Scan Results

October 25, 2022

Report Summary
User Name: Juan Sebastian Cubillos Avendaño
Login Name: temex_uc
Company: Telmex Colombia
User Role: Manager
Address: Triara piso 4
City: Bogotá
Zip: 11111
Country: Colombia
Created: 10/25/2022 at 12:02:32 PM (GMT-0500)
Launch Date: 10/25/2022 at 11:52:17 AM (GMT-0500)
Active Hosts: 1
Total Hosts: 1
Type: On demand
Status: Finished
Reference: scan/1666716738.62043
External Scanners: 64.39.98.84 (Scanner 12.11.33-1, Vulnerability Signatures 2.5.614-2)
Duration: 00:06:00
Title: SCAN_GRP_CPE_Mikrotik_RF1510617
Asset Groups: GRP_CPE_Mikrotik_RF1510617
IPs: 186.86.255.129
Excluded IPs: -
Options Profile: Initial Options

Summary of Vulnerabilities

Vulnerabilities Total 8 Security Risk (Avg) 1.0

by Severity
Severity Confirmed Potential Information Gathered Total
5 0 0 0 0
4 0 0 0 0
3 0 0 0 0
2 0 0 0 0
1 1 0 7 8
Total 1 0 7 8

5 Biggest Categories
Category Confirmed Potential Information Gathered Total
Information gathering 0 0 6 6
TCP/IP 1 0 1 2
Total 1 0 7 8

Scan Results page 1

Vulnerabilities by Severity

Operating Systems Detected

Detailed Results

186.86.255.129 (dynamic-ip-18686255129.cable.net.co, -)

Vulnerabilities (1)

1 ICMP Timestamp Request

QID: 82003 CVSS Base: 0.0

Category: TCP/IP CVSS Temporal: 0.0
Associated CVEs: CVE-1999-0524
Vendor Reference: -
Bugtraq ID: -
Service Modified: 04/28/2009 CVSS3.1 Base: -
User Modified: - CVSS3.1 Temporal: -
Edited: No
PCI Vuln: No

THREAT:
ICMP (Internet Control and Error Message Protocol) is a protocol encapsulated in IP packets. It's principal purpose is to provide a protocol
layer able to inform gateways of the inter-connectivity and accessibility of other gateways or hosts. "ping" is a well-known program
for determining if a host is up or down. It uses ICMP echo packets. ICMP timestamp packets are used to synchronize clocks between hosts.

IMPACT:

Scan Results page 2

 Unauthorized users can obtain information about your network by sending ICMP timestamp packets. For example, the internal systems clock should
not be disclosed since some internal daemons use this value to calculate ID or sequence numbers (i.e., on SunOS servers).

SOLUTION:
You can filter ICMP messages of type "Timestamp" and "Timestamp Reply" at the firewall level. Some system administrators choose to filter most
types of ICMP messages for various reasons. For example, they may want to protect their internal hosts from ICMP-based Denial Of Service
attacks, such as the Ping of Death or Smurf attacks.
However, you should never filter ALL ICMP messages, as some of them ("Don't Fragment", "Destination Unreachable", "Source Quench", etc) are
necessary for proper behavior of Operating System TCP/IP stacks.
It may be wiser to contact your network consultants for advice, since this issue impacts your overall network reliability and security.

COMPLIANCE:
Not Applicable

EXPLOITABILITY:
There is no exploitability information for this vulnerability.

ASSOCIATED MALWARE:
There is no malware information for this vulnerability.

RESULTS:
Timestamp of host (network byte ordering): 05:57:52 GMT

Information Gathered (7)

1 DNS Host Name

QID: 6
Category: Information gathering
Associated CVEs: -
Vendor Reference: -
Bugtraq ID: -
Service Modified: 01/04/2018
User Modified: -
Edited: No
PCI Vuln: No

THREAT:
The fully qualified domain name of this host, if it was obtained from a DNS server, is displayed in the RESULT section.

IMPACT:
N/A

SOLUTION:
N/A

COMPLIANCE:
Not Applicable

EXPLOITABILITY:
There is no exploitability information for this vulnerability.

ASSOCIATED MALWARE:
There is no malware information for this vulnerability.

RESULTS:
IP address Host name
186.86.255.129 dynamic-ip-18686255129.cable.net.co

1 Target Network Information

Scan Results page 3

 QID: 45004
Category: Information gathering
Associated CVEs: -
Vendor Reference: -
Bugtraq ID: -
Service Modified: 08/15/2013
User Modified: -
Edited: No
PCI Vuln: No

THREAT:
The information shown in the Result section was returned by the network infrastructure responsible for routing traffic from our cloud platform to the
target network (where the scanner appliance is located).
This information was returned from: 1) the WHOIS service, or 2) the infrastructure provided by the closest gateway server to our cloud platform. If
your ISP is routing traffic, your ISP's gateway server returned this information.

