Nessus AI riport – 10.44.100.101

A következő táblázat tartalmazza az adott IP-hez tartozó összes sérülékenységet, a Nessus által szolgáltatott főbb technikai mezőkkel együtt.

Severity	Plugin ID	Plugin Name	CVSSv2 Score	CVE	Description	Solution	Port	Protocol	Host
None	10107	HTTP Server Type and Version			This plugin attempts to determine the type and the version of the remote web server.	n/a	80	tcp	10.44.100.101
None	10107	HTTP Server Type and Version			This plugin attempts to determine the type and the version of the remote web server.	n/a	443	tcp	10.44.100.101
None	10107	HTTP Server Type and Version			This plugin attempts to determine the type and the version of the remote web server.	n/a	5000	tcp	10.44.100.101
None	10107	HTTP Server Type and Version			This plugin attempts to determine the type and the version of the remote web server.	n/a	5001	tcp	10.44.100.101
Low	10114	ICMP Timestamp Request Remote Date Disclosure	2.1	CVE-1999-0524	The remote host answers to an ICMP timestamp request. This allows an attacker to know the date that is set on the targeted machine, which may assist an unauthenticated, remote attacker in defeating time-based authentication protocols. Timestamps returned from machines running Windows Vista / 7 / 2008 / 2008 R2 are deliberately incorrect, but usually within 1000 seconds of the actual system time.	Filter out the ICMP timestamp requests (13), and the outgoing ICMP timestamp replies (14).	0	icmp	10.44.100.101
None	10150	Windows NetBIOS / SMB Remote Host Information Disclosure			The remote host is listening on UDP port 137 or TCP port 445, and replies to NetBIOS nbtscan or SMB requests. Note that this plugin gathers information to be used in other plugins, but does not itself generate a report.	n/a	137	udp	10.44.100.101
None	10267	SSH Server Type and Version Information			It is possible to obtain information about the remote SSH server by sending an empty authentication request.	n/a	2121	tcp	10.44.100.101
None	10267	SSH Server Type and Version Information			It is possible to obtain information about the remote SSH server by sending an empty authentication request.	n/a	2323	tcp	10.44.100.101
None	10287	Traceroute Information			Makes a traceroute to the remote host.	n/a	0	udp	10.44.100.101
None	10302	Web Server robots.txt Information Disclosure			The remote host contains a file named 'robots.txt' that is intended to prevent web 'robots' from visiting certain directories in a website for maintenance or indexing purposes. A malicious user may also be able to use the contents of this file to learn of sensitive documents or directories on the affected site and either retrieve them directly or target them for other attacks.	Review the contents of the site's robots.txt file, use Robots META tags instead of entries in the robots.txt file, and/or adjust the web server's access controls to limit access to sensitive material.	5000	tcp	10.44.100.101
None	10302	Web Server robots.txt Information Disclosure			The remote host contains a file named 'robots.txt' that is intended to prevent web 'robots' from visiting certain directories in a website for maintenance or indexing purposes. A malicious user may also be able to use the contents of this file to learn of sensitive documents or directories on the affected site and either retrieve them directly or target them for other attacks.	Review the contents of the site's robots.txt file, use Robots META tags instead of entries in the robots.txt file, and/or adjust the web server's access controls to limit access to sensitive material.	5001	tcp	10.44.100.101
None	10386	Web Server No 404 Error Code Check			The remote web server is configured such that it does not return '404 Not Found' error codes when a nonexistent file is requested, perhaps returning instead a site map, search page or authentication page. Nessus has enabled some counter measures for this. However, they might be insufficient. If a great number of security holes are produced for this port, they might not all be accurate.	n/a	80	tcp	10.44.100.101
None	10386	Web Server No 404 Error Code Check			The remote web server is configured such that it does not return '404 Not Found' error codes when a nonexistent file is requested, perhaps returning instead a site map, search page or authentication page. Nessus has enabled some counter measures for this. However, they might be insufficient. If a great number of security holes are produced for this port, they might not all be accurate.	n/a	443	tcp	10.44.100.101
None	10785	Microsoft Windows SMB NativeLanManager Remote System Information Disclosure			Nessus was able to obtain the remote operating system name and version (Windows and/or Samba) by sending an authentication request to port 139 or 445. Note that this plugin requires SMB to be enabled on the host.	n/a	445	tcp	10.44.100.101
None	10863	SSL Certificate Information			This plugin connects to every SSL-related port and attempts to extract and dump the X.509 certificate.	n/a	443	tcp	10.44.100.101
None	10863	SSL Certificate Information			This plugin connects to every SSL-related port and attempts to extract and dump the X.509 certificate.	n/a	5001	tcp	10.44.100.101
None	10881	SSH Protocol Versions Supported			This plugin determines the versions of the SSH protocol supported by the remote SSH daemon.	n/a	2121	tcp	10.44.100.101
None	10881	SSH Protocol Versions Supported			This plugin determines the versions of the SSH protocol supported by the remote SSH daemon.	n/a	2323	tcp	10.44.100.101
None	10884	Network Time Protocol (NTP) Server Detection			An NTP server is listening on port 123. If not securely configured, it may provide information about its version, current date, current time, and possibly system information.	n/a	123	udp	10.44.100.101
None	11011	Microsoft Windows SMB Service Detection			The remote service understands the CIFS (Common Internet File System) or Server Message Block (SMB) protocol, used to provide shared access to files, printers, etc between nodes on a network.	n/a	139	tcp	10.44.100.101
None	11011	Microsoft Windows SMB Service Detection			The remote service understands the CIFS (Common Internet File System) or Server Message Block (SMB) protocol, used to provide shared access to files, printers, etc between nodes on a network.	n/a	445	tcp	10.44.100.101
None	11154	Unknown Service Detection: Banner Retrieval			Nessus was unable to identify a service on the remote host even though it returned a banner of some type.	n/a	873	tcp	10.44.100.101
None	11154	Unknown Service Detection: Banner Retrieval			Nessus was unable to identify a service on the remote host even though it returned a banner of some type.	n/a	3265	tcp	10.44.100.101
None	11219	Nessus SYN scanner			This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target. Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.	Protect your target with an IP filter.	80	tcp	10.44.100.101
None	11219	Nessus SYN scanner			This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target. Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.	Protect your target with an IP filter.	139	tcp	10.44.100.101
None	11219	Nessus SYN scanner			This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target. Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.	Protect your target with an IP filter.	161	tcp	10.44.100.101
