Vous êtes sur la page 1sur 159

NESSUS REPORT

List of PlugIn IDs


The following plugin IDs have problems associated with them. Select the ID to review more detail. PLUGIN ID# # PLUGIN NAME SNMP Agent 41028 2 Default Community Name (public) Cisco IOS Software Network Address 56318 1 Translation Vulnerabilities Cisco Systems Cisco IOS Software Data-Link 56314 1 Switching Vulnerability Cisco Systems Cisco IOS Software Session Initiation 49648 1 Protocol Denial of Service Vulnerabilities Cisco Systems Cisco IOS Software H.323 Denial of 49647 1 Service Vulnerabilities Cisco Systems Cisco IOS Software 49048 1 Tunnels Vulnerability Cisco Systems Cisco IOS Software H.323 Denial of 49042 1 Service Vulnerability Cisco Systems 49040 1 Cisco IOS Software High Severity High Severity problem(s) found High Severity problem(s) found High Severity problem(s) found High Severity problem(s) found High Severity problem(s) found High Severity problem(s) found High Severity problem(s) found SEVERITY

Authentication Proxy Vulnerability Cisco Systems TCP State Manipulation Denial of Service 49038 1 Vulnerabilities in Multiple Cisco Products - Cisco Systems Cisco IOS Software WebVPN and 49036 1 SSLVPN Vulnerabilities Cisco Systems Cisco IOS Software Multiple Features 49035 1 Crafted UDP Packet Vulnerability Cisco Systems Cisco IOS Software Session Initiation 49033 1 Protocol Denial of Service Vulnerability Cisco Systems Cisco IOS Software Secure Copy 49032 1 Privilege Escalation Vulnerability Cisco Systems Cisco IOS Software Mobile IP and 49031 1 Mobile IPv6 Vulnerabilities Cisco Systems Cisco IOS Software 49030 1 Multiple Features IP Sockets Vulnerability 49026 1 Vulnerability in Cisco IOS While Processing SSL High Severity problem(s) found High Severity problem(s) found High Severity problem(s) found High Severity problem(s) found High Severity problem(s) found High Severity problem(s) found High Severity problem(s) found High Severity problem(s) found problem(s) found

Packet - Cisco Systems Multiple Cisco IOS Session Initiation 49025 1 Protocol Denial of Service Vulnerabilities Cisco IOS IPS 49019 1 Denial of Service Vulnerability Cisco Systems SNMP Version 3 49016 1 Authentication Vulnerabilities Cisco Systems Cisco IOS Secure Shell Denial of 49015 1 Service Vulnerabilities Cisco Systems Multiple 49003 1 Vulnerabilities in the IOS FTP Server Cisco IOS TCP 24744 1 Listener Crafted Packets Remote DoS (CSCek37177) Cisco IOS SIP 24740 1 Packet Handling Remote DoS (CSCsh58082) Cisco IOS System 20134 1 Timers Remote Overflow (CSCei61732) SNMP Agent 10264 1 Default Community Names SSL Certificate signed with an 51192 2 unknown Certificate Authority 10079 49017 2 1 Anonymous FTP Enabled Multiple Cisco Medium Severity problem(s) found Medium Severity Medium Severity problem(s) found High Severity problem(s) found High Severity problem(s) found High Severity problem(s) found High Severity problem(s) found High Severity problem(s) found High Severity problem(s) found High Severity problem(s) found High Severity problem(s) found High Severity problem(s) found

Products Vulnerable to DNS Cache Poisoning Attacks Cisco IOS Data-link Switching (DLSw) 24019 1 Capabilities Exchange Remote DoS (CSCsf28840) Cisco IOS MMP Stack Group Bidding Protocol 20744 1 (SGBP) Crafted UDP Packet Remote DoS (CSCsb11124) 12218 1 mDNS Detection HTTP TRACE / 11213 1 TRACK Methods Allowed 22964 54615 45590 28 7 7 Service Detection Device Type Common Platform Enumeration (CPE) HyperText 24260 7 Transfer Protocol (HTTP) Information 11936 10107 11002 10287 7 7 6 6 OS Identification HTTP Server Type and Version DNS Server Detection Traceroute Information HTTP Methods 43111 5 Allowed (per directory) TCP/IP 25220 10114 5 5 Timestamps Supported ICMP Timestamp Low Severity problem(s) found Low Severity problem(s) found Low Severity problem(s) found Low Severity problem(s) found Low Severity problem(s) found Low Severity problem(s) found Low Severity Low Severity problem(s) found Medium Severity problem(s) found Medium Severity problem(s) found Low Severity problem(s) found Low Severity problem(s) found Low Severity problem(s) found Medium Severity problem(s) found Medium Severity problem(s) found problem(s) found

Request Remote Date Disclosure 46180 4 Additional DNS Hostnames Network Time 10884 3 Protocol (NTP) Server Detection 53491 2 SSL / TLS Renegotiation DoS SNMP Supported 40448 2 Protocols Detection 35296 2 SNMP Protocol Version Detection FTP Supports 34324 2 Clear Text Authentication SNMP Query 34022 2 Routing Information Disclosure 21643 20870 20301 2 2 2 SSL Cipher Suites Supported LDAP Server Detection VMware ESX/GSX Server detection Web Server / 20108 2 Application favicon.ico Vendor Fingerprinting 20094 14274 10863 2 2 2 VMware Virtual Machine Detection Nessus SNMP Scanner SSL Certificate Information SNMP Query 10800 2 System Information Disclosure SNMP Request 10551 2 Network Interfaces Enumeration 10263 2 SMTP Server

problem(s) found Low Severity problem(s) found Low Severity problem(s) found Low Severity problem(s) found Low Severity problem(s) found Low Severity problem(s) found Low Severity problem(s) found

Low Severity problem(s) found Low Severity problem(s) found Low Severity problem(s) found Low Severity problem(s) found Low Severity problem(s) found Low Severity problem(s) found Low Severity problem(s) found Low Severity problem(s) found Low Severity problem(s) found

Low Severity problem(s) found Low Severity

Detection Quote of the Day 10198 2 (QOTD) Service Detection 10092 10061 10052 55472 50845 34220 2 2 2 1 1 1 FTP Server Detection Echo Service Detection Daytime Service Detection Device Hostname OpenSSL Detection Netstat Portscanner (WMI) Microsoft .NET 24242 1 Handlers Enumeration 22319 1 MSRPC Service Detection SNMP Query 19763 1 Installed Software Disclosure 11424 1 WebDAV Detection Web Server 11422 1 Unconfigured Default Install Page Present 11367 1 Discard Service Detection Unknown Service 11154 1 Detection: Banner Retrieval 11153 1 Service Detection (HELP Request) News Server 11033 1 (NNTP) Information Disclosure SNMP Request 10969 1 Cisco Router Information Disclosure 10550 1 SNMP Query

problem(s) found Low Severity problem(s) found Low Severity problem(s) found Low Severity problem(s) found Low Severity problem(s) found Low Severity problem(s) found Low Severity problem(s) found Low Severity problem(s) found Low Severity problem(s) found Low Severity problem(s) found Low Severity problem(s) found Low Severity problem(s) found Low Severity problem(s) found Low Severity problem(s) found Low Severity problem(s) found Low Severity problem(s) found Low Severity problem(s) found

Low Severity problem(s) found Low Severity

Running Process List Disclosure Microsoft Windows LAN Manager 10547 1 SNMP LanMan Services Disclosure Microsoft Windows 10546 1 LAN Manager SNMP LanMan Users Disclosure Web Server No 10386 1 404 Error Code Check 10281 10147 1 1 Telnet Server Detection Nessus Server Detection Microsoft 10077 1 FrontPage Extensions Check PORT (0/TCP)

problem(s) found

Low Severity problem(s) found

Low Severity problem(s) found

Low Severity problem(s) found Low Severity problem(s) found Low Severity problem(s) found Low Severity problem(s) found

Plugin ID: 45590 Common Platform Enumeration (CPE)

Synopsis It is possible to enumerate CPE names that matched on the remote\system. List of Hosts 192.168.80.9 Plugin Output
The remote operating system matched the following CPE :

cpe:/o:microsoft:windows_server_2008::sp1

Following application CPE matched on the remote system :

cpe:/a:microsoft:iis:7.0 -> Microsoft Internet Information Services (IIS) 7.0

192.168.80.8 Plugin Output


The remote operating system matched the following CPE :

cpe:/o:microsoft:windows_7:::starter

192.168.80.7 Plugin Output


The remote operating system matched the following CPE :

cpe:/o:microsoft:windows_2003_server::sp2 -> Microsoft Windows 2003 Server Service Pack 2

Following application CPE matched on the remote system :

cpe:/a:microsoft:iis:6.0 -> Microsoft Internet Information Services (IIS) 6.0

192.168.80.6 Plugin Output


The remote operating system matched the following CPE's :

cpe:/o:microsoft:windows_xp::sp2 -> Microsoft Windows XP Service Pack 2 cpe:/o:microsoft:windows_xp::sp3 -> Microsoft Windows XP Service Pack 3

Following application CPE matched on the remote system :

cpe:/a:microsoft:iis:5.1 -> Microsoft IIS 5.1

192.168.80.2 Plugin Output

The remote operating system matched the following CPE :

cpe:/o:microsoft:windows_2003_server::sp1 -> Microsoft Windows 2003 Server Service Pack 1

Following application CPE matched on the remote system :

cpe:/a:microsoft:iis:6.0 -> Microsoft Internet Information Services (IIS) 6.0

192.168.80.10 Plugin Output


The remote operating system matched the following CPE :

cpe:/o:microsoft:windows_7:::home

192.168.80.1 Plugin Output


The remote operating system matched the following CPE :

cpe:/o:cisco:ios:12.4 -> Cisco IOS 12.4

Description By using information obtained from a Nessus scan, this plugin reports CPE (Common Platform Enumeration) matches for various hardware and software products found on a host. Note that if an official CPE is not available for the product, this plugin computes the best possible CPE based on the information available from the scan.

Solution n/a See also http://cpe.mitre.org/ Risk Factor None Plugin publication date: 2010/04/21 Plugin last modification date: 2011/06/07 PORT SNMP (161/UDP) Plugin ID: 34022 SNMP Query Routing Information Disclosure

Synopsis The list of IP routes on the remote host can be obtained via SNMP. List of Hosts 192.168.80.6 Plugin Output
127.0.0.0/255.0.0.0 192.168.56.0/255.255.255.0 192.168.56.1/255.255.255.255 192.168.56.255/255.255.255.255 192.168.80.0/255.255.255.0 192.168.80.6/255.255.255.255 192.168.80.255/255.255.255.255 224.0.0.0/240.0.0.0 255.255.255.255/255.255.255.255

192.168.80.1 Plugin Output

192.168.80.0/255.255.255.0

Description It is possible to obtain the routing information on the remote host by sending SNMP requests with the OID 1.3.6.1.2.1.4.21 An attacker may use this information to gain more knowledge about the network topology. Solution Disable the SNMP service on the remote host if you do not use it, or filter incoming UDP packets going to this port. Risk Factor None Plugin publication date: 2008/08/21 Plugin last modification date: 2011/05/24 PORT (13/TCP) Plugin ID: 11154 Unknown Service Detection: Banner Retrieval

Synopsis There is an unknown service running on the remote host. List of Hosts 192.168.80.6 Plugin Output
If you know what this service is, please send a description along with the following output to svc-signatures@nessus.org :

Port : Type : Banner : 0x00:

13 spontaneous

30 39 3A 33 33 3A 34 38 20 61 2E 6D 2E 20 30 38 0x10: 2F 31 30 2F 32 30 31 31 0A

09:33:48 a.m. 08 /10/2011.

Description Nessus was unable to identify a service on the remote host even though it returned a banner of some type. Solution N/A Risk Factor None Plugin publication date: 2002/11/18 Plugin last modification date: 2011/03/17 PORT QOTD (17/TCP) Plugin ID: 11153 Service Detection (HELP Request)

Synopsis The remote service could be identified. List of Hosts 192.168.80.6 Plugin Output
qotd (Quote of the Day) seems to be running on this port (misconfigured).

Description It was possible to identify the remote service by its banner or by looking at the error message it sends when it receives a 'HELP' request. Solution n/a Risk Factor None Plugin publication date: 2002/11/18 Plugin last modification date: 2011/09/14 PORT SNMP (161/UDP) Plugin ID: 20744 Cisco IOS MMP Stack Group Bidding Protocol (SGBP) Crafted UDP Packet Remote DoS (CSCsb11124)

Synopsis The remote router can be crashed remotely. List of Hosts 192.168.80.1

Description The remote host is a CISCO router containing a version of IOS which is prone to a denial of service vulnerability. An attacker may exploit this flaw to crash the remote device. Solution http://www.cisco.com/warp/public/707/cisco-sa-20060118-sgbp.shtml

Risk Factor Medium/ CVSS Base Score: 5.4 (CVSS2#AV:N/AC:H/Au:N/C:N/I:N/A:C) CVSS Temporal Score: 4.4(CVSS2#E:U/RL:W/RC:C) CVE CVE-2006-0340 Bugtraq ID 16303 Other References OSVDB:22624 CWE:20 Vulnerability publication date: 2006/01/18 Plugin publication date: 2006/01/19 Plugin last modification date: 2011/03/17 Ease of exploitability : No known exploits are available PORT (0/TCP) Plugin ID: 49042 Cisco IOS Software H.323 Denial of Service Vulnerability - Cisco Systems

Synopsis The remote device is missing a vendor-supplied security patch List of Hosts 192.168.80.1 Plugin Output
Update to 12.4(25b) or later

Description The H.323 implementation in Cisco IOS Software contains a vulnerability that can be exploited remotely to cause a device that is running Cisco IOS Software to reload.

Cisco has released free software updates that address this vulnerability. There are no workarounds to mitigate the vulnerability apart from disabling H.323 if the device that is running Cisco IOS Software does not need to run H.323 for VoIP services. Solution Apply the described patch (see plugin output). See also http://www.cisco.com/warp/public/707/cisco-sa-20090923h323.shtml http://www.cisco.com/en/US/products/products_security_adviso ry09186a0080af811a.shtml Risk Factor High/ CVSS Base Score: 7.8 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C) CVE CVE-2009-2866 Other References CISCO-BUG-ID:CSCsz38104 CISCO-SA:cisco-sa-20090923-h323http Plugin publication date: 2010/09/01 Plugin last modification date: 2011/03/30 PORT QOTD (17/TCP) Plugin ID: 10198 Quote of the Day (QOTD) Service Detection

Synopsis The quote service (qotd) is running on this host. List of Hosts 192.168.80.6

Description

A server listens for TCP connections on TCP port 17. Once a connection is established a short message is sent out the connection (and any data received is thrown away). The service closes the connection after sending the quote. Another quote of the day service is defined as a datagram based application on UDP. A server listens for UDP datagrams on UDP port 17. When a datagram is received, an answering datagram is sent containing a quote (the data in the received datagram is ignored). An easy attack is 'pingpong' which IP spoofs a packet between two machines running qotd. This will cause them to spew characters at each other, slowing the machines down and saturating the network. Solution - Under Unix systems, comment out the 'qotd' line in /etc/inetd.conf and restart the inetd process - Under Windows systems, set the following registry keys to 0 : HKLM\System\CurrentControlSet\Services\SimpTCP\Parameters\Enabl eTcpQotd HKLM\System\CurrentControlSet\Services\SimpTCP\Parameters\Enabl eUdpQotd Then launch cmd.exe and type : net stop simptcp net start simptcp To restart the service. Risk Factor None

CVE CVE-1999-0103 Other References OSVDB:150 Vulnerability publication date: 1996/02/08 Plugin publication date: 1999/11/30 Plugin last modification date: 2011/07/26 PORT TELNET (23/TCP) Plugin ID: 10281 Telnet Server Detection

Synopsis A Telnet server is listening on the remote port. List of Hosts 192.168.80.1 Plugin Output
Here is the banner from the remote Telnet server :

------------------------------ snip ------------------------------

User Access Verification

Password: ------------------------------ snip ------------------------------

Description The remote host is running a Telnet server, a remote terminal server. Solution Disable this service if you do not use it.

Risk Factor None Plugin publication date: 1999/10/12 Plugin last modification date: 2011/03/17 PORT (0/TCP) Plugin ID: 49025 Multiple Cisco IOS Session Initiation Protocol Denial of Service Vulnerabilities

Synopsis The remote device is missing a vendor-supplied security patch List of Hosts 192.168.80.1 Plugin Output
Update to 12.4(18c) or later

Description Multiple vulnerabilities exist in the Session Initiation Protocol (SIP) implementation in Cisco IOS that can be exploited remotely to trigger a memory leak or to cause a reload of the IOS device. Cisco has released free software updates that address these vulnerabilities. Fixed Cisco IOS software listed in the Software Versions and Fixes section contains fixes for all vulnerabilities addressed in this advisory. There are no workarounds available to mitigate the effects of any of the vulnerabilities apart from disabling the protocol or feature itself, if administrators do not require the Cisco IOS device to provide voice over IP services. Solution Apply the described patch (see plugin output).

