP/

SysMain startup parameters :
Display name : Superfetch
Service name : SysMain
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
Dependencies : rpcss/fileinfo/

Themes startup parameters :
Display name : Themes
Service name : Themes
Log on as : LocalSystem
Executable path : C:\Windows\System32\svchost.exe -k netsvcs

TlntSvr startup parameters :
Display name : Telnet
Service name : TlntSvr
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\System32\tlntsvr.exe
Dependencies : RPCSS/TCPIP/

aspnet_state startup parameters :
Display name : ASP.NET State Service
Service name : aspnet_state
Log on as : NT AUTHORITY\NetworkService
Executable path : C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe

clr_optimization_v2.0.50727_32 startup parameters :
Display name : Microsoft .NET Framework NGEN v2.0.50727_X86
Service name : clr_optimization_v2.0.50727_32
Log on as : LocalSystem
Executable path : C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

upnphost startup parameters :
Display name : UPnP Device Host
Service name : upnphost
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\system32\svchost.exe -k LocalService
Dependencies : SSDPSRV/HTTP/

wlcrasvc startup parameters :
Display name : Windows Live Mesh remote connections service
Service name : wlcrasvc
Log on as : LocalSystem
Executable path : "C:\Program Files\Windows Live\Mesh\wlcrasvc.exe"

10.0.0.64 (tcp/445)


The following services are set to start automatically :

AMD External Events Utility startup parameters :
Display name : AMD External Events Utility
Service name : AMD External Events Utility
Log on as : LocalSystem
Executable path : C:\Windows\system32\atiesrxx.exe

AdobeARMservice startup parameters :
Display name : Adobe Acrobat Update Service
Service name : AdobeARMservice
Log on as : LocalSystem
Executable path : "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"

AudioEndpointBuilder startup parameters :
Display name : Windows Audio Endpoint Builder
Service name : AudioEndpointBuilder
Log on as : LocalSystem
Executable path : C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
Dependencies : PlugPlay/

AudioSrv startup parameters :
Display name : Windows Audio
Service name : AudioSrv
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
Dependencies : AudioEndpointBuilder/RpcSs/MMCSS/

BFE startup parameters :
Display name : Base Filtering Engine
Service name : BFE
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
Dependencies : RpcSs/

CryptSvc startup parameters :
Display name : Cryptographic Services
Service name : CryptSvc
Log on as : NT Authority\NetworkService
Executable path : C:\Windows\system32\svchost.exe -k NetworkService
Dependencies : RpcSs/

CscService startup parameters :
Display name : Offline Files
Service name : CscService
Log on as : LocalSystem
Executable path : C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
Dependencies : RpcSs/

DDService startup parameters :
Display name : Drobo Dashboard Service
Service name : DDService
Log on as : LocalSystem
Executable path : "C:\Program Files (x86)\Drobo\Drobo Dashboard\DDService.exe"

Dhcp startup parameters :
Display name : DHCP Client
Service name : Dhcp
Log on as : NT Authority\LocalService
Executable path : C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted
Dependencies : NSI/Tdx/Afd/

DiagTrack startup parameters :
Display name : Diagnostics Tracking Service
Service name : DiagTrack
Log on as : LocalSystem
Executable path : C:\Windows\System32\svchost.exe -k utcsvc
Dependencies : RpcSs/

Dnscache startup parameters :
Display name : DNS Client
Service name : Dnscache
Log on as : NT AUTHORITY\NetworkService
Executable path : C:\Windows\system32\svchost.exe -k NetworkService
Dependencies : Tdx/nsi/

EventSystem startup parameters :
Display name : COM+ Event System
Service name : EventSystem
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\system32\svchost.exe -k LocalService
Dependencies : rpcss/

FontCache startup parameters :
Display name : Windows Font Cache Service
Service name : FontCache
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\system32\svchost.exe -k LocalService

IAStorDataMgrSvc startup parameters :
Display name : Intel(R) Rapid Storage Technology
Service name : IAStorDataMgrSvc
Log on as : LocalSystem
Executable path : "C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe"
Dependencies : winmgmt/

IKEEXT startup parameters :
Display name : IKE and AuthIP IPsec Keying Modules
Service name : IKEEXT
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k netsvcs
Dependencies : BFE/

KeyServ startup parameters :
Display name : Key Server
Service name : KeyServ
Log on as : LocalSystem
Executable path : C:\Program Files (x86)\Avaya\IP Office\KeyServe\KeyServe.exe

LMIGuardianSvc startup parameters :
Display name : LMIGuardianSvc
Service name : LMIGuardianSvc
Log on as : LocalSystem
Executable path : "C:\Program Files (x86)\LogMeIn Rescue Technician Console\LogMeInRescueTechnicianConsole_x64\LMIGuardianSvc.exe"
Dependencies : RPCSS/

LanmanServer startup parameters :
Display name : Server
Service name : LanmanServer
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k netsvcs
Dependencies : SamSS/Srv/

LanmanWorkstation startup parameters :
Display name : Workstation
Service name : LanmanWorkstation
Log on as : NT AUTHORITY\NetworkService
Executable path : C:\Windows\System32\svchost.exe -k NetworkService
Dependencies : Bowser/MRxSmb10/MRxSmb20/NSI/

MBAMService startup parameters :
Display name : Malwarebytes Service
Service name : MBAMService
Log on as : LocalSystem
Executable path : "C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe"
Dependencies : RPCSS/WINMGMT/

MMCSS startup parameters :
Display name : Multimedia Class Scheduler
Service name : MMCSS
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k netsvcs

MSSQL$VEEAMSQL2012 startup parameters :
Display name : SQL Server (VEEAMSQL2012)
Service name : MSSQL$VEEAMSQL2012
Log on as : LocalSystem
Executable path : "c:\Program Files\Microsoft SQL Server\MSSQL11.VEEAMSQL2012\MSSQL\Binn\sqlservr.exe" -sVEEAMSQL2012

MSiSCSI startup parameters :
Display name : Microsoft iSCSI Initiator Service
Service name : MSiSCSI
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k netsvcs

MpsSvc startup parameters :
Display name : Windows Firewall
Service name : MpsSvc
Log on as : NT Authority\LocalService
Executable path : C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
Dependencies : mpsdrv/bfe/

MySQL55 startup parameters :
Display name : MySQL55
Service name : MySQL55
Log on as : LocalSystem
Executable path : "C:\Program Files\MySQL\MySQL Server 5.5\bin\mysqld" --defaults-file="C:\ProgramData\MySQL\MySQL Server 5.5\my.ini" MySQL55

Netlogon startup parameters :
Display name : Netlogon
Service name : Netlogon
Log on as : LocalSystem
Executable path : C:\Windows\system32\lsass.exe
Dependencies : LanmanWorkstation/

NlaSvc startup parameters :
Display name : Network Location Awareness
Service name : NlaSvc
Log on as : NT AUTHORITY\NetworkService
Executable path : C:\Windows\System32\svchost.exe -k NetworkService
Dependencies : NSI/RpcSs/TcpIp/

PcaSvc startup parameters :
Display name : Program Compatibility Assistant Service
Service name : PcaSvc
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
Dependencies : RpcSs/

PlugPlay startup parameters :
Display name : Plug and Play
Service name : PlugPlay
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k DcomLaunch

Power startup parameters :
Display name : Power
Service name : Power
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k DcomLaunch

ProfSvc startup parameters :
Display name : User Profile Service
Service name : ProfSvc
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k netsvcs
Dependencies : RpcSs/

RoxWatch12 startup parameters :
Display name : Roxio Hard Drive Watcher 12
Service name : RoxWatch12
Log on as : LocalSystem
Executable path : "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe"

SENS startup parameters :
Display name : System Event Notification Service
Service name : SENS
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k netsvcs
Dependencies : EventSystem/

SQLBrowser startup parameters :
Display name : SQL Server Browser
Service name : SQLBrowser
Log on as : NT AUTHORITY\LOCALSERVICE
Executable path : "c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe"

SQLWriter startup parameters :
Display name : SQL Server VSS Writer
Service name : SQLWriter
Log on as : LocalSystem
Executable path : "c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe"

SamSs startup parameters :
Display name : Security Accounts Manager
Service name : SamSs
Log on as : LocalSystem
Executable path : C:\Windows\system32\lsass.exe
Dependencies : RPCSS/

SharedAccess startup parameters :
Display name : Internet Connection Sharing (ICS)
Service name : SharedAccess
Log on as : LocalSystem
Executable path : C:\Windows\System32\svchost.exe -k netsvcs
Dependencies : Netman/WinMgmt/RasMan/BFE/

ShellHWDetection startup parameters :
Display name : Shell Hardware Detection
Service name : ShellHWDetection
Log on as : LocalSystem
Executable path : C:\Windows\System32\svchost.exe -k netsvcs
Dependencies : RpcSs/

SkypeUpdate startup parameters :
Display name : Skype Updater
Service name : SkypeUpdate
Log on as : LocalSystem
Executable path : "C:\Program Files (x86)\Skype\Updater\Updater.exe"
Dependencies : RpcSs/

Spooler startup parameters :
Display name : Print Spooler
Service name : Spooler
Log on as : LocalSystem
Executable path : C:\Windows\System32\spoolsv.exe
Dependencies : RPCSS/http/

SsPaAdm startup parameters :
Display name : Symantec.cloud Cloud Agent
Service name : SsPaAdm
Log on as : LocalSystem
Executable path : "C:\Program Files\Symantec.cloud\PlatformAgent\ccSvcHst.exe" /s SsPaAdm /m "C:\Program Files\Symantec.cloud\PlatformAgent\ssPlComm.dll" /m "C:\Program Files\Symantec.cloud\PlatformAgent\ssPlAdm.dll"
Dependencies : RpcSs/

SysMain startup parameters :
Display name : Superfetch
Service name : SysMain
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
Dependencies : rpcss/fileinfo/

TdmService startup parameters :
Display name : TdmService
Service name : TdmService
Log on as : LocalSystem
Executable path : "C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe"
Dependencies : RpcSs/

Themes startup parameters :
Display name : Themes
Service name : Themes
Log on as : LocalSystem
Executable path : C:\Windows\System32\svchost.exe -k netsvcs

TrkWks startup parameters :
Display name : Distributed Link Tracking Client
Service name : TrkWks
Log on as : LocalSystem
Executable path : C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
Dependencies : RpcSs/

UxSms startup parameters :
Display name : Desktop Window Manager Session Manager
Service name : UxSms
Log on as : localSystem
Executable path : C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

Veeam Backup Catalog Data Service startup parameters :
Display name : Veeam Backup Catalog Data Service
Service name : Veeam Backup Catalog Data Service
Log on as : LocalSystem
Executable path : "C:\Program Files\Veeam\Backup and Replication\Backup Catalog\Veeam.Backup.CatalogDataService.exe"
Dependencies : Winmgmt/

Veeam Backup and Replication Service startup parameters :
Display name : Veeam Backup Service
Service name : Veeam Backup and Replication Service
Log on as : LocalSystem
Executable path : "C:\Program Files\Veeam\Backup and Replication\Backup\Veeam.Backup.Service.exe"
Dependencies : Winmgmt/

VeeamCloudSvc startup parameters :
Display name : Veeam Cloud Connect Service
Service name : VeeamCloudSvc
Log on as : LocalSystem
Executable path : "C:\Program Files\Veeam\Backup and Replication\Backup\Veeam.Backup.CloudService.exe"
Dependencies : RpcSs/

VeeamDeploymentService startup parameters :
Display name : Veeam Installer Service
Service name : VeeamDeploymentService
Log on as : LocalSystem
Executable path : "C:\Program Files\Veeam\Backup and Replication\Backup\VeeamDeploymentSvc.exe" -port 6160
Dependencies : Winmgmt/

VeeamNFSSvc startup parameters :
Display name : Veeam vPower NFS Service
Service name : VeeamNFSSvc
Log on as : LocalSystem
Executable path : "C:\Program Files (x86)\Veeam\vPowerNFS\VeeamNFSSvc.exe"
Dependencies : Winmgmt/

VeeamTransportSvc startup parameters :
Display name : Veeam Data Mover Service
Service name : VeeamTransportSvc
Log on as : LocalSystem
Executable path : "C:\Program Files (x86)\Veeam\Backup Transport\VeeamTransportSvc.exe"
Dependencies : Winmgmt/

WSearch startup parameters :
Display name : Windows Search
Service name : WSearch
Log on as : LocalSystem
Executable path : C:\Windows\system32\SearchIndexer.exe /Embedding
Dependencies : RPCSS/

Wave Authentication Manager Service startup parameters :
Display name : Wave Authentication Manager Service
Service name : Wave Authentication Manager Service
Log on as : LocalSystem
Executable path : C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe

Winmgmt startup parameters :
Display name : Windows Management Instrumentation
Service name : Winmgmt
Log on as : localSystem
Executable path : C:\Windows\system32\svchost.exe -k netsvcs
Dependencies : RPCSS/

clr_optimization_v4.0.30319_32 startup parameters :
Display name : Microsoft .NET Framework NGEN v4.0.30319_X86
Service name : clr_optimization_v4.0.30319_32
Log on as : LocalSystem
Executable path : C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

clr_optimization_v4.0.30319_64 startup parameters :
Display name : Microsoft .NET Framework NGEN v4.0.30319_X64
Service name : clr_optimization_v4.0.30319_64
Log on as : LocalSystem
Executable path : C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

dcpsysmgrsvc startup parameters :
Display name : Dell System Manager Service
Service name : dcpsysmgrsvc
Log on as : LocalSystem
Executable path : "c:\Program Files\Dell\Dell System Manager\DCPSysMgrSvc.exe"
Dependencies : winmgmt/

eventlog startup parameters :
Display name : Windows Event Log
Service name : eventlog
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

gupdate startup parameters :
Display name : Google Update Service (gupdate)
Service name : gupdate
Log on as : LocalSystem
Executable path : "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc
Dependencies : RPCSS/

iphlpsvc startup parameters :
Display name : IP Helper
Service name : iphlpsvc
Log on as : LocalSystem
Executable path : C:\Windows\System32\svchost.exe -k NetSvcs
Dependencies : RpcSS/Tdx/winmgmt/tcpip/nsi/

lmhosts startup parameters :
Display name : TCP/IP NetBIOS Helper
Service name : lmhosts
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted
Dependencies : NetBT/Afd/

nsi startup parameters :
Display name : Network Store Interface Service
Service name : nsi
Log on as : NT Authority\LocalService
Executable path : C:\Windows\system32\svchost.exe -k LocalService
Dependencies : nsiproxy/

seclogon startup parameters :
Display name : Secondary Logon
Service name : seclogon
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k netsvcs

sppsvc startup parameters :
Display name : Software Protection
Service name : sppsvc
Log on as : NT AUTHORITY\NetworkService
Executable path : C:\Windows\system32\sppsvc.exe
Dependencies : RpcSs/

ssPaSetMgr startup parameters :
Display name : Symantec.cloud Scheduler
Service name : ssPaSetMgr
Log on as : LocalSystem
Executable path : "C:\Program Files\Symantec.cloud\PlatformAgent32\ccSvcHst.exe" /s ssPaSetMgr /m "C:\Program Files\Symantec.cloud\PlatformAgent32\ccJobMgr.dll"
Dependencies : SsPaAdm/

ssSpnAv startup parameters :
Display name : Symantec.cloud Endpoint Protection
Service name : ssSpnAv
Log on as : LocalSystem
Executable path : "C:\Program Files\Symantec.cloud\AntiVirus\AVAgent.exe"
Dependencies : ssPaAdm/

stisvc startup parameters :
Display name : Windows Image Acquisition (WIA)
Service name : stisvc
Log on as : NT Authority\LocalService
Executable path : C:\Windows\system32\svchost.exe -k imgsvc
Dependencies : RpcSs/ShellHWDetection/

tcsd_win32.exe startup parameters :
Display name : NTRU TSS v1.2.1.36 TCS
Service name : tcsd_win32.exe
Log on as : NT AUTHORITY\NetworkService
Executable path : "C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe"
Dependencies : TBS/

wlidsvc startup parameters :
Display name : Windows Live ID Sign-in Assistant
Service name : wlidsvc
Log on as : LocalSystem
Executable path : "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
Dependencies : RpcSs/

wscsvc startup parameters :
Display name : Security Center
Service name : wscsvc
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
Dependencies : RpcSs/winmgmt/

wuauserv startup parameters :
Display name : Windows Update
Service name : wuauserv
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k netsvcs
Dependencies : rpcss/

The following services must be started manually :

ALG startup parameters :
Display name : Application Layer Gateway Service
Service name : ALG
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\System32\alg.exe

AdobeFlashPlayerUpdateSvc startup parameters :
Display name : Adobe Flash Player Update Service
Service name : AdobeFlashPlayerUpdateSvc
Log on as : LocalSystem
Executable path : C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

AeLookupSvc startup parameters :
Display name : Application Experience
Service name : AeLookupSvc
Log on as : localSystem
Executable path : C:\Windows\system32\svchost.exe -k netsvcs

AppIDSvc startup parameters :
Display name : Application Identity
Service name : AppIDSvc
Log on as : NT Authority\LocalService
Executable path : C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
Dependencies : RpcSs/AppID/CryptSvc/

AppMgmt startup parameters :
Display name : Application Management
Service name : AppMgmt
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k netsvcs

Appinfo startup parameters :
Display name : Application Information
Service name : Appinfo
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k netsvcs
Dependencies : RpcSs/ProfSvc/

AxInstSV startup parameters :
Display name : ActiveX Installer (AxInstSV)
Service name : AxInstSV
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k AxInstSVGroup
Dependencies : rpcss/

BITS startup parameters :
Display name : Background Intelligent Transfer Service
Service name : BITS
Log on as : LocalSystem
Executable path : C:\Windows\System32\svchost.exe -k netsvcs
Dependencies : RpcSs/EventSystem/

Browser startup parameters :
Display name : Computer Browser
Service name : Browser
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k netsvcs
Dependencies : LanmanWorkstation/LanmanServer/

COMSysApp startup parameters :
Display name : COM+ System Application
Service name : COMSysApp
Log on as : LocalSystem
Executable path : C:\Windows\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
Dependencies : RpcSs/EventSystem/SENS/

EapHost startup parameters :
Display name : Extensible Authentication Protocol
Service name : EapHost
Log on as : localSystem
Executable path : C:\Windows\System32\svchost.exe -k netsvcs
Dependencies : RPCSS/KeyIso/

FDResPub startup parameters :
Display name : Function Discovery Resource Publication
Service name : FDResPub
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
Dependencies : RpcSs/http/

FLEXnet Licensing Service startup parameters :
Display name : FLEXnet Licensing Service
Service name : FLEXnet Licensing Service
Log on as : LocalSystem
Executable path : "C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe"

Fax startup parameters :
Display name : Fax
Service name : Fax
Log on as : NT AUTHORITY\NetworkService
Executable path : C:\Windows\system32\fxssvc.exe
Dependencies : TapiSrv/RpcSs/PlugPlay/Spooler/

FontCache3.0.0.0 startup parameters :
Display name : Windows Presentation Foundation Font Cache 3.0.0.0
Service name : FontCache3.0.0.0
Log on as : NT Authority\LocalService
Executable path : C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

HomeGroupListener startup parameters :
Display name : HomeGroup Listener
Service name : HomeGroupListener
Log on as : LocalSystem
Executable path : C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
Dependencies : LanmanServer/

HomeGroupProvider startup parameters :
Display name : HomeGroup Provider
Service name : HomeGroupProvider
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
Dependencies : netprofm/fdrespub/fdphost/

IEEtwCollectorService startup parameters :
Display name : Internet Explorer ETW Collector Service
Service name : IEEtwCollectorService
Log on as : LocalSystem
Executable path : C:\Windows\system32\IEEtwCollector.exe /V

IPBusEnum startup parameters :
Display name : PnP-X IP Bus Enumerator
Service name : IPBusEnum
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
Dependencies : RpcSs/fdPHost/

KeyIso startup parameters :
Display name : CNG Key Isolation
Service name : KeyIso
Log on as : LocalSystem
Executable path : C:\Windows\system32\lsass.exe
Dependencies : RpcSs/

KtmRm startup parameters :
Display name : KtmRm for Distributed Transaction Coordinator
Service name : KtmRm
Log on as : NT AUTHORITY\NetworkService
Executable path : C:\Windows\System32\svchost.exe -k NetworkServiceAndNoImpersonation
Dependencies : RPCSS/SamSS/

MozillaMaintenance startup parameters :
Display name : Mozilla Maintenance Service
Service name : MozillaMaintenance
Log on as : LocalSystem
Executable path : "C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"

Netman startup parameters :
Display name : Network Connections
Service name : Netman
Log on as : LocalSystem
Executable path : C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
Dependencies : RpcSs/nsi/

PNRPAutoReg startup parameters :
Display name : PNRP Machine Name Publication Service
Service name : PNRPAutoReg
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\System32\svchost.exe -k LocalServicePeerNet
Dependencies : pnrpsvc/

PNRPsvc startup parameters :
Display name : Peer Name Resolution Protocol
Service name : PNRPsvc
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\System32\svchost.exe -k LocalServicePeerNet
Dependencies : p2pimsvc/

PeerDistSvc startup parameters :
Display name : BranchCache
Service name : PeerDistSvc
Log on as : NT AUTHORITY\NetworkService
Executable path : C:\Windows\System32\svchost.exe -k PeerDist
Dependencies : http/

PerfHost startup parameters :
Display name : Performance Counter DLL Host
Service name : PerfHost
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\SysWow64\perfhost.exe
Dependencies : RPCSS/

PolicyAgent startup parameters :
Display name : IPsec Policy Agent
Service name : PolicyAgent
Log on as : NT Authority\NetworkService
Executable path : C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
Dependencies : Tcpip/bfe/

ProtectedStorage startup parameters :
Display name : Protected Storage
Service name : ProtectedStorage
Log on as : LocalSystem
Executable path : C:\Windows\system32\lsass.exe
Dependencies : RpcSs/

QWAVE startup parameters :
Display name : Quality Windows Audio Video Experience
Service name : QWAVE
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
Dependencies : rpcss/psched/QWAVEdrv/LLTDIO/

RasAuto startup parameters :
Display name : Remote Access Auto Connection Manager
Service name : RasAuto
Log on as : localSystem
Executable path : C:\Windows\System32\svchost.exe -k netsvcs
Dependencies : RasMan/TapiSrv/RasAcd/

RasMan startup parameters :
Display name : Remote Access Connection Manager
Service name : RasMan
Log on as : localSystem
Executable path : C:\Windows\System32\svchost.exe -k netsvcs
Dependencies : Tapisrv/SstpSvc/

RemoteRegistry startup parameters :
Display name : Remote Registry
Service name : RemoteRegistry
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\system32\svchost.exe -k regsvc
Dependencies : RPCSS/

RoxMediaDB12OEM startup parameters :
Display name : RoxMediaDB12OEM
Service name : RoxMediaDB12OEM
Log on as : LocalSystem
Executable path : "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe"

RpcLocator startup parameters :
Display name : Remote Procedure Call (RPC) Locator
Service name : RpcLocator
Log on as : NT AUTHORITY\NetworkService
Executable path : C:\Windows\system32\locator.exe

SDRSVC startup parameters :
Display name : Windows Backup
Service name : SDRSVC
Log on as : localSystem
Executable path : C:\Windows\system32\svchost.exe -k SDRSVC
Dependencies : RPCSS/

SNMPTRAP startup parameters :
Display name : SNMP Trap
Service name : SNMPTRAP
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\System32\snmptrap.exe

SSDPSRV startup parameters :
Display name : SSDP Discovery
Service name : SSDPSRV
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
Dependencies : HTTP/

SecureStorageService startup parameters :
Display name : SecureStorageService
Service name : SecureStorageService
Log on as : LocalSystem
Executable path : "C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Secure Storage Manager\SecureStorageService.exe"
Dependencies : RPCSS/

SensrSvc startup parameters :
Display name : Adaptive Brightness
Service name : SensrSvc
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

SessionEnv startup parameters :
Display name : Remote Desktop Configuration
Service name : SessionEnv
Log on as : localSystem
Executable path : C:\Windows\System32\svchost.exe -k netsvcs
Dependencies : RPCSS/LanmanWorkstation/

SstpSvc startup parameters :
Display name : Secure Socket Tunneling Protocol Service
Service name : SstpSvc
Log on as : NT Authority\LocalService
Executable path : C:\Windows\system32\svchost.exe -k LocalService

StorSvc startup parameters :
Display name : Storage Service
Service name : StorSvc
Log on as : LocalSystem
Executable path : C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

THREADORDER startup parameters :
Display name : Thread Ordering Server
Service name : THREADORDER
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\system32\svchost.exe -k LocalService

TabletInputService startup parameters :
Display name : Tablet PC Input Service
Service name : TabletInputService
Log on as : LocalSystem
Executable path : C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
Dependencies : PlugPlay/RpcSs/

TapiSrv startup parameters :
Display name : Telephony
Service name : TapiSrv
Log on as : NT AUTHORITY\NetworkService
Executable path : C:\Windows\System32\svchost.exe -k NetworkService
Dependencies : PlugPlay/RpcSs/

TermService startup parameters :
Display name : Remote Desktop Services
Service name : TermService
Log on as : NT Authority\NetworkService
Executable path : C:\Windows\System32\svchost.exe -k NetworkService
Dependencies : RPCSS/TermDD/

UI0Detect startup parameters :
Display name : Interactive Services Detection
Service name : UI0Detect
Log on as : LocalSystem
Executable path : C:\Windows\system32\UI0Detect.exe

UmRdpService startup parameters :
Display name : Remote Desktop Services UserMode Port Redirector
Service name : UmRdpService
Log on as : localSystem
Executable path : C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
Dependencies : TermService/RDPDR/

VSS startup parameters :
Display name : Volume Shadow Copy
Service name : VSS
Log on as : LocalSystem
Executable path : C:\Windows\system32\vssvc.exe
Dependencies : RPCSS/

VaultSvc startup parameters :
Display name : Credential Manager
Service name : VaultSvc
Log on as : LocalSystem
Executable path : C:\Windows\system32\lsass.exe
Dependencies : rpcss/

W32Time startup parameters :
Display name : Windows Time
Service name : W32Time
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\system32\svchost.exe -k LocalService

WMPNetworkSvc startup parameters :
Display name : Windows Media Player Network Sharing Service
Service name : WMPNetworkSvc
Log on as : NT AUTHORITY\NetworkService
Executable path : "C:\Program Files\Windows Media Player\wmpnetwk.exe"
Dependencies : http/

WPCSvc startup parameters :
Display name : Parental Controls
Service name : WPCSvc
Log on as : NT Authority\LocalService
Executable path : C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted
Dependencies : RpcSs/

WPDBusEnum startup parameters :
Display name : Portable Device Enumerator Service
Service name : WPDBusEnum
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
Dependencies : RpcSs/

WbioSrvc startup parameters :
Display name : Windows Biometric Service
Service name : WbioSrvc
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k WbioSvcGroup
Dependencies : RpcSs/VaultSvc/WUDFSvc/

WcsPlugInService startup parameters :
Display name : Windows Color System
Service name : WcsPlugInService
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\system32\svchost.exe -k wcssvc
Dependencies : RpcSs/

WebClient startup parameters :
Display name : WebClient
Service name : WebClient
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\system32\svchost.exe -k LocalService
Dependencies : MRxDAV/

Wecsvc startup parameters :
Display name : Windows Event Collector
Service name : Wecsvc
Log on as : NT AUTHORITY\NetworkService
Executable path : C:\Windows\system32\svchost.exe -k NetworkService
Dependencies : HTTP/Eventlog/

WerSvc startup parameters :
Display name : Windows Error Reporting Service
Service name : WerSvc
Log on as : localSystem
Executable path : C:\Windows\System32\svchost.exe -k WerSvcGroup

WinDefend startup parameters :
Display name : Windows Defender
Service name : WinDefend
Log on as : LocalSystem
Executable path : C:\Windows\System32\svchost.exe -k secsvcs
Dependencies : RpcSs/

WinHttpAutoProxySvc startup parameters :
Display name : WinHTTP Web Proxy Auto-Discovery Service
Service name : WinHttpAutoProxySvc
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\system32\svchost.exe -k LocalService
Dependencies : Dhcp/

WinRM startup parameters :
Display name : Windows Remote Management (WS-Management)
Service name : WinRM
Log on as : NT AUTHORITY\NetworkService
Executable path : C:\Windows\System32\svchost.exe -k NetworkService
Dependencies : RPCSS/HTTP/

Wlansvc startup parameters :
Display name : WLAN AutoConfig
Service name : Wlansvc
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
Dependencies : nativewifip/RpcSs/Ndisuio/Eaphost/

WwanSvc startup parameters :
Display name : WWAN AutoConfig
Service name : WwanSvc
Log on as : NT Authority\LocalService
Executable path : C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
Dependencies : PlugPlay/RpcSs/NdisUio/NlaSvc/

aspnet_state startup parameters :
Display name : ASP.NET State Service
Service name : aspnet_state
Log on as : NT AUTHORITY\NetworkService
Executable path : C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe

bthserv startup parameters :
Display name : Bluetooth Support Service
Service name : bthserv
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\system32\svchost.exe -k bthsvcs
Dependencies : RpcSs/

clr_optimization_v2.0.50727_32 startup parameters :
Display name : Microsoft .NET Framework NGEN v2.0.50727_X86
Service name : clr_optimization_v2.0.50727_32
Log on as : LocalSystem
Executable path : C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

clr_optimization_v2.0.50727_64 startup parameters :
Display name : Microsoft .NET Framework NGEN v2.0.50727_X64
Service name : clr_optimization_v2.0.50727_64
Log on as : LocalSystem
Executable path : C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

defragsvc startup parameters :
Display name : Disk Defragmenter
Service name : defragsvc
Log on as : localSystem
Executable path : C:\Windows\system32\svchost.exe -k defragsvc
Dependencies : RPCSS/

dot3svc startup parameters :
Display name : Wired AutoConfig
Service name : dot3svc
Log on as : localSystem
Executable path : C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
Dependencies : RpcSs/Ndisuio/Eaphost/

ehRecvr startup parameters :
Display name : Windows Media Center Receiver Service
Service name : ehRecvr
Log on as : NT AUTHORITY\networkService
Executable path : C:\Windows\ehome\ehRecvr.exe
Dependencies : RPCSS/

ehSched startup parameters :
Display name : Windows Media Center Scheduler Service
Service name : ehSched
Log on as : NT AUTHORITY\networkService
Executable path : C:\Windows\ehome\ehsched.exe
Dependencies : RPCSS/

fdPHost startup parameters :
Display name : Function Discovery Provider Host
Service name : fdPHost
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\system32\svchost.exe -k LocalService
Dependencies : RpcSs/http/

gupdatem startup parameters :
Display name : Google Update Service (gupdatem)
Service name : gupdatem
Log on as : LocalSystem
Executable path : "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc
Dependencies : RPCSS/

gusvc startup parameters :
Display name : Google Software Updater
Service name : gusvc
Log on as : LocalSystem
Executable path : "C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe"
Dependencies : RPCSS/

hidserv startup parameters :
Display name : Human Interface Device Access
Service name : hidserv
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted

hkmsvc startup parameters :
Display name : Health Key and Certificate Management
Service name : hkmsvc
Log on as : localSystem
Executable path : C:\Windows\System32\svchost.exe -k netsvcs
Dependencies : RpcSs/

lltdsvc startup parameters :
Display name : Link-Layer Topology Discovery Mapper
Service name : lltdsvc
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\System32\svchost.exe -k LocalService
Dependencies : rpcss/lltdio/

msiserver startup parameters :
Display name : Windows Installer
Service name : msiserver
Log on as : LocalSystem
Executable path : C:\Windows\system32\msiexec.exe /V
Dependencies : rpcss/

napagent startup parameters :
Display name : Network Access Protection Agent
Service name : napagent
Log on as : NT AUTHORITY\NetworkService
Executable path : C:\Windows\System32\svchost.exe -k NetworkService
Dependencies : RpcSs/

netprofm startup parameters :
Display name : Network List Service
Service name : netprofm
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\System32\svchost.exe -k LocalService
Dependencies : RpcSs/nlasvc/

ose startup parameters :
Display name : Office Source Engine
Service name : ose
Log on as : LocalSystem
Executable path : "C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE"

osppsvc startup parameters :
Display name : Office Software Protection Platform
Service name : osppsvc
Log on as : NT AUTHORITY\NetworkService
Executable path : "C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE"
Dependencies : RpcSs/

p2pimsvc startup parameters :
Display name : Peer Networking Identity Manager
Service name : p2pimsvc
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\System32\svchost.exe -k LocalServicePeerNet

p2psvc startup parameters :
Display name : Peer Networking Grouping
Service name : p2psvc
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\System32\svchost.exe -k LocalServicePeerNet
Dependencies : p2pimsvc/PNRPSvc/

pla startup parameters :
Display name : Performance Logs & Alerts
Service name : pla
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
Dependencies : RPCSS/

sppuinotify startup parameters :
Display name : SPP Notification Service
Service name : sppuinotify
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\system32\svchost.exe -k LocalService
Dependencies : EventSystem/

stllssvr startup parameters :
Display name : stllssvr
Service name : stllssvr
Log on as : LocalSystem
Executable path : "C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe"

swprv startup parameters :
Display name : Microsoft Software Shadow Copy Provider
Service name : swprv
Log on as : LocalSystem
Executable path : C:\Windows\System32\svchost.exe -k swprv
Dependencies : RPCSS/

upnphost startup parameters :
Display name : UPnP Device Host
Service name : upnphost
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
Dependencies : SSDPSRV/HTTP/

vds startup parameters :
Display name : Virtual Disk
Service name : vds
Log on as : LocalSystem
Executable path : C:\Windows\System32\vds.exe
Dependencies : RpcSs/PlugPlay/

wbengine startup parameters :
Display name : Block Level Backup Engine Service
Service name : wbengine
Log on as : localSystem
Executable path : "C:\Windows\system32\wbengine.exe"

wcncsvc startup parameters :
Display name : Windows Connect Now - Config Registrar
Service name : wcncsvc
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation
Dependencies : rpcss/

wercplsupport startup parameters :
Display name : Problem Reports and Solutions Control Panel Support
Service name : wercplsupport
Log on as : localSystem
Executable path : C:\Windows\System32\svchost.exe -k netsvcs

wmiApSrv startup parameters :
Display name : WMI Performance Adapter
Service name : wmiApSrv
Log on as : localSystem
Executable path : C:\Windows\system32\wbem\WmiApSrv.exe

wudfsvc startup parameters :
Display name : Windows Driver Foundation - User-mode Driver Framework
Service name : wudfsvc
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
Dependencies : PlugPlay/WudfPf/

The following services are disabled :

Mcx2Svc startup parameters :
Display name : Media Center Extender Service
Service name : Mcx2Svc
Log on as : NT Authority\LocalService
Executable path : C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
Dependencies : SSDPSRV/IPBusEnum/TermService/fdphost/

NetMsmqActivator startup parameters :
Display name : Net.Msmq Listener Adapter
Service name : NetMsmqActivator
Log on as : NT AUTHORITY\NetworkService
Executable path : "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe" -NetMsmqActivator
Dependencies : was/msmq/

NetPipeActivator startup parameters :
Display name : Net.Pipe Listener Adapter
Service name : NetPipeActivator
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
Dependencies : was/

NetTcpActivator startup parameters :
Display name : Net.Tcp Listener Adapter
Service name : NetTcpActivator
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
Dependencies : was/NetTcpPortSharing/

NetTcpPortSharing startup parameters :
Display name : Net.Tcp Port Sharing Service
Service name : NetTcpPortSharing
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

RemoteAccess startup parameters :
Display name : Routing and Remote Access
Service name : RemoteAccess
Log on as : localSystem
Executable path : C:\Windows\System32\svchost.exe -k netsvcs
Dependencies : RpcSS/Bfe/RasMan/Http/+NetBIOSGroup/

SQLAgent$VEEAMSQL2012 startup parameters :
Display name : SQL Server Agent (VEEAMSQL2012)
Service name : SQLAgent$VEEAMSQL2012
Log on as : NT AUTHORITY\NETWORKSERVICE
Executable path : "c:\Program Files\Microsoft SQL Server\MSSQL11.VEEAMSQL2012\MSSQL\Binn\SQLAGENT.EXE" -i VEEAMSQL2012
Dependencies : MSSQL$VEEAMSQL2012/

wlcrasvc startup parameters :
Display name : Windows Live Mesh remote connections service
Service name : wlcrasvc
Log on as : LocalSystem
Executable path : "C:\Program Files\Windows Live\Mesh\wlcrasvc.exe"
45555 (2) - Alert Standard Format / Remote Management and Control Protocol Detection
Synopsis
A remote management service is running on the remote host.
Description
The remote host is an Alert Standard Format (ASF) aware device that can be controlled remotely using Remote Management and Control Protocol (RMCP).

ASF is a DMTF standard that provides a remote control and alerting interface between management consoles and ASF-aware hosts.

RMCP is a network protocol used by a management console to remotely control an ASF-aware host. RMCP Security-Extensions Protocol (RSP), a security-enhanced version of RMCP, provides authentication and integrity when sending RMCP messages.
See Also
Solution
Disable this service if you do not use it, or filter incoming traffic to this port.
Risk Factor
None
Plugin Information:
Published: 2010/04/16, Modified: 2018/04/18
Plugin Output

10.0.0.43 (udp/623)


RMCP security extensions are NOT supported.