IMPACT:
This information can be used by malicious users to gather more information about the network infrastructure that may help in launching attacks
against it.

SOLUTION:
N/A

COMPLIANCE:
Not Applicable

EXPLOITABILITY:
There is no exploitability information for this vulnerability.

ASSOCIATED MALWARE:
There is no malware information for this vulnerability.

RESULTS:
The network handle is: LACNIC-186
Network description:
Latin American and Caribbean IP address Regional Registry

1 Internet Service Provider

QID: 45005
Category: Information gathering
Associated CVEs: -
Vendor Reference: -
Bugtraq ID: -
Service Modified: 09/27/2013
User Modified: -
Edited: No
PCI Vuln: No

THREAT:
The information shown in the Result section was returned by the network infrastructure responsible for routing traffic from our cloud platform to the
target network (where the scanner appliance is located).
This information was returned from: 1) the WHOIS service, or 2) the infrastructure provided by the closest gateway server to our cloud platform. If
your ISP is routing traffic, your ISP's gateway server returned this information.

IMPACT:
This information can be used by malicious users to gather more information about the network infrastructure that may aid in launching further
attacks against it.

SOLUTION:

Scan Results page 4

 N/A

COMPLIANCE:
Not Applicable

EXPLOITABILITY:
There is no exploitability information for this vulnerability.

ASSOCIATED MALWARE:
There is no malware information for this vulnerability.

RESULTS:
The ISP network handle is: NET-209-120-164-0-1
ISP Network description:
GTT GTT-GTT

1 Traceroute

QID: 45006
Category: Information gathering
Associated CVEs: -
Vendor Reference: -
Bugtraq ID: -
Service Modified: 05/09/2003
User Modified: -
Edited: No
PCI Vuln: No

THREAT:
Traceroute describes the path in realtime from the scanner to the remote host being contacted. It reports the IP addresses of all the routers in
between.

COMPLIANCE:
Not Applicable

EXPLOITABILITY:
There is no exploitability information for this vulnerability.

ASSOCIATED MALWARE:
There is no malware information for this vulnerability.

RESULTS:
Hops IP Round Trip Time Probe Port
1 139.87.10.24 0.07ms ICMP
2 98.124.172.114 8.27ms ICMP
3 98.124.172.113 1.01ms ICMP
4 89.149.130.146 37.29ms ICMP
5 209.120.165.2 81.19ms ICMP
6 *.*.*.* 0.00ms Other 80
7 *.*.*.* 0.00ms Other 80
8 186.86.255.129 90.83ms ICMP

1 Host Scan Time - Scanner

QID: 45038
Category: Information gathering
Associated CVEs: -
Vendor Reference: -
Bugtraq ID: -

Scan Results page 5

 Service Modified: 09/15/2022
User Modified: -
Edited: No
PCI Vuln: No

THREAT:
The Host Scan Time is the period of time it takes the scanning engine to perform the vulnerability assessment of a single target host. The Host Scan
Time for this host is reported in the Result section below.
The Host Scan Time does not have a direct correlation to the Duration time as displayed in the Report Summary section of a scan results report. The
Duration is the period of time it takes the service to perform a scan task. The Duration includes the time it takes the service to scan all hosts, which
may involve parallel scanning. It also includes the time it takes for a scanner appliance to pick up the scan task and transfer the results back to the
service's Secure Operating Center. Further, when a scan task is distributed across multiple scanners, the Duration includes the time it takes to
perform parallel host scanning on all scanners.

IMPACT:
N/A

SOLUTION:
N/A

COMPLIANCE:
Not Applicable

EXPLOITABILITY:
There is no exploitability information for this vulnerability.

ASSOCIATED MALWARE:
There is no malware information for this vulnerability.

RESULTS:
Scan duration: 312 seconds

Start time: Tue, Oct 25 2022, 16:53:53 GMT

End time: Tue, Oct 25 2022, 16:59:05 GMT

1 Host Names Found

QID: 45039
Category: Information gathering
Associated CVEs: -
Vendor Reference: -
Bugtraq ID: -
Service Modified: 08/26/2020
User Modified: -
Edited: No
PCI Vuln: No

THREAT:
The following host names were discovered for this computer using various methods such as DNS look up, NetBIOS query, and SQL server name
query.

