Scan Report April 7, 2020 Summary This document reports on the results of an automatic security scan. All dates are dis- played using the timezone "Coordinated Universal Time", which is abbreviated "UTC". The task was "Immediate scan of IP 192.168.1.10". The scan started at Tue Apr 7 01:38:24 2020 UTC and ended at Tue Apr 7 01:41:26 2020 UTC. The report first summarises the results found. Then, for each host, the report describes every issue found. Please consider the advice given in each description, in order to rectify the issue. Contents 1 Result Overview 2 Results per Host 192.168.1.10 . 2.1 2.1.1 High 445/tcp 2.1.2 High general/tcp 2.1.3 2.1.4 Medium 135/tcp Low general/tcp 1 211 22 23 4 7 2 RESULTS PER HOST 1 Result Overview Host High Medium Low Log False Positive 192.168.1.10 2 1 1 0 0 Total: 1 2 1 1 0 0 2 Vendor security updates are not trusted. Overrides are on. When a result has an override, this report uses the threat of the override. Information on overrides is included in the report. Notes are included in the report. This report might not show details of all issues that were found. It only lists hosts that produced issues. Issues with the threat level "Log" are not shown. Issues with the threat level "Debug" are not shown. Issues with the threat level "False Positive" are not shown. Only results with a minimum QoD of 70 are shown. This report contains all 4 results selected by the filtering described above. Before filtering there were 15 results. 2 Results per Host 2.1 192.168.1.10 Host scan start Host scan end Tue Apr 7 01:38:44 2020 UTC Tue Apr 7 01:41:26 2020 UTC Service (Port) Threat Level 445/tcp High general/tcp 135/tcp general/tcp High Medium Low 2.1.1 High 445/tcp High (CVSS: 9.3) NVT: Microsoft Windows SMB Server Multiple Vulnerabilities-Remote (4013389) Summary This host is missing a critical security update according to Microsoft Bulletin MS17-010. Vulnerability Detection Result Vulnerability was detected according to the Vulnerability Detection Method. continues on next page. ... 2 RESULTS PER HOST 3 Impact ... continued from previous page. Successful exploitation will allow remote attackers to gain the ability to execute code on the target server, also could lead to information disclosure from the server. Solution Solution type: VendorFix The vendor has released updates. Please see the references for more information. Affected Software/OS Microsoft Windows 10 x32/x64 Edition Microsoft Windows Server 2012 Edition Microsoft Win- dows Server 2016 Microsoft Windows 8.1 x32/x64 Edition Microsoft Windows Server 2012 R2 Edition Microsoft Windows 7 x32/x64 Edition Service Pack 1 Microsoft Windows Vista x32/x64 Edition Service Pack 2 Microsoft Windows Server 2008 R2 x64 Edition Service Pack 1 Microsoft Windows Server 2008 x32/x64 Edition Service Pack 2 Vulnerability Insight Multiple flaws exist due to the way that the Microsoft Server Message Block 1.0 (SMBv1) server handles certain requests. Vulnerability Detection Method Send the crafted SMB transaction request with fid vulnerability. = O and check the response to confirm the Details: Microsoft Windows SMB Server Multiple Vulnerabilities-Remote (4013389) OID:1.3.6.1.4.1.25623.1.0.810676 Version used: 2019-05-03T10:54:50+0000 References CVE: CVE-2017-0143, CVE-2017-0144, CVE-2017-0145, CVE-2017-0146, CVE-2017-0147, CVE-2017-0148 BID: 96703, 96704, 96705, 96707, 96709, 96706 Other: URL: https://support.microsoft.com/en-in/kb/4013078 URL: https://technet.microsoft.com/library/security/MS17-010 URL: https://github.com/rapid7/metasploit-framework/pull/8167/files [return to 192.168.1.10] 2.1.2 High general/tcp High (CVSS: 10.0) NVT: OS End Of Life Detection Product