From 34bb70895a18ab0a0dc6739bc04d18aa3672b649 Mon Sep 17 00:00:00 2001
From: Alex Verbniak
Date: Thu, 17 Jun 2021 15:09:20 +0300
Subject: [PATCH 1/7] InsightVMCloud: data_connector,parsers,datasamples
---
.../NexposeInsightVMCloud_assets_CL | 121 ++
.../NexposeInsightVMCloud_vulnerabilities_CL | 197 +++
.../NexposeInsightVMCloud_assets_CL.json | 1513 +++++++++++++++++
...poseInsightVMCloud_vulnerabilities_CL.json | 887 ++++++++++
.../InsightVMCloudAPISentinelConn.zip | Bin 0 -> 7049970 bytes
.../__init__.py | 202 +++
.../function.json | 11 +
.../state_manager.py | 22 +
.../InsightVMCloud_API_FunctionApp.json | 143 ++
...ector_InsightVMCloudAPI_AzureFunction.json | 211 +++
.../Rapid7InsightVM/Data Connectors/host.json | 15 +
.../Data Connectors/proxies.json | 4 +
.../Data Connectors/requirements.txt | 7 +
.../Rapid7InsightVM/Parsers/InsightVMAssets | 43 +
.../Parsers/InsightVMVulnerabilities | 62 +
15 files changed, 3438 insertions(+)
create mode 100644 .script/tests/KqlvalidationsTests/CustomTables/NexposeInsightVMCloud_assets_CL
create mode 100644 .script/tests/KqlvalidationsTests/CustomTables/NexposeInsightVMCloud_vulnerabilities_CL
create mode 100644 Sample Data/Custom/NexposeInsightVMCloud_assets_CL.json
create mode 100644 Sample Data/Custom/NexposeInsightVMCloud_vulnerabilities_CL.json
create mode 100644 Solutions/Rapid7InsightVM/Data Connectors/InsightVMCloudAPISentinelConn.zip
create mode 100644 Solutions/Rapid7InsightVM/Data Connectors/InsightVMCloudAPISentinelConnector/__init__.py
create mode 100644 Solutions/Rapid7InsightVM/Data Connectors/InsightVMCloudAPISentinelConnector/function.json
create mode 100644 Solutions/Rapid7InsightVM/Data Connectors/InsightVMCloudAPISentinelConnector/state_manager.py
create mode 100644 Solutions/Rapid7InsightVM/Data Connectors/InsightVMCloud_API_FunctionApp.json
create mode 100644 Solutions/Rapid7InsightVM/Data Connectors/azuredeploy_Connector_InsightVMCloudAPI_AzureFunction.json
create mode 100644 Solutions/Rapid7InsightVM/Data Connectors/host.json
create mode 100644 Solutions/Rapid7InsightVM/Data Connectors/proxies.json
create mode 100644 Solutions/Rapid7InsightVM/Data Connectors/requirements.txt
create mode 100644 Solutions/Rapid7InsightVM/Parsers/InsightVMAssets
create mode 100644 Solutions/Rapid7InsightVM/Parsers/InsightVMVulnerabilities
diff --git a/.script/tests/KqlvalidationsTests/CustomTables/NexposeInsightVMCloud_assets_CL b/.script/tests/KqlvalidationsTests/CustomTables/NexposeInsightVMCloud_assets_CL
new file mode 100644
index 0000000000..c3563b7878
--- /dev/null
+++ b/.script/tests/KqlvalidationsTests/CustomTables/NexposeInsightVMCloud_assets_CL
@@ -0,0 +1,121 @@
+{
+ "Name":"NexposeInsightVMCloud_assets_CL",
+ "Properties":[
+ {
+ "Name":"EventVendor",
+ "Type":"String"
+ },
+ {
+ "Name":"EventProduct",
+ "Type":"String"
+ },
+ {
+ "Name":"assessed_for_policies_b",
+ "Type":"Bool"
+ },
+ {
+ "Name":"assessed_for_vulnerabilities_b",
+ "Type":"Bool"
+ },
+ {
+ "Name":"credential_assessments_s",
+ "Type":"String"
+ },
+ {
+ "Name":"critical_vulnerabilities_d",
+ "Type":"Double"
+ },
+ {
+ "Name":"exploits_d",
+ "Type":"Double"
+ },
+ {
+ "Name":"host_name_s",
+ "Type":"String"
+ },
+ {
+ "Name":"id_s",
+ "Type":"String"
+ },
+ {
+ "Name":"ip_s",
+ "Type":"String"
+ },
+ {
+ "Name":"last_assessed_for_vulnerabilities_t",
+ "Type":"DateTime"
+ },
+ {
+ "Name":"last_scan_end_t",
+ "Type":"DateTime"
+ },
+ {
+ "Name":"last_scan_start_t",
+ "Type":"DateTime"
+ },
+ {
+ "Name":"malware_kits_d",
+ "Type":"Double"
+ },
+ {
+ "Name":"moderate_vulnerabilities_d",
+ "Type":"Double"
+ },
+ {
+ "Name":"os_architecture_s",
+ "Type":"String"
+ },
+ {
+ "Name":"os_description_s",
+ "Type":"String"
+ },
+ {
+ "Name":"os_family_s",
+ "Type":"String"
+ },
+ {
+ "Name":"os_name_s",
+ "Type":"String"
+ },
+ {
+ "Name":"os_system_name_s",
+ "Type":"String"
+ },
+ {
+ "Name":"os_type_s",
+ "Type":"String"
+ },
+ {
+ "Name":"os_vendor_s",
+ "Type":"String"
+ },
+ {
+ "Name":"os_version_s",
+ "Type":"String"
+ },
+ {
+ "Name":"risk_score_d",
+ "Type":"Double"
+ },
+ {
+ "Name":"severe_vulnerabilities_d",
+ "Type":"Double"
+ },
+ {
+ "Name":"total_vulnerabilities_d",
+ "Type":"Double"
+ },
+ {
+ "Name":"unique_identifiers_s",
+ "Type":"String"
+ },
+ {
+ "Name":"same_s",
+ "Type":"String"
+ },
+ {
+ "Name":"mac_s",
+ "Type":"String"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/.script/tests/KqlvalidationsTests/CustomTables/NexposeInsightVMCloud_vulnerabilities_CL b/.script/tests/KqlvalidationsTests/CustomTables/NexposeInsightVMCloud_vulnerabilities_CL
new file mode 100644
index 0000000000..bddb44acd3
--- /dev/null
+++ b/.script/tests/KqlvalidationsTests/CustomTables/NexposeInsightVMCloud_vulnerabilities_CL
@@ -0,0 +1,197 @@
+{
+ "Name":"NexposeInsightVMCloud_vulnerabilities_CL",
+ "Properties":[
+ {
+ "Name":"EventVendor",
+ "Type":"String"
+ },
+ {
+ "Name":"EventProduct",
+ "Type":"String"
+ },
+ {
+ "Name":"asset_id_s",
+ "Type":"String"
+ },
+ {
+ "Name":"host_name_s",
+ "Type":"String"
+ },
+ {
+ "Name":"ip_s",
+ "Type":"String"
+ },
+ {
+ "Name":"vuln_details_added_t",
+ "Type":"DateTime"
+ },
+ {
+ "Name":"vuln_details_categories_s",
+ "Type":"String"
+ },
+ {
+ "Name":"vuln_details_cves_s",
+ "Type":"String"
+ },
+ {
+ "Name":"vuln_details_cvss_v2_access_complexity_s",
+ "Type":"String"
+ },
+ {
+ "Name":"vuln_details_cvss_v2_access_vector_s",
+ "Type":"String"
+ },
+ {
+ "Name":"vuln_details_cvss_v2_authentication_s",
+ "Type":"String"
+ },
+ {
+ "Name":"vuln_details_cvss_v2_availability_impact_s",
+ "Type":"String"
+ },
+ {
+ "Name":"vuln_details_cvss_v2_confidentiality_impact_s",
+ "Type":"String"
+ },
+ {
+ "Name":"vuln_details_cvss_v2_exploit_score_d",
+ "Type":"Double"
+ },
+ {
+ "Name":"vuln_details_cvss_v2_impact_score_d",
+ "Type":"Double"
+ },
+ {
+ "Name":"vuln_details_cvss_v2_integrity_impact_s",
+ "Type":"String"
+ },
+ {
+ "Name":"vuln_details_cvss_v2_score_d",
+ "Type":"Double"
+ },
+ {
+ "Name":"vuln_details_cvss_v2_vector_s",
+ "Type":"String"
+ },
+ {
+ "Name":"vuln_details_cvss_v3_attack_complexity_s",
+ "Type":"String"
+ },
+ {
+ "Name":"vuln_details_cvss_v3_attack_vector_s",
+ "Type":"String"
+ },
+ {
+ "Name":"vuln_details_cvss_v3_availability_impact_s",
+ "Type":"String"
+ },
+ {
+ "Name":"vuln_details_cvss_v3_confidentiality_impact_s",
+ "Type":"String"
+ },
+ {
+ "Name":"vuln_details_cvss_v3_exploit_score_d",
+ "Type":"Double"
+ },
+ {
+ "Name":"vuln_details_cvss_v3_impact_score_d",
+ "Type":"Double"
+ },
+ {
+ "Name":"vuln_details_cvss_v3_integrity_impact_s",
+ "Type":"String"
+ },
+ {
+ "Name":"vuln_details_cvss_v3_privileges_required_s",
+ "Type":"String"
+ },
+ {
+ "Name":"vuln_details_cvss_v3_scope_s",
+ "Type":"String"