10.0.0.45 (udp/623)


RMCP security extensions are NOT supported.
48337 (2) - Windows ComputerSystemProduct Enumeration (WMI)
Synopsis
It is possible to obtain product information from the remote host using WMI.
Description
By querying the WMI class 'Win32_ComputerSystemProduct', it is possible to extract product information about the computer system such as UUID, IdentifyingNumber, vendor, etc.
See Also
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2010/08/16, Modified: 2018/04/18
Plugin Output

10.0.0.14 (tcp/0)


+ Computer System Product
- IdentifyingNumber : VMware-42 17 d0 a4 58 fa 73 33-da 1f 41 53 f1 ce fc 14
- Description : Computer System Product
- Vendor : VMware, Inc.
- Name : VMware Virtual Platform
- UUID : A4D01742-FA58-3373-DA1F-4153F1CEFC14
- Version : None

10.0.0.64 (tcp/0)


+ Computer System Product
- IdentifyingNumber : GXK9JS1
- Description : Computer System Product
- Vendor : Dell Inc.
- Name : Precision WorkStation T3500
- UUID : 4C4C4544-0058-4B10-8039-C7C04F4A5331
48942 (2) - Microsoft Windows SMB Registry : OS Version and Processor Architecture
Synopsis
It was possible to determine the processor architecture, build lab strings, and Windows OS version installed on the remote system.
Description
Nessus was able to determine the processor architecture, build lab strings, and the Windows OS version installed on the remote system by connecting to the remote registry with the supplied credentials.
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2010/08/31, Modified: 2018/03/09
Plugin Output

10.0.0.14 (tcp/445)

Operating system version = 6.0.6002
Architecture = x86
Build lab extended = 6002.24282.x86fre.vistasp2_ldr.180112-0600

10.0.0.64 (tcp/445)

Operating system version = 6.1.7601
Architecture = x64
Build lab extended = 7601.23864.amd64fre.win7sp1_ldr.170707-0600
50346 (2) - Microsoft Update Installed
Synopsis
A software updating service is installed.
Description
Microsoft Update, an expanded version of Windows Update, is installed on the remote Windows host. This service provides updates for the operating system and Internet Explorer as well as other Windows software such as Microsoft Office, Exchange, and SQL Server.
See Also
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2010/10/26, Modified: 2015/01/12
Plugin Output

10.0.0.14 (tcp/445)

10.0.0.64 (tcp/445)

51351 (2) - Microsoft .NET Framework Detection
Synopsis
A software framework is installed on the remote host.
Description
Microsoft .NET Framework, a software framework for Microsoft Windows operating systems, is installed on the remote host.
See Also
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2010/12/20, Modified: 2017/12/11
Plugin Output

10.0.0.14 (tcp/445)


The remote host has the following version(s) of Microsoft .NET Framework
installed :

+ Version : 1.1.4322
- SP : 1

+ Version : 2.0.50727
- Full Version : 2.0.50727.4016
- SP : 2

+ Version : 3.0
- Full Version : 3.0.30729.4037
- SP : 2

+ Version : 3.5
- Full Version : 3.5.30729.01
- SP : 1
- Path : C:\WINDOWS\Microsoft.NET\Framework\v3.5\

+ Version : 4.6.1
- Install Type : Full
- Full Version : 4.6.01055
- Path : C:\Windows\Microsoft.NET\Framework\v4.0.30319\

+ Version : 4.6.1
- Install Type : Client
- Full Version : 4.6.01055
- Path : C:\Windows\Microsoft.NET\Framework\v4.0.30319\

10.0.0.64 (tcp/445)


The remote host has the following version(s) of Microsoft .NET Framework
installed :

+ Version : 2.0.50727
- Full Version : 2.0.50727.5420
- SP : 2

+ Version : 3.0
- Full Version : 3.0.30729.5420
- SP : 2

+ Version : 3.5
- Full Version : 3.5.30729.5420
- SP : 1
- Path : C:\Windows\Microsoft.NET\Framework64\v3.5\

+ Version : 4.7
- Install Type : Full
- Full Version : 4.7.02053
- Path : C:\Windows\Microsoft.NET\Framework64\v4.0.30319\

+ Version : 4.7
- Install Type : Client
- Full Version : 4.7.02053
- Path : C:\Windows\Microsoft.NET\Framework64\v4.0.30319\
52703 (2) - vsftpd Detection
Synopsis
An FTP server is listening on the remote port.
Description
The remote host is running vsftpd, an FTP server for UNIX-like systems written in C.
See Also
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2011/03/17, Modified: 2013/03/21
Plugin Output

10.0.0.110 (tcp/21)


Source : 220 (vsFTPd 2.0.5)
Version : 2.0.5

10.0.0.169 (tcp/21)


Source : 220 (vsFTPd 2.0.5)
Version : 2.0.5
53335 (2) - RPC portmapper (TCP)
Synopsis
An ONC RPC portmapper is running on the remote host.
Description
The RPC portmapper is running on this port.

The portmapper allows someone to get the port number of each RPC service running on the remote host by sending either multiple lookup requests or a DUMP request.
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2011/04/08, Modified: 2011/08/29
Plugin Output

10.0.0.64 (tcp/111)

10.0.0.148 (tcp/111)

55472 (2) - Device Hostname
Synopsis
It was possible to determine the remote system hostname.
Description
This plugin reports a device's hostname collected via SSH or WMI.
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2011/06/30, Modified: 2018/04/18
Plugin Output

10.0.0.14 (tcp/0)


Hostname : QUEEN
QUEEN (WMI)

10.0.0.64 (tcp/0)


Hostname : SF-GXK9JS1
SF-GXK9JS1 (WMI)
56310 (2) - Firewall Rule Enumeration
Synopsis
A firewall is configured on the remote host.
Description
Using the supplied credentials, Nessus was able to get a list of firewall rules from the remote host.
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2011/09/28, Modified: 2015/06/02
Plugin Output

10.0.0.14 (tcp/0)

report output too big - ending list here

56468 (2) - Time of Last System Startup
Synopsis
The system has been started.
Description
Using the supplied credentials, Nessus was able to determine when the host was last started.
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2011/10/12, Modified: 2015/08/21
Plugin Output

10.0.0.14 (tcp/0)


20180315165234.375199-420

10.0.0.64 (tcp/0)


20180118165910.860398-480
56954 (2) - Microsoft Revoked Digital Certificates Enumeration
Synopsis
The remote Windows host a list of revoked digital certificates.
Description
The remote Windows host contains a list of digital certificates that have been revoked by Microsoft.
See Also
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2011/11/28, Modified: 2015/01/12
Plugin Output

10.0.0.14 (tcp/445)


The following certificates are listed in the disallowed certificate registry :

08738A96A4853A52ACEF23F782E8E1FEA7BCED02
08E4987249BC450748A4A78133CBF041A3510033
09271DD621EBD3910C2EA1D059F99B8181405A17
09FF2CC86CEEFA8A8BB3F2E3E84D6DA3FABBF63E
1916A2AF346D399F50313C393200F14140456616
23EF3384E21F70F034C467D4CBA6EB61429F174E
2A83E9020591A55FC6DDAD3FB102794C52B24E70
2B84BFBB34EE2EF949FE1CBE30AA026416EB2216
305F8BD17AA2CBC483A4C41B19A39A0C75DA39D6
330D8D3FD325A0E5FDDDA27013A2E75E7130165F
367D4B3B4FCBBC0B767B2EC0CDB2A36EAB71A4EB
374D5B925B0BD83494E656EB8087127275DB83CE
3A26012171855D4020C973BEC3F4F9DA45BD2B83
3A850044D8A195CD401A680C012CB0A3B5F8DC08
40AA38731BD189F9CDB5B9DC35E2136F38777AF4
43D9BCB568E039D073A74A71D8511F7476089CC3
471C949A8143DB5AD5CDF1C972864A2504FA23C9
4822824ECE7ED1450C039AA077DC1F8AE3489BBF
4D8547B7F864132A7F62D9B75B068521F10B68E3
4DF13947493CFF69CDE554881C5F114E97C3D03B
4ED8AA06D1BC72CA64C47B1DFE05ACC8D51FC76F
51C3247D60F356C7CA3BAF4C3F429DAC93EE7B74
587B59FB52D8A683CBE1CA00E6393D7BB923BC92
5CE339465F41A1E423149F65544095404DE6EBE2
5D5185DF1EB7DC76015422EC8138A5724BEE2886
5DE83EE82AC5090AEA9D6AC4E7A6E213F946E179
61793FCBFA4F9008309BBA5FF12D2CB29CD4151A
637162CC59A3A1E25956FA5FA8F60D2E1C52EAC6
63FEAE960BAA91E343CE2BD8B71798C76BDB77D0
6431723036FD26DEA502792FA595922493030F97
6690C02B922CBD3FF0D0A5994DBD336592887E3F
7613BF0BA261006CAC3ED2DDBEF343425357F18B
7D7F4414CCEF168ADF6BF40753B5BECD78375931
80962AE4D6C5B442894E95A13E4A699E07D694CF
838FFD509DE868F481C29819992E38A4F7082873
86E817C81A5CA672FE000F36F878C19518D6F844
8977E8569D2A633AF01D0394851681CE122683A6
8E5BD50D6AE686D65252F843A9D4B96D197730AB
9845A431D51959CAF225322B4A4FE9F223CE6D15
A1505D9843C826DD67ED4EA5209804BDBB0DF502
A221D360309B5C3C4097C44CC779ACC5A9845B66
A35A8C727E88BCCA40A3F9679CE8CA00C26789FD
A7B5531DDC87129E2C3BB14767953D6745FB14A6
A81706D31E6F5C791CD9D3B1B9C63464954BA4F5
B533345D06F64516403C00DA03187D3BFEF59156
B86E791620F759F17B8D25E38CA8BE32E7D5EAC2
BED412B1334D7DFCEBA3015E5F9F905D571C45CF
C060ED44CBD881BD0EF86C0BA287DDCF8167478C
C6796490CDEEAAB31AED798752ECD003E6866CB2
C69F28C825139E65A646C434ACA5A1D200295DB1
CEA586B2CE593EC7D939898337C57814708AB2BE
D018B62DC518907247DF50925BB09ACF4A5CB3AD
D0BB3E3DFBFB86C0EEE2A047E328609E6E1F185E
D2DBF71823B2B8E78F5958096150BFCB97CC388A
D43153C8C25F0041287987250F1E3CABAC8C2177
D8CE8D07F9F19D2569C2FB854401BC99C1EB7C3B
E1F3591E769865C4E447ACC37EAFC9E2BFE4C576
E38A2B7663B86796436D8DF5898D9FAA6835B238
E95DD86F32C771F0341743EBD75EC33C74A3DED9
E9809E023B4512AA4D4D53F40569C313C1D0294D
F5A874F3987EB0A9961A564B669A9050F770308A
F8A54E03AADC5692B850496A4C4630FFEAA29D83
F92BE5266CC05DB2DC0DC3F2DC74E02DEFD949CB
FA6660A94AB45F6A88C0D7874D89A863D74DEE97

10.0.0.64 (tcp/445)


The following certificates are listed in the disallowed certificate registry :

1916A2AF346D399F50313C393200F14140456616
2A83E9020591A55FC6DDAD3FB102794C52B24E70
2B84BFBB34EE2EF949FE1CBE30AA026416EB2216
305F8BD17AA2CBC483A4C41B19A39A0C75DA39D6
367D4B3B4FCBBC0B767B2EC0CDB2A36EAB71A4EB
3A850044D8A195CD401A680C012CB0A3B5F8DC08
40AA38731BD189F9CDB5B9DC35E2136F38777AF4
43D9BCB568E039D073A74A71D8511F7476089CC3
471C949A8143DB5AD5CDF1C972864A2504FA23C9
51C3247D60F356C7CA3BAF4C3F429DAC93EE7B74
5DE83EE82AC5090AEA9D6AC4E7A6E213F946E179
61793FCBFA4F9008309BBA5FF12D2CB29CD4151A
637162CC59A3A1E25956FA5FA8F60D2E1C52EAC6
63FEAE960BAA91E343CE2BD8B71798C76BDB77D0
6431723036FD26DEA502792FA595922493030F97
7D7F4414CCEF168ADF6BF40753B5BECD78375931
80962AE4D6C5B442894E95A13E4A699E07D694CF
86E817C81A5CA672FE000F36F878C19518D6F844
8E5BD50D6AE686D65252F843A9D4B96D197730AB
9845A431D51959CAF225322B4A4FE9F223CE6D15
B533345D06F64516403C00DA03187D3BFEF59156
B86E791620F759F17B8D25E38CA8BE32E7D5EAC2
C060ED44CBD881BD0EF86C0BA287DDCF8167478C
CEA586B2CE593EC7D939898337C57814708AB2BE
D018B62DC518907247DF50925BB09ACF4A5CB3AD
F8A54E03AADC5692B850496A4C4630FFEAA29D83
FA6660A94AB45F6A88C0D7874D89A863D74DEE97
57033 (2) - Microsoft Patch Bulletin Feasibility Check
Synopsis
Nessus is able to check for Microsoft patch bulletins.
Description
Using credentials supplied in the scan policy, Nessus is able to collect information about the software and patches installed on the remote Windows host and will use that information to check for missing Microsoft security updates.

Note that this plugin is purely informational.
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2011/12/06, Modified: 2016/02/12
Plugin Output

10.0.0.14 (tcp/445)



Nessus is able to test for missing patches using :
Nessus

10.0.0.64 (tcp/445)



Nessus is able to test for missing patches using :
Nessus
57396 (2) - VMware vSphere Detect
Synopsis
A VMware vSphere server is running on the remote host.
Description
VMware vSphere, an enterprise server virtualization platform, is running on the remote host.
See Also
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2011/12/23, Modified: 2018/04/18
Plugin Output

10.0.0.44 (tcp/443)


Version : VMware ESXi 5.5.0 build-2068190
API Version : 5.5
Uses HTTPS : yes

10.0.0.46 (tcp/443)


Version : VMware ESXi 5.5.0 build-2068190
API Version : 5.5
Uses HTTPS : yes
58181 (2) - Windows DNS Server Enumeration
Synopsis
Nessus enumerated the DNS servers being used by the remote Windows host.
Description
Nessus was able to enumerate the DNS servers configured on the remote Windows host by looking in the registry.
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2012/03/01, Modified: 2015/03/17
Plugin Output

10.0.0.14 (tcp/445)


Nessus enumerated DNS servers for the following interfaces :

Interface: {BCC97FA9-3ED8-4092-9A93-7597E87467A6}
Network Connection : Local Area Connection
NameServer: 10.0.0.25,10.0.0.27

10.0.0.64 (tcp/445)


Nessus enumerated DNS servers for the following interfaces :

Interface: {38181827-97DD-4B33-A003-1E5E95772298}
Network Connection : Local Area Connection
NameServer: 10.0.0.25,10.0.0.27
58452 (2) - Microsoft Windows Startup Software Enumeration
Synopsis
It is possible to enumerate startup software.
Description
This plugin lists software that is configured to run on system startup by crawling the registry entries in :

- HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
- HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersi on\Run
Solution
Review the list of applications and remove any that are not compliant with your organization's acceptable use and security policies.
Risk Factor
None
Plugin Information:
Published: 2012/03/23, Modified: 2015/01/12
Plugin Output

10.0.0.14 (tcp/445)


The following startup item was found :

Malwarebytes Anti-Malware - C:\Program Files\Malwarebytes Anti-Malware\BusinessMessaging.exe
SunJavaUpdateSched - C:\Program Files\Common Files\Java\Java Update\jusched.exe
VMware User Process - C:\Program Files\VMware\VMware Tools\vmtoolsd.exe

10.0.0.64 (tcp/445)


The following startup item was found :

0 -
ATIModeChange - Ati2mdxx.exe
IAStorIcon - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
SoundMAXPnP - C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
SunJavaUpdateSched - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
SymantecPaui - C:\Program Files\Symantec.cloud\PlatformAgent\PAUI.exe
TdmNotify - C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe
58651 (2) - Netstat Active Connections
Synopsis
Active connections are enumerated via the 'netstat' command.
Description
This plugin runs 'netstat' on the remote machine to enumerate all active 'ESTABLISHED' or 'LISTENING' tcp/udp connections.
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2012/04/10, Modified: 2015/06/02
Plugin Output

10.0.0.14 (tcp/0)


Netstat output :

Active Connections

Proto Local Address Foreign Address State PID
TCP 0.0.0.0:21 0.0.0.0:0 LISTENING 1608
TCP 0.0.0.0:80 0.0.0.0:0 LISTENING 4
TCP 0.0.0.0:135 0.0.0.0:0 LISTENING 888
TCP 0.0.0.0:445 0.0.0.0:0 LISTENING 4
TCP 0.0.0.0:3389 0.0.0.0:0 LISTENING 1240
TCP 0.0.0.0:6002 0.0.0.0:0 LISTENING 1896
TCP 0.0.0.0:7001 0.0.0.0:0 LISTENING 1788
TCP 0.0.0.0:7002 0.0.0.0:0 LISTENING 1788
TCP 0.0.0.0:47001 0.0.0.0:0 LISTENING 4
TCP 0.0.0.0:49152 0.0.0.0:0 LISTENING 576
TCP 0.0.0.0:49153 0.0.0.0:0 LISTENING 964
TCP 0.0.0.0:49154 0.0.0.0:0 LISTENING 1040
TCP 0.0.0.0:50791 0.0.0.0:0 LISTENING 820
TCP 0.0.0.0:57695 0.0.0.0:0 LISTENING 668
TCP 0.0.0.0:57696 0.0.0.0:0 LISTENING 1748
TCP 0.0.0.0:57715 0.0.0.0:0 LISTENING 1608
TCP 0.0.0.0:57716 0.0.0.0:0 LISTENING 656
TCP 10.0.0.14:135 172.23.6.11:56243 ESTABLISHED 888
TCP 10.0.0.14:139 0.0.0.0:0 LISTENING 4
TCP 10.0.0.14:445 172.23.6.11:56237 ESTABLISHED 4
TCP 10.0.0.14:49154 172.23.6.11:56247 ESTABLISHED 1040
TCP 10.0.0.14:55056 184.29.158.247:443 ESTABLISHED 4060
TCP 10.0.0.14:55063 184.24.97.216:80 ESTABLISHED 4060
TCP 10.0.0.14:55290 172.230.199.153:443 ESTABLISHED 3956
TCP 10.0.0.14:56155 10.0.0.25:135 ESTABLISHED 668
TCP 10.0.0.14:56156 10.0.0.25:49159 ESTABLISHED 668
TCP [::]:80 [::]:0 LISTENING 4
TCP [::]:135 [::]:0 LISTENING 888
TCP [::]:445 [::]:0 LISTENING 4
TCP [::]:3389 [::]:0 LISTENING 1240
TCP [::]:47001 [::]:0 LISTENING 4
TCP [::]:49152 [::]:0 LISTENING 576
TCP [::]:49153 [::]:0 LISTENING 964
TCP [::]:49154 [::]:0 LISTENING 1040
TCP [::]:57695 [::]:0 LISTENING 668
TCP [::]:57696 [::]:0 LISTENING 1748
TCP [::]:57715 [::]:0 LISTENING 1608
TCP [::]:57716 [::]:0 LISTENING 656
UDP 0.0.0.0:37 *:* 820
UDP 0.0.0.0:123 *:* 1132
UDP 0.0.0.0:161 *:* 1952
UDP 0.0.0.0:500 *:* 1040
UDP 0.0.0.0:3456 *:* 1608
UDP 0.0.0.0:4500 *:* 1040
UDP 0.0.0.0:5355 *:* 1240
UDP 0.0.0.0:7001 *:* 1788
UDP 0.0.0.0:50791 *:* 820
UDP 0.0.0.0:50800 *:* 3364
UDP 0.0.0.0:57911 *:* 820
UDP 0.0.0.0:60727 *:* 3364
UDP 10.0.0.14:137 *:* 4
UDP 10.0.0.14:138 *:* 4
UDP 10.0.0.14:6001 *:* 1896
UDP 127.0.0.1:3456 *:* 1608
UDP 127.0.0.1:6001 *:* 1896
UDP 127.0.0.1:52464 *:* 1240
UDP 127.0.0.1:54406 *:* 668
UDP 127.0.0.1:55049 *:* 3308
UDP 127.0.0.1:57912 *:* 3340
UDP 127.0.0.1:58195 *:* 1004
UDP 127.0.0.1:60728 *:* 2988
UDP 127.0.0.1:64238 *:* 1132
UDP 127.0.0.1:64240 *:* 1240
UDP 127.0.0.1:65334 *:* 3876
UDP [::]:123 *:* 1132
UDP [::]:161 *:* 1952
UDP [::]:500 *:* 1040
UDP [::]:5355 *:* 1240
UDP [fe80::a54d:c849:f133:6cb7%10]:546 *:* 964

10.0.0.64 (tcp/0)


Netstat output :

Active Connections

Proto Local Address Foreign Address State PID
TCP 0.0.0.0:111 0.0.0.0:0 LISTENING 4364
TCP 0.0.0.0:135 0.0.0.0:0 LISTENING 868
TCP 0.0.0.0:445 0.0.0.0:0 LISTENING 4
TCP 0.0.0.0:1063 0.0.0.0:0 LISTENING 4364
TCP 0.0.0.0:2049 0.0.0.0:0 LISTENING 4364
TCP 0.0.0.0:3306 0.0.0.0:0 LISTENING 740
TCP 0.0.0.0:3389 0.0.0.0:0 LISTENING 1260
TCP 0.0.0.0:4502 0.0.0.0:0 LISTENING 1248
TCP 0.0.0.0:6160 0.0.0.0:0 LISTENING 4480
TCP 0.0.0.0:6161 0.0.0.0:0 LISTENING 4364
TCP 0.0.0.0:6162 0.0.0.0:0 LISTENING 3380
TCP 0.0.0.0:6169 0.0.0.0:0 LISTENING 5376
TCP 0.0.0.0:9392 0.0.0.0:0 LISTENING 3452
TCP 0.0.0.0:9393 0.0.0.0:0 LISTENING 5552
TCP 0.0.0.0:10001 0.0.0.0:0 LISTENING 3452
TCP 0.0.0.0:10003 0.0.0.0:0 LISTENING 5376
TCP 0.0.0.0:49152 0.0.0.0:0 LISTENING 556
TCP 0.0.0.0:49153 0.0.0.0:0 LISTENING 1012
TCP 0.0.0.0:49154 0.0.0.0:0 LISTENING 536
TCP 0.0.0.0:49155 0.0.0.0:0 LISTENING 672
TCP 0.0.0.0:49184 0.0.0.0:0 LISTENING 1248
TCP 0.0.0.0:49231 0.0.0.0:0 LISTENING 664
TCP 0.0.0.0:49234 0.0.0.0:0 LISTENING 5520
TCP 0.0.0.0:49570 0.0.0.0:0 LISTENING 1972
TCP 10.0.0.64:135 172.23.6.11:51015 ESTABLISHED 868
TCP 10.0.0.64:139 0.0.0.0:0 LISTENING 4
TCP 10.0.0.64:445 172.23.6.11:51014 ESTABLISHED 4
TCP 10.0.0.64:49154 172.23.6.11:51017 ESTABLISHED 536
TCP 10.0.0.64:51572 13.91.60.30:80 ESTABLISHED 572
TCP 10.0.0.64:51662 10.0.0.27:135 ESTABLISHED 672
TCP 10.0.0.64:51663 10.0.0.27:49159 ESTABLISHED 672
TCP 10.0.0.64:57427 54.192.7.146:443 CLOSE_WAIT 3272
TCP 10.0.0.64:57582 143.127.136.95:443 ESTABLISHED 2404
TCP 127.0.0.1:4502 127.0.0.1:49224 ESTABLISHED 1248
TCP 127.0.0.1:49224 127.0.0.1:4502 ESTABLISHED 4148
TCP [::]:135 [::]:0 LISTENING 868
TCP [::]:445 [::]:0 LISTENING 4
TCP [::]:3306 [::]:0 LISTENING 740
TCP [::]:3389 [::]:0 LISTENING 1260
TCP [::]:6160 [::]:0 LISTENING 4480
TCP [::]:6161 [::]:0 LISTENING 4364
TCP [::]:6162 [::]:0 LISTENING 3380
TCP [::]:49152 [::]:0 LISTENING 556
TCP [::]:49153 [::]:0 LISTENING 1012
TCP [::]:49154 [::]:0 LISTENING 536
TCP [::]:49155 [::]:0 LISTENING 672
TCP [::]:49231 [::]:0 LISTENING 664
TCP [::]:49234 [::]:0 LISTENING 5520
TCP [::]:49570 [::]:0 LISTENING 1972
UDP 0.0.0.0:111 *:* 4364
UDP 0.0.0.0:123 *:* 472
UDP 0.0.0.0:500 *:* 536
UDP 0.0.0.0:1063 *:* 4364
UDP 0.0.0.0:1434 *:* 2304
UDP 0.0.0.0:2049 *:* 4364
UDP 0.0.0.0:4500 *:* 536
UDP 0.0.0.0:5355 *:* 1260
UDP 0.0.0.0:50800 *:* 1828
UDP 0.0.0.0:54030 *:* 1828
UDP 0.0.0.0:54672 *:* 1528
UDP 10.0.0.64:137 *:* 4
UDP 10.0.0.64:138 *:* 4
UDP 10.0.0.64:1900 *:* 6552
UDP 10.0.0.64:54031 *:* 1248
UDP 10.0.0.64:56798 *:* 6552
UDP 127.0.0.1:1900 *:* 6552
UDP 127.0.0.1:54932 *:* 672
UDP 127.0.0.1:56799 *:* 6552
UDP 127.0.0.1:57811 *:* 1260
UDP 127.0.0.1:61166 *:* 1092
UDP [::]:123 *:* 472
UDP [::]:500 *:* 536
UDP [::]:1434 *:* 2304
UDP [::]:4500 *:* 536
UDP [::]:5355 *:* 1260
UDP [::1]:1900 *:* 6552
UDP [::1]:56797 *:* 6552
UDP [fe80::74c9:6af4:1882:8b05%11]:1900 *:* 6552
UDP [fe80::74c9:6af4:1882:8b05%11]:56796 *:* 6552
62042 (2) - SMB QuickFixEngineering (QFE) Enumeration
Synopsis
The remote host has quick-fix engineering updates installed.
Description
By connecting to the host with the supplied credentials, this plugin enumerates quick-fix engineering updates installed on the remote host via the registry.
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2012/09/11, Modified: 2013/03/28
Plugin Output

10.0.0.14 (tcp/0)


Here is a list of quick-fix engineering updates installed on the
remote system :

KB2079403, Installed on: 2015/10/08
KB2117917
KB2124261, Installed on: 2015/10/08
KB2207566, Installed on: 2015/10/08
KB2296011, Installed on: 2015/10/08
KB2305420, Installed on: 2015/10/09
KB2345886, Installed on: 2015/10/09
KB2347290, Installed on: 2015/10/08
KB2387149, Installed on: 2015/10/08
KB2393802, Installed on: 2015/10/08
KB2412687, Installed on: 2015/10/08
KB2416469, Installed on: 2015/10/08
KB2416474, Installed on: 2015/10/08
KB2419640, Installed on: 2015/10/09
KB2423089, Installed on: 2015/10/08
KB2442962, Installed on: 2015/10/08
KB2443685, Installed on: 2015/10/08
KB2447568, Installed on: 2015/10/08
KB2476490, Installed on: 2015/10/08
KB2478657, Installed on: 2015/10/08
KB2478659, Installed on: 2015/10/08
KB2481109, Installed on: 2015/10/08
KB2482017, Installed on: 2015/10/08
KB2483185, Installed on: 2015/10/08
KB2492386, Installed on: 2015/10/08
KB2503665, Installed on: 2015/10/08
KB2505189
KB2506212, Installed on: 2015/10/08
KB2507618, Installed on: 2015/10/08
KB2507938, Installed on: 2015/10/08
KB2508272, Installed on: 2015/10/08
KB2508429, Installed on: 2015/10/08
KB2509553, Installed on: 2015/10/08
KB2510531, Installed on: 2015/10/08
KB2510581, Installed on: 2015/10/08
KB2511455, Installed on: 2015/10/08
KB2518295, Installed on: 2015/10/09
KB2518863, Installed on: 2015/10/08
KB2518865, Installed on: 2015/10/08
KB2522422, Installed on: 2015/10/09
KB2524375, Installed on: 2015/10/08
KB2533623, Installed on: 2015/10/08
KB2535512, Installed on: 2015/10/08
KB2536275, Installed on: 2015/10/08
KB2536276, Installed on: 2015/10/08
KB2541763, Installed on: 2015/10/08
KB2544893, Installed on: 2015/10/08
KB2545698, Installed on: 2015/10/09
KB2563227, Installed on: 2015/10/09
KB2564958, Installed on: 2015/10/09
KB2570947, Installed on: 2015/10/09
KB2585542, Installed on: 2015/10/09
KB2598479, Installed on: 2015/10/09
KB2598845, Installed on: 2015/10/09
KB2604094, Installed on: 2015/10/09
KB2620704, Installed on: 2015/10/09
KB2621440, Installed on: 2015/10/09
KB2631813, Installed on: 2015/10/09
KB2632503, Installed on: 2015/10/09
KB2643719, Installed on: 2015/10/09
KB2653956, Installed on: 2015/10/09
KB2654428, Installed on: 2015/10/09
KB2655992, Installed on: 2015/10/09
KB2676562, Installed on: 2015/10/09
KB2685811, Installed on: 2015/10/09
KB2685813, Installed on: 2015/10/09
KB2685939, Installed on: 2015/10/09
KB2690533, Installed on: 2015/10/09
KB2698365, Installed on: 2015/10/09
KB2705219, Installed on: 2015/10/09
KB2712808, Installed on: 2015/10/09
KB2718704, Installed on: 2015/10/09
KB2726535, Installed on: 2015/10/09
KB2729453, Installed on: 2015/10/09
KB2742601, Installed on: 2015/10/09
KB2748349, Installed on: 2015/10/09
KB2762895, Installed on: 2015/10/09
KB2763674, Installed on: 2015/10/09
KB2770660, Installed on: 2015/10/09
KB2780091, Installed on: 2015/10/09
KB2785220, Installed on: 2015/10/09
KB2798162, Installed on: 2015/10/09
KB2807986, Installed on: 2015/10/09
KB2808679, Installed on: 2015/10/09
KB2813430, Installed on: 2015/10/09
KB2820917, Installed on: 2015/10/09
KB2836945, Installed on: 2015/10/09
KB2839894, Installed on: 2015/10/09
KB2840149, Installed on: 2015/10/09
KB2861855, Installed on: 2015/10/09
KB2862152, Installed on: 2015/10/09
KB2862330, Installed on: 2015/10/09
KB2862335, Installed on: 2015/10/09
KB2862966, Installed on: 2015/10/09
KB2862973, Installed on: 2015/10/09
KB2864063, Installed on: 2015/10/09
KB2864202, Installed on: 2015/10/09
KB2868038, Installed on: 2015/10/09
KB2868116, Installed on: 2015/10/09
KB2868626, Installed on: 2015/10/09
KB2884256, Installed on: 2015/10/09
KB2887069, Installed on: 2015/10/09
KB2891804, Installed on: 2015/10/09
KB2892075, Installed on: 2015/10/09
KB2893294, Installed on: 2015/10/09
KB2894847, Installed on: 2015/10/09
KB2900986, Installed on: 2015/10/09
KB2901113, Installed on: 2015/10/09
KB2911502, Installed on: 2015/10/09
KB2929733, Installed on: 2015/10/09
KB2931354, Installed on: 2015/10/09
KB2937608, Installed on: 2015/10/09
KB2943344, Installed on: 2015/10/09
KB2957189, Installed on: 2015/10/09
KB2957509, Installed on: 2015/10/09
KB2961072, Installed on: 2015/10/09
KB2968292, Installed on: 2015/10/09
KB2972098, Installed on: 2015/10/09
KB2974268, Installed on: 2015/10/09
KB2974269, Installed on: 2015/10/09
KB2976897, Installed on: 2015/10/09
KB2978116, Installed on: 2015/10/09
KB2979568, Installed on: 2015/10/09
KB2991963, Installed on: 2015/10/09
KB2993651, Installed on: 2015/10/09
KB2998579, Installed on: 2015/10/09
KB2999226, Installed on: 2015/10/09
KB3000483
KB3003743, Installed on: 2015/10/09
KB3004361, Installed on: 2015/10/09
KB3005607, Installed on: 2015/10/09
KB3006137, Installed on: 2015/10/09
KB3006226, Installed on: 2015/10/09
KB3010788, Installed on: 2015/10/09
KB3011780, Installed on: 2015/10/09
KB3014029, Installed on: 2015/10/09
KB3020338, Installed on: 2015/10/09
KB3020393, Installed on: 2015/10/09
KB3021674, Installed on: 2015/10/09
KB3022777, Installed on: 2015/10/09
KB3023213, Installed on: 2015/10/09
KB3033889, Installed on: 2015/10/09
KB3035126, Installed on: 2015/10/09
KB3035132, Installed on: 2015/10/09
KB3035485, Installed on: 2015/10/09
KB3037573, Installed on: 2015/10/09
KB3045685, Installed on: 2015/10/09
KB3046017, Installed on: 2015/10/09
KB3054206, Installed on: 2015/10/09
KB3055642, Installed on: 2015/10/09
KB3057154, Installed on: 2015/10/09
KB3059317, Installed on: 2015/10/09
KB3060716, Installed on: 2015/10/09
KB3063858, Installed on: 2015/10/09
KB3067505, Installed on: 2015/10/09
KB3068457, Installed on: 2015/10/09
KB3069392, Installed on: 2015/10/09
KB3071756, Installed on: 2015/10/09
KB3072303, Installed on: 2015/10/09
KB3072595, Installed on: 2015/10/09
KB3072630, Installed on: 2015/10/09
KB3072633, Installed on: 2015/10/09
KB3073921, Installed on: 2015/10/09
KB3074541, Installed on: 2015/10/09
KB3075220, Installed on: 2015/10/09
KB3076895, Installed on: 2015/10/09
KB3077715, Installed on: 2015/10/09
KB3078601, Installed on: 2015/10/09
KB3079757, Installed on: 2015/10/09
KB3080446, Installed on: 2015/10/26
KB3081320, Installed on: 2015/11/11
KB3084135, Installed on: 2015/10/09
KB3086255, Installed on: 2015/10/09
KB3087038, Installed on: 2015/10/09
KB3087039, Installed on: 2015/10/09
KB3087135, Installed on: 2015/10/09
KB3088195, Installed on: 2015/10/26
KB3092601, Installed on: 2015/11/11
KB3092627, Installed on: 2015/10/09
KB3093983, Installed on: 2015/10/26
KB3097877, Installed on: 2015/11/11
KB3097966, Installed on: 2015/10/26
KB3097988, Installed on: 2015/11/11
KB3099860, Installed on: 2015/12/10
KB3100773, Installed on: 2015/11/11
KB3101246, Installed on: 2015/11/11
KB3101722, Installed on: 2015/11/11
KB3101746, Installed on: 2015/11/11
KB3104002, Installed on: 2015/12/10
KB3108371, Installed on: 2015/12/10
KB3108381, Installed on: 2015/12/10
KB3108664, Installed on: 2016/01/28
KB3109094, Installed on: 2015/12/10
KB3109103, Installed on: 2015/12/10
KB3109560, Installed on: 2016/01/28
KB3110329, Installed on: 2016/01/28
KB3112148, Installed on: 2015/12/10
KB3118401, Installed on: 2016/02/16
KB3121212, Installed on: 2016/01/28
KB3121918, Installed on: 2016/01/28
KB3122646, Installed on: 2016/02/16
KB3124000, Installed on: 2016/01/28
KB3124001, Installed on: 2016/01/28
KB3124275, Installed on: 2016/01/28
KB3126041, Installed on: 2016/02/16
KB3126587, Installed on: 2016/02/16
KB3126593, Installed on: 2016/02/16
KB3127219, Installed on: 2016/02/16
KB3133043, Installed on: 2016/02/16
KB3134214, Installed on: 2016/02/16
KB3134814, Installed on: 2016/02/16
KB3135982, Installed on: 2016/03/15
KB3135987, Installed on: 2016/03/15
KB3139398, Installed on: 2016/03/15
KB3139852, Installed on: 2016/03/15
KB3139914, Installed on: 2016/03/15
KB3139921, Installed on: 2016/05/02
KB3139929, Installed on: 2016/03/15
KB3139940, Installed on: 2016/03/15
KB3140410, Installed on: 2016/03/15
KB3140709, Installed on: 2016/03/15
KB3140735, Installed on: 2016/03/15
KB3141083, Installed on: 2016/05/16
KB3142023, Installed on: 2016/05/16
KB3142041, Installed on: 2016/05/02
KB3145739, Installed on: 2016/05/02
KB3146706, Installed on: 2016/05/02
KB3146963, Installed on: 2016/05/02
KB3147071, Installed on: 2016/05/02
KB3148198, Installed on: 2016/05/02
KB3148851, Installed on: 2016/05/02
KB3149090, Installed on: 2016/05/02
KB3153171, Installed on: 2016/05/16
KB3153199, Installed on: 2016/05/16
KB3153731, Installed on: 2016/05/16
KB3154070, Installed on: 2016/05/16
KB3156013, Installed on: 2016/05/16
KB3156016, Installed on: 2016/05/16
KB3156017, Installed on: 2016/05/16
KB3156019, Installed on: 2016/05/16
KB3159398, Installed on: 2016/06/15
KB3160005, Installed on: 2016/06/15
KB3161561, Installed on: 2016/06/15
KB3161664, Installed on: 2016/06/15
KB3161949, Installed on: 2016/06/15
KB3162835, Installed on: 2016/06/15
KB3163244, Installed on: 2016/07/14
KB3164033, Installed on: 2016/06/15
KB3164035, Installed on: 2016/06/15
KB3167679, Installed on: 2016/10/13
KB3168965, Installed on: 2016/07/14
KB3170106, Installed on: 2016/07/14
KB3170455, Installed on: 2017/09/14
KB3174644, Installed on: 2016/09/22
KB3175024, Installed on: 2016/09/22
KB3175443, Installed on: 2016/08/11
KB3177186, Installed on: 2016/09/22
KB3177723, Installed on: 2016/09/13
KB3177725, Installed on: 2016/08/11
KB3178034, Installed on: 2016/08/11
KB3181707, Installed on: 2016/11/10
KB3182203, Installed on: 2016/09/22
KB3183431, Installed on: 2016/10/13
KB3184122, Installed on: 2016/09/22
KB3185319, Installed on: 2016/09/22
KB3185911, Installed on: 2016/09/22
KB3188735, Installed on: 2016/10/13
KB3191203, Installed on: 2016/10/13
KB3191256, Installed on: 2016/10/13
KB3191492, Installed on: 2016/10/13
KB3192321, Installed on: 2016/11/10
KB3193418, Installed on: 2016/11/10
KB3193515, Installed on: 2016/10/13
KB3194371, Installed on: 2016/11/10
KB3196348, Installed on: 2017/01/04
KB3196718, Installed on: 2016/11/10
KB3196726, Installed on: 2017/01/04
KB3197655, Installed on: 2016/11/10
KB3198234, Installed on: 2016/11/10
KB3198483, Installed on: 2016/11/10
KB3198510, Installed on: 2016/11/10
KB3200006, Installed on: 2016/11/10
KB3203621, Installed on: 2017/01/04
KB3203838, Installed on: 2017/01/04
KB3203859, Installed on: 2016/11/10
KB3203884, Installed on: 2017/01/04
KB3204723, Installed on: 2017/01/04
KB3204724, Installed on: 2017/01/04
KB3204808, Installed on: 2017/01/04
KB3205638, Installed on: 2017/01/04
KB3208481, Installed on: 2017/01/04
KB3210129, Installed on: 2017/01/04
KB3214051, Installed on: 2017/03/16
KB3216775, Installed on: 2017/02/14
KB3216916, Installed on: 2017/03/16
KB3217587, Installed on: 2017/03/16
KB3217877, Installed on: 2017/04/14
KB3218362, Installed on: 2017/03/16
KB4011981, Installed on: 2017/03/16
KB4012204, Installed on: 2017/03/16
KB4012373, Installed on: 2017/03/16
KB4012497, Installed on: 2017/03/16
KB4012583, Installed on: 2017/03/16
KB4012584, Installed on: 2017/03/16
KB4012598, Installed on: 2017/03/16
KB4012864, Installed on: 2017/04/14
KB4014502, Installed on: 2017/05/24
KB4014561, Installed on: 2017/04/14
KB4014592, Installed on: 2017/05/24
KB4014652, Installed on: 2017/04/14
KB4014661, Installed on: 2017/04/14
KB4014793, Installed on: 2017/04/14
KB4014794, Installed on: 2017/04/14
KB4015067, Installed on: 2017/04/14
KB4015193, Installed on: 2017/04/19
KB4015195, Installed on: 2017/04/14
KB4015380, Installed on: 2017/04/14
KB4015383, Installed on: 2017/04/14
KB4017018, Installed on: 2017/04/14
KB4018106, Installed on: 2017/06/28
KB4018271, Installed on: 2017/05/24
KB4018466, Installed on: 2017/05/24
KB4018556, Installed on: 2017/05/24
KB4018821, Installed on: 2017/05/24
KB4018885, Installed on: 2017/05/24
KB4018927, Installed on: 2017/05/24
KB4019149, Installed on: 2017/05/24
KB4019204, Installed on: 2017/05/24
KB4019206, Installed on: 2017/05/24
KB4019276, Installed on: 2018/01/06
KB4019478, Installed on: 2017/08/24
KB4020322, Installed on: 2017/07/12
KB4021558, Installed on: 2017/06/28
KB4021903, Installed on: 2017/06/28
KB4021923, Installed on: 2017/06/28
KB4022008, Installed on: 2017/06/28
KB4022010, Installed on: 2017/06/28
KB4022013, Installed on: 2017/06/28
KB4022746, Installed on: 2017/07/12
KB4022748, Installed on: 2017/07/12
KB4022750, Installed on: 2017/08/24
KB4022883, Installed on: 2017/06/28
KB4022884, Installed on: 2017/06/28
KB4022887, Installed on: 2017/06/28
KB4022914, Installed on: 2017/07/12
KB4025240, Installed on: 2017/07/12
KB4025252, Installed on: 2017/07/12
KB4025397, Installed on: 2017/07/12
KB4025398, Installed on: 2017/07/12
KB4025409, Installed on: 2017/07/12
KB4025497, Installed on: 2017/07/12
KB4025674, Installed on: 2017/07/12
KB4025877, Installed on: 2017/07/12
KB4026059, Installed on: 2017/07/12
KB4026061, Installed on: 2017/07/12
KB4032201, Installed on: 2017/09/14
KB4032955, Installed on: 2017/07/12
KB4033994, Installed on: 2017/08/24
KB4034034, Installed on: 2017/08/24
KB4034044, Installed on: 2018/02/13
KB4034733, Installed on: 2017/08/24
KB4034741, Installed on: 2017/08/24
KB4034744, Installed on: 2017/08/24
KB4034745, Installed on: 2017/08/24
KB4034775, Installed on: 2017/08/24
KB4034786, Installed on: 2017/09/14
KB4035055, Installed on: 2017/08/24
KB4035056, Installed on: 2017/08/24
KB4035176, Installed on: 2018/01/06
KB4035679, Installed on: 2017/08/24
KB4036162, Installed on: 2017/08/24
KB4036586, Installed on: 2017/09/14
KB4037616, Installed on: 2017/08/24
KB4038874, Installed on: 2017/09/14
KB4039038, Installed on: 2017/09/14
KB4039266, Installed on: 2017/09/14
KB4039384, Installed on: 2017/09/14
KB4040978, Installed on: 2017/09/14
KB4041671, Installed on: 2018/01/06
KB4041944, Installed on: 2018/01/06
KB4041995, Installed on: 2018/01/06
KB4042050, Installed on: 2018/01/06
KB4042121, Installed on: 2018/01/06
KB4042122, Installed on: 2018/01/06
KB4042123, Installed on: 2018/01/06
KB4046184, Installed on: 2018/01/06
KB4047211, Installed on: 2018/01/06
KB4048968, Installed on: 2018/01/06
KB4048970, Installed on: 2018/01/06
KB4050795, Installed on: 2018/01/06
KB4051956, Installed on: 2018/01/06
KB4052303, Installed on: 2018/01/06
KB4053473, Installed on: 2018/01/06
KB4056446, Installed on: 2018/02/13
KB4056448, Installed on: 2018/02/28
KB4056564, Installed on: 2018/03/15
KB4056568, Installed on: 2018/01/06
KB4056615, Installed on: 2018/01/06
KB4056759, Installed on: 2018/01/06
KB4056941, Installed on: 2018/01/06
KB4056942, Installed on: 2018/01/06
KB4056944, Installed on: 2018/01/06
KB4058165, Installed on: 2018/02/13
KB4073079, Installed on: 2018/02/13
KB4073080, Installed on: 2018/02/13
KB4074603, Installed on: 2018/02/13
KB4074621, Installed on: 2018/02/28
KB4074736, Installed on: 2018/02/13
KB4074834, Installed on: 2018/02/28
KB4074836, Installed on: 2018/02/13
KB4074837, Installed on: 2018/02/28
KB4074851, Installed on: 2018/02/13
KB4087398, Installed on: 2018/03/15
KB4089175, Installed on: 2018/03/15
KB4089187, Installed on: 2018/03/15
KB4089344, Installed on: 2018/03/15
KB4092946
KB948465, Installed on: 2015/10/09
KB948609, Installed on: 2015/10/08
KB948610, Installed on: 2015/10/08
KB949189, Installed on: 2015/10/08
KB950050, Installed on: 2015/10/08
KB950099, Installed on: 2015/10/08
KB950762, Installed on: 2015/10/08
KB950974, Installed on: 2015/10/08
KB951618, Installed on: 2015/10/08
KB951978, Installed on: 2015/10/08
KB952004, Installed on: 2015/10/08
KB952287, Installed on: 2015/10/08
KB953733, Installed on: 2015/10/08
KB954155, Installed on: 2015/10/08
KB954459, Installed on: 2015/10/08
KB955020, Installed on: 2015/10/08
KB955302, Installed on: 2015/10/08
KB955430, Installed on: 2015/10/08
KB956250, Installed on: 2015/10/08
KB956572, Installed on: 2015/10/08
KB956802, Installed on: 2015/10/08
KB957200, Installed on: 2015/10/08
KB957321, Installed on: 2015/10/08
KB958481, Installed on: 2015/10/08
KB958483, Installed on: 2015/10/08
KB958623, Installed on: 2015/10/08
KB958624, Installed on: 2015/10/08
KB958644, Installed on: 2015/10/08
KB959130, Installed on: 2015/10/08
KB959426, Installed on: 2015/10/08
KB960803, Installed on: 2015/10/08
KB960859, Installed on: 2015/10/08
KB961501, Installed on: 2015/10/08
KB967723, Installed on: 2015/10/08
KB968389, Installed on: 2015/10/08
KB970238, Installed on: 2015/10/08
KB970430, Installed on: 2015/10/09
KB971029, Installed on: 2015/10/09
KB971286, Installed on: 2015/10/09
KB971657, Installed on: 2015/10/08
KB971737, Installed on: 2015/10/08
KB972270, Installed on: 2015/10/08
KB973507, Installed on: 2015/10/08
KB973565, Installed on: 2015/10/08
KB973687, Installed on: 2015/10/08
KB973917, Installed on: 2015/10/09
KB974318, Installed on: 2015/10/08
KB974571, Installed on: 2015/10/08
KB975254, Installed on: 2015/10/08
KB975467, Installed on: 2015/10/08
KB975560, Installed on: 2015/10/08
KB975562, Installed on: 2015/10/08
KB975929, Installed on: 2015/10/08
KB976323, Installed on: 2015/10/08
KB976470, Installed on: 2015/10/08
KB976767, Installed on: 2015/10/08
KB976768, Installed on: 2015/10/09
KB976771, Installed on: 2015/10/08
KB976772, Installed on: 2015/10/09
KB978338, Installed on: 2015/10/08
KB978542, Installed on: 2015/10/08
KB978601, Installed on: 2015/10/08
KB978886, Installed on: 2015/10/08
KB979099, Installed on: 2015/10/08
KB979309, Installed on: 2015/10/08
KB979482, Installed on: 2015/10/08
KB979687, Installed on: 2015/10/09
KB979688, Installed on: 2015/10/08
KB979899, Installed on: 2015/10/09
KB979911, Installed on: 2015/10/08
KB979913, Installed on: 2015/10/08
KB980248, Installed on: 2015/10/08
KB980842, Installed on: 2015/10/09
KB980843, Installed on: 2015/10/08
KB981322, Installed on: 2015/10/08
KB982132, Installed on: 2015/10/08
KB982666, Installed on: 2015/10/09
KB982799, Installed on: 2015/10/08
KB983587, Installed on: 2015/10/08

