VLAN418_RADI – 10.44.100.223

VLAN: 418CIDR: 10.44.100.0/22, 193.224.48.64/27, 192.9.200.0/24NAT: 193.224.49.26Nessus mappa: 1472
Scan: RADIDátum: 2026-01-30 16:08
Ollama alapú vezetői elemzés

KIMENET
Összkép: A vizsgált rendszerben kritikus és magas kockázati szintű sérülékenység van jelen, amelyek sürgős kezelést igényelnek a következő 0-7 napban.
Fő kockázati témák: A MongoDB-ban lévő biztonsági rések (SERVER-85263 és SERVER-92382) és a Remote Desktop Protocol Server Man-in-the-Middle gyenge pontja jelentenek nagy veszélyt.
Ajánlott 0–7 nap: Azonnal javítsuk ki a MongoDB-ban lévő biztonsági réseket, és erősítsük meg a Remote Desktop Protocol Server védelmét.
Ajánlott 7–30 nap: Rendszerszintű megelőzési intézkedéseket hajtson végre, például hardening-t és újraszkennelést, hogy minimalizálja a kockázatot.

TÉNYEK
IP-cím: 10.44.100.223
Sérülékenységek száma: Critical: 0, High: 1, Medium: 3, Low: 1.
Előzetes kockázati szint (szabály-alapú): MAGAS
*

Magas (1 típus / 1 összes)
  1. MongoDB 5.0.x < 5.0.25 / 6.0.x < 6.0.14 / 7.0.x < 7.0.6 Improper Input Validation (SERVER-85263)
Közepes (3 típus / 3 összes)
  1. Remote Desktop Protocol Server Man-in-the-Middle Weakness
  2. CUPS cups-browsed Remote Unauthenticated Printer Registration (CVE-2024-47176)
  3. MongoDB 6.0.x < 6.0.17 / 7.0.x < 7.0.13 / 7.3.x < 7.3.4 incorrect enforcement of index constraints (SERVER-92382)
Ollama: llama3.1:8b | ollama version is 0.14.2 | 2026-01-30 18:53

HIGH (1)

MongoDB 5.0.x < 5.0.25 / 6.0.x < 6.0.14 / 7.0.x < 7.0.6 Improper Input Validation (SERVER-85263)
Plugin ID: 197879 Port: tcp/27017 CVE: CVE-2024-3372
The version of MongoDB installed on the remote host is prior to 5.0.25, 6.0.14, or 7.0.6. It is, therefore, affected by a vulnerability as referenced in the SERVER-85263 advisory. - Improper validation of certain metadata input may result in the server not correctly serialising BSON. This can be performed pre-authentication and may cause unexpected application behavior including unavailability of serverStatus responses. This issue affects MongoDB Server v7.0 versions prior to 7.0.6, MongoDB Server v6.0 versions prior to 6.0.14 and MongoDB Server v.5.0 versions prior to 5.0.25. (CVE-2024-3372) Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
Javasolt megoldás
Upgrade to MongoDB version 5.0.25 / 6.0.14 / 7.0.6 or later.

MEDIUM (3)

Remote Desktop Protocol Server Man-in-the-Middle Weakness
Plugin ID: 18405 Port: tcp/2590 CVE: CVE-2005-1794
The remote version of the Remote Desktop Protocol Server (Terminal Service) is vulnerable to a man-in-the-middle (MiTM) attack. The RDP client makes no effort to validate the identity of the server when setting up encryption. An attacker with the ability to intercept traffic from the RDP server can establish encryption with the client and server without being detected. A MiTM attack of this nature would allow the attacker to obtain any sensitive information transmitted, including authentication credentials. This flaw exists because the RDP server stores a publicly known hard-coded RSA private key. Any attacker in a privileged network location can use the key for this attack.
Javasolt megoldás
- Force the use of SSL as a transport layer for this service if supported, or/and - On Microsoft Windows operating systems, select the 'Allow connections only from computers running Remote Desktop with Network Level Authentication' setting if it is available.
CUPS cups-browsed Remote Unauthenticated Printer Registration (CVE-2024-47176)
Plugin ID: 207864 Port: tcp/631 CVE: CVE-2024-47176
The cups-browsed server running on the remote host trusts any well formatted packet received and responds to a potentially attacker controlled URL. A remote, unauthenticated attacker can exploit this vulnerability to solicit information and, combined with other CVEs, achieve RCE.
Javasolt megoldás
Upgrade to the latest available version or apply the recommended security patch per the vendor advisory.
MongoDB 6.0.x < 6.0.17 / 7.0.x < 7.0.13 / 7.3.x < 7.3.4 incorrect enforcement of index constraints (SERVER-92382)
Plugin ID: 232848 Port: tcp/27017 CVE: CVE-2024-8305
The version of MongoDB installed on the remote host is prior to 6.0.17, 7.0.13 and 7.3.4. It is, therefore, affected by a vulnerability as referenced in the SERVER-92382 advisory. - PrepareUnique index may cause secondaries to crash due to incorrect enforcement of index constraints on secondaries, where in extreme cases may cause multiple secondaries crashing leading to no primaries. This issue affects MongoDB Server v6.0 versions prior to 6.0.17, MongoDB Server v7.0 versions prior to 7.0.13 and MongoDB Server v7.3 versions prior to 7.3.4 (CVE-2024-8305) Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
Javasolt megoldás
Upgrade to MongoDB version 6.0.17 / 7.0.13 / 7.3.4 or later.

LOW (1)

ICMP Timestamp Request Remote Date Disclosure
Plugin ID: 10114 Port: icmp/0 CVE: CVE-1999-0524
The remote host answers to an ICMP timestamp request. This allows an attacker to know the date that is set on the targeted machine, which may assist an unauthenticated, remote attacker in defeating time-based authentication protocols. Timestamps returned from machines running Windows Vista / 7 / 2008 / 2008 R2 are deliberately incorrect, but usually within 1000 seconds of the actual system time.
Javasolt megoldás
Filter out the ICMP timestamp requests (13), and the outgoing ICMP timestamp replies (14).