See also http://www.cisco.com/warp/public/707/cisco-sa-20080924iosfw.shtml http://www.cisco.com/warp/public/707/cisco-sa-20080924mfi.shtml http://www.cisco.com/warp/public/707/cisco-sa-20080924iosips.shtml http://www.cisco.com/warp/public/707/cisco-sa-20080924vpn.shtml http://www.cisco.com/warp/public/707/cisco-sa-20080924cucm.shtml http://www.cisco.com/warp/public/707/cisco-sa-20080924ssl.shtml http://www.cisco.com/warp/public/707/cisco-sa-20080924cucm.shtml http://www.cisco.com/warp/public/707/cisco-sa-20080924l2tp.shtml http://www.cisco.com/warp/public/707/cisco-sa-20070131sip.shtml http://www.cisco.com/warp/public/707/cisco-sa-20080924sip.shtml http://www.cisco.com/warp/public/707/cisco-sa-20080924sccp.shtml http://www.cisco.com/warp/public/707/cisco-sa-20080924multicast.shtml http://www.cisco.com/warp/public/707/cisco-sa-20080924ubr.shtml http://www.cisco.com/warp/public/707/cisco-sa-20080924ipc.shtml http://www.cisco.com/en/US/products/products_security_adviso ry09186a0080a01562.shtml Risk Factor High/ CVSS Base Score: 7.8 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C) CVE CVE-2008-3799 CVE-2008-3800 CVE-2008-3801

CVE-2008-3802 Other References CWE:399 CISCO-BUG-ID:CSCsb25337 CISCO-BUG-ID:CSCse56800 CISCO-BUG-ID:CSCsg91306 CISCO-BUG-ID:CSCsk42759 CISCO-BUG-ID:CSCsl62609 CISCO-SA:cisco-sa-20080924-siphttp Plugin publication date: 2010/09/01 Plugin last modification date: 2011/03/30 PORT (0/TCP) Plugin ID: 49038 TCP State Manipulation Denial of Service Vulnerabilities in Multiple Cisco Products - Cisco Systems

Synopsis The remote device is missing a vendor-supplied security patch List of Hosts 192.168.80.1 Plugin Output
Update to 12.4(25b) or later

Description Multiple Cisco products are affected by denial of service (DoS) vulnerabilities that manipulate the state of Transmission Control Protocol (TCP) connections. By manipulating the state of a TCP connection, an attacker could force the TCP connection to remain in a long-lived state, possibly indefinitely. If enough TCP connections are forced into a long-lived or indefinite state, resources on a system under attack may be consumed, preventing new TCP connections from being

accepted. In some cases, a system reboot may be necessary to recover normal system operation. To exploit these vulnerabilities, an attacker must be able to complete a TCP three-way handshake with a vulnerable system. In addition to these vulnerabilities, Cisco Nexus 5000 devices contain a TCP DoS vulnerability that may result in a system crash. This additional vulnerability was found as a result of testing the TCP state manipulation vulnerabilities. Cisco has released free software updates for download from the Cisco website that address these vulnerabilities. Workarounds that mitigate these vulnerabilities are available. Solution Apply the described patch (see plugin output). See also http://www.cisco.com/warp/public/707/cisco-sa-20090908tcp24.shtml http://www.cisco.com/en/US/products/products_security_adviso ry09186a0080af511d.shtml Risk Factor High/ CVSS Base Score: 7.8 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C) CVE CVE-2008-4609 CVE-2009-0627 Other References CWE:16 CISCO-BUG-ID:CSCsv02768 CISCO-BUG-ID:CSCsv04836 CISCO-BUG-ID:CSCsv07712 CISCO-BUG-ID:CSCsv08059 CISCO-BUG-ID:CSCsv08325 CISCO-BUG-ID:CSCsv08579 CISCO-BUG-ID:CSCsv66169

CISCO-SA:cisco-sa-20090908-tcp24http Plugin publication date: 2010/09/01 Plugin last modification date: 2011/03/30 PORT WWW (80/TCP) Plugin ID: 11213 HTTP TRACE / TRACK Methods Allowed

Synopsis Debugging functions are enabled on the remote web server. List of Hosts 192.168.80.6 Plugin Output
Use the URLScan tool to deny HTTP TRACE requests or to permit only the methods needed to meet site requirements and policy.

Nessus sent the following TRACE request :

------------------------------ snip -----------------------------TRACE /Nessus1064595757.html HTTP/1.1 Connection: Close Host: 192.168.80.6 Pragma: no-cache User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0) Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, */* Accept-Language: en Accept-Charset: iso-8859-1,*,utf-8

------------------------------ snip ------------------------------

and received the following response from the remote server :

------------------------------ snip -----------------------------HTTP/1.1 200 OK

Server: Microsoft-IIS/5.1 Date: Sat, 08 Oct 2011 14:35:41 GMT X-Powered-By: ASP.NET Content-Type: message/http Content-Length: 314

TRACE /Nessus1064595757.html HTTP/1.1 Connection: Keep-Alive Host: 192.168.80.6 Pragma: no-cache User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0) Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, */* Accept-Language: en Accept-Charset: iso-8859-1,*,utf-8

------------------------------ snip ------------------------------

Description The remote webserver supports the TRACE and/or TRACK methods. TRACE and TRACK are HTTP methods that are used to debug web server connections. Solution Disable these methods. Refer to the plugin output for more information. See also http://www.cgisecurity.com/whitehat-mirror/WHWhitePaper_XST_ebook.pdf http://www.apacheweek.com/issues/03-01-24 http://www.kb.cert.org/vuls/id/288308 http://www.kb.cert.org/vuls/id/867593 http://download.oracle.com/sunalerts/1000718.1.html

Risk Factor Medium/ CVSS Base Score: 4.3 (CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N) CVSS Temporal Score: 3.9(CVSS2#E:F/RL:W/RC:C) CVE CVE-2003-1567 CVE-2004-2320 CVE-2010-0386 Bugtraq ID 9506 9561 11604 33374 37995 Other References OSVDB:877 OSVDB:3726 OSVDB:5648 OSVDB:50485 CWE:16 Vulnerability publication date: 2003/01/20 Plugin publication date: 2003/01/23 Plugin last modification date: 2011/09/19 Ease of exploitability : Exploits are available PORT SNMP (161/UDP) Plugin ID: 10800 SNMP Query System Information Disclosure

Synopsis The System Information of the remote host can be obtained via SNMP. List of Hosts 192.168.80.6

Plugin Output
System information : sysDescr : Hardware: x86 Family 15 Model 76 Stepping 2 AT/AT COMPATIBLE -

Software: Windows 2000 Version 5.1 (Build 2600 Uniprocessor Free) sysObjectID sysUptime sysContact sysName sysLocation sysServices : 1.3.6.1.4.1.311.1.1.3.1.1 : 0d 0h 5m 54s : : HOGAR-86A6036CE : : 76

192.168.80.1 Plugin Output


System information : sysDescr : Cisco IOS Software, 1841 Software (C1841-IPBASE-M), Version

12.4(1c), RELEASE SOFTWARE (fc1) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2005 by Cisco Systems, Inc. Compiled Tue 25-Oct-05 17:10 by evmiller sysObjectID sysUptime sysContact sysName sysLocation sysServices : 1.3.6.1.4.1.9.1.620 : 0d 0h 5m 32s : : Seguridad2 : : 78

Description It is possible to obtain the system information about the remote host by sending SNMP requests with the OID 1.3.6.1.2.1.1.1. An attacker may use this information to gain more knowledge about the target host.

Solution Disable the SNMP service on the remote host if you do not use it, or filter incoming UDP packets going to this port. Risk Factor None Plugin publication date: 2001/11/06 Plugin last modification date: 2011/05/24 PORT WWW (8834/TCP) Plugin ID: 10107 HTTP Server Type and Version

Synopsis A web server is running on the remote host. List of Hosts 192.168.80.6 Plugin Output
The remote web server type is :

NessusWWW

Description This plugin attempts to determine the type and the version of the remote web server. Solution n/a Risk Factor None

Plugin publication date: 2000/01/04 Plugin last modification date: 2011/04/21 PORT (8197/TCP) Plugin ID: 10107 HTTP Server Type and Version

Synopsis A web server is running on the remote host. List of Hosts 192.168.80.7 Plugin Output
The remote web server type is :

Microsoft-IIS/6.0

Description This plugin attempts to determine the type and the version of the remote web server. Solution n/a Risk Factor None Plugin publication date: 2000/01/04 Plugin last modification date: 2011/04/21 PORT WWW (80/TCP) Plugin ID: 10107 HTTP Server Type and Version

Synopsis A web server is running on the remote host. List of Hosts 192.168.80.9 Plugin Output
The remote web server type is :

Microsoft-IIS/7.0

192.168.80.7 Plugin Output


The remote web server type is :

Microsoft-IIS/6.0

192.168.80.6 Plugin Output


The remote web server type is :

Microsoft-IIS/5.1

192.168.80.2 Plugin Output


The remote web server type is :

Microsoft-IIS/6.0

192.168.80.1 Plugin Output


The remote web server type is :

cisco-IOS

Description This plugin attempts to determine the type and the version of the

remote web server. Solution n/a Risk Factor None Plugin publication date: 2000/01/04 Plugin last modification date: 2011/04/21 PORT WWW (80/TCP) Plugin ID: 11424 WebDAV Detection

Synopsis The remote server is running with WebDAV enabled. List of Hosts 192.168.80.6

Description WebDAV is an industry standard extension to the HTTP specification. It adds a capability for authorized users to remotely add and manage the content of a web server. If you do not use this extension, you should disable it. Solution http://support.microsoft.com/default.aspx?kbid=241520 Risk Factor None Plugin publication date: 2003/03/20 Plugin last modification date: 2011/03/14

PORT SNMP (161/UDP) Plugin ID: 10551 SNMP Request Network Interfaces Enumeration

Synopsis The list of network interfaces cards of the remote host can be obtained via\SNMP. List of Hosts 192.168.80.6 Plugin Output
Interface 1 information : ifIndex ifDescr : 1 : MS TCP Loopback interface

192.168.80.1 Plugin Output


Interface 1 information : ifIndex ifDescr : 1 : FastEthernet0/0

ifPhysAddress : 001d7076c01e

Interface 2 information : ifIndex ifDescr : 2 : FastEthernet0/1

ifPhysAddress : 001d7076c01f

Interface 3 information : ifIndex ifDescr : 3 : Serial0/0/0

ifPhysAddress :

Interface 4 information : ifIndex ifDescr : 4 : Serial0/0/1

ifPhysAddress :

Interface 5 information : ifIndex ifDescr : 5 : Null0

ifPhysAddress :

Description It is possible to obtain the list of the network interfaces installed on the remote host by sending SNMP requests with the OID 1.3.6.1.2.1.2.1.0 An attacker may use this information to gain more knowledge about the target host. Solution Disable the SNMP service on the remote host if you do not use it, or filter incoming UDP packets going to this port. Risk Factor None Plugin publication date: 2000/11/13 Plugin last modification date: 2011/05/24 PORT NESSUS (1241/TCP) Plugin ID: 10147 Nessus Server Detection

Synopsis A Nessus daemon is listening on the remote port. List of Hosts 192.168.80.6

Description A Nessus daemon is listening on the remote port. It is not recommended to let anyone connect to this port. Also, make sure that the remote Nessus installation has been authorized. Solution Filter incoming traffic to this port. Risk Factor None Plugin publication date: 1999/10/12 Plugin last modification date: 2011/03/11 PORT SNMP (161/UDP) Plugin ID: 24740 Cisco IOS SIP Packet Handling Remote DoS (CSCsh58082)

Synopsis The remote CISCO device can be crashed remotely. List of Hosts 192.168.80.1

Description The remote version of IOS contains a flaw which may cause the remote router to crash when it receives a malicious SIP (Session Initiation

Protocol) packet. An attacker might use these flaws to disable this device remotely. Solution http://www.cisco.com/warp/public/707/cisco-sa-20070131-sip.shtml Risk Factor High/ CVSS Base Score: 7.8 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C) CVSS Temporal Score: 6.4(CVSS2#E:F/RL:OF/RC:C) CVE CVE-2007-0648 Bugtraq ID 22330 Other References OSVDB:33051 Vulnerability publication date: 2007/01/31 Plugin publication date: 2007/03/01 Plugin last modification date: 2011/03/11 Ease of exploitability : Exploits are available PORT (0/TCP) Plugin ID: 55472 Device Hostname

Synopsis It is possible to determine the remote system hostname. List of Hosts 192.168.80.7 Plugin Output
Hostname : HOGAR-1B0FB0481

Description This plugin reports a device's hostname collected via SSH or WMI. Solution n/a Risk Factor None Plugin publication date: 2011/06/30 Plugin last modification date: 2011/07/01 PORT WWW (10757/TCP) Plugin ID: 22964 Service Detection

Synopsis The remote service could be identified. List of Hosts 192.168.80.6 Plugin Output
A web server is running on this port.

Description It was possible to identify the remote service by its banner or by looking at the error message it sends when it receives an HTTP request. Solution n/a

Risk Factor None Plugin publication date: 2007/08/19 Plugin last modification date: 2011/09/20 PORT WWW (8834/TCP) Plugin ID: 22964 Service Detection

Synopsis The remote service could be identified. List of Hosts 192.168.80.6 Plugin Output
A web server is running on this port through TLSv1.

192.168.80.6 Plugin Output


A TLSv1 server answered on this port.

Description It was possible to identify the remote service by its banner or by looking at the error message it sends when it receives an HTTP request. Solution n/a Risk Factor None Plugin publication date: 2007/08/19

Plugin last modification date: 2011/09/20 PORT (8197/TCP) Plugin ID: 22964 Service Detection

Synopsis The remote service could be identified. List of Hosts 192.168.80.7 Plugin Output
A web server is running on this port.

Description It was possible to identify the remote service by its banner or by looking at the error message it sends when it receives an HTTP request. Solution n/a Risk Factor None Plugin publication date: 2007/08/19 Plugin last modification date: 2011/09/20 PORT (3300/TCP) Plugin ID: 22964 Service Detection

Synopsis The remote service could be identified.

List of Hosts 192.168.80.6 Plugin Output


The service closed the connection without sending any data. It might be protected by some sort of TCP wrapper.

Description It was possible to identify the remote service by its banner or by looking at the error message it sends when it receives an HTTP request. Solution n/a Risk Factor None Plugin publication date: 2007/08/19 Plugin last modification date: 2011/09/20 PORT (1533/TCP) Plugin ID: 22964 Service Detection

Synopsis The remote service could be identified. List of Hosts 192.168.80.7 Plugin Output
The service closed the connection without sending any data. It might be protected by some sort of TCP wrapper.

Description It was possible to identify the remote service by its banner or by looking at the error message it sends when it receives an HTTP request. Solution n/a Risk Factor None Plugin publication date: 2007/08/19 Plugin last modification date: 2011/09/20 PORT NESSUS (1241/TCP) Plugin ID: 22964 Service Detection

Synopsis The remote service could be identified. List of Hosts 192.168.80.6 Plugin Output
A TLSv1 server answered on this port.

Description It was possible to identify the remote service by its banner or by looking at the error message it sends when it receives an HTTP request. Solution n/a

Risk Factor None Plugin publication date: 2007/08/19 Plugin last modification date: 2011/09/20 PORT DCE-RPC (1027/TCP) Plugin ID: 22964 Service Detection

Synopsis The remote service could be identified. List of Hosts 192.168.80.7 Plugin Output
An ncacn_http server is running on this port.

Description It was possible to identify the remote service by its banner or by looking at the error message it sends when it receives an HTTP request. Solution n/a Risk Factor None Plugin publication date: 2007/08/19 Plugin last modification date: 2011/09/20 PORT (912/TCP) Plugin ID: 22964

Service Detection

Synopsis The remote service could be identified. List of Hosts 192.168.80.8 Plugin Output
A VMware authentication daemon is running on this port.

192.168.80.10 Plugin Output


A VMware authentication daemon is running on this port.

Description It was possible to identify the remote service by its banner or by looking at the error message it sends when it receives an HTTP request. Solution n/a Risk Factor None Plugin publication date: 2007/08/19 Plugin last modification date: 2011/09/20 PORT (636/TCP) Plugin ID: 22964 Service Detection

Synopsis The remote service could be identified.

List of Hosts 192.168.80.7 Plugin Output


The service closed the connection without sending any data. It might be protected by some sort of TCP wrapper.

192.168.80.2 Plugin Output


The service closed the connection without sending any data. It might be protected by some sort of TCP wrapper.

Description It was possible to identify the remote service by its banner or by looking at the error message it sends when it receives an HTTP request. Solution n/a Risk Factor None Plugin publication date: 2007/08/19 Plugin last modification date: 2011/09/20 PORT (593/TCP) Plugin ID: 22964 Service Detection

Synopsis The remote service could be identified. List of Hosts 192.168.80.9

Plugin Output
An http-rpc-epmap is running on this port.

192.168.80.7 Plugin Output


An http-rpc-epmap is running on this port.

192.168.80.2 Plugin Output


An http-rpc-epmap is running on this port.

Description It was possible to identify the remote service by its banner or by looking at the error message it sends when it receives an HTTP request. Solution n/a Risk Factor None Plugin publication date: 2007/08/19 Plugin last modification date: 2011/09/20 PORT (119/TCP) Plugin ID: 22964 Service Detection

Synopsis The remote service could be identified. List of Hosts 192.168.80.2 Plugin Output

An NNTP server is running on this port.

Description It was possible to identify the remote service by its banner or by looking at the error message it sends when it receives an HTTP request. Solution n/a Risk Factor None Plugin publication date: 2007/08/19 Plugin last modification date: 2011/09/20 PORT WWW (80/TCP) Plugin ID: 22964 Service Detection

Synopsis The remote service could be identified. List of Hosts 192.168.80.9 Plugin Output
A web server is running on this port.

192.168.80.7 Plugin Output


A web server is running on this port.