+ },
+ {
+ "Name":"vuln_details_cvss_v3_score_d",
+ "Type":"Double"
+ },
+ {
+ "Name":"vuln_details_cvss_v3_user_interaction_s",
+ "Type":"String"
+ },
+ {
+ "Name":"vuln_details_cvss_v3_vector_s",
+ "Type":"String"
+ },
+ {
+ "Name":"vuln_details_denial_of_service_b",
+ "Type":"Bool"
+ },
+ {
+ "Name":"vuln_details_description_s",
+ "Type":"String"
+ },
+ {
+ "Name":"vuln_details_exploits_s",
+ "Type":"String"
+ },
+ {
+ "Name":"vuln_details_id_s",
+ "Type":"String"
+ },
+ {
+ "Name":"vuln_details_links_s",
+ "Type":"String"
+ },
+ {
+ "Name":"vuln_details_malware_kits_s",
+ "Type":"String"
+ },
+ {
+ "Name":"vuln_details_modified_t",
+ "Type":"DateTime"
+ },
+ {
+ "Name":"vuln_details_pci_cvss_score_d",
+ "Type":"Double"
+ },
+ {
+ "Name":"vuln_details_pci_fail_b",
+ "Type":"Bool"
+ },
+ {
+ "Name":"vuln_details_pci_severity_score_d",
+ "Type":"Double"
+ },
+ {
+ "Name":"vuln_details_pci_special_notes_s",
+ "Type":"String"
+ },
+ {
+ "Name":"vuln_details_pci_status_s",
+ "Type":"String"
+ },
+ {
+ "Name":"vuln_details_published_t",
+ "Type":"DateTime"
+ },
+ {
+ "Name":"vuln_details_references_s",
+ "Type":"String"
+ },
+ {
+ "Name":"vuln_details_risk_score_d",
+ "Type":"Double"
+ },
+ {
+ "Name":"vuln_details_severity_s",
+ "Type":"String"
+ },
+ {
+ "Name":"vuln_details_severity_score_d",
+ "Type":"Double"
+ },
+ {
+ "Name":"vuln_details_title_s",
+ "Type":"String"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/Sample Data/Custom/NexposeInsightVMCloud_assets_CL.json b/Sample Data/Custom/NexposeInsightVMCloud_assets_CL.json
new file mode 100644
index 0000000000..70025f2078
--- /dev/null
+++ b/Sample Data/Custom/NexposeInsightVMCloud_assets_CL.json
@@ -0,0 +1,1513 @@
+[
+ {
+ "assessed_for_policies":false,
+ "assessed_for_vulnerabilities":true,
+ "credential_assessments":[
+ {
+ "port":161,
+ "protocol":"UDP",
+ "status":"NO_CREDS_SUPPLIED"
+ },
+ {
+ "port":22,
+ "protocol":"TCP",
+ "status":"NO_CREDS_SUPPLIED"
+ }
+ ],
+ "critical_vulnerabilities":0,
+ "exploits":0,
+ "host_name":"srv-elk-056.company.com",
+ "id":"1b09c714-daaa-4d5e-88af-730e1167c6fc-default-asset-45",
+ "ip":"101.111.152.56",
+ "last_assessed_for_vulnerabilities":"2021-06-10T11:43:56.447Z",
+ "last_scan_end":"2021-06-10T11:43:56.447Z",
+ "last_scan_start":"2021-06-10T11:36:42.804Z",
+ "malware_kits":0,
+ "moderate_vulnerabilities":4,
+ "os_architecture":"",
+ "os_description":"Linux 3.10",
+ "os_family":"Linux",
+ "os_name":"Linux",
+ "os_system_name":"Linux",
+ "os_type":"General",
+ "os_vendor":"Linux",
+ "os_version":"3.10",
+ "risk_score":1625.71630859375,
+ "severe_vulnerabilities":3,
+ "tags":[
+ {
+ "name":"soc prime site",
+ "type":"SITE"
+ }
+ ],
+ "total_vulnerabilities":7,
+ "unique_identifiers":[
+
+ ],
+ "new":[
+
+ ],
+ "remediated":[
+
+ ],
+ "same":[
+ {
+ "check_id":null,
+ "first_found":"2021-06-02T07:23:09Z",
+ "key":"",
+ "last_found":"2021-06-10T11:43:56.447Z",
+ "port":null,
+ "proof":"Able to determine remote system time.
",
+ "protocol":null,
+ "solution_fix":"Linux offers neither a sysctl nor a /proc/sys/net/ipv4 interface\n to disable ICMP timestamp responses. Therefore, you should block\n ICMP on the affected host using iptables, and/or block it at the\n firewall. For example:
ipchains -A input -p icmp --icmp-type timestamp-request -j DROP
ipchains -A output -p icmp --icmp-type timestamp-reply -j DROP
The easiest and most effective solution is to configure your\n firewall to block incoming and outgoing ICMP packets with ICMP\n types 13 (timestamp request) and 14 (timestamp response).
",
+ "solution_id":"generic-icmp-timestamp-disable-linux",
+ "solution_summary":"Disable ICMP timestamp responses on Linux",
+ "solution_type":"workaround",
+ "status":"VULNERABLE_EXPL",
+ "vulnerability_id":"generic-icmp-timestamp"
+ },
+ {
+ "check_id":null,
+ "first_found":"2021-06-02T07:23:09Z",
+ "key":"",
+ "last_found":"2021-06-10T11:43:56.447Z",
+ "port":null,
+ "proof":"Able to determine system boot time.
",
+ "protocol":null,
+ "solution_fix":"\n Set the value of net.ipv4.tcp_timestamps to 0 by running the \n following command:\n
\n sysctl -w net.ipv4.tcp_timestamps=0\n
\n Additionally, put the following value in the default sysctl\n configuration file, generally sysctl.conf:\n
\n net.ipv4.tcp_timestamps=0\n
",
+ "solution_id":"generic-tcp-timestamp-disable-linux",
+ "solution_summary":"Disable TCP timestamp responses on Linux",
+ "solution_type":"workaround",
+ "status":"VULNERABLE_EXPL",
+ "vulnerability_id":"generic-tcp-timestamp"
+ },
+ {
+ "check_id":null,
+ "first_found":"2021-06-02T07:23:09Z",
+ "key":"",
+ "last_found":"2021-06-10T11:43:56.447Z",
+ "port":22,
+ "proof":"- Running SSH service
- Insecure 3DES ciphers in use: 3des-cbc
",
+ "protocol":"TCP",
+ "solution_fix":"Remove all 3DES ciphers from the cipher list specified in sshd_config.
",
+ "solution_id":"ssh-disable-3des-ciphers",
+ "solution_summary":"Disable SSH support for 3DES cipher suite",
+ "solution_type":"workaround",
+ "status":"VULNERABLE_VERS",
+ "vulnerability_id":"ssh-3des-ciphers"
+ },
+ {
+ "check_id":null,
+ "first_found":"2021-06-02T07:23:09Z",
+ "key":"",
+ "last_found":"2021-06-10T11:43:56.447Z",
+ "port":22,
+ "proof":"- Running SSH service
- Insecure CBC ciphers in use: aes128-cbc,aes192-cbc,aes256-cbc,blowfish-cbc,cast128-cbc,3des-cbc
",
+ "protocol":"TCP",
+ "solution_fix":"SSH can be done using Counter (CTR) mode encryption. This mode generates the keystream by encrypting successive values of a "counter" function. In order to mitigate this vulnerabilty SSH can be setup to use CTR mode rather CBC mode.
",
+ "solution_id":"ssh-disable-cbc-ciphers",
+ "solution_summary":"Disable SSH support for CBC cipher suite",
+ "solution_type":"workaround",
+ "status":"VULNERABLE_VERS",
+ "vulnerability_id":"ssh-cbc-ciphers"
+ },
+ {
+ "check_id":null,
+ "first_found":"2021-06-02T07:23:09Z",
+ "key":"",
+ "last_found":"2021-06-10T11:43:56.447Z",
+ "port":22,
+ "proof":"- Running SSH service
- Insecure key exchange in use: diffie-hellman-group1-sha1
",
+ "protocol":"TCP",
+ "solution_fix":"Remove ssh-diffie-hellman-group1-sha1 from the KexAlgorithms list specified in sshd_config.
",
+ "solution_id":"ssh-diffie-hellman-group1-sha1",
+ "solution_summary":"Disable SSH support for ssh-diffie-hellman-group1-sha1",
+ "solution_type":"workaround",
+ "status":"VULNERABLE_VERS",
+ "vulnerability_id":"ssh-cve-2015-4000"
+ },
+ {
+ "check_id":null,
+ "first_found":"2021-06-02T07:23:09Z",
+ "key":"",
+ "last_found":"2021-06-10T11:43:56.447Z",
+ "port":22,
+ "proof":"- Running SSH service
- Insecure 3DES ciphers in use: 3des-cbc
",
+ "protocol":"TCP",
+ "solution_fix":"Remove all 3DES ciphers from the cipher list specified in sshd_config.