None	11219	Nessus SYN scanner			This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target. Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.	Protect your target with an IP filter.	443	tcp	10.44.100.101
None	11219	Nessus SYN scanner			This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target. Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.	Protect your target with an IP filter.	445	tcp	10.44.100.101
None	11219	Nessus SYN scanner			This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target. Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.	Protect your target with an IP filter.	873	tcp	10.44.100.101
None	11219	Nessus SYN scanner			This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target. Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.	Protect your target with an IP filter.	2121	tcp	10.44.100.101
None	11219	Nessus SYN scanner			This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target. Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.	Protect your target with an IP filter.	2323	tcp	10.44.100.101
None	11219	Nessus SYN scanner			This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target. Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.	Protect your target with an IP filter.	3261	tcp	10.44.100.101
None	11219	Nessus SYN scanner			This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target. Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.	Protect your target with an IP filter.	3263	tcp	10.44.100.101
None	11219	Nessus SYN scanner			This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target. Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.	Protect your target with an IP filter.	3264	tcp	10.44.100.101
None	11219	Nessus SYN scanner			This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target. Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.	Protect your target with an IP filter.	3265	tcp	10.44.100.101
None	11219	Nessus SYN scanner			This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target. Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.	Protect your target with an IP filter.	5000	tcp	10.44.100.101
None	11219	Nessus SYN scanner			This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target. Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.	Protect your target with an IP filter.	5001	tcp	10.44.100.101
None	11936	OS Identification			Using a combination of remote probes (e.g., TCP/IP, SMB, HTTP, NTP, SNMP, etc.), it is possible to guess the name of the remote operating system in use. It is also possible sometimes to guess the version of the operating system.	n/a	0	tcp	10.44.100.101
None	12053	Host Fully Qualified Domain Name (FQDN) Resolution			Nessus was able to resolve the fully qualified domain name (FQDN) of the remote host.	n/a	0	tcp	10.44.100.101
None	19506	Nessus Scan Information			This plugin displays, for each tested host, information about the scan itself : - The version of the plugin set. - The type of scanner (Nessus or Nessus Home). - The version of the Nessus Engine. - The port scanner(s) used. - The port range scanned. - The ping round trip time - Whether credentialed or third-party patch management checks are possible. - Whether the display of superseded patches is enabled - The date of the scan. - The duration of the scan. - The number of hosts scanned in parallel. - The number of checks done in parallel.	n/a	0	tcp	10.44.100.101
None	21643	SSL Cipher Suites Supported			This plugin detects which SSL ciphers are supported by the remote service for encrypting communications.	n/a	443	tcp	10.44.100.101
None	21643	SSL Cipher Suites Supported			This plugin detects which SSL ciphers are supported by the remote service for encrypting communications.	n/a	5001	tcp	10.44.100.101
None	22964	Service Detection			Nessus was able to identify the remote service by its banner or by looking at the error message it sends when it receives an HTTP request.	n/a	80	tcp	10.44.100.101
None	22964	Service Detection			Nessus was able to identify the remote service by its banner or by looking at the error message it sends when it receives an HTTP request.	n/a	443	tcp	10.44.100.101
None	22964	Service Detection			Nessus was able to identify the remote service by its banner or by looking at the error message it sends when it receives an HTTP request.	n/a	443	tcp	10.44.100.101
None	22964	Service Detection			Nessus was able to identify the remote service by its banner or by looking at the error message it sends when it receives an HTTP request.	n/a	2121	tcp	10.44.100.101
None	22964	Service Detection			Nessus was able to identify the remote service by its banner or by looking at the error message it sends when it receives an HTTP request.	n/a	2323	tcp	10.44.100.101
None	22964	Service Detection			Nessus was able to identify the remote service by its banner or by looking at the error message it sends when it receives an HTTP request.	n/a	5000	tcp	10.44.100.101
None	22964	Service Detection			Nessus was able to identify the remote service by its banner or by looking at the error message it sends when it receives an HTTP request.	n/a	5001	tcp	10.44.100.101
None	22964	Service Detection			Nessus was able to identify the remote service by its banner or by looking at the error message it sends when it receives an HTTP request.	n/a	5001	tcp	10.44.100.101
None	24260	HyperText Transfer Protocol (HTTP) Information			This test gives some information about the remote HTTP protocol - the version used, whether HTTP Keep-Alive is enabled, etc... This test is informational only and does not denote any security problem.	n/a	80	tcp	10.44.100.101
None	24260	HyperText Transfer Protocol (HTTP) Information			This test gives some information about the remote HTTP protocol - the version used, whether HTTP Keep-Alive is enabled, etc... This test is informational only and does not denote any security problem.	n/a	443	tcp	10.44.100.101
None	24260	HyperText Transfer Protocol (HTTP) Information			This test gives some information about the remote HTTP protocol - the version used, whether HTTP Keep-Alive is enabled, etc... This test is informational only and does not denote any security problem.	n/a	5000	tcp	10.44.100.101
None	24260	HyperText Transfer Protocol (HTTP) Information			This test gives some information about the remote HTTP protocol - the version used, whether HTTP Keep-Alive is enabled, etc... This test is informational only and does not denote any security problem.	n/a	5001	tcp	10.44.100.101
None	25220	TCP/IP Timestamps Supported			The remote host implements TCP timestamps, as defined by RFC1323. A side effect of this feature is that the uptime of the remote host can sometimes be computed.	n/a	0	tcp	10.44.100.101
None	35711	Universal Plug and Play (UPnP) Protocol Detection			The remote device answered an SSDP M-SEARCH request. Therefore, it supports 'Universal Plug and Play' (UPnP). This protocol provides automatic configuration and device discovery. It is primarily intended for home networks. An attacker could potentially leverage this to discover your network architecture.	Filter access to this port if desired.	1900	udp	10.44.100.101
None	45410	SSL Certificate 'commonName' Mismatch			The service running on the remote host presents an SSL certificate for which the 'commonName' (CN) attribute does not match the hostname on which the service listens.	If the machine has several names, make sure that users connect to the service through the DNS hostname that matches the common name in the certificate.	443	tcp	10.44.100.101