192.168.80.6 Plugin Output


A web server is running on this port.

192.168.80.2 Plugin Output


A web server is running on this port.

192.168.80.1 Plugin Output


A web server is running on this port.

Description It was possible to identify the remote service by its banner or by looking at the error message it sends when it receives an HTTP request. Solution n/a Risk Factor None Plugin publication date: 2007/08/19 Plugin last modification date: 2011/09/20 PORT SMTP (25/TCP) Plugin ID: 22964 Service Detection

Synopsis The remote service could be identified. List of Hosts 192.168.80.6 Plugin Output
An SMTP server is running on this port.

192.168.80.2

Plugin Output
An SMTP server is running on this port.

Description It was possible to identify the remote service by its banner or by looking at the error message it sends when it receives an HTTP request. Solution n/a Risk Factor None Plugin publication date: 2007/08/19 Plugin last modification date: 2011/09/20 PORT (23/TCP) Plugin ID: 22964 Service Detection

Synopsis The remote service could be identified. List of Hosts 192.168.80.1 Plugin Output
A telnet server is running on this port.

Description It was possible to identify the remote service by its banner or by looking

at the error message it sends when it receives an HTTP request. Solution n/a Risk Factor None Plugin publication date: 2007/08/19 Plugin last modification date: 2011/09/20 PORT FTP (21/TCP) Plugin ID: 22964 Service Detection

Synopsis The remote service could be identified. List of Hosts 192.168.80.6 Plugin Output
An FTP server is running on this port.

192.168.80.2 Plugin Output


An FTP server is running on this port.

Description It was possible to identify the remote service by its banner or by looking at the error message it sends when it receives an HTTP request. Solution n/a

Risk Factor None Plugin publication date: 2007/08/19 Plugin last modification date: 2011/09/20 PORT CHARGEN (19/TCP) Plugin ID: 22964 Service Detection

Synopsis The remote service could be identified. List of Hosts 192.168.80.6 Plugin Output
A chargen server is running on this port.

Description It was possible to identify the remote service by its banner or by looking at the error message it sends when it receives an HTTP request. Solution n/a Risk Factor None Plugin publication date: 2007/08/19 Plugin last modification date: 2011/09/20 PORT ECHO (7/TCP) Plugin ID: 22964 Service Detection

Synopsis The remote service could be identified. List of Hosts 192.168.80.6 Plugin Output
An echo server is running on this port.

Description It was possible to identify the remote service by its banner or by looking at the error message it sends when it receives an HTTP request. Solution n/a Risk Factor None Plugin publication date: 2007/08/19 Plugin last modification date: 2011/09/20 PORT (0/TCP) Plugin ID: 49017 Multiple Cisco Products Vulnerable to DNS Cache Poisoning Attacks

Synopsis The remote device is missing a vendor-supplied security patch List of Hosts 192.168.80.1 Plugin Output

Update to 12.4(19a) or later

Description Multiple Cisco products are vulnerable to DNS cache poisoning attacks due to their use of insufficiently randomized DNS transaction IDs and UDP source ports in the DNS queries that they produce, which may allow an attacker to more easily forge DNS answers that can poison DNS caches. To exploit this vulnerability an attacker must be able to cause a vulnerable DNS server to perform recursive DNS queries. Therefore, DNS servers that are only authoritative, or servers where recursion is not allowed, are not affected. Cisco has released free software updates that address these vulnerabilities. Solution Apply the described patch (see plugin output). See also http://www.cisco.com/warp/public/707/cisco-sa-20080708dns.shtml http://www.cisco.com/en/US/products/products_security_adviso ry09186a00809c2168.shtml Risk Factor Medium/ CVSS Base Score: 6.4 (CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:P) CVE CVE-2008-1447 Other References CISCO-BUG-ID:CSCso81854 CISCO-BUG-ID:CSCsq01298 CISCO-BUG-ID:CSCsq21930 CISCO-BUG-ID:CSCsr28008

CISCO-BUG-ID:CSCsr28354 CISCO-BUG-ID:CSCsr29124 CISCO-BUG-ID:CSCsr29691 CISCO-BUG-ID:CSCsr61220 CISCO-BUG-ID:CSCsr98689 CISCO-BUG-ID:CSCsu10546 CISCO-SA:cisco-sa-20080708-dnshttp Plugin publication date: 2010/09/01 Plugin last modification date: 2011/03/30 PORT SNMP (161/UDP) Plugin ID: 24019 Cisco IOS Data-link Switching (DLSw) Capabilities Exchange Remote DoS (CSCsf28840)

Synopsis The remote router can be crashed remotely. List of Hosts 192.168.80.1

Description The remote host is a CISCO router containing a version of IOS that is affected by a denial of service vulnerability. An attacker may exploit this flaw to crash the remote device. Solution http://www.cisco.com/en/US/products/products_security_advisory09186 a00807bd128.shtml Risk Factor Medium/ CVSS Base Score: 5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)

CVSS Temporal Score: 4.1(CVSS2#E:F/RL:OF/RC:C) CVE CVE-2007-0199 Bugtraq ID 21990 Other References OSVDB:32683 Vulnerability publication date: 2007/01/10 Plugin publication date: 2007/01/17 Plugin last modification date: 2011/03/17 Ease of exploitability : Exploits are available PORT SNMP (161/UDP) Plugin ID: 14274 Nessus SNMP Scanner

Synopsis List of Hosts 192.168.80.6 Plugin Output


Nessus snmp scanner was able to retrieve the open port list with the community name: public It found 20 open TCP ports and 23 open UDP ports

192.168.80.6 192.168.80.1 Plugin Output


Nessus snmp scanner was able to retrieve the open port list with the community name: public It found 0 open TCP ports and 6 open UDP ports

192.168.80.1

Description

Solution

Risk Factor

PORT WWW (8834/TCP) Plugin ID: 21643 SSL Cipher Suites Supported

Synopsis The remote service encrypts communications using SSL. List of Hosts 192.168.80.6 Plugin Output
Here is the list of SSL ciphers supported by the remote server :

High Strength Ciphers (>= 112-bit key) SSLv3 DES-CBC3-SHA Mac=SHA1 RC4-MD5 Mac=MD5 RC4-SHA Mac=SHA1 TLSv1 Kx=RSA Au=RSA Enc=RC4(128) Kx=RSA Au=RSA Enc=RC4(128) Kx=RSA Au=RSA Enc=3DES(168)

DES-CBC3-SHA Mac=SHA1 AES128-SHA Mac=SHA1 AES256-SHA Mac=SHA1 RC4-MD5 Mac=MD5 RC4-SHA Mac=SHA1

Kx=RSA

Au=RSA

Enc=3DES(168)

Kx=RSA

Au=RSA

Enc=AES(128)

Kx=RSA

Au=RSA

Enc=AES(256)

Kx=RSA

Au=RSA

Enc=RC4(128)

Kx=RSA

Au=RSA

Enc=RC4(128)

The fields above are :

{OpenSSL ciphername} Kx={key exchange} Au={authentication} Enc={symmetric encryption method} Mac={message authentication code} {export flag}

Description This script detects which SSL ciphers are supported by the remote service for encrypting communications. Solution n/a See also http://www.openssl.org/docs/apps/ciphers.html Risk Factor None Plugin publication date: 2006/06/05 Plugin last modification date: 2011/06/07

PORT NESSUS (1241/TCP) Plugin ID: 21643 SSL Cipher Suites Supported

Synopsis The remote service encrypts communications using SSL. List of Hosts 192.168.80.6 Plugin Output
Here is the list of SSL ciphers supported by the remote server :

High Strength Ciphers (>= 112-bit key) TLSv1 DES-CBC3-SHA Mac=SHA1 AES128-SHA Mac=SHA1 AES256-SHA Mac=SHA1 RC4-MD5 Mac=MD5 RC4-SHA Mac=SHA1 Kx=RSA Au=RSA Enc=RC4(128) Kx=RSA Au=RSA Enc=RC4(128) Kx=RSA Au=RSA Enc=AES(256) Kx=RSA Au=RSA Enc=AES(128) Kx=RSA Au=RSA Enc=3DES(168)

The fields above are :

{OpenSSL ciphername} Kx={key exchange} Au={authentication} Enc={symmetric encryption method} Mac={message authentication code} {export flag}

Description This script detects which SSL ciphers are supported by the remote service for encrypting communications. Solution n/a See also http://www.openssl.org/docs/apps/ciphers.html Risk Factor None Plugin publication date: 2006/06/05 Plugin last modification date: 2011/06/07 PORT SNMP (161/UDP) Plugin ID: 10550 SNMP Query Running Process List Disclosure

Synopsis The list of processes running on the remote host can be obtained via SNMP. List of Hosts 192.168.80.6 Plugin Output
PID 1 4 112 432 460 476 CPU 3108 17 0 0 MEM COMMAND ARGS

28 System Idle Process 244 System 6436 btdna.exe 3836 svchost.exe -k LocalService -service

26 29536 lnssatt.exe 0 1392 agrsmsvc.exe

492 496 560

0 0 7

3688 alg.exe 8556 CTserv.exe 1412 jqs.exe -service -config "C:\Archivos de

programa\Java\jre7\lib\deploy\jqs\jqs.conf" 608 628 632 672 25 69968 ekrn.exe 1 26072 Syslogd_Manager.exe 41 32620 lnssatt.exe 0 8476 dllhost.exe -service /Processid:{3D14228D-FBE1-11D0-995D-

00C04FD919C1} 720 728 764 816 0 23176 Syslogd_Service.exe 0 0 0 2892 acrotray.exe 432 smss.exe 3500 rundll32.exe

C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit 824 868 900 920 936 944 972 1024 1060 1064 1072 1076 1 22932 RTHDCPL.exe 10 30312 svchost.exe 0 1 0 0 -k netsvcs

9744 SolarWinds-Toolbar.exe 7896 iexplore.exe -Embedding

3680 RIMBBLaunchAgent.exe 5272 GrooveMonitor.exe

1 16112 nessussvrmanager.exe 0 16748 facemoodssrv.exe 6 27984 explorer.exe 0 0 9 2888 GoogleToolbarNotifier.exe 3444 ctfmon.exe 2616 csrss.exe ObjectDirectory=\Windows /md I

SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserS 1108 1152 1164 1324 1460 1516 1596 1616 1812 1900 0 4708 winlogon.exe

5 18436 services.exe 0 0 0 0 0 0 0 3300 lsass.exe 3764 svchost.exe 5604 svchost.exe 5148 svchost.exe 4044 svchost.exe 6616 spoolsv.exe 3340 mdm.exe -k NetworkService -k DcomLaunch -k rpcss -k LocalService

3 13516 inetinfo.exe

2112 2132 2180 2356 2408 2464 2652

4240 nvsvc32.exe

1 24436 VirtualBox.exe 3 29216 statusmonitor.exe 0 0 0 0 3568 tcpsvcs.exe 4376 snmp.exe 4788 svchost.exe 5080 dumpcap.exe -k imgsvc -i \Device\NPF_{26B65165-7CA2-4A05-8A3A-

B6C21F640607} -Z 3620 -B 1 2688 0 8512 dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-

00805FC79235} 2836 2936 0 5156 msdtc.exe --comment Server2003 --startvm aa7f5fd0-

80 38992 VirtualBox.exe

f4e1-4f97-8c11-56dc1e8c66c0 --no-startvm-errormsgbox 3252 3516 3612 3620 3948 3984 4012 56 115464 iexplore.exe 33 54292 nessusd.exe 0 1268 nessus-service.exe SCODEF:920 CREDAT:79873

58 70736 wireshark.exe 0 0 956 cmd.exe 3316 WZQKPICK.EXE -Embedding

2 12192 VBoxSVC.exe

Description It is possible to obtain the list of running processes on the remote host by sending SNMP requests with the OID 1.3.6.1.2.1.25.4.2.1.2 An attacker may use this information to gain more knowledge about the target host. Solution Disable the SNMP service on the remote host if you do not use it, or filter incoming UDP packets going to this port. Risk Factor None

Plugin publication date: 2000/11/13 Plugin last modification date: 2011/05/24 PORT SNMP (161/UDP) Plugin ID: 10546 Microsoft Windows LAN Manager SNMP LanMan Users Disclosure

Synopsis The list of LanMan users of the remote host can be obtained via SNMP. List of Hosts 192.168.80.6 Plugin Output
ASPNET william Invitado Administrador LANGUARD_10_USER LNSS_MONITOR_USR SUPPORT_388945a0 Asistente de ayuda IUSR_HOGAR-86A6036CE IWAM_HOGAR-86A6036CE

Description It is possible to obtain the list of LanMan users on the remote host by sending SNMP requests with the OID 1.3.6.1.4.1.77.1.2.25.1.1 An attacker may use this information to gain more knowledge about the target host. Solution

Disable the SNMP service on the remote host if you do not use it, or filter incoming UDP packets going to this port. Risk Factor None CVE CVE-1999-0499 Other References OSVDB:445 Vulnerability publication date: 1999/06/07 Plugin publication date: 2000/11/10 Plugin last modification date: 2011/05/24 PORT SNMP (161/UDP) Plugin ID: 10547 Microsoft Windows LAN Manager SNMP LanMan Services Disclosure

Synopsis The list of LanMan services running on the remote host can be obtained\via SNMP. List of Hosts 192.168.80.6 Plugin Output
Temas Servidor Telefon a

Cliente DNS Cliente Web Cliente DHCP ESET Service Plug and Play Servicio SNMP Escucha de RIP Tenable Nessus

Registro remoto Servicios IPSEC Audio de Windows Conexiones de red HID Input Service Cola de impresi n

Horario de Windows Java Quick Starter Kiwi Syslog Server Centro de seguridad CommTraffic Service Publicaci n en FTP

Registro de sucesos Estaci n de trabajo

Servicios de cifrado Examinador de equipos Machine Debug Manager Programador de tareas Administraci n de IIS

Sistema de sucesos COM+ Almacenamiento protegido Ayuda y soporte t cnico

Servicio de ayuda de IPv6 Servicios simples de TCP/IP Actualizaciones autom Aplicaci Detecci ticas

n del sistema COM+ n de hardware shell n secundario

Inicio de sesi

Servicios de Terminal Server Ayuda de NetBIOS sobre TCP/IP NVIDIA Display Driver Service Publicaci n en World Wide Web

Servicio de informe de errores Agere Modem Call Progress Audio Administrador de discos l gicos

NLA (Network Location Awareness) Servicio de descubrimientos SSDP GFI LanGuard 10 Attendant Service

Configuraci

n inal

mbrica r

pida

Llamada a procedimiento remoto (RPC) Notificaci n de sucesos del sistema n de sistema

Servicio de restauraci

Administrador de cuentas de seguridad Iniciador de procesos de servidor DCOM GFI LANguard N.S.S. 8.0 Attendant Service Adquisici n de im genes de Windows (WIA) n de Windows

Instrumental de administraci Administrador de conexi

n de acceso remoto pido de usuario

Compatibilidad de cambio r

Cliente de seguimiento de vinculos distribuidos Protocolo simple de transferencia de correo (SMTP) Servicio de puerta de enlace de capa de aplicaci n

Coordinador de transacciones distribuidas de Microsoft Servicio de transferencia inteligente en segundo plano Firewall de Windows/Conexi n compartida a Internet (ICS)

Description It is possible to obtain the list of LanMan services on the remote host by sending SNMP requests with the OID 1.3.6.1.4.1.77.1.2.3.1.1 An attacker may use this information to gain more knowledge about the target host. Solution Disable the SNMP service on the remote host if you do not use it, or filter incoming UDP packets going to this port. Risk Factor Low CVE CVE-1999-0499 Other References OSVDB:445

Vulnerability publication date: 1999/06/07 Plugin publication date: 2000/11/10 Plugin last modification date: 2011/05/24 PORT (0/ICMP) Plugin ID: 10114 ICMP Timestamp Request Remote Date Disclosure

Synopsis It is possible to determine the exact time set on the remote host. List of Hosts 192.168.80.8 Plugin Output
The ICMP timestamps seem to be in little endian format (not in network format) The difference between the local and remote clocks is -868 seconds.

192.168.80.7 Plugin Output


This host returns non-standard timestamps (high bit is set) The ICMP timestamps might be in little endian format (not in network format) The difference between the local and remote clocks is 2 seconds.

192.168.80.2 Plugin Output


This host returns non-standard timestamps (high bit is set) The ICMP timestamps might be in little endian format (not in network format) The difference between the local and remote clocks is 1 second.

192.168.80.10 Plugin Output


The ICMP timestamps seem to be in little endian format (not in network format) The difference between the local and remote clocks is -767 seconds.