",
+ "solution_id":"ssh-disable-3des-ciphers",
+ "solution_summary":"Disable SSH support for 3DES cipher suite",
+ "solution_type":"workaround",
+ "status":"VULNERABLE_VERS",
+ "vulnerability_id":"ssh-cve-2016-2183-sweet32"
+ },
+ {
+ "check_id":null,
+ "first_found":"2021-06-02T07:23:09Z",
+ "key":"",
+ "last_found":"2021-06-10T11:43:56.447Z",
+ "port":22,
+ "proof":"- Running SSH service
- Insecure key exchange algorithms in use: diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
",
+ "protocol":"TCP",
+ "solution_fix":null,
+ "solution_id":"ssh-disable-weak-kex-algorithms",
+ "solution_summary":"Disable weak Key Exchange Algorithms",
+ "solution_type":"workaround",
+ "status":"VULNERABLE_VERS",
+ "vulnerability_id":"ssh-weak-kex-algorithms"
+ }
+ ]
+ },
+ {
+ "assessed_for_policies":false,
+ "assessed_for_vulnerabilities":true,
+ "credential_assessments":[
+ {
+ "port":161,
+ "protocol":"UDP",
+ "status":"NO_CREDS_SUPPLIED"
+ },
+ {
+ "port":22,
+ "protocol":"TCP",
+ "status":"NO_CREDS_SUPPLIED"
+ }
+ ],
+ "critical_vulnerabilities":0,
+ "exploits":3,
+ "host_name":"srv-log-000.company.com",
+ "id":"1b09c714-daaa-4d5e-88af-730e1167c6fc-default-asset-66",
+ "ip":"101.111.152.10",
+ "last_assessed_for_vulnerabilities":"2021-06-10T11:56:30.146Z",
+ "last_scan_end":"2021-06-10T11:56:30.146Z",
+ "last_scan_start":"2021-06-10T11:36:42.393Z",
+ "malware_kits":0,
+ "moderate_vulnerabilities":4,
+ "os_architecture":"",
+ "os_description":"Linux 3.2",
+ "os_family":"Linux",
+ "os_name":"Linux",
+ "os_system_name":"Linux",
+ "os_type":"General",
+ "os_vendor":"Linux",
+ "os_version":"3.2",
+ "risk_score":1796.34619140625,
+ "severe_vulnerabilities":4,
+ "tags":[
+ {
+ "name":"soc prime site",
+ "type":"SITE"
+ }
+ ],
+ "total_vulnerabilities":8,
+ "unique_identifiers":[
+
+ ],
+ "new":[
+
+ ],
+ "remediated":[
+
+ ],
+ "same":[
+ {
+ "check_id":null,
+ "first_found":"2021-06-02T07:35:42Z",
+ "key":"",
+ "last_found":"2021-06-10T11:56:30.146Z",
+ "port":null,
+ "proof":"Able to determine remote system time.
",
+ "protocol":null,
+ "solution_fix":"Linux offers neither a sysctl nor a /proc/sys/net/ipv4 interface\n to disable ICMP timestamp responses. Therefore, you should block\n ICMP on the affected host using iptables, and/or block it at the\n firewall. For example:
ipchains -A input -p icmp --icmp-type timestamp-request -j DROP
ipchains -A output -p icmp --icmp-type timestamp-reply -j DROP
The easiest and most effective solution is to configure your\n firewall to block incoming and outgoing ICMP packets with ICMP\n types 13 (timestamp request) and 14 (timestamp response).
",
+ "solution_id":"generic-icmp-timestamp-disable-linux",
+ "solution_summary":"Disable ICMP timestamp responses on Linux",
+ "solution_type":"workaround",
+ "status":"VULNERABLE_EXPL",
+ "vulnerability_id":"generic-icmp-timestamp"
+ },
+ {
+ "check_id":null,
+ "first_found":"2021-06-10T11:56:30Z",
+ "key":"",
+ "last_found":"2021-06-10T11:56:30.146Z",
+ "port":null,
+ "proof":"Able to determine system boot time.
",
+ "protocol":null,
+ "solution_fix":"\n Set the value of net.ipv4.tcp_timestamps to 0 by running the \n following command:\n
\n sysctl -w net.ipv4.tcp_timestamps=0\n
\n Additionally, put the following value in the default sysctl\n configuration file, generally sysctl.conf:\n
\n net.ipv4.tcp_timestamps=0\n
",
+ "solution_id":"generic-tcp-timestamp-disable-linux",
+ "solution_summary":"Disable TCP timestamp responses on Linux",
+ "solution_type":"workaround",
+ "status":"VULNERABLE_EXPL",
+ "vulnerability_id":"generic-tcp-timestamp"
+ },
+ {
+ "check_id":null,
+ "first_found":"2021-06-02T07:35:42Z",
+ "key":"",
+ "last_found":"2021-06-10T11:56:30.146Z",
+ "port":11211,
+ "proof":"memcached service accessible over UDP
",
+ "protocol":"UDP",
+ "solution_fix":"\n Any of the following actions may be used to secure memcached installations and prevent them from being used in DDoS attacks.\n
- Configure a firewall to ensure that memcached can only be accessed from trusted hosts that require the service. Disallow any access to the service from the public Internet. The default port for memcached is 11211 (on both TCP and UDP).
- Disable UDP if it is not required. This can be done by starting memcached with the
-U 0
option. Make this the default behaviour by editing the memcached configuration file (often located at /etc/sysconfig/memcached or /etc/memcached.conf) to have the line\n OPTIONS="-U 0"
- Restrict memcached to localhost if it does not need to be accessed from other servers. This can be done by specifying the option
-l 127.0.0.1
Please see the memcached server configuration guide for further information.
",
+ "solution_id":"memcached-restrict-udp",
+ "solution_summary":"Disable or restrict access to memcached over UDP",
+ "solution_type":"workaround",
+ "status":"VULNERABLE_EXPL",
+ "vulnerability_id":"memcached-cve-2018-1000115"
+ },
+ {
+ "check_id":null,
+ "first_found":"2021-06-02T07:35:42Z",
+ "key":"",
+ "last_found":"2021-06-10T11:56:30.146Z",
+ "port":22,
+ "proof":"- Running SSH service
- Insecure 3DES ciphers in use: 3des-cbc
",
+ "protocol":"TCP",
+ "solution_fix":"Remove all 3DES ciphers from the cipher list specified in sshd_config.
",
+ "solution_id":"ssh-disable-3des-ciphers",
+ "solution_summary":"Disable SSH support for 3DES cipher suite",
+ "solution_type":"workaround",
+ "status":"VULNERABLE_VERS",
+ "vulnerability_id":"ssh-3des-ciphers"
+ },
+ {
+ "check_id":null,
+ "first_found":"2021-06-02T07:35:42Z",
+ "key":"",
+ "last_found":"2021-06-10T11:56:30.146Z",
+ "port":22,
+ "proof":"- Running SSH service
- Insecure CBC ciphers in use: aes128-cbc,aes192-cbc,aes256-cbc,blowfish-cbc,cast128-cbc,3des-cbc
",
+ "protocol":"TCP",
+ "solution_fix":"SSH can be done using Counter (CTR) mode encryption. This mode generates the keystream by encrypting successive values of a "counter" function. In order to mitigate this vulnerabilty SSH can be setup to use CTR mode rather CBC mode.
",
+ "solution_id":"ssh-disable-cbc-ciphers",
+ "solution_summary":"Disable SSH support for CBC cipher suite",
+ "solution_type":"workaround",
+ "status":"VULNERABLE_VERS",
+ "vulnerability_id":"ssh-cbc-ciphers"
+ },
+ {
+ "check_id":null,
+ "first_found":"2021-06-02T07:35:42Z",
+ "key":"",
+ "last_found":"2021-06-10T11:56:30.146Z",
+ "port":22,
+ "proof":"- Running SSH service
- Insecure key exchange in use: diffie-hellman-group1-sha1
",
+ "protocol":"TCP",
+ "solution_fix":"Remove ssh-diffie-hellman-group1-sha1 from the KexAlgorithms list specified in sshd_config.
",
+ "solution_id":"ssh-diffie-hellman-group1-sha1",
+ "solution_summary":"Disable SSH support for ssh-diffie-hellman-group1-sha1",
+ "solution_type":"workaround",
+ "status":"VULNERABLE_VERS",
+ "vulnerability_id":"ssh-cve-2015-4000"
+ },
+ {
+ "check_id":null,
+ "first_found":"2021-06-02T07:35:42Z",
+ "key":"",
+ "last_found":"2021-06-10T11:56:30.146Z",
+ "port":22,
+ "proof":"- Running SSH service
- Insecure 3DES ciphers in use: 3des-cbc
",
+ "protocol":"TCP",
+ "solution_fix":"Remove all 3DES ciphers from the cipher list specified in sshd_config.
",
+ "solution_id":"ssh-disable-3des-ciphers",
+ "solution_summary":"Disable SSH support for 3DES cipher suite",
+ "solution_type":"workaround",
+ "status":"VULNERABLE_VERS",
+ "vulnerability_id":"ssh-cve-2016-2183-sweet32"
+ },
+ {
+ "check_id":null,
+ "first_found":"2021-06-02T07:35:42Z",
+ "key":"",
+ "last_found":"2021-06-10T11:56:30.146Z",
+ "port":22,
+ "proof":"- Running SSH service
- Insecure key exchange algorithms in use: diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
",
+ "protocol":"TCP",
+ "solution_fix":null,
+ "solution_id":"ssh-disable-weak-kex-algorithms",
+ "solution_summary":"Disable weak Key Exchange Algorithms",
+ "solution_type":"workaround",
+ "status":"VULNERABLE_VERS",
+ "vulnerability_id":"ssh-weak-kex-algorithms"
+ }
+ ]
+ },
+ {
+ "assessed_for_policies":false,
+ "assessed_for_vulnerabilities":true,
+ "credential_assessments":[
+ {
+ "port":22,
+ "protocol":"TCP",
+ "status":"NO_CREDS_SUPPLIED"
+ }
+ ],
+ "critical_vulnerabilities":0,
+ "exploits":0,
+ "host_name":"srv-arclog-001.company.com",
+ "id":"1b09c714-daaa-4d5e-88af-730e1167c6fc-default-asset-24",
+ "ip":"101.111.152.11",
+ "last_assessed_for_vulnerabilities":"2021-06-10T11:41:58.401Z",
+ "last_scan_end":"2021-06-10T11:41:58.401Z",
+ "last_scan_start":"2021-06-10T11:36:42.366Z",
+ "malware_kits":0,
+ "moderate_vulnerabilities":8,
+ "os_architecture":"",
+ "os_description":"Linux 2.6.32",
+ "os_family":"Linux",
+ "os_name":"Linux",
+ "os_system_name":"Linux",
+ "os_type":"General",
+ "os_vendor":"Linux",
+ "os_version":"2.6.32",
+ "risk_score":6332.65380859375,
+ "severe_vulnerabilities":9,
+ "tags":[
+ {
+ "name":"soc prime site",
+ "type":"SITE"
+ }
+ ],
+ "total_vulnerabilities":17,
+ "unique_identifiers":[
+
+ ],
+ "new":[
+
+ ],
+ "remediated":[
+
+ ],
+ "same":[
+ {
+ "check_id":null,
+ "first_found":"2021-06-02T07:21:04Z",
+ "key":"",
+ "last_found":"2021-06-10T11:41:58.401Z",
+ "port":443,
+ "proof":"The subject common name found in the X.509 certificate does not seem to match the scan target:
- Subject CN logger.office.xsystems.com.ua does not match target name specified in the site.