10.0.0.64 (tcp/0)


Here is a list of quick-fix engineering updates installed on the
remote system :

KB2393802, Installed on: 2012/02/02
KB2397190, Installed on: 2012/02/02
KB2425227, Installed on: 2012/02/02
KB2459268, Installed on: 2012/02/02
KB2475792, Installed on: 2012/02/02
KB2478662, Installed on: 2012/02/02
KB2479943, Installed on: 2012/02/02
KB2482122, Installed on: 2012/02/02
KB2484033, Installed on: 2012/02/02
KB2488113, Installed on: 2012/02/02
KB2491683, Installed on: 2012/02/02
KB2492386, Installed on: 2012/02/02
KB2495523, Installed on: 2012/02/02
KB2496898, Installed on: 2012/02/02
KB2503665, Installed on: 2012/02/02
KB2505438, Installed on: 2012/02/02
KB2506014, Installed on: 2012/02/02
KB2506212, Installed on: 2012/02/02
KB2506928, Installed on: 2012/02/02
KB2507618, Installed on: 2012/02/02
KB2509553, Installed on: 2012/02/02
KB2510531, Installed on: 2012/04/05
KB2511250, Installed on: 2012/02/02
KB2511455, Installed on: 2012/02/17
KB2515325, Installed on: 2012/02/02
KB2518869, Installed on: 2012/02/02
KB2519736, Installed on: 2012/02/02
KB2522422, Installed on: 2012/02/17
KB2529073, Installed on: 2012/02/02
KB2529825, Installed on: 2012/02/02
KB2532531, Installed on: 2012/02/02
KB2533552, Installed on: 2012/02/02
KB2536275, Installed on: 2012/02/02
KB2536276, Installed on: 2012/02/02
KB2539635, Installed on: 2012/02/02
KB2541014, Installed on: 2012/02/02
KB2544521, Installed on: 2013/03/25
KB2544893, Installed on: 2012/02/02
KB2545698, Installed on: 2012/02/02
KB2547666, Installed on: 2012/02/02
KB2550648, Installed on: 2012/02/02
KB2552343, Installed on: 2012/02/02
KB2556532, Installed on: 2012/02/02
KB2560656, Installed on: 2012/02/02
KB2562937, Installed on: 2012/02/02
KB2563227, Installed on: 2012/02/02
KB2563894, Installed on: 2012/02/02
KB2564958, Installed on: 2012/02/02
KB2567053, Installed on: 2012/02/02
KB2567680, Installed on: 2012/02/02
KB2570791
KB2570947, Installed on: 2012/02/02
KB2572077, Installed on: 2012/02/02
KB2574819, Installed on: 2012/11/14
KB2579686, Installed on: 2012/02/02
KB2584146, Installed on: 2012/02/17
KB2585542, Installed on: 2012/02/17
KB2588516, Installed on: 2012/02/17
KB2598845, Installed on: 2013/03/25
KB2603229, Installed on: 2012/02/17
KB2604115, Installed on: 2012/05/15
KB2616676, Installed on: 2012/02/02
KB2618451, Installed on: 2012/02/17
KB2619339, Installed on: 2012/02/17
KB2620704, Installed on: 2012/02/17
KB2620712, Installed on: 2012/02/17
KB2621440, Installed on: 2012/03/15
KB2631813, Installed on: 2012/02/17
KB2632503, Installed on: 2013/03/25
KB2633873, Installed on: 2012/02/17
KB2633952
KB2639308, Installed on: 2012/03/15
KB2640148, Installed on: 2012/02/17
KB2641653, Installed on: 2012/03/15
KB2641690, Installed on: 2012/02/17
KB2644615, Installed on: 2012/02/17
KB2645640, Installed on: 2012/02/17
KB2647516, Installed on: 2012/04/05
KB2647518, Installed on: 2012/03/15
KB2647753, Installed on: 2012/08/15
KB2653956, Installed on: 2012/04/12
KB2654428, Installed on: 2012/02/17
KB2655992, Installed on: 2012/07/11
KB2656356, Installed on: 2012/02/17
KB2656373, Installed on: 2012/04/12
KB2656411, Installed on: 2012/05/15
KB2658846, Installed on: 2012/05/15
KB2659262, Installed on: 2012/05/15
KB2660075, Installed on: 2012/02/17
KB2660465, Installed on: 2012/02/17
KB2660649, Installed on: 2012/05/15
KB2661254, Installed on: 2012/10/10
KB2665364, Installed on: 2012/03/15
KB2667402, Installed on: 2012/03/15
KB2675157, Installed on: 2012/04/12
KB2676562, Installed on: 2012/05/15
KB2677070, Installed on: 2012/06/13
KB2679255, Installed on: 2012/04/12
KB2685811, Installed on: 2012/11/14
KB2685813, Installed on: 2012/11/14
KB2685939, Installed on: 2012/06/13
KB2686831, Installed on: 2012/06/13
KB2688338, Installed on: 2012/05/15
KB2690533, Installed on: 2012/05/15
KB2691442, Installed on: 2012/07/11
KB2695962, Installed on: 2012/05/15
KB2698365, Installed on: 2012/07/11
KB2699779, Installed on: 2012/06/13
KB2699988, Installed on: 2012/06/13
KB2703157, Installed on: 2013/03/25
KB2705219, Installed on: 2012/08/15
KB2706045, Installed on: 2012/08/15
KB2709162, Installed on: 2012/06/13
KB2709630, Installed on: 2012/06/13
KB2709715, Installed on: 2012/06/13
KB2709981, Installed on: 2012/11/14
KB2712808, Installed on: 2012/08/15
KB2718523, Installed on: 2012/07/11
KB2718704, Installed on: 2012/06/05
KB2719857, Installed on: 2012/09/13
KB2719985, Installed on: 2012/07/11
KB2722913, Installed on: 2012/08/15
KB2724197, Installed on: 2012/10/10
KB2726535, Installed on: 2013/01/10
KB2727528, Installed on: 2012/11/14
KB2729094, Installed on: 2012/08/15
KB2729452, Installed on: 2012/11/14
KB2731771, Installed on: 2012/10/10
KB2731847, Installed on: 2012/08/15
KB2732059, Installed on: 2012/10/05
KB2732487, Installed on: 2012/08/15
KB2732500, Installed on: 2012/08/15
KB2735855, Installed on: 2012/09/13
KB2736233, Installed on: 2012/09/13
KB2736422, Installed on: 2013/01/09
KB2739159, Installed on: 2012/10/10
KB2741355, Installed on: 2012/09/13
KB2742599, Installed on: 2013/01/10
KB2743555, Installed on: 2012/10/10
KB2744842, Installed on: 2012/10/05
KB2749655, Installed on: 2012/10/10
KB2750841, Installed on: 2012/11/14
KB2753842, Installed on: 2012/12/13
KB2756822
KB2756921, Installed on: 2013/01/10
KB2757638, Installed on: 2013/01/10
KB2758857, Installed on: 2012/12/13
KB2761217, Installed on: 2012/11/14
KB2761226, Installed on: 2012/11/14
KB2761465, Installed on: 2012/12/13
KB2762895, Installed on: 2012/11/28
KB2763523, Installed on: 2012/11/14
KB2769369, Installed on: 2013/01/10
KB2770660, Installed on: 2012/12/12
KB2773072, Installed on: 2013/01/10
KB2778344, Installed on: 2013/02/14
KB2778930, Installed on: 2013/01/10
KB2779030, Installed on: 2012/12/13
KB2779562
KB2785220, Installed on: 2013/01/10
KB2786081, Installed on: 2013/01/10
KB2786400, Installed on: 2013/01/10
KB2789645, Installed on: 2013/02/14
KB2790113, Installed on: 2013/02/14
KB2790655, Installed on: 2013/02/14
KB2791765, Installed on: 2013/03/14
KB2792100, Installed on: 2013/02/14
KB2797052, Installed on: 2013/03/25
KB2798162, Installed on: 2013/05/16
KB2799329, Installed on: 2013/03/25
KB2799494, Installed on: 2013/02/14
KB2799926, Installed on: 2013/04/11
KB2800095, Installed on: 2014/08/07
KB2803821, Installed on: 2013/07/12
KB2804579, Installed on: 2013/05/16
KB2807986, Installed on: 2013/03/21
KB2808679, Installed on: 2013/06/13
KB2808735, Installed on: 2013/04/11
KB2809289, Installed on: 2013/03/14
KB2813170, Installed on: 2013/04/11
KB2813347, Installed on: 2013/04/11
KB2813430, Installed on: 2013/06/13
KB2813956, Installed on: 2013/05/16
KB2817183, Installed on: 2013/04/11
KB2820197, Installed on: 2013/05/16
KB2820331, Installed on: 2013/05/16
KB2823324, Installed on: 2013/04/11
KB2829361, Installed on: 2013/05/16
KB2829530, Installed on: 2013/05/16
KB2830290, Installed on: 2013/05/16
KB2832414, Installed on: 2013/07/12
KB2833946, Installed on: 2013/07/12
KB2834140, Installed on: 2013/06/13
KB2834886, Installed on: 2013/07/12
KB2835361, Installed on: 2013/07/12
KB2835364, Installed on: 2013/07/12
KB2836502, Installed on: 2013/06/13
KB2836942, Installed on: 2013/07/31
KB2836943, Installed on: 2013/07/30
KB2838727, Installed on: 2013/06/13
KB2839894, Installed on: 2013/06/13
KB2840149, Installed on: 2013/04/25
KB2840631, Installed on: 2013/07/12
KB2843630, Installed on: 2014/02/13
KB2844286, Installed on: 2013/07/12
KB2845187, Installed on: 2013/07/12
KB2845690, Installed on: 2013/06/13
KB2846071, Installed on: 2013/07/12
KB2846960, Installed on: 2013/10/11
KB2847077, Installed on: 2013/12/12
KB2847204, Installed on: 2013/05/16
KB2847311, Installed on: 2013/10/11
KB2847927, Installed on: 2013/07/12
KB2849470, Installed on: 2013/08/15
KB2850851, Installed on: 2013/07/12
KB2852386, Installed on: 2013/10/11
KB2853952, Installed on: 2013/09/12
KB2857650, Installed on: 2014/08/07
KB2859537, Installed on: 2013/08/15
KB2861191, Installed on: 2013/10/11
KB2861698, Installed on: 2013/10/11
KB2861855, Installed on: 2013/08/15
KB2862152, Installed on: 2013/11/14
KB2862330, Installed on: 2014/01/16
KB2862335, Installed on: 2013/10/11
KB2862772, Installed on: 2013/08/15
KB2862966, Installed on: 2013/08/15
KB2862973, Installed on: 2014/02/13
KB2863058, Installed on: 2013/08/15
KB2863240, Installed on: 2013/10/11
KB2864058, Installed on: 2013/10/11
KB2864202, Installed on: 2013/10/11
KB2868038, Installed on: 2013/10/11
KB2868116, Installed on: 2013/09/12
KB2868623, Installed on: 2013/08/15
KB2868626, Installed on: 2013/11/14
KB2868725, Installed on: 2013/11/14
KB2870699, Installed on: 2013/09/12
KB2871997, Installed on: 2014/05/15
KB2872339, Installed on: 2013/09/12
KB2875783, Installed on: 2013/11/14
KB2876284, Installed on: 2013/10/11
KB2876315, Installed on: 2013/09/12
KB2876331, Installed on: 2013/11/14
KB2879017, Installed on: 2013/10/11
KB2882822, Installed on: 2013/10/11
KB2883150, Installed on: 2013/10/11
KB2884256, Installed on: 2013/10/11
KB2887069, Installed on: 2013/12/12
KB2888049, Installed on: 2013/10/11
KB2888505, Installed on: 2013/11/14
KB2891804, Installed on: 2013/12/12
KB2892074, Installed on: 2013/12/12
KB2893294, Installed on: 2013/12/12
KB2893519, Installed on: 2013/11/14
KB2893984, Installed on: 2013/12/12
KB2894844, Installed on: 2014/09/12
KB2898785, Installed on: 2013/12/12
KB2898857, Installed on: 2014/02/13
KB2900986, Installed on: 2013/11/14
KB2901112, Installed on: 2014/02/13
KB2904266, Installed on: 2013/12/12
KB2908783, Installed on: 2014/04/10
KB2909210, Installed on: 2014/02/13
KB2909921, Installed on: 2014/02/13
KB2911501, Installed on: 2014/02/13
KB2912390, Installed on: 2014/02/13
KB2913152, Installed on: 2013/12/12
KB2913431, Installed on: 2014/01/16
KB2913602, Installed on: 2014/01/16
KB2916036, Installed on: 2014/02/13
KB2918077, Installed on: 2014/03/13
KB2918614, Installed on: 2014/08/15
KB2919469, Installed on: 2014/02/13
KB2922229, Installed on: 2014/04/10
KB2923545, Installed on: 2014/08/07
KB2925418, Installed on: 2014/03/13
KB2926765, Installed on: 2014/05/15
KB2928562, Installed on: 2014/04/10
KB2929437, Installed on: 2014/08/07
KB2929733, Installed on: 2014/03/13
KB2929755, Installed on: 2014/03/13
KB2929961, Installed on: 2014/03/13
KB2930275, Installed on: 2014/03/13
KB2931356, Installed on: 2014/05/15
KB2936068, Installed on: 2014/04/10
KB2937610, Installed on: 2014/08/15
KB2939576, Installed on: 2014/08/07
KB2943357, Installed on: 2014/08/15
KB2952664, Installed on: 2014/05/07
KB2953522, Installed on: 2014/05/15
KB2957189, Installed on: 2014/08/07
KB2957503, Installed on: 2014/08/07
KB2957509, Installed on: 2014/08/07
KB2957689, Installed on: 2014/06/11
KB2961072, Installed on: 2014/08/07
KB2962872, Installed on: 2014/08/07
KB2964358, Installed on: 2014/05/05
KB2965788, Installed on: 2014/08/07
KB2966583, Installed on: 2014/08/07
KB2968294, Installed on: 2014/10/16
KB2970228, Installed on: 2014/08/15
KB2971850, Installed on: 2014/08/07
KB2972100, Installed on: 2014/10/16
KB2972211, Installed on: 2014/09/12
KB2972280, Installed on: 2014/08/07
KB2973112, Installed on: 2014/09/12
KB2973201, Installed on: 2014/08/07
KB2973337, Installed on: 2014/08/07
KB2973351, Installed on: 2014/08/07
KB2976627, Installed on: 2014/08/15
KB2976897, Installed on: 2014/08/15
KB2977292, Installed on: 2014/10/16
KB2977629, Installed on: 2014/09/12
KB2977728, Installed on: 2014/09/12
KB2978092, Installed on: 2014/09/12
KB2978120, Installed on: 2014/11/12
KB2978668, Installed on: 2014/08/15
KB2978742, Installed on: 2014/08/15
KB2979570, Installed on: 2014/10/16
KB2980245, Installed on: 2014/08/15
KB2981580, Installed on: 2014/08/15
KB2982378, Installed on: 2014/09/12
KB2982791, Installed on: 2014/08/15
KB2984972, Installed on: 2014/10/16
KB2984976, Installed on: 2014/10/16
KB2984981, Installed on: 2014/10/16
KB2985461, Installed on: 2014/09/12
KB2987107, Installed on: 2014/10/16
KB2990214, Installed on: 2015/04/15
KB2991963, Installed on: 2014/11/12
KB2992611, Installed on: 2014/11/12
KB2993651, Installed on: 2014/08/28
KB2993958, Installed on: 2014/11/12
KB2994023, Installed on: 2014/10/16
KB2998527, Installed on: 2014/09/24
KB2999226, Installed on: 2015/09/29
KB3000061, Installed on: 2014/10/16
KB3000483, Installed on: 2015/02/12
KB3000869, Installed on: 2014/10/16
KB3000988, Installed on: 2014/10/16
KB3001554, Installed on: 2014/10/01
KB3002885, Installed on: 2014/11/12
KB3003057, Installed on: 2014/11/12
KB3003743, Installed on: 2014/11/12
KB3004361, Installed on: 2015/02/12
KB3004375, Installed on: 2015/02/12
KB3004394, Installed on: 2015/02/12
KB3005607, Installed on: 2014/11/12
KB3006121, Installed on: 2014/12/10
KB3006137, Installed on: 2015/02/25
KB3006226, Installed on: 2014/11/12
KB3006625, Installed on: 2014/12/10
KB3008627, Installed on: 2014/11/12
KB3008923, Installed on: 2014/12/10
KB3009736, Installed on: 2014/12/10
KB3010788, Installed on: 2014/11/12
KB3011780, Installed on: 2014/11/20
KB3013126, Installed on: 2014/12/10
KB3013410, Installed on: 2014/12/10
KB3013455, Installed on: 2015/02/12
KB3013531, Installed on: 2015/05/13
KB3014406, Installed on: 2014/12/10
KB3019215, Installed on: 2015/01/14
KB3020338, Installed on: 2015/02/12
KB3020369, Installed on: 2015/05/13
KB3020370, Installed on: 2015/05/13
KB3020388, Installed on: 2015/01/14
KB3021674, Installed on: 2015/01/14
KB3021917, Installed on: 2015/02/18
KB3021952, Installed on: 2015/02/12
KB3022345, Installed on: 2015/05/13
KB3022777, Installed on: 2015/01/14
KB3023215, Installed on: 2015/05/13
KB3023266, Installed on: 2015/01/14
KB3023562, Installed on: 2015/02/12
KB3023607, Installed on: 2015/02/12
KB3025390, Installed on: 2014/12/19
KB3029944, Installed on: 2015/02/12
KB3030377, Installed on: 2015/03/12
KB3031432, Installed on: 2015/02/12
KB3032323, Installed on: 2015/03/12
KB3032359, Installed on: 2015/03/12
KB3032655, Installed on: 2015/05/13
KB3033889, Installed on: 2015/03/12
KB3033890, Installed on: 2015/06/10
KB3033929, Installed on: 2015/03/12
KB3034196, Installed on: 2015/02/13
KB3034344, Installed on: 2015/03/12
KB3035126, Installed on: 2015/03/12
KB3035131, Installed on: 2015/03/12
KB3035132, Installed on: 2015/03/12
KB3036493, Installed on: 2015/03/12
KB3037574, Installed on: 2015/04/15
KB3038314, Installed on: 2015/04/15
KB3039066, Installed on: 2015/03/12
KB3040272, Installed on: 2015/07/15
KB3042058, Installed on: 2015/11/21
KB3042553, Installed on: 2015/04/15
KB3045171, Installed on: 2015/05/13
KB3045645, Installed on: 2015/05/13
KB3045685, Installed on: 2015/04/15
KB3045999, Installed on: 2015/04/15
KB3046002, Installed on: 2015/05/13
KB3046017, Installed on: 2015/08/12
KB3046049, Installed on: 2015/03/12
KB3046269, Installed on: 2015/04/15
KB3046306, Installed on: 2015/04/15
KB3046482, Installed on: 2015/04/15
KB3048070, Installed on: 2015/05/13
KB3049563, Installed on: 2015/05/13
KB3051768, Installed on: 2015/05/13
KB3054476, Installed on: 2015/06/10
KB3055642, Installed on: 2015/05/13
KB3057154, Installed on: 2015/07/15
KB3057839, Installed on: 2015/06/10
KB3058515, Installed on: 2015/06/10
KB3059317, Installed on: 2015/06/10
KB3060716, Installed on: 2015/08/12
KB3061518, Installed on: 2015/05/13
KB3063858, Installed on: 2015/06/10
KB3064209, Installed on: 2015/08/12
KB3065822, Installed on: 2015/07/15
KB3065979, Installed on: 2015/07/15
KB3065987, Installed on: 2015/07/15
KB3067505, Installed on: 2015/07/15
KB3067903, Installed on: 2015/07/15
KB3068708, Installed on: 2015/06/10
KB3069114, Installed on: 2015/09/09
KB3069392, Installed on: 2015/07/15
KB3069762, Installed on: 2015/07/15
KB3070102, Installed on: 2015/07/15
KB3070738, Installed on: 2015/07/15
KB3071756, Installed on: 2015/08/12
KB3072305, Installed on: 2015/08/12
KB3072630, Installed on: 2015/07/15
KB3072633, Installed on: 2015/07/15
KB3074543, Installed on: 2015/09/09
KB3074886, Installed on: 2015/07/15
KB3075226, Installed on: 2015/08/12
KB3075249, Installed on: 2015/09/09
KB3075516, Installed on: 2015/07/15
KB3075851, Installed on: 2015/08/12
KB3076895, Installed on: 2015/08/12
KB3076949, Installed on: 2015/08/12
KB3077657, Installed on: 2015/07/15
KB3077715, Installed on: 2015/09/09
KB3078071, Installed on: 2015/08/12
KB3078601, Installed on: 2015/08/12
KB3078667, Installed on: 2015/09/09
KB3079757, Installed on: 2015/08/12
KB3079904, Installed on: 2015/07/21
KB3080079, Installed on: 2015/09/29
KB3080149, Installed on: 2015/09/09
KB3080446, Installed on: 2015/11/21
KB3081320, Installed on: 2015/11/21
KB3083324, Installed on: 2015/09/09
KB3083710
KB3083992, Installed on: 2015/09/09
KB3084135, Installed on: 2015/09/09
KB3086255, Installed on: 2015/09/09
KB3087038, Installed on: 2015/09/09
KB3087039, Installed on: 2015/09/09
KB3087918, Installed on: 2015/09/09
KB3087985, Installed on: 2015/08/19
KB3088195
KB3092601, Installed on: 2015/11/21
KB3092627, Installed on: 2015/09/09
KB3093513, Installed on: 2015/11/21
KB3093983
KB3097877
KB3097966, Installed on: 2015/11/21
KB3097989, Installed on: 2015/11/21
KB3099862, Installed on: 2015/12/09
KB3100213, Installed on: 2015/11/21
KB3100773, Installed on: 2015/11/21
KB3101246, Installed on: 2015/11/21
KB3101722, Installed on: 2015/11/21
KB3101746, Installed on: 2015/11/21
KB3102429, Installed on: 2015/12/09
KB3102810, Installed on: 2015/11/21
KB3104002, Installed on: 2015/12/09
KB3107998, Installed on: 2015/11/21
KB3108371, Installed on: 2015/12/09
KB3108381, Installed on: 2015/12/09
KB3108664, Installed on: 2016/01/13
KB3108669, Installed on: 2015/12/09
KB3108670, Installed on: 2015/12/09
KB3109094, Installed on: 2015/12/09
KB3109103, Installed on: 2015/12/09
KB3109560, Installed on: 2016/01/13
KB3110329, Installed on: 2016/01/13
KB3112148, Installed on: 2015/12/09
KB3112343, Installed on: 2015/12/09
KB3115858, Installed on: 2016/02/10
KB3118401, Installed on: 2016/03/09
KB3121212, Installed on: 2016/01/13
KB3121255, Installed on: 2016/03/09
KB3121461, Installed on: 2016/01/13
KB3121918, Installed on: 2016/01/13
KB3122648, Installed on: 2016/02/10
KB3123479, Installed on: 2016/01/13
KB3124000, Installed on: 2016/01/13
KB3124001, Installed on: 2016/01/13
KB3124275, Installed on: 2016/01/13
KB3124280, Installed on: 2016/02/10
KB3126446, Installed on: 2016/02/10
KB3126587, Installed on: 2016/02/10
KB3126593, Installed on: 2016/02/10
KB3127220, Installed on: 2016/02/10
KB3133977, Installed on: 2016/04/08
KB3134214, Installed on: 2016/02/10
KB3134814, Installed on: 2016/02/10
KB3135445, Installed on: 2016/02/10
KB3135983, Installed on: 2016/03/09
KB3135988, Installed on: 2016/03/09
KB3137061, Installed on: 2016/04/08
KB3138378, Installed on: 2016/05/11
KB3138612, Installed on: 2016/03/09
KB3138901, Installed on: 2016/04/08
KB3138910, Installed on: 2016/03/09
KB3138962, Installed on: 2016/03/09
KB3139398, Installed on: 2016/03/09
KB3139852, Installed on: 2016/03/09
KB3139914, Installed on: 2016/03/09
KB3139923, Installed on: 2016/04/08
KB3139929, Installed on: 2016/03/09
KB3139940, Installed on: 2016/03/09
KB3140245, Installed on: 2016/06/15
KB3140410, Installed on: 2016/03/09
KB3140735, Installed on: 2016/03/09
KB3141092, Installed on: 2016/02/10
KB3142024, Installed on: 2016/05/11
KB3142042, Installed on: 2016/04/13
KB3145739, Installed on: 2016/04/13
KB3146706, Installed on: 2016/04/13
KB3146963, Installed on: 2016/04/13
KB3147071, Installed on: 2016/04/13
KB3148198, Installed on: 2016/04/13
KB3148851, Installed on: 2016/04/13
KB3149090, Installed on: 2016/04/13
KB3150220, Installed on: 2016/05/11
KB3150513, Installed on: 2016/05/05
KB3153171, Installed on: 2016/05/11
KB3153199, Installed on: 2016/05/11
KB3153731, Installed on: 2016/05/11
KB3154070, Installed on: 2016/05/11
KB3155178, Installed on: 2016/05/11
KB3156013, Installed on: 2016/05/11
KB3156016, Installed on: 2016/05/11
KB3156017, Installed on: 2016/05/11
KB3156019, Installed on: 2016/05/11
KB3159398, Installed on: 2016/06/15
KB3160005, Installed on: 2016/06/15
KB3161102, Installed on: 2016/08/31
KB3161561, Installed on: 2016/06/15
KB3161664, Installed on: 2016/06/15
KB3161949, Installed on: 2016/06/15
KB3161958, Installed on: 2016/06/15
KB3162835, Installed on: 2016/06/15
KB3163245, Installed on: 2016/07/13
KB3164033, Installed on: 2016/06/15
KB3164035, Installed on: 2016/06/15
KB3167679, Installed on: 2016/08/10
KB3168965, Installed on: 2016/07/13
KB3170106, Installed on: 2016/07/13
KB3170455, Installed on: 2016/07/13
KB3170735, Installed on: 2016/07/13
KB3172605, Installed on: 2016/08/31
KB3175024, Installed on: 2016/09/14
KB3175443, Installed on: 2016/08/10
KB3177186, Installed on: 2016/09/14
KB3177467, Installed on: 2016/10/13
KB3177723, Installed on: 2016/08/17
KB3177725, Installed on: 2016/08/10
KB3178034, Installed on: 2016/08/10
KB3179573, Installed on: 2016/08/31
KB3181988, Installed on: 2016/10/07
KB3182203, Installed on: 2016/09/21
KB3184122, Installed on: 2016/09/14
KB3184143, Installed on: 2016/10/07
KB3185278, Installed on: 2016/10/07
KB3185319, Installed on: 2016/09/14
KB3185330, Installed on: 2016/10/12
KB3185911, Installed on: 2016/09/14
KB3188740, Installed on: 2016/10/12
KB3197868, Installed on: 2016/11/09
KB3207752, Installed on: 2016/12/14
KB3210131, Installed on: 2016/12/14
KB3212646, Installed on: 2017/01/11
KB4012215, Installed on: 2017/03/15
KB4014504, Installed on: 2017/05/10
KB4014565, Installed on: 2017/04/12
KB4015549, Installed on: 2017/04/12
KB4019264, Installed on: 2017/05/10
KB4022719, Installed on: 2017/06/14
KB4025341, Installed on: 2017/07/12
KB4034664, Installed on: 2017/08/09
KB958488, Installed on: 2011/02/10
KB976902, Installed on: 2010/11/20
KB976932, Installed on: 2010/11/20
KB976933, Installed on: 2010/11/20
KB982018, Installed on: 2012/02/02
63080 (2) - Microsoft Windows Mounted Devices
Synopsis
It is possible to get a list of mounted devices that may have been connected to the remote system in the past.
Description
By connecting to the remote host with the supplied credentials, this plugin enumerates mounted devices that have been connected to the remote host in the past.
See Also
Solution
Make sure that the mounted drives agree with your organization's acceptable use and security policies.
Risk Factor
None
Plugin Information:
Published: 2012/11/28, Modified: 2012/11/28
Plugin Output

10.0.0.14 (tcp/445)


Name : \??\volume{b2fff756-056b-11dc-a637-806e6f6e6963}
Data : 2.3.
Raw data : 322e332e0000200014000000

Name : \??\volume{b2fff757-056b-11dc-a637-806e6f6e6963}
Data : \??\USBSTOR#SFloppy&Ven_Y-E_DATA&Prod_USB-FDU&Rev_1.28#7&380ee287&0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Raw data : 5c003f003f005c00550053004200530054004f0052002300530046006c006f007000700079002600560065006e005f0059002d0045005f0044004100540041002600500072006f0064005f005500530042002d0046004400550026005200650076005f0031002e0032003800230037002600330038003000650065003200380037002600300023007b00350033006600350036003300300064002d0062003600620066002d0031003100640030002d0039003400660032002d003000300061003000630039003100650066006200380062007d00

Name : \??\volume{9f3a428c-6abc-11e0-be1f-00187186d93f}
Data : \??\USBSTOR#CdRom&Ven_SONY&Prod_DVD_RW_DRU-830A&Rev_SS25#DRX830UPVT00000A330&0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Raw data : 5c003f003f005c00550053004200530054004f00520023004300640052006f006d002600560065006e005f0053004f004e0059002600500072006f0064005f004400560044005f00520057005f004400520055002d00380033003000410026005200650076005f005300530032003500230044005200580038003300300055005000560054003000300030003000300041003300330030002600300023007b00350033006600350036003300300064002d0062003600620066002d0031003100640030002d0039003400660032002d003000300061003000630039003100650066006200380062007d00

Name : \??\volume{64d7dc2a-6e15-11e5-9726-806e6f6e6963}
Data : \??\FDC#GENERIC_FLOPPY_DRIVE#6&2bc13940&0&0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Raw data : 5c003f003f005c004600440043002300470045004e0045005200490043005f0046004c004f005000500059005f004400520049005600450023003600260032006200630031003300390034003000260030002600300023007b00350033006600350036003300300064002d0062003600620066002d0031003100640030002d0039003400660032002d003000300061003000630039003100650066006200380062007d00

Name : \??\volume{d64d9e22-68d2-11e5-aa01-9894247c0af1}
Data : \??\FDC#GENERIC_FLOPPY_DRIVE#6&1435b2e2&0&0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Raw data : 5c003f003f005c004600440043002300470045004e0045005200490043005f0046004c004f005000500059005f004400520049005600450023003600260031003400330035006200320065003200260030002600300023007b00350033006600350036003300300064002d0062003600620066002d0031003100640030002d0039003400660032002d003000300061003000630039003100650066006200380062007d00

Name : \??\volume{0452b399-835b-11e0-a013-00187186d93f}
Data : \??\STORAGE#RemovableMedia#8&20ebd7f4&0&RM#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Raw data : 5c003f003f005c00530054004f0052004100470045002300520065006d006f007600610062006c0065004d0065006400690061002300380026003200300065006200640037006600340026003000260052004d0023007b00350033006600350036003300300064002d0062003600620066002d0031003100640030002d0039003400660032002d003000300061003000630039003100650066006200380062007d00

Name : \??\volume{b2fff752-056b-11dc-a637-806e6f6e6963}
Data : \??\IDE#CdRomHL-DT-ST_RW#DVD_GCC-4247N_______________2.01____#5&96868f7&0&0.0.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Raw data : 5c003f003f005c0049004400450023004300640052006f006d0048004c002d00440054002d00530054005f005200570023004400560044005f004700430043002d0034003200340037004e005f005f005f005f005f005f005f005f005f005f005f005f005f005f005f0032002e00300031005f005f005f005f00230035002600390036003800360038006600370026003000260030002e0030002e00300023007b00350033006600350036003300300064002d0062003600620066002d0031003100640030002d0039003400660032002d003000300061003000630039003100650066006200380062007d00