192.168.80.1 Plugin Output


This host returns non-standard timestamps (high bit is set)

Description The remote host answers to an ICMP timestamp request. This allows an attacker to know the date that is set on the targeted machine. This may help an attacker to defeat all time-based authentication protocols. Solution Filter out the ICMP timestamp requests (13), and the outgoing ICMP timestamp replies (14). Risk Factor None CVE CVE-1999-0524 Other References OSVDB:94 CWE:200 Vulnerability publication date: 1995/01/01 Plugin publication date: 1999/08/01 Plugin last modification date: 2011/08/19 PORT SMTP (25/TCP) Plugin ID: 10263 SMTP Server Detection

Synopsis An SMTP server is listening on the remote port. List of Hosts 192.168.80.6 Plugin Output
Remote SMTP server banner :

220 hogar-86a6036ce Microsoft ESMTP MAIL Service, Version: 6.0.2600.5949 ready at Sat, 8 Oct 2011 09:33:50 -0500

192.168.80.2 Plugin Output


Remote SMTP server banner :

220 familiar-ctue30.GRUPO1.COM Microsoft ESMTP MAIL Service, Version: 6.0.3790.1830 ready at Sat, 8 Oct 2011 10:35:22 -0400

Description The remote host is running a mail (SMTP) server on this port. Since SMTP servers are the targets of spammers, it is recommended you disable it if you do not use it. Solution Disable this service if you do not use it, or filter incoming traffic to this port. Risk Factor None

Plugin publication date: 1999/10/12 Plugin last modification date: 2011/03/11 PORT WWW (8834/TCP) Plugin ID: 10863 SSL Certificate Information

Synopsis This plugin displays the SSL certificate. List of Hosts 192.168.80.6 Plugin Output
Subject Name:

Organization: independiente Organization Unit: Nessus Server Locality: town Country: us State/Province: ohio Common Name: hogar-86a6036ce

Issuer Name:

Organization: independiente Organization Unit: Nessus Certification Authority Locality: town Country: us State/Province: ohio Common Name: Nessus Certification Authority

Serial Number: 30 F1

Version: 3

Signature Algorithm: SHA-1 With RSA Encryption

Not Valid Before: Oct 02 01:37:26 2011 GMT Not Valid After: Oct 01 01:37:26 2012 GMT

Public Key Info:

Algorithm: RSA Encryption Public Key: 00 B5 16 E6 70 30 CF F4 FB 12 B0 B4 41 ED 15 BD C1 F2 F1 E5 F1 B3 38 5A 48 45 F8 2F D3 AC F6 B7 92 D4 4A 33 07 30 EC C1 A5 42 56 51 11 A5 38 96 99 4D C8 BA EA 35 6E 2C 0B B8 DF BB 8B EA CE FA D5 3C B7 BC 0B 86 83 9A 11 39 88 D5 9E 6C 37 40 76 56 6D 7C 72 7B 6D C9 38 AE E5 E5 84 14 3E 91 48 B8 7B 3D E4 58 69 A8 2F 0A 8B D2 1E 74 B1 87 D3 DE 9F 6A D7 B7 1D 4D 0B FB 59 E8 B7 2B 25 0A 5D Exponent: 01 00 01

Signature: 00 14 60 84 7F 4C 02 E9 95 DD 06 3E 10 28 21 59 E2 3D 83 F6 3F B5 92 9C 12 78 F0 72 56 1D 87 59 D7 A3 27 43 61 8B F6 8C 55 C0 D6 34 11 50 D9 6C 42 5D 7A 2D 39 89 17 65 95 83 D6 0B E6 4C 58 FB 2D E2 6F 79 D7 C5 FF 87 86 EA 18 95 C8 E9 DC CB BC F0 8D 99 A8 CD B0 BB 82 C2 0E 10 77 88 63 E5 65 23 F4 17 89 92 B3 DD 68 2F 18 35 39 15 4F E3 0E CB DA 85 6B 16 5C 51 0A C1 28 43 15 4B DE AE 35

Extension: 2.16.840.1.113730.1.1 Critical: 0 Data: 03 02 06 40

Extension: Key Usage (2.5.29.15) Critical: 1 Key Usage: Digital Signature, Non Repudiation, Key Encipherment

Description

This plugin connects to every SSL-related port and attempts to extract and dump the X.509 certificate. Solution n/a Risk Factor None Plugin publication date: 2008/05/19 Plugin last modification date: 2011/09/14 PORT NESSUS (1241/TCP) Plugin ID: 10863 SSL Certificate Information

Synopsis This plugin displays the SSL certificate. List of Hosts 192.168.80.6 Plugin Output
Subject Name:

Organization: independiente Organization Unit: Nessus Server Locality: town Country: us State/Province: ohio Common Name: hogar-86a6036ce

Issuer Name:

Organization: independiente Organization Unit: Nessus Certification Authority Locality: town Country: us

State/Province: ohio Common Name: Nessus Certification Authority

Serial Number: 30 F1

Version: 3

Signature Algorithm: SHA-1 With RSA Encryption

Not Valid Before: Oct 02 01:37:26 2011 GMT Not Valid After: Oct 01 01:37:26 2012 GMT

Public Key Info:

Algorithm: RSA Encryption Public Key: 00 B5 16 E6 70 30 CF F4 FB 12 B0 B4 41 ED 15 BD C1 F2 F1 E5 F1 B3 38 5A 48 45 F8 2F D3 AC F6 B7 92 D4 4A 33 07 30 EC C1 A5 42 56 51 11 A5 38 96 99 4D C8 BA EA 35 6E 2C 0B B8 DF BB 8B EA CE FA D5 3C B7 BC 0B 86 83 9A 11 39 88 D5 9E 6C 37 40 76 56 6D 7C 72 7B 6D C9 38 AE E5 E5 84 14 3E 91 48 B8 7B 3D E4 58 69 A8 2F 0A 8B D2 1E 74 B1 87 D3 DE 9F 6A D7 B7 1D 4D 0B FB 59 E8 B7 2B 25 0A 5D Exponent: 01 00 01

Signature: 00 14 60 84 7F 4C 02 E9 95 DD 06 3E 10 28 21 59 E2 3D 83 F6 3F B5 92 9C 12 78 F0 72 56 1D 87 59 D7 A3 27 43 61 8B F6 8C 55 C0 D6 34 11 50 D9 6C 42 5D 7A 2D 39 89 17 65 95 83 D6 0B E6 4C 58 FB 2D E2 6F 79 D7 C5 FF 87 86 EA 18 95 C8 E9 DC CB BC F0 8D 99 A8 CD B0 BB 82 C2 0E 10 77 88 63 E5 65 23 F4 17 89 92 B3 DD 68 2F 18 35 39 15 4F E3 0E CB DA 85 6B 16 5C 51 0A C1 28 43 15 4B DE AE 35

Extension: 2.16.840.1.113730.1.1 Critical: 0 Data: 03 02 06 40

Extension: Key Usage (2.5.29.15)

Critical: 1 Key Usage: Digital Signature, Non Repudiation, Key Encipherment

Description This plugin connects to every SSL-related port and attempts to extract and dump the X.509 certificate. Solution n/a Risk Factor None Plugin publication date: 2008/05/19 Plugin last modification date: 2011/09/14 PORT SNMP (161/UDP) Plugin ID: 24744 Cisco IOS TCP Listener Crafted Packets Remote DoS (CSCek37177)

Synopsis It is possible to crash the remote device remotely. List of Hosts 192.168.80.1

Description The remote CISCO switch runs a version of IOS contains a flaw which may cause the remote router to crash when processing specially malformed TCP packets.

An attacker might use these flaws to crash this router remotely. Solution http://www.nessus.org/u?1885e120 Risk Factor High/ CVSS Base Score: 7.8 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C) CVSS Temporal Score: 6.4(CVSS2#E:F/RL:OF/RC:C) CVE CVE-2007-0479 Bugtraq ID 22208 Other References OSVDB:32093 Vulnerability publication date: 2007/01/24 Plugin publication date: 2007/03/01 Plugin last modification date: 2011/03/17 Ease of exploitability : Exploits are available PORT WWW (8834/TCP) Plugin ID: 53491 SSL / TLS Renegotiation DoS

Synopsis The remote service allows repeated renegotiation of TLS / SSL\connections. List of Hosts 192.168.80.6

Description The remote service encrypts traffic using TLS / SSL and permits

clients to renegotiate connections. The computational requirements for renegotiating a connection are asymmetrical between the client and the server, with the server performing several times more work. Since the remote host does not appear to limit the number of renegotiations for a single TLS / SSL connection, this permits a client to open several simultaneous connections and repeatedly renegotiate them, possibly leading to a denial of service condition. Solution Contact the vendor for specific patch information. See also http://orchilles.com/2011/03/ssl-renegotiation-dos.html http://www.ietf.org/mailarchive/web/tls/current/msg07553.html Risk Factor Low/ CVSS Base Score: 2.6 (CVSS2#AV:N/AC:H/Au:N/C:N/I:N/A:P) CVE CVE-2011-1473 Bugtraq ID 48626 Other References OSVDB:73894 Vulnerability publication date: 2011/03/13 Plugin publication date: 2011/05/04 Plugin last modification date: 2011/07/25 PORT NESSUS (1241/TCP) Plugin ID: 53491 SSL / TLS Renegotiation DoS

Synopsis

The remote service allows repeated renegotiation of TLS / SSL\connections. List of Hosts 192.168.80.6

Description The remote service encrypts traffic using TLS / SSL and permits clients to renegotiate connections. The computational requirements for renegotiating a connection are asymmetrical between the client and the server, with the server performing several times more work. Since the remote host does not appear to limit the number of renegotiations for a single TLS / SSL connection, this permits a client to open several simultaneous connections and repeatedly renegotiate them, possibly leading to a denial of service condition. Solution Contact the vendor for specific patch information. See also http://orchilles.com/2011/03/ssl-renegotiation-dos.html http://www.ietf.org/mailarchive/web/tls/current/msg07553.html Risk Factor Low/ CVSS Base Score: 2.6 (CVSS2#AV:N/AC:H/Au:N/C:N/I:N/A:P) CVE CVE-2011-1473 Bugtraq ID 48626 Other References OSVDB:73894 Vulnerability publication date: 2011/03/13

Plugin publication date: 2011/05/04 Plugin last modification date: 2011/07/25 PORT VMWARE_AUTH (912/TCP) Plugin ID: 20301 VMware ESX/GSX Server detection

Synopsis The remote host appears to be running VMware Server, ESX Server, or\GSX Server. List of Hosts 192.168.80.8 192.168.80.10

Description According to its banner, the remote host appears to be running a VMware server authentication daemon, which likely indicates the remote host is running VMware Server, ESX Server, or GSX Server. Solution n/a See also http://www.vmware.com/ Risk Factor None Plugin publication date: 2005/12/14 Plugin last modification date: 2011/03/17 PORT (8197/TCP) Plugin ID: 43111 HTTP Methods Allowed (per directory)

Synopsis This plugin determines which HTTP methods are allowed on various CGI\directories. List of Hosts 192.168.80.7 Plugin Output
Based on the response to an OPTIONS request :

- HTTP methods

GET

HEAD

TRACE OPTIONS are allowed on :

Description By calling the OPTIONS method, it is possible to determine which HTTP methods are allowed on each directory. As this list may be incomplete, the plugin also tests - if 'Thorough tests' are enabled or 'Enable web applications tests' is set to 'yes' in the scan policy - various known HTTP methods on each directory and considers them as unsupported if it receives a response code of 400, 403, 405, or 501. Note that the plugin output is only informational and does not necessarily indicate the presence of any security vulnerabilities. Solution n/a Risk Factor None

Plugin publication date: 2009/12/10 Plugin last modification date: 2011/07/08 PORT WWW (80/TCP) Plugin ID: 43111 HTTP Methods Allowed (per directory)

Synopsis This plugin determines which HTTP methods are allowed on various CGI\directories. List of Hosts 192.168.80.9 Plugin Output
Based on the response to an OPTIONS request :

- HTTP methods

GET

HEAD

POST

TRACE OPTIONS are allowed on :

192.168.80.7 Plugin Output


Based on the response to an OPTIONS request :

- HTTP methods

GET

HEAD

TRACE OPTIONS are allowed on :

192.168.80.6 Plugin Output


Based on the response to an OPTIONS request :

- HTTP methods

COPY

GET

HEAD

LOCK

PROPFIND

SEARCH

TRACE

UNLOCK OPTIONS are allowed on :

192.168.80.2 Plugin Output


Based on the response to an OPTIONS request :

- HTTP methods

GET

HEAD

TRACE OPTIONS are allowed on :

Description By calling the OPTIONS method, it is possible to determine which HTTP methods are allowed on each directory. As this list may be incomplete, the plugin also tests - if 'Thorough tests' are enabled or 'Enable web applications tests' is set to 'yes' in the scan policy - various known HTTP methods on each directory and considers them as unsupported if it receives a response code of 400, 403, 405, or 501. Note that the plugin output is only informational and does not necessarily indicate the presence of any security vulnerabilities. Solution n/a Risk Factor None Plugin publication date: 2009/12/10

Plugin last modification date: 2011/07/08 PORT MDNS (5353/UDP) Plugin ID: 12218 mDNS Detection

Synopsis It is possible to obtain information about the remote host. List of Hosts 192.168.80.8 Plugin Output
Nessus was able to extract the following information :

- mDNS hostname

: JHON-PC.local.

Description The remote service understands the Bonjour (also known as ZeroConf or mDNS) protocol, which allows anyone to uncover information from the remote host such as its operating system type and exact version, its hostname, and the list of services it is running. Solution Filter incoming traffic to UDP port 5353 if desired. Risk Factor Medium/ CVSS Base Score: 5.0 (CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N) Plugin publication date: 2004/04/28 Plugin last modification date: 2011/03/11

PORT (0/TCP) Plugin ID: 49032 Cisco IOS Software Secure Copy Privilege Escalation Vulnerability - Cisco Systems

Synopsis The remote device is missing a vendor-supplied security patch List of Hosts 192.168.80.1 Plugin Output
Update to 12.4(18e) or later

Description The server side of the Secure Copy (SCP) implementation in Cisco IOS software contains a vulnerability that could allow authenticated users with an attached command-line interface (CLI) view to transfer files to and from a Cisco IOS device that is configured to be an SCP server, regardless of what users are authorized to do, per the CLI view configuration. This vulnerability could allow valid users to retrieve or write to any file on the device's file system, including the device's saved configuration and Cisco IOS image files, even if the CLI view attached to the user does not allow it. This configuration file may include passwords or other sensitive information. The Cisco IOS SCP server is an optional service that is disabled by default. CLI views are a fundamental component of the Cisco IOS Role-Based CLI Access feature, which is also disabled by default. Devices that are not specifically configured to enable the Cisco IOS SCP server, or that are configured to use it but do not use role-based CLI access, are not affected by this vulnerability. This vulnerability does not apply to the Cisco IOS SCP client feature. Cisco has released free software updates that address this vulnerability. There are no workarounds available for this vulnerability apart from

disabling either the SCP server or the CLI view feature if these services are not required by administrators. Solution Apply the described patch (see plugin output). See also http://www.cisco.com/warp/public/707/cisco-sa-20090325tcp.shtml http://www.cisco.com/warp/public/707/cisco-sa-20090325ip.shtml http://www.cisco.com/warp/public/707/cisco-sa-20090325ctcp.shtml http://www.cisco.com/warp/public/707/cisco-sa-20090325scp.shtml http://www.cisco.com/warp/public/707/cisco-sa-20090325udp.shtml http://www.cisco.com/warp/public/707/cisco-sa-20090325mobileip.shtml http://www.cisco.com/warp/public/707/cisco-sa-20090325webvpn.shtml http://www.cisco.com/warp/public/707/cisco-sa-20090325sip.shtml http://www.cisco.com/en/US/products/products_security_adviso ry09186a0080a96c22.shtml Risk Factor High/ CVSS Base Score: 9.0 (CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C) CVE CVE-2009-0637 Other References CISCO-BUG-ID:CSCsv38166 CISCO-SA:cisco-sa-20090325-scphttp Plugin publication date: 2010/09/01 Plugin last modification date: 2011/03/30 PORT (0/TCP)

Plugin ID: 49015 Cisco IOS Secure Shell Denial of Service Vulnerabilities - Cisco Systems

Synopsis The remote device is missing a vendor-supplied security patch List of Hosts 192.168.80.1 Plugin Output
Update to 12.4(18b) or later

Description The Secure Shell server (SSH) implementation in Cisco IOS contains multiple vulnerabilities that allow unauthenticated users the ability to generate a spurious memory access error or, in certain cases, reload the device. The IOS SSH server is an optional service that is disabled by default, but its use is highly recommended as a security best practice for management of Cisco IOS devices. SSH can be configured as part of the AutoSecure feature in the initial configuration of IOS devices, AutoSecure run after initial configuration, or manually. SSH is enabled any time RSA keys are generated such as when a http secure-server or trust points for digital certificates are configured. Devices that are not configured to accept SSH connections are not affected by these vulnerabilities. Common Vulnerabilities and Exposures (CVE) identifier CVE-2008-1159 has been assigned to this vulnerability. Solution Apply the described patch (see plugin output). See also

http://www.cisco.com/warp/public/707/cisco-sa-20080521ssh.shtml http://www.cisco.com/en/US/products/products_security_adviso ry09186a008099567f.shtml Risk Factor High/ CVSS Base Score: 7.5 (CVSS2#AV:N/AC:M/Au:S/C:P/I:C/A:P) CVE CVE-2008-1159 Other References CISCO-BUG-ID:CSCsh51293 CISCO-BUG-ID:CSCsk42419 CISCO-BUG-ID:CSCsk60020 CISCO-SA:cisco-sa-20080521-sshhttp Plugin publication date: 2010/09/01 Plugin last modification date: 2011/03/30 PORT (0/TCP) Plugin ID: 49030 Cisco IOS Software Multiple Features IP Sockets Vulnerability

Synopsis The remote device is missing a vendor-supplied security patch List of Hosts 192.168.80.1 Plugin Output
Update to 12.4(18e) or later

Description A vulnerability in the handling of IP sockets can cause devices to be vulnerable to a denial of service attack when any of several features of Cisco IOS Software are enabled. A sequence of specially crafted

TCP/IP packets could cause any of the following results: Cisco has released free software updates that address this vulnerability. Several mitigation strategies are outlined in the "Workarounds" section of this advisory. Solution Apply the described patch (see plugin output). See also http://www.cisco.com/warp/public/707/cisco-sa-20090325tcp.shtml http://www.cisco.com/warp/public/707/cisco-sa-20090325ip.shtml http://www.cisco.com/warp/public/707/cisco-sa-20090325ctcp.shtml http://www.cisco.com/warp/public/707/cisco-sa-20090325scp.shtml http://www.cisco.com/warp/public/707/cisco-sa-20090325udp.shtml http://www.cisco.com/warp/public/707/cisco-sa-20090325mobileip.shtml http://www.cisco.com/warp/public/707/cisco-sa-20090325webvpn.shtml http://www.cisco.com/warp/public/707/cisco-sa-20090325sip.shtml http://www.cisco.com/en/US/products/products_security_adviso ry09186a0080a96478.shtml Risk Factor High/ CVSS Base Score: 7.8 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C) CVE CVE-2009-0630 Other References CISCO-BUG-ID:CSCsm27071 CISCO-SA:cisco-sa-20090325-iphttp

Plugin publication date: 2010/09/01 Plugin last modification date: 2011/03/30 PORT WWW (80/TCP) Plugin ID: 11422 Web Server Unconfigured - Default Install Page Present

Synopsis The remote web server is not configured or is not properly configured. List of Hosts 192.168.80.9 Plugin Output
The default welcome page is from IIS.

