Scan Report

March 10, 2024

Summary
This document reports on the results of an automatic security scan. All dates are dis-
played using the timezone UTC, which is abbreviated UTC. The task was Immediate
scan of IP au2mobile.com. The scan started at Sun Mar 10 09:59:20 2024 UTC and ended
at Sun Mar 10 10:54:59 2024 UTC. The report rst summarises the results found. Then, for
each host, the report describes every issue found. Please consider the advice given in each
description, in order to rectify the issue.

Contents

1 Result Overview 2
2 Results per Host 2
2.1 85.215.73.107 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2

2.1.1 High 5601/tcp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2

2.1.2 Medium 25/tcp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5

2.1.3 Medium 5601/tcp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5

2.1.4 Low general/tcp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9

1
2 RESULTS PER HOST 2

1 Result Overview

Host High Medium Low Log False Positive

85.215.73.107 2 5 1 0 0
au2mobile.com
Total: 1 2 5 1 0 0

Vendor security updates are not trusted.

Overrides are o. Even when a result has an override, this report uses the actual threat of the
result.
Information on overrides is included in the report.
Notes are included in the report.
This report might not show details of all issues that were found.
Issues with the threat level Log are not shown.
Issues with the threat level Debug are not shown.
Issues with the threat level False Positive are not shown.
Only results with a minimum QoD of 70 are shown.

This report contains all 8 results selected by the ltering described above. Before ltering there
were 197 results.

2 Results per Host

2.1 85.215.73.107

Host scan start Sun Mar 10 10:00:34 2024 UTC

Host scan end Sun Mar 10 10:54:51 2024 UTC

Service (Port) Threat Level

5601/tcp High
25/tcp Medium
5601/tcp Medium
general/tcp Low

2.1.1 High 5601/tcp

High (CVSS: 8.8)

NVT: Elastic Kibana 7.0.0 < 7.17.8, 8.0.0 < 8.5.0 RCE Vulnerability (ESA-2022-12)

Summary
Kibana is prone to a remote code execution (RCE) vulnerability in the headless Chromium
browser that Kibana relies on for its reporting capabilities.

. . . continues on next page . . .

2 RESULTS PER HOST 3

. . . continued from previous page . . .

Quality of Detection: 80

Vulnerability Detection Result

Installed version: 7.17.1
Fixed version: 7.17.8
Installation
path / port: /

Solution:
Solution type: VendorFix
Update to version 7.17.8, 8.5.0 or later.

Aected Software/OS
Kibana version 7.0.0 prior to 7.17.8 and 8.0.0 prior to 8.5.0.

Vulnerability Insight
The vulnerability in Chromium is not exploitable on its own but could be exploited via an
additional cross-site scripting (XSS) in some of aected versions of Kibana with the worst im-
pact being remote code execution (RCE) with an attacker executing arbitrary commands with
permissions of the Kibana process.

Vulnerability Detection Method

Checks if a vulnerable version is present on the target host.
Details: Elastic Kibana 7.0.0 < 7.17.8, 8.0.0 < 8.5.0 RCE Vulnerability (ESA-2022-12)
OID:1.3.6.1.4.1.25623.1.0.126336
Version used: 2023-10-12T05:05:32Z

References
cve: CVE-2022-1364
cisa: Known Exploited Vulnerability (KEV) catalog
url: https://www.cisa.gov/known-exploited-vulnerabilities-catalog
url: https://discuss.elastic.co/t/7-17-8-8-5-0-security-update/320920
cert-bund: WID-SEC-2022-1139
cert-bund: WID-SEC-2022-1138
cert-bund: CB-K22/0462
cert-bund: CB-K22/0458
dfn-cert: DFN-CERT-2022-0991
dfn-cert: DFN-CERT-2022-0957
dfn-cert: DFN-CERT-2022-0844
dfn-cert: DFN-CERT-2022-0842

High (CVSS: 7.5)

NVT: Elastic Kibana 7.0.0 < 7.17.9, 8.0.0 < 8.6.1 DoS Vulnerability (ESA-2023-02)

Summary
. . . continues on next page . . .
2 RESULTS PER HOST 4

. . . continued from previous page . . .

Elastic Kibana is prone to a denial of service (DoS) vulnerability.

Quality of Detection: 80

Vulnerability Detection Result

Installed version: 7.17.1
Fixed version: 7.17.9
Installation
path / port: /

Solution:
Solution type: VendorFix
Update to version 7.17.9, 8.6.1 or later.

Aected Software/OS
Elastic Kibana versions 7.0.0 through 7.17.8 and 8.0.0 through 8.6.0.

Vulnerability Insight
A aw was discovered in one of Kibana's third party dependencies, that could allow an authen-
ticated user to perform a request that crashes the Kibana server process.