Name : \dosdevices\e:
Data : \??\IDE#CdRomNECVMWar_VMware_IDE_CDR00_______________1.00____#5&2eba49&0&0.0.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Raw data : 5c003f003f005c0049004400450023004300640052006f006d004e004500430056004d005700610072005f0056004d0077006100720065005f004900440045005f00430044005200300030005f005f005f005f005f005f005f005f005f005f005f005f005f005f005f0031002e00300030005f005f005f005f0023003500260032006500620061003400390026003000260030002e0030002e00300023007b00350033006600350036003300300064002d0062003600620066002d0031003100640030002d0039003400660032002d003000300061003000630039003100650066006200380062007d00

Name : \??\volume{64d7dc29-6e15-11e5-9726-806e6f6e6963}
Data : \??\IDE#CdRomNECVMWar_VMware_IDE_CDR00_______________1.00____#5&2eba49&0&0.0.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Raw data : 5c003f003f005c0049004400450023004300640052006f006d004e004500430056004d005700610072005f0056004d0077006100720065005f004900440045005f00430044005200300030005f005f005f005f005f005f005f005f005f005f005f005f005f005f005f0031002e00300030005f005f005f005f0023003500260032006500620061003400390026003000260030002e0030002e00300023007b00350033006600350036003300300064002d0062003600620066002d0031003100640030002d0039003400660032002d003000300061003000630039003100650066006200380062007d00

Name : \dosdevices\a:
Data : \??\FDC#GENERIC_FLOPPY_DRIVE#6&2bc13940&0&0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Raw data : 5c003f003f005c004600440043002300470045004e0045005200490043005f0046004c004f005000500059005f004400520049005600450023003600260032006200630031003300390034003000260030002600300023007b00350033006600350036003300300064002d0062003600620066002d0031003100640030002d0039003400660032002d003000300061003000630039003100650066006200380062007d00

Name : \??\volume{b2fff755-056b-11dc-a637-806e6f6e6963}
Data : 2.3.
Raw data : 322e332e0000100000000000

Name : \dosdevices\c:
Data : 2.3.
Raw data : 322e332e0000100000000000

Name : \dosdevices\d:
Data : 2.3.
Raw data : 322e332e0000200014000000

Name : \??\volume{7349f3d2-68d4-11e5-97e3-806e6f6e6963}
Data : \??\IDE#CdRomNECVMWar_VMware_IDE_CDR00_______________1.00____#3030303030303030303030303030303030303130#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Raw data : 5c003f003f005c0049004400450023004300640052006f006d004e004500430056004d005700610072005f0056004d0077006100720065005f004900440045005f00430044005200300030005f005f005f005f005f005f005f005f005f005f005f005f005f005f005f0031002e00300030005f005f005f005f002300330030003300300033003000330030003300300033003000330030003300300033003000330030003300300033003000330030003300300033003000330030003300300033003000330031003300300023007b00350033006600350036003300300064002d0062003600620066002d0031003100640030002d0039003400660032002d003000300061003000630039003100650066006200380062007d00

10.0.0.64 (tcp/445)


Name : \??\volume{9738a814-ebe3-11e1-8aec-d067e5eef9a7}
Data : _??_USBSTOR#Disk&Ven_SanDisk&Prod_Cruzer&Rev_1.00#20052444110F3CA1DC34&0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}
Raw data : 5f003f003f005f00550053004200530054004f00520023004400690073006b002600560065006e005f00530061006e004400690073006b002600500072006f0064005f004300720075007a006500720026005200650076005f0031002e00300030002300320030003000350032003400340034003100310030004600330043004100310044004300330034002600300023007b00350033006600350036003300300037002d0062003600620066002d0031003100640030002d0039003400660032002d003000300061003000630039003100650066006200380062007d00

Name : \??\volume{cba4e1a4-ae85-11e2-84ac-d067e5eef9a7}
Data : _??_USBSTOR#Disk&Ven_SanDisk&Prod_Ultra&Rev_1.26#20051535630F6240298D&0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}
Raw data : 5f003f003f005f00550053004200530054004f00520023004400690073006b002600560065006e005f00530061006e004400690073006b002600500072006f0064005f0055006c0074007200610026005200650076005f0031002e00320036002300320030003000350031003500330035003600330030004600360032003400300032003900380044002600300023007b00350033006600350036003300300037002d0062003600620066002d0031003100640030002d0039003400660032002d003000300061003000630039003100650066006200380062007d00

Name : \??\volume{110e6645-4e1d-11e1-8b86-806e6f6e6963}
Data : +1
Raw data : 97b0af2b0000803100000000

Name : \??\volume{92dd8b09-a83d-11e2-bcfa-d067e5eef9a7}
Data : _??_USBSTOR#Disk&Ven_SanDisk&Prod_Ultra&Rev_1.26#20051739720F5C01B67E&0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}
Raw data : 5f003f003f005f00550053004200530054004f00520023004400690073006b002600560065006e005f00530061006e004400690073006b002600500072006f0064005f0055006c0074007200610026005200650076005f0031002e00320036002300320030003000350031003700330039003700320030004600350043003000310042003600370045002600300023007b00350033006600350036003300300037002d0062003600620066002d0031003100640030002d0039003400660032002d003000300061003000630039003100650066006200380062007d00

Name : \??\volume{110e6648-4e1d-11e1-8b86-806e6f6e6963}
Data : \??\IDE#CdRomHL-DT-ST_DVD+-RW_GH70N__________________A101____#4&5447da0&0&0.1.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Raw data : 5c003f003f005c0049004400450023004300640052006f006d0048004c002d00440054002d00530054005f004400560044002b002d00520057005f0047004800370030004e005f005f005f005f005f005f005f005f005f005f005f005f005f005f005f005f005f005f0041003100300031005f005f005f005f00230034002600350034003400370064006100300026003000260030002e0031002e00300023007b00350033006600350036003300300064002d0062003600620066002d0031003100640030002d0039003400660032002d003000300061003000630039003100650066006200380062007d00

Name : \dosdevices\g:
Data : _??_USBSTOR#Disk&Ven_A-DATA&Prod_USB_Flash_Drive&Rev_0.00#d7409b121dc4b0&0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}
Raw data : 5f003f003f005f00550053004200530054004f00520023004400690073006b002600560065006e005f0041002d0044004100540041002600500072006f0064005f005500530042005f0046006c006100730068005f004400720069007600650026005200650076005f0030002e00300030002300640037003400300039006200310032003100640063003400620030002600300023007b00350033006600350036003300300037002d0062003600620066002d0031003100640030002d0039003400660032002d003000300061003000630039003100650066006200380062007d00

Name : \??\volume{3f97b236-5988-11e1-8326-d067e5eef9a7}
Data : +~
Raw data : 97b0af2b007e000000000000

Name : \??\volume{110e6644-4e1d-11e1-8b86-806e6f6e6963}
Data : +
Raw data : 97b0af2b0000800200000000

Name : \??\volume{0fb29709-73d0-11e3-ba9d-d067e5eef9a7}
Data : _??_USBSTOR#Disk&Ven_Generic&Prod_Flash_Disk&Rev_8.07#3FF14314&0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}
Raw data : 5f003f003f005f00550053004200530054004f00520023004400690073006b002600560065006e005f00470065006e0065007200690063002600500072006f0064005f0046006c006100730068005f004400690073006b0026005200650076005f0038002e00300037002300330046004600310034003300310034002600300023007b00350033006600350036003300300037002d0062003600620066002d0031003100640030002d0039003400660032002d003000300061003000630039003100650066006200380062007d00

Name : \??\volume{2ff54255-29e8-11e3-9d45-d067e5eef9a7}
Data : _??_USBSTOR#Disk&Ven_SanDisk&Prod_Ultra&Rev_1.26#20051535720F62402989&0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}
Raw data : 5f003f003f005f00550053004200530054004f00520023004400690073006b002600560065006e005f00530061006e004400690073006b002600500072006f0064005f0055006c0074007200610026005200650076005f0031002e00320036002300320030003000350031003500330035003700320030004600360032003400300032003900380039002600300023007b00350033006600350036003300300037002d0062003600620066002d0031003100640030002d0039003400660032002d003000300061003000630039003100650066006200380062007d00

Name : \??\volume{3a613aa2-5cd7-11e1-8c3a-d067e5eef9a7}
Data : _??_USBSTOR#Disk&Ven_A-DATA&Prod_USB_Flash_Drive&Rev_0.00#d7409b121dc4b0&0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}
Raw data : 5f003f003f005f00550053004200530054004f00520023004400690073006b002600560065006e005f0041002d0044004100540041002600500072006f0064005f005500530042005f0046006c006100730068005f004400720069007600650026005200650076005f0030002e00300030002300640037003400300039006200310032003100640063003400620030002600300023007b00350033006600350036003300300037002d0062003600620066002d0031003100640030002d0039003400660032002d003000300061003000630039003100650066006200380062007d00

Name : \??\volume{dde93a15-1e94-11e4-bfed-d067e5eef9a7}
Data : _??_USBSTOR#Disk&Ven_&Prod_Patriot_Memory&Rev_PMAP#07013BEE31B2A635&0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}
Raw data : 5f003f003f005f00550053004200530054004f00520023004400690073006b002600560065006e005f002600500072006f0064005f00500061007400720069006f0074005f004d0065006d006f007200790026005200650076005f0050004d0041005000230030003700300031003300420045004500330031004200320041003600330035002600300023007b00350033006600350036003300300037002d0062003600620066002d0031003100640030002d0039003400660032002d003000300061003000630039003100650066006200380062007d00

Name : \dosdevices\v:
Data : \??\BazisVirtualCDBus#StandardDevice#VirtualCD_0000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Raw data : 5c003f003f005c00420061007a00690073005600690072007400750061006c004300440042007500730023005300740061006e00640061007200640044006500760069006300650023005600690072007400750061006c00430044005f00300030003000300023007b00350033006600350036003300300064002d0062003600620066002d0031003100640030002d0039003400660032002d003000300061003000630039003100650066006200380062007d00

Name : \??\volume{696af68c-631f-11e3-9f5f-d067e5eef9a7}
Data : _??_USBSTOR#Disk&Ven_Generic&Prod_USB_2.0&Rev_2.40#0001CFCFCFC5DCD3&0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}
Raw data : 5f003f003f005f00550053004200530054004f00520023004400690073006b002600560065006e005f00470065006e0065007200690063002600500072006f0064005f005500530042005f0032002e00300026005200650076005f0032002e0034003000230030003000300031004300460043004600430046004300350044004300440033002600300023007b00350033006600350036003300300037002d0062003600620066002d0031003100640030002d0039003400660032002d003000300061003000630039003100650066006200380062007d00

Name : \??\volume{e8987596-16ea-11e2-938c-d067e5eef9a7}
Data : ~
Raw data : dcdb1c85007e000000000000

Name : \??\volume{d1a654e2-599a-11e1-9297-d067e5eef9a7}
Data : @~
Raw data : ffa31c40007e000000000000

Name : \??\volume{3a613a97-5cd7-11e1-8c3a-d067e5eef9a7}
Data : \??\DTSOFTBUS&Rev1#DTCDROM&Rev1#1&79f5d87&0&00#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Raw data : 5c003f003f005c004400540053004f0046005400420055005300260052006500760031002300440054004300440052004f004d002600520065007600310023003100260037003900660035006400380037002600300026003000300023007b00350033006600350036003300300064002d0062003600620066002d0031003100640030002d0039003400660032002d003000300061003000630039003100650066006200380062007d00

Name : \??\volume{ad75932f-70a6-11e4-9e94-d067e5eef9a7}
Data : \??\BazisVirtualCDBus#StandardDevice#VirtualCD_0000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Raw data : 5c003f003f005c00420061007a00690073005600690072007400750061006c004300440042007500730023005300740061006e00640061007200640044006500760069006300650023005600690072007400750061006c00430044005f00300030003000300023007b00350033006600350036003300300064002d0062003600620066002d0031003100640030002d0039003400660032002d003000300061003000630039003100650066006200380062007d00

Name : \dosdevices\c:
Data : +1
Raw data : 97b0af2b0000803100000000

Name : \dosdevices\d:
Data : \??\IDE#CdRomHL-DT-ST_DVD+-RW_GH70N__________________A101____#4&5447da0&0&0.1.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Raw data : 5c003f003f005c0049004400450023004300640052006f006d0048004c002d00440054002d00530054005f004400560044002b002d00520057005f0047004800370030004e005f005f005f005f005f005f005f005f005f005f005f005f005f005f005f005f005f005f0041003100300031005f005f005f005f00230034002600350034003400370064006100300026003000260030002e0031002e00300023007b00350033006600350036003300300064002d0062003600620066002d0031003100640030002d0039003400660032002d003000300061003000630039003100650066006200380062007d00
63620 (2) - Windows Product Key Retrieval
Synopsis
This plugin retrieves the Windows Product key of the remote Windows host.
Description
Using the supplied credentials, Nessus was able to obtain the retrieve the Windows host's partial product key'.
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2013/01/18, Modified: 2013/01/18
Plugin Output

10.0.0.14 (tcp/445)


Product key : XXXXX-XXXXX-XXXXX-XXXXX-QH9H9

Note that all but the final portion of the key has been obfuscated.

10.0.0.64 (tcp/445)


Product key : XXXXX-XXXXX-XXXXX-XXXXX-733WD

Note that all but the final portion of the key has been obfuscated.
64582 (2) - Netstat Connection Information
Synopsis
Nessus was able to parse the results of the 'netstat' command on the remote host.
Description
The remote host has listening ports or established connections that Nessus was able to extract from the results of the 'netstat' command.
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2013/02/13, Modified: 2016/08/05
Plugin Output

10.0.0.14 (tcp/0)

tcp4 (listen)
src: [host=0.0.0.0, port=21]
dst: [host=0.0.0.0, port=0]

tcp4 (listen)
src: [host=0.0.0.0, port=80]
dst: [host=0.0.0.0, port=0]

tcp4 (listen)
src: [host=0.0.0.0, port=135]
dst: [host=0.0.0.0, port=0]

tcp4 (listen)
src: [host=0.0.0.0, port=445]
dst: [host=0.0.0.0, port=0]

tcp4 (listen)
src: [host=0.0.0.0, port=3389]
dst: [host=0.0.0.0, port=0]

tcp4 (listen)
src: [host=0.0.0.0, port=6002]
dst: [host=0.0.0.0, port=0]

tcp4 (listen)
src: [host=0.0.0.0, port=7001]
dst: [host=0.0.0.0, port=0]

tcp4 (listen)
src: [host=0.0.0.0, port=7002]
dst: [host=0.0.0.0, port=0]

tcp4 (listen)
src: [host=0.0.0.0, port=47001]
dst: [host=0.0.0.0, port=0]

tcp4 (listen)
src: [host=0.0.0.0, port=49152]
dst: [host=0.0.0.0, port=0]

tcp4 (listen)
src: [host=0.0.0.0, port=49153]
dst: [host=0.0.0.0, port=0]

tcp4 (listen)
src: [host=0.0.0.0, port=49154]
dst: [host=0.0.0.0, port=0]

tcp4 (listen)
src: [host=0.0.0.0, port=50791]
dst: [host=0.0.0.0, port=0]

tcp4 (listen)
src: [host=0.0.0.0, port=57695]
dst: [host=0.0.0.0, port=0]

tcp4 (listen)
src: [host=0.0.0.0, port=57696]
dst: [host=0.0.0.0, port=0]

tcp4 (listen)
src: [host=0.0.0.0, port=57715]
dst: [host=0.0.0.0, port=0]

tcp4 (listen)
src: [host=0.0.0.0, port=57716]
dst: [host=0.0.0.0, port=0]

tcp4 (established)
src: [host=10.0.0.14, port=135]
dst: [host=172.23.6.11, port=56243]

tcp4 (listen)
src: [host=10.0.0.14, port=139]
dst: [host=0.0.0.0, port=0]

tcp4 (established)
src: [host=10.0.0.14, port=445]
dst: [host=172.23.6.11, port=56237]

tcp4 (established)
src: [host=10.0.0.14, port=49154]
dst: [host=172.23.6.11, port=56247]

tcp4 (established)
src: [host=10.0.0.14, port=55056]
dst: [host=184.29.158.247, port=443]

tcp4 (established)
src: [host=10.0.0.14, port=55063]
dst: [host=184.24.97.216, port=80]

tcp4 (established)
src: [host=10.0.0.14, port=55290]
dst: [host=172.230.199.153, port=443]

tcp4 (established)
src: [host=10.0.0.14, port=56155]
dst: [host=10.0.0.25, port=135]

tcp4 (established)
src: [host=10.0.0.14, port=56156]
dst: [host=10.0.0.25, port=49159]

tcp6 (listen)
src: [host=[::], port=80]
dst: [host=[::], port=0]

tcp6 (listen)
src: [host=[::], port=135]
dst: [host=[::], port=0]

tcp6 (listen)
src: [host=[::], port=445]
dst: [host=[::], port=0]

tcp6 (listen)
src: [host=[::], port=3389]
dst: [host=[::], port=0]

tcp6 (listen)
src: [host=[::], port=47001]
dst: [host=[::], port=0]

tcp6 (listen)
src: [host=[::], port=49152]
dst: [host=[::], port=0]

tcp6 (listen)
src: [host=[::], port=49153]
dst: [host=[::], port=0]

tcp6 (listen)
src: [host=[::], port=49154]
dst: [host=[::], port=0]

tcp6 (listen)
src: [host=[::], port=57695]
dst: [host=[::], port=0]

tcp6 (listen)
src: [host=[::], port=57696]
dst: [host=[::], port=0]

tcp6 (listen)
src: [host=[::], port=57715]
dst: [host=[::], port=0]

tcp6 (listen)
src: [host=[::], port=57716]
dst: [host=[::], port=0]

udp4 (listen)
src: [host=0.0.0.0, port=37]
dst: [host=*, port=*]

udp4 (listen)
src: [host=0.0.0.0, port=123]
dst: [host=*, port=*]

udp4 (listen)
src: [host=0.0.0.0, port=161]
dst: [host=*, port=*]

udp4 (listen)
src: [host=0.0.0.0, port=500]
dst: [host=*, port=*]

udp4 (listen)
src: [host=0.0.0.0, port=3456]
dst: [host=*, port=*]

udp4 (listen)
src: [host=0.0.0.0, port=4500]
dst: [host=*, port=*]

udp4 (listen)
src: [host=0.0.0.0, port=5355]
dst: [host=*, port=*]

udp4 (listen)
src: [host=0.0.0.0, port=7001]
dst: [host=*, port=*]

udp4 (listen)
src: [host=0.0.0.0, port=50791]
dst: [host=*, port=*]

udp4 (listen)
src: [host=0.0.0.0, port=50800]
dst: [host=*, port=*]

udp4 (listen)
src: [host=0.0.0.0, port=57911]
dst: [host=*, port=*]

udp4 (listen)
src: [host=0.0.0.0, port=60727]
dst: [host=*, port=*]

udp4 (listen)
src: [host=10.0.0.14, port=137]
dst: [host=*, port=*]

udp4 (listen)
src: [host=10.0.0.14, port=138]
dst: [host=*, port=*]

udp4 (listen)
src: [host=10.0.0.14, port=6001]
dst: [host=*, port=*]

udp4 (listen)
src: [host=127.0.0.1, port=3456]
dst: [host=*, port=*]

udp4 (listen)
src: [host=127.0.0.1, port=6001]
dst: [host=*, port=*]

udp4 (listen)
src: [host=127.0.0.1, port=52464]
dst: [host=*, port=*]

udp4 (listen)
src: [host=127.0.0.1, port=54406]
dst: [host=*, port=*]

udp4 (listen)
src: [host=127.0.0.1, port=55049]
dst: [host=*, port=*]

udp4 (listen)
src: [host=127.0.0.1, port=57912]
dst: [host=*, port=*]

udp4 (listen)
src: [host=127.0.0.1, port=58195]
dst: [host=*, port=*]

udp4 (listen)
src: [host=127.0.0.1, port=60728]
dst: [host=*, port=*]

udp4 (listen)
src: [host=127.0.0.1, port=64238]
dst: [host=*, port=*]

udp4 (listen)
src: [host=127.0.0.1, port=64240]
dst: [host=*, port=*]

udp4 (listen)
src: [host=127.0.0.1, port=65334]
dst: [host=*, port=*]

udp6 (listen)
src: [host=[::], port=123]
dst: [host=*, port=*]

udp6 (listen)
src: [host=[::], port=161]
dst: [host=*, port=*]

udp6 (listen)
src: [host=[::], port=500]
dst: [host=*, port=*]

udp6 (listen)
src: [host=[::], port=5355]
dst: [host=*, port=*]

udp6 (listen)
src: [host=[fe80::a54d:c849:f133:6cb7%10], port=546]
dst: [host=*, port=*]

10.0.0.64 (tcp/0)

tcp4 (listen)
src: [host=0.0.0.0, port=111]
dst: [host=0.0.0.0, port=0]

tcp4 (listen)
src: [host=0.0.0.0, port=135]
dst: [host=0.0.0.0, port=0]

tcp4 (listen)
src: [host=0.0.0.0, port=445]
dst: [host=0.0.0.0, port=0]

tcp4 (listen)
src: [host=0.0.0.0, port=1063]
dst: [host=0.0.0.0, port=0]

tcp4 (listen)
src: [host=0.0.0.0, port=2049]
dst: [host=0.0.0.0, port=0]

tcp4 (listen)
src: [host=0.0.0.0, port=3306]
dst: [host=0.0.0.0, port=0]

tcp4 (listen)
src: [host=0.0.0.0, port=3389]
dst: [host=0.0.0.0, port=0]

tcp4 (listen)
src: [host=0.0.0.0, port=4502]
dst: [host=0.0.0.0, port=0]

tcp4 (listen)
src: [host=0.0.0.0, port=6160]
dst: [host=0.0.0.0, port=0]

tcp4 (listen)
src: [host=0.0.0.0, port=6161]
dst: [host=0.0.0.0, port=0]

tcp4 (listen)
src: [host=0.0.0.0, port=6162]
dst: [host=0.0.0.0, port=0]

tcp4 (listen)
src: [host=0.0.0.0, port=6169]
dst: [host=0.0.0.0, port=0]

tcp4 (listen)
src: [host=0.0.0.0, port=9392]
dst: [host=0.0.0.0, port=0]

tcp4 (listen)
src: [host=0.0.0.0, port=9393]
dst: [host=0.0.0.0, port=0]

tcp4 (listen)
src: [host=0.0.0.0, port=10001]
dst: [host=0.0.0.0, port=0]

tcp4 (listen)
src: [host=0.0.0.0, port=10003]
dst: [host=0.0.0.0, port=0]

tcp4 (listen)
src: [host=0.0.0.0, port=49152]
dst: [host=0.0.0.0, port=0]

tcp4 (listen)
src: [host=0.0.0.0, port=49153]
dst: [host=0.0.0.0, port=0]

tcp4 (listen)
src: [host=0.0.0.0, port=49154]
dst: [host=0.0.0.0, port=0]

tcp4 (listen)
src: [host=0.0.0.0, port=49155]
dst: [host=0.0.0.0, port=0]

tcp4 (listen)
src: [host=0.0.0.0, port=49184]
dst: [host=0.0.0.0, port=0]

tcp4 (listen)
src: [host=0.0.0.0, port=49231]
dst: [host=0.0.0.0, port=0]

tcp4 (listen)
src: [host=0.0.0.0, port=49234]
dst: [host=0.0.0.0, port=0]

tcp4 (listen)
src: [host=0.0.0.0, port=49570]
dst: [host=0.0.0.0, port=0]

tcp4 (established)
src: [host=10.0.0.64, port=135]
dst: [host=172.23.6.11, port=51015]

tcp4 (listen)
src: [host=10.0.0.64, port=139]
dst: [host=0.0.0.0, port=0]

tcp4 (established)
src: [host=10.0.0.64, port=445]
dst: [host=172.23.6.11, port=51014]

tcp4 (established)
src: [host=10.0.0.64, port=49154]
dst: [host=172.23.6.11, port=51017]

tcp4 (established)
src: [host=10.0.0.64, port=51572]
dst: [host=13.91.60.30, port=80]

tcp4 (established)
src: [host=10.0.0.64, port=51662]
dst: [host=10.0.0.27, port=135]

tcp4 (established)
src: [host=10.0.0.64, port=51663]
dst: [host=10.0.0.27, port=49159]

tcp4 (established)
src: [host=10.0.0.64, port=57427]
dst: [host=54.192.7.146, port=443]

tcp4 (established)
src: [host=10.0.0.64, port=57582]
dst: [host=143.127.136.95, port=443]

tcp4 (established)
src: [host=127.0.0.1, port=4502]
dst: [host=127.0.0.1, port=49224]

tcp4 (established)
src: [host=127.0.0.1, port=49224]
dst: [host=127.0.0.1, port=4502]

tcp6 (listen)
src: [host=[::], port=135]
dst: [host=[::], port=0]

tcp6 (listen)
src: [host=[::], port=445]
dst: [host=[::], port=0]

tcp6 (listen)
src: [host=[::], port=3306]
dst: [host=[::], port=0]

tcp6 (listen)
src: [host=[::], port=3389]
dst: [host=[::], port=0]

tcp6 (listen)
src: [host=[::], port=6160]
dst: [host=[::], port=0]

tcp6 (listen)
src: [host=[::], port=6161]
dst: [host=[::], port=0]

tcp6 (listen)
src: [host=[::], port=6162]
dst: [host=[::], port=0]

tcp6 (listen)
src: [host=[::], port=49152]
dst: [host=[::], port=0]

tcp6 (listen)
src: [host=[::], port=49153]
dst: [host=[::], port=0]

tcp6 (listen)
src: [host=[::], port=49154]
dst: [host=[::], port=0]

tcp6 (listen)
src: [host=[::], port=49155]
dst: [host=[::], port=0]

tcp6 (listen)
src: [host=[::], port=49231]
dst: [host=[::], port=0]

tcp6 (listen)
src: [host=[::], port=49234]
dst: [host=[::], port=0]

tcp6 (listen)
src: [host=[::], port=49570]
dst: [host=[::], port=0]

udp4 (listen)
src: [host=0.0.0.0, port=111]
dst: [host=*, port=*]

udp4 (listen)
src: [host=0.0.0.0, port=123]
dst: [host=*, port=*]

udp4 (listen)
src: [host=0.0.0.0, port=500]
dst: [host=*, port=*]

udp4 (listen)
src: [host=0.0.0.0, port=1063]
dst: [host=*, port=*]

udp4 (listen)
src: [host=0.0.0.0, port=1434]
dst: [host=*, port=*]

udp4 (listen)
src: [host=0.0.0.0, port=2049]
dst: [host=*, port=*]

udp4 (listen)
src: [host=0.0.0.0, port=4500]
dst: [host=*, port=*]

udp4 (listen)
src: [host=0.0.0.0, port=5355]
dst: [host=*, port=*]

udp4 (listen)
src: [host=0.0.0.0, port=50800]
dst: [host=*, port=*]

udp4 (listen)
src: [host=0.0.0.0, port=54030]
dst: [host=*, port=*]

udp4 (listen)
src: [host=0.0.0.0, port=54672]
dst: [host=*, port=*]

udp4 (listen)
src: [host=10.0.0.64, port=137]
dst: [host=*, port=*]

udp4 (listen)
src: [host=10.0.0.64, port=138]
dst: [host=*, port=*]

udp4 (listen)
src: [host=10.0.0.64, port=1900]
dst: [host=*, port=*]

udp4 (listen)
src: [host=10.0.0.64, port=54031]
dst: [host=*, port=*]

udp4 (listen)
src: [host=10.0.0.64, port=56798]
dst: [host=*, port=*]

udp4 (listen)
src: [host=127.0.0.1, port=1900]
dst: [host=*, port=*]

udp4 (listen)
src: [host=127.0.0.1, port=54932]
dst: [host=*, port=*]

udp4 (listen)
src: [host=127.0.0.1, port=56799]
dst: [host=*, port=*]

udp4 (listen)
src: [host=127.0.0.1, port=57811]
dst: [host=*, port=*]

udp4 (listen)
src: [host=127.0.0.1, port=61166]
dst: [host=*, port=*]

udp6 (listen)
src: [host=[::], port=123]
dst: [host=*, port=*]

udp6 (listen)
src: [host=[::], port=500]
dst: [host=*, port=*]

udp6 (listen)
src: [host=[::], port=1434]
dst: [host=*, port=*]

udp6 (listen)
src: [host=[::], port=4500]
dst: [host=*, port=*]

udp6 (listen)
src: [host=[::], port=5355]
dst: [host=*, port=*]

udp6 (listen)
src: [host=[::1], port=1900]
dst: [host=*, port=*]

udp6 (listen)
src: [host=[::1], port=56797]
dst: [host=*, port=*]

udp6 (listen)
src: [host=[fe80::74c9:6af4:1882:8b05%11], port=1900]
dst: [host=*, port=*]

udp6 (listen)
src: [host=[fe80::74c9:6af4:1882:8b05%11], port=56796]
dst: [host=*, port=*]
65739 (2) - Oracle Java JRE Universally Enabled
Synopsis
Oracle Java JRE has not been universally disabled on the remote host.
Description
Oracle Java JRE has not been universally disabled on the remote host via the Java control panel. Note that while Java can be individually disabled for each browser, universally disabling Java prevents it from running for all users and browsers.
See Also
Solution
Disable Java universally unless it is needed.
Risk Factor
None
Plugin Information:
Published: 2013/03/29, Modified: 2013/05/06
Plugin Output

10.0.0.14 (tcp/445)

10.0.0.64 (tcp/445)

65743 (2) - Oracle Java JRE Enabled (Internet Explorer)
Synopsis
The remote host has Oracle Java JRE enabled for Internet Explorer.
Description
Oracle Java JRE is enabled in Internet Explorer.
See Also
Solution
Apply Microsoft 'Fix it' 50994 unless Java is needed.
Risk Factor
None
Plugin Information:
Published: 2013/03/29, Modified: 2016/06/13
Plugin Output

10.0.0.14 (tcp/445)


Java is enabled for the following ActiveX controls and SIDs :
ActiveX CLSIDs :
{8AD9C840-044E-11D1-B3E9-00805F499D93}
{CAFEEFAC-0017-0000-FFFF-ABCDEFFEDCBA}
{CAFEEFAC-0017-0001-FFFF-ABCDEFFEDCBA}
{CAFEEFAC-0017-0002-FFFF-ABCDEFFEDCBA}
{CAFEEFAC-0017-0003-FFFF-ABCDEFFEDCBA}
{CAFEEFAC-0017-0004-FFFF-ABCDEFFEDCBA}
{CAFEEFAC-0017-0005-FFFF-ABCDEFFEDCBA}
{CAFEEFAC-0017-0006-FFFF-ABCDEFFEDCBA}
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}

User SIDs :
S-1-5-21-2733907408-164282405-2434571311-1010

Note that this check may be incomplete as Nessus can only check the
SIDs of logged on users.

10.0.0.64 (tcp/445)


Java is enabled for the following ActiveX controls and SIDs :
ActiveX CLSIDs :
{8AD9C840-044E-11D1-B3E9-00805F499D93}
{CAFEEFAC-0017-0000-FFFF-ABCDEFFEDCBA}
{CAFEEFAC-0017-0001-FFFF-ABCDEFFEDCBA}
{CAFEEFAC-0017-0002-FFFF-ABCDEFFEDCBA}
{CAFEEFAC-0017-0003-FFFF-ABCDEFFEDCBA}
{CAFEEFAC-0017-0004-FFFF-ABCDEFFEDCBA}
{CAFEEFAC-0017-0005-FFFF-ABCDEFFEDCBA}
{CAFEEFAC-0017-0006-FFFF-ABCDEFFEDCBA}
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}

User SIDs :
S-1-5-21-484763869-1958367476-682003330-4914

Note that this check may be incomplete as Nessus can only check the
SIDs of logged on users.
66420 (2) - Microsoft Windows Essentials Installed
Synopsis
A desktop application suite is installed on the remote Windows host.
Description
Windows Essentials (formerly Windows Live Essentials and Windows Live Installer) is installed on the remote host. Windows Essentials is a suite of applications for Windows.
See Also
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2013/05/15, Modified: 2017/02/10
Plugin Output

10.0.0.14 (tcp/445)


Path : C:\Program Files\Windows Live\
Version : Windows Live Essentials 2011 (15.4.3555.0308)

10.0.0.64 (tcp/445)


Path : C:\Program Files (x86)\Windows Live\
Version : Windows Live Essentials 2011 (15.4.3508.1109)
66424 (2) - Microsoft Malicious Software Removal Tool Installed
Synopsis
An antimalware application is installed on the remote Windows host.
Description
The Microsoft Malicious Software Removal Tool is installed on the remote host. This tool is an application that attempts to detect and remove known malware from Windows systems.
See Also
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2013/05/15, Modified: 2017/05/10
Plugin Output

10.0.0.14 (tcp/445)


File : C:\Windows\system32\MRT.exe
Version : 5.58.14622.1
Release at last run : unknown
Report infection information to Microsoft : Yes

10.0.0.64 (tcp/445)


File : C:\Windows\system32\MRT.exe
Version : 5.51.14100.0
Release at last run : unknown
Report infection information to Microsoft : Yes
68932 (2) - IPMI Cipher Suites Supported
Synopsis
The remote service provides cryptographic means of protecting communications.
Description
This script detects which IPMI cipher suites are supported by the remote service for the authentication, integrity, and confidentiality of communications.
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2013/07/17, Modified: 2018/04/18
Plugin Output

10.0.0.43 (udp/623)


Nessus was able to confirm that the following cipher suites are
supported by the target :

ID Auth Alg Integrity Alg Confidentiality Alg
0 None None None
1 HMAC-SHA1 None None
2 HMAC-SHA1 HMAC-SHA1-96 None
3 HMAC-SHA1 HMAC-SHA1-96 AES-CBC-128
5 HMAC-SHA1 HMAC-SHA1-96 xRC4-40
6 HMAC-MD5 None None
7 HMAC-MD5 HMAC-MD5-128 None
8 HMAC-MD5 HMAC-MD5-128 AES-CBC-128
10 HMAC-MD5 HMAC-MD5-128 xRC4-40
11 HMAC-MD5 MD5-128 None
12 HMAC-MD5 MD5-128 AES-CBC-128
14 HMAC-MD5 MD5-128 xRC4-40

10.0.0.45 (udp/623)


Nessus was able to confirm that the following cipher suites are
supported by the target :

ID Auth Alg Integrity Alg Confidentiality Alg
0 None None None
1 HMAC-SHA1 None None
2 HMAC-SHA1 HMAC-SHA1-96 None
3 HMAC-SHA1 HMAC-SHA1-96 AES-CBC-128
5 HMAC-SHA1 HMAC-SHA1-96 xRC4-40
6 HMAC-MD5 None None
7 HMAC-MD5 HMAC-MD5-128 None
8 HMAC-MD5 HMAC-MD5-128 AES-CBC-128
10 HMAC-MD5 HMAC-MD5-128 xRC4-40
11 HMAC-MD5 MD5-128 None
12 HMAC-MD5 MD5-128 AES-CBC-128
14 HMAC-MD5 MD5-128 xRC4-40
69482 (2) - Microsoft SQL Server STARTTLS Support
Synopsis
The remote service supports encrypting traffic.
Description
The remote Microsoft SQL Server service supports the use of encryption initiated during pre-login to switch from a cleartext to an encrypted communications channel.
See Also
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2013/07/04, Modified: 2018/03/13
Plugin Output

10.0.0.8 (tcp/1433)


Here is the Microsoft SQL Server's SSL certificate that Nessus
was able to collect after sending a pre-login packet :

------------------------------ snip ------------------------------
Subject Name:

Common Name: SSL_Self_Signed_Fallback

Issuer Name:

Common Name: SSL_Self_Signed_Fallback

Serial Number: 31 43 43 D1 8A 38 3B 9B 42 9F 31 18 99 C8 C5 7F

Version: 3

Signature Algorithm: SHA-1 With RSA Encryption

Not Valid Before: Jan 07 04:47:27 2018 GMT
Not Valid After: Jan 07 04:47:27 2048 GMT

Public Key Info:

Algorithm: RSA Encryption
Key Length: 1024 bits
Public Key: 00 D1 4D BD 2E 98 35 1C 34 E7 A7 D2 1C 70 76 97 8C 97 9A 3E
49 17 60 2B 9F 25 2C 01 0E 35 0B B2 C7 20 AB 29 17 CD B9 3F
6F B8 52 0C DB F4 C3 E6 4A DC 77 B9 17 05 6F A6 25 4A 53 B6
73 C5 E5 4B D1 55 6B C2 68 5E 3B FE 73 4C 0C EB 13 70 EA 41
C8 4D 89 32 04 85 82 DC BD 61 E4 9B DA E4 FA 46 B3 4B F6 84
FD E6 63 2A 1F 07 C6 94 71 62 0B 0E DF B9 76 7D 80 14 72 57
10 C4 6A A5 C7 D1 49 89 9D
Exponent: 01 00 01

Signature Length: 128 bytes / 1024 bits
Signature: 00 30 51 F1 79 12 6C C7 78 45 75 7D A1 0B E2 51 22 67 A3 77
24 F6 39 D4 F0 DA 78 45 DC AC D1 7C 2E 94 A7 EE 6E 70 90 2A
11 20 B3 44 2F 92 18 CD A8 D7 C5 9D AC ED F7 96 8E 6B A0 E3
E5 4D 98 4B 4F A0 4D 10 9A 81 D0 8F 1B C7 BC F1 72 DB 30 0A
AF 88 F5 9E BB DF 13 6B AD DA 5A 52 33 17 3C 05 74 28 44 E3
C6 82 C1 51 E0 12 53 79 F9 36 D9 3B 6D 28 52 34 35 A8 0E C0
6A F9 CA C7 FA 24 52 F1 3F


------------------------------ snip ------------------------------


SQL Server Version : 10.50.6000.0
SQL Server Instance : MSSQLSERVER

10.0.0.64 (tcp/49570)


Here is the Microsoft SQL Server's SSL certificate that Nessus
was able to collect after sending a pre-login packet :

------------------------------ snip ------------------------------
Subject Name:

Common Name: SSL_Self_Signed_Fallback

Issuer Name:

Common Name: SSL_Self_Signed_Fallback

Serial Number: 37 8A BA A7 5D 95 DC 81 47 1C C8 60 E7 CD 21 A0

Version: 3

Signature Algorithm: SHA-1 With RSA Encryption

Not Valid Before: Jan 19 01:02:38 2018 GMT
Not Valid After: Jan 19 01:02:38 2048 GMT

Public Key Info:

Algorithm: RSA Encryption
Key Length: 1024 bits
Public Key: 00 B3 18 4E F5 B9 74 69 3F 24 23 17 6E E4 E8 51 A8 B2 DD 93
75 0D AA 39 0A BA 18 5E B9 DA 96 4B 53 9C 39 0D 91 C0 2B A7
92 A6 40 EB 38 0F EC 1E A7 D4 9A 46 8E A8 B1 FE 64 EF 68 12
D8 39 46 49 A5 85 1D 4B 5D 66 40 08 67 55 E6 27 6A 3F 5F CB
9F 82 CE A1 8C 95 95 34 1B F5 15 6C D8 75 DC 79 B0 15 78 D9
CC 81 F1 94 26 E5 47 65 05 7B AD C6 4C DA 2B 28 7A 1A FB 1B
F3 70 85 0A 64 C5 49 B2 7B
Exponent: 01 00 01

Signature Length: 128 bytes / 1024 bits
Signature: 00 1B 2C A8 A4 DF E1 D2 15 82 6E E7 AB C8 0B BC 76 A2 99 A3
C1 0D AB 46 D9 8B 44 63 C0 F9 70 11 6E 01 22 4C 4B 41 AC 8A
37 B4 B7 51 7E 5C 93 FF A9 81 85 18 17 1C BF 98 12 F9 55 AD
C9 46 8B 67 85 BF 42 0D 71 27 B8 02 64 EF B6 57 CF C5 1A 82
C5 C7 05 D4 66 B4 0F 2F 1E 3E B3 E9 F9 A1 F1 91 BF 56 26 AA
A3 98 5C E1 5F 1A D3 07 C3 F3 67 BA 3E 64 D2 30 C9 CE A9 6C
35 D0 D2 0E 38 2B E4 C9 BE


------------------------------ snip ------------------------------


SQL Server Version : 11.0.6251.0
SQL Server Instance : VEEAMSQL2012
70329 (2) - Microsoft Windows Process Information
Synopsis
Use WMI to obtain running process information.
Description
Report details on the running processes on the machine.