IMPACT:
N/A

SOLUTION:
N/A

COMPLIANCE:

Scan Results page 6

 Not Applicable

EXPLOITABILITY:
There is no exploitability information for this vulnerability.

ASSOCIATED MALWARE:
There is no malware information for this vulnerability.

RESULTS:
Host Name Source
dynamic-ip-18686255129.cable.net.co FQDN

1 ICMP Replies Received

QID: 82040
Category: TCP/IP
Associated CVEs: -
Vendor Reference: -
Bugtraq ID: -
Service Modified: 01/16/2003
User Modified: -
Edited: No
PCI Vuln: No

THREAT:
ICMP (Internet Control and Error Message Protocol) is a protocol encapsulated in IP packets. ICMP's principal purpose is to provide a protocol layer
that informs gateways of the inter-connectivity and accessibility of other gateways or hosts.
We have sent the following types of packets to trigger the host to send us ICMP replies:
Echo Request (to trigger Echo Reply)
Timestamp Request (to trigger Timestamp Reply)
Address Mask Request (to trigger Address Mask Reply)
UDP Packet (to trigger Port Unreachable Reply)
IP Packet with Protocol >= 250 (to trigger Protocol Unreachable Reply)
Listed in the "Result" section are the ICMP replies that we have received.

COMPLIANCE:
Not Applicable

EXPLOITABILITY:
There is no exploitability information for this vulnerability.

ASSOCIATED MALWARE:
There is no malware information for this vulnerability.

RESULTS:
ICMP Reply Type Triggered By Additional Information
Echo (type=0 code=0) Echo Request Echo Reply
Time Stamp (type=14 code=0) Time Stamp Request 05:57:52 GMT
Unreachable (type=3 code=3) UDP Port 1037 Port Unreachable
Unreachable (type=3 code=3) UDP Port 7211 Port Unreachable
Unreachable (type=3 code=3) UDP Port 1 Port Unreachable
Unreachable (type=3 code=3) UDP Port 4156 Port Unreachable
Unreachable (type=3 code=3) UDP Port 1492 Port Unreachable
Unreachable (type=3 code=3) UDP Port 177 Port Unreachable
Unreachable (type=3 code=3) UDP Port 11223 Port Unreachable
Unreachable (type=3 code=3) UDP Port 518 Port Unreachable
Unreachable (type=3 code=3) UDP Port 1981 Port Unreachable
Unreachable (type=3 code=3) UDP Port 50766 Port Unreachable

Scan Results page 7

Appendix

Hosts Scanned (IP)

186.86.255.129

Target distribution across scanner appliances

External : 186.86.255.129

Options Profile

Initial Options

Scan Settings
Ports:
Scanned TCP Ports: Standard Scan
Scanned UDP Ports: Standard Scan
Scan Dead Hosts: Off
Close Vulnerabilities on Dead Hosts Count: Off
Purge old host data when OS changes: Off
Load Balancer Detection: On
Perform 3-way Handshake: Off
Vulnerability Detection: Complete
Intrusive Checks: Excluded
Password Brute Forcing:
System: Disabled
Custom: Enabled, SSH, Windows, CredSSH, CredWindows
Authentication:
Windows: Enabled
Unix/Cisco/Network SSH: Enabled
Unix Least Privilege Authentication: Disabled
Oracle: Disabled
Oracle Listener: Disabled
SNMP: Disabled
VMware: Disabled
DB2: Disabled
HTTP: Disabled
MySQL: Disabled
Tomcat Server: Disabled
MongoDB: Disabled
Palo Alto Networks Firewall: Disabled
Jboss Server: Disabled
Oracle WebLogic Server: Disabled
MariaDB: Disabled
InformixDB: Disabled
MS Exchange Server: Disabled
Oracle HTTP Server: Disabled
MS SharePoint: Disabled
Sybase: Disabled
Kubernetes: Disabled
SAP IQ: Disabled
SAP HANA: Disabled

Scan Results page 8

Azure MS SQL: Disabled
Neo4j: Disabled
NGINX: Disabled
Infoblox: Disabled
Overall Performance: Normal
Authenticated Scan Certificate Discovery: Disabled
Test Authentication: Disabled
Hosts to Scan in Parallel:
Use Appliance Parallel ML Scaling: Off
External Scanners: 15
Scanner Appliances: 30
Processes to Run in Parallel:
Total Processes: 10
HTTP Processes: 10
Packet (Burst) Delay: Medium
Port Scanning and Host Discovery:
Intensity: Normal
Dissolvable Agent:
Dissolvable Agent (for this profile): Disabled
Windows Share Enumeration: Disabled
Windows Directory Search: Disabled
Lite OS Discovery: Disabled
Host Alive Testing: Disabled
Do Not Overwrite OS: Disabled