Vulnerability Detection Method

Checks if a vulnerable version is present on the target host.
Details: Elastic Kibana 7.0.0 < 7.17.9, 8.0.0 < 8.6.1 DoS Vulnerability (ESA-2023-02)
OID:1.3.6.1.4.1.25623.1.0.126333
Version used: 2023-10-13T05:06:10Z

References
cve: CVE-2022-38778
cve: CVE-2022-38900
url: https://discuss.elastic.co/t/elastic-7-17-9-8-5-0-and-8-6-1-security-update
,→/324661
cert-bund: WID-SEC-2023-2229
cert-bund: WID-SEC-2023-1542
cert-bund: WID-SEC-2023-1350
cert-bund: WID-SEC-2023-0424
cert-bund: WID-SEC-2023-0284
dfn-cert: DFN-CERT-2023-1459
dfn-cert: DFN-CERT-2023-1458
dfn-cert: DFN-CERT-2023-1291
dfn-cert: DFN-CERT-2023-0734
dfn-cert: DFN-CERT-2023-0652
dfn-cert: DFN-CERT-2023-0633

[ return to 85.215.73.107 ]
2 RESULTS PER HOST 5

2.1.2 Medium 25/tcp

Medium (CVSS: 4.8)

NVT: SMTP Unencrypted Cleartext Login

Summary
The remote host is running a SMTP server that allows cleartext logins over unencrypted con-
nections.

Quality of Detection: 70

Vulnerability Detection Result

The remote SMTP server accepts logins via the following cleartext authentication
,→ mechanisms over unencrypted connections:
PLAIN
LOGIN
The remote SMTP server supports the 'STARTTLS' command but isn't enforcing the u
,→se of it for the cleartext authentication mechanisms.

Impact
An attacker can uncover login names and passwords by sning trac to the SMTP server.

Solution:
Solution type: Mitigation
Enable SMTPS or enforce the connection via the 'STARTTLS' command. Please see the manual
of the SMTP server for more information.

Vulnerability Detection Method

Evaluates from previously collected info if a non SMTPS enabled SMTP server is providing the
'PLAIN' or 'LOGIN' authentication methods without sending the 'STARTTLS' command rst.
Details: SMTP Unencrypted Cleartext Login
OID:1.3.6.1.4.1.25623.1.0.108530
Version used: 2023-10-13T05:06:09Z

[ return to 85.215.73.107 ]

2.1.3 Medium 5601/tcp

Medium (CVSS: 6.1)

NVT: Elastic Kibana 7.9.0 - 7.17.9, 8.0.0 - 8.6.2 XSS Vulnerability (ESA-2023-05)

Summary
Kibana is prone to a cross-site scripting (XSS) vulnerability.

Quality of Detection: 80
. . . continues on next page . . .
2 RESULTS PER HOST 6

. . . continued from previous page . . .

Vulnerability Detection Result

Installed version: 7.17.1
Fixed version: 7.17.10
Installation
path / port: /

Solution:
Solution type: VendorFix
Update to version 7.17.10, 8.7.0 or later.

Aected Software/OS
Kibana version 7.9.0 through 7.17.9 and 8.0.0 through 8.6.2.

Vulnerability Insight
A aw was discovered in one of Kibana's dependencies, which could allow arbitrary JavaScript
to be executed in a victim's browser via a maliciously crafted custom visualization in Kibana.

Vulnerability Detection Method

Checks if a vulnerable version is present on the target host.
Details: Elastic Kibana 7.9.0 - 7.17.9, 8.0.0 - 8.6.2 XSS Vulnerability (ESA-2023-05)
OID:1.3.6.1.4.1.25623.1.0.149633
Version used: 2023-10-12T05:05:32Z

References
cve: CVE-2023-26486
url: https://discuss.elastic.co/t/elastic-stack-8-7-0-7-17-10-security-updates/3
,→32327
cert-bund: WID-SEC-2023-1134

Medium (CVSS: 6.1)

NVT: Elastic Kibana 7.0.0 < 7.17.5, 8.0.0 <= 8.2.3 XSS Vulnerability (ESA-2022-08)

Summary
Kibana is prone to a cross-site scripting (XSS) vulnerability.

Quality of Detection: 80

Vulnerability Detection Result

Installed version: 7.17.1
Fixed version: 7.17.5
Installation
path / port: /

Solution:
. . . continues on next page . . .
2 RESULTS PER HOST 7

. . . continued from previous page . . .

Solution type: VendorFix
Update to version 7.17.5, 8.3.0 or later.

Aected Software/OS
Kibana version 7.0.0 through 7.17.4 and 8.0.0 through 8.2.3.

Vulnerability Insight
A cross-site-scripting (XSS) vulnerability was discovered in the Vega Charts Kibana integration
which could allow arbitrary JavaScript to be executed in a victim's browser.

Vulnerability Detection Method

Checks if a vulnerable version is present on the target host.
Details: Elastic Kibana 7.0.0 < 7.17.5, 8.0.0 <= 8.2.3 XSS Vulnerability (ESA-2022-08)
OID:1.3.6.1.4.1.25623.1.0.126066
Version used: 2022-07-18T10:11:09Z

References
cve: CVE-2022-23713
url: https://discuss.elastic.co/t/elastic-8-3-1-8-3-0-and-7-17-5-security-update
,→/308613
cert-bund: WID-SEC-2022-0527

Medium (CVSS: 6.1)

NVT: Elastic Kibana 7.0.0 < 7.17.9, 8.0.0 < 8.6.2 Open Redirect Vulnerability (ESA-2023-03)

Summary
Kibana is prone to an open redirect vulnerability.