This plugin is informative only and could be used for forensic investigation, malware detection, and to confirm that your system processes conform to your system policies.
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2013/10/08, Modified: 2018/04/18
Plugin Output

10.0.0.14 (tcp/0)

Process Overview :
SID: Process (PID)
0 : System Idle Process (0)
5 : csrss.exe (3268)
5 : explorer.exe (3828)
5 : |- vmtoolsd.exe (1656)
5 : |- BusinessMessaging.exe (2988)
5 : |- iexplore.exe (3308)
5 : |- iexplore.exe (3876)
5 : |- KeyServe.exe (3364)
5 : |- jusched.exe (3956)
5 : |- jucheck.exe (4060)
0 : System (4)
0 : |- smss.exe (460)
0 : csrss.exe (528)
1 : csrss.exe (568)
0 : wininit.exe (576)
0 : |- services.exe (656)
0 : |- svchost.exe (1004)
0 : |- svchost.exe (1040)
5 : |- taskeng.exe (256)
0 : |- taskeng.exe (3340)
0 : |- taskeng.exe (3992)
0 : |- SLsvc.exe (1060)
0 : |- svchost.exe (1132)
0 : |- svchost.exe (1208)
5 : |- dwm.exe (3732)
0 : |- svchost.exe (1240)
5 : |- rdpclip.exe (3192)
0 : |- svchost.exe (1372)
0 : |- spoolsv.exe (1536)
0 : |- svchost.exe (1572)
0 : |- inetinfo.exe (1608)
0 : |- svchost.exe (1748)
0 : |- svchost.exe (1764)
0 : |- svchost.exe (1776)
0 : |- sntlkeyssrvr.exe (1788)
0 : |- spnsrvnt.exe (1896)
0 : |- snmp.exe (1952)
0 : |- svchost.exe (1964)
0 : |- svchost.exe (1984)
0 : |- vmtoolsd.exe (2024)
0 : |- WLIDSVC.EXE (2076)
0 : |- WLIDSVCM.EXE (2284)
0 : |- dllhost.exe (2792)
0 : |- msdtc.exe (2928)
0 : |- svchost.exe (3596)
0 : |- TrustedInstaller.exe (4284)
0 : |- VMProV5Svc.exe (820)
0 : |- svchost.exe (828)
0 : |- WmiPrvSE.exe (3204)
0 : |- WmiPrvSE.exe (3968)
0 : |- WmiPrvSE.exe (4580)
0 : |- svchost.exe (872)
0 : |- svchost.exe (888)
0 : |- svchost.exe (964)
0 : |- lsass.exe (668)
0 : |- lsm.exe (676)
1 : winlogon.exe (616)
1 : |- LogonUI.exe (980)
5 : winlogon.exe (852)

10.0.0.64 (tcp/0)

Process Overview :
SID: Process (PID)
0 : System Idle Process (0)
0 : |- System (4)
0 : |- smss.exe (344)
1 : upeksvr.exe (1860)
2 : winlogon.exe (2472)
2 : |- LogonUI.exe (13880)
2 : |- upeksvr.exe (9748)
1 : explorer.exe (3060)
1 : |- PAUI.exe (2480)
1 : |- TdmNotify.exe (3096)
1 : |- DDAssist.exe (4148)
1 : |- mmc.exe (820)
1 : smax4pnp.exe (4380)
1 : IAStorIcon.exe (4396)
1 : jusched.exe (4408)
1 : |- jucheck.exe (6304)
0 : csrss.exe (456)
0 : |- conhost.exe (18368)
0 : |- conhost.exe (4460)
0 : |- conhost.exe (5480)
2 : csrss.exe (4708)
1 : csrss.exe (544)
0 : wininit.exe (556)
0 : |- services.exe (664)
0 : |- svchost.exe (1012)
0 : |- svchost.exe (1092)
0 : |- DDService.exe (1248)
0 : |- sppsvc.exe (12556)
0 : |- svchost.exe (1260)
0 : |- svchost.exe (1400)
0 : |- spoolsv.exe (1528)
0 : |- DCPSysMgrSvc.exe (1588)
0 : |- svchost.exe (1624)
0 : |- TdmService.exe (1652)
0 : |- armsvc.exe (17816)
0 : |- TrustedInstaller.exe (17980)
0 : |- makecab.exe (7008)
0 : |- KeyServe.exe (1828)
0 : |- sqlservr.exe (1972)
0 : |- LMIGuardianSvc.exe (1984)
0 : |- sqlbrowser.exe (2304)
0 : |- sqlwriter.exe (2348)
0 : |- ccSvcHst.exe (2404)
0 : |- svchost.exe (2744)
0 : |- WaveAMService.exe (2916)
0 : |- MBAMService.exe (3272)
0 : |- VeeamTransportSvc.exe (3380)
0 : |- Veeam.Backup.Service.exe (3452)
0 : |- Veeam.Backup.Manager.exe (3724)
0 : |- Veeam.Backup.WmiServer.exe (6428)
1 : |- taskhost.exe (3940)
0 : |- WLIDSVC.EXE (3960)
0 : |- WLIDSVCM.EXE (4060)
0 : |- svchost.exe (400)
1 : |- dwm.exe (1336)
0 : |- VeeamNFSSvc.exe (4364)
0 : |- VeeamDeploymentSvc.exe (4480)
0 : |- ccSvcHst.exe (4584)
0 : |- svchost.exe (472)
0 : |- AVAgent.exe (4752)
0 : |- NIS.exe (4940)
0 : |- svchost.exe (536)
1 : |- consent.exe (10892)
0 : |- Veeam.Backup.CloudService.exe (5376)
0 : |- SearchIndexer.exe (5424)
0 : |- svchost.exe (5520)
0 : |- Veeam.Backup.CatalogDataService.exe (5552)
0 : |- NIS.exe (572)
1 : |- NIS.exe (5548)
1 : |- taskhost.exe (6284)
0 : |- svchost.exe (6552)
0 : |- IAStorDataMgrSvc.exe (7024)
0 : |- mysqld.exe (740)
0 : |- svchost.exe (784)
0 : |- WmiPrvSE.exe (10268)
0 : |- WmiPrvSE.exe (8184)
0 : |- svchost.exe (8280)
0 : |- svchost.exe (868)
0 : |- atiesrxx.exe (952)
1 : |- atieclxx.exe (1480)
2 : |- atieclxx.exe (8656)
0 : |- lsass.exe (672)
0 : |- lsm.exe (688)
1 : winlogon.exe (608)
1 : |- LogonUI.exe (6584)
70331 (2) - Microsoft Windows Process Module Information
Synopsis
Use WMI to obtain running process module information.
Description
Report details on the running processes modules on the machine.

This plugin is informative only and could be used for forensic investigation, malware detection, and to that confirm your system processes conform to your system policies.
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2013/10/08, Modified: 2018/04/18
Plugin Output

10.0.0.14 (tcp/0)

Process_Modules_.csv : lists the loaded modules for each process.

10.0.0.64 (tcp/0)

Process_Modules_.csv : lists the loaded modules for each process.
71246 (2) - Enumerate Local Group Memberships
Synopsis
Nessus was able to connect to a host via SMB to retrieve a list of local Groups and their Members.
Description
Nessus was able to connect to a host via SMB to retrieve a list of local Groups and their Members.
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2013/12/06, Modified: 2018/04/18
Plugin Output

10.0.0.14 (tcp/0)

Group Name : Administrators
Host Name : QUEEN
Group SID : S-1-5-32-544
Members :
Name : Administrator
Domain : QUEEN
Class : Win32_UserAccount
SID : S-1-5-21-2733907408-164282405-2434571311-500
Name : Domain Admins
Domain : demo
Class : Win32_Group
SID :
Name : avaya
Domain : QUEEN
Class : Win32_UserAccount
SID : S-1-5-21-2733907408-164282405-2434571311-1010

Group Name : Backup Operators
Host Name : QUEEN
Group SID : S-1-5-32-551
Members :

Group Name : Certificate Service DCOM Access
Host Name : QUEEN
Group SID : S-1-5-32-574
Members :

Group Name : Cryptographic Operators
Host Name : QUEEN
Group SID : S-1-5-32-569
Members :

Group Name : Distributed COM Users
Host Name : QUEEN
Group SID : S-1-5-32-562
Members :

Group Name : Event Log Readers
Host Name : QUEEN
Group SID : S-1-5-32-573
Members :

Group Name : Guests
Host Name : QUEEN
Group SID : S-1-5-32-546
Members :
Name : Guest
Domain : QUEEN
Class : Win32_UserAccount
SID : S-1-5-21-2733907408-164282405-2434571311-501
Name : IUSR_QUEEN
Domain : QUEEN
Class : Win32_UserAccount
SID : S-1-5-21-2733907408-164282405-2434571311-1003

Group Name : IIS_IUSRS
Host Name : QUEEN
Group SID : S-1-5-32-568
Members :
Name : LOCAL SERVICE
Domain : QUEEN
Class : Win32_SystemAccount
SID : S-1-5-19
Name : NETWORK SERVICE
Domain : QUEEN
Class : Win32_SystemAccount
SID : S-1-5-20

Group Name : Network Configuration Operators
Host Name : QUEEN
Group SID : S-1-5-32-556
Members :

Group Name : Performance Log Users
Host Name : QUEEN
Group SID : S-1-5-32-559
Members :

Group Name : Performance Monitor Users
Host Name : QUEEN
Group SID : S-1-5-32-558
Members :

Group Name : Power Users
Host Name : QUEEN
Group SID : S-1-5-32-547
Members :

Group Name : Print Operators
Host Name : QUEEN
Group SID : S-1-5-32-550
Members :

Group Name : Remote Desktop Users
Host Name : QUEEN
Group SID : S-1-5-32-555
Members :
Name : admluis
Domain : demo
Class : Win32_UserAccount
SID :
Name : avaya
Domain : QUEEN
Class : Win32_UserAccount
SID : S-1-5-21-2733907408-164282405-2434571311-1010

Group Name : Replicator
Host Name : QUEEN
Group SID : S-1-5-32-552
Members :

Group Name : Users
Host Name : QUEEN
Group SID : S-1-5-32-545
Members :
Name : INTERACTIVE
Domain : QUEEN
Class : Win32_SystemAccount
SID : S-1-5-4
Name : Authenticated Users
Domain : QUEEN
Class : Win32_SystemAccount
SID : S-1-5-11
Name : Domain Users
Domain : demo
Class : Win32_Group
SID :
Name : ASPNET
Domain : QUEEN
Class : Win32_UserAccount
SID : S-1-5-21-2733907408-164282405-2434571311-1006
Name : avaya
Domain : QUEEN
Class : Win32_UserAccount
SID : S-1-5-21-2733907408-164282405-2434571311-1010

Group Name : HelpServicesGroup
Host Name : QUEEN
Group SID : S-1-5-21-2733907408-164282405-2434571311-1000
Members :
Name : SUPPORT_388945a0
Domain : QUEEN
Class : Win32_UserAccount
SID : S-1-5-21-2733907408-164282405-2434571311-1001

Group Name : IIS_WPG
Host Name : QUEEN
Group SID : S-1-5-21-2733907408-164282405-2434571311-1005
Members :
Name : SYSTEM
Domain : QUEEN
Class : Win32_SystemAccount
SID : S-1-5-18
Name : SERVICE
Domain : QUEEN
Class : Win32_SystemAccount
SID : S-1-5-6
Name : NETWORK SERVICE
Domain : QUEEN
Class : Win32_SystemAccount
SID : S-1-5-20
Name : IWAM_QUEEN
Domain : QUEEN
Class : Win32_UserAccount
SID : S-1-5-21-2733907408-164282405-2434571311-1004
Name : IIS_IUSRS
Domain : QUEEN
Class : Win32_Group
SID : S-1-5-32-568
Name : LOCAL SERVICE
Domain : QUEEN
Class : Win32_SystemAccount
SID : S-1-5-19

Group Name : TelnetClients
Host Name : QUEEN
Group SID : S-1-5-21-2733907408-164282405-2434571311-1002
Members :

10.0.0.64 (tcp/0)

Group Name : Administrators
Host Name : SF-GXK9JS1
Group SID : S-1-5-32-544
Members :
Name : Administrator
Domain : SF-GXK9JS1
Class : Win32_UserAccount
SID : S-1-5-21-1002455619-2400799004-1662485122-500
Name : GXK9JS1
Domain : SF-GXK9JS1
Class : Win32_UserAccount
SID : S-1-5-21-1002455619-2400799004-1662485122-1000
Name : Domain Admins
Domain : demo
Class : Win32_Group
SID :
Name : JSilver
Domain : demo
Class : Win32_UserAccount
SID :
Name : IT
Domain : SF-GXK9JS1
Class : Win32_UserAccount
SID : S-1-5-21-1002455619-2400799004-1662485122-1002
Name : oishelper
Domain : SF-GXK9JS1
Class : Win32_UserAccount
SID : S-1-5-21-1002455619-2400799004-1662485122-1005
Name : oishelper
Domain : demo
Class : Win32_UserAccount
SID :

Group Name : Backup Operators
Host Name : SF-GXK9JS1
Group SID : S-1-5-32-551
Members :

Group Name : Cryptographic Operators
Host Name : SF-GXK9JS1
Group SID : S-1-5-32-569
Members :

Group Name : Distributed COM Users
Host Name : SF-GXK9JS1
Group SID : S-1-5-32-562
Members :

Group Name : Event Log Readers
Host Name : SF-GXK9JS1
Group SID : S-1-5-32-573
Members :

Group Name : Guests
Host Name : SF-GXK9JS1
Group SID : S-1-5-32-546
Members :
Name : Guest
Domain : SF-GXK9JS1
Class : Win32_UserAccount
SID : S-1-5-21-1002455619-2400799004-1662485122-501

Group Name : IIS_IUSRS
Host Name : SF-GXK9JS1
Group SID : S-1-5-32-568
Members :
Name : IUSR
Domain : SF-GXK9JS1
Class : Win32_SystemAccount
SID : S-1-5-17

Group Name : Network Configuration Operators
Host Name : SF-GXK9JS1
Group SID : S-1-5-32-556
Members :

Group Name : Performance Log Users
Host Name : SF-GXK9JS1
Group SID : S-1-5-32-559
Members :

Group Name : Performance Monitor Users
Host Name : SF-GXK9JS1
Group SID : S-1-5-32-558
Members :

Group Name : Power Users
Host Name : SF-GXK9JS1
Group SID : S-1-5-32-547
Members :

Group Name : Remote Desktop Users
Host Name : SF-GXK9JS1
Group SID : S-1-5-32-555
Members :

Group Name : Replicator
Host Name : SF-GXK9JS1
Group SID : S-1-5-32-552
Members :

Group Name : Users
Host Name : SF-GXK9JS1
Group SID : S-1-5-32-545
Members :
Name : INTERACTIVE
Domain : SF-GXK9JS1
Class : Win32_SystemAccount
SID : S-1-5-4
Name : Authenticated Users
Domain : SF-GXK9JS1
Class : Win32_SystemAccount
SID : S-1-5-11
Name : Domain Users
Domain : demo
Class : Win32_Group
SID :
Name : IT
Domain : SF-GXK9JS1
Class : Win32_UserAccount
SID : S-1-5-21-1002455619-2400799004-1662485122-1002
Name : ASPNET
Domain : SF-GXK9JS1
Class : Win32_UserAccount
SID : S-1-5-21-1002455619-2400799004-1662485122-1004
Name : oishelper
Domain : SF-GXK9JS1
Class : Win32_UserAccount
SID : S-1-5-21-1002455619-2400799004-1662485122-1005

Group Name : IIS_WPG
Host Name : SF-GXK9JS1
Group SID : S-1-5-21-1002455619-2400799004-1662485122-1003
Members :
Name : IIS_IUSRS
Domain : SF-GXK9JS1
Class : Win32_Group
SID : S-1-5-32-568
Name : NETWORK SERVICE
Domain : SF-GXK9JS1
Class : Win32_SystemAccount
SID : S-1-5-20
Name : SYSTEM
Domain : SF-GXK9JS1
Class : Win32_SystemAccount
SID : S-1-5-18
Name : LOCAL SERVICE
Domain : SF-GXK9JS1
Class : Win32_SystemAccount
SID : S-1-5-19
Name : SERVICE
Domain : SF-GXK9JS1
Class : Win32_SystemAccount
SID : S-1-5-6

Group Name : SQLServer2005SQLBrowserUser$SF-GXK9JS1
Host Name : SF-GXK9JS1
Group SID : S-1-5-21-1002455619-2400799004-1662485122-1001
Members :
Name : SQLBrowser
Domain : NT SERVICE
Class : Win32_SystemAccount
SID :
72063 (2) - IPMI Versions Supported
Synopsis
The remote service implements a management protocol.
Description
This script detects which IPMI versions are supported by the remote service for managing the system, as well as additional settings.
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2014/01/21, Modified: 2018/04/18
Plugin Output

10.0.0.43 (udp/623)


Nessus was able to extract the following settings for the
administrator authentication level on the target :

Version 1.5 : disabled
Version 2.0 : enabled

Non-Null Usernames : enabled
Null Usernames : disabled
Anonymous Login : disabled

OEM Authentication : disabled
Password Authentication : disabled
MD5 Authentication : disabled
MD2 Authentication : disabled
None Authentication : disabled

10.0.0.45 (udp/623)


Nessus was able to extract the following settings for the
administrator authentication level on the target :

Version 1.5 : disabled
Version 2.0 : enabled

Non-Null Usernames : enabled
Null Usernames : disabled
Anonymous Login : disabled

OEM Authentication : disabled
Password Authentication : disabled
MD5 Authentication : disabled
MD2 Authentication : disabled
None Authentication : disabled
72367 (2) - Microsoft Internet Explorer Version Detection
Synopsis
Internet Explorer is installed on the remote host.
Description
The remote Windows host contains Internet Explorer, a web browser created by Microsoft.
See Also
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2014/02/06, Modified: 2014/02/13
Plugin Output

10.0.0.14 (tcp/445)


Version : 9.0.8112.16421

10.0.0.64 (tcp/445)


Version : 11.0.9600.18762
72482 (2) - Windows Display Driver Enumeration
Synopsis
Nessus was able to enumerate one or more of the display drivers on the remote host.
Description
Nessus was able to enumerate one or more of the display drivers on the remote host via WMI.
See Also
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2014/02/06, Modified: 2018/04/18
Plugin Output

10.0.0.14 (tcp/0)


Device Name : VMware SVGA 3D
Driver File Version : 7.14.01.2032 - build-1420799
Driver Date : 08/23/2014
Video Processor : VMware Virtual SVGA 3D Graphics Adapter

10.0.0.64 (tcp/0)


Device Name : ATI FirePro 2260
Driver File Version : 8.850.7.0
Driver Date : 06/02/2011
Video Processor : ATI display adapter (0x95CF)
72684 (2) - Enumerate Local Users
Synopsis
Nessus was able to connect to a host via SMB to retrieve a list of local users.
Description
Nessus was able to connect to a host via SMB to retrieve a list of local users.
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2014/02/25, Modified: 2018/04/18
Plugin Output

10.0.0.14 (tcp/0)


Name : Administrator
SID : S-1-5-21-2733907408-164282405-2434571311-500
Disabled : False
Lockout : False
Change password : True

Name : ASPNET
SID : S-1-5-21-2733907408-164282405-2434571311-1006
Disabled : False
Lockout : False
Change password : False

Name : avaya
SID : S-1-5-21-2733907408-164282405-2434571311-1010
Disabled : False
Lockout : False
Change password : False

Name : FileServiceUser
SID : S-1-5-21-2733907408-164282405-2434571311-1009
Disabled : False
Lockout : False
Change password : True

Name : Guest
SID : S-1-5-21-2733907408-164282405-2434571311-501
Disabled : True
Lockout : False
Change password : False

Name : IUSR_QUEEN
SID : S-1-5-21-2733907408-164282405-2434571311-1003
Disabled : False
Lockout : False
Change password : False

Name : IWAM_QUEEN
SID : S-1-5-21-2733907408-164282405-2434571311-1004
Disabled : False
Lockout : False
Change password : False

Name : SUPPORT_388945a0
SID : S-1-5-21-2733907408-164282405-2434571311-1001
Disabled : True
Lockout : False
Change password : False

10.0.0.64 (tcp/0)


Name : Administrator
SID : S-1-5-21-1002455619-2400799004-1662485122-500
Disabled : False
Lockout : False
Change password : True

Name : ASPNET
SID : S-1-5-21-1002455619-2400799004-1662485122-1004
Disabled : False
Lockout : False
Change password : False

Name : Guest
SID : S-1-5-21-1002455619-2400799004-1662485122-501
Disabled : True
Lockout : False
Change password : False

Name : GXK9JS1
SID : S-1-5-21-1002455619-2400799004-1662485122-1000
Disabled : True
Lockout : False
Change password : True

Name : IT
SID : S-1-5-21-1002455619-2400799004-1662485122-1002
Disabled : False
Lockout : False
Change password : True

Name : oishelper
SID : S-1-5-21-1002455619-2400799004-1662485122-1005
Disabled : False
Lockout : False
Change password : False
72779 (2) - DNS Server Version Detection
Synopsis
Nessus was able to obtain version information on the remote DNS server.
Description
Nessus was able to obtain version information by sending a special TXT record query to the remote host.

Note that this version is not necessarily accurate and could even be forged, as some DNS servers send the information based on a configuration file.
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2014/03/03, Modified: 2014/11/05
Plugin Output

10.0.0.25 (tcp/53)


DNS server answer for "version" (over TCP) :

Microsoft DNS 6.1.7601 (1DB15D39)

10.0.0.27 (tcp/53)


DNS server answer for "version" (over TCP) :

Microsoft DNS 6.1.7601 (1DB15D39)
72780 (2) - Microsoft DNS Server Version Detection
Synopsis
Nessus was able to obtain version information on the remote Microsoft DNS server.
Description
Nessus was able to obtain version information from the remote Microsoft DNS server by sending a special TXT record query to the remote host.
See Also
Solution
The command 'dnscmd /config /EnableVersionQuery 0' can be used to disable version queries if desired.
Risk Factor
None
Plugin Information:
Published: 2014/03/03, Modified: 2014/03/03
Plugin Output

10.0.0.25 (udp/53)


Reported version : Microsoft DNS 6.1.7601 (1DB15D39)
Extended version : 6.1.7601.23865

10.0.0.27 (udp/53)


Reported version : Microsoft DNS 6.1.7601 (1DB15D39)
Extended version : 6.1.7601.23865
86067 (2) - SSL Certificate Signed Using SHA-1 Algorithm
Synopsis
An SSL certificate in the certificate chain has been signed using the SHA-1 hashing algorithm.
Description
The remote service uses an SSL certificate chain that has been signed with SHA-1, a cryptographically weak hashing algorithm. This signature algorithm is known to be vulnerable to collision attacks. An attacker can potentially exploit this to generate another certificate with the same digital signature, allowing the attacker to masquerade as the affected service.

Note that this plugin reports all SSL certificate chains signed with SHA-1 that expire on or between January 1, 2016 and December 31, 2016 as informational. This is in accordance with Google's gradual sunsetting of the SHA-1 cryptographic hash algorithm.
See Also
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2015/09/22, Modified: 2017/12/11
Plugin Output

10.0.0.27 (tcp/636)


The following certificates were part of the certificate chain sent by
the remote host, but contain hashes that are considered to be weak.

|-Subject : CN=demoSFDC02.demo.org
|-Signature Algorithm : SHA-1 With RSA Encryption
|-Valid From : Mar 22 16:24:36 2016 GMT
|-Valid To : Mar 22 20:54:12 2016 GMT

10.0.0.27 (tcp/3269)


The following certificates were part of the certificate chain sent by
the remote host, but contain hashes that are considered to be weak.

|-Subject : CN=demoSFDC02.demo.org
|-Signature Algorithm : SHA-1 With RSA Encryption
|-Valid From : Mar 22 16:24:36 2016 GMT
|-Valid To : Mar 22 20:54:12 2016 GMT
92364 (2) - Microsoft Windows Environment Variables
Synopsis
Nessus was able to collect and report environment variables from the remote host.
Description
Nessus was able to collect system and active account environment variables on the remote Windows host and generate a report as a CSV attachment.
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2016/07/19, Modified: 2018/02/09
Plugin Output

10.0.0.14 (tcp/0)

Environment variable information attached.

10.0.0.64 (tcp/0)

Environment variable information attached.
92365 (2) - Microsoft Windows Hosts File
Synopsis
Nessus was able to collect the hosts file from the remote host.
Description
Nessus was able to collect the hosts file from the remote Windows host and report it as attachment.
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2016/07/19, Modified: 2017/08/30
Plugin Output

10.0.0.14 (tcp/0)

Windows hosts file attached.

10.0.0.64 (tcp/0)

Windows hosts file attached.
92367 (2) - Microsoft Windows PowerShell Execution Policy
Synopsis
Nessus was able to collect and report the PowerShell execution policy for the remote host.
Description
Nessus was able to collect and report the PowerShell execution policy for the remote Windows host and generate a report as a CSV attachment.
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2016/07/19, Modified: 2017/08/30
Plugin Output

10.0.0.14 (tcp/0)

HKLM\SOFTWARE\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell\ExecutionPolicy : Restricted

10.0.0.64 (tcp/0)

HKLM\SOFTWARE\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell\ExecutionPolicy : Restricted
HKLM\SOFTWARE\Wow6432Node\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell\ExecutionPolicy : Restricted
92371 (2) - Microsoft Windows DNS Cache
Synopsis
Nessus was able to collect and report DNS cache information from the remote host.
Description
Nessus was able to collect details of the DNS cache from the remote Windows host and generate a report as a CSV attachment.
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2016/07/19, Modified: 2018/04/25
Plugin Output

10.0.0.14 (tcp/0)

1.0.0.127.in-addr.arpa
demo.org
demofiler
demosfdc01.demo.org
demosfdc02.demo.org
iecvlist.microsoft.com
localhost
localhost
nyfiler

DNS cache information attached.

10.0.0.64 (tcp/0)

1.0.0.127.in-addr.arpa
demosfdc01.demo.org
demosfdc02.demo.org
localhost
localhost

DNS cache information attached.
92421 (2) - Internet Explorer Typed URLs
Synopsis
Nessus was able to enumerate URLs that were manually typed into the Internet Explorer address bar.
Description
Nessus was able to generate a list URLs that were manually typed into the Internet Explorer address bar.
See Also
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2016/07/19, Modified: 2017/08/30
Plugin Output

10.0.0.14 (tcp/0)

http://10.5.5.210/home.html
http://www.ninite.com/
D:\avaya install\ip3
http://10.5.5.210/
Control Panel\Programs and Features
http://go.microsoft.com/fwlink/?LinkId=69157
D:\avaya install\ip3\OS Support
D:\avaya install\Avaya\ADMIN6_0_8
\\demofiler\IT

Internet Explorer typed URL report attached.

10.0.0.64 (tcp/0)

http://www.mega.co.nz/
http://go.microsoft.com/fwlink/p/?LinkId=255141
https://mega.nz/
http://asdf]/

Internet Explorer typed URL report attached.
92423 (2) - Windows Explorer Recently Executed Programs
Synopsis
Nessus was able to enumerate recently executed programs on the remote host.
Description
Nessus was able to find evidence of program execution using Windows Explorer registry logs and settings.
See Also
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2016/07/19, Modified: 2017/08/30
Plugin Output

10.0.0.14 (tcp/0)

IEXPLORE.EXE
regedit.exe
n/a
regedit\1
eventvwr\1
explorer\1
Control Panel\Programs and Features\1
taskmgr\1
cmd\1
feihgadcb
iexplore\1
Control Panel\1
\\demofiler\1
IEXPLORE.EXE b
n/a
regedit.exeX&1!

MRU programs details in attached report.

10.0.0.64 (tcp/0)

chrome.exe
Veeam.Backup.Shell.exePO :i+00/A:\
n/a
\\demofiler\1
ba
\\king\f$\1
chrome.exe
Veeam.Backup.Shell.exe\u^U
n/a
X\r,!PCsg<
n/a

MRU programs details in attached report.
92424 (2) - MUICache Program Execution History
Synopsis
Nessus was able to enumerate recently executed programs on the remote host.
Description
Nessus was able to query the MUIcache registry key to find evidence of program execution.
See Also
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2016/07/19, Modified: 2017/08/30
Plugin Output

10.0.0.14 (tcp/0)

@c:\windows\system32\colorcpl.exe,-6 : Color Management
@c:\windows\system32\usercpl.dll,-1 : User Accounts
@c:\windows\system32\appwiz.cpl,-156 : Get Programs
c:\windows\explorer.exe : Windows Explorer
@c:\windows\system32\iscsicpl.dll,-5001 : iSCSI Initiator
@c:\windows\system32\networkexplorer.dll,-1 : Network
@c:\windows\system32\appwiz.cpl,-159 : Programs and Features
c:\program files\internet explorer\iexplore.exe : Internet Explorer
@c:\windows\system32\autoplay.dll,-1 : AutoPlay
@c:\windows\system32\svrmgrnc.dll,-300 : Microsoft Corporation
@c:\windows\system32\van.dll,-7204 : Connect To
@c:\windows\system32\sud.dll,-1 : Default Programs
c:\windows\system32\cmd.exe : Windows Command Processor
@c:\windows\system32\systemcpl.dll,-1 : System
@%systemroot%\system32\dsquery.dll,-173 : Find P&rinters...
@c:\windows\system32\functiondiscoveryfolder.dll,-1500 : Bluetooth Devices
d:\avaya install\admin6_0_8\avaya\ip office\keyserve\keyserve.exe : KeyServe
@c:\windows\system32\themeui.dll,-2682 : Themes Setup
@c:\windows\system32\ieframe.dll,-5723 : The Internet
langid : .
c:\windows\system32\mmc.exe : Microsoft Management Console
@c:\windows\system32\wercon.exe,-350 : Problem Reports and Solutions
@wucltux.dll,-78 : Select updates to install
c:\users\avaya\appdata\local\temp\6\jds-1165700637.tmp\jre-8u151-windows-au.exe : Java Platform SE binary
@c:\progra~1\window~4\photog~1\wl64aa~1.dll,-3098 : Windows Live Photo Gallery
@c:\windows\system32\wucltux.dll,-1 : Windows Update
@c:\windows\system32\firewallsettings.exe,-12122 : Windows Firewall
c:\program files\avaya\ip office\manager\manager.exe : Manager
@c:\windows\system32\devmgr.dll,-4 : Device Manager
@c:\windows\system32\appwiz.cpl,-1070 : Get Programs Online
@c:\program files\windows live\installer\langselectorlang.dll,-10000 : Windows Live Language Setting
@c:\windows\system32\themecpl.dll,-1 : Personalization
@c:\progra~1\window~4\mail\maillang.dll,-21159 : Windows Live Mail
@c:\windows\system32\netshell.dll,-1200 : Network Connections
@c:\program files\common files\system\wab32res.dll,-10100 : Contacts
@c:\windows\system32\mycomput.dll,-400 : Mana&ge
c:\windows\system32\taskmgr.exe : Windows Task Manager
@c:\windows\system32\icardres.dll,-4097 : Windows CardSpace
@%windir%\system32\wucltux.dll,-2 : Delivers software updates and drivers, and provides automatic updating options.
@c:\windows\system32\ie4uinit.exe,-731 : Internet Explorer
@c:\program files\common files\system\wab32res.dll,-1646 : For &People...
@%systemroot%\system32\svrmgrnc.dll,-102 : Get an overview of the status of this server, perform top management tasks, and add or remove server roles and features.
@c:\windows\system32\powercpl.dll,-1 : Power Options
@c:\windows\system32\netcenter.dll,-1 : Network and Sharing Center
@wucltux.dll,-71 : Windows Update
c:\program files\avaya\ip office\voicemail pro\voicemailpro.exe : Voicemail Pro Client
@c:\windows\system32\accessibilitycpl.dll,-10 : Ease of Access Center
@c:\progra~1\window~4\photog~1\moviem~2.dll,-1131 : Windows Live Movie Maker
c:\program files\java\jre1.8.0_151\bin\javaw.exe : Java(TM) Platform SE binary
@c:\windows\system32\networkmap.dll,-1 : Network Map
@c:\windows\system32\hdwwiz.cpl,-1000 : Add Hardware
@c:\windows\system32\mmcbase.dll,-13351 : &Author

MUICache report attached.

10.0.0.64 (tcp/0)

@%systemroot%\system32\provsvc.dll,-202 : HomeGroup
@%systemroot%\system32\eapqec.dll,-101 : Provides Network Access Protection enforcement for EAP authenticated network connections, such as those used with 802.1X and VPN technologies.
@%systemroot%\system32\fveui.dll,-843 : BitLocker Drive Encryption
@%systemroot%\system32\fveui.dll,-844 : BitLocker Data Recovery Agent
@netlogon.dll,-1010 : Netlogon Service
@peerdistsh.dll,-9000 : BranchCache - Content Retrieval (Uses HTTP)
@c:\windows\microsoft.net\framework64\v4.0.30319\\servicemodelevents.dll,-2002 : Windows Communication Foundation
@%systemroot%\system32\napipsec.dll,-1 : IPsec Relying Party
@%systemroot%\system32\dhcpqec.dll,-100 : DHCP Quarantine Enforcement Client
@peerdistsh.dll,-9002 : BranchCache - Hosted Cache Server (Uses HTTPS)
@%systemroot%\system32\p2pcollab.dll,-8042 : Peer to Peer Trust
@%systemroot%\system32\eapqec.dll,-100 : EAP Quarantine Enforcement Client
@%systemroot%\system32\tsgqec.dll,-101 : Provides RD Gateway enforcement for NAP
@%systemroot%\system32\napipsec.dll,-4 : 1.0
@%systemroot%\system32\eapqec.dll,-103 : Microsoft Corporation
@%systemroot%\system32\napipsec.dll,-2 : Provides IPsec based enforcement for Network Access Protection
@%systemroot%\system32\dhcpqec.dll,-101 : Provides DHCP based enforcement for NAP
@%systemroot%\system32\tsgqec.dll,-103 : Microsoft Corporation
@%systemroot%\system32\napipsec.dll,-3 : Microsoft Corporation
@%systemroot%\system32\dhcpqec.dll,-103 : 1.0
@%systemroot%\system32\eapqec.dll,-102 : 1.0
@%systemroot%\system32\tsgqec.dll,-102 : 1.0
@%systemroot%\system32\dhcpqec.dll,-102 : Microsoft Corporation
languagelist : en-US
92428 (2) - Recent File History
Synopsis
Nessus was able to enumerate recently opened files on the remote host.
Description
Nessus was able to gather evidence of files opened by file type from the remote host.
See Also
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2016/07/19, Modified: 2017/08/30
Plugin Output

10.0.0.14 (tcp/0)

C:\\Users\solomon\AppData\Roaming\Microsoft\Windows\Recent\WebInitialization.log.lnk
Recent files found in registry and appdata attached.

10.0.0.64 (tcp/0)

C:\\Users\syap\AppData\Roaming\Microsoft\Windows\Recent\desktop.ini
Recent files found in registry and appdata attached.
92431 (2) - User Shell Folders Settings
Synopsis
Nessus was able to find the folder paths for user folders on the remote host.
Description
Nessus was able to gather a list of settings from the target system that store common user folder locations. A few of the more common locations are listed below :

- Administrative Tools
- AppData
- Cache
- CD Burning
- Cookies
- Desktop
- Favorites
- Fonts
- History
- Local AppData
- My Music
- My Pictures
- My Video
- NetHood
- Personal
- PrintHood
- Programs
- Recent
- SendTo
- Start Menu
- Startup
- Templates
See Also
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2016/07/19, Modified: 2017/08/30
Plugin Output

10.0.0.14 (tcp/0)

avaya
- recent : C:\Users\avaya\AppData\Roaming\Microsoft\Windows\Recent
- my video : C:\Users\avaya\Videos
- my music : C:\Users\avaya\Music
- sendto : C:\Users\avaya\AppData\Roaming\Microsoft\Windows\SendTo
- start menu : C:\Users\avaya\AppData\Roaming\Microsoft\Windows\Start Menu
- cookies : C:\Users\avaya\AppData\Roaming\Microsoft\Windows\Cookies
- personal : C:\Users\avaya\Documents
- administrative tools : C:\Users\avaya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
- startup : C:\Users\avaya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
- history : C:\Users\avaya\AppData\Local\Microsoft\Windows\History
- nethood : C:\Users\avaya\AppData\Roaming\Microsoft\Windows\Network Shortcuts
- !do not use this registry key : Use the SHGetFolderPath or SHGetKnownFolderPath function instead
- local appdata : C:\Users\avaya\AppData\Local
- my pictures : C:\Users\avaya\Pictures
- templates : C:\Users\avaya\AppData\Roaming\Microsoft\Windows\Templates
- printhood : C:\Users\avaya\AppData\Roaming\Microsoft\Windows\Printer Shortcuts
- cache : C:\Users\avaya\AppData\Local\Microsoft\Windows\Temporary Internet Files
- desktop : C:\Users\avaya\Desktop
- programs : C:\Users\avaya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs
- fonts : C:\Windows\Fonts
- cd burning : C:\Users\avaya\AppData\Local\Microsoft\Windows\Burn\Burn
- favorites : C:\Users\avaya\Favorites
- appdata : C:\Users\avaya\AppData\Roaming

10.0.0.64 (tcp/0)

demo.ORG\oishelper
- {7d1d3a04-debb-4115-95cf-2f29da2920da} : C:\Users\oishelper\Searches
- {1b3ea5dc-b587-4786-b4ef-bd1dc332aeae} : C:\Users\oishelper\AppData\Roaming\Microsoft\Windows\Libraries
- {374de290-123f-4565-9164-39c4925e467b} : C:\Users\oishelper\Downloads
- recent : C:\Users\oishelper\AppData\Roaming\Microsoft\Windows\Recent
- my video : C:\Users\oishelper\Videos
- my music : C:\Users\oishelper\Music
- {56784854-c6cb-462b-8169-88e350acb882} : C:\Users\oishelper\Contacts
- {bfb9d5e0-c6a9-404c-b2b2-ae6db6af4968} : C:\Users\oishelper\Links
- {a520a1a4-1780-4ff6-bd18-167343c5af16} : C:\Users\oishelper\AppData\LocalLow
- sendto : C:\Users\oishelper\AppData\Roaming\Microsoft\Windows\SendTo
- start menu : C:\Users\oishelper\AppData\Roaming\Microsoft\Windows\Start Menu
- cookies : C:\Users\oishelper\AppData\Roaming\Microsoft\Windows\Cookies
- personal : C:\Users\oishelper\Documents
- administrative tools : C:\Users\oishelper\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
- startup : C:\Users\oishelper\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
- history : C:\Users\oishelper\AppData\Local\Microsoft\Windows\History
- nethood : C:\Users\oishelper\AppData\Roaming\Microsoft\Windows\Network Shortcuts
- {4c5c32ff-bb9d-43b0-b5b4-2d72e54eaaa4} : C:\Users\oishelper\Saved Games
- !do not use this registry key : Use the SHGetFolderPath or SHGetKnownFolderPath function instead
- local appdata : C:\Users\oishelper\AppData\Local
- my pictures : C:\Users\oishelper\Pictures
- templates : C:\Users\oishelper\AppData\Roaming\Microsoft\Windows\Templates
- printhood : C:\Users\oishelper\AppData\Roaming\Microsoft\Windows\Printer Shortcuts
- cache : C:\Users\oishelper\AppData\Local\Microsoft\Windows\Temporary Internet Files
- desktop : C:\Users\oishelper\Desktop
- programs : C:\Users\oishelper\AppData\Roaming\Microsoft\Windows\Start Menu\Programs
- fonts : C:\Windows\Fonts
- cd burning : C:\Users\oishelper\AppData\Local\Microsoft\Windows\Burn\Burn
- favorites : C:\Users\oishelper\Favorites
- appdata : C:\Users\oishelper\AppData\Roaming
92434 (2) - User Download Folder Files
Synopsis
Nessus was able to enumerate downloaded files on the remote host.
Description
Nessus was able to generate a report of all files listed in the default user download folder.
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2016/07/19, Modified: 2017/08/30
Plugin Output

10.0.0.14 (tcp/0)

C:\\Users\avaya\Downloads\CONFIG.pcc
C:\\Users\avaya\Downloads\desktop.ini
C:\\Users\oishelper\Downloads\desktop.ini
C:\\Users\Public\Downloads\desktop.ini
C:\\Users\RMcConnell\Downloads\desktop.ini

Download folder content report attached.