None	45410	SSL Certificate 'commonName' Mismatch			The service running on the remote host presents an SSL certificate for which the 'commonName' (CN) attribute does not match the hostname on which the service listens.	If the machine has several names, make sure that users connect to the service through the DNS hostname that matches the common name in the certificate.	5001	tcp	10.44.100.101
Medium	45411	SSL Certificate with Wrong Hostname	5.0		The 'commonName' (CN) attribute of the SSL certificate presented for this service is for a different machine.	Purchase or generate a proper SSL certificate for this service.	443	tcp	10.44.100.101
Medium	45411	SSL Certificate with Wrong Hostname	5.0		The 'commonName' (CN) attribute of the SSL certificate presented for this service is for a different machine.	Purchase or generate a proper SSL certificate for this service.	5001	tcp	10.44.100.101
None	45590	Common Platform Enumeration (CPE)			By using information obtained from a Nessus scan, this plugin reports CPE (Common Platform Enumeration) matches for various hardware and software products found on a host. Note that if an official CPE is not available for the product, this plugin computes the best possible CPE based on the information available from the scan.	n/a	0	tcp	10.44.100.101
Medium	51192	SSL Certificate Cannot Be Trusted	6.4		The server's X.509 certificate cannot be trusted. This situation can occur in three different ways, in which the chain of trust can be broken, as stated below : - First, the top of the certificate chain sent by the server might not be descended from a known public certificate authority. This can occur either when the top of the chain is an unrecognized, self-signed certificate, or when intermediate certificates are missing that would connect the top of the certificate chain to a known public certificate authority. - Second, the certificate chain may contain a certificate that is not valid at the time of the scan. This can occur either when the scan occurs before one of the certificate's 'notBefore' dates, or after one of the certificate's 'notAfter' dates. - Third, the certificate chain may contain a signature that either didn't match the certificate's information or could not be verified. Bad signatures can be fixed by getting the certificate with the bad signature to be re-signed by its issuer. Signatures that could not be verified are the result of the certificate's issuer using a signing algorithm that Nessus either does not support or does not recognize. If the remote host is a public host in production, any break in the chain makes it more difficult for users to verify the authenticity and identity of the web server. This could make it easier to carry out man-in-the-middle attacks against the remote host.	Purchase or generate a proper SSL certificate for this service.	443	tcp	10.44.100.101
Medium	51192	SSL Certificate Cannot Be Trusted	6.4		The server's X.509 certificate cannot be trusted. This situation can occur in three different ways, in which the chain of trust can be broken, as stated below : - First, the top of the certificate chain sent by the server might not be descended from a known public certificate authority. This can occur either when the top of the chain is an unrecognized, self-signed certificate, or when intermediate certificates are missing that would connect the top of the certificate chain to a known public certificate authority. - Second, the certificate chain may contain a certificate that is not valid at the time of the scan. This can occur either when the scan occurs before one of the certificate's 'notBefore' dates, or after one of the certificate's 'notAfter' dates. - Third, the certificate chain may contain a signature that either didn't match the certificate's information or could not be verified. Bad signatures can be fixed by getting the certificate with the bad signature to be re-signed by its issuer. Signatures that could not be verified are the result of the certificate's issuer using a signing algorithm that Nessus either does not support or does not recognize. If the remote host is a public host in production, any break in the chain makes it more difficult for users to verify the authenticity and identity of the web server. This could make it easier to carry out man-in-the-middle attacks against the remote host.	Purchase or generate a proper SSL certificate for this service.	5001	tcp	10.44.100.101
None	54615	Device Type			Based on the remote operating system, it is possible to determine what the remote system type is (eg: a printer, router, general-purpose computer, etc).	n/a	0	tcp	10.44.100.101
None	56984	SSL / TLS Versions Supported			This plugin detects which SSL and TLS versions are supported by the remote service for encrypting communications.	n/a	443	tcp	10.44.100.101
None	56984	SSL / TLS Versions Supported			This plugin detects which SSL and TLS versions are supported by the remote service for encrypting communications.	n/a	5001	tcp	10.44.100.101
None	57041	SSL Perfect Forward Secrecy Cipher Suites Supported			The remote host supports the use of SSL ciphers that offer Perfect Forward Secrecy (PFS) encryption. These cipher suites ensure that recorded SSL traffic cannot be broken at a future date if the server's private key is compromised.	n/a	443	tcp	10.44.100.101
None	57041	SSL Perfect Forward Secrecy Cipher Suites Supported			The remote host supports the use of SSL ciphers that offer Perfect Forward Secrecy (PFS) encryption. These cipher suites ensure that recorded SSL traffic cannot be broken at a future date if the server's private key is compromised.	n/a	5001	tcp	10.44.100.101
Medium	57608	SMB Signing not required	5.0		Signing is not required on the remote SMB server. An unauthenticated, remote attacker can exploit this to conduct man-in-the-middle attacks against the SMB server.	Enforce message signing in the host's configuration. On Windows, this is found in the policy setting 'Microsoft network server: Digitally sign communications (always)'. On Samba, the setting is called 'server signing'. See the 'see also' links for further details.	445	tcp	10.44.100.101
None	66334	Patch Report			The remote host is missing one or more security patches. This plugin lists the newest version of each patch to install to make sure the remote host is up-to-date. Note: Because the 'Show missing patches that have been superseded' setting in your scan policy depends on this plugin, it will always run and cannot be disabled.	Install the patches listed below.	0	tcp	10.44.100.101
None	70657	SSH Algorithms and Languages Supported			This script detects which algorithms and languages are supported by the remote service for encrypting communications.	n/a	2121	tcp	10.44.100.101
None	70657	SSH Algorithms and Languages Supported			This script detects which algorithms and languages are supported by the remote service for encrypting communications.	n/a	2323	tcp	10.44.100.101
None	84502	HSTS Missing From HTTPS Server			The remote HTTPS server is not enforcing HTTP Strict Transport Security (HSTS). HSTS is an optional response header that can be configured on the server to instruct the browser to only communicate via HTTPS. The lack of HSTS allows downgrade attacks, SSL-stripping man-in-the-middle attacks, and weakens cookie-hijacking protections.	Configure the remote web server to use HSTS.	443	tcp	10.44.100.101