- Subject CN logger.office.xsystems.com.ua does not match DNS name specified in the site.
- Subject CN logger.office.xsystems.com.ua could not be resolved to an IP address via DNS lookup
",
+ "protocol":"TCP",
+ "solution_fix":"\n The subject's common name (CN) field in the X.509 certificate should be fixed\nto reflect the name of the entity presenting the certificate (e.g., the\nhostname). This is done by generating a new certificate usually signed by a\nCertification Authority (CA) trusted by both the client and server.\n
",
+ "solution_id":"certificate-common-name-mismatch",
+ "solution_summary":"Fix the subject's Common Name (CN) field in the certificate",
+ "solution_type":"workaround",
+ "status":"VULNERABLE_EXPL",
+ "vulnerability_id":"certificate-common-name-mismatch"
+ },
+ {
+ "check_id":null,
+ "first_found":"2021-06-02T07:21:04Z",
+ "key":"",
+ "last_found":"2021-06-10T11:41:58.401Z",
+ "port":null,
+ "proof":"Able to determine remote system time.
",
+ "protocol":null,
+ "solution_fix":"Linux offers neither a sysctl nor a /proc/sys/net/ipv4 interface\n to disable ICMP timestamp responses. Therefore, you should block\n ICMP on the affected host using iptables, and/or block it at the\n firewall. For example:
ipchains -A input -p icmp --icmp-type timestamp-request -j DROP
ipchains -A output -p icmp --icmp-type timestamp-reply -j DROP
The easiest and most effective solution is to configure your\n firewall to block incoming and outgoing ICMP packets with ICMP\n types 13 (timestamp request) and 14 (timestamp response).
",
+ "solution_id":"generic-icmp-timestamp-disable-linux",
+ "solution_summary":"Disable ICMP timestamp responses on Linux",
+ "solution_type":"workaround",
+ "status":"VULNERABLE_EXPL",
+ "vulnerability_id":"generic-icmp-timestamp"
+ },
+ {
+ "check_id":null,
+ "first_found":"2021-06-02T07:21:04Z",
+ "key":"",
+ "last_found":"2021-06-10T11:41:58.401Z",
+ "port":null,
+ "proof":"Able to determine system boot time.
",
+ "protocol":null,
+ "solution_fix":"\n Set the value of net.ipv4.tcp_timestamps to 0 by running the \n following command:\n
\n sysctl -w net.ipv4.tcp_timestamps=0\n
\n Additionally, put the following value in the default sysctl\n configuration file, generally sysctl.conf:\n
\n net.ipv4.tcp_timestamps=0\n
",
+ "solution_id":"generic-tcp-timestamp-disable-linux",
+ "solution_summary":"Disable TCP timestamp responses on Linux",
+ "solution_type":"workaround",
+ "status":"VULNERABLE_EXPL",
+ "vulnerability_id":"generic-tcp-timestamp"
+ },
+ {
+ "check_id":null,
+ "first_found":"2021-06-02T07:21:04Z",
+ "key":"",
+ "last_found":"2021-06-10T11:41:58.401Z",
+ "port":22,
+ "proof":"- Running SSH service
- Insecure 3DES ciphers in use: 3des-cbc
",
+ "protocol":"TCP",
+ "solution_fix":"Remove all 3DES ciphers from the cipher list specified in sshd_config.
",
+ "solution_id":"ssh-disable-3des-ciphers",
+ "solution_summary":"Disable SSH support for 3DES cipher suite",
+ "solution_type":"workaround",
+ "status":"VULNERABLE_VERS",
+ "vulnerability_id":"ssh-3des-ciphers"
+ },
+ {
+ "check_id":null,
+ "first_found":"2021-06-02T07:21:04Z",
+ "key":"",
+ "last_found":"2021-06-10T11:41:58.401Z",
+ "port":22,
+ "proof":"- Running SSH service
- Insecure CBC ciphers in use: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc
",
+ "protocol":"TCP",
+ "solution_fix":"SSH can be done using Counter (CTR) mode encryption. This mode generates the keystream by encrypting successive values of a "counter" function. In order to mitigate this vulnerabilty SSH can be setup to use CTR mode rather CBC mode.
",
+ "solution_id":"ssh-disable-cbc-ciphers",
+ "solution_summary":"Disable SSH support for CBC cipher suite",
+ "solution_type":"workaround",
+ "status":"VULNERABLE_VERS",
+ "vulnerability_id":"ssh-cbc-ciphers"
+ },
+ {
+ "check_id":null,
+ "first_found":"2021-06-02T07:21:04Z",
+ "key":"",
+ "last_found":"2021-06-10T11:41:58.401Z",
+ "port":22,
+ "proof":"- Running SSH service
- Insecure key exchange in use: diffie-hellman-group1-sha1
",
+ "protocol":"TCP",
+ "solution_fix":"Remove ssh-diffie-hellman-group1-sha1 from the KexAlgorithms list specified in sshd_config.
",
+ "solution_id":"ssh-diffie-hellman-group1-sha1",
+ "solution_summary":"Disable SSH support for ssh-diffie-hellman-group1-sha1",
+ "solution_type":"workaround",
+ "status":"VULNERABLE_VERS",
+ "vulnerability_id":"ssh-cve-2015-4000"
+ },
+ {
+ "check_id":null,
+ "first_found":"2021-06-02T07:21:04Z",
+ "key":"",
+ "last_found":"2021-06-10T11:41:58.401Z",
+ "port":22,
+ "proof":"- Running SSH service
- Insecure 3DES ciphers in use: 3des-cbc
",
+ "protocol":"TCP",
+ "solution_fix":"Remove all 3DES ciphers from the cipher list specified in sshd_config.
",
+ "solution_id":"ssh-disable-3des-ciphers",
+ "solution_summary":"Disable SSH support for 3DES cipher suite",
+ "solution_type":"workaround",
+ "status":"VULNERABLE_VERS",
+ "vulnerability_id":"ssh-cve-2016-2183-sweet32"
+ },
+ {
+ "check_id":null,
+ "first_found":"2021-06-02T07:21:04Z",
+ "key":"",
+ "last_found":"2021-06-10T11:41:58.401Z",
+ "port":22,
+ "proof":"- Running SSH service
- Insecure arcfour (RC4) ciphers in use: arcfour256,arcfour128,arcfour
",
+ "protocol":"TCP",
+ "solution_fix":"Remove arcfour, arcfour128, and arcfour256 from the Ciphers list specified in sshd_config.
",
+ "solution_id":"ssh-disable-rc4-ciphers",
+ "solution_summary":"Disable SSH support for RC4 ciphers",
+ "solution_type":"workaround",
+ "status":"VULNERABLE_VERS",
+ "vulnerability_id":"ssh-rc4-ciphers"
+ },
+ {
+ "check_id":null,
+ "first_found":"2021-06-02T07:21:04Z",
+ "key":"",
+ "last_found":"2021-06-10T11:41:58.401Z",
+ "port":22,
+ "proof":"- Running SSH service
- Insecure key exchange algorithms in use: diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
",
+ "protocol":"TCP",
+ "solution_fix":null,
+ "solution_id":"ssh-disable-weak-kex-algorithms",
+ "solution_summary":"Disable weak Key Exchange Algorithms",
+ "solution_type":"workaround",
+ "status":"VULNERABLE_VERS",
+ "vulnerability_id":"ssh-weak-kex-algorithms"
+ },
+ {
+ "check_id":null,
+ "first_found":"2021-06-02T07:21:04Z",
+ "key":"",
+ "last_found":"2021-06-10T11:41:58.401Z",
+ "port":22,
+ "proof":"- Running SSH service
- Insecure MAC algorithms in use: hmac-md5,hmac-sha1-96,hmac-md5-96
",
+ "protocol":"TCP",
+ "solution_fix":"Consult the product documentation for instructions to disable any insecure MD5 or 96-bit HMAC algorithms within the SSH configuration.
",
+ "solution_id":"ssh-weak-message-authentication-code-algorithms",
+ "solution_summary":"Disable any MD5 or 96-bit HMAC algorithms within the SSH configuration",
+ "solution_type":"workaround",
+ "status":"VULNERABLE_VERS",
+ "vulnerability_id":"ssh-weak-message-authentication-code-algorithms"
+ },
+ {
+ "check_id":null,
+ "first_found":"2021-06-02T07:21:04Z",
+ "key":"",
+ "last_found":"2021-06-10T11:41:58.401Z",
+ "port":443,
+ "proof":"",
+ "protocol":"TCP",
+ "solution_fix":"\n There is no server-side mitigation available against the BEAST attack. The only option is to disable the affected\n protocols (SSLv3 and TLS 1.0). The only fully safe configuration is to use Authenticated Encryption with Associated Data (AEAD),\n e.g. AES-GCM, AES-CCM in TLS 1.2.\n
",
+ "solution_id":"ssl-beast-attack",
+ "solution_summary":"Disable SSLv2, SSLv3, and TLS 1.0. The best solution is to only have TLS 1.2 enabled",
+ "solution_type":"workaround",
+ "status":"VULNERABLE_EXPL",
+ "vulnerability_id":"ssl-cve-2011-3389-beast"
+ },
+ {
+ "check_id":null,
+ "first_found":"2021-06-02T07:21:04Z",
+ "key":"",
+ "last_found":"2021-06-10T11:41:58.401Z",
+ "port":443,
+ "proof":"",
+ "protocol":"TCP",
+ "solution_fix":"Configure the server to disable support for static key cipher suites.