Quality of Detection: 80

Vulnerability Detection Result

Installed version: 7.17.1
Fixed version: 7.17.9
Installation
path / port: /

Solution:
Solution type: VendorFix
Update to version 7.17.9, 8.6.2 or later.

Aected Software/OS
Kibana version 7.0.0 prior to 7.17.9 and 8.0.0 prior to 8.6.2.

Vulnerability Insight
. . . continues on next page . . .
2 RESULTS PER HOST 8

. . . continued from previous page . . .

An open redirect was discovered in Kibana that could lead to a user being redirected to an
arbitrary website if they use a maliciously crafted Kibana URL.

Vulnerability Detection Method

Checks if a vulnerable version is present on the target host.
Details: Elastic Kibana 7.0.0 < 7.17.9, 8.0.0 < 8.6.2 Open Redirect Vulnerability (ESA-2.
,→..
OID:1.3.6.1.4.1.25623.1.0.126350
Version used: 2023-10-13T05:06:10Z

References
cve: CVE-2022-38779
url: https://discuss.elastic.co/t/kibana-7-17-9-and-8-6-2-security-update/325782
cert-bund: WID-SEC-2023-0415

Medium (CVSS: 5.3)

NVT: Elastic Kibana 7.2.1 < 7.17.2, 8.0.0 < 8.1.2 Information Disclosure Vulnerability (ESA-
2022-05)

Summary
Kibana is prone to an information disclosure vulnerability.

Quality of Detection: 80

Vulnerability Detection Result

Installed version: 7.17.1
Fixed version: 7.17.3
Installation
path / port: /

Impact
A vulnerability in Kibana could expose sensitive information related to Elastic Stack monitoring
in the Kibana page source.

Solution:
Solution type: VendorFix
Update to version 7.17.3, 8.1.3 or later.

Aected Software/OS
Kibana version 7.2.1 through 7.17.2 and 8.0.0 through 8.1.2.

Vulnerability Detection Method

Checks if a vulnerable version is present on the target host.
Details: Elastic Kibana 7.2.1 < 7.17.2, 8.0.0 < 8.1.2 Information Disclosure Vulnerabili.
,→..
. . . continues on next page . . .
2 RESULTS PER HOST 9

. . . continued from previous page . . .

OID:1.3.6.1.4.1.25623.1.0.126068
Version used: 2022-07-15T10:10:19Z

References
cve: CVE-2022-23711
url: https://discuss.elastic.co/t/kibana-7-17-3-and-8-1-3-security-update/302826

[ return to 85.215.73.107 ]

2.1.4 Low general/tcp

Low (CVSS: 2.6)

NVT: TCP Timestamps Information Disclosure

Summary
The remote host implements TCP timestamps and therefore allows to compute the uptime.

Quality of Detection: 80

Vulnerability Detection Result

It was detected that the host implements RFC1323/RFC7323.
The following timestamps were retrieved with a delay of 1 seconds in-between:
Packet 1: 953508698
Packet 2: 953509887

Impact
A side eect of this feature is that the uptime of the remote host can sometimes be computed.

Solution:
Solution type: Mitigation
To disable TCP timestamps on linux add the line 'net.ipv4.tcp_timestamps = 0' to
/etc/sysctl.conf. Execute 'sysctl -p' to apply the settings at runtime.
To disable TCP timestamps on Windows execute 'netsh int tcp set global timestamps=disabled'
Starting with Windows Server 2008 and Vista, the timestamp can not be completely disabled.
The default behavior of the TCP/IP stack on this Systems is to not use the Timestamp options
when initiating TCP connections, but use them if the TCP peer that is initiating communication
includes them in their synchronize (SYN) segment.
See the references for more information.

Aected Software/OS
TCP implementations that implement RFC1323/RFC7323.

Vulnerability Insight
The remote host implements TCP timestamps, as dened by RFC1323/RFC7323.
. . . continues on next page . . .
2 RESULTS PER HOST 10

. . . continued from previous page . . .

Vulnerability Detection Method

Special IP packets are forged and sent with a little delay in between to the target IP. The
responses are searched for a timestamps. If found, the timestamps are reported.
Details: TCP Timestamps Information Disclosure
OID:1.3.6.1.4.1.25623.1.0.80091
Version used: 2023-12-15T16:10:08Z

References
url: https://datatracker.ietf.org/doc/html/rfc1323
url: https://datatracker.ietf.org/doc/html/rfc7323
url: https://web.archive.org/web/20151213072445/http://www.microsoft.com/en-us/d
,→ownload/details.aspx?id=9152
url: https://www.fortiguard.com/psirt/FG-IR-16-090

[ return to 85.215.73.107 ]

This le was automatically generated.