VLAN418_RADI – 10.44.100.151

VLAN: 418CIDR: 10.44.100.0/22, 193.224.48.64/27, 192.9.200.0/24NAT: 193.224.49.26Nessus mappa: 1472
Scan: RADIDátum: 2026-02-02 08:22

CRITICAL (2)

Python Unsupported Version Detection
Plugin ID: 148367 Port: tcp/8000
The remote host contains one or more unsupported versions of Python. Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it is likely to contain security vulnerabilities.
Javasolt megoldás
Upgrade to a version of Python that is currently supported.
Canonical Ubuntu Linux SEoL (18.04.x)
Plugin ID: 201456 Port: tcp/22
According to its version, Canonical Ubuntu Linux is 18.04.x. It is, therefore, no longer maintained by its vendor or provider. Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it may contain security vulnerabilities.
Javasolt megoldás
Upgrade to a version of Canonical Ubuntu Linux that is currently supported.

MEDIUM (3)

AMQP Cleartext Authentication
Plugin ID: 87733 Port: tcp/5672
The remote Advanced Message Queuing Protocol (AMQP) service supports one or more authentication mechanisms that allow credentials to be sent in the clear.
Javasolt megoldás
Disable cleartext authentication mechanisms in the AMQP configuration.
SSH Terrapin Prefix Truncation Weakness (CVE-2023-48795)
Plugin ID: 187315 Port: tcp/22 CVE: CVE-2023-48795
The remote SSH server is vulnerable to a man-in-the-middle prefix truncation weakness known as Terrapin. This can allow a remote, man-in-the-middle attacker to bypass integrity checks and downgrade the connection's security. Note that this plugin only checks for remote SSH servers that support either ChaCha20-Poly1305 or CBC with Encrypt-then-MAC and do not support the strict key exchange countermeasures. It does not check for vulnerable software versions.
Javasolt megoldás
Contact the vendor for an update with the strict key exchange countermeasures or disable the affected algorithms.
CUPS cups-browsed Remote Unauthenticated Printer Registration (CVE-2024-47176)
Plugin ID: 207864 Port: tcp/631 CVE: CVE-2024-47176
The cups-browsed server running on the remote host trusts any well formatted packet received and responds to a potentially attacker controlled URL. A remote, unauthenticated attacker can exploit this vulnerability to solicit information and, combined with other CVEs, achieve RCE.
Javasolt megoldás
Upgrade to the latest available version or apply the recommended security patch per the vendor advisory.

LOW (2)

ICMP Timestamp Request Remote Date Disclosure
Plugin ID: 10114 Port: icmp/0 CVE: CVE-1999-0524
The remote host answers to an ICMP timestamp request. This allows an attacker to know the date that is set on the targeted machine, which may assist an unauthenticated, remote attacker in defeating time-based authentication protocols. Timestamps returned from machines running Windows Vista / 7 / 2008 / 2008 R2 are deliberately incorrect, but usually within 1000 seconds of the actual system time.
Javasolt megoldás
Filter out the ICMP timestamp requests (13), and the outgoing ICMP timestamp replies (14).
X Server Detection
Plugin ID: 10407 Port: tcp/6001
The remote host is running an X11 server. X11 is a client-server protocol that can be used to display graphical applications running on a given host on a remote client. Since the X11 traffic is not ciphered, it is possible for an attacker to eavesdrop on the connection.
Javasolt megoldás
Restrict access to this port. If the X11 client/server facility is not used, disable TCP support in X11 entirely (-nolisten tcp).