detection result cpe:/o: microsoft:windows_10:1507: cb: enterprise Detected by OS Detection Consolidation and Reporting (OID: 1.3.6.1.4.1.25623.1.0 ... continues on next page... 2 RESULTS PER HOST →.105937) 4 ... continued from previous page ... Summary OS End Of Life Detection The Operating System on the remote host has reached the end of life and should not be used anymore. Vulnerability Detection Result The "Windows 10" Operating System on the remote host has reached the end of life →. CPE: Installed version, build or SP: EOL date: EOL info: >>cle-fact-sheet Solution cpe:/o: microsoft:windows_10:1507: cb: enterprise 1507cb 2017-05-09 https://support.microsoft.com/en-US/help/13853/windows-lifecy Solution type: Mitigation Vulnerability Detection Method Details: OS End Of Life Detection OID:1.3.6.1.4.1.25623.1.0.103674 Version used: $Revision: 8927 $ Product Detection Result Product: cpe:/o:microsoft:windows_10:1507: cb: enterprise Method: OS Detection Consolidation and Reporting OID: 1.3.6.1.4.1.25623.1.0.105937) [return to 192.168.1.10] 2.1.3 Medium 135/tcp Medium (CVSS: 5.0) NVT: DCE/RPC and MSRPC Services Enumeration Reporting Summary Distributed Computing Environment / Remote Procedure Calls (DCE/RPC) or MSRPC ser- vices running on the remote host can be enumerated by connecting on port 135 and doing the appropriate queries. Vulnerability Detection Result Here is the list of DCE/RPC or MSRPC services running on this host via the TCP p rotocol: ... continues on next page ... 2 RESULTS PER HOST 5 Port: 49408/tcp ... continued from previous page ... UUID: d95afe 70-a6d5-4259-822e-2c84da1ddb0d, version 1 Endpoint: ncacn_ip_tcp: 192.168.1.10 [49408] Port: 49409/tcp UUID: 06bba54a-be05-49f9-b0a0-30f790261023, version 1 Endpoint: ncacn_ip_tcp: 192.168.1.10 [49409] Annotation: Security Center UUID: 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d5, version 1 Endpoint: ncacn_ip_tcp: 192.168.1.10 [49409] Annotation: DHCP Client LRPC Endpoint UUID: 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d6, version 1 Endpoint: ncacn_ip_tcp: 192.168.1.10 [49409] Annotation: DHCPv6 Client LRPC Endpoint UUID: abfb6ca3-0c5e-4734-9285-0aee72fe8d1c, version 1 Endpoint: ncacn_ip_tcp: 192.168.1.10 [49409] UUID: b3781086-6a54-489b-91c8-51d067172ab7, version 1 Endpoint: ncacn_ip_tcp: 192.168.1.10 [49409] UUID: b37f900a-eae4-4304-a2ab-12bb668c0188, version 1 Endpoint: ncacn_ip_tcp: 192.168.1.10 [49409] UUID: e7f76134-9ef5-4949-a2d6-3368 cc0988f3, version 1 Endpoint: ncacn_ip_tcp: 192.168.1.10 [49409] UUID: f6beaff7-1e19-4fbb-9f8f-b89e2018337c, version 1 Endpoint: ncacn_ip_tcp: 192.168.1.10 [49409] Annotation: Event log TCPIP Port: 49410/tcp UUID: 0d3c7f20-1c8d-4654-a1b3-51563b298bda, version 1 Endpoint: ncacn_ip_tcp: 192.168.1.10 [49410] Annotation: User MgrCli UUID: 1a0d010f-1c33-432c-b0f5-8cf4e8053099, version 1 Endpoint: ncacn_ip_tcp: 192.168.1.10 [49410] Annotation: IdSegSrv service UUID: 2e6035b2-e8f1-41a7-a044-656b439c4c34, version 1 Endpoint: ncacn_ip_tcp: 192.168.1.10 [49410] Annotation: Proxy Manager provider server endpoint UUID: 3a9ef155-691d-4449-8d05-09ad57031823, version 1 Endpoint: ncacn_ip_tcp: 192.168.1.10 [49410] UUID: 552d076a-cb29-4e44-8b6a-d15e59e2c0af, version 1 Endpoint: ncacn_ip_tcp: 192.168.1.10 [49410] Annotation: IP Transition Configuration endpoint UUID: 86d35949-83c9-4044-b424-db363231fd0c, version 1 Endpoint: ncacn_ip_tcp: 192.168.1.10 [49410] UUID: 98716d03-89ac-44c7-bb8c-285824e51c4a, version 1 Endpoint: ncacn_ip_tcp: 192.168.1.10 [49410] Annotation: XactSrv service UUID: b18fbab6-56f8-4702-84e0-41053293a869, version 1 Endpoint: ncacn_ip_tcp: 192.168.1.10 [49410] Annotation: UserMgrCli continues on next page ...