None	84502	HSTS Missing From HTTPS Server			The remote HTTPS server is not enforcing HTTP Strict Transport Security (HSTS). HSTS is an optional response header that can be configured on the server to instruct the browser to only communicate via HTTPS. The lack of HSTS allows downgrade attacks, SSL-stripping man-in-the-middle attacks, and weakens cookie-hijacking protections.	Configure the remote web server to use HSTS.	5001	tcp	10.44.100.101
None	84821	TLS ALPN Supported Protocol Enumeration			The remote host supports the TLS ALPN extension. This plugin enumerates the protocols the extension supports.	n/a	443	tcp	10.44.100.101
None	84821	TLS ALPN Supported Protocol Enumeration			The remote host supports the TLS ALPN extension. This plugin enumerates the protocols the extension supports.	n/a	5001	tcp	10.44.100.101
None	100871	Microsoft Windows SMB Versions Supported (remote check)			Nessus was able to obtain the version of SMB running on the remote host by sending an authentication request to port 139 or 445. Note that this plugin is a remote check and does not work on agents.	n/a	445	tcp	10.44.100.101
None	103869	Open Network Video Interface Forum (ONVIF) Protocol Detection			The remote device answered a NetworkVideoTransmitter WS-Discovery request. Therefore, it supports ONVIF.	Filter access to this port if desired.	3702	udp	10.44.100.101
None	106375	nginx HTTP Server Detection			Nessus was able to detect the nginx HTTP server by looking at the HTTP banner on the remote host.	n/a	80	tcp	10.44.100.101
None	106375	nginx HTTP Server Detection			Nessus was able to detect the nginx HTTP server by looking at the HTTP banner on the remote host.	n/a	443	tcp	10.44.100.101
None	106375	nginx HTTP Server Detection			Nessus was able to detect the nginx HTTP server by looking at the HTTP banner on the remote host.	n/a	5000	tcp	10.44.100.101
None	106375	nginx HTTP Server Detection			Nessus was able to detect the nginx HTTP server by looking at the HTTP banner on the remote host.	n/a	5001	tcp	10.44.100.101
None	106716	Microsoft Windows SMB2 and SMB3 Dialects Supported (remote check)			Nessus was able to obtain the set of SMB2 and SMB3 dialects running on the remote host by sending an authentication request to port 139 or 445.	n/a	445	tcp	10.44.100.101
None	110723	Target Credential Status by Authentication Protocol - No Credentials Provided			Nessus was not able to successfully authenticate directly to the remote target on an available authentication protocol. Nessus was able to connect to the remote port and identify that the service running on the port supports an authentication protocol, but Nessus failed to authenticate to the remote service using the provided credentials. There may have been a protocol failure that prevented authentication from being attempted or all of the provided credentials for the authentication protocol may be invalid. See plugin output for error details. Please note the following : - This plugin reports per protocol, so it is possible for valid credentials to be provided for one protocol and not another. For example, authentication may succeed via SSH but fail via SMB, while no credentials were provided for an available SNMP service. - Providing valid credentials for all available authentication protocols may improve scan coverage, but the value of successful authentication for a given protocol may vary from target to target depending upon what data (if any) is gathered from the target via that protocol. For example, successful authentication via SSH is more valuable for Linux targets than for Windows targets, and likewise successful authentication via SMB is more valuable for Windows targets than for Linux targets.	n/a	0	tcp	10.44.100.101
None	117886	OS Security Patch Assessment Not Available			OS Security Patch Assessment is not available on the remote host. This does not necessarily indicate a problem with the scan. Credentials may not have been provided, OS security patch assessment may not be supported for the target, the target may not have been identified, or another issue may have occurred that prevented OS security patch assessment from being available. See plugin output for details. This plugin reports non-failure information impacting the availability of OS Security Patch Assessment. Failure information is reported by plugin 21745 : 'OS Security Patch Assessment failed'. If a target host is not supported for OS Security Patch Assessment, plugin 110695 : 'OS Security Patch Assessment Checks Not Supported' will report concurrently with this plugin.	n/a	0	tcp	10.44.100.101
None	136318	TLS Version 1.2 Protocol Detection			The remote service accepts connections encrypted using TLS 1.2.	N/A	443	tcp	10.44.100.101
None	136318	TLS Version 1.2 Protocol Detection			The remote service accepts connections encrypted using TLS 1.2.	N/A	5001	tcp	10.44.100.101
None	138330	TLS Version 1.3 Protocol Detection			The remote service accepts connections encrypted using TLS 1.3.	N/A	443	tcp	10.44.100.101
None	138330	TLS Version 1.3 Protocol Detection			The remote service accepts connections encrypted using TLS 1.3.	N/A	5001	tcp	10.44.100.101
None	149334	SSH Password Authentication Accepted			The SSH server on the remote host accepts password authentication.	n/a	2121	tcp	10.44.100.101
None	149334	SSH Password Authentication Accepted			The SSH server on the remote host accepts password authentication.	n/a	2323	tcp	10.44.100.101
None	153588	SSH SHA-1 HMAC Algorithms Enabled			The remote SSH server is configured to enable SHA-1 HMAC algorithms. Although NIST has formally deprecated use of SHA-1 for digital signatures, SHA-1 is still considered secure for HMAC as the security of HMAC does not rely on the underlying hash function being resistant to collisions. Note that this plugin only checks for the options of the remote SSH server.	n/a	2121	tcp	10.44.100.101
None	153588	SSH SHA-1 HMAC Algorithms Enabled			The remote SSH server is configured to enable SHA-1 HMAC algorithms. Although NIST has formally deprecated use of SHA-1 for digital signatures, SHA-1 is still considered secure for HMAC as the security of HMAC does not rely on the underlying hash function being resistant to collisions. Note that this plugin only checks for the options of the remote SSH server.	n/a	2323	tcp	10.44.100.101
None	181418	OpenSSH Detection			An OpenSSH-based SSH server was detected on the remote host.	n/a	2121	tcp	10.44.100.101
None	181418	OpenSSH Detection			An OpenSSH-based SSH server was detected on the remote host.	n/a	2323	tcp	10.44.100.101
None	185519	SNMP Server Detection			The remote service is an SNMP agent which provides management data about the device.	Disable this service if it is not needed or restrict access to internal hosts only if the service is available externally.	161	tcp	10.44.100.101
None	185519	SNMP Server Detection			The remote service is an SNMP agent which provides management data about the device.	Disable this service if it is not needed or restrict access to internal hosts only if the service is available externally.	161	udp	10.44.100.101
