Ollama alapú vezetői elemzésÖsszkép: A vizsgált rendszerben kritikus szinten 2 sérülékenység található, melyek a Python támogatott verziójának hiánya és az Ubuntu Linux SEoL 18.04.x verziója, valamint közepes szintű 3 sérülékenység is észlelhető. A kockázati szint kritikus, a sürgősség pedig 0-7 nap.
Fő kockázati témák: A legfontosabb megállapítások között szerepelnek a Python Unsupported Version Detection és a Canonical Ubuntu Linux SEoL (18.04.x) sérülékenységek, valamint az AMQP Cleartext Authentication és a SSH Terrapin Prefix Truncation Weakness.
Ajánlott 0–7 nap: A kritikus szintű sérülékenységeket sürgősen kell kezelni. Javasoljuk, hogy a Python verzióját frissítsék és az Ubuntu Linux SEoL verziót is frissítsék egy támogatott verzióra.
Ajánlott 7–30 nap: A rendszer szintű megelőzéshez javasoljuk, hogy a sérülékenys
Kritikus (2 típus / 2 összes)- Python Unsupported Version Detection
- Canonical Ubuntu Linux SEoL (18.04.x)
Közepes (3 típus / 3 összes)- AMQP Cleartext Authentication
- SSH Terrapin Prefix Truncation Weakness (CVE-2023-48795)
- CUPS cups-browsed Remote Unauthenticated Printer Registration (CVE-2024-47176)
Ollama: llama3.1:8b | ollama version is 0.14.2 | 2026-01-30 18:02
CRITICAL (2)
Python Unsupported Version Detection
Plugin ID: 148367
Port: tcp/8000
The remote host contains one or more unsupported versions of Python.
Lack of support implies that no new security patches for the product
will be released by the vendor. As a result, it is likely to contain
security vulnerabilities.
Javasolt megoldás
Upgrade to a version of Python that is currently supported.
Canonical Ubuntu Linux SEoL (18.04.x)
Plugin ID: 201456
Port: tcp/22
According to its version, Canonical Ubuntu Linux is 18.04.x. It is, therefore, no longer maintained by its vendor or
provider.
Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it may
contain security vulnerabilities.
Javasolt megoldás
Upgrade to a version of Canonical Ubuntu Linux that is currently supported.
MEDIUM (3)
AMQP Cleartext Authentication
Plugin ID: 87733
Port: tcp/5672
The remote Advanced Message Queuing Protocol (AMQP) service supports
one or more authentication mechanisms that allow credentials to be
sent in the clear.
Javasolt megoldás
Disable cleartext authentication mechanisms in the AMQP configuration.
SSH Terrapin Prefix Truncation Weakness (CVE-2023-48795)
The remote SSH server is vulnerable to a man-in-the-middle prefix truncation weakness known as Terrapin. This can
allow a remote, man-in-the-middle attacker to bypass integrity checks and downgrade the connection's security.
Note that this plugin only checks for remote SSH servers that support either ChaCha20-Poly1305 or CBC with
Encrypt-then-MAC and do not support the strict key exchange countermeasures. It does not check for vulnerable software
versions.
Javasolt megoldás
Contact the vendor for an update with the strict key exchange countermeasures or disable the affected algorithms.
CUPS cups-browsed Remote Unauthenticated Printer Registration (CVE-2024-47176)
The cups-browsed server running on the remote host trusts any well formatted
packet received and responds to a potentially attacker controlled URL. A remote,
unauthenticated attacker can exploit this vulnerability to solicit information
and, combined with other CVEs, achieve RCE.
Javasolt megoldás
Upgrade to the latest available version or apply the recommended security patch per the vendor advisory.
LOW (1)
ICMP Timestamp Request Remote Date Disclosure
The remote host answers to an ICMP timestamp request. This allows an
attacker to know the date that is set on the targeted machine, which
may assist an unauthenticated, remote attacker in defeating time-based
authentication protocols.
Timestamps returned from machines running Windows Vista / 7 / 2008 /
2008 R2 are deliberately incorrect, but usually within 1000 seconds of
the actual system time.
Javasolt megoldás
Filter out the ICMP timestamp requests (13), and the outgoing ICMP
timestamp replies (14).