For Microsoft IIS web servers, see Microsoft Knowledgebase article\n 245030 for instructions on disabling static key cipher suites.\n
The following recommended configuration provides a higher level of security. This configuration is compatible with Firefox 27, Chrome 22, IE 11, Opera 14 and Safari 7. SSLv2, SSLv3, and TLSv1 protocols are not recommended in this configuration. Instead, use TLSv1.1 and TLSv1.2 protocols.
Refer to your server vendor documentation to apply the recommended cipher configuration:
ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK
",
+ "solution_id":"ssl-disable-static-key-ciphers",
+ "solution_summary":"Disable TLS/SSL support for static key cipher suites",
+ "solution_type":"workaround",
+ "status":"VULNERABLE_EXPL",
+ "vulnerability_id":"ssl-static-key-ciphers"
+ },
+ {
+ "check_id":null,
+ "first_found":"2021-06-02T07:21:04Z",
+ "key":"",
+ "last_found":"2021-06-10T11:41:58.401Z",
+ "port":443,
+ "proof":"",
+ "protocol":"TCP",
+ "solution_fix":"\n Configure the server to use a randomly generated Diffie-Hellman group. It's recommend that you generate a\n 2048-bit group. The simplest way of generating a new group is to use OpenSSL:\n
\n openssl dhparam -out dhparams.pem 2048\n
\n To use the DH parameters in newer versions of Apache (2.4.8 and newer) and OpenSSL 1.0.2 or later, you can directly specify your DH params file as follows:\n
\n SSLOpenSSLConfCmd DHParameters "{path to dhparams.pem}"\n
\n If you are using Apache with LibreSSL, or Apache 2.4.7 and OpenSSL 0.9.8a or later, you can append the DHparams you generated earlier to the end of your certificate file and reload the configuration.\n
\n For other products see the remediation steps suggested by the original researchers.
",
+ "solution_id":"tls-disable-common-primes",
+ "solution_summary":"Generate random Diffie-Hellman parameters",
+ "solution_type":"workaround",
+ "status":"VULNERABLE_EXPL",
+ "vulnerability_id":"tls-dh-primes"
+ },
+ {
+ "check_id":null,
+ "first_found":"2021-06-02T07:21:04Z",
+ "key":"",
+ "last_found":"2021-06-10T11:41:58.401Z",
+ "port":443,
+ "proof":"TLS/SSL certificate signed by unknown, untrusted CA: EMAILADDRESS=arst-support@hp.com, CN=TemporaryAuthority, OU=Support Team, O=Hewlett-Packard, L=Sunnyvale, ST=California, C=US -- [Path does not chain with any of the trust anchors].
",
+ "protocol":"TCP",
+ "solution_fix":"\n Ensure the common name (CN) reflects the name of the entity \n presenting the certificate (e.g., the hostname).\n If the certificate(s) or any of the chain certificate(s) have \n expired or been revoked, obtain a new certificate from your \n Certificate Authority (CA) by following their documentation. \n If a self-signed certificate is being used, consider obtaining \n a signed certificate from a CA.\n
\n References: \n Mozilla: Connection Untrusted ErrorSSLShopper: SSL Certificate Not Trusted ErrorWindows/IIS certificate chain configApache SSL configNginx SSL configCertificateChain.io
",
+ "solution_id":"tls-untrusted-ca",
+ "solution_summary":"Obtain a new certificate from your CA and ensure the server configuration is correct",
+ "solution_type":"workaround",
+ "status":"VULNERABLE_EXPL",
+ "vulnerability_id":"tls-untrusted-ca"
+ },
+ {
+ "check_id":null,
+ "first_found":"2021-06-02T07:21:04Z",
+ "key":"",
+ "last_found":"2021-06-10T11:41:58.401Z",
+ "port":443,
+ "proof":"Successfully connected over TLSv1.0
",
+ "protocol":"TCP",
+ "solution_fix":"Configure the server to require clients to use TLS version 1.2 using Authenticated Encryption with Associated Data (AEAD) capable ciphers.
",
+ "solution_id":"ssl-disable-insecure-protocols",
+ "solution_summary":"Disable insecure TLS/SSL protocol support",
+ "solution_type":"workaround",
+ "status":"VULNERABLE_EXPL",
+ "vulnerability_id":"tlsv1_0-enabled"
+ },
+ {
+ "check_id":null,
+ "first_found":"2021-06-02T07:21:04Z",
+ "key":"",
+ "last_found":"2021-06-10T11:41:58.401Z",
+ "port":443,
+ "proof":"Successfully connected over TLSv1.1
",
+ "protocol":"TCP",
+ "solution_fix":"Configure the server to require clients to use TLS version 1.2 using Authenticated Encryption with Associated Data (AEAD) capable ciphers.
",
+ "solution_id":"ssl-disable-insecure-protocols",
+ "solution_summary":"Disable insecure TLS/SSL protocol support",
+ "solution_type":"workaround",
+ "status":"VULNERABLE_EXPL",
+ "vulnerability_id":"tlsv1_1-enabled"
+ },
+ {
+ "check_id":null,
+ "first_found":"2021-06-02T07:21:04Z",
+ "key":"",
+ "last_found":"2021-06-10T11:41:58.401Z",
+ "port":null,
+ "proof":"Received UDP packet with IP ID of zero:
",
+ "protocol":null,
+ "solution_fix":"\n Many vendors do not consider this to be a vulnerability,\n or a vulnerability worth fixing, so there are no vendor-provided\n solutions aside from putting a firewall or other filtering device\n between the target and hostile attackers that is capable of\n randomizing IP IDs.\n
",
+ "solution_id":"udp-ipid-zero-solution",
+ "solution_summary":"Perform firewalling or filtering",
+ "solution_type":"workaround",
+ "status":"VULNERABLE_VERS",
+ "vulnerability_id":"udp-ipid-zero"
+ }
+ ]
+ },
+ {
+ "assessed_for_policies":false,
+ "assessed_for_vulnerabilities":true,
+ "credential_assessments":[
+ {
+ "port":161,
+ "protocol":"UDP",
+ "status":"NO_CREDS_SUPPLIED"
+ },
+ {
+ "port":22,
+ "protocol":"TCP",
+ "status":"NO_CREDS_SUPPLIED"
+ }
+ ],
+ "critical_vulnerabilities":0,
+ "exploits":0,
+ "host_name":"srv-elk-053.company.com",
+ "id":"1b09c714-daaa-4d5e-88af-730e1167c6fc-default-asset-30",
+ "ip":"101.111.152.53",
+ "last_assessed_for_vulnerabilities":"2021-06-10T11:44:03.362Z",
+ "last_scan_end":"2021-06-10T11:44:03.362Z",
+ "last_scan_start":"2021-06-10T11:36:43.216Z",
+ "malware_kits":0,
+ "moderate_vulnerabilities":4,
+ "os_architecture":"",
+ "os_description":"Linux 3.10",
+ "os_family":"Linux",
+ "os_name":"Linux",
+ "os_system_name":"Linux",
+ "os_type":"General",
+ "os_vendor":"Linux",
+ "os_version":"3.10",
+ "risk_score":1625.71630859375,
+ "severe_vulnerabilities":3,
+ "tags":[
+ {
+ "name":"soc prime site",
+ "type":"SITE"
+ }
+ ],
+ "total_vulnerabilities":7,
+ "unique_identifiers":[
+
+ ],
+ "new":[
+
+ ],
+ "remediated":[
+
+ ],
+ "same":[
+ {
+ "check_id":null,
+ "first_found":"2021-06-02T07:23:04Z",
+ "key":"",
+ "last_found":"2021-06-10T11:44:03.362Z",
+ "port":null,
+ "proof":"Able to determine remote system time.
",
+ "protocol":null,
+ "solution_fix":"Linux offers neither a sysctl nor a /proc/sys/net/ipv4 interface\n to disable ICMP timestamp responses. Therefore, you should block\n ICMP on the affected host using iptables, and/or block it at the\n firewall. For example:
ipchains -A input -p icmp --icmp-type timestamp-request -j DROP
ipchains -A output -p icmp --icmp-type timestamp-reply -j DROP
The easiest and most effective solution is to configure your\n firewall to block incoming and outgoing ICMP packets with ICMP\n types 13 (timestamp request) and 14 (timestamp response).
",
+ "solution_id":"generic-icmp-timestamp-disable-linux",
+ "solution_summary":"Disable ICMP timestamp responses on Linux",
+ "solution_type":"workaround",
+ "status":"VULNERABLE_EXPL",
+ "vulnerability_id":"generic-icmp-timestamp"
+ },
+ {
+ "check_id":null,
+ "first_found":"2021-06-02T07:23:04Z",
+ "key":"",
+ "last_found":"2021-06-10T11:44:03.362Z",
+ "port":null,
+ "proof":"Able to determine system boot time.
",
+ "protocol":null,
+ "solution_fix":"\n Set the value of net.ipv4.tcp_timestamps to 0 by running the \n following command:\n
\n sysctl -w net.ipv4.tcp_timestamps=0\n
\n Additionally, put the following value in the default sysctl\n configuration file, generally sysctl.conf:\n
\n net.ipv4.tcp_timestamps=0\n
",
+ "solution_id":"generic-tcp-timestamp-disable-linux",
+ "solution_summary":"Disable TCP timestamp responses on Linux",
+ "solution_type":"workaround",
+ "status":"VULNERABLE_EXPL",
+ "vulnerability_id":"generic-tcp-timestamp"
+ },
+ {
+ "check_id":null,
+ "first_found":"2021-06-02T07:23:04Z",
+ "key":"",
+ "last_found":"2021-06-10T11:44:03.362Z",
+ "port":22,
+ "proof":"- Running SSH service
- Insecure 3DES ciphers in use: 3des-cbc
",
+ "protocol":"TCP",
+ "solution_fix":"Remove all 3DES ciphers from the cipher list specified in sshd_config.