Medium	187201	OpenSSH < 9.6 Multiple Vulnerabilities	6.4	CVE-2023-48795	The version of OpenSSH installed on the remote host is prior to 9.6. It is, therefore, affected by multiple vulnerabilities as referenced in the release-9.6 advisory. - ssh(1), sshd(8): implement protocol extensions to thwart the so-called Terrapin attack discovered by Fabian Bumer, Marcus Brinkmann and Jrg Schwenk. This attack allows a MITM to effect a limited break of the integrity of the early encrypted SSH transport protocol by sending extra messages prior to the commencement of encryption, and deleting an equal number of consecutive messages immediately after encryption starts. A peer SSH client/server would not be able to detect that messages were deleted. While cryptographically novel, the security impact of this attack is fortunately very limited as it only allows deletion of consecutive messages, and deleting most messages at this stage of the protocol prevents user user authentication from proceeding and results in a stuck connection. The most serious identified impact is that it lets a MITM to delete the SSH2_MSG_EXT_INFO message sent before authentication starts, allowing the attacker to disable a subset of the keystroke timing obfuscation features introduced in OpenSSH 9.5. There is no other discernable impact to session secrecy or session integrity. OpenSSH 9.6 addresses this protocol weakness through a new strict KEX protocol extension that will be automatically enabled when both the client and server support it. This extension makes two changes to the SSH transport protocol to improve the integrity of the initial key exchange. Firstly, it requires endpoints to terminate the connection if any unnecessary or unexpected message is received during key exchange (including messages that were previously legal but not strictly required like SSH2_MSG_DEBUG). This removes most malleability from the early protocol. Secondly, it resets the Message Authentication Code counter at the conclusion of each key exchange, preventing previously inserted messages from being able to make persistent changes to the sequence number across completion of a key exchange. Either of these changes should be sufficient to thwart the Terrapin Attack. More details of these changes are in the PROTOCOL file in the OpenSSH source distribition. (CVE-2023-48795) - ssh-agent(1): when adding PKCS#11-hosted private keys while specifying destination constraints, if the PKCS#11 token returned multiple keys then only the first key had the constraints applied. Use of regular private keys, FIDO tokens and unconstrained keys are unaffected. (CVE-2023-51384) - ssh(1): if an invalid user or hostname that contained shell metacharacters was passed to ssh(1), and a ProxyCommand, LocalCommand directive or match exec predicate referenced the user or hostname via %u, %h or similar expansion token, then an attacker who could supply arbitrary user/hostnames to ssh(1) could potentially perform command injection depending on what quoting was present in the user-supplied ssh_config(5) directive. This situation could arise in the case of git submodules, where a repository could contain a submodule with shell characters in its user/hostname. Git does not ban shell metacharacters in user or host names when checking out repositories from untrusted sources. Although we believe it is the user's responsibility to ensure validity of arguments passed to ssh(1), especially across a security boundary such as the git example above, OpenSSH 9.6 now bans most shell metacharacters from user and hostnames supplied via the command-line. This countermeasure is not guaranteed to be effective in all situations, as it is infeasible for ssh(1) to universally filter shell metacharacters potentially relevant to user-supplied commands. User/hostnames provided via ssh_config(5) are not subject to these restrictions, allowing configurations that use strange names to continue to be used, under the assumption that the user knows what they are doing in their own configuration files. (CVE-2023-51385) Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.	Upgrade to OpenSSH version 9.6 or later.	2121	tcp	10.44.100.101
Medium	187201	OpenSSH < 9.6 Multiple Vulnerabilities	6.4	CVE-2023-51384	The version of OpenSSH installed on the remote host is prior to 9.6. It is, therefore, affected by multiple vulnerabilities as referenced in the release-9.6 advisory. - ssh(1), sshd(8): implement protocol extensions to thwart the so-called Terrapin attack discovered by Fabian Bumer, Marcus Brinkmann and Jrg Schwenk. This attack allows a MITM to effect a limited break of the integrity of the early encrypted SSH transport protocol by sending extra messages prior to the commencement of encryption, and deleting an equal number of consecutive messages immediately after encryption starts. A peer SSH client/server would not be able to detect that messages were deleted. While cryptographically novel, the security impact of this attack is fortunately very limited as it only allows deletion of consecutive messages, and deleting most messages at this stage of the protocol prevents user user authentication from proceeding and results in a stuck connection. The most serious identified impact is that it lets a MITM to delete the SSH2_MSG_EXT_INFO message sent before authentication starts, allowing the attacker to disable a subset of the keystroke timing obfuscation features introduced in OpenSSH 9.5. There is no other discernable impact to session secrecy or session integrity. OpenSSH 9.6 addresses this protocol weakness through a new strict KEX protocol extension that will be automatically enabled when both the client and server support it. This extension makes two changes to the SSH transport protocol to improve the integrity of the initial key exchange. Firstly, it requires endpoints to terminate the connection if any unnecessary or unexpected message is received during key exchange (including messages that were previously legal but not strictly required like SSH2_MSG_DEBUG). This removes most malleability from the early protocol. Secondly, it resets the Message Authentication Code counter at the conclusion of each key exchange, preventing previously inserted messages from being able to make persistent changes to the sequence number across completion of a key exchange. Either of these changes should be sufficient to thwart the Terrapin Attack. More details of these changes are in the PROTOCOL file in the OpenSSH source distribition. (CVE-2023-48795) - ssh-agent(1): when adding PKCS#11-hosted private keys while specifying destination constraints, if the PKCS#11 token returned multiple keys then only the first key had the constraints applied. Use of regular private keys, FIDO tokens and unconstrained keys are unaffected. (CVE-2023-51384) - ssh(1): if an invalid user or hostname that contained shell metacharacters was passed to ssh(1), and a ProxyCommand, LocalCommand directive or match exec predicate referenced the user or hostname via %u, %h or similar expansion token, then an attacker who could supply arbitrary user/hostnames to ssh(1) could potentially perform command injection depending on what quoting was present in the user-supplied ssh_config(5) directive. This situation could arise in the case of git submodules, where a repository could contain a submodule with shell characters in its user/hostname. Git does not ban shell metacharacters in user or host names when checking out repositories from untrusted sources. Although we believe it is the user's responsibility to ensure validity of arguments passed to ssh(1), especially across a security boundary such as the git example above, OpenSSH 9.6 now bans most shell metacharacters from user and hostnames supplied via the command-line. This countermeasure is not guaranteed to be effective in all situations, as it is infeasible for ssh(1) to universally filter shell metacharacters potentially relevant to user-supplied commands. User/hostnames provided via ssh_config(5) are not subject to these restrictions, allowing configurations that use strange names to continue to be used, under the assumption that the user knows what they are doing in their own configuration files. (CVE-2023-51385) Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.	Upgrade to OpenSSH version 9.6 or later.	2121	tcp	10.44.100.101