System Authentication
System Authentication Records:
Include system created authentication records in scans: Disabled

Advanced Settings
Host Discovery: TCP Standard Scan, UDP Standard Scan, ICMP On
Ignore firewall-generated TCP RST packets: On
Ignore all TCP RST packets: On
Ignore firewall-generated TCP SYN-ACK packets: On
Do not send TCP ACK or SYN-ACK packets during host discovery: Off

Report Legend

Vulnerability Levels
A Vulnerability is a design flaw or mis-configuration which makes your network (or a host on your network) susceptible to malicious attacks from local or
remote users. Vulnerabilities can exist in several areas of your network, such as in your firewalls, FTP servers, Web servers, operating systems or CGI bins.
Depending on the level of the security risk, the successful exploitation of a vulnerability can vary from the disclosure of information about the host to a
complete compromise of the host.

Severity Level Description

1 Minimal Intruders can collect information about the host (open ports, services, etc.) and may be
able to use this information to find other vulnerabilities.

2 Medium Intruders may be able to collect sensitive information from the host, such as the
precise version of software installed. With this information, intruders can easily
exploit known vulnerabilities specific to software versions.

3 Serious Intruders may be able to gain access to specific information stored on the host,
including security settings. This could result in potential misuse of the host by
intruders. For example, vulnerabilities at this level may include partial disclosure of
file contents, access to certain files on the host, directory browsing, disclosure of
filtering rules and security mechanisms, denial of service attacks, and unauthorized use
of services, such as mail-relaying.

Scan Results page 9

 Severity Level Description

4 Critical Intruders can possibly gain control of the host, or there may be potential leakage of
highly sensitive information. For example, vulnerabilities at this level may include
full read access to files, potential backdoors, or a listing of all the users on the
host.

5 Urgent Intruders can easily gain control of the host, which can lead to the compromise of your
entire network security. For example, vulnerabilities at this level may include full
read and write access to files, remote execution of commands, and the presence of
backdoors.

Potential Vulnerability Levels

A potential vulnerability is one which we cannot confirm exists. The only way to verify the existence of such vulnerabilities on your network would be to
perform an intrusive scan, which could result in a denial of service. This is strictly against our policy. Instead, we urge you to investigate these potential
vulnerabilities further.

Severity Level Description

1 Minimal If this vulnerability exists on your system, intruders can collect information about the
host (open ports, services, etc.) and may be able to use this information to find other
vulnerabilities.

2 Medium If this vulnerability exists on your system, intruders may be able to collect sensitive
information from the host, such as the precise version of software installed. With this
information, intruders can easily exploit known vulnerabilities specific to software
versions.

3 Serious If this vulnerability exists on your system, intruders may be able to gain access to
specific information stored on the host, including security settings. This could result
in potential misuse of the host by intruders. For example, vulnerabilities at this level
may include partial disclosure of file contents, access to certain files on the host,
directory browsing, disclosure of filtering rules and security mechanisms, denial of
service attacks, and unauthorized use of services, such as mail-relaying.

4 Critical If this vulnerability exists on your system, intruders can possibly gain control of the
host, or there may be potential leakage of highly sensitive information. For example,
vulnerabilities at this level may include full read access to files, potential
backdoors, or a listing of all the users on the host.

5 Urgent If this vulnerability exists on your system, intruders can easily gain control of the
host, which can lead to the compromise of your entire network security. For example,
vulnerabilities at this level may include full read and write access to files, remote
execution of commands, and the presence of backdoors.

Information Gathered
Information Gathered includes visible information about the network related to the host, such as traceroute information, Internet Service Provider (ISP), or a
list of reachable hosts. Information Gathered severity levels also include Network Mapping data, such as detected firewalls, SMTP banners, or a list of open
TCP services.

Severity Level Description

1 Minimal Intruders may be able to retrieve sensitive information related to the host, such as
open UDP and TCP services lists, and detection of firewalls.

2 Medium Intruders may be able to determine the operating system running on the host, and view banner versions.

3 Serious Intruders may be able to detect highly sensitive data, such as global system user lists.

CONFIDENTIAL AND PROPRIETARY INFORMATION.

Qualys provides the QualysGuard Service "As Is," without any warranty of any kind. Qualys makes no warranty that the information contained in this report is
complete or error-free. Copyright 2022, Qualys, Inc.

Scan Results page 10