",
+ "solution_id":"ssh-disable-3des-ciphers",
+ "solution_summary":"Disable SSH support for 3DES cipher suite",
+ "solution_type":"workaround",
+ "status":"VULNERABLE_VERS",
+ "vulnerability_id":"ssh-3des-ciphers"
+ },
+ {
+ "check_id":null,
+ "first_found":"2021-06-02T07:23:04Z",
+ "key":"",
+ "last_found":"2021-06-10T11:44:03.362Z",
+ "port":22,
+ "proof":"- Running SSH service
- Insecure CBC ciphers in use: aes128-cbc,aes192-cbc,aes256-cbc,blowfish-cbc,cast128-cbc,3des-cbc
",
+ "protocol":"TCP",
+ "solution_fix":"SSH can be done using Counter (CTR) mode encryption. This mode generates the keystream by encrypting successive values of a "counter" function. In order to mitigate this vulnerabilty SSH can be setup to use CTR mode rather CBC mode.
",
+ "solution_id":"ssh-disable-cbc-ciphers",
+ "solution_summary":"Disable SSH support for CBC cipher suite",
+ "solution_type":"workaround",
+ "status":"VULNERABLE_VERS",
+ "vulnerability_id":"ssh-cbc-ciphers"
+ },
+ {
+ "check_id":null,
+ "first_found":"2021-06-02T07:23:04Z",
+ "key":"",
+ "last_found":"2021-06-10T11:44:03.362Z",
+ "port":22,
+ "proof":"- Running SSH service
- Insecure key exchange in use: diffie-hellman-group1-sha1
",
+ "protocol":"TCP",
+ "solution_fix":"Remove ssh-diffie-hellman-group1-sha1 from the KexAlgorithms list specified in sshd_config.
",
+ "solution_id":"ssh-diffie-hellman-group1-sha1",
+ "solution_summary":"Disable SSH support for ssh-diffie-hellman-group1-sha1",
+ "solution_type":"workaround",
+ "status":"VULNERABLE_VERS",
+ "vulnerability_id":"ssh-cve-2015-4000"
+ },
+ {
+ "check_id":null,
+ "first_found":"2021-06-02T07:23:04Z",
+ "key":"",
+ "last_found":"2021-06-10T11:44:03.362Z",
+ "port":22,
+ "proof":"- Running SSH service
- Insecure 3DES ciphers in use: 3des-cbc
",
+ "protocol":"TCP",
+ "solution_fix":"Remove all 3DES ciphers from the cipher list specified in sshd_config.
",
+ "solution_id":"ssh-disable-3des-ciphers",
+ "solution_summary":"Disable SSH support for 3DES cipher suite",
+ "solution_type":"workaround",
+ "status":"VULNERABLE_VERS",
+ "vulnerability_id":"ssh-cve-2016-2183-sweet32"
+ },
+ {
+ "check_id":null,
+ "first_found":"2021-06-02T07:23:04Z",
+ "key":"",
+ "last_found":"2021-06-10T11:44:03.362Z",
+ "port":22,
+ "proof":"- Running SSH service
- Insecure key exchange algorithms in use: diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
",
+ "protocol":"TCP",
+ "solution_fix":null,
+ "solution_id":"ssh-disable-weak-kex-algorithms",
+ "solution_summary":"Disable weak Key Exchange Algorithms",
+ "solution_type":"workaround",
+ "status":"VULNERABLE_VERS",
+ "vulnerability_id":"ssh-weak-kex-algorithms"
+ }
+ ]
+ },
+ {
+ "assessed_for_policies":false,
+ "assessed_for_vulnerabilities":true,
+ "credential_assessments":[
+ {
+ "port":161,
+ "protocol":"UDP",
+ "status":"NO_CREDS_SUPPLIED"
+ },
+ {
+ "port":22,
+ "protocol":"TCP",
+ "status":"NO_CREDS_SUPPLIED"
+ }
+ ],
+ "critical_vulnerabilities":0,
+ "exploits":0,
+ "host_name":"srv-elk-054.company.com",
+ "id":"1b09c714-daaa-4d5e-88af-730e1167c6fc-default-asset-59",
+ "ip":"101.111.152.54",
+ "last_assessed_for_vulnerabilities":"2021-06-10T11:43:59.303Z",
+ "last_scan_end":"2021-06-10T11:43:59.303Z",
+ "last_scan_start":"2021-06-10T11:36:43.189Z",
+ "malware_kits":0,
+ "moderate_vulnerabilities":4,
+ "os_architecture":"",
+ "os_description":"Linux 3.10",
+ "os_family":"Linux",
+ "os_name":"Linux",
+ "os_system_name":"Linux",
+ "os_type":"General",
+ "os_vendor":"Linux",
+ "os_version":"3.10",
+ "risk_score":1625.71630859375,
+ "severe_vulnerabilities":3,
+ "tags":[
+ {
+ "name":"soc prime site",
+ "type":"SITE"
+ }
+ ],
+ "total_vulnerabilities":7,
+ "unique_identifiers":[
+
+ ],
+ "new":[
+
+ ],
+ "remediated":[
+
+ ],
+ "same":[
+ {
+ "check_id":null,
+ "first_found":"2021-06-02T07:26:37Z",
+ "key":"",
+ "last_found":"2021-06-10T11:43:59.303Z",
+ "port":null,
+ "proof":"Able to determine remote system time.
",
+ "protocol":null,
+ "solution_fix":"Linux offers neither a sysctl nor a /proc/sys/net/ipv4 interface\n to disable ICMP timestamp responses. Therefore, you should block\n ICMP on the affected host using iptables, and/or block it at the\n firewall. For example:
ipchains -A input -p icmp --icmp-type timestamp-request -j DROP
ipchains -A output -p icmp --icmp-type timestamp-reply -j DROP
The easiest and most effective solution is to configure your\n firewall to block incoming and outgoing ICMP packets with ICMP\n types 13 (timestamp request) and 14 (timestamp response).
",
+ "solution_id":"generic-icmp-timestamp-disable-linux",
+ "solution_summary":"Disable ICMP timestamp responses on Linux",
+ "solution_type":"workaround",
+ "status":"VULNERABLE_EXPL",
+ "vulnerability_id":"generic-icmp-timestamp"
+ },
+ {
+ "check_id":null,
+ "first_found":"2021-06-02T07:26:37Z",
+ "key":"",
+ "last_found":"2021-06-10T11:43:59.303Z",
+ "port":null,
+ "proof":"Able to determine system boot time.
",
+ "protocol":null,
+ "solution_fix":"\n Set the value of net.ipv4.tcp_timestamps to 0 by running the \n following command:\n
\n sysctl -w net.ipv4.tcp_timestamps=0\n
\n Additionally, put the following value in the default sysctl\n configuration file, generally sysctl.conf:\n
\n net.ipv4.tcp_timestamps=0\n
",
+ "solution_id":"generic-tcp-timestamp-disable-linux",
+ "solution_summary":"Disable TCP timestamp responses on Linux",
+ "solution_type":"workaround",
+ "status":"VULNERABLE_EXPL",
+ "vulnerability_id":"generic-tcp-timestamp"
+ },
+ {
+ "check_id":null,
+ "first_found":"2021-06-02T07:26:37Z",
+ "key":"",
+ "last_found":"2021-06-10T11:43:59.303Z",
+ "port":22,
+ "proof":"- Running SSH service
- Insecure 3DES ciphers in use: 3des-cbc
",
+ "protocol":"TCP",
+ "solution_fix":"Remove all 3DES ciphers from the cipher list specified in sshd_config.
",
+ "solution_id":"ssh-disable-3des-ciphers",
+ "solution_summary":"Disable SSH support for 3DES cipher suite",
+ "solution_type":"workaround",
+ "status":"VULNERABLE_VERS",
+ "vulnerability_id":"ssh-3des-ciphers"
+ },
+ {
+ "check_id":null,
+ "first_found":"2021-06-02T07:26:37Z",
+ "key":"",
+ "last_found":"2021-06-10T11:43:59.303Z",
+ "port":22,
+ "proof":"- Running SSH service
- Insecure CBC ciphers in use: aes128-cbc,aes192-cbc,aes256-cbc,blowfish-cbc,cast128-cbc,3des-cbc
",
+ "protocol":"TCP",
+ "solution_fix":"SSH can be done using Counter (CTR) mode encryption. This mode generates the keystream by encrypting successive values of a "counter" function. In order to mitigate this vulnerabilty SSH can be setup to use CTR mode rather CBC mode.
",
+ "solution_id":"ssh-disable-cbc-ciphers",
+ "solution_summary":"Disable SSH support for CBC cipher suite",
+ "solution_type":"workaround",
+ "status":"VULNERABLE_VERS",
+ "vulnerability_id":"ssh-cbc-ciphers"
+ },
+ {
+ "check_id":null,
+ "first_found":"2021-06-02T07:26:37Z",
+ "key":"",
+ "last_found":"2021-06-10T11:43:59.303Z",
+ "port":22,
+ "proof":"- Running SSH service
- Insecure key exchange in use: diffie-hellman-group1-sha1
",
+ "protocol":"TCP",
+ "solution_fix":"Remove ssh-diffie-hellman-group1-sha1 from the KexAlgorithms list specified in sshd_config.