Description The remote web server uses its default welcome page. It probably means that this server is not used at all or is serving content that is meant to be hidden. Solution Disable this service if you do not use it. Risk Factor None Other References OSVDB:2117 Vulnerability publication date: 1994/01/01 Plugin publication date: 2003/03/20 Plugin last modification date: 2011/08/12 PORT WWW (10757/TCP)

Plugin ID: 24260 HyperText Transfer Protocol (HTTP) Information

Synopsis Some information about the remote HTTP configuration can be extracted. List of Hosts 192.168.80.6 Plugin Output
Protocol version : HTTP/1.1 SSL : no Keep-Alive : no Headers :

Connection: keep-alive Content-Length: 15 Content-Type: text/html

Description This test gives some information about the remote HTTP protocol - the version used, whether HTTP Keep-Alive and HTTP pipelining are enabled, etc... This test is informational only and does not denote any security problem. Solution n/a Risk Factor

None Plugin publication date: 2007/01/30 Plugin last modification date: 2011/05/31 PORT WWW (8834/TCP) Plugin ID: 24260 HyperText Transfer Protocol (HTTP) Information

Synopsis Some information about the remote HTTP configuration can be extracted. List of Hosts 192.168.80.6 Plugin Output
Protocol version : HTTP/1.1 SSL : yes Keep-Alive : no Options allowed : (Not implemented) Headers :

Date: Sat, 08 Oct 2011 14:35:48 GMT Server: NessusWWW Connection: close Expires: Sat, 08 Oct 2011 14:35:48 GMT Content-Length: 6518 Content-Type: text/html Cache-Control: Expires: 0 Pragma :

Description

This test gives some information about the remote HTTP protocol - the version used, whether HTTP Keep-Alive and HTTP pipelining are enabled, etc... This test is informational only and does not denote any security problem. Solution n/a Risk Factor None Plugin publication date: 2007/01/30 Plugin last modification date: 2011/05/31 PORT (8197/TCP) Plugin ID: 24260 HyperText Transfer Protocol (HTTP) Information

Synopsis Some information about the remote HTTP configuration can be extracted. List of Hosts 192.168.80.7 Plugin Output
Protocol version : HTTP/1.1 SSL : no Keep-Alive : no Options allowed : OPTIONS, TRACE, GET, HEAD, POST Headers :

Connection: close

Date: Sat, 08 Oct 2011 14:36:06 GMT Server: Microsoft-IIS/6.0 WWW-Authenticate: Negotiate WWW-Authenticate: NTLM X-Powered-By: ASP.NET Content-type: text/html

Description This test gives some information about the remote HTTP protocol - the version used, whether HTTP Keep-Alive and HTTP pipelining are enabled, etc... This test is informational only and does not denote any security problem. Solution n/a Risk Factor None Plugin publication date: 2007/01/30 Plugin last modification date: 2011/05/31 PORT WWW (80/TCP) Plugin ID: 24260 HyperText Transfer Protocol (HTTP) Information

Synopsis Some information about the remote HTTP configuration can be extracted. List of Hosts

192.168.80.9 Plugin Output


Protocol version : HTTP/1.1 SSL : no Keep-Alive : no Options allowed : OPTIONS, TRACE, GET, HEAD, POST Headers :

Content-Type: text/html Last-Modified: Sat, 24 Sep 2011 21:09:24 GMT Accept-Ranges: bytes ETag: "291b63cfe7acc1:0" Server: Microsoft-IIS/7.0 X-Powered-By: ASP.NET Date: Sat, 08 Oct 2011 13:42:09 GMT Content-Length: 689

192.168.80.7 Plugin Output


Protocol version : HTTP/1.1 SSL : no Keep-Alive : no Options allowed : OPTIONS, TRACE, GET, HEAD, POST Headers :

Content-Length: 1433 Content-Type: text/html Content-Location: http://192.168.80.7/iisstart.htm Last-Modified: Fri, 21 Feb 2003 23:48:30 GMT Accept-Ranges: bytes ETag: "09b60bc3dac21:277" Server: Microsoft-IIS/6.0 MicrosoftOfficeWebServer: 5.0_Pub

X-Powered-By: ASP.NET Date: Sat, 08 Oct 2011 14:36:06 GMT

192.168.80.6 Plugin Output


Protocol version : HTTP/1.1 SSL : no Keep-Alive : no Options allowed : OPTIONS, TRACE, GET, HEAD, DELETE, PUT, POST, COPY, MOVE, MKCOL, PROPFIND, PROPPATCH, LOCK, UNLOCK, SEARCH Headers :

Server: Microsoft-IIS/5.1 Date: Sat, 08 Oct 2011 14:35:47 GMT X-Powered-By: ASP.NET Location: localstart.asp Content-Length: 121 Content-Type: text/html Cache-control: private

192.168.80.2 Plugin Output


Protocol version : HTTP/1.1 SSL : no Keep-Alive : no Options allowed : OPTIONS, TRACE, GET, HEAD, POST Headers :

Content-Length: 141 Content-Type: text/html Content-Location: http://192.168.80.2/index.htm Last-Modified: Thu, 15 Sep 2011 01:05:20 GMT

Accept-Ranges: bytes ETag: "84dff6894373cc1:72e" Server: Microsoft-IIS/6.0 Date: Sat, 08 Oct 2011 14:36:39 GMT

Description This test gives some information about the remote HTTP protocol - the version used, whether HTTP Keep-Alive and HTTP pipelining are enabled, etc... This test is informational only and does not denote any security problem. Solution n/a Risk Factor None Plugin publication date: 2007/01/30 Plugin last modification date: 2011/05/31 PORT (0/TCP) Plugin ID: 49036 Cisco IOS Software WebVPN and SSLVPN Vulnerabilities - Cisco Systems

Synopsis The remote device is missing a vendor-supplied security patch List of Hosts 192.168.80.1

Plugin Output
Update to 12.4(18e) or later

Description Cisco IOS software contains two vulnerabilities within the Cisco IOS WebVPN or Cisco IOS SSLVPN feature (SSLVPN) that can be remotely exploited without authentication to cause a denial of service condition. Both vulnerabilities affect both Cisco IOS WebVPN and Cisco IOS SSLVPN features: Cisco has released free software updates that address these vulnerabilities. There are no workarounds that mitigate these vulnerabilities. Solution Apply the described patch (see plugin output). See also http://www.cisco.com/warp/public/707/cisco-sa-20090325tcp.shtml http://www.cisco.com/warp/public/707/cisco-sa-20090325ip.shtml http://www.cisco.com/warp/public/707/cisco-sa-20090325ctcp.shtml http://www.cisco.com/warp/public/707/cisco-sa-20090325scp.shtml http://www.cisco.com/warp/public/707/cisco-sa-20090325udp.shtml http://www.cisco.com/warp/public/707/cisco-sa-20090325mobileip.shtml http://www.cisco.com/warp/public/707/cisco-sa-20090325sip.shtml http://www.cisco.com/warp/public/707/cisco-sa-20090325webvpn.shtml http://www.cisco.com/en/US/products/products_security_adviso ry09186a0080a96c1f.shtml

Risk Factor High/ CVSS Base Score: 7.8 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C) CVE CVE-2009-0626 CVE-2009-0628 Other References CWE:200 CISCO-BUG-ID:CSCsk62253 CISCO-BUG-ID:CSCsw24700 CISCO-SA:cisco-sa-20090325-webvpnhttp Plugin publication date: 2010/09/01 Plugin last modification date: 2011/03/30 PORT (0/TCP) Plugin ID: 49016 SNMP Version 3 Authentication Vulnerabilities - Cisco Systems

Synopsis The remote device is missing a vendor-supplied security patch List of Hosts 192.168.80.1 Plugin Output
Update to 12.4(18b) or later

Description Multiple Cisco products contain either of two authentication vulnerabilities in the Simple Network Management Protocol version 3 (SNMPv3) feature. These vulnerabilities can be exploited when processing a malformed SNMPv3 message. These vulnerabilities could allow the disclosure of network information or may enable an attacker to perform configuration changes to vulnerable devices. The SNMP server

is an optional service that is disabled by default in Cisco products. Only SNMPv3 is impacted by these vulnerabilities. Workarounds are available for mitigating the impact of the vulnerabilities described in this document. Note:? SNMP versions 1, 2 and 2c are not impacted by these vulnerabilities. The United States Computer Emergency Response Team (US-CERT) has assigned Vulnerability Note VU#878044 to these vulnerabilities. Common Vulnerabilities and Exposures (CVE) identifier CVE-2008-0960 has also been assigned to these vulnerabilities. Solution Apply the described patch (see plugin output). See also http://www.cisco.com/warp/public/707/cisco-sa-20080610snmpv3.shtml http://www.cisco.com/en/US/products/products_security_adviso ry09186a00809ac83b.shtml Risk Factor High CVE CVE-2008-0960 Other References CWE:287 CISCO-BUG-ID:CSCsf04754 CISCO-BUG-ID:CSCsf29976 CISCO-BUG-ID:CSCsf30109 CISCO-BUG-ID:CSCsf301093 CISCO-BUG-ID:CSCsq60582 CISCO-BUG-ID:CSCsq60664 CISCO-BUG-ID:CSCsq60695 CISCO-BUG-ID:CSCsq62662 CISCO-BUG-ID:CSCsq77604 CISCO-BUG-ID:CSCsv79388 CISCO-BUG-ID:CSCsv82725

CISCO-BUG-ID:CSCte57592 CISCO-BUG-ID:CSCti05966 CISCO-SA:cisco-sa-20080610-snmpv3http Plugin publication date: 2010/09/01 Plugin last modification date: 2011/03/30 Ease of exploitability : Exploits are available Exploitable with: Canvas (D2ExploitPack) PORT (0/TCP) Plugin ID: 49035 Cisco IOS Software Multiple Features Crafted UDP Packet Vulnerability - Cisco Systems

Synopsis The remote device is missing a vendor-supplied security patch List of Hosts 192.168.80.1 Plugin Output
Update to 12.4(18e) or later

Description Several features within Cisco IOS Software are affected by a crafted UDP packet vulnerability. If any of the affected features are enabled, a successful attack will result in a blocked input queue on the inbound interface. Only crafted UDP packets destined for the device could result in the interface being blocked, transit traffic will not block the interface. Cisco has released free software updates that address this vulnerability. Workarounds that mitigate this vulnerability are available. Solution Apply the described patch (see plugin output).

See also http://www.cisco.com/warp/public/707/cisco-sa-20090325tcp.shtml http://www.cisco.com/warp/public/707/cisco-sa-20090325ip.shtml http://www.cisco.com/warp/public/707/cisco-sa-20090325ctcp.shtml http://www.cisco.com/warp/public/707/cisco-sa-20090325scp.shtml http://www.cisco.com/warp/public/707/cisco-sa-20070131sip.shtml http://www.cisco.com/warp/public/707/cisco-sa-20090325udp.shtml http://www.cisco.com/warp/public/707/cisco-sa-20090325mobileip.shtml http://www.cisco.com/warp/public/707/cisco-sa-20090325webvpn.shtml http://www.cisco.com/warp/public/707/cisco-sa-20090325sip.shtml http://www.cisco.com/en/US/products/products_security_adviso ry09186a0080a9648d.shtml Risk Factor High/ CVSS Base Score: 7.8 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C) CVE CVE-2009-0631 Other References CISCO-BUG-ID:CSCsb25337 CISCO-BUG-ID:CSCsi34903 CISCO-BUG-ID:CSCsk64158 CISCO-SA:cisco-sa-20090325-udphttp Plugin publication date: 2010/09/01 Plugin last modification date: 2011/03/30 PORT DNS (53/TCP)

Plugin ID: 11002 DNS Server Detection

Synopsis A DNS server is listening on the remote host. List of Hosts 192.168.80.9 192.168.80.7 192.168.80.2

Description The remote service is a Domain Name System (DNS) server, which provides a mapping between hostnames and IP addresses. Solution Disable this service if it is not needed or restrict access to internal hosts only if the service is available externally. See also http://en.wikipedia.org/wiki/Domain_Name_System Risk Factor None Plugin publication date: 2003/02/13 Plugin last modification date: 2011/03/11 PORT (0/TCP) Plugin ID: 54615 Device Type

Synopsis It is possible to guess the remote device type. List of Hosts

192.168.80.9 Plugin Output


Remote device type : general-purpose Confidence level : 99

192.168.80.8 Plugin Output


Remote device type : general-purpose Confidence level : 99

192.168.80.7 Plugin Output


Remote device type : general-purpose Confidence level : 99

192.168.80.6 Plugin Output


Remote device type : general-purpose Confidence level : 99

192.168.80.2 Plugin Output


Remote device type : general-purpose Confidence level : 99

192.168.80.10 Plugin Output


Remote device type : general-purpose Confidence level : 99

192.168.80.1

Plugin Output
Remote device type : router Confidence level : 100

Description Based on the remote operating system, it is possible to determine what the remote system type is (eg: a printer, router, general-purpose computer, etc). Solution n/a Risk Factor None Plugin publication date: 2011/05/23 Plugin last modification date: 2011/05/23 PORT (0/TCP) Plugin ID: 56318 Cisco IOS Software Network Address Translation Vulnerabilities - Cisco Systems

Synopsis The remote device is missing a vendor-supplied security patch List of Hosts 192.168.80.1 Plugin Output
Update to 12.4(25f) or later

Description

The Cisco IOS Software network address translation (NAT) feature contains multiple denial of service (DoS) vulnerabilities in the translation of the following protocols: All the vulnerabilities described in this document are caused by packets in transit on the affected devices when those packets require application layer translation. Cisco has released free software updates that address these vulnerabilities. Solution Apply the described patch (see plugin output). See also http://www.cisco.com/warp/public/707/cisco-sa-20110928nat.shtml http://www.cisco.com/en/US/products/products_security_adviso ry09186a0080b95d4d.shtml Risk Factor High/ CVSS Base Score: 7.8 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C) CVE CVE-2011-0946 CVE-2011-3276 CVE-2011-3277 CVE-2011-3278 CVE-2011-3279 CVE-2011-3280 Other References CISCO-BUG-ID:CSCso02147 CISCO-BUG-ID:CSCtd10712 CISCO-BUG-ID:CSCth11006 CISCO-BUG-ID:CSCti48483 CISCO-BUG-ID:CSCti98219 CISCO-BUG-ID:CSCtj04672 CISCO-SA:cisco-sa-20110928-nathttp Plugin publication date: 2011/09/29

Plugin last modification date: 2011/10/04 PORT (0/TCP) Plugin ID: 25220 TCP/IP Timestamps Supported

Synopsis The remote service implements TCP timestamps. List of Hosts 192.168.80.9 192.168.80.8 192.168.80.7 192.168.80.2 192.168.80.10

Description The remote host implements TCP timestamps, as defined by RFC1323. A side effect of this feature is that the uptime of the remote host can sometimes be computed. Solution n/a See also http://www.ietf.org/rfc/rfc1323.txt Risk Factor None Plugin publication date: 2007/05/16 Plugin last modification date: 2011/03/20 PORT (0/TCP) Plugin ID: 49033

Cisco IOS Software Session Initiation Protocol Denial of Service Vulnerability - Cisco Systems

Synopsis The remote device is missing a vendor-supplied security patch List of Hosts 192.168.80.1 Plugin Output
Update to 12.4(18e) or later

Description A vulnerability exists in the Session Initiation Protocol (SIP) implementation in Cisco IOS Software that can be exploited remotely to cause a reload of the Cisco IOS device. Cisco has released free software updates that address this vulnerability. There are no workarounds available to mitigate the vulnerability apart from disabling SIP, if the Cisco IOS device does not need to run SIP for VoIP services. However, mitigation techniques are available to help limit exposure to the vulnerability. Solution Apply the described patch (see plugin output). See also http://www.cisco.com/warp/public/707/cisco-sa-20090325tcp.shtml http://www.cisco.com/warp/public/707/cisco-sa-20090325ip.shtml http://www.cisco.com/warp/public/707/cisco-sa-20090325ctcp.shtml http://www.cisco.com/warp/public/707/cisco-sa-20090325scp.shtml http://www.cisco.com/warp/public/707/cisco-sa-20070131-

sip.shtml http://www.cisco.com/warp/public/707/cisco-sa-20090325udp.shtml http://www.cisco.com/warp/public/707/cisco-sa-20090325mobileip.shtml http://www.cisco.com/warp/public/707/cisco-sa-20090325webvpn.shtml http://www.cisco.com/warp/public/707/cisco-sa-20090325sip.shtml http://www.cisco.com/en/US/products/products_security_adviso ry09186a0080a96c0c.shtml Risk Factor High/ CVSS Base Score: 7.8 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C) CVE CVE-2009-0636 Other References CISCO-BUG-ID:CSCsb25337 CISCO-BUG-ID:CSCsk64158 CISCO-BUG-ID:CSCsu11522 CISCO-SA:cisco-sa-20090325-siphttp Plugin publication date: 2010/09/01 Plugin last modification date: 2011/03/30 PORT (0/TCP) Plugin ID: 11936 OS Identification