10.0.0.64 (tcp/0)

C:\\Users\Administrator\Downloads\desktop.ini
C:\\Users\everynetwork\Downloads\desktop.ini
C:\\Users\everynetwork\Downloads\mbam--setup-1.60.1.1000.exe
C:\\Users\everynetwork\Downloads\SkypeSetup.exe
C:\\Users\GXK9JS1\Downloads\desktop.ini
C:\\Users\IT\Downloads\desktop.ini
C:\\Users\jsilver\Downloads\desktop.ini
C:\\Users\jsilver\Downloads\Drobo-Dashboard-2.6.4.exe
C:\\Users\jsilver\Downloads\Ninite Air Chrome Firefox Java 8 NET 46 Installer.exe
C:\\Users\jsilver\Downloads\Ninite Air Chrome Java 8 Malwarebytes Installer.exe
C:\\Users\kgrant\Downloads\December 2012 Market Summary.pdf
C:\\Users\kgrant\Downloads\desktop.ini
C:\\Users\kgrant\Downloads\Desktop.lnk
C:\\Users\kgrant\Downloads\IMG_0680 (1).MOV
C:\\Users\kgrant\Downloads\IMG_0680 (2).MOV
C:\\Users\kgrant\Downloads\IMG_0680.MOV
C:\\Users\kyu\Downloads\1099 Reports(1).pdf
C:\\Users\kyu\Downloads\1099 Reports.pdf
C:\\Users\kyu\Downloads\ADP_Root_b64.cer
C:\\Users\kyu\Downloads\Bills Register.pdf
C:\\Users\kyu\Downloads\BTRSTMTPRINT2014-01-16-00.56.18.195675.PDF
C:\\Users\kyu\Downloads\BTRSTMTPRINT2014-01-16-00.57.14.743920.PDF
C:\\Users\kyu\Downloads\BTRSTMTPRINT2014-01-16-00.59.00.984319.PDF
C:\\Users\kyu\Downloads\BTRSTMTPRINT2014-01-16-01.08.19.370620.PDF
C:\\Users\kyu\Downloads\BTRSTMTPRINT2014-01-16-01.11.25.010449.PDF
C:\\Users\kyu\Downloads\BTRSTMTPRINT2014-01-16-01.13.10.405128.PDF
C:\\Users\kyu\Downloads\BTRSTMTPRINT2014-01-16-01.17.22.632882.PDF
C:\\Users\kyu\Downloads\BTRSTMTPRINT2014-01-16-01.20.33.757474.PDF
C:\\Users\kyu\Downloads\BTRSTMTPRINT2014-01-16-01.23.49.470162.PDF
C:\\Users\kyu\Downloads\BTRSTMTPRINT2014-01-24-00.16.56.917344.PDF
C:\\Users\kyu\Downloads\BTRSTMTPRINT2014-01-24-21.25.34.113732.PDF
C:\\Users\kyu\Downloads\BTRSTMTPRINT2014-02-03-17.52.54.763007.PDF
C:\\Users\kyu\Downloads\BTRSTMTPRINT2014-02-03-17.57.20.047000.PDF
C:\\Users\kyu\Downloads\BTRSTMTPRINT2014-02-03-18.00.26.333656.PDF
C:\\Users\kyu\Downloads\BTRSTMTPRINT2014-02-03-18.05.26.659005.PDF
C:\\Users\kyu\Downloads\BTRSTMTPRINT2014-02-03-18.08.52.089449.PDF
C:\\Users\kyu\Downloads\BTRSTMTPRINT2014-02-03-18.11.42.320465.PDF
C:\\Users\kyu\Downloads\BTRSTMTPRINT2014-02-04-01.02.32.984736.PDF
C:\\Users\kyu\Downloads\BTRSTMTPRINT2014-02-04-01.04.26.556728.PDF
C:\\Users\kyu\Downloads\BTRSTMTPRINT2014-02-04-01.06.10.646391.PDF
C:\\Users\kyu\Downloads\BTRSTMTPRINT2014-02-04-01.11.56.632950.PDF
C:\\Users\kyu\Downloads\BTRSTMTPRINT2014-02-04-22.56.41.278079.PDF
C:\\Users\kyu\Downloads\BTRSTMTPRINT2014-02-04-23.00.10.049673.PDF
C:\\Users\kyu\Downloads\BTRSTMTPRINT2014-02-10-17.46.55.007949.PDF
C:\\Users\kyu\Downloads\BTRSTMTPRINT2014-02-10-17.51.21.400916.PDF
C:\\Users\kyu\Downloads\BTRSTMTPRINT2014-02-10-17.53.25.621723.PDF
C:\\Users\kyu\Downloads\BTRSTMTPRINT2014-02-10-17.55.41.512388.PDF
C:\\Users\kyu\Downloads\BTRSTMTPRINT2014-02-10-18.00.07.392637.PDF
C:\\Users\kyu\Downloads\BTRSTMTPRINT2014-02-10-18.03.11.348923.PDF
C:\\Users\kyu\Downloads\BTRSTMTPRINT2014-02-10-18.06.41.676763.PDF
C:\\Users\kyu\Downloads\BTRSTMTPRINT2014-02-10-18.09.55.655375.PDF
C:\\Users\kyu\Downloads\BTRSTMTPRINT2014-02-10-21.32.23.231635.PDF
C:\\Users\kyu\Downloads\BTRSTMTPRINT2014-02-10-21.33.43.383006.PDF
C:\\Users\kyu\Downloads\BTRSTMTPRINT2014-02-11-17.28.55.170957.PDF
C:\\Users\kyu\Downloads\BTRSTMTPRINT2014-02-12-17.16.26.138286.PDF
C:\\Users\kyu\Downloads\BTRSTMTPRINT2014-02-12-17.23.31.445094.PDF
C:\\Users\kyu\Downloads\BTRSTMTPRINT2014-02-13-01.23.41.441303.PDF
C:\\Users\kyu\Downloads\BTRSTMTPRINT2014-02-13-01.31.30.434692.PDF
C:\\Users\kyu\Downloads\BTRSTMTPRINT2014-02-14-22.16.51.659271.PDF
C:\\Users\kyu\Downloads\BTRSTMTPRINT2014-02-20-20.08.15.642645.PDF
C:\\Users\kyu\Downloads\BTRSTMTPRINT2014-02-20-20.11.53.864490.PDF
C:\\Users\kyu\Downloads\BTRSTMTPRINT2014-02-20-22.34.47.443053.PDF
C:\\Users\kyu\Downloads\BTRSTMTPRINT2014-02-24-19.10.57.661771.PDF
C:\\Users\kyu\Downloads\BTRSTMTPRINT2014-02-28-00.35.31.063473.PDF
C:\\Users\kyu\Downloads\BTRSTMTPRINT2014-02-28-00.36.29.181220.PDF
C:\\Users\kyu\Downloads\BTRSTMTPRINT2014-02-28-00.38.18.110033.PDF
C:\\Users\kyu\Downloads\BTRSTMTPRINT2014-03-13-00.21.33.655669.PDF
C:\\Users\kyu\Downloads\BTRSTMTPRINT2014-03-13-00.39.23.504858.PDF
C:\\Users\kyu\Downloads\BTRSTMTPRINT2014-03-13-00.56.38.619383.PDF
C:\\Users\kyu\Downloads\BTRSTMTPRINT2014-03-18-23.43.59.244089.PDF
C:\\Users\kyu\Downloads\BTRSTMTPRINT2014-03-24-17.04.49.649724.PDF
C:\\Users\kyu\Downloads\BTRSTMTPRINT2014-03-24-17.06.17.763235.PDF
C:\\Users\kyu\Downloads\BTRSTMTPRINT2014-03-24-17.07.49.919049.PDF
C:\\Users\kyu\Downloads\BTRSTMTPRINT2014-03-24-17.09.35.956653.PDF
C:\\Users\kyu\Downloads\BTRSTMTPRINT2014-03-24-17.11.41.686603.PDF
C:\\Users\kyu\Downloads\BTRSTMTPRINT2014-03-24-17.13.03.988330.PDF
C:\\Users\kyu\Downloads\BTRSTMTPRINT2014-03-31-17.50.05.674152.PDF
C:\\Users\kyu\Downloads\BTRSTMTPRINT2014-03-31-18.03.35.305995.PDF
C:\\Users\kyu\Downloads\BTRSTMTPRINT2014-03-31-18.06.14.362132.PDF
C:\\Users\kyu\Downloads\BTRSTMTPRINT2014-03-31-18.09.33.597021.PDF
C:\\Users\kyu\Downloads\BTRSTMTPRINT2014-03-31-18.11.50.342507.PDF
C:\\Users\kyu\Downloads\BTRSTMTPRINT2014-03-31-18.20.41.568823.PDF
C:\\Users\kyu\Downloads\BTRSTMTPRINT2014-03-31-18.23.41.953887.PDF
C:\\Users\kyu\Downloads\BTRSTMTPRINT2014-03-31-18.33.24.656458.PDF
C:\\Users\kyu\Downloads\BTRSTMTPRINT2014-03-31-18.36.03.383808.PDF
C:\\Users\kyu\Downloads\BTRSTMTPRINT2014-03-31-18.39.16.438078.PDF
C:\\Users\kyu\Downloads\BTRSTMTPRINT2014-04-01-00.07.49.410964.PDF
C:\\Users\kyu\Downloads\BTRSTMTPRINT2014-04-01-00.25.23.103629.PDF
C:\\Users\kyu\Downloads\BTRSTMTPRINT2014-04-01-00.26.32.783291.PDF
C:\\Users\kyu\Downloads\BTRSTMTPRINT2014-04-02-22.18.14.815183.PDF
C:\\Users\kyu\Downloads\BTRSTMTPRINT2014-04-02-22.20.19.177023.PDF
C:\\Users\kyu\Downloads\BTRSTMTPRINT2014-04-02-22.24.55.870317.PDF
C:\\Users\kyu\Downloads\BTRSTMTPRINT2014-04-02-22.27.52.761233.PDF
C:\\Users\kyu\Downloads\BTRSTMTPRINT2014-04-02-22.30.54.808387.PDF
C:\\Users\kyu\Downloads\BTRSTMTPRINT2014-04-02-22.31.53.994222.PDF
C:\\Users\kyu\Downloads\BTRSTMTPRINT2014-04-03-18.11.33.429505.PDF
C:\\Users\kyu\Downloads\BTRSTMTPRINT2014-04-03-18.13.11.892327.PDF
C:\\Users\kyu\Downloads\BTRSTMTPRINT2014-04-03-18.54.39.532867.PDF
C:\\Users\kyu\Downloads\BTRSTMTPRINT2014-04-03-19.24.55.391586.PDF
C:\\Users\kyu\Downloads\BTRSTMTPRINT2014-04-03-22.57.04.093804.PDF
C:\\Users\kyu\Downloads\BTRSTMTPRINT2014-04-03-22.58.13.209386.PDF
C:\\Users\kyu\Downloads\BTRSTMTPRINT2014-04-07-22.54.24.798481.PDF
C:\\Users\kyu\Downloads\BTRSTMTPRINT2014-04-07-23.04.43.657903.PDF
C:\\Users\kyu\Downloads\BTRSTMTPRINT2014-04-08-00.23.21.832891.PDF
C:\\Users\kyu\Downloads\BTRSTMTPRINT2014-04-08-17.21.24.743044.PDF
C:\\Users\kyu\Downloads\BTRSTMTPRINT2014-04-08-19.39.37.906891.PDF
C:\\Users\kyu\Downloads\BTRSTMTPRINT2014-04-10-19.40.25.335655.PDF
C:\\Users\kyu\Downloads\BTRSTMTPRINT2014-04-10-19.45.04.639489.PDF
C:\\Users\kyu\Downloads\BTRSTMTPRINT2014-04-17-17.13.41.867539.PDF
C:\\Users\kyu\Downloads\BTRSTMTPRINT2014-04-18-23.19.05.825777.PDF
C:\\Users\kyu\Downloads\BTRSTMTPRINT2014-04-18-23.27.21.739023.PDF
C:\\Users\kyu\Downloads\BTRSTMTPRINT2014-04-21-17.55.29.615378.PDF
C:\\Users\kyu\Downloads\BTRSTMTPRINT2014-04-22-18.49.45.493026.PDF
C:\\Users\kyu\Downloads\BTRSTMTPRINT2014-04-22-18.50.36.902641.PDF
C:\\Users\kyu\Downloads\BTRSTMTPRINT2014-04-23-22.23.15.598583.PDF
C:\\Users\kyu\Downloads\BTRSTMTPRINT2014-04-23-22.57.08.342644.PDF
C:\\Users\kyu\Downloads\BTRSTMTPRINT2014-04-23-22.58.06.213497.PDF
C:\\Users\kyu\Downloads\BTRSTMTPRINT2014-04-28-17.54.44.208104.PDF
C:\\Users\kyu\Downloads\BTRSTMTPRINT2014-04-29-20.02.52.024663.PDF
C:\\Users\kyu\Downloads\BTRSTMTPRINT2014-04-29-20.06.11.087411.PDF
C:\\Users\kyu\Downloads\BTRSTMTPRINT2014-04-29-21.46.52.804137.PDF
C:\\Users\kyu\Downloads\BTRSTMTPRINT2014-04-29-23.54.42.822594.PDF
C:\\Users\kyu\Downloads\BTRSTMTPRINT2014-04-29-23.59.56.807758.PDF
C:\\Users\kyu\Downloads\BTRSTMTPRINT2014-04-30-00.00.46.524948.PDF
C:\\Users\kyu\Downloads\BTRSTMTPRINT2014-05-01-18.17.34.576199.PDF
C:\\Users\kyu\Downloads\BTRSTMTPRINT2014-05-01-18.22.36.992569.PDF
C:\\Users\kyu\Downloads\BTRSTMTPRINT2014-05-01-18.24.59.714710.PDF
C:\\Users\kyu\Downloads\BTRSTMTPRINT2014-05-01-18.27.09.510347.PDF
C:\\Users\kyu\Downloads\BTRSTMTPRINT2014-05-01-18.29.48.458667.PDF
C:\\Users\kyu\Downloads\BTRSTMTPRINT2014-05-01-18.48.42.323660.PDF
C:\\Users\kyu\Downloads\BTRSTMTPRINT2014-05-01-18.50.25.924956.PDF
C:\\Users\kyu\Downloads\BTRSTMTPRINT2014-05-01-18.53.29.110531.PDF
C:\\Users\kyu\Downloads\BTRSTMTPRINT2014-05-01-18.55.34.129211.PDF
C:\\Users\kyu\Downloads\BTRSTMTPRINT2014-05-01-18.57.39.395482.PDF
C:\\Users\kyu\Downloads\BTRSTMTPRINT2014-05-01-19.01.13.332788.PDF
C:\\Users\kyu\Downloads\BTRSTMTPRINT2014-05-02-01.14.35.873557.PDF
C:\\Users\kyu\Downloads\BTRSTMTPRINT2014-05-02-18.25.35.104036.PDF
C:\\Users\kyu\Downloads\BTRSTMTPRINT2014-05-05-17.35.07.783675.PDF
C:\\Users\kyu\Downloads\BTRSTMTPRINT2014-05-06-19.36.21.009915.PDF
C:\\Users\kyu\Downloads\BTRSTMTPRINT2014-05-13-18.32.51.654222.PDF
C:\\Users\kyu\Downloads\BTRSTMTPRINT2014-05-14-23.52.02.627157.PDF
C:\\Users\kyu\Downloads\BTRSTMTPRINT2014-05-19-19.31.13.261546.PDF
C:\\Users\kyu\Downloads\BTRSTMTPRINT2014-05-19-19.34.22.682267.PDF
C:\\Users\kyu\Downloads\BTRSTMTPRINT2014-05-20-22.44.40.313248.PDF
C:\\Users\kyu\Downloads\BTRSTMTPRINT2014-06-03-19.21.16.617342.PDF
C:\\Users\kyu\Downloads\Customer Aging Report.pdf
C:\\Users\kyu\Downloads\desktop.ini
C:\\Users\kyu\Downloads\General Ledger Report(1).pdf
C:\\Users\kyu\Downloads\General Ledger Report(10).pdf
C:\\Users\kyu\Downloads\General Ledger Report(11).pdf
C:\\Users\kyu\Downloads\General Ledger Report(12).pdf
C:\\Users\kyu\Downloads\General Ledger Report(13).pdf
C:\\Users\kyu\Downloads\General Ledger Report(14).pdf
C:\\Users\kyu\Downloads\General Ledger Report(15).pdf
C:\\Users\kyu\Downloads\General Ledger Report(16).pdf
C:\\Users\kyu\Downloads\General Ledger Report(17).pdf
C:\\Users\kyu\Downloads\General Ledger Report(18).pdf
C:\\Users\kyu\Downloads\General Ledger Report(19).pdf
C:\\Users\kyu\Downloads\General Ledger Report(2).pdf
C:\\Users\kyu\Downloads\General Ledger Report(20).pdf
C:\\Users\kyu\Downloads\General Ledger Report(21).pdf
C:\\Users\kyu\Downloads\General Ledger Report(22).pdf
C:\\Users\kyu\Downloads\General Ledger Report(23).pdf
C:\\Users\kyu\Downloads\General Ledger Report(24).pdf
C:\\Users\kyu\Downloads\General Ledger Report(25).pdf
C:\\Users\kyu\Downloads\General Ledger Report(26).pdf
C:\\Users\kyu\Downloads\General Ledger Report(27).pdf
C:\\Users\kyu\Downloads\General Ledger Report(28).pdf
C:\\Users\kyu\Downloads\General Ledger Report(29).pdf
C:\\Users\kyu\Downloads\General Ledger Report(3).pdf
C:\\Users\kyu\Downloads\General Ledger Report(30).pdf
C:\\Users\kyu\Downloads\General Ledger Report(31).pdf
C:\\Users\kyu\Downloads\General Ledger Report(32).pdf
C:\\Users\kyu\Downloads\General Ledger Report(33).pdf
C:\\Users\kyu\Downloads\General Ledger Report(34).pdf
C:\\Users\kyu\Downloads\General Ledger Report(35).pdf
C:\\Users\kyu\Downloads\General Ledger Report(36).pdf
C:\\Users\kyu\Downloads\General Ledger Report(37).pdf
C:\\Users\kyu\Downloads\General Ledger Report(38).pdf
C:\\Users\kyu\Downloads\General Ledger Report(39).pdf
C:\\Users\kyu\Downloads\General Ledger Report(4).pdf
C:\\Users\kyu\Downloads\General Ledger Report(40).pdf
C:\\Users\kyu\Downloads\General Ledger Report(5).pdf
C:\\Users\kyu\Downloads\General Ledger Report(6).pdf
C:\\Users\kyu\Downloads\General Ledger Report(7).pdf
C:\\Users\kyu\Downloads\General Ledger Report(8).pdf
C:\\Users\kyu\Downloads\General Ledger Report(9).pdf
C:\\Users\kyu\Downloads\General Ledger Report.pdf
C:\\Users\kyu\Downloads\pdfdownload(1).pdf
C:\\Users\kyu\Downloads\pdfdownload(10).pdf
C:\\Users\kyu\Downloads\pdfdownload(11).pdf
C:\\Users\kyu\Downloads\pdfdownload(12).pdf
C:\\Users\kyu\Downloads\pdfdownload(13).pdf
C:\\Users\kyu\Downloads\pdfdownload(14).pdf
C:\\Users\kyu\Downloads\pdfdownload(15).pdf
C:\\Users\kyu\Downloads\pdfdownload(16).pdf
C:\\Users\kyu\Downloads\pdfdownload(17).pdf
C:\\Users\kyu\Downloads\pdfdownload(18).pdf
C:\\Users\kyu\Downloads\pdfdownload(19).pdf
C:\\Users\kyu\Downloads\pdfdownload(2).pdf
C:\\Users\kyu\Downloads\pdfdownload(20).pdf
C:\\Users\kyu\Downloads\pdfdownload(21).pdf
C:\\Users\kyu\Downloads\pdfdownload(22).pdf
C:\\Users\kyu\Downloads\pdfdownload(23).pdf
C:\\Users\kyu\Downloads\pdfdownload(24).pdf
C:\\Users\kyu\Downloads\pdfdownload(25).pdf
C:\\Users\kyu\Downloads\pdfdownload(26).pdf
C:\\Users\kyu\Downloads\pdfdownload(27).pdf
C:\\Users\kyu\Downloads\pdfdownload(28).pdf
C:\\Users\kyu\Downloads\pdfdownload(29).pdf
C:\\Users\kyu\Downloads\pdfdownload(3).pdf
C:\\Users\kyu\Downloads\pdfdownload(30).pdf
C:\\Users\kyu\Downloads\pdfdownload(31).pdf
C:\\Users\kyu\Downloads\pdfdownload(32).pdf
C:\\Users\kyu\Downloads\pdfdownload(33).pdf
C:\\Users\kyu\Downloads\pdfdownload(34).pdf
C:\\Users\kyu\Downloads\pdfdownload(35).pdf
C:\\Users\kyu\Downloads\pdfdownload(36).pdf
C:\\Users\kyu\Downloads\pdfdownload(37).pdf
C:\\Users\kyu\Downloads\pdfdownload(38).pdf
C:\\Users\kyu\Downloads\pdfdownload(39).pdf
C:\\Users\kyu\Downloads\pdfdownload(4).pdf
C:\\Users\kyu\Downloads\pdfdownload(40).pdf
C:\\Users\kyu\Downloads\pdfdownload(41).pdf
C:\\Users\kyu\Downloads\pdfdownload(42).pdf
C:\\Users\kyu\Downloads\pdfdownload(43).pdf
C:\\Users\kyu\Downloads\pdfdownload(44).pdf
C:\\Users\kyu\Downloads\pdfdownload(45).pdf
C:\\Users\kyu\Downloads\pdfdownload(46).pdf
C:\\Users\kyu\Downloads\pdfdownload(47).pdf
C:\\Users\kyu\Downloads\pdfdownload(48).pdf
C:\\Users\kyu\Downloads\pdfdownload(49).pdf
C:\\Users\kyu\Downloads\pdfdownload(5).pdf
C:\\Users\kyu\Downloads\pdfdownload(50).pdf
C:\\Users\kyu\Downloads\pdfdownload(51).pdf
C:\\Users\kyu\Downloads\pdfdownload(52).pdf
C:\\Users\kyu\Downloads\pdfdownload(53).pdf
C:\\Users\kyu\Downloads\pdfdownload(54).pdf
C:\\Users\kyu\Downloads\pdfdownload(55).pdf
C:\\Users\kyu\Downloads\pdfdownload(56).pdf
C:\\Users\kyu\Downloads\pdfdownload(57).pdf
C:\\Users\kyu\Downloads\pdfdownload(58).pdf
C:\\Users\kyu\Downloads\pdfdownload(59).pdf
C:\\Users\kyu\Downloads\pdfdownload(6).pdf
C:\\Users\kyu\Downloads\pdfdownload(60).pdf
C:\\Users\kyu\Downloads\pdfdownload(61).pdf
C:\\Users\kyu\Downloads\pdfdownload(62).pdf
C:\\Users\kyu\Downloads\pdfdownload(63).pdf
C:\\Users\kyu\Downloads\pdfdownload(64).pdf
C:\\Users\kyu\Downloads\pdfdownload(65).pdf
C:\\Users\kyu\Downloads\pdfdownload(66).pdf
C:\\Users\kyu\Downloads\pdfdownload(67).pdf
C:\\Users\kyu\Downloads\pdfdownload(68).pdf
C:\\Users\kyu\Downloads\pdfdownload(69).pdf
C:\\Users\kyu\Downloads\pdfdownload(7).pdf
C:\\Users\kyu\Downloads\pdfdownload(8).pdf
C:\\Users\kyu\Downloads\pdfdownload(9).pdf
C:\\Users\kyu\Downloads\pdfdownload.pdf
C:\\Users\kyu\Downloads\report(1).pdf
C:\\Users\kyu\Downloads\report(10).pdf
C:\\Users\kyu\Downloads\report(11).pdf
C:\\Users\kyu\Downloads\report(12).pdf
C:\\Users\kyu\Downloads\report(13).pdf
C:\\Users\kyu\Downloads\report(14).pdf
C:\\Users\kyu\Downloads\report(15).pdf
C:\\Users\kyu\Downloads\report(16).pdf
C:\\Users\kyu\Downloads\report(17).pdf
C:\\Users\kyu\Downloads\report(18).pdf
C:\\Users\kyu\Downloads\report(19).pdf
C:\\Users\kyu\Downloads\report(2).pdf
C:\\Users\kyu\Downloads\report(20).pdf
C:\\Users\kyu\Downloads\report(21).pdf
C:\\Users\kyu\Downloads\report(22).pdf
C:\\Users\kyu\Downloads\report(23).pdf
C:\\Users\kyu\Downloads\report(24).pdf
C:\\Users\kyu\Downloads\report(25).pdf
C:\\Users\kyu\Downloads\report(26).pdf
C:\\Users\kyu\Downloads\report(27).pdf
C:\\Users\kyu\Downloads\report(28).pdf
C:\\Users\kyu\Downloads\report(29).pdf
C:\\Users\kyu\Downloads\report(3).pdf
C:\\Users\kyu\Downloads\report(30).pdf
C:\\Users\kyu\Downloads\report(31).pdf
C:\\Users\kyu\Downloads\report(32).pdf
C:\\Users\kyu\Downloads\report(33).pdf
C:\\Users\kyu\Downloads\report(34).pdf
C:\\Users\kyu\Downloads\report(35).pdf
C:\\Users\kyu\Downloads\report(36).pdf
C:\\Users\kyu\Downloads\report(37).pdf
C:\\Users\kyu\Downloads\report(38).pdf
C:\\Users\kyu\Downloads\report(39).pdf
C:\\Users\kyu\Downloads\report(4).pdf
C:\\Users\kyu\Downloads\report(40).pdf
C:\\Users\kyu\Downloads\report(41).pdf
C:\\Users\kyu\Downloads\report(42).pdf
C:\\Users\kyu\Downloads\report(43).pdf
C:\\Users\kyu\Downloads\report(44).pdf
C:\\Users\kyu\Downloads\report(45).pdf
C:\\Users\kyu\Downloads\report(46).pdf
C:\\Users\kyu\Downloads\report(47).pdf
C:\\Users\kyu\Downloads\report(48).pdf
C:\\Users\kyu\Downloads\report(49).pdf
C:\\Users\kyu\Downloads\report(5).pdf
C:\\Users\kyu\Downloads\report(50).pdf
C:\\Users\kyu\Downloads\report(51).pdf
C:\\Users\kyu\Downloads\report(52).pdf
C:\\Users\kyu\Downloads\report(53).pdf
C:\\Users\kyu\Downloads\report(54).pdf
C:\\Users\kyu\Downloads\report(55).pdf
C:\\Users\kyu\Downloads\report(6).pdf
C:\\Users\kyu\Downloads\report(7).pdf
C:\\Users\kyu\Downloads\report(8).pdf
C:\\Users\kyu\Downloads\report(9).pdf
C:\\Users\kyu\Downloads\report.pdf
C:\\Users\kyu\Downloads\Trial Balance.pdf
C:\\Users\kyu\Downloads\Vendor Aging Report(1).pdf
C:\\Users\kyu\Downloads\Vendor Aging Report(2).pdf
C:\\Users\kyu\Downloads\Vendor Aging Report(3).pdf
C:\\Users\kyu\Downloads\Vendor Aging Report(4).pdf
C:\\Users\kyu\Downloads\Vendor Aging Report(5).pdf
C:\\Users\kyu\Downloads\Vendor Aging Report.pdf
C:\\Users\oishelper\Downloads\desktop.ini
C:\\Users\oishelper\Downloads\WinCDEmu-4.0-beta1.exe
C:\\Users\oishelper.SF-GXK9JS1\Downloads\desktop.ini
C:\\Users\Public\Downloads\desktop.ini
C:\\Users\swoods\Downloads\350_42663952925_6799_n.jpg
C:\\Users\swoods\Downloads\AlbumArtSmall.jpg
C:\\Users\swoods\Downloads\desktop.ini
C:\\Users\swoods\Downloads\Folder.jpg
C:\\Users\swoods\Downloads\SeanW.jpg
C:\\Users\syap\Downloads\desktop.ini

Download folder content report attached.
97086 (2) - Server Message Block (SMB) Protocol Version 1 Enabled
Synopsis
The remote Windows host supports the SMBv1 protocol.
Description
The remote Windows host supports Server Message Block Protocol version 1 (SMBv1). Microsoft recommends that users discontinue the use of SMBv1 due to the lack of security features that were included in later SMB versions. Additionally, the Shadow Brokers group reportedly has an exploit that affects SMB; however, it is unknown if the exploit affects SMBv1 or another version. In response to this, US-CERT recommends that users disable SMBv1 per SMB best practices to mitigate these potential issues.
See Also
Solution
Disable SMBv1 according to the vendor instructions in Microsoft KB2696547. Additionally, block SMB directly by blocking TCP port 445 on all network boundary devices. For SMB over the NetBIOS API, block TCP ports 137 / 139 and UDP ports 137 / 138 on all network boundary devices.
Risk Factor
None
References
XREF OSVDB:151058
Plugin Information:
Published: 2017/02/09, Modified: 2017/10/26
Plugin Output

10.0.0.14 (tcp/445)


SMBv1 server is enabled :
- HKLM\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters\SMB1 : NULL or missing
SMBv1 client is enabled :
- HKLM\SYSTEM\CurrentControlSet\Services\mrxsmb10\Start : 3

10.0.0.64 (tcp/445)


SMBv1 server is enabled :
- HKLM\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters\SMB1 : NULL or missing
SMBv1 client is enabled :
- HKLM\SYSTEM\CurrentControlSet\Services\mrxsmb10\Start : 3
103871 (2) - Microsoft Windows Network Adapters
Synopsis
Identifies the network adapters installed on the remote host.
Description
Using the supplied credentials, this plugin enumerates and reports the installed network adapters on the remote Windows host.
Solution
Make sure that all of the installed network adapters agrees with your organization's acceptable use and security policies.
Risk Factor
None
Plugin Information:
Published: 2017/10/17, Modified: 2017/10/17
Plugin Output

10.0.0.14 (tcp/445)

Network Adapter Driver Description : VMware Accelerated AMD PCNet Adapter
Network Adapter Driver Version : 2.2.0.0

10.0.0.64 (tcp/445)

Network Adapter Driver Description : Broadcom NetXtreme 57xx Gigabit Controller
Network Adapter Driver Version : 14.0.0.7
108761 (2) - MSSQL Host Information in NTLM SSP
Synopsis
Nessus can obtain information about the host by examining the NTLM SSP message.
Description
Nessus can obtain information about the host by examining the NTLM SSP challenge issued during NTLM authentication, over MSSQL.
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2018/03/30, Modified: 2018/03/30
Plugin Output

10.0.0.8 (tcp/1433)

Nessus was able to obtain the following information about the host, by
parsing the MSSQL server's NTLM SSP message:

Target Name: demo
NetBIOS Domain Name: demo
NetBIOS Computer Name: 427576-DB2-NEW
DNS Domain Name: demo.org
DNS Computer Name: 427576-DB2-NEW.demo.org
DNS Tree Name: demo.org
Product Version: 6.0.6002

10.0.0.64 (tcp/49570)

Nessus was able to obtain the following information about the host, by
parsing the MSSQL server's NTLM SSP message:

Target Name: demo
NetBIOS Domain Name: demo
NetBIOS Computer Name: SF-GXK9JS1
DNS Domain Name: demo.org
DNS Computer Name: SF-GXK9JS1.demo.org
DNS Tree Name: demo.org
Product Version: 6.1.7601
10263 (1) - SMTP Server Detection
Synopsis
An SMTP server is listening on the remote port.
Description
The remote host is running a mail (SMTP) server on this port.

Since SMTP servers are the targets of spammers, it is recommended you disable it if you do not use it.
Solution
Disable this service if you do not use it, or filter incoming traffic to this port.
Risk Factor
None
Plugin Information:
Published: 1999/10/12, Modified: 2011/03/11
Plugin Output

10.0.0.158 (tcp/25)


Remote SMTP server banner :

220 NEW427581-SPWFE.demo.org Microsoft ESMTP MAIL Service, Version: 7.5.7601.17514 ready at Fri, 27 Apr 2018 12:50:04 -0700
10302 (1) - Web Server robots.txt Information Disclosure
Synopsis
The remote web server contains a 'robots.txt' file.
Description
The remote host contains a file named 'robots.txt' that is intended to prevent web 'robots' from visiting certain directories in a website for maintenance or indexing purposes. A malicious user may also be able to use the contents of this file to learn of sensitive documents or directories on the affected site and either retrieve them directly or target them for other attacks.
See Also
Solution
Review the contents of the site's robots.txt file, use Robots META tags instead of entries in the robots.txt file, and/or adjust the web server's access controls to limit access to sensitive material.
Risk Factor
None
References
XREF OSVDB:238
Plugin Information:
Published: 1999/10/12, Modified: 2014/05/09
Plugin Output

10.0.0.47 (tcp/9443)

Contents of robots.txt :

User-agent: *
Disallow: /
10666 (1) - Apple Filing Protocol Server Detection
Synopsis
An Apple file sharing service is listening on the remote port.
Description
The remote service understands the Apple Filing Protocol (AFP) and responds to a 'FPGetSrvrInfo' ('DSIGetStatus') request with information about itself.

AFP is used to offer file services for Mac OS X as well as the older Mac OS. In the past, it has also been known as 'AppleTalk Filing Protocol' and 'AppleShare'.
See Also
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2001/05/12, Modified: 2017/04/27
Plugin Output

10.0.0.133 (tcp/548)


Nessus collected the following information about the remote AFP service :

Server name : demoSFReadyNAS01
Machine type : Netatalk3.1.11
UAMs : No User Authent, DHX2, DHCAST128
AFP versions : AFP2.2, AFPX03, AFP3.1, AFP3.2, AFP3.3, AFP3.4

The server allows the "guest" user to connect.
10898 (1) - Microsoft Windows - Users Information : Never Changed Password
Synopsis
At least one user has never changed his or her password.
Description
Using the supplied credentials, Nessus was able to list users who have never changed their passwords.
Solution
Allow or require users to change their passwords regularly.
Risk Factor
None
References
XREF OSVDB:755
Plugin Information:
Published: 2002/03/15, Modified: 2017/01/26
Plugin Output

10.0.0.64 (tcp/0)


The following user has never changed his/her password :

- Guest


Note that, in addition to the Administrator, Guest, and Kerberos
accounts, Nessus has enumerated only those domain users with UIDs
between 1000 and 1200. To use a different range, edit the scan policy
and change the 'Start UID' and/or 'End UID' preferences for
'SMB use domain SID to enumerate users' setting, and then re-run the scan.
10914 (1) - Microsoft Windows - Local Users Information : Never Changed Passwords
Synopsis
At least one local user has never changed his or her password.
Description
Using the supplied credentials, Nessus was able to list local users who have never changed their passwords.
Solution
Allow or require users to change their passwords regularly.
Risk Factor
None
References
XREF OSVDB:755
Plugin Information:
Published: 2002/03/17, Modified: 2017/01/26
Plugin Output

10.0.0.64 (tcp/0)


The following local user has never changed his/her password :

- Guest


Note that, in addition to the Administrator and Guest accounts, Nessus
has only checked for local users with UIDs between 1000 and 1200.
To use a different range, edit the scan policy and change the 'Start
UID' and/or 'End UID' preferences for 'SMB use host SID to enumerate
local users' setting, and then re-run the scan.
10919 (1) - Open Port Re-check
Synopsis
Previously open ports are now closed.
Description
One of several ports that were previously open are now closed or unresponsive.

There are several possible reasons for this :

- The scan may have caused a service to freeze or stop running.

- An administrator may have stopped a particular service during the scanning process.

This might be an availability problem related to the following :

- A network outage has been experienced during the scan, and the remote network cannot be reached anymore by the scanner.

- This scanner may has been blacklisted by the system administrator or by an automatic intrusion detection / prevention system that detected the scan.

- The remote host is now down, either because a user turned it off during the scan or because a select denial of service was effective.

In any case, the audit of the remote host might be incomplete and may need to be done again.
Solution
- Increase checks_read_timeout and/or reduce max_checks.