Medium	187201	OpenSSH < 9.6 Multiple Vulnerabilities	6.4	CVE-2023-51385	The version of OpenSSH installed on the remote host is prior to 9.6. It is, therefore, affected by multiple vulnerabilities as referenced in the release-9.6 advisory. - ssh(1), sshd(8): implement protocol extensions to thwart the so-called Terrapin attack discovered by Fabian Bumer, Marcus Brinkmann and Jrg Schwenk. This attack allows a MITM to effect a limited break of the integrity of the early encrypted SSH transport protocol by sending extra messages prior to the commencement of encryption, and deleting an equal number of consecutive messages immediately after encryption starts. A peer SSH client/server would not be able to detect that messages were deleted. While cryptographically novel, the security impact of this attack is fortunately very limited as it only allows deletion of consecutive messages, and deleting most messages at this stage of the protocol prevents user user authentication from proceeding and results in a stuck connection. The most serious identified impact is that it lets a MITM to delete the SSH2_MSG_EXT_INFO message sent before authentication starts, allowing the attacker to disable a subset of the keystroke timing obfuscation features introduced in OpenSSH 9.5. There is no other discernable impact to session secrecy or session integrity. OpenSSH 9.6 addresses this protocol weakness through a new strict KEX protocol extension that will be automatically enabled when both the client and server support it. This extension makes two changes to the SSH transport protocol to improve the integrity of the initial key exchange. Firstly, it requires endpoints to terminate the connection if any unnecessary or unexpected message is received during key exchange (including messages that were previously legal but not strictly required like SSH2_MSG_DEBUG). This removes most malleability from the early protocol. Secondly, it resets the Message Authentication Code counter at the conclusion of each key exchange, preventing previously inserted messages from being able to make persistent changes to the sequence number across completion of a key exchange. Either of these changes should be sufficient to thwart the Terrapin Attack. More details of these changes are in the PROTOCOL file in the OpenSSH source distribition. (CVE-2023-48795) - ssh-agent(1): when adding PKCS#11-hosted private keys while specifying destination constraints, if the PKCS#11 token returned multiple keys then only the first key had the constraints applied. Use of regular private keys, FIDO tokens and unconstrained keys are unaffected. (CVE-2023-51384) - ssh(1): if an invalid user or hostname that contained shell metacharacters was passed to ssh(1), and a ProxyCommand, LocalCommand directive or match exec predicate referenced the user or hostname via %u, %h or similar expansion token, then an attacker who could supply arbitrary user/hostnames to ssh(1) could potentially perform command injection depending on what quoting was present in the user-supplied ssh_config(5) directive. This situation could arise in the case of git submodules, where a repository could contain a submodule with shell characters in its user/hostname. Git does not ban shell metacharacters in user or host names when checking out repositories from untrusted sources. Although we believe it is the user's responsibility to ensure validity of arguments passed to ssh(1), especially across a security boundary such as the git example above, OpenSSH 9.6 now bans most shell metacharacters from user and hostnames supplied via the command-line. This countermeasure is not guaranteed to be effective in all situations, as it is infeasible for ssh(1) to universally filter shell metacharacters potentially relevant to user-supplied commands. User/hostnames provided via ssh_config(5) are not subject to these restrictions, allowing configurations that use strange names to continue to be used, under the assumption that the user knows what they are doing in their own configuration files. (CVE-2023-51385) Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.	Upgrade to OpenSSH version 9.6 or later.	2121	tcp	10.44.100.101
Medium	187201	OpenSSH < 9.6 Multiple Vulnerabilities	6.4	CVE-2023-48795	The version of OpenSSH installed on the remote host is prior to 9.6. It is, therefore, affected by multiple vulnerabilities as referenced in the release-9.6 advisory. - ssh(1), sshd(8): implement protocol extensions to thwart the so-called Terrapin attack discovered by Fabian Bumer, Marcus Brinkmann and Jrg Schwenk. This attack allows a MITM to effect a limited break of the integrity of the early encrypted SSH transport protocol by sending extra messages prior to the commencement of encryption, and deleting an equal number of consecutive messages immediately after encryption starts. A peer SSH client/server would not be able to detect that messages were deleted. While cryptographically novel, the security impact of this attack is fortunately very limited as it only allows deletion of consecutive messages, and deleting most messages at this stage of the protocol prevents user user authentication from proceeding and results in a stuck connection. The most serious identified impact is that it lets a MITM to delete the SSH2_MSG_EXT_INFO message sent before authentication starts, allowing the attacker to disable a subset of the keystroke timing obfuscation features introduced in OpenSSH 9.5. There is no other discernable impact to session secrecy or session integrity. OpenSSH 9.6 addresses this protocol weakness through a new strict KEX protocol extension that will be automatically enabled when both the client and server support it. This extension makes two changes to the SSH transport protocol to improve the integrity of the initial key exchange. Firstly, it requires endpoints to terminate the connection if any unnecessary or unexpected message is received during key exchange (including messages that were previously legal but not strictly required like SSH2_MSG_DEBUG). This removes most malleability from the early protocol. Secondly, it resets the Message Authentication Code counter at the conclusion of each key exchange, preventing previously inserted messages from being able to make persistent changes to the sequence number across completion of a key exchange. Either of these changes should be sufficient to thwart the Terrapin Attack. More details of these changes are in the PROTOCOL file in the OpenSSH source distribition. (CVE-2023-48795) - ssh-agent(1): when adding PKCS#11-hosted private keys while specifying destination constraints, if the PKCS#11 token returned multiple keys then only the first key had the constraints applied. Use of regular private keys, FIDO tokens and unconstrained keys are unaffected. (CVE-2023-51384) - ssh(1): if