Synopsis It is possible to guess the remote operating system. List of Hosts 192.168.80.9 Plugin Output

Remote operating system : Microsoft Windows Server 2008 Service Pack 1 Confidence Level : 99 Method : MSRPC

The remote host is running Microsoft Windows Server 2008 Service Pack 1

192.168.80.8 Plugin Output


Remote operating system : Windows 7 Starter Confidence Level : 99 Method : MSRPC

The remote host is running Windows 7 Starter

192.168.80.7 Plugin Output


Remote operating system : Microsoft Windows Server 2003 Service Pack 2 Confidence Level : 99 Method : MSRPC

The remote host is running Microsoft Windows Server 2003 Service Pack 2

192.168.80.6 Plugin Output


Remote operating system : Microsoft Windows XP Service Pack 2 Microsoft Windows XP Service Pack 3 Confidence Level : 99 Method : MSRPC

The remote host is running one of these operating systems : Microsoft Windows XP Service Pack 2

Microsoft Windows XP Service Pack 3

192.168.80.2 Plugin Output


Remote operating system : Microsoft Windows Server 2003 Service Pack 1 Confidence Level : 99 Method : MSRPC

The remote host is running Microsoft Windows Server 2003 Service Pack 1

192.168.80.10 Plugin Output


Remote operating system : Windows 7 Home Confidence Level : 99 Method : MSRPC

The remote host is running Windows 7 Home

192.168.80.1 Plugin Output


Remote operating system : CISCO IOS 12.4(1c) Confidence Level : 100 Method : SNMP

The remote host is running CISCO IOS 12.4(1c)

Description Using a combination of remote probes, (TCP/IP, SMB, HTTP, NTP, SNMP, etc...) it is possible to guess the name of the remote operating system in use,

and sometimes its version. Solution N/A Risk Factor None Plugin publication date: 2003/12/09 Plugin last modification date: 2011/09/23 PORT DAYTIME (13/UDP) Plugin ID: 10052 Daytime Service Detection

Synopsis A daytime service is running on the remote host. List of Hosts 192.168.80.6

Description The remote host is running a 'daytime' service. This service is designed to give the local time of the day of this host to whoever connects to this port. The date format issued by this service may sometimes help an attacker to guess the operating system type of this host, or to set up timed authentication attacks against the remote host. In addition, if the daytime service is running on a UDP port, an attacker may link it to the echo port of a third-party host using spoofing, thus creating a possible denial of service condition between this host and the third party.

Solution - On Unix systems, comment out the 'daytime' line in /etc/inetd.conf and restart the inetd process. - On Windows systems, set the following registry keys to 0 : HKLM\System\CurrentControlSet\Services\SimpTCP\Parameters\Enabl eTcpDaytime HKLM\System\CurrentControlSet\Services\SimpTCP\Parameters\Enabl eUdpDaytime Next, launch cmd.exe and type : net stop simptcp net start simptcp This will restart the service. Risk Factor None Vulnerability publication date: 1996/02/08 Plugin publication date: 1999/06/22 Plugin last modification date: 2011/04/01 PORT SNMP (161/UDP) Plugin ID: 19763 SNMP Query Installed Software Disclosure

Synopsis The list of software installed on the remote host can be obtained via\SNMP. List of Hosts 192.168.80.6 Plugin Output

JDownloader 0.9 Adobe Acrobat 7.1.0 Professional Adobe Flash Player 10 ActiveX Adobe Flash Player 10 Plugin Advanced RAR Password Recovery (remove only) Agere Systems HDA Modem BlackBerry Desktop Software 6.1 Cisco Networking Academy curriculum 4.0 Cisco Packet Tracer 5.3.2 CommTraffic eMule Microsoft Office Enterprise 2007 Software de impresora EPSON EPSON Scan Facemoods Toolbar Flash Movie Player 1.5 Google Chrome Windows Internet Explorer 8 GFI LANguard Network Security Scanner 8.0 Actualizaci n de seguridad para Windows XP (KB2079403) Actualizaci n de seguridad para Windows XP (KB2115168) Actualizaci n de seguridad para Windows XP (KB2121546) Actualizaci n de seguridad para Windows XP (KB2124261) Actualizaci n de seguridad para Windows XP (KB2229593) Actualizaci n de seguridad para Windows XP (KB2290570) Actualizaci n de seguridad para Windows XP (KB2296011) Actualizaci n para Windows XP (KB2345886) Actualizaci n de seguridad para Windows XP (KB2347290) Actualizaci n de seguridad para Windows XP (KB2360937) Actualizaci n de seguridad para el Reproductor de Windows Media Actualizaci n de seguridad para Windows XP (KB2387149) Actualizaci n de seguridad para Windows XP (KB2393802) Actualizaci n de seguridad para Windows XP (KB2412687) Actualizaci n de seguridad para Windows XP (KB2419632) Actualizaci n de seguridad para Windows XP (KB2423089) Actualizaci n de seguridad para Windows XP (KB2440591) Actualizaci n de seguridad para Windows XP (KB2443105) Revisi n para Windows XP (KB2443685)

Actualizaci n para Windows Internet Explorer 8 (KB2447568) Actualizaci n para Windows XP (KB2467659) Actualizaci n de seguridad para Windows XP (KB2476490) Actualizaci n de seguridad para Windows XP (KB2476687) Actualizaci n de seguridad para Windows XP (KB2478960) Actualizaci n de seguridad para Windows XP (KB2478971) Actualizaci n de seguridad para Windows XP (KB2479943) Actualizaci n de seguridad para Windows XP (KB2481109) Actualizaci n de seguridad para Windows XP (KB2483185) Actualizaci n de seguridad para Windows XP (KB2485663) Actualizaci n de seguridad para Windows XP (KB2491683) Actualizaci n de seguridad para Windows XP (KB2503665) Actualizaci n de seguridad para Windows XP (KB2506212) Actualizaci n de seguridad para Windows XP (KB2506223) Actualizaci n de seguridad para Windows XP (KB2507618) Actualizaci n de seguridad para Windows XP (KB2507938) Actualizaci n de seguridad para Windows XP (KB2508272) Actualizaci n de seguridad para Windows XP (KB2508429) Actualizaci n de seguridad para Windows XP (KB2509553) Actualizaci n de seguridad para Windows Internet Explorer 8 (KB2 Actualizaci n de seguridad para Windows XP (KB2524375) Actualizaci n de seguridad para Windows Internet Explorer 8 (KB2 Actualizaci n de seguridad para Windows XP (KB2535512) Actualizaci n de seguridad para Windows XP (KB2536276) Actualizaci n de seguridad para Windows XP (KB2536276-v2) Actualizaci n para Windows XP (KB2541763) Actualizaci n de seguridad para Windows Internet Explorer 8 (KB2 Actualizaci n de seguridad para Windows XP (KB2544893) Actualizaci n de seguridad para Windows XP (KB2555917) Actualizaci n de seguridad para Windows Internet Explorer 8 (KB2 Actualizaci n de seguridad para Windows XP (KB2562937) Actualizaci n de seguridad para Windows XP (KB2566454) Actualizaci n de seguridad para Windows XP (KB2567680) Actualizaci n de seguridad para Windows XP (KB2570222) Revisi n para Windows XP (KB2570791) Actualizaci n de seguridad para Windows XP (KB2570947) Actualizaci n para Windows XP (KB2607712) Actualizaci n para Windows XP (KB2616676)

High Definition Audio Driver Package - KB888111 Windows Genuine Advantage Validation Tool (KB892130) Actualizaci n de seguridad para Windows XP (KB923561) Revisi n para el Reproductor de Windows Media 11 (KB939683) Actualizaci n de seguridad para Windows XP (KB946648) Actualizaci n de seguridad para Windows XP (KB950762) Actualizaci n de seguridad para Windows XP (KB950974) Actualizaci n de seguridad para Windows XP (KB951376-v2) Actualizaci n para Windows XP (KB951978) Actualizaci n de seguridad para Windows XP (KB952004) Revisi n para Windows XP (KB952287) Actualizaci n de seguridad para Windows XP (KB952954) Actualizaci n de seguridad para Windows XP (KB953155) Actualizaci n de seguridad para el Reproductor de Windows Media Actualizaci n de seguridad para el Reproductor de Windows Media Hotfix for Windows XP (KB954550-v5) Actualizaci n para Windows XP (KB955759) Actualizaci n de seguridad para Windows XP (KB956572) Actualizaci n de seguridad para Windows XP (KB956744) Actualizaci n de seguridad para Windows XP (KB956802) Actualizaci n de seguridad para Windows XP (KB956844) Actualizaci n de seguridad para Windows XP (KB958644) Actualizaci n de seguridad para Windows XP (KB959426) Actualizaci n de seguridad para Windows XP (KB960803) Actualizaci n de seguridad para Windows XP (KB960859) Revisi n para Windows XP (KB961118) Actualizaci n de seguridad para Windows XP (KB961501) Actualizaci n para Windows XP (KB961503) Actualizaci n para Windows XP (KB968389) Actualizaci n de seguridad para Windows XP (KB969059) Actualizaci n de seguridad para Windows XP (KB970430) Actualizaci n de seguridad para Windows XP (KB970483) Actualizaci n para Windows XP (KB971029) Actualizaci n de seguridad para Windows XP (KB971657) Actualizaci n para Windows XP (KB971737) Actualizaci n de seguridad para Windows XP (KB972270) Actualizaci n de seguridad para Windows XP (KB973507) Actualizaci n de seguridad para el Reproductor de Windows Media

Actualizaci n para Windows XP (KB973687) Actualizaci n para Windows XP (KB973815) Actualizaci n de seguridad para Windows XP (KB973869) Actualizaci n de seguridad para Windows XP (KB973904) Actualizaci n de seguridad para Windows XP (KB974112) Actualizaci n de seguridad para Windows XP (KB974318) Actualizaci n de seguridad para Windows XP (KB974392) Actualizaci n de seguridad para Windows XP (KB974571) Actualizaci n de seguridad para Windows XP (KB975025) Actualizaci n de seguridad para Windows XP (KB975254) Actualizaci n de seguridad para Windows XP (KB975467) Actualizaci n de seguridad para el Reproductor de Windows Media Actualizaci n de seguridad para Windows XP (KB975560) Actualizaci n de seguridad para Windows XP (KB975562) Actualizaci n de seguridad para Windows XP (KB975713) Actualizaci n de seguridad para Windows XP (KB976323) Actualizaci n de seguridad para Windows XP (KB977816) Actualizaci n de seguridad para Windows XP (KB977914) Actualizaci n de seguridad para Windows XP (KB978338) Actualizaci n de seguridad para Windows XP (KB978542) Actualizaci n de seguridad para Windows XP (KB978601) Actualizaci n de seguridad para el Reproductor de Windows Media Actualizaci n de seguridad para Windows XP (KB978706) Actualizaci n de seguridad para Windows XP (KB979309) Actualizaci n de seguridad para Windows XP (KB979482) Actualizaci n de seguridad para Windows XP (KB979687) Actualizaci n de seguridad para Windows XP (KB980436) Actualizaci n de seguridad para Windows XP (KB981322) Actualizaci n de seguridad para Windows XP (KB981997) Actualizaci n de seguridad para Windows XP (KB982132) Actualizaci n de seguridad para Windows Internet Explorer 8 (KB9 Actualizaci n de seguridad para Windows XP (KB982665) Kiwi Syslog Server 9.2.1 (Service Edition)

Microsoft .NET Framework 3.5 SP1 Mozilla Firefox 6.0.2 (x86 es-ES) Microsoft Compression Client Pack 1.0 for Windows XP Nero Suite Nmap 4.65

NVIDIA Drivers SolarWinds Broadband Engineers Edition SONIC MEGA COLLECTION PLUS *CD RIP* TNod User & Password Finder Torrent Searcher 9.0 VLC media player 1.1.11 Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 Microsoft Kernel-Mode Driver Framework Feature Pack 1.9 Windows Genuine Advantage Validation Tool (KB892130) Windows Genuine Advantage Notifications (KB905474) Windows Imaging Component Windows Media Format 11 runtime Windows Media Player 11 Windows XP Service Pack 3 Windows Live Essentials WinPcap 4.1.2 Compresor WinRAR Wireshark 1.6.0rc2 Windows Media Format 11 runtime Windows Media Player 11 Microsoft User-Mode Driver Framework Feature Pack 1.0 MSXML 6.0 Parser (KB933579) BlackBerry Device Software Updater Google Toolbar for Internet Explorer Herramienta de carga de Windows Live MSVCRT Google Toolbar for Internet Explorer Java(TM) 6 Update 27 Java(TM) 7 ConvertHelper 2.2 Windows Live Essentials Windows Live Communications Platform WebFldrs XP ESET Smart Security Java Auto Updater GFI LANguard Network Security Scanner 8.0 GFI LanGuard 10 Agent Revo Uninstaller Pro 2.5.3

Nessus BlackBerry Desktop Software 6.1 Windows Live Asistente para el inicio de sesi n MSXML 4.0 SP2 (KB954430) Windows Live Call Microsoft Silverlight Junk Mail filter update Microsoft Software Update for Web Folders Microsoft Office Access MUI (Spanish) 2007 Microsoft Office Excel MUI (Spanish) 2007 Microsoft Office PowerPoint MUI (Spanish) 2007 Microsoft Office Publisher MUI (Spanish) 2007 Microsoft Office Outlook MUI (Spanish) 2007 Microsoft Office Word MUI (Spanish) 2007 Microsoft Office Proof (Catalan) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Portuguese (Brazil)) 2007 Microsoft Office Proof (Basque) 2007 Microsoft Office Proof (Galician) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (Spanish) 2007 Microsoft Office Enterprise 2007 Microsoft Office InfoPath MUI (Spanish) 2007 Microsoft Office Shared MUI (Spanish) 2007 Microsoft Office OneNote MUI (Spanish) 2007 Microsoft Office Groove MUI (Spanish) 2007 Microsoft Office File Validation Add-In Microsoft Application Error Reporting Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Segoe UI Microsoft .NET Framework 3.0 Service Pack 2 GFI LanGuard 2011 Google Update Helper Adobe Acrobat 7.0 Professional Windows Live Mail Microsoft .NET Framework 2.0 Service Pack 2 Windows Live Messenger (Spanish) 12

WinZip 14.0 Microsoft .NET Framework 3.5 SP1 Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Oracle VM VirtualBox 4.1.2 Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Choice Guard Realtek High Definition Audio Driver MSXML 4.0 SP2 (KB973688) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Description It is possible to obtain the list of installed software on the remote host by sending SNMP requests with the OID 1.3.6.1.2.1.25.6.3.1.2 An attacker may use this information to gain more knowledge about the target host. Solution Disable the SNMP service on the remote host if you do not use it, or filter incoming UDP packets going to this port. Risk Factor None Plugin publication date: 2005/09/20 Plugin last modification date: 2011/05/24 PORT (0/TCP) Plugin ID: 49019 Cisco IOS IPS Denial of Service Vulnerability - Cisco Systems

Synopsis The remote device is missing a vendor-supplied security patch List of Hosts 192.168.80.1 Plugin Output
Update to 12.4(18c) or later

Description The Cisco IOS Intrusion Prevention System (IPS) feature contains a vulnerability in the processing of certain IPS signatures that use the SERVICE.DNS engine. This vulnerability may cause a router to crash or hang, resulting in a denial of service condition. Cisco has released free software updates that address this vulnerability. There is a workaround for this vulnerability. Note:?This vulnerability is not related in any way to CVE-2008-1447 Cache poisoning attacks. Cisco Systems has published a Cisco Security Advisory for that vulnerability, which can be found at http://www.cisco.com/en/US/products/products_security_advisory09186 a008 09c2168.shtml. Solution Apply the described patch (see plugin output). See also http://www.cisco.com/warp/public/707/cisco-sa-20080924iosfw.shtml http://www.cisco.com/warp/public/707/cisco-sa-20080924mfi.shtml http://www.cisco.com/warp/public/707/cisco-sa-20080924iosips.shtml http://www.cisco.com/warp/public/707/cisco-sa-20080924vpn.shtml http://www.cisco.com/warp/public/707/cisco-sa-20080924cucm.shtml

http://www.cisco.com/warp/public/707/cisco-sa-20080924ssl.shtml http://www.cisco.com/warp/public/707/cisco-sa-20080924l2tp.shtml http://www.cisco.com/warp/public/707/cisco-sa-20080924sip.shtml http://www.cisco.com/warp/public/707/cisco-sa-20080924sccp.shtml http://www.cisco.com/warp/public/707/cisco-sa-20080924multicast.shtml http://www.cisco.com/warp/public/707/cisco-sa-20080924ubr.shtml http://www.cisco.com/warp/public/707/cisco-sa-20080924ipc.shtml http://www.cisco.com/en/US/products/products_security_adviso ry09186a0080a01556.shtml Risk Factor High/ CVSS Base Score: 7.8 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C) CVE CVE-2008-1447 CVE-2008-2739 Other References CISCO-BUG-ID:CSCsq13348 CISCO-SA:cisco-sa-20080924-iosipshttp Plugin publication date: 2010/09/01 Plugin last modification date: 2011/03/30 PORT WWW (80/TCP) Plugin ID: 24242 Microsoft .NET Handlers Enumeration

Synopsis It is possible to enumerate the remote .NET handlers used by the\remote web server.