",
+ "solution_id":"ssh-diffie-hellman-group1-sha1",
+ "solution_summary":"Disable SSH support for ssh-diffie-hellman-group1-sha1",
+ "solution_type":"workaround",
+ "status":"VULNERABLE_VERS",
+ "vulnerability_id":"ssh-cve-2015-4000"
+ },
+ {
+ "check_id":null,
+ "first_found":"2021-06-02T07:26:37Z",
+ "key":"",
+ "last_found":"2021-06-10T11:43:59.303Z",
+ "port":22,
+ "proof":"- Running SSH service
- Insecure 3DES ciphers in use: 3des-cbc
",
+ "protocol":"TCP",
+ "solution_fix":"Remove all 3DES ciphers from the cipher list specified in sshd_config.
",
+ "solution_id":"ssh-disable-3des-ciphers",
+ "solution_summary":"Disable SSH support for 3DES cipher suite",
+ "solution_type":"workaround",
+ "status":"VULNERABLE_VERS",
+ "vulnerability_id":"ssh-cve-2016-2183-sweet32"
+ },
+ {
+ "check_id":null,
+ "first_found":"2021-06-02T07:26:37Z",
+ "key":"",
+ "last_found":"2021-06-10T11:43:59.303Z",
+ "port":22,
+ "proof":"- Running SSH service
- Insecure key exchange algorithms in use: diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
",
+ "protocol":"TCP",
+ "solution_fix":null,
+ "solution_id":"ssh-disable-weak-kex-algorithms",
+ "solution_summary":"Disable weak Key Exchange Algorithms",
+ "solution_type":"workaround",
+ "status":"VULNERABLE_VERS",
+ "vulnerability_id":"ssh-weak-kex-algorithms"
+ }
+ ]
+ },
+ {
+ "assessed_for_policies":false,
+ "assessed_for_vulnerabilities":true,
+ "credential_assessments":[
+ {
+ "port":161,
+ "protocol":"UDP",
+ "status":"NO_CREDS_SUPPLIED"
+ },
+ {
+ "port":22,
+ "protocol":"TCP",
+ "status":"NO_CREDS_SUPPLIED"
+ }
+ ],
+ "critical_vulnerabilities":0,
+ "exploits":0,
+ "host_name":"srv-elk-065.company.com",
+ "id":"1b09c714-daaa-4d5e-88af-730e1167c6fc-default-asset-37",
+ "ip":"101.111.152.65",
+ "last_assessed_for_vulnerabilities":"2021-06-10T11:43:59.607Z",
+ "last_scan_end":"2021-06-10T11:43:59.607Z",
+ "last_scan_start":"2021-06-10T11:36:43.422Z",
+ "malware_kits":0,
+ "moderate_vulnerabilities":4,
+ "os_architecture":"",
+ "os_description":"Linux 3.10",
+ "os_family":"Linux",
+ "os_name":"Linux",
+ "os_system_name":"Linux",
+ "os_type":"General",
+ "os_vendor":"Linux",
+ "os_version":"3.10",
+ "risk_score":1625.71630859375,
+ "severe_vulnerabilities":3,
+ "tags":[
+ {
+ "name":"soc prime site",
+ "type":"SITE"
+ }
+ ],
+ "total_vulnerabilities":7,
+ "unique_identifiers":[
+
+ ],
+ "new":[
+
+ ],
+ "remediated":[
+
+ ],
+ "same":[
+ {
+ "check_id":null,
+ "first_found":"2021-06-02T07:23:06Z",
+ "key":"",
+ "last_found":"2021-06-10T11:43:59.607Z",
+ "port":null,
+ "proof":"Able to determine remote system time.
",
+ "protocol":null,
+ "solution_fix":"Linux offers neither a sysctl nor a /proc/sys/net/ipv4 interface\n to disable ICMP timestamp responses. Therefore, you should block\n ICMP on the affected host using iptables, and/or block it at the\n firewall. For example:
ipchains -A input -p icmp --icmp-type timestamp-request -j DROP
ipchains -A output -p icmp --icmp-type timestamp-reply -j DROP
The easiest and most effective solution is to configure your\n firewall to block incoming and outgoing ICMP packets with ICMP\n types 13 (timestamp request) and 14 (timestamp response).
",
+ "solution_id":"generic-icmp-timestamp-disable-linux",
+ "solution_summary":"Disable ICMP timestamp responses on Linux",
+ "solution_type":"workaround",
+ "status":"VULNERABLE_EXPL",
+ "vulnerability_id":"generic-icmp-timestamp"
+ },
+ {
+ "check_id":null,
+ "first_found":"2021-06-02T07:23:06Z",
+ "key":"",
+ "last_found":"2021-06-10T11:43:59.607Z",
+ "port":null,
+ "proof":"Able to determine system boot time.
",
+ "protocol":null,
+ "solution_fix":"\n Set the value of net.ipv4.tcp_timestamps to 0 by running the \n following command:\n
\n sysctl -w net.ipv4.tcp_timestamps=0\n
\n Additionally, put the following value in the default sysctl\n configuration file, generally sysctl.conf:\n
\n net.ipv4.tcp_timestamps=0\n
",
+ "solution_id":"generic-tcp-timestamp-disable-linux",
+ "solution_summary":"Disable TCP timestamp responses on Linux",
+ "solution_type":"workaround",
+ "status":"VULNERABLE_EXPL",
+ "vulnerability_id":"generic-tcp-timestamp"
+ },
+ {
+ "check_id":null,
+ "first_found":"2021-06-02T07:23:06Z",
+ "key":"",
+ "last_found":"2021-06-10T11:43:59.607Z",
+ "port":22,
+ "proof":"- Running SSH service
- Insecure 3DES ciphers in use: 3des-cbc
",
+ "protocol":"TCP",
+ "solution_fix":"Remove all 3DES ciphers from the cipher list specified in sshd_config.
",
+ "solution_id":"ssh-disable-3des-ciphers",
+ "solution_summary":"Disable SSH support for 3DES cipher suite",
+ "solution_type":"workaround",
+ "status":"VULNERABLE_VERS",
+ "vulnerability_id":"ssh-3des-ciphers"
+ },
+ {
+ "check_id":null,
+ "first_found":"2021-06-02T07:23:06Z",
+ "key":"",
+ "last_found":"2021-06-10T11:43:59.607Z",
+ "port":22,
+ "proof":"- Running SSH service
- Insecure CBC ciphers in use: aes128-cbc,aes192-cbc,aes256-cbc,blowfish-cbc,cast128-cbc,3des-cbc
",
+ "protocol":"TCP",
+ "solution_fix":"SSH can be done using Counter (CTR) mode encryption. This mode generates the keystream by encrypting successive values of a "counter" function. In order to mitigate this vulnerabilty SSH can be setup to use CTR mode rather CBC mode.
",
+ "solution_id":"ssh-disable-cbc-ciphers",
+ "solution_summary":"Disable SSH support for CBC cipher suite",
+ "solution_type":"workaround",
+ "status":"VULNERABLE_VERS",
+ "vulnerability_id":"ssh-cbc-ciphers"
+ },
+ {
+ "check_id":null,
+ "first_found":"2021-06-02T07:23:06Z",
+ "key":"",
+ "last_found":"2021-06-10T11:43:59.607Z",
+ "port":22,
+ "proof":"- Running SSH service
- Insecure key exchange in use: diffie-hellman-group1-sha1
",
+ "protocol":"TCP",
+ "solution_fix":"Remove ssh-diffie-hellman-group1-sha1 from the KexAlgorithms list specified in sshd_config.
",
+ "solution_id":"ssh-diffie-hellman-group1-sha1",
+ "solution_summary":"Disable SSH support for ssh-diffie-hellman-group1-sha1",
+ "solution_type":"workaround",
+ "status":"VULNERABLE_VERS",
+ "vulnerability_id":"ssh-cve-2015-4000"
+ },
+ {
+ "check_id":null,
+ "first_found":"2021-06-02T07:23:06Z",
+ "key":"",
+ "last_found":"2021-06-10T11:43:59.607Z",
+ "port":22,
+ "proof":"- Running SSH service
- Insecure 3DES ciphers in use: 3des-cbc
",
+ "protocol":"TCP",
+ "solution_fix":"Remove all 3DES ciphers from the cipher list specified in sshd_config.
",
+ "solution_id":"ssh-disable-3des-ciphers",
+ "solution_summary":"Disable SSH support for 3DES cipher suite",
+ "solution_type":"workaround",
+ "status":"VULNERABLE_VERS",
+ "vulnerability_id":"ssh-cve-2016-2183-sweet32"
+ },
+ {
+ "check_id":null,
+ "first_found":"2021-06-02T07:23:06Z",
+ "key":"",
+ "last_found":"2021-06-10T11:43:59.607Z",
+ "port":22,
+ "proof":"- Running SSH service
- Insecure key exchange algorithms in use: diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
",
+ "protocol":"TCP",
+ "solution_fix":null,
+ "solution_id":"ssh-disable-weak-kex-algorithms",
+ "solution_summary":"Disable weak Key Exchange Algorithms",
+ "solution_type":"workaround",
+ "status":"VULNERABLE_VERS",
+ "vulnerability_id":"ssh-weak-kex-algorithms"
+ }
+ ]
+ },
+ {
+ "assessed_for_policies":false,
+ "assessed_for_vulnerabilities":true,
+ "credential_assessments":[
+ {
+ "port":161,
+ "protocol":"UDP",
+ "status":"NO_CREDS_SUPPLIED"
+ },
+ {
+ "port":22,
+ "protocol":"TCP",
+ "status":"NO_CREDS_SUPPLIED"
+ }
+ ],
+ "critical_vulnerabilities":0,
+ "exploits":0,
+ "host_name":"srv-elk-300.company.com",
+ "id":"1b09c714-daaa-4d5e-88af-730e1167c6fc-default-asset-39",
+ "ip":"101.111.152.220",
+ "last_assessed_for_vulnerabilities":"2021-06-10T11:43:57.501Z",
+ "last_scan_end":"2021-06-10T11:43:57.501Z",
+ "last_scan_start":"2021-06-10T11:36:44.187Z",
+ "malware_kits":0,
+ "moderate_vulnerabilities":4,
+ "os_architecture":"",
+ "os_description":"Linux 3.2",
+ "os_family":"Linux",
+ "os_name":"Linux",
+ "os_system_name":"Linux",
+ "os_type":"General",
+ "os_vendor":"Linux",
+ "os_version":"3.2",
+ "risk_score":1625.71630859375,
+ "severe_vulnerabilities":3,
+ "tags":[
+ {
+ "name":"soc prime site",
+ "type":"SITE"
+ }
+ ],
+ "total_vulnerabilities":7,
+ "unique_identifiers":[
+
+ ],
+ "new":[
+
+ ],
+ "remediated":[
+
+ ],
+ "same":[
+ {
+ "check_id":null,
+ "first_found":"2021-06-02T07:23:08Z",
+ "key":"",
+ "last_found":"2021-06-10T11:43:57.501Z",
+ "port":null,
+ "proof":"Able to determine remote system time.