an invalid user or hostname that contained shell metacharacters was passed to ssh(1), and a ProxyCommand, LocalCommand directive or match exec predicate referenced the user or hostname via %u, %h or similar expansion token, then an attacker who could supply arbitrary user/hostnames to ssh(1) could potentially perform command injection depending on what quoting was present in the user-supplied ssh_config(5) directive. This situation could arise in the case of git submodules, where a repository could contain a submodule with shell characters in its user/hostname. Git does not ban shell metacharacters in user or host names when checking out repositories from untrusted sources. Although we believe it is the user's responsibility to ensure validity of arguments passed to ssh(1), especially across a security boundary such as the git example above, OpenSSH 9.6 now bans most shell metacharacters from user and hostnames supplied via the command-line. This countermeasure is not guaranteed to be effective in all situations, as it is infeasible for ssh(1) to universally filter shell metacharacters potentially relevant to user-supplied commands. User/hostnames provided via ssh_config(5) are not subject to these restrictions, allowing configurations that use strange names to continue to be used, under the assumption that the user knows what they are doing in their own configuration files. (CVE-2023-51385) Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.	Upgrade to OpenSSH version 9.6 or later.	2323	tcp	10.44.100.101
Medium	187201	OpenSSH < 9.6 Multiple Vulnerabilities	6.4	CVE-2023-51384	The version of OpenSSH installed on the remote host is prior to 9.6. It is, therefore, affected by multiple vulnerabilities as referenced in the release-9.6 advisory. - ssh(1), sshd(8): implement protocol extensions to thwart the so-called Terrapin attack discovered by Fabian Bumer, Marcus Brinkmann and Jrg Schwenk. This attack allows a MITM to effect a limited break of the integrity of the early encrypted SSH transport protocol by sending extra messages prior to the commencement of encryption, and deleting an equal number of consecutive messages immediately after encryption starts. A peer SSH client/server would not be able to detect that messages were deleted. While cryptographically novel, the security impact of this attack is fortunately very limited as it only allows deletion of consecutive messages, and deleting most messages at this stage of the protocol prevents user user authentication from proceeding and results in a stuck connection. The most serious identified impact is that it lets a MITM to delete the SSH2_MSG_EXT_INFO message sent before authentication starts, allowing the attacker to disable a subset of the keystroke timing obfuscation features introduced in OpenSSH 9.5. There is no other discernable impact to session secrecy or session integrity. OpenSSH 9.6 addresses this protocol weakness through a new strict KEX protocol extension that will be automatically enabled when both the client and server support it. This extension makes two changes to the SSH transport protocol to improve the integrity of the initial key exchange. Firstly, it requires endpoints to terminate the connection if any unnecessary or unexpected message is received during key exchange (including messages that were previously legal but not strictly required like SSH2_MSG_DEBUG). This removes most malleability from the early protocol. Secondly, it resets the Message Authentication Code counter at the conclusion of each key exchange, preventing previously inserted messages from being able to make persistent changes to the sequence number across completion of a key exchange. Either of these changes should be sufficient to thwart the Terrapin Attack. More details of these changes are in the PROTOCOL file in the OpenSSH source distribition. (CVE-2023-48795) - ssh-agent(1): when adding PKCS#11-hosted private keys while specifying destination constraints, if the PKCS#11 token returned multiple keys then only the first key had the constraints applied. Use of regular private keys, FIDO tokens and unconstrained keys are unaffected. (CVE-2023-51384) - ssh(1): if an invalid user or hostname that contained shell metacharacters was passed to ssh(1), and a ProxyCommand, LocalCommand directive or match exec predicate referenced the user or hostname via %u, %h or similar expansion token, then an attacker who could supply arbitrary user/hostnames to ssh(1) could potentially perform command injection depending on what quoting was present in the user-supplied ssh_config(5) directive. This situation could arise in the case of git submodules, where a repository could contain a submodule with shell characters in its user/hostname. Git does not ban shell metacharacters in user or host names when checking out repositories from untrusted sources. Although we believe it is the user's responsibility to ensure validity of arguments passed to ssh(1), especially across a security boundary such as the git example above, OpenSSH 9.6 now bans most shell metacharacters from user and hostnames supplied via the command-line. This countermeasure is not guaranteed to be effective in all situations, as it is infeasible for ssh(1) to universally filter shell metacharacters potentially relevant to user-supplied commands. User/hostnames provided via ssh_config(5) are not subject to these restrictions, allowing configurations that use strange names to continue to be used, under the assumption that the user knows what they are doing in their own configuration files. (CVE-2023-51385) Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.	Upgrade to OpenSSH version 9.6 or later.	2323	tcp	10.44.100.101
Medium	187201	OpenSSH < 9.6 Multiple Vulnerabilities	6.4	CVE-2023-51385	The version of OpenSSH installed on the remote host is prior to 9.6. It is, therefore, affected by multiple vulnerabilities as referenced in the release-9.6 advisory. - ssh(1), sshd(8): implement protocol extensions to thwart the so-called Terrapin attack discovered by Fabian Bumer, Marcus Brinkmann and Jrg Schwenk. This attack allows a MITM to effect a limited break of the integrity of the early encrypted SSH transport protocol by sending extra messages prior to the commencement of encryption, and deleting an equal number of consecutive messages immediately after encryption starts. A peer SSH client/server would not be able to detect that messages were deleted. While cryptographically novel, the security impact of this attack is fortunately very limited as it only allows deletion of consecutive messages, and deleting most messages at this stage of the protocol prevents user user authentication from proceeding and results in a stuck connection. The most serious identified impact is that it lets a MITM to delete the SSH2_MSG_EXT_INFO message sent before authentication starts, allowing the attacker to disable a subset of the keystroke timing obfuscation features introduced in OpenSSH 9.5. There is no other discernable impact to session secrecy or session integrity. OpenSSH 9.6 addresses this protocol weakness through a new strict KEX protocol extension that will be automatically enabled when both the client and server support it. This extension makes two changes to the SSH transport protocol to improve the integrity of the initial key exchange. Firstly, it requires endpoints to terminate the