List of Hosts 192.168.80.6 Plugin Output


The remote extensions are handled by the remote ASP.NET server :

- .rem - .soap

Description It is possible to obtain the list of handlers the remote ASP.NET web server supports. Solution None See also http://support.microsoft.com/kb/815145 Risk Factor None Plugin publication date: 2007/01/26 Plugin last modification date: 2011/03/14 PORT (0/TCP) Plugin ID: 49031 Cisco IOS Software Mobile IP and Mobile IPv6 Vulnerabilities Cisco Systems

Synopsis The remote device is missing a vendor-supplied security patch List of Hosts

192.168.80.1 Plugin Output


Update to 12.4(18e) or later

Description Devices that are running Cisco IOS Software and configured for Mobile IP Network Address Translation (NAT) Traversal feature or Mobile IPv6 are vulnerable to a denial of service (DoS) attack that may result in a blocked interface. Cisco has released free software updates that address these vulnerabilities. Solution Apply the described patch (see plugin output). See also http://www.cisco.com/warp/public/707/cisco-sa-20090325tcp.shtml http://www.cisco.com/warp/public/707/cisco-sa-20090325ip.shtml http://www.cisco.com/warp/public/707/cisco-sa-20090325ctcp.shtml http://www.cisco.com/warp/public/707/cisco-sa-20090325scp.shtml http://www.cisco.com/warp/public/707/cisco-sa-20090325udp.shtml http://www.cisco.com/warp/public/707/cisco-sa-20090325mobileip.shtml http://www.cisco.com/warp/public/707/cisco-sa-20090325webvpn.shtml http://www.cisco.com/warp/public/707/cisco-sa-20090325sip.shtml http://www.cisco.com/en/US/products/products_security_adviso ry09186a0080a96c25.shtml

Risk Factor High/ CVSS Base Score: 7.8 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C) CVE CVE-2009-0633 CVE-2009-0634 Other References CISCO-BUG-ID:CSCsm97220 CISCO-BUG-ID:CSCso05337 CISCO-SA:cisco-sa-20090325-mobileiphttp Plugin publication date: 2010/09/01 Plugin last modification date: 2011/03/30 PORT WWW (8834/TCP) Plugin ID: 51192 SSL Certificate signed with an unknown Certificate Authority

Synopsis The SSL certificate for this service is signed by an unknown\certificate authority. List of Hosts 192.168.80.6 Plugin Output
*** ERROR: Unknown root CA in the chain: Organization: independiente Organization Unit: Nessus Certification Authority Locality: town Country: us State/Province: ohio Common Name: Nessus Certification Authority

Certificate chain:

|-Organization: independiente |-Organization Unit: Nessus Certification Authority |-Locality: town |-Country: us |-State/Province: ohio |-Common Name: Nessus Certification Authority | |--Organization: independiente |--Organization Unit: Nessus Server |--Locality: town |--Country: us |--State/Province: ohio |--Common Name: hogar-86a6036ce |

Description The X.509 certificate of the remote host is not signed by a known public certificate authority. If the remote host is a public host in production, this nullifies the use of SSL as anyone could establish a man in the middle attack against the remote host. Solution Purchase or generate a proper certificate for this service. Risk Factor Medium/ CVSS Base Score: 6.4 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N) Plugin publication date: 2010/12/15 Plugin last modification date: 2011/05/26 PORT NESSUS (1241/TCP) Plugin ID: 51192 SSL Certificate signed with an unknown Certificate Authority

Synopsis The SSL certificate for this service is signed by an unknown\certificate authority. List of Hosts 192.168.80.6 Plugin Output
*** ERROR: Unknown root CA in the chain: Organization: independiente Organization Unit: Nessus Certification Authority Locality: town Country: us State/Province: ohio Common Name: Nessus Certification Authority

Certificate chain: |-Organization: independiente |-Organization Unit: Nessus Certification Authority |-Locality: town |-Country: us |-State/Province: ohio |-Common Name: Nessus Certification Authority | |--Organization: independiente |--Organization Unit: Nessus Server |--Locality: town |--Country: us |--State/Province: ohio |--Common Name: hogar-86a6036ce |

Description The X.509 certificate of the remote host is not signed by a known

public certificate authority. If the remote host is a public host in production, this nullifies the use of SSL as anyone could establish a man in the middle attack against the remote host. Solution Purchase or generate a proper certificate for this service. Risk Factor Medium/ CVSS Base Score: 6.4 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N) Plugin publication date: 2010/12/15 Plugin last modification date: 2011/05/26 PORT WWW (8834/TCP) Plugin ID: 10386 Web Server No 404 Error Code Check

Synopsis The remote web server does not return 404 error codes. List of Hosts 192.168.80.6 Plugin Output
The following title tag will be used : 200 Unauthorized

Description The remote web server is configured such that it does not return '404 Not Found' error codes when a nonexistent file is requested, perhaps returning instead a site map, search page or authentication page. Nessus has enabled some counter measures for this. However, they might be insufficient. If a great number of security holes are produced for this port, they might not all be accurate.

Solution n/a Risk Factor None Plugin publication date: 2000/04/28 Plugin last modification date: 2011/08/13 PORT SNMP (161/UDP) Plugin ID: 10969 SNMP Request Cisco Router Information Disclosure

Synopsis The model of the remote CISCO router can be obtained by SNMP. List of Hosts 192.168.80.1 Plugin Output
Model : cisco1841 Description : 1700 Next Generation data only router with 2 slots

Description It is possible to determine the model of the remote CISCO system by sending SNMP requests with the OID 1.3.6.1.4.1.9.1. An attacker may use this information to gain more knowledge about the remote host. Solution Disable the SNMP service on the remote host if you do not use it, or filter incoming UDP packets going to this port.

See also ftp://ftp.cisco.com/pub/mibs/v1/CISCO-PRODUCTS-MIBV1SMI.my ftp://ftp.cisco.com/pub/mibs/v2/CISCO-PRODUCTS-MIB.my Risk Factor Low Plugin publication date: 2002/06/05 Plugin last modification date: 2011/05/24 PORT WWW (8834/TCP) Plugin ID: 20108 Web Server / Application favicon.ico Vendor Fingerprinting

Synopsis The remote web server contains a graphic image that is prone to\information disclosure. List of Hosts 192.168.80.6 Plugin Output
The MD5 fingerprint for 'favicon.ico' suggests the web server is Nessus 4.x Web Client.

Description The 'favicon.ico' file found on the remote web server belongs to a popular webserver. This may be used to fingerprint the web server. Solution Remove the 'favicon.ico' file or create a custom one for your site.

Risk Factor None Other References OSVDB:39272 Plugin publication date: 2005/10/28 Plugin last modification date: 2011/08/15 PORT (8197/TCP) Plugin ID: 20108 Web Server / Application favicon.ico Vendor Fingerprinting

Synopsis The remote web server contains a graphic image that is prone to\information disclosure. List of Hosts 192.168.80.7 Plugin Output
The MD5 fingerprint for 'favicon.ico' suggests the web server is myghty 1.1 zblog.

Description The 'favicon.ico' file found on the remote web server belongs to a popular webserver. This may be used to fingerprint the web server. Solution Remove the 'favicon.ico' file or create a custom one for your site. Risk Factor None Other References OSVDB:39272

Plugin publication date: 2005/10/28 Plugin last modification date: 2011/08/15 PORT (0/UDP) Plugin ID: 10287 Traceroute Information

Synopsis It was possible to obtain traceroute information. List of Hosts 192.168.80.9 Plugin Output
For your information, here is the traceroute from 192.168.80.6 to 192.168.80.9 : 192.168.80.6 192.168.80.9

192.168.80.8 Plugin Output


For your information, here is the traceroute from 192.168.80.6 to 192.168.80.8 : 192.168.80.6 192.168.80.8

192.168.80.7 Plugin Output


For your information, here is the traceroute from 192.168.80.6 to 192.168.80.7 : 192.168.80.6 192.168.80.7

192.168.80.2

Plugin Output
For your information, here is the traceroute from 192.168.80.6 to 192.168.80.2 : 192.168.80.6 192.168.80.2

192.168.80.10 Plugin Output


For your information, here is the traceroute from 192.168.80.6 to 192.168.80.10 : 192.168.80.6 192.168.80.10

192.168.80.1 Plugin Output


For your information, here is the traceroute from 192.168.80.6 to 192.168.80.1 : 192.168.80.6 192.168.80.1

Description Makes a traceroute to the remote host. Solution n/a Risk Factor None Plugin publication date: 1999/11/27 Plugin last modification date: 2011/03/21 PORT NESSUS (1241/TCP)

Plugin ID: 50845 OpenSSL Detection

Synopsis The remote service appears to use OpenSSL to encrypt traffic. List of Hosts 192.168.80.6

Description Based on its behavior, it seems that the remote service is using the OpenSSL library to encrypt traffic. Note that this plugin can only detect OpenSSL implementations that have enabled support for TLS extensions (RFC 4366). Solution n/a See also http://www.openssl.org Risk Factor None Plugin publication date: 2010/11/30 Plugin last modification date: 2011/04/20 PORT DCE-RPC (1027/TCP) Plugin ID: 22319 MSRPC Service Detection

Synopsis A DCE/RPC server is listening on the remote host. List of Hosts

192.168.80.6

Description The remote host is running a Windows RPC service. This service replies to the RPC Bind Request with a Bind Ack response. However it is not possible to determine the uuid of this service. Solution n/a Risk Factor None Plugin publication date: 2006/09/11 Plugin last modification date: 2011/03/11 PORT DISCARD (9/TCP) Plugin ID: 11367 Discard Service Detection

Synopsis A discard service is running on the remote host. List of Hosts 192.168.80.6

Description The remote host is running a 'discard' service. This service typically sets up a listening socket and will ignore all the data which it receives. This service is unused these days, so it is advised that you disable it.

Solution - Under Unix systems, comment out the 'discard' line in /etc/inetd.conf and restart the inetd process - Under Windows systems, set the following registry key to 0 : HKLM\System\CurrentControlSet\Services\SimpTCP\Parameters\Enabl eTcpDiscard Then launch cmd.exe and type : net stop simptcp net start simptcp To restart the service. Risk Factor None Plugin publication date: 2003/03/12 Plugin last modification date: 2011/03/11 PORT (7/UDP) Plugin ID: 10061 Echo Service Detection

Synopsis An echo service is running on the remote host. List of Hosts 192.168.80.6

Description The remote host is running the 'echo' service. This service echoes any data which is sent to it.

This service is unused these days, so it is strongly advised that you disable it, as it may be used by attackers to set up denial of services attacks against this host. Solution - Under Unix systems, comment out the 'echo' line in /etc/inetd.conf and restart the inetd process - Under Windows systems, set the following registry key to 0 : HKLM\System\CurrentControlSet\Services\SimpTCP\Parameters\Enabl eTcpEcho HKLM\System\CurrentControlSet\Services\SimpTCP\Parameters\Enabl eUdpEcho Then launch cmd.exe and type : net stop simptcp net start simptcp To restart the service. Risk Factor None CVE CVE-1999-0103 CVE-1999-0635 Other References OSVDB:150 Vulnerability publication date: 1996/02/08 Plugin publication date: 1999/06/22 Plugin last modification date: 2011/03/11 PORT (0/TCP) Plugin ID: 34220 Netstat Portscanner (WMI)

Synopsis List of Hosts 192.168.80.7

Description

Solution

Risk Factor

PORT (0/TCP) Plugin ID: 49647 Cisco IOS Software H.323 Denial of Service Vulnerabilities Cisco Systems

Synopsis The remote device is missing a vendor-supplied security patch List of Hosts 192.168.80.1 Plugin Output
Update to 12.4(25d) or later

Description The H.323 implementation in Cisco IOS Software contains two vulnerabilities that may be exploited remotely to cause a denial of service (DoS) condition on a device that is running a vulnerable version of Cisco IOS Software.

Cisco has released free software updates that address these vulnerabilities. There are no workarounds to mitigate these vulnerabilities other than disabling H.323 on the vulnerable device. Solution Apply the described patch (see plugin output). See also http://www.cisco.com/warp/public/707/cisco-sa-2010922h323.shtml http://www.cisco.com/warp/public/707/cisco-sa-20100922bundle.shtml http://www.cisco.com/warp/public/707/cisco-sa-20100922h323.shtml http://www.cisco.com/en/US/products/products_security_adviso ry09186a0080b4a300.shtml Risk Factor High/ CVSS Base Score: 7.8 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C) CVE CVE-2010-2828 CVE-2010-2829 Other References CISCO-BUG-ID:CSCtc73759 CISCO-BUG-ID:CSCtd33567 CISCO-SA:cisco-sa-20100922-h323http Plugin publication date: 2010/09/22 Plugin last modification date: 2011/10/04 PORT SNMP (161/UDP) Plugin ID: 20134 Cisco IOS System Timers Remote Overflow (CSCei61732)

Synopsis The remote router can be compromised remotely.

List of Hosts 192.168.80.1

Description The remote host is a CISCO router containing a version of IOS that is vulnerable to a heap overflow attack. An attacker may exploit this flaw to crash the remote device or to execute arbitrary code remotely. Solution http://www.cisco.com/warp/public/707/cisco-sa-20051102-timers.shtml Risk Factor High/ CVSS Base Score: 9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C) CVSS Temporal Score: 6.9(CVSS2#E:U/RL:OF/RC:C) CVE CVE-2005-3481 Bugtraq ID 15275 Other References OSVDB:20455 Vulnerability publication date: 2005/11/03 Plugin publication date: 2005/11/03 Plugin last modification date: 2011/03/17 Ease of exploitability : No known exploits are available PORT (0/TCP) Plugin ID: 46180 Additional DNS Hostnames

Synopsis Potential virtual hosts have been detected. List of Hosts 192.168.80.9 Plugin Output
- win-znsa33cjfub

192.168.80.7 Plugin Output


- hogar-1b0fb0481

192.168.80.6 Plugin Output


- hogar-86a6036ce

192.168.80.2 Plugin Output


- familiar-ctue30

Description Hostnames different from the current hostname have been collected by miscellaneous plugins. Different web servers may be hosted on namebased virtual hosts. Solution If you want to test them, re-scan using the special vhost syntax,

such as : www.example.com[192.0.32.10] See also http://en.wikipedia.org/wiki/Virtual_hosting Risk Factor None Plugin publication date: 2010/04/29 Plugin last modification date: 2011/06/22 PORT (0/TCP) Plugin ID: 49003 Multiple Vulnerabilities in the IOS FTP Server

Synopsis The remote device is missing a vendor-supplied security patch List of Hosts 192.168.80.1 Plugin Output
Update to 12.4(12) or later

Description The Cisco IOS FTP Server feature contains multiple vulnerabilities that can result in a denial of service (DoS) condition, improper verification of user credentials, and the ability to retrieve or write any file from the device filesystem, including the device's saved configuration. This configuration file may include passwords or other sensitive information. The IOS FTP Server is an optional service that is disabled by default. Devices that are not specifically configured to enable the IOS FTP Server service are unaffected by these vulnerabilities.

This vulnerability does not apply to the IOS FTP Client feature. Solution Apply the described patch (see plugin output). See also http://www.cisco.com/warp/public/707/cisco-sa-20070509iosftp.shtml http://www.cisco.com/en/US/products/products_security_adviso ry09186a00808399d0.shtml Risk Factor High/ CVSS Base Score: 9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C) CVE CVE-2007-2586 Other References CWE:264 CISCO-BUG-ID:CSCek55259 CISCO-BUG-ID:CSCse29244 CISCO-BUG-ID:CSCsg16908 CISCO-SA:cisco-sa-20070509-iosftphttp Plugin publication date: 2010/09/01 Plugin last modification date: 2011/03/30 PORT SNMP (161/UDP) Plugin ID: 35296 SNMP Protocol Version Detection

Synopsis This plugin reports the protocol version negotiated with the remote\SNMP agent. List of Hosts 192.168.80.6 Plugin Output

Nessus has negotiated SNMP communications at SNMPv2c.

192.168.80.1 Plugin Output


Nessus has negotiated SNMP communications at SNMPv2c.