- Disable any IPS during the Nessus scan
Risk Factor
None
Plugin Information:
Published: 2002/03/19, Modified: 2014/06/04
Plugin Output

10.0.0.85 (tcp/0)

Port 62078 was detected as being open but is now unresponsive
11217 (1) - Microsoft SQL Server Detection (credentialed check)
Synopsis
The remote host has a database server installed.
Description
Nessus has detected one or more installs of Microsoft SQL server by examining the registry and file systems on the remote host.
See Also
Solution
Ensure the latest service pack and hotfixes are installed.
Risk Factor
None
Plugin Information:
Published: 2003/01/26, Modified: 2016/08/01
Plugin Output

10.0.0.64 (tcp/445)


Version : 11.0.6251.0 Express Edition
Path : c:\Program Files\Microsoft SQL Server\MSSQL11.VEEAMSQL2012\MSSQL\Binn
Named Instance : veeamsql2012
Recommended Version : 11.0.6540 (2012 SP3 + Cumulative Update 4 (KB 3165264)).
11933 (1) - Do not scan printers
Synopsis
The remote host appears to be a fragile device and will not be scanned.
Description
The remote host appears to be a network printer, multi-function device, or other fragile device. Such devices often react very poorly when scanned. To avoid problems, Nessus has marked the remote host as 'Dead' and will not scan it.
Solution
If you are not concerned about such behavior, enable the 'Scan Network Printers' setting under the 'Do not scan fragile devices'
advanced settings block and re-run the scan. Or if using Nessus 6, enable 'Scan Network Printers' under 'Fragile Devices' in the Host Discovery section and then re-run the scan.
Risk Factor
None
Plugin Information:
Published: 2003/12/01, Modified: 2018/04/11
Plugin Output

10.0.0.26 (tcp/0)


SNMP reports it as KONICA MINOLTA bizhub .
16193 (1) - Antivirus Software Check
Synopsis
An antivirus application is installed on the remote host.
Description
An antivirus application is installed on the remote host, and its engine and virus definitions are up to date.
See Also
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2005/01/18, Modified: 2017/09/05
Plugin Output

10.0.0.64 (tcp/445)


SAVCE :
The remote host has antivirus software from Symantec installed. It has
been fingerprinted as :

Endpoint Protection.cloud : 22.9.3.13
DAT version : 20180118

The remote host has an outdated version of virus signatures.
Last version is 20180426
17975 (1) - Service Detection (GET request)
Synopsis
The remote service could be identified.
Description
It was possible to identify the remote service by its banner or by looking at the error message it sends when it receives an HTTP request.
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2005/04/06, Modified: 2017/06/08
Plugin Output

10.0.0.158 (tcp/8402)

A CommVault Client Event Manager Service (EvMgrC) is listening on this
port.
20108 (1) - Web Server / Application favicon.ico Vendor Fingerprinting
Synopsis
The remote web server contains a graphic image that is prone to information disclosure.
Description
The 'favicon.ico' file found on the remote web server belongs to a popular web server. This may be used to fingerprint the web server.
Solution
Remove the 'favicon.ico' file or create a custom one for your site.
Risk Factor
None
References
XREF OSVDB:39272
Plugin Information:
Published: 2005/10/28, Modified: 2014/10/14
Plugin Output

10.0.0.133 (tcp/443)


MD5 fingerprint : 7b0d4bc0ca1659d54469e5013a08d240
Web server : Netgear (Infrant) ReadyNAS NV+
20836 (1) - Adobe Reader Detection
Synopsis
There is a PDF file viewer installed on the remote Windows host.
Description
Adobe Reader, a PDF file viewer, is installed on the remote host.
See Also
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2006/02/02, Modified: 2017/08/11
Plugin Output

10.0.0.64 (tcp/445)


Nessus discovered the following installation of Adobe Reader :

Path : C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader
Version : 15.8.20082.147029
20862 (1) - Mozilla Foundation Application Detection
Synopsis
The remote Windows host contains one or more applications from the Mozilla Foundation.
Description
There is at least one instance of Firefox, Thunderbird, SeaMonkey, or the Mozilla browser installed on the remote Windows host.
See Also
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2006/02/05, Modified: 2018/03/15
Plugin Output

10.0.0.64 (tcp/445)



Product : Mozilla Firefox
Path : C:\Program Files (x86)\Mozilla Firefox
Version : 42.0
32504 (1) - Adobe AIR Detection
Synopsis
A runtime environment is installed on the remote Windows host.
Description
Adobe AIR is installed on the remote host. It is a browser- independent runtime environment that supports HTML, JavaScript, and Flash code and provides for Rich Internet Applications (RIAs).
See Also
Solution
Ensure that use of Adobe AIR itself and any associated RIAs agrees with your organization's security policy.
Risk Factor
None
Plugin Information:
Published: 2008/06/03, Modified: 2017/04/27
Plugin Output

10.0.0.64 (tcp/445)


Version : 25.0
Path : c:\PROGRA~2\COMMON~1\ADOBEA~1\Versions\1.0
34196 (1) - Google Chrome Detection (Windows)
Synopsis
The remote Windows host contains a web browser.
Description
Google Chrome, a web browser from Google, is installed on the remote Windows host.
See Also
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2008/09/12, Modified: 2015/10/13
Plugin Output

10.0.0.64 (tcp/445)


The following instance of Google Chrome is installed on the remote
host :

Path : C:\Program Files (x86)\Google\Chrome\Application
Installed version : 63.0.3239.132

Note that Nessus only looked in the registry for evidence of Google
Chrome. If there are multiple users on this host, you may wish to
enable the 'Perform thorough tests' setting and re-scan. This will
cause Nessus to scan each local user's directory for installs.
35730 (1) - Microsoft Windows USB Device Usage Report
Synopsis
It was possible to get a list of USB devices that may have been connected to the remote system in the past.
Description
Using the supplied credentials, this plugin enumerates USB devices that have been connected to the remote Windows host in the past.
See Also
Solution
Make sure that the use of USB drives is in accordance with your organization's security policy.
Risk Factor
None
Plugin Information:
Published: 2009/02/24, Modified: 2016/05/11
Plugin Output

10.0.0.64 (tcp/445)


The following is a list of USB devices that have been connected
to remote system at least once in the past :


Device Name : Patriot Memory USB Device
Class : DiskDrive
Last Inserted Time : Apr. 27, 2018 at 13:08:02 GMT

First used : unknown

Device Name : A-DATA USB Flash Drive USB Device
Class : DiskDrive
Last Inserted Time : Apr. 27, 2018 at 13:08:02 GMT

First used : unknown

Device Name : Generic Flash Disk USB Device
Class : DiskDrive
Last Inserted Time : Apr. 27, 2018 at 13:08:02 GMT

First used : unknown

Device Name : Generic USB 2.0 USB Device
Class : DiskDrive
Last Inserted Time : Apr. 27, 2018 at 13:08:02 GMT

First used : unknown

Device Name : SanDisk Cruzer USB Device
Class : DiskDrive
Last Inserted Time : Apr. 27, 2018 at 13:08:02 GMT

First used : unknown

Device Name : SanDisk Ultra USB Device
Class : DiskDrive
Last Inserted Time : Apr. 27, 2018 at 13:08:02 GMT

First used : unknown

Device Name : SanDisk Ultra USB Device
Class : DiskDrive
Last Inserted Time : Apr. 27, 2018 at 13:08:02 GMT

First used : unknown

Device Name : SanDisk Ultra USB Device
Class : DiskDrive
Last Inserted Time : Apr. 27, 2018 at 13:08:02 GMT

First used : unknown

Device Name : Seagate FreeAgent USB Device
Class : DiskDrive
Last Inserted Time : Apr. 27, 2018 at 13:08:02 GMT

First used : unknown

Device Name : Seagate FreeAgent USB Device
Class : DiskDrive
Last Inserted Time : Apr. 27, 2018 at 13:08:02 GMT

First used : unknown

(Note that for a complete listing of 'First used' times you should
run this test with the option 'thorough_tests' enabled.)
38157 (1) - Microsoft SharePoint Server Detection
Synopsis
The remote web server contains a document sharing software
Description
The remote web server is running SharePoint, a web interface for document management.

As this interface is likely to contain sensitive information, make sure only authorized personel can log into this site
See Also
Solution
Make sure the proper access controls are put in place
Risk Factor
None
Plugin Information:
Published: 2009/04/27, Modified: 2014/08/09
Plugin Output

10.0.0.158 (tcp/443)


The following instance of SharePoint was detected on the remote host :

Version : 14.0.0.6117
URL : https://10.0.0.158/
38687 (1) - Microsoft Windows Security Center Settings
Synopsis
It is possible to audit Windows Security Center settings on the remote system.
Description
By connecting to the remote host with the supplied credentials, this plugin enumerates Windows Security Center settings on the remote host.
See Also
Solution
Review the settings and ensure they are appropriate.
Risk Factor
None
Plugin Information:
Published: 2009/05/05, Modified: 2015/01/12
Plugin Output

10.0.0.64 (tcp/445)


Microsoft Windows Security Center is configured as follows :

AntiVirusDisableNotify : 0
FirewallDisableNotify : 0
UpdatesDisableNotify : 0
AntiVirusOverride : 0
FirewallOverride : 0
AntiSpywareOverride : 0
38689 (1) - Microsoft Windows SMB Last Logged On User Disclosure
Synopsis
Nessus was able to identify the last logged on user on the remote host.
Description
By connecting to the remote host with the supplied credentials, Nessus was able to identify the username associated with the last successful logon.
See Also
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2009/05/05, Modified: 2017/01/26
Plugin Output

10.0.0.14 (tcp/445)


Last Successful logon : jsilver
38912 (1) - Microsoft Windows SMB Registry : Vista / Server 2008 Service Pack Detection
Synopsis
It was possible to determine the service pack installed on the remote system.
Description
It is possible to determine the Service Pack version of the Windows Vista / Server 2008 system by reading the registry key 'HKLM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\CSDVersion'.
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2009/05/27, Modified: 2011/03/02
Plugin Output

10.0.0.14 (tcp/445)


The remote Windows Vista / Server 2008 system has Service Pack 2 applied.
40797 (1) - Adobe Acrobat Detection
Synopsis
Adobe Acrobat is installed on the remote Windows host.
Description
Adobe Acrobat, a PDF file creation and editing tool, is installed on the remote Windows host.
See Also
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2009/08/28, Modified: 2017/12/29
Plugin Output

10.0.0.64 (tcp/445)


Product : Adobe Acrobat
Path : C:\Program Files (x86)\Adobe\Acrobat 9.0
Version : 9.5.5.316
42088 (1) - SMTP Service STARTTLS Command Support
Synopsis
The remote mail service supports encrypting traffic.
Description
The remote SMTP service supports the use of the 'STARTTLS' command to switch from a cleartext to an encrypted communications channel.
See Also
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2009/10/09, Modified: 2017/06/15
Plugin Output

10.0.0.158 (tcp/25)


Here is the SMTP service's SSL certificate that Nessus was able to
collect after sending a 'STARTTLS' command :

------------------------------ snip ------------------------------
Subject Name:

Organization Unit: Domain Control Validated
Common Name: *.demo.org

Issuer Name:

Country: US
State/Province: Arizona
Locality: Scottsdale
Organization: GoDaddy.com, Inc.
Organization Unit: http://certs.godaddy.com/repository/
Common Name: Go Daddy Secure Certificate Authority - G2

Serial Number: 0A AF 09 FA EE 54 EA 01

Version: 3

Signature Algorithm: SHA-256 With RSA Encryption

Not Valid Before: Oct 02 18:54:38 2015 GMT
Not Valid After: Oct 02 18:54:38 2017 GMT

Public Key Info:

Algorithm: RSA Encryption
Key Length: 2048 bits
Public Key: 00 BF 49 73 48 AE 41 C9 25 77 4F 63 01 3D 91 C3 01 EB 59 A9
FD DB 47 83 0C B4 8F 74 E3 C6 47 7C B6 2F 40 70 51 13 32 18
83 2D 52 3C 24 E6 EA C7 E1 21 BC D6 CD EA F2 8C 3E E2 7E AD
2B 39 D0 74 87 C9 E8 20 2E A4 AC AE 60 9C AB 3B 7C 60 02 A7
58 50 1D 32 2E C2 4E 64 43 2B 91 55 3C 54 D9 3F 42 BD 6A D1
89 5C 40 88 1D 3B 09 20 EF AA 71 C4 6E 8C E0 52 77 36 47 F5
9D 59 82 CD CB 08 7F 2D D1 F6 47 59 79 39 68 E7 05 E6 62 66
4B 17 CD BA 89 53 00 EC C0 64 11 0C ED 5F E8 20 9D D2 5F C1
9C 23 E4 D8 6F 3F 89 3A 75 9D 43 EF 9F 14 EB 83 EB 98 A9 E1
2A A2 82 7F A8 82 11 A7 2F 88 9B 54 14 6F 93 9D 24 65 2D 8C
E3 D9 E9 64 5D A0 E4 E9 6C B1 04 B1 EF 67 63 70 59 75 8B 1B
3F 11 C4 88 E2 FC 52 37 58 60 F0 D5 90 BA 51 F7 AC 52 4E F3
90 85 4C D7 50 AE 3A CE B7 C2 A8 65 98 42 B2 76 05
Exponent: 01 00 01

Signature Length: 256 bytes / 2048 bits
Signature: 00 3A 2A BE 48 0A F5 58 D2 7C AF AB 75 EF 91 3E 14 4D 87 2A
4F D2 A0 7F 4F 24 D2 E0 B7 24 9C 24 3A 54 2F F8 AD 12 C2 5A
39 B8 14 70 28 36 33 F5 CE E4 43 E2 06 0B 66 0F 15 44 E1 E8
00 F3 64 BC CB E7 00 38 57 47 04 7F 2F AB E7 88 A9 4B AB D4
11 DB 80 A8 83 DB 7C E7 37 C6 69 0B E7 6C 16 48 E2 2C C4 35
01 D5 B6 F7 E0 55 3F 57 4D 5E 8A 72 54 3D 4B B8 E4 F2 AF 14
AB 25 31 FE 59 9C 2A EA F0 5C BB B4 7E 30 B1 74 6C 0D 6E 1A
A2 7D F3 01 DC 33 88 A4 CF CD CB 5B AD 52 96 ED A4 E7 AA 3D
BE 68 69 DC E7 FC 0A 3E 15 EC 89 82 85 F8 B5 43 C3 8B 4A 99
2C C3 A9 2F 71 48 5F 66 CF A8 1D 7B AB 1A D7 00 62 E2 A3 EC
39 FF 20 59 A7 36 DF D1 A1 15 7E 67 18 1F D9 30 0F EF 4C 70
F8 DD 5A A7 3D B2 9C 67 E1 B3 75 E5 04 F4 4B F3 3D 1A 6A A8
CF 4A D2 15 7C FC C4 C2 9C 2F A6 17 CA FA 3C BF 4C

Extension: Basic Constraints (2.5.29.19)
Critical: 1


Extension: Extended Key Usage (2.5.29.37)
Critical: 0
Purpose#1: Web Server Authentication (1.3.6.1.5.5.7.3.1)
Purpose#2: Web Client Authentication (1.3.6.1.5.5.7.3.2)


Extension: Key Usage (2.5.29.15)
Critical: 1
Key Usage: Digital Signature, Key Encipherment


Extension: CRL Distribution Points (2.5.29.31)
Critical: 0
URI: http://crl.godaddy.com/gdig2s1-132.crl


Extension: Policies (2.5.29.32)
Critical: 0
Policy ID #1: 2.16.840.1.114413.1.7.23.1
Qualifier ID #1: Certification Practice Statement (1.3.6.1.5.5.7.2.1)
CPS URI: http://certificates.godaddy.com/repository/


Extension: Authority Information Access (1.3.6.1.5.5.7.1.1)
Critical: 0
Method#1: Online Certificate Status Protocol
URI: http://ocsp.godaddy.com/
Method#2: Certificate Authority Issuers
URI: http://certificates.godaddy.com/repository/gdig2.crt


Extension: Authority Key Identifier (2.5.29.35)
Critical: 0
Key Identifier: 40 C2 BD 27 8E CC 34 83 30 A2 33 D7 FB 6C B3 F0 B4 2C 80 CE


Extension: Subject Alternative Name (2.5.29.17)
Critical: 0
DNS: *.demo.org
DNS: demo.org


Extension: Subject Key Identifier (2.5.29.14)
Critical: 0
Subject Key Identifier: A7 5A 2B 45 0A 85 E9 6E A5 AC 16 1C 16 BE FF 8C F6 DE 72 FC


------------------------------ snip ------------------------------
42897 (1) - SMB Registry : Start the Registry Service during the scan (WMI)
Synopsis
The registry service was enabled for the duration of the scan.
Description
To perform a full credentialed scan, Nessus needs the ability to connect to the remote registry service (RemoteRegistry). If the service is down, this plugin will attempt to start for the duration of the scan.

For this plugin to work, you need to select the option 'Start the Remote Registry service during the scan' on the credentials page when you add your Windows credentials.
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2009/11/25, Modified: 2018/04/18
Plugin Output

10.0.0.64 (tcp/0)


The registry service was successfully started for the duration of the scan.
42898 (1) - SMB Registry : Stop the Registry Service after the scan (WMI)
Synopsis
The registry service was stopped after the scan.
Description
To perform a full credentialed scan, Nessus needs the ability to connect to the remote registry service (RemoteRegistry). If the service is down and if Nessus automatically enabled the registry for the duration of the scan, this plugins will stop it afterwards.
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2009/11/25, Modified: 2018/04/18
Plugin Output

10.0.0.64 (tcp/0)


The registry service was successfully stopped after the scan.
42981 (1) - SSL Certificate Expiry - Future Expiry
Synopsis
The SSL certificate associated with the remote service will expire soon.
Description
The SSL certificate associated with the remote service will expire soon.
Solution
Purchase or generate a new SSL certificate in the near future to replace the existing one.
Risk Factor
None
Plugin Information:
Published: 2009/12/02, Modified: 2012/04/02
Plugin Output

10.0.0.64 (tcp/3389)


The SSL certificate will expire within 60 days, at
Jun 22 22:22:49 2018 GMT :

Subject : CN=SF-GXK9JS1.demo.org
Issuer : CN=SF-GXK9JS1.demo.org
Not valid before : Dec 21 22:22:49 2017 GMT
Not valid after : Jun 22 22:22:49 2018 GMT
44871 (1) - WMI Windows Feature Enumeration
Synopsis
It is possible to enumerate Windows features using WMI.
Description
Nessus was able to enumerate the server features of the remote host by querying the 'Win32_ServerFeature' class of the '\Root\cimv2' WMI namespace for Windows Server versions or the 'Win32_OptionalFeature' class of the '\Root\cimv2' WMI namespace for Windows Desktop versions.

Note that Features can only be enumerated for Windows 7 and later for desktop versions.
See Also
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2010/02/24, Modified: 2018/04/18
Plugin Output

10.0.0.14 (tcp/0)


Nessus enumerated the following Windows features :

- .NET Environment
- .NET Extensibility
- .NET Framework 3.0
- .NET Framework 3.0 Features
- ASP
- ASP.NET
- Active Directory Certificate Services Tools
- Application Development
- Basic Authentication
- CGI
- Certification Authority Tools
- Client Certificate Mapping Authentication
- Common HTTP Features
- Configuration APIs
- Connection Manager Administration Kit
- Custom Logging
- DFS Namespaces
- Default Document
- Digest Authentication
- Directory Browsing
- Distributed File System
- Distributed File System Tools
- Dynamic Content Compression
- FTP Management Console
- FTP Publishing Service
- FTP Server
- Feature Administration Tools
- File Server
- File Server Resource Manager
- File Server Resource Manager Tools
- File Services
- File Services Tools
- HTTP Activation
- HTTP Errors
- HTTP Logging
- HTTP Redirection
- Health and Diagnostics
- IIS 6 Management Compatibility
- IIS 6 Management Console
- IIS 6 Metabase Compatibility
- IIS 6 Scripting Tools
- IIS 6 WMI Compatibility
- IIS Client Certificate Mapping Authentication
- IIS Management Console
- IIS Management Scripts and Tools
- IP and Domain Restrictions
- ISAPI Extensions
- ISAPI Filters
- Logging Tools
- Management Service
- Management Tools
- Message Queuing
- Message Queuing DCOM Proxy
- Network Policy and Access Services
- ODBC Logging
- Performance
- Process Model
- Remote Access Service
- Remote Server Administration Tools
- Removable Storage Manager
- Request Filtering
- Request Monitor
- Role Administration Tools
- Routing
- Routing and Remote Access Services
- SMTP Server Tools
- SNMP Service
- SNMP Services
- SNMP WMI Provider
- Security
- Server Side Includes
- Static Content
- Static Content Compression
- Storage Manager for SANs
- Telnet Client
- Telnet Server
- Tracing
- URL Authorization
- WCF Activation
- Web Server
- Web Server (IIS)
- Web Server (IIS) Tools
- Windows Authentication
- Windows Process Activation Service
- XPS Viewer
45050 (1) - WMI Anti-spyware Enumeration
Synopsis
It is possible to obtain the list of anti-spyware software installed on the remote Windows host.
Description
By connecting to the remote Windows host with the supplied credentials, this plugin uses WMI to enumerate anti-spyware software installed on it.

Note that this plugin extracts this information from the 'root\securitycenter' and 'root\securitycenter2' WMI namespaces, which are only available in Windows desktop operating systems such as XP, Vista and Windows 7.
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2010/03/12, Modified: 2018/04/18
Plugin Output

10.0.0.64 (tcp/0)


Here is the list of anti-spyware software registered under the
'root\SecurityCenter2' WMI namespace :

+ Windows Defender

- pathToSignedProductExe : %ProgramFiles%\Windows Defender\MSASCui.exe
- pathToSignedReportingExe : %SystemRoot%\System32\svchost.exe
- productState : 393488

+ Symantec Endpoint Protection.cloud

- pathToSignedProductExe : C:\Program Files\Symantec.cloud\EndpointProtectionAgent\Engine\22.9.3.13\WSCStub.exe
- pathToSignedReportingExe : C:\Program Files\Symantec.cloud\EndpointProtectionAgent\Engine\22.9.3.13\WSCStub.exe
- productState : 327696
45051 (1) - WMI Antivirus Enumeration
Synopsis
It is possible to obtain the list of antivirus software installed on the remote Windows host.
Description
By connecting to the remote Windows host with the supplied credentials, this plugin uses WMI to enumerate antivirus software installed on it.

Note that this plugin extracts this information from the 'root\securitycenter' and 'root\securitycenter2' WMI namespaces, which are only available in Windows desktop operating systems such as XP, Vista and Windows 7.
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2010/03/12, Modified: 2018/04/18
Plugin Output

10.0.0.64 (tcp/0)


Here is the list of anti-virus software registered under the
'root\SecurityCenter2' WMI namespace :

+ Symantec Endpoint Protection.cloud

- pathToSignedProductExe : C:\Program Files\Symantec.cloud\EndpointProtectionAgent\Engine\22.9.3.13\WSCStub.exe
- pathToSignedReportingExe : C:\Program Files\Symantec.cloud\EndpointProtectionAgent\Engine\22.9.3.13\WSCStub.exe
- productState : 327696
45052 (1) - WMI Firewall Enumeration
Synopsis
It is possible to obtain the list of third-party firewall software installed on the remote Windows host.
Description
By connecting to the remote Windows host with the supplied credentials, this plugin uses WMI to enumerate third-party firewall software installed on it.

Note that this plugin extracts this information from the 'root\securitycenter' and 'root\securitycenter2' WMI namespaces, which are only available in Windows desktop operating systems such as XP, Vista and Windows 7.
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2010/03/12, Modified: 2018/04/18
Plugin Output

10.0.0.64 (tcp/0)


Here is the list of third-party firewall software registered under the
'root\SecurityCenter2' WMI namespace :

+ Symantec Endpoint Protection.cloud

- pathToSignedProductExe : C:\Program Files\Symantec.cloud\EndpointProtectionAgent\Engine\22.9.3.13\WSCStub.exe
- pathToSignedReportingExe : C:\Program Files\Symantec.cloud\EndpointProtectionAgent\Engine\22.9.3.13\WSCStub.exe
- productState : 327696
46675 (1) - HP MFP Digital Sending Software Detection
Synopsis
HP MFP Digital Sending Software is installed on the remote Windows host.
Description
The remote Windows host contains HP MFP Digital Sending Software, an application that enables an HP Multifunction Peripheral (MFP) to send scanned documents directly to several types of destinations.
See Also
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2010/05/19, Modified: 2015/01/12
Plugin Output

10.0.0.14 (tcp/445)


Version : 4.16.3.0
Path : C:\Program Files\Hewlett-Packard\HP MFP Digital Sending Software
46742 (1) - Microsoft Windows SMB Registry : Enumerate the list of SNMP communities
Synopsis
The remote Windows host one or more SNMP communities configured
Description
Using the registry, it was possible to extract the list of SNMP communities configured on the remote host. You should ensure that each community has the appropriate permission and that it can not be guessed by an attacker
Solution
None
Risk Factor
None
Plugin Information:
Published: 2010/05/27, Modified: 2015/01/12
Plugin Output

10.0.0.14 (tcp/445)


Using the registry, it was possible to gather the following
information about SNMP communities configured on the remote host :

- Community name : 'queen'
Permissions : READ ONLY
51187 (1) - WMI Encryptable Volume Enumeration
Synopsis
The remote Windows host has encryptable volumes available.
Description
By connecting to the remote host with the supplied credentials, this plugin enumerates encryptable volume information available on the remote host via WMI.
See Also
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2010/12/15, Modified: 2018/04/18
Plugin Output

10.0.0.64 (tcp/0)


Here is a list of encryptable volumes available on the remote system :

+ DriveLetter C:

- DeviceID : \\?\Volume{110e6645-4e1d-11e1-8b86-806e6f6e6963}\
- ProtectionStatus : OFF
52459 (1) - Microsoft Windows SMB Registry : Win 7 / Server 2008 R2 Service Pack Detection
Synopsis
It was possible to determine the service pack installed on the remote system.
Description
It is possible to determine the Service Pack version of the Windows 7 / Server 2008 R2 system by reading the registry key 'HKLM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\CSDVersion'.
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2011/02/25, Modified: 2014/02/17
Plugin Output

10.0.0.64 (tcp/445)


The remote Windows 7 / Server 2008 R2 system has Service Pack 1 applied.
63061 (1) - VMware vCenter Detect
Synopsis
Detects VMware vCenter servers.
Description
VMware vCenter is running on the remote host. It is an enterprise- grade computer virtualization product from VMware, Inc.
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2012/11/27, Modified: 2018/04/18
Plugin Output

10.0.0.47 (tcp/443)



Version : VMware vCenter Server 5.5.0 build-1623101
Uses HTTPS : yes
65741 (1) - Oracle Java JRE Enabled (Mozilla Firefox)
Synopsis
The remote host has Java JRE enabled for Mozilla Firefox.
Description
Oracle Java JRE is enabled in Mozilla Firefox.
See Also
Solution
Disable Java unless it is needed.
Risk Factor
None
Plugin Information:
Published: 2013/03/29, Modified: 2013/05/06
Plugin Output

10.0.0.64 (tcp/445)


Java is enabled in Mozilla Firefox for the following users :
everynetwork
65791 (1) - Microsoft Windows Portable Devices
Synopsis
It is possible to get a list of portable devices that may have been connected to the remote system in the past.
Description
By connecting to the remote host with the supplied credentials, this plugin enumerates portable devices that have been connected to the remote host in the past.
See Also
Solution
Make sure that use of the portable devices agrees with your organization's acceptable use and security policies.
Risk Factor
None
Plugin Information:
Published: 2013/04/03, Modified: 2013/07/31
Plugin Output

10.0.0.64 (tcp/445)


Friendly name : Apple iPhone
Device : USB#VID_05AC&PID_1297#901B7FC778855B607DE6DD6508E721BA833C1734

Friendly name : JESSE S demo
Device : WPDBUSENUMROOT#UMB#2&37C186B&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_&PROD_PATRIOT_MEMORY&REV_PMAP#07013BEE31B2A635&0#

Friendly name : A-DATA UFD
Device : WPDBUSENUMROOT#UMB#2&37C186B&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_A-DATA&PROD_USB_FLASH_DRIVE&REV_0.00#D7409B121DC4B0&0#

Friendly name : E:\
Device : WPDBUSENUMROOT#UMB#2&37C186B&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC&PROD_FLASH_DISK&REV_8.07#3FF14314&0#

Friendly name : E:\
Device : WPDBUSENUMROOT#UMB#2&37C186B&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC&PROD_USB_2.0&REV_2.40#0001CFCFCFC5DCD3&0#

Friendly name : demo FLASH
Device : WPDBUSENUMROOT#UMB#2&37C186B&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_SANDISK&PROD_CRUZER&REV_1.00#20052444110F3CA1DC34&0#

Friendly name : E:\
Device : WPDBUSENUMROOT#UMB#2&37C186B&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_SANDISK&PROD_ULTRA&REV_1.26#20051535630F6240298D&0#

Friendly name : E:\
Device : WPDBUSENUMROOT#UMB#2&37C186B&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_SANDISK&PROD_ULTRA&REV_1.26#20051535720F62402989&0#

Friendly name : E:\
Device : WPDBUSENUMROOT#UMB#2&37C186B&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_SANDISK&PROD_ULTRA&REV_1.26#20051739720F5C01B67E&0#
66517 (1) - Adobe Reader Enabled in Browser (Internet Explorer)
Synopsis
The remote host has Adobe Reader enabled for Internet Explorer.
Description
Adobe Reader is enabled in Internet Explorer.
Solution
Disable Adobe Reader unless it is needed.
Risk Factor
None
Plugin Information:
Published: 2013/05/20, Modified: 2016/06/13
Plugin Output

10.0.0.64 (tcp/445)


Adobe Reader is enabled for the following SIDs :
S-1-5-21-484763869-1958367476-682003330-4914

Note that this check may be incomplete as Nessus can only check the
SIDs of logged on users.
66519 (1) - Adobe Reader Enabled in Browser (Mozilla Firefox)
Synopsis
The remote host has Adobe Reader enabled for Mozilla Firefox.
Description
Adobe Reader is enabled in Mozilla Firefox.
Solution
Disable Adobe Reader unless it is needed.
Risk Factor
None
Plugin Information:
Published: 2013/05/20, Modified: 2013/05/20
Plugin Output

10.0.0.64 (tcp/445)


Adobe Reader is enabled in Mozilla Firefox for the following users :
everynetwork
swoods
72879 (1) - Microsoft Internet Explorer Enhanced Security Configuration Detection
Synopsis
The remote host supports IE Enhanced Security Configuration.
Description
Nessus detects if the remote Windows host supports IE Enhanced Security Configuration (ESC) and if IE ESC features are enabled or disabled.
See Also
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2014/03/07, Modified: 2018/04/25
Plugin Output

10.0.0.14 (tcp/445)


Type : Admin Groups
Is Enabled : False

Type : User Groups
Is Enabled : False
73990 (1) - MS KB2871997: Update to Improve Credentials Protection and Management
Synopsis
The remote Windows host is missing an update to improve credentials protection and management.
Description
The remote host is missing one or more of the following Microsoft updates: KB2871997, KB2973351, KB2975625, KB2982378, KB2984972, KB2984976, KB2984981, KB2973501, or KB3126593. These updates are needed to improve the protection against possible credential theft.

- For Windows 7 / 2008 R2 :
KB2984972, KB2871997, KB2982378, and KB2973351 are required; also, KB2984976 (if KB2592687 is installed) or KB2984981 (if KB2830477 is installed).

- For Windows 8 / 2012 :
KB2973501, KB2871997, and KB2973351 are required.

- For Windows 8.1 / 2012 R2 :
KB2973351 (if Update 1 is installed) or KB2975625 (if Update 1 isn't installed).

These updates provide additional protection for the Local Security Authority (LSA), add a restricted administrative mode for Credential Security Support Provider (CredSSP), introduce support for the protected account-restricted domain user category, enforce stricter authentication policies, add additional protection for users'
credentials, and add a restricted administrative mode for Remote Desktop Connection and Remote Desktop Protocol.
See Also
Solution
Microsoft has released a set of patches for Windows 7, 2008 R2, 8, 2012, 8.1, and 2012 R2.
Risk Factor
None
STIG Severity
II
References
MSKB 2871997
XREF IAVA:2016-A-0327
Plugin Information:
Published: 2014/05/14, Modified: 2017/08/30
Plugin Output

10.0.0.64 (tcp/445)




A required registry setting is missing:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\WDigest\UseLogonCredential = 0

More information: https://blogs.technet.microsoft.com/kfalde/2014/11/01/kb2871997-and-wdigest-part-1/
77668 (1) - Windows Prefetch Folder
Synopsis
Nessus was able to retrieve the Windows prefetch folder file list.
Description
Nessus was able to retrieve and display the contents of the Windows prefetch folder (%systemroot%\prefetch\*). This information shows programs that have run with the prefetch and superfetch mechanisms enabled.
See Also
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2014/09/12, Modified: 2014/09/12
Plugin Output

10.0.0.64 (tcp/0)

+ HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\PrefetchParameters
rootdirpath :
enableprefetcher : 3

+ Prefetch file list :
- \Windows\prefetch\63.0.3239.132_CHROME_INSTALLE-1D9611CB.pf
- \Windows\prefetch\AITAGENT.EXE-08FB63FE.pf
- \Windows\prefetch\AUDIODG.EXE-AB22E9A6.pf
- \Windows\prefetch\CLTLMH.EXE-5E8B8037.pf
- \Windows\prefetch\COMPATTELRUNNER.EXE-B7A68ECC.pf
- \Windows\prefetch\CONHOST.EXE-0C6456FB.pf
- \Windows\prefetch\CONSENT.EXE-40419367.pf
- \Windows\prefetch\CSC.EXE-0E09149C.pf
- \Windows\prefetch\CVTRES.EXE-F4BA0E72.pf
- \Windows\prefetch\DCP_DISPLAY.EXE-6D2FF88D.pf
- \Windows\prefetch\DEFRAG.EXE-3D9E8D72.pf
- \Windows\prefetch\DLLHOST.EXE-6389524F.pf
- \Windows\prefetch\DLLHOST.EXE-960426D8.pf
- \Windows\prefetch\FLASHPLAYERUPDATESERVICE.EXE-0129C0B2.pf
- \Windows\prefetch\GOOGLEUPDATE.EXE-0E1E7B82.pf
- \Windows\prefetch\IEXPLORE.EXE-A033F7A0.pf
- \Windows\prefetch\LIVEUPDATE.EXE-E5CB03D0.pf
- \Windows\prefetch\MBUPDATR.EXE-4A6182FF.pf
- \Windows\prefetch\MMC.EXE-B72DA59F.pf
- \Windows\prefetch\MSIEXEC.EXE-8FFB1633.pf
- \Windows\prefetch\NIS.EXE-6DA94FD6.pf
- \Windows\prefetch\NIS.EXE-CCE81F75.pf
- \Windows\prefetch\NTOSBOOT-B00DFAAD.pf
- \Windows\prefetch\POWERSHELL.EXE-CA1AE517.pf
- \Windows\prefetch\RUNDLL32.EXE-51CCB287.pf
- \Windows\prefetch\RUNDLL32.EXE-B7650B8F.pf
- \Windows\prefetch\RUNDLL32.EXE-E5926867.pf
- \Windows\prefetch\SDCLT.EXE-94EAE077.pf
- \Windows\prefetch\SEARCHFILTERHOST.EXE-44162447.pf
- \Windows\prefetch\SEARCHPROTOCOLHOST.EXE-69C456C3.pf
- \Windows\prefetch\SEARCHPROTOCOLHOST.EXE-9FED59A7.pf
- \Windows\prefetch\SPPSVC.EXE-96070FE0.pf
- \Windows\prefetch\SVCHOST.EXE-67EC2DA7.pf
- \Windows\prefetch\SVCHOST.EXE-6A249820.pf
- \Windows\prefetch\SVCHOST.EXE-6E1A6101.pf
- \Windows\prefetch\SVCHOST.EXE-F31BDE28.pf
- \Windows\prefetch\SYMERR.EXE-C668119D.pf
- \Windows\prefetch\TASKENG.EXE-35FA9C06.pf
- \Windows\prefetch\TASKHOST.EXE-A0F5E092.pf
- \Windows\prefetch\VEEAM.BACKUP.MANAGER.EXE-E3918FA5.pf
- \Windows\prefetch\VEEAMAGENT.EXE-BFFC61E6.pf
- \Windows\prefetch\VEEAMAGENT.EXE-CA32D78A.pf
- \Windows\prefetch\VSSVC.EXE-6C8F0C66.pf
- \Windows\prefetch\W32TM.EXE-C4E0F88E.pf
- \Windows\prefetch\WMIPRVSE.EXE-E8B8DD29.pf
- \Windows\prefetch\WUAUCLT.EXE-5D573F0E.pf
78673 (1) - WinZip Installed
Synopsis
A file compression/decompression application is installed on the remote host.
Description
WinZip, a file compression/decompression application, is installed on the remote Windows host.
See Also
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2014/10/24, Modified: 2018/04/25
Plugin Output

10.0.0.64 (tcp/445)


Path : C:\Program Files\WinZip\
Version : 17.5 (10480)
83298 (1) - SSL Certificate Chain Contains Certificates Expiring Soon
Synopsis
The remote host has an SSL certificate chain with one or more certificates that are going to expire soon.
Description
The remote host has an SSL certificate chain with one or more SSL certificates that are going to expire soon. Failure to renew these certificates before the expiration date may result in denial of service for users.
Solution
Renew any soon to expire SSL certificates.
Risk Factor
None
Plugin Information:
Published: 2015/05/08, Modified: 2015/05/08
Plugin Output

10.0.0.64 (tcp/3389)


The following soon to expire certificate was part of the certificate
chain sent by the remote host :

|-Subject : CN=SF-GXK9JS1.demo.org
|-Not After : Jun 22 22:22:49 2018 GMT
90511 (1) - MS KB3152550: Update to Improve Wireless Mouse Input Filtering
Synopsis
The remote Windows host is missing an update to wireless mouse input filtering.
Description
The remote Windows host is missing an update to the wireless mouse input filtering functionality. The missing update enhances security by filtering out QWERTY key packets in keystroke communications issued when receiving communication from USB wireless dongles. The update resolves a vulnerability that allows a local attacker in the physical proximity of the wireless mouse range to inject keyboard HID packets into Microsoft wireless mouse devices through the use of USB dongles.
See Also
Solution
Microsoft has released a set of patches for Windows 7, 8.1, and 10.
Risk Factor
None
References
MSKB 3152550
Plugin Information:
Published: 2016/04/13, Modified: 2017/08/30
Plugin Output

10.0.0.64 (tcp/0)

Nessus has determined that the remote Windows host is missing files
that are created upon installation of the update corresponding to
Microsoft Security Advisory 3152550.
92220 (1) - Microsoft Visio Installed (credentialed check)
Synopsis
A diagramming application is installed on the remote host.
Description
Microsoft Visio, a diagramming and vector graphics application, is installed on the remote Windows host.
See Also
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2016/07/14, Modified: 2018/04/18
Plugin Output

10.0.0.64 (tcp/445)


Path : C:\Program Files (x86)\Microsoft Office\Office14\Visio.exe
Version : 14.0.7170.5000
Product : 2010
Service Pack : 2
92425 (1) - Microsoft Office File History
Synopsis
Nessus was able to enumerate files opened in Microsoft Office on the remote host.
Description
Nessus was able to gather evidence of files that were opened using any Microsoft Office application. The report was extracted from Office MRU (Most Recently Used) registry keys.
See Also
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2016/07/19, Modified: 2017/08/30
Plugin Output

10.0.0.64 (tcp/0)