connection if any unnecessary or unexpected message is received during key exchange (including messages that were previously legal but not strictly required like SSH2_MSG_DEBUG). This removes most malleability from the early protocol. Secondly, it resets the Message Authentication Code counter at the conclusion of each key exchange, preventing previously inserted messages from being able to make persistent changes to the sequence number across completion of a key exchange. Either of these changes should be sufficient to thwart the Terrapin Attack. More details of these changes are in the PROTOCOL file in the OpenSSH source distribition. (CVE-2023-48795) - ssh-agent(1): when adding PKCS#11-hosted private keys while specifying destination constraints, if the PKCS#11 token returned multiple keys then only the first key had the constraints applied. Use of regular private keys, FIDO tokens and unconstrained keys are unaffected. (CVE-2023-51384) - ssh(1): if an invalid user or hostname that contained shell metacharacters was passed to ssh(1), and a ProxyCommand, LocalCommand directive or match exec predicate referenced the user or hostname via %u, %h or similar expansion token, then an attacker who could supply arbitrary user/hostnames to ssh(1) could potentially perform command injection depending on what quoting was present in the user-supplied ssh_config(5) directive. This situation could arise in the case of git submodules, where a repository could contain a submodule with shell characters in its user/hostname. Git does not ban shell metacharacters in user or host names when checking out repositories from untrusted sources. Although we believe it is the user's responsibility to ensure validity of arguments passed to ssh(1), especially across a security boundary such as the git example above, OpenSSH 9.6 now bans most shell metacharacters from user and hostnames supplied via the command-line. This countermeasure is not guaranteed to be effective in all situations, as it is infeasible for ssh(1) to universally filter shell metacharacters potentially relevant to user-supplied commands. User/hostnames provided via ssh_config(5) are not subject to these restrictions, allowing configurations that use strange names to continue to be used, under the assumption that the user knows what they are doing in their own configuration files. (CVE-2023-51385) Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.	Upgrade to OpenSSH version 9.6 or later.	2323	tcp	10.44.100.101
None	209654	OS Fingerprints Detected			Using a combination of remote probes (TCP/IP, SMB, HTTP, NTP, SNMP, etc), it was possible to gather one or more fingerprints from the remote system. While the highest-confidence result was reported in plugin 11936, “OS Identification”, the complete set of fingerprints detected are reported here.	n/a	0	tcp	10.44.100.101
Low	234554	OpenSSH < 10.0 DisableForwarding	2.1	CVE-2025-32728	The version of OpenSSH installed on the remote host is prior to 10.0. It is, therefore, affected by a vulnerability. In sshd in OpenSSH the DisableForwarding directive does not adhere to the documentation stating that it disables X11 and agent forwarding. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.	Upgrade to OpenSSH version 10.0 or later.	2121	tcp	10.44.100.101
Low	234554	OpenSSH < 10.0 DisableForwarding	2.1	CVE-2025-32728	The version of OpenSSH installed on the remote host is prior to 10.0. It is, therefore, affected by a vulnerability. In sshd in OpenSSH the DisableForwarding directive does not adhere to the documentation stating that it disables X11 and agent forwarding. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.	Upgrade to OpenSSH version 10.0 or later.	2323	tcp	10.44.100.101
Low	269984	OpenSSH < 10.1 / 10.1p1 Multiple Vulnerabilities	2.4	CVE-2025-61984	The version of OpenSSH installed on the remote host is prior to 10.1. It is, therefore, affected by multiple vulnerabilities: - ssh in OpenSSH before 10.1 allows control characters in usernames that originate from certain possibly untrusted sources, potentially leading to code execution when a ProxyCommand is used. The untrusted sources are the command line and %-sequence expansion of a configuration file. (A configuration file that provides a complete literal username is not categorized as an untrusted source.) (CVE-2025-61984) - ssh in OpenSSH before 10.1 allows the '\0' character in an ssh:// URI, potentially leading to code execution when a ProxyCommand is used. (CVE-2025-61985) Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.	Upgrade to OpenSSH version 10.1/10.1p1 or later.	2121	tcp	10.44.100.101
Low	269984	OpenSSH < 10.1 / 10.1p1 Multiple Vulnerabilities	2.4	CVE-2025-61985	The version of OpenSSH installed on the remote host is prior to 10.1. It is, therefore, affected by multiple vulnerabilities: - ssh in OpenSSH before 10.1 allows control characters in usernames that originate from certain possibly untrusted sources, potentially leading to code execution when a ProxyCommand is used. The untrusted sources are the command line and %-sequence expansion of a configuration file. (A configuration file that provides a complete literal username is not categorized as an untrusted source.) (CVE-2025-61984) - ssh in OpenSSH before 10.1 allows the '\0' character in an ssh:// URI, potentially leading to code execution when a ProxyCommand is used. (CVE-2025-61985) Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.	Upgrade to OpenSSH version 10.1/10.1p1 or later.	2121	tcp	10.44.100.101
Low	269984	OpenSSH < 10.1 / 10.1p1 Multiple Vulnerabilities	2.4	CVE-2025-61984	The version of OpenSSH installed on the remote host is prior to 10.1. It is, therefore, affected by multiple vulnerabilities: - ssh in OpenSSH before 10.1 allows control characters in usernames that originate from certain possibly untrusted sources, potentially leading to code execution when a ProxyCommand is used. The untrusted sources are the command line and %-sequence expansion of a configuration file. (A configuration file that provides a complete literal username is not categorized as an untrusted source.) (CVE-2025-61984) - ssh in OpenSSH before 10.1 allows the '\0' character in an ssh:// URI, potentially leading to code execution when a ProxyCommand is used. (CVE-2025-61985) Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.	Upgrade to OpenSSH version 10.1/10.1p1 or later.	2323	tcp	10.44.100.101
Low	269984	OpenSSH < 10.1 / 10.1p1 Multiple Vulnerabilities	2.4	CVE-2025-61985	The version of OpenSSH installed on the remote host is prior to 10.1. It is, therefore, affected by multiple vulnerabilities: - ssh in OpenSSH before 10.1 allows control characters in usernames that originate from certain possibly untrusted sources, potentially leading to code execution when a ProxyCommand is used. The untrusted sources are the command line and %-sequence expansion of a configuration file. (A configuration file that provides a complete literal username is not categorized as an untrusted source.) (CVE-2025-61984) - ssh in OpenSSH before 10.1 allows the '\0' character in an ssh:// URI, potentially leading to code execution when a ProxyCommand is used. (CVE-2025-61985) Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.	Upgrade to OpenSSH version 10.1/10.1p1 or later.	2323	tcp	10.44.100.101

Nessus AI riport – 10.44.100.101

AI alapú C-típusú összefoglaló

Részletes technikai Nessus elemzés