Description By sending an SNMP 'get-next-request', it is possible to determine the protocol version of the remote SNMP agent. Solution Disable the SNMP service on the remote host if you do not use it, or filter incoming UDP packets going to this port. See also http://en.wikipedia.org/wiki/Simple_Network_Management_Prot ocol Risk Factor None Plugin publication date: 2009/01/06 Plugin last modification date: 2011/05/24 PORT (0/TCP) Plugin ID: 49040 Cisco IOS Software Authentication Proxy Vulnerability - Cisco Systems

Synopsis

The remote device is missing a vendor-supplied security patch List of Hosts 192.168.80.1 Plugin Output
Update to 12.4(23b) or later

Description Cisco IOS Software configured with Authentication Proxy for HTTP(S), Web Authentication or the consent feature, contains a vulnerability that may allow an unauthenticated session to bypass the authentication proxy server or bypass the consent webpage. Cisco has released free software updates that address this vulnerability. There are no workarounds that mitigate this vulnerability. Solution Apply the described patch (see plugin output). See also http://www.cisco.com/warp/public/707/cisco-sa-20090923-authproxy.shtml http://www.cisco.com/en/US/products/products_security_adviso ry09186a0080af8132.shtml Risk Factor High/ CVSS Base Score: 7.1 (CVSS2#AV:N/AC:M/Au:N/C:C/I:N/A:N) CVE CVE-2009-2863 Other References CWE:287 CISCO-BUG-ID:CSCsy15227 CISCO-SA:cisco-sa-20090923-auth-proxyhttp

Plugin publication date: 2010/09/01 Plugin last modification date: 2011/03/30 PORT WWW (80/TCP) Plugin ID: 10077 Microsoft FrontPage Extensions Check

Synopsis FrontPage extensions are enabled. List of Hosts 192.168.80.6 Plugin Output
The remote frontpage server leaks information regarding the name of the anonymous user. By knowing the name of the anonymous user, more sophisticated attacks may be launched. We could gather that the name of the anonymous user is : IUSR_HOGAR-86A6036CE

Description The remote web server appears to be running with the FrontPage extensions. FrontPage allows remote web developers and administrators to modify web content from a remote location. While this is a fairly typical scenario on an internal local area network, the FrontPage extensions should not be available to anonymous users via the Internet (or any other untrusted 3rd party network). Solution n/a Risk Factor None

CVE CVE-2000-0114 Other References OSVDB:67 Vulnerability publication date: 2000/02/03 Plugin publication date: 1999/08/22 Plugin last modification date: 2011/08/04 PORT (0/TCP) Plugin ID: 49026 Vulnerability in Cisco IOS While Processing SSL Packet - Cisco Systems

Synopsis The remote device is missing a vendor-supplied security patch List of Hosts 192.168.80.1 Plugin Output
Update to 12.4(18c) or later

Description A Cisco IOS device may crash while processing an SSL packet. This can happen during the termination of an SSL-based session. The offending packet is not malformed and is normally received as part of the packet exchange. Cisco has released free software updates that address this vulnerability. Aside from disabling affected services, there are no available workarounds to mitigate an exploit of this vulnerability. Solution Apply the described patch (see plugin output). See also

http://www.cisco.com/warp/public/707/cisco-sa-20080924iosfw.shtml http://www.cisco.com/warp/public/707/cisco-sa-20080924mfi.shtml http://www.cisco.com/warp/public/707/cisco-sa-20080924iosips.shtml http://www.cisco.com/warp/public/707/cisco-sa-20080924vpn.shtml http://www.cisco.com/warp/public/707/cisco-sa-20080924ssl.shtml http://www.cisco.com/warp/public/707/cisco-sa-20080924cucm.shtml http://www.cisco.com/warp/public/707/cisco-sa-20080924l2tp.shtml http://www.cisco.com/warp/public/707/cisco-sa-20080924sip.shtml http://www.cisco.com/warp/public/707/cisco-sa-20080924sccp.shtml http://www.cisco.com/warp/public/707/cisco-sa-20080924multicast.shtml http://www.cisco.com/warp/public/707/cisco-sa-20080924ipc.shtml http://www.cisco.com/warp/public/707/cisco-sa-20080924ubr.shtml http://www.cisco.com/en/US/products/products_security_adviso ry09186a0080a0146c.shtml Risk Factor High/ CVSS Base Score: 7.8 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C) CVE CVE-2008-3798 Other References CISCO-BUG-ID:CSCsj85065 CISCO-SA:cisco-sa-20080924-sslhttp Plugin publication date: 2010/09/01 Plugin last modification date: 2011/03/30

PORT SNMP (161/UDP) Plugin ID: 41028 SNMP Agent Default Community Name (public)

Synopsis The community name of the remote SNMP server can be guessed. List of Hosts 192.168.80.6 Plugin Output
The remote SNMP server replies to the following default community string :

public

192.168.80.1 Plugin Output


The remote SNMP server replies to the following default community string :

public

Description It is possible to obtain the default community name of the remote SNMP server. An attacker may use this information to gain more knowledge about the remote host, or to change the configuration of the remote system (if the default community allow such modifications). Solution

Disable the SNMP service on the remote host if you do not use it, filter incoming UDP packets going to this port, or change the default community string. Risk Factor High/ CVSS Base Score: 7.5 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P) CVSS Temporal Score: 7.1(CVSS2#E:F/RL:U/RC:ND) CVE CVE-1999-0517 Bugtraq ID 2112 Other References OSVDB:209 Vulnerability publication date: 1998/11/17 Plugin publication date: 2002/11/25 Plugin last modification date: 2011/03/14 PORT (0/TCP) Plugin ID: 20094 VMware Virtual Machine Detection

Synopsis The remote host seems to be a VMware virtual machine. List of Hosts 192.168.80.9 192.168.80.2

Description According to the MAC address of its network adapter, the remote host is a VMware virtual machine. Since it is physically accessible through the network, ensure that its

configuration matches your organization's security policy. Solution n/a Risk Factor None Plugin publication date: 2005/10/27 Plugin last modification date: 2011/03/27 PORT FTP (21/TCP) Plugin ID: 10092 FTP Server Detection

Synopsis An FTP server is listening on this port. List of Hosts 192.168.80.6 Plugin Output
The remote FTP banner is :

220 Microsoft FTP Service

192.168.80.2 Plugin Output


The remote FTP banner is :

220 Microsoft FTP Service

Description

It is possible to obtain the banner of the remote FTP server by connecting to the remote port. Solution N/A Risk Factor None Plugin publication date: 1999/10/12 Plugin last modification date: 2011/03/15 PORT FTP (21/TCP) Plugin ID: 34324 FTP Supports Clear Text Authentication

Synopsis Authentication credentials might be intercepted. List of Hosts 192.168.80.6 Plugin Output
This FTP server does not support 'AUTH TLS'.

192.168.80.2 Plugin Output


This FTP server does not support 'AUTH TLS'.

Description The remote FTP server allows the user's name and password to be transmitted in clear text, which may be intercepted by a network sniffer or a man-in-the-middle attack.

Solution Switch to SFTP (part of the SSH suite) or FTPS (FTP over SSL/TLS). In the latter case, configure the server such that control connections are encrypted. Risk Factor Low/ CVSS Base Score: 2.6 (CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N) Other References CWE:522 CWE:523 Plugin publication date: 2008/10/01 Plugin last modification date: 2011/09/15 PORT NTP (123/UDP) Plugin ID: 10884 Network Time Protocol (NTP) Server Detection

Synopsis An NTP server is listening on the remote host. List of Hosts 192.168.80.7 192.168.80.6 192.168.80.2

Description An NTP (Network Time Protocol) server is listening on this port. It provides information about the current date and time of the remote system and may provide system information. Solution n/a

Risk Factor None Plugin publication date: 2002/03/13 Plugin last modification date: 2011/03/11 PORT (0/TCP) Plugin ID: 49648 Cisco IOS Software Session Initiation Protocol Denial of Service Vulnerabilities - Cisco Systems

Synopsis The remote device is missing a vendor-supplied security patch List of Hosts 192.168.80.1 Plugin Output
Update to 12.4(25d) or later

Description Multiple vulnerabilities exist in the Session Initiation Protocol (SIP) implementation in Cisco IOS Software that could allow an unauthenticated, remote attacker to cause a reload of an affected device when SIP operation is enabled. Cisco has released free software updates that address these vulnerabilities. There are no workarounds for devices that must run SIP; however, mitigations are available to limit exposure to the vulnerabilities. Solution Apply the described patch (see plugin output). See also http://www.cisco.com/warp/public/707/cisco-sa-20100922cucmsip.shtml

http://www.cisco.com/warp/public/707/cisco-sa-20100922bundle.shtml http://www.cisco.com/warp/public/707/cisco-sa-20090826cucm.shtml http://www.cisco.com/warp/public/707/cisco-sa-20100922sip.shtml http://www.cisco.com/en/US/products/products_security_adviso ry09186a0080b4a30f.shtml Risk Factor High/ CVSS Base Score: 7.8 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C) CVE CVE-2009-2051 CVE-2010-2834 CVE-2010-2835 Other References CISCO-BUG-ID:CSCsz43987 CISCO-BUG-ID:CSCta20040 CISCO-BUG-ID:CSCtf72678 CISCO-SA:cisco-sa-20100922-siphttp Plugin publication date: 2010/09/22 Plugin last modification date: 2011/10/04 PORT (0/TCP) Plugin ID: 56314 Cisco IOS Software Data-Link Switching Vulnerability - Cisco Systems

Synopsis The remote device is missing a vendor-supplied security patch List of Hosts 192.168.80.1 Plugin Output
Update to 12.4(25f) or later

Description Cisco IOS Software contains a memory leak vulnerability in the Data-Link Switching (DLSw) feature that could result in a device reload when processing crafted IP Protocol 91 packets. Cisco has released free software updates that address this vulnerability. Solution Apply the described patch (see plugin output). See also http://www.cisco.com/warp/public/707/cisco-sa-20110928dlsw.shtml http://www.cisco.com/en/US/products/products_security_adviso ry09186a0080b95d4e.shtml Risk Factor High/ CVSS Base Score: 7.8 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C) CVE CVE-2011-0945 Other References CISCO-BUG-ID:CSCth69364 CISCO-SA:cisco-sa-20110928-dlswhttp Plugin publication date: 2011/09/29 Plugin last modification date: 2011/10/04 PORT NNTP (119/TCP) Plugin ID: 11033 News Server (NNTP) Information Disclosure

Synopsis Information about the remote NNTP server can be collected.

List of Hosts 192.168.80.2 Plugin Output


This NNTP server allows unauthenticated connections. For your information, we counted 3 newsgroups on this NNTP server: 0 in the alt hierarchy, 0 in rec, 0 in biz, 0 in sci, 0 in soc, 0 in misc, 0 in news, 0 in comp, 0 in talk, 0 in microsoft, 0 in humanities. Although this server says it allows posting, we were unable to send a message (posted in alt.test).

Description By probing the remote NNTP server, Nessus is able to collect information about it, such as whether it allows remote connections, the number of newsgroups, etc. Solution Disable this server if it is not used. Risk Factor None Plugin publication date: 2002/06/28 Plugin last modification date: 2011/06/22 PORT SNMP (161/UDP) Plugin ID: 40448 SNMP Supported Protocols Detection

Synopsis This plugin reports all the protocol versions successfully negotiated\with the remote SNMP agent. List of Hosts

192.168.80.6 Plugin Output


This host supports SNMP version SNMPv1. This host supports SNMP version SNMPv2c.

192.168.80.1 Plugin Output


This host supports SNMP version SNMPv1. This host supports SNMP version SNMPv2c.

Description Extend the SNMP settings data already gathered by testing for\ SNMP versions other than the highest negotiated. Solution n/a Risk Factor None Plugin publication date: 2009/07/31 Plugin last modification date: 2011/03/11 PORT (0/TCP) Plugin ID: 49048 Cisco IOS Software Tunnels Vulnerability - Cisco Systems

Synopsis The remote device is missing a vendor-supplied security patch List of Hosts 192.168.80.1

Plugin Output
Update to 12.4(25b) or later

Description Cisco devices running affected versions of Cisco IOS Software are vulnerable to a denial of service (DoS) attack if configured for IP tunnels and Cisco Express Forwarding. Cisco has released free software updates that address this vulnerability. Solution Apply the described patch (see plugin output). See also http://www.cisco.com/warp/public/707/cisco-sa-20090923tunnels.shtml http://www.cisco.com/en/US/products/products_security_adviso ry09186a0080af8115.shtml Risk Factor High/ CVSS Base Score: 7.1 (CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C) CVE CVE-2009-2872 CVE-2009-2873 Other References CISCO-BUG-ID:CSCsh97579 CISCO-BUG-ID:CSCsq31776 CISCO-BUG-ID:CSCsx70889 CISCO-SA:cisco-sa-20090923-tunnelshttp Plugin publication date: 2010/09/01 Plugin last modification date: 2011/03/30 PORT SNMP (161/UDP) Plugin ID: 10264

SNMP Agent Default Community Names

Synopsis The community names of the remote SNMP server can be guessed. List of Hosts 192.168.80.1 Plugin Output
The remote SNMP server replies to the following default community strings :

- private - public

Description It is possible to obtain the default community names of the remote SNMP server. An attacker may use this information to gain more knowledge about the remote host or to change the configuration of the remote system (if the default community allow such modifications). Solution Disable the SNMP service on the remote host if you do not use it, filter incoming UDP packets going to this port, or change the default community string. Risk Factor High/ CVSS Base Score: 7.5 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P) CVSS Temporal Score: 6.2(CVSS2#E:F/RL:OF/RC:C)

CVE CVE-1999-0186 CVE-1999-0254 CVE-1999-0516 CVE-1999-0517 CVE-2004-0311 CVE-2004-1474 CVE-2010-1574 Bugtraq ID 177 2112 6825 7081 7212 7317 9681 986 10576 11237 41436 Other References OSVDB:209 OSVDB:3985 OSVDB:5770 OSVDB:8076 OSVDB:10206 OSVDB:11964 OSVDB:58147 OSVDB:66120 Vulnerability publication date: 1998/11/02 Plugin publication date: 2002/11/25 Plugin last modification date: 2011/08/29 Ease of exploitability : Exploits are available PORT LDAP (389/TCP) Plugin ID: 20870 LDAP Server Detection

Synopsis There is an LDAP server active on the remote host. List of Hosts 192.168.80.7 192.168.80.2

Description The remote host is running a Lightweight Directory Access Protocol, or LDAP, server. LDAP is a protocol for providing access to directory services over TCP/IP. Solution n/a See also http://en.wikipedia.org/wiki/LDAP Risk Factor None Plugin publication date: 2006/02/10 Plugin last modification date: 2011/03/11 PORT FTP (21/TCP) Plugin ID: 10079 Anonymous FTP Enabled

Synopsis Anonymous logins are allowed on the remote FTP server. List of Hosts 192.168.80.6 192.168.80.2

Plugin Output
The contents of the remote FTP root are : 09-22-11 09-29-11 09-14-11 09:46PM 10:37PM 06:47PM 74 192.168.80.2.url 0 gfiuploadtest.txt 35855 Principales cambios de nuevo C digo de

lo Contencioso Administrativo.docx 09-29-11 09:37PM 40 Prueba.txt

Description This FTP service allows anonymous logins. Any remote user may connect and authenticate without providing a password or unique credentials. This allows a user to access any files made available on the FTP server. Solution Disable anonymous FTP if it is not required. Routinely check the FTP server to ensure sensitive content is not available. Risk Factor Medium/ CVSS Base Score: 5.0 (CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N) CVE CVE-1999-0497 Other References OSVDB:69 Vulnerability publication date: 1993/07/01 Plugin publication date: 1999/06/22 Plugin last modification date: 2011/10/05

192.168.80.9 Scan Time Start time: End time: Number of vulnerabilities High Medium Low Remote Host Information Operating System: NetBIOS name: MAC addresses: 192.168.80.8 Scan Time Start time: End time: Number of vulnerabilities High Medium Low Remote Host Information Operating System: NetBIOS name: MAC addresses: 192.168.80.7 Scan Time Start time: End time: Number of vulnerabilities High Medium Low Remote Host Information Operating System:

Sat Oct 08 09:33:35 2011 Sat Oct 08 09:48:00 2011

15

Microsoft Windows Server 2008 Service Pack 1 WIN-ZNSA33CJFUB 00:0c:29:52:64:85

Sat Oct 08 09:33:35 2011 Sat Oct 08 09:38:31 2011

1 8

Windows 7 Starter JHON-PC 00:26:55:bb:ea:57

Sat Oct 08 09:33:35 2011 Sat Oct 08 09:36:22 2011

26

Microsoft Windows Server 2003 Service Pack 2

NetBIOS name: DNS name: MAC addresses: 192.168.80.6 Scan Time Start time: End time: Number of vulnerabilities High Medium Low Remote Host Information Operating System: NetBIOS name: MAC addresses: 192.168.80.2 Scan Time Start time: End time: Number of vulnerabilities High Medium Low Remote Host Information Operating System: NetBIOS name: MAC addresses: 192.168.80.10 Scan Time Start time: End time: Number of vulnerabilities High

HOGAR-1B0FB0481 HOGAR-1B0FB0481 08:00:27:40:03:00

Sat Oct 08 09:33:35 2011 Sat Oct 08 09:37:43 2011 1 4 57

Microsoft Windows XP Service Pack 2Microsoft Windows XP Service Pack 3 HOGAR-86A6036CE 00:1b:24:f3:92:df

Sat Oct 08 09:33:35 2011 Sat Oct 08 09:38:31 2011

1 25

Microsoft Windows Server 2003 Service Pack 1 FAMILIAR-CTUE30 00:0c:29:2f:39:87

Sat Oct 08 09:33:35 2011 Sat Oct 08 09:38:17 2011

Medium Low Remote Host Information Operating System: NetBIOS name: MAC addresses: 192.168.80.1 Scan Time Start time: End time: Number of vulnerabilities High Medium Low Remote Host Information Operating System: MAC addresses:

Windows 7 Home FAMILIAR-PC 60:eb:69:6d:3d:66

Sat Oct 08 09:33:35 2011 Sat Oct 08 09:39:01 2011 25 3 16

CISCO IOS 12.4(1c) 00:1d:70:76:c0:1e