C:\\Users\jsilver\AppData\Roaming\Microsoft\Office\Recent\index.dat
C:\\Users\jsilver\AppData\Roaming\Microsoft\Office\Recent\SG Contacts.LNK
C:\\Users\kgrant\AppData\Roaming\Microsoft\Office\Recent\01-GL 1107-Aug-China AR 083112.xls.url
C:\\Users\kgrant\AppData\Roaming\Microsoft\Office\Recent\01620.LNK
C:\\Users\kgrant\AppData\Roaming\Microsoft\Office\Recent\2012 Audit.LNK
C:\\Users\kgrant\AppData\Roaming\Microsoft\Office\Recent\2012 Revenue sample selections.xls.url
C:\\Users\kgrant\AppData\Roaming\Microsoft\Office\Recent\2013 on share.demo.org.url
C:\\Users\kgrant\AppData\Roaming\Microsoft\Office\Recent\BRIT051201 Invoice 2.pdf.url
C:\\Users\kgrant\AppData\Roaming\Microsoft\Office\Recent\BRIT051201 Invoice.pdf.url
C:\\Users\kgrant\AppData\Roaming\Microsoft\Office\Recent\demo Finance Monthly Close.vsd.url
C:\\Users\kgrant\AppData\Roaming\Microsoft\Office\Recent\CiYuan.LNK
C:\\Users\kgrant\AppData\Roaming\Microsoft\Office\Recent\Desktop.LNK
C:\\Users\kgrant\AppData\Roaming\Microsoft\Office\Recent\Exessive Funds Return Letter.doc.url
C:\\Users\kgrant\AppData\Roaming\Microsoft\Office\Recent\Fieldwork - April 2013 on share.demo.org.url
C:\\Users\kgrant\AppData\Roaming\Microsoft\Office\Recent\FREE011202 - Payment Reference.LNK
C:\\Users\kgrant\AppData\Roaming\Microsoft\Office\Recent\GL Detail Master(Actual-Budget-Forecast).xlsx.url
C:\\Users\kgrant\AppData\Roaming\Microsoft\Office\Recent\GRANTS DETAIL - March Final.LNK
C:\\Users\kgrant\AppData\Roaming\Microsoft\Office\Recent\Grants Finance Presentation.ppt.url
C:\\Users\kgrant\AppData\Roaming\Microsoft\Office\Recent\Guide to Using Etime Codes for AS Consultant_Aug2011.doc.url
C:\\Users\kgrant\AppData\Roaming\Microsoft\Office\Recent\HERproject_Country_Data_Management.xls.url
C:\\Users\kgrant\AppData\Roaming\Microsoft\Office\Recent\HITA021102 Payment Reference.LNK
C:\\Users\kgrant\AppData\Roaming\Microsoft\Office\Recent\HSBC-20130401-20130410.LNK
C:\\Users\kgrant\AppData\Roaming\Microsoft\Office\Recent\index.dat
C:\\Users\kgrant\AppData\Roaming\Microsoft\Office\Recent\instructions.doc.url
C:\\Users\kgrant\AppData\Roaming\Microsoft\Office\Recent\NTSA EICC Framework Agreement_2008.doc.url
C:\\Users\kgrant\AppData\Roaming\Microsoft\Office\Recent\PERSONAL.LNK
C:\\Users\kgrant\AppData\Roaming\Microsoft\Office\Recent\Project v. Grant Characteristics.doc.url
C:\\Users\kgrant\AppData\Roaming\Microsoft\Office\Recent\Proposed Government Grants Accounting Process.doc.url
C:\\Users\kgrant\AppData\Roaming\Microsoft\Office\Recent\Revenue Recognition Policy.doc.url
C:\\Users\kgrant\AppData\Roaming\Microsoft\Office\Recent\SANO011201 - Invoice Copies.pdf.url
C:\\Users\kgrant\AppData\Roaming\Microsoft\Office\Recent\Sida HERproject Budget_2012-2013_submitted 021012.xls.url
C:\\Users\kgrant\AppData\Roaming\Microsoft\Office\Recent\Sida HERproject Budget_2012-2013_w hours.xls.url
C:\\Users\kgrant\AppData\Roaming\Microsoft\Office\Recent\State Dept instructions.doc.url
C:\\Users\kgrant\AppData\Roaming\Microsoft\Office\Recent\TELE011201 - 012501.LNK
C:\\Users\kgrant\AppData\Roaming\Microsoft\Office\Recent\Working Documents on share.demo.org.url
C:\\Users\kgrant\AppData\Roaming\Microsoft\Office\Recent\ZSTCHINA01 - Grant Summary 03.31.2013.LNK
C:\\Users\kyu\AppData\Roaming\Microsoft\Office\Recent\11th course requests.doc.url
C:\\Users\kyu\AppData\Roaming\Microsoft\Office\Recent\2013 Capital Leases on share.demo.org.url
C:\\Users\kyu\AppData\Roaming\Microsoft\Office\Recent\2014 demo CC Submit Status.xlsx.url
C:\\Users\kyu\AppData\Roaming\Microsoft\Office\Recent\2014-01 Danske DKK.csv.url
C:\\Users\kyu\AppData\Roaming\Microsoft\Office\Recent\2014-02 Danske DKK.csv.url
C:\\Users\kyu\AppData\Roaming\Microsoft\Office\Recent\2014-03 Danske DKK.csv.url
C:\\Users\kyu\AppData\Roaming\Microsoft\Office\Recent\801 on tws-tn.client.renweb.com.url
C:\\Users\kyu\AppData\Roaming\Microsoft\Office\Recent\BJ bank statement_Dec.xls.url
C:\\Users\kyu\AppData\Roaming\Microsoft\Office\Recent\Book1.LNK
C:\\Users\kyu\AppData\Roaming\Microsoft\Office\Recent\demoWeekly time sheet 05112014-05172014.LNK
C:\\Users\kyu\AppData\Roaming\Microsoft\Office\Recent\demoWeekly time sheet 05182014-05242014.LNK
C:\\Users\kyu\AppData\Roaming\Microsoft\Office\Recent\demoWeekly time sheet 05252014-05312014.LNK
C:\\Users\kyu\AppData\Roaming\Microsoft\Office\Recent\Essay Checklist (2013).doc.url
C:\\Users\kyu\AppData\Roaming\Microsoft\Office\Recent\GL 2305 Member Credit Recon-Mar 2013-Sample.LNK
C:\\Users\kyu\AppData\Roaming\Microsoft\Office\Recent\index.dat
C:\\Users\kyu\AppData\Roaming\Microsoft\Office\Recent\Kin Yu Resume.LNK
C:\\Users\kyu\AppData\Roaming\Microsoft\Office\Recent\Kin's Folder.LNK
C:\\Users\kyu\AppData\Roaming\Microsoft\Office\Recent\Leases on share.demo.org.url
C:\\Users\kyu\AppData\Roaming\Microsoft\Office\Recent\LOC and CC on share.demo.org.url
C:\\Users\kyu\AppData\Roaming\Microsoft\Office\Recent\My Documents.LNK
C:\\Users\kyu\AppData\Roaming\Microsoft\Office\Recent\Office14.LNK
C:\\Users\kyu\AppData\Roaming\Microsoft\Office\Recent\Oration Comp Rubric Standards Final.doc.url
C:\\Users\kyu\AppData\Roaming\Microsoft\Office\Recent\Reconciliation of PPD Rent-GL 1201.003-2014.LNK
C:\\Users\kyu\AppData\Roaming\Microsoft\Office\Recent\Reference for Kin Yu.LNK
C:\\Users\kyu\AppData\Roaming\Microsoft\Office\Recent\Summer Reading Response Sheets Upper School 2013.doc.url
C:\\Users\kyu\AppData\Roaming\Microsoft\Office\Recent\Syllabus.doc.url
C:\\Users\kyu\AppData\Roaming\Microsoft\Office\Recent\Time Sheet.LNK
C:\\Users\kyu\AppData\Roaming\Microsoft\Office\Recent\Vendors_demo final.csv.url
C:\\Users\kyu\AppData\Roaming\Microsoft\Office\Recent\W9-Form.LNK
C:\\Users\kyu\AppData\Roaming\Microsoft\Office\Recent\WHAP Summer Reading Letter.doc.url
C:\\Users\kyu\AppData\Roaming\Microsoft\Office\Recent\Yu, Kin-2014.LNK
C:\\Users\swoods\AppData\Roaming\Microsoft\Office\Recent\01620.LNK
C:\\Users\swoods\AppData\Roaming\Microsoft\Office\Recent\032818 PD-201103 (2011.3.20) Crystal Reports - Allocation Processor Audit - PA450A.pdf.url
C:\\Users\swoods\AppData\Roaming\Microsoft\Office\Recent\032822 PD-201103 (2011.3.30) Crystal Reports - Allocation Processor Audit - PA450A.pdf.url
C:\\Users\swoods\AppData\Roaming\Microsoft\Office\Recent\032912 PD-2011076 (2011.7.25) Crystal Reports - Allocation Processor Audit - PA450A.pdf.url
C:\\Users\swoods\AppData\Roaming\Microsoft\Office\Recent\032943 PD-201108 (2011.8.11) Crystal Reports - Allocation Processor Audit - PA450A.pdf.url
C:\\Users\swoods\AppData\Roaming\Microsoft\Office\Recent\07-July on share.demo.org.url
C:\\Users\swoods\AppData\Roaming\Microsoft\Office\Recent\08-Aug-2012 on share.demo.org.url
C:\\Users\swoods\AppData\Roaming\Microsoft\Office\Recent\09-Sep-2012 on share.demo.org.url
C:\\Users\swoods\AppData\Roaming\Microsoft\Office\Recent\09-September on share.demo.org.url
C:\\Users\swoods\AppData\Roaming\Microsoft\Office\Recent\10 - October on share.demo.org.url
C:\\Users\swoods\AppData\Roaming\Microsoft\Office\Recent\10-October on share.demo.org.url
C:\\Users\swoods\AppData\Roaming\Microsoft\Office\Recent\2011 Other Annual Working Papers on share.demo.org.url
C:\\Users\swoods\AppData\Roaming\Microsoft\Office\Recent\2011-01 (21-Jan-2011) Crystal Reports - Allocation Processor Audit - PA450A.pdf.url
C:\\Users\swoods\AppData\Roaming\Microsoft\Office\Recent\2011-01 (25-Jan-2011) Crystal Reports - Allocation Processor Audit - PA450A.pdf.url
C:\\Users\swoods\AppData\Roaming\Microsoft\Office\Recent\2011-01 (7-Feb-2011) Crystal Reports - Allocation Processor Audit - PA450A.pdf.url
C:\\Users\swoods\AppData\Roaming\Microsoft\Office\Recent\2011-02 (13-Feb-2011) Crystal Reports - Allocation Processor Audit - PA450A.pdf.url
C:\\Users\swoods\AppData\Roaming\Microsoft\Office\Recent\2011-02 (20-Feb-2011) 2nd Crystal Reports - Allocation Processor Audit - PA450A.pdf.url
C:\\Users\swoods\AppData\Roaming\Microsoft\Office\Recent\2011-02 (20-Feb-2011) Crystal Reports - Allocation Processor Audit - PA450A.pdf.url
C:\\Users\swoods\AppData\Roaming\Microsoft\Office\Recent\2011-Q2 ZSTCHINA01 SLMAQM10GR522.pdf.url
C:\\Users\swoods\AppData\Roaming\Microsoft\Office\Recent\2011-Q2 ZSTSAUDI01 SLMAQM09GR564.pdf.url
C:\\Users\swoods\AppData\Roaming\Microsoft\Office\Recent\2011-Q3 ZSTCHINA01 FFR.pdf.url
C:\\Users\swoods\AppData\Roaming\Microsoft\Office\Recent\2011-Q3 ZSTSAUDI01 FFR.pdf.url
C:\\Users\swoods\AppData\Roaming\Microsoft\Office\Recent\2011-Q4 ZSTCHINA01 FFR.pdf.url
C:\\Users\swoods\AppData\Roaming\Microsoft\Office\Recent\2011-Q4 ZSTSAUDI01 FFR.pdf.url
C:\\Users\swoods\AppData\Roaming\Microsoft\Office\Recent\2012 (09-September) Departmental and Industry Statement of Activities.XLS.url
C:\\Users\swoods\AppData\Roaming\Microsoft\Office\Recent\2012 (09-September) Expense Details Workbook.xlsx.url
C:\\Users\swoods\AppData\Roaming\Microsoft\Office\Recent\2012 (09-September) Regional Statement of Activities.XLS.url
C:\\Users\swoods\AppData\Roaming\Microsoft\Office\Recent\2012 on share.demo.org.url
C:\\Users\swoods\AppData\Roaming\Microsoft\Office\Recent\2012-03 demo Financials.pdf.url
C:\\Users\swoods\AppData\Roaming\Microsoft\Office\Recent\2012.March.22-28 SWoods Time Off.doc.url
C:\\Users\swoods\AppData\Roaming\Microsoft\Office\Recent\33032 PD-201110 (2011.10.28) Crystal Reports - Allocation Processor Audit - PA450A.pdf.url
C:\\Users\swoods\AppData\Roaming\Microsoft\Office\Recent\33072 PD-201111 (2011.12.05) Crystal Reports - Allocation Processor Audit - PA450A.pdf.url
C:\\Users\swoods\AppData\Roaming\Microsoft\Office\Recent\33213 PD-201112 (2012.Mar.16) Crystal Reports - Allocation Processor Audit - PA450A.pdf.url
C:\\Users\swoods\AppData\Roaming\Microsoft\Office\Recent\33213 PD-201112 (2012.Mar.16) Crystal Reports - Allocation Processor Audit - PA450B.pdf.url
C:\\Users\swoods\AppData\Roaming\Microsoft\Office\Recent\August 2012 Statement of Activities - Dept and Ind.XLS.url
C:\\Users\swoods\AppData\Roaming\Microsoft\Office\Recent\BALANCE SHEET.LNK
C:\\Users\swoods\AppData\Roaming\Microsoft\Office\Recent\demo April 12 Benchmarks.pdf.url
C:\\Users\swoods\AppData\Roaming\Microsoft\Office\Recent\demo April 12 Scorecard.pdf.url
C:\\Users\swoods\AppData\Roaming\Microsoft\Office\Recent\demo Finance Monthly Close.vsd.url
C:\\Users\swoods\AppData\Roaming\Microsoft\Office\Recent\demo March 12 Benchmarks.pdf.url
C:\\Users\swoods\AppData\Roaming\Microsoft\Office\Recent\demo March 12 Scorecard.pdf.url
C:\\Users\swoods\AppData\Roaming\Microsoft\Office\Recent\CRWT_FORM.LNK
C:\\Users\swoods\AppData\Roaming\Microsoft\Office\Recent\Desktop.LNK
C:\\Users\swoods\AppData\Roaming\Microsoft\Office\Recent\Finance Orientation (2011).doc.url
C:\\Users\swoods\AppData\Roaming\Microsoft\Office\Recent\Finance Policies on share.demo.org.url
C:\\Users\swoods\AppData\Roaming\Microsoft\Office\Recent\Global.LNK
C:\\Users\swoods\AppData\Roaming\Microsoft\Office\Recent\GRANTS DETAIL.LNK
C:\\Users\swoods\AppData\Roaming\Microsoft\Office\Recent\Guide to Using Etime Codes for AS Consultant_Aug2011.doc.url
C:\\Users\swoods\AppData\Roaming\Microsoft\Office\Recent\index.dat
C:\\Users\swoods\AppData\Roaming\Microsoft\Office\Recent\June 2011 Time Off.doc.url
C:\\Users\swoods\AppData\Roaming\Microsoft\Office\Recent\My Documents.LNK
C:\\Users\swoods\AppData\Roaming\Microsoft\Office\Recent\PERSONAL.LNK
C:\\Users\swoods\AppData\Roaming\Microsoft\Office\Recent\Project vs Grant Characteristics.pdf.url
C:\\Users\swoods\AppData\Roaming\Microsoft\Office\Recent\SA.LNK
C:\\Users\swoods\AppData\Roaming\Microsoft\Office\Recent\Sean Transition Plan 2012-10-12.xlsx.url
C:\\Users\swoods\AppData\Roaming\Microsoft\Office\Recent\SWoods Timesheet (Template).LNK
C:\\Users\swoods\AppData\Roaming\Microsoft\Office\Recent\Time Off Request Form.doc.url
C:\\Users\swoods\AppData\Roaming\Microsoft\Office\Recent\Updated on share.demo.org.url
C:\\Users\swoods\AppData\Roaming\Microsoft\Office\Recent\Weeks input file.xls.url

User AppData recent used file report attached
93962 (1) - Microsoft Security Rollup Enumeration
Synopsis
This plugin enumerates installed Microsoft security rollups.
Description
Nessus was able to enumerate the Microsoft security rollups installed on the remote Windows host.
See Also
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2016/10/11, Modified: 2018/04/10
Plugin Output

10.0.0.64 (tcp/445)


Cumulative Rollup : 08_2017 [KB4034664]
Cumulative Rollup : 07_2017 [KB4025341]
Cumulative Rollup : 06_2017 [KB4022719]
Cumulative Rollup : 05_2017 [KB4019264]
Cumulative Rollup : 04_2017 [KB4015549]
Cumulative Rollup : 03_2017 [KB4012215]
Cumulative Rollup : 01_2017 [KB3212646]
Cumulative Rollup : 12_2016 [KB3207752]
Cumulative Rollup : 11_2016 [KB3197868]
Cumulative Rollup : 10_2016 [KB3185330]

Latest effective update level : 08_2017
File checked : C:\Windows\System32\bcrypt.dll
File version : 6.1.7601.23864
Associated KB : 4034664, 4034679, 4034670
95631 (1) - SSL Certificate Signed Using Weak Hashing Algorithm (Known CA)
Synopsis
A known CA SSL certificate in the certificate chain has been signed using a weak hashing algorithm.
Description
The remote service uses a known CA certificate in the SSL certificate chain that has been signed using a cryptographically weak hashing algorithm (e.g., MD2, MD4, MD5, or SHA1). These signature algorithms are known to be vulnerable to collision attacks. An attacker can exploit this to generate another certificate with the same digital signature, allowing the attacker to masquerade as the affected service.

Note that this plugin reports all SSL certificate chains signed with SHA-1 that expire after January 1, 2017 as vulnerable. This is in accordance with Google's gradual sunsetting of the SHA-1 cryptographic hash algorithm.
See Also
Solution
Contact the Certificate Authority to have the certificate reissued.
Risk Factor
None
References
BID 11849
BID 33065
CVE CVE-2004-2761
XREF OSVDB:45106
XREF OSVDB:45108
XREF OSVDB:45127
XREF CERT:836068
XREF CWE:310
Plugin Information:
Published: 2016/12/08, Modified: 2016/12/08
Plugin Output

10.0.0.94 (tcp/443)


The following known CA certificates were part of the certificate
chain sent by the remote host, but contain hashes that are considered
to be weak.

|-Subject : C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com, Inc./OU=http://certificates.godaddy.com/repository/CN=Go Daddy Secure Certification Authority/2.5.4.5=07969287
|-Signature Algorithm : SHA-1 With RSA Encryption
|-Valid From : Nov 16 01:54:37 2006 GMT
|-Valid To : Nov 16 01:54:37 2026 GMT

|-Subject : C=US/O=The Go Daddy Group, Inc./OU=Go Daddy Class 2 Certification Authority
|-Signature Algorithm : SHA-1 With RSA Encryption
|-Valid From : Jun 29 17:06:20 2004 GMT
|-Valid To : Jun 29 17:06:20 2034 GMT
96533 (1) - Chrome Browser Extension Enumeration
Synopsis
One or more Chrome browser extensions are installed on the remote host.
Description
Nessus was able to enumerate Chrome browser extensions installed on the remote host.
See Also
Solution
Make sure that the use and configuration of these extensions comply with your organization's acceptable use and security policies.
Risk Factor
None
Plugin Information:
Published: 2017/01/16, Modified: 2018/04/25
Plugin Output

10.0.0.64 (tcp/445)


User : jsilver
|- Browser : Chrome
|- Add-on information :

Name : Google Slides
Description : Create and edit presentations
Version : 0.9
Update Date : Jul. 9, 2015 at 23:41:24 GMT
Path : C:\Users\jsilver\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0

Name : Google Docs
Description : Create and edit documents
Version : 0.9
Update Date : Jul. 9, 2015 at 23:41:24 GMT
Path : C:\Users\jsilver\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0

Name : Google Drive
Description : Google Drive: create, share and keep all your stuff in one place.
Version : 14.1
Update Date : Dec. 3, 2015 at 19:45:03 GMT
Path : C:\Users\jsilver\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0

Name : YouTube
Version : 4.2.8
Update Date : Dec. 3, 2015 at 19:45:02 GMT
Path : C:\Users\jsilver\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0

Name : Google Search
Description : The fastest way to search the web.
Version : 0.0.0.60
Update Date : Dec. 3, 2015 at 19:45:02 GMT
Path : C:\Users\jsilver\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.60_0

Name : Google Sheets
Description : Create and edit spreadsheets
Version : 1.1
Update Date : Jul. 9, 2015 at 23:41:24 GMT
Path : C:\Users\jsilver\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0

Name : Google Docs Offline
Description : Get things done offline with the Google Docs family of products.
Version : 1.4
Update Date : May. 6, 2016 at 15:12:03 GMT
Path : C:\Users\jsilver\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0

Name : Norton Identity Safe
Description : Access your Identity Safe Vault, which remembers your usernames and passwords for single-click access to your favorite sites.
Version : 1.0.5
Update Date : May. 6, 2016 at 15:11:38 GMT
Path : C:\Users\jsilver\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif\1.0.5_0

Name : Chrome Web Store Payments
Description : Chrome Web Store Payments
Version : 1.0.0.0
Path : C:\Users\jsilver\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0

Name : Gmail
Description : Fast, searchable email with less spam.
Version : 8.1
Update Date : Jul. 9, 2015 at 23:14:49 GMT
Path : C:\Users\jsilver\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0

Name : Chrome Media Router
Description : Provider for discovery and services for mirroring of Chrome Media Router
Version : 5516.1005.0.3
Update Date : Jan. 4, 2017 at 23:48:56 GMT
Path : C:\Users\jsilver\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5516.1005.0.3_0

User : kgrant
|- Browser : Chrome
|- Add-on information :

Name : YouTube
Description : The world's most popular online video community.
Version : 4.2.6
Update Date : Apr. 10, 2013 at 22:35:35 GMT
Path : C:\Users\kgrant\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0

Name : Google Search
Description : The fastest way to search the web.
Version : 0.0.0.20
Update Date : Mar. 27, 2013 at 20:49:49 GMT
Path : C:\Users\kgrant\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0

Name : Norton Identity Protection
Description : Symantec Corporation
Version : 2013.2.0.18
Path : C:\Users\kgrant\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.2.0.18_0

Name : Gmail
Description : Fast, searchable email with less spam.
Version : 7
Update Date : Nov. 9, 2012 at 00:52:35 GMT
Path : C:\Users\kgrant\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1

User : oishelper
|- Browser : Chrome
|- Add-on information :

Name : Google Slides
Description : Create and edit presentations
Version : 0.9
Update Date : Jan. 20, 2016 at 16:53:50 GMT
Path : C:\Users\oishelper\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0

Name : Google Docs
Description : Create and edit documents
Version : 0.9
Update Date : Jan. 20, 2016 at 16:53:51 GMT
Path : C:\Users\oishelper\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0

Name : Google Drive
Description : Google Drive: create, share and keep all your stuff in one place.
Version : 14.1
Update Date : Jan. 20, 2016 at 16:53:49 GMT
Path : C:\Users\oishelper\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0

Name : YouTube
Version : 4.2.8
Update Date : Jan. 20, 2016 at 16:53:51 GMT
Path : C:\Users\oishelper\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0

Name : Google Search
Description : The fastest way to search the web.
Version : 0.0.0.60
Update Date : Jan. 20, 2016 at 16:53:52 GMT
Path : C:\Users\oishelper\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.60_0

Name : Google Sheets
Description : Create and edit spreadsheets
Version : 1.1
Update Date : Jan. 20, 2016 at 16:53:53 GMT
Path : C:\Users\oishelper\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0

Name : Google Docs Offline
Description : Get things done offline with the Google Docs family of products.
Version : 1.1
Update Date : Jan. 20, 2016 at 16:53:49 GMT
Path : C:\Users\oishelper\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.1_0

Name : Norton Identity Safe
Description : Access your Identity Safe Vault, which remembers your usernames and passwords for single-click access to your favorite sites.
Version : 1.0.5
Update Date : Jan. 20, 2016 at 17:11:25 GMT
Path : C:\Users\oishelper\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif\1.0.5_0

Name : Chrome Web Store Payments
Description : Chrome Web Store Payments
Version : 0.1.2.0
Path : C:\Users\oishelper\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0

Name : Gmail
Description : Fast, searchable email with less spam.
Version : 8.1
Update Date : Jan. 20, 2016 at 16:53:52 GMT
Path : C:\Users\oishelper\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0

User : swoods
|- Browser : Chrome
|- Add-on information :

Name : YouTube
Description : The world's most popular online video community.
Version : 4.2.5
Update Date : Feb. 24, 2012 at 21:03:41 GMT
Path : C:\Users\swoods\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0

Name : Google Search
Description : The fastest way to search the web.
Version : 0.0.0.19
Update Date : Mar. 29, 2012 at 18:44:05 GMT
Path : C:\Users\swoods\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0

Name : Gmail
Description : Fast, searchable email with less spam.
Version : 7
Update Date : Feb. 24, 2012 at 21:03:42 GMT
Path : C:\Users\swoods\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
96534 (1) - Firefox Browser Extension Enumeration
Synopsis
One or more Firefox browser extensions are installed on the remote host.
Description
Nessus was able to enumerate Firefox browser extensions installed on the remote host.
See Also
Solution
Make sure that the use and configuration of these extensions comply with your organization's acceptable use and security policies.
Risk Factor
None
Plugin Information:
Published: 2017/01/16, Modified: 2018/04/25
Plugin Output

10.0.0.64 (tcp/445)


User : everynetwork
|- Browser : Firefox
|- Plugin information :

Name : Adobe Acrobat
Description : Adobe PDF Plug-In For Firefox and Netscape 10.1.2
Version : 10.1.2.45
Update Date : Jan. 3, 2012 at 13:10:44 GMT
Path : C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
Note : The file indicated by 'Path' was not found at the path specified. The plugin may have been updated or removed since pluginreg.dat was last updated.

Name : Adobe Acrobat
Description : Adobe PDF Plug-In For Firefox and Netscape 10.1.2
Version : 10.1.2.45
Update Date : Jan. 3, 2012 at 13:10:44 GMT
Path : C:\Program Files (x86)\Adobe\Reader 10.0\Reader\browser\nppdf32.dll
Note : The file indicated by 'Path' was not found at the path specified. The plugin may have been updated or removed since pluginreg.dat was last updated.

Name : Java Deployment Toolkit 6.0.310.5
Description : NPRuntime Script Plug-in Library for Java(TM) Deploy
Version : 6.0.310.5
Update Date : Feb. 17, 2012 at 18:29:44 GMT
Path : C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
Note : The file indicated by 'Path' was not found at the path specified. The plugin may have been updated or removed since pluginreg.dat was last updated.

Name : Java(TM) Platform SE 6 U31
Description : Next Generation Java Plug-in 1.6.0_31 for Mozilla browsers
Version : 6.0.310.5
Update Date : Feb. 17, 2012 at 18:29:44 GMT
Path : C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
Note : The file indicated by 'Path' was not found at the path specified. The plugin may have been updated or removed since pluginreg.dat was last updated.

Name : Windows Live.. Photo Gallery
Description : NPWLPG
Version : 15.4.3508.1109
Update Date : Nov. 10, 2010 at 08:27:46 GMT
Path : C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

Name : Silverlight Plug-In
Description : 4.0.50401.0
Version : 4.0.50401.0
Update Date : Apr. 1, 2010 at 07:20:08 GMT
Path : c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll
Note : The file indicated by 'Path' was not found at the path specified. The plugin may have been updated or removed since pluginreg.dat was last updated.

User : kyu
|- Browser : Firefox
|- Extension information :

Name : Default
Description : The default theme.
Version : 29.0.1
Install Date : Sep. 13, 2012 at 21:53:13 GMT
Update Date : May. 12, 2014 at 17:21:06 GMT
Path : C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
ID : {972ce4c6-7e08-4474-a285-3208198ce6fd}
Note : The file indicated by 'Path' was not found at the path specified. The extension may have been updated or removed since extensions.json was last updated.
Status : Enabled

Name : Norton Vulnerability Protection
Description : Symantec Corporation
Version : 12.2.0.5 - 1
Install Date : May. 10, 2013 at 03:10:35 GMT
Update Date : Jun. 4, 2014 at 01:11:31 GMT
Path : C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\IPSFF
ID : {BBDA0591-3099-440a-AA10-41764D9DB4DB}
Note : The file indicated by 'Path' was not found at the path specified. The extension may have been updated or removed since extensions.json was last updated.
Status : Enabled

Name : Norton Toolbar
Description : Symantec Corporation
Version : 2013.4.8.1
Install Date : May. 7, 2013 at 16:33:35 GMT
Update Date : May. 15, 2014 at 10:26:29 GMT
Path : C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\coFFPlgn
ID : {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}
Note : The file indicated by 'Path' was not found at the path specified. The extension may have been updated or removed since extensions.json was last updated.
Status : Disabled

|- Plugin information :

Name : Microsoft Office 2010
Description : Office Authorization plug-in for NPAPI browsers
Version : 14.0.4730.1010
Update Date : Jan. 10, 2010 at 05:42:18 GMT
Path : C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL

Name : Microsoft Office 2010
Description : The plug-in allows you to open and edit files using Microsoft Office applications
Version : 14.0.4761.1000
Update Date : Mar. 25, 2010 at 04:22:38 GMT
Path : C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL

Name : Adobe Acrobat
Description : Adobe PDF Plug-In For Firefox and Netscape "9.5.5"
Version : 9.5.5.316
Update Date : May. 8, 2013 at 11:12:55 GMT
Path : C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll

Name : Adobe Acrobat
Description : Adobe PDF Plug-In For Firefox and Netscape "9.5.5"
Version : 9.5.5.316
Update Date : May. 8, 2013 at 11:12:55 GMT
Path : C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\browser\nppdf32.dll

Name : Google Update
Description : Google Update
Version : 1.3.24.7
Update Date : May. 6, 2014 at 07:24:18 GMT
Path : C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll
Note : The file indicated by 'Path' was not found at the path specified. The plugin may have been updated or removed since pluginreg.dat was last updated.

Name : Windows Live.. Photo Gallery
Description : NPWLPG
Version : 15.4.3508.1109
Update Date : Nov. 10, 2010 at 08:27:46 GMT
Path : C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

Name : FUZEShare
Description : Fuze Meeting NPAPI Plugin
Version : 1.0.0.1
Update Date : Apr. 19, 2013 at 20:12:08 GMT
Path : C:\Users\kyu\AppData\Local\Fuze Box\Fuze Meeting\npfuzeshare.dll

Name : Shockwave Flash
Description : Shockwave Flash 13.0 r0
Version : 13.0.0.214
Update Date : May. 14, 2014 at 18:29:19 GMT
Path : C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll
Note : The file indicated by 'Path' was not found at the path specified. The plugin may have been updated or removed since pluginreg.dat was last updated.

Name : Java Deployment Toolkit 7.0.170.2
Description : NPRuntime Script Plug-in Library for Java(TM) Deploy
Version : 10.17.2.2
Update Date : Mar. 25, 2013 at 21:29:24 GMT
Path : C:\Windows\SysWOW64\npdeployJava1.dll
Note : The file indicated by 'Path' was not found at the path specified. The plugin may have been updated or removed since pluginreg.dat was last updated.

Name : Silverlight Plug-In
Description : 5.1.30214.0
Version : 5.1.30214.0
Update Date : Feb. 14, 2014 at 05:57:42 GMT
Path : c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll
Note : The file indicated by 'Path' was not found at the path specified. The plugin may have been updated or removed since pluginreg.dat was last updated.

User : swoods
|- Browser : Firefox
|- Plugin information :

Name : Microsoft Office 2010
Description : Office Authorization plug-in for NPAPI browsers
Version : 14.0.4730.1010
Update Date : Jan. 10, 2010 at 05:42:18 GMT
Path : C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL

Name : Microsoft Office 2010
Description : The plug-in allows you to open and edit files using Microsoft Office applications
Version : 14.0.4761.1000
Update Date : Mar. 25, 2010 at 04:22:38 GMT
Path : C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL

Name : Adobe Acrobat
Description : Adobe PDF Plug-In For Firefox and Netscape "9.5.2"
Version : 9.5.2.295
Update Date : Jul. 30, 2012 at 21:52:13 GMT
Path : C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll

Name : Adobe Acrobat
Description : Adobe PDF Plug-In For Firefox and Netscape 10.1.4
Version : 10.1.4.38
Update Date : Jul. 27, 2012 at 20:51:36 GMT
Path : C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
Note : The file indicated by 'Path' was not found at the path specified. The plugin may have been updated or removed since pluginreg.dat was last updated.

Name : Adobe Acrobat
Description : Adobe PDF Plug-In For Firefox and Netscape 10.1.4
Version : 10.1.4.38
Update Date : Jul. 27, 2012 at 20:51:30 GMT
Path : C:\Program Files (x86)\Adobe\Reader 10.0\Reader\browser\nppdf32.dll
Note : The file indicated by 'Path' was not found at the path specified. The plugin may have been updated or removed since pluginreg.dat was last updated.

Name : Java(TM) Platform SE 6 U35
Description : Next Generation Java Plug-in 1.6.0_35 for Mozilla browsers
Version : 6.0.350.10
Update Date : Sep. 5, 2012 at 16:18:05 GMT
Path : C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
Note : The file indicated by 'Path' was not found at the path specified. The plugin may have been updated or removed since pluginreg.dat was last updated.

Name : Windows Live.. Photo Gallery
Description : NPWLPG
Version : 15.4.3508.1109
Update Date : Nov. 10, 2010 at 08:27:46 GMT
Path : C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

Name : Google Update
Description : Google Update
Version : 1.3.21.123
Update Date : Sep. 15, 2012 at 13:42:18 GMT
Path : C:\Users\swoods\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll

Name : ActiveTouch General Plugin Container
Description : ActiveTouch General Plugin Container Version 105
Version : 28.1.2011.1123
Update Date : Apr. 16, 2012 at 18:37:56 GMT
Path : C:\Users\swoods\AppData\Roaming\Mozilla\plugins\npatgpc.dll

Name : Shockwave Flash
Description : Shockwave Flash 11.4 r402
Version : 11.4.402.287
Update Date : Oct. 8, 2012 at 21:29:16 GMT
Path : C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
Note : The file indicated by 'Path' was not found at the path specified. The plugin may have been updated or removed since pluginreg.dat was last updated.

Name : Java Deployment Toolkit 6.0.350.10
Description : NPRuntime Script Plug-in Library for Java(TM) Deploy
Version : 6.0.350.10
Update Date : Sep. 5, 2012 at 16:18:05 GMT
Path : C:\Windows\SysWOW64\npdeployJava1.dll
Note : The file indicated by 'Path' was not found at the path specified. The plugin may have been updated or removed since pluginreg.dat was last updated.

Name : Silverlight Plug-In
Description : 4.1.10329.0
Version : 4.1.10329.0
Update Date : Mar. 29, 2012 at 10:57:56 GMT
Path : c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
Note : The file indicated by 'Path' was not found at the path specified. The plugin may have been updated or removed since pluginreg.dat was last updated.
99364 (1) - Microsoft .NET Security Rollup Enumeration
Synopsis
This plugin enumerates installed Microsoft .NET security rollups.
Description
Nessus was able to enumerate the Microsoft .NET security rollups installed on the remote Windows host.
See Also
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2017/04/14, Modified: 2018/04/25
Plugin Output

10.0.0.14 (tcp/445)



.NET version : 3.0
Latest effective update level : 01_2018
File checked : C:\Windows\Microsoft.NET\Framework\v3.0\smdiagnostics.dll
File version : 3.0.4506.8789
Associated KB : 4054996, 4054174


.NET version : 2.0.50727
Latest effective update level : 09_2017
File checked : C:\Windows\Microsoft.NET\Framework\v2.0.50727\system.runtime.remoting.dll
File version : 2.0.50727.8771
Associated KB : 4041086, 4041093
101085 (1) - Skype Installed
Synopsis
An instant messaging application is installed on the remote Windows host.
Description
Skype, an instant messaging and video chat application, is installed on the remote Windows host.
See Also
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2017/06/28, Modified: 2018/04/25
Plugin Output

10.0.0.64 (tcp/445)


Path : C:\Program Files (x86)\Skype\Phone\
Version : 7.0.59.102
104887 (1) - Samba Version
Synopsis
It was possible to obtain the samba version from the remote operating system.
Description
Nessus was able to obtain the samba version from the remote operating by sending an authentication request to port 139 or 445. Note that this plugin requires SMB1 to be enabled on the host.
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2017/11/30, Modified: 2017/11/30
Plugin Output

10.0.0.133 (tcp/445)


The remote Samba Version is : Samba 4.7.0
105793 (1) - VMware Tools Detection
Synopsis
A virtual machine management application is installed on the remote host.
Description
VMware Tools, a suite of utilities that enhances the performance of the virtual machines guest operating system is installed on the remote Windows host.
See Also
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2018/01/13, Modified: 2018/04/25
Plugin Output

10.0.0.14 (tcp/445)


Path : C:\Program Files\VMware\VMware Tools\
Version : 9.4.10.37835
108804 (1) - Microsoft Exchange Server Detection (Uncredentialed)
Synopsis
The remote host is running an Exchange Server.
Description
One or more Microsoft Exchange servers are listening on the remote host.
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2018/04/03, Modified: 2018/04/03
Plugin Output

10.0.0.158 (tcp/0)


Path :
Version : unknown
Remediations
Suggested Remediations
Taking the following actions across 3 hosts would resolve 48% of the vulnerabilities on the network.
Action to take Vulns Hosts
Adobe Reader < 11.0.23 / 2015.006.30392 / 2017.011.30068 / 2018.009.20044 Multiple Vulnerabilities (APSB17-36): Upgrade to Adobe Reader 11.0.23 / 2015.006.30392 / 2017.011.30068 / 2018.009.20044 or later. 490 1
Mozilla Firefox ESR < 59.0.2 Denial of Service Vulnerability: Upgrade to Mozilla Firefox ESR version 59.0.2 or later. 412 1
Oracle Java SE Multiple Vulnerabilities (April 2018 CPU): Upgrade to Oracle JDK / JRE 10 Update 1, 8 Update 171 / 7 Update 181 / 6 Update 191 or later. If necessary, remove any affected versions. Note that an Extended Support contract with Oracle is needed to obtain JDK / JRE 6 Update 95 or later. 156 2
VMware vCenter Server 5.5.x < 5.5U3g / 6.0.x < 6.0U3d / 6.5.x < 6.5U1e Hypervisor-Assisted Guest Remediation (VMSA-2018-0004) (Spectre): Upgrade to VMware vCenter Server version 5.5.U3g (5.5.0 build-7460778) / 6.0U3d (6.0.0 build-7464194) / 6.5U1e (6.5.0 build-7515524) or later. 96 1
Google Chrome < 65.0.3325.146 Multiple Vulnerabilities: Upgrade to Google Chrome version 65.0.3325.146 or later. 54 1
Adobe Flash Player <= 29.0.0.113 (APSB18-08): Upgrade to Adobe Flash Player version 29.0.0.140 or later. 40 2
Install KB4093118 23 1
Install KB4092946 16 2
Install MS18-01 5 1
Install MS18-01 5 1
Install MS18-01 5 1
Oracle Document Capture Multiple Vulnerabilities: If using Oracle's Document Capture client, apply the patch from Oracle to disable the ActiveX controls. If using a different application that includes the NCSEcw.dll control, set the kill bit for the affect control as discussed in Hexagon Geospatial's advisory. 5 1
Install MS18-01 5 1
Install MS18-01 5 1
Install KB4093224 2 1
Adobe Shockwave Player <= 12.2.9.199 Memory Corruption RCE (APSB17-40): Upgrade to Adobe Shockwave Player version 12.3.1.201 or later. 2 1
Install KB4093478 1 1
Install KB4093223 1 1
HP MFP Digital Sending Software < 4.18.3 Local Unspecified Authentication Bypass: Upgrade to HP MFP Digital Sending Software 4.18.5 or later. Note that HP initially recommended upgrading to version 4.18.3. While that version does address the vulnerability, it also introduces a non-security defect and HP now recommends upgrading to version 4.18.5. 1 1
© 2018 Tenable™, Inc. All rights reserved.