",
+ "protocol":null,
+ "solution_fix":"Linux offers neither a sysctl nor a /proc/sys/net/ipv4 interface\n to disable ICMP timestamp responses. Therefore, you should block\n ICMP on the affected host using iptables, and/or block it at the\n firewall. For example:
ipchains -A input -p icmp --icmp-type timestamp-request -j DROP
ipchains -A output -p icmp --icmp-type timestamp-reply -j DROP
The easiest and most effective solution is to configure your\n firewall to block incoming and outgoing ICMP packets with ICMP\n types 13 (timestamp request) and 14 (timestamp response).
",
+ "solution_id":"generic-icmp-timestamp-disable-linux",
+ "solution_summary":"Disable ICMP timestamp responses on Linux",
+ "solution_type":"workaround",
+ "status":"VULNERABLE_EXPL",
+ "vulnerability_id":"generic-icmp-timestamp"
+ },
+ {
+ "check_id":null,
+ "first_found":"2021-06-10T11:43:57Z",
+ "key":"",
+ "last_found":"2021-06-10T11:43:57.501Z",
+ "port":null,
+ "proof":"Able to determine system boot time.
",
+ "protocol":null,
+ "solution_fix":"\n Set the value of net.ipv4.tcp_timestamps to 0 by running the \n following command:\n
\n sysctl -w net.ipv4.tcp_timestamps=0\n
\n Additionally, put the following value in the default sysctl\n configuration file, generally sysctl.conf:\n
\n net.ipv4.tcp_timestamps=0\n
",
+ "solution_id":"generic-tcp-timestamp-disable-linux",
+ "solution_summary":"Disable TCP timestamp responses on Linux",
+ "solution_type":"workaround",
+ "status":"VULNERABLE_EXPL",
+ "vulnerability_id":"generic-tcp-timestamp"
+ },
+ {
+ "check_id":null,
+ "first_found":"2021-06-02T07:23:08Z",
+ "key":"",
+ "last_found":"2021-06-10T11:43:57.501Z",
+ "port":22,
+ "proof":"- Running SSH service
- Insecure 3DES ciphers in use: 3des-cbc
",
+ "protocol":"TCP",
+ "solution_fix":"Remove all 3DES ciphers from the cipher list specified in sshd_config.
",
+ "solution_id":"ssh-disable-3des-ciphers",
+ "solution_summary":"Disable SSH support for 3DES cipher suite",
+ "solution_type":"workaround",
+ "status":"VULNERABLE_VERS",
+ "vulnerability_id":"ssh-3des-ciphers"
+ },
+ {
+ "check_id":null,
+ "first_found":"2021-06-02T07:23:08Z",
+ "key":"",
+ "last_found":"2021-06-10T11:43:57.501Z",
+ "port":22,
+ "proof":"- Running SSH service
- Insecure CBC ciphers in use: aes128-cbc,aes192-cbc,aes256-cbc,blowfish-cbc,cast128-cbc,3des-cbc
",
+ "protocol":"TCP",
+ "solution_fix":"SSH can be done using Counter (CTR) mode encryption. This mode generates the keystream by encrypting successive values of a "counter" function. In order to mitigate this vulnerabilty SSH can be setup to use CTR mode rather CBC mode.
",
+ "solution_id":"ssh-disable-cbc-ciphers",
+ "solution_summary":"Disable SSH support for CBC cipher suite",
+ "solution_type":"workaround",
+ "status":"VULNERABLE_VERS",
+ "vulnerability_id":"ssh-cbc-ciphers"
+ },
+ {
+ "check_id":null,
+ "first_found":"2021-06-02T07:23:08Z",
+ "key":"",
+ "last_found":"2021-06-10T11:43:57.501Z",
+ "port":22,
+ "proof":"- Running SSH service
- Insecure key exchange in use: diffie-hellman-group1-sha1
",
+ "protocol":"TCP",
+ "solution_fix":"Remove ssh-diffie-hellman-group1-sha1 from the KexAlgorithms list specified in sshd_config.
",
+ "solution_id":"ssh-diffie-hellman-group1-sha1",
+ "solution_summary":"Disable SSH support for ssh-diffie-hellman-group1-sha1",
+ "solution_type":"workaround",
+ "status":"VULNERABLE_VERS",
+ "vulnerability_id":"ssh-cve-2015-4000"
+ },
+ {
+ "check_id":null,
+ "first_found":"2021-06-02T07:23:08Z",
+ "key":"",
+ "last_found":"2021-06-10T11:43:57.501Z",
+ "port":22,
+ "proof":"- Running SSH service
- Insecure 3DES ciphers in use: 3des-cbc
",
+ "protocol":"TCP",
+ "solution_fix":"Remove all 3DES ciphers from the cipher list specified in sshd_config.
",
+ "solution_id":"ssh-disable-3des-ciphers",
+ "solution_summary":"Disable SSH support for 3DES cipher suite",
+ "solution_type":"workaround",
+ "status":"VULNERABLE_VERS",
+ "vulnerability_id":"ssh-cve-2016-2183-sweet32"
+ },
+ {
+ "check_id":null,
+ "first_found":"2021-06-02T07:23:08Z",
+ "key":"",
+ "last_found":"2021-06-10T11:43:57.501Z",
+ "port":22,
+ "proof":"- Running SSH service
- Insecure key exchange algorithms in use: diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
",
+ "protocol":"TCP",
+ "solution_fix":null,
+ "solution_id":"ssh-disable-weak-kex-algorithms",
+ "solution_summary":"Disable weak Key Exchange Algorithms",
+ "solution_type":"workaround",
+ "status":"VULNERABLE_VERS",
+ "vulnerability_id":"ssh-weak-kex-algorithms"
+ }
+ ]
+ },
+ {
+ "assessed_for_policies":false,
+ "assessed_for_vulnerabilities":true,
+ "credential_assessments":[
+ {
+ "port":22,
+ "protocol":"TCP",
+ "status":"NO_CREDS_SUPPLIED"
+ }
+ ],
+ "critical_vulnerabilities":0,
+ "exploits":0,
+ "host_name":"srv-sin-001.company.com",
+ "id":"1b09c714-daaa-4d5e-88af-730e1167c6fc-default-asset-62",
+ "ip":"101.111.152.81",
+ "last_assessed_for_vulnerabilities":"2021-06-10T11:47:33.118Z",
+ "last_scan_end":"2021-06-10T11:47:33.118Z",
+ "last_scan_start":"2021-06-10T11:36:43.586Z",
+ "malware_kits":0,
+ "moderate_vulnerabilities":2,
+ "os_architecture":"",
+ "os_description":"Debian Linux 10.2",
+ "os_family":"Linux",
+ "os_name":"Linux",
+ "os_system_name":"Debian Linux",
+ "os_type":"",
+ "os_vendor":"Debian",
+ "os_version":"10.2",
+ "risk_score":0.0,
+ "severe_vulnerabilities":0,
+ "tags":[
+ {
+ "name":"soc prime site",
+ "type":"SITE"
+ }
+ ],
+ "total_vulnerabilities":2,
+ "unique_identifiers":[
+
+ ],
+ "new":[
+
+ ],
+ "remediated":[
+
+ ],
+ "same":[
+ {
+ "check_id":null,
+ "first_found":"2021-06-02T07:26:47Z",
+ "key":"",
+ "last_found":"2021-06-10T11:47:33.118Z",
+ "port":null,
+ "proof":"Able to determine remote system time.
",
+ "protocol":null,
+ "solution_fix":"Linux offers neither a sysctl nor a /proc/sys/net/ipv4 interface\n to disable ICMP timestamp responses. Therefore, you should block\n ICMP on the affected host using iptables, and/or block it at the\n firewall. For example:
ipchains -A input -p icmp --icmp-type timestamp-request -j DROP
ipchains -A output -p icmp --icmp-type timestamp-reply -j DROP
The easiest and most effective solution is to configure your\n firewall to block incoming and outgoing ICMP packets with ICMP\n types 13 (timestamp request) and 14 (timestamp response).
",
+ "solution_id":"generic-icmp-timestamp-disable-linux",
+ "solution_summary":"Disable ICMP timestamp responses on Linux",
+ "solution_type":"workaround",
+ "status":"VULNERABLE_EXPL",
+ "vulnerability_id":"generic-icmp-timestamp"
+ },
+ {
+ "check_id":null,
+ "first_found":"2021-06-02T07:26:47Z",
+ "key":"",
+ "last_found":"2021-06-10T11:47:33.118Z",
+ "port":null,
+ "proof":"Able to determine system boot time.
",
+ "protocol":null,
+ "solution_fix":"\n Set the value of net.ipv4.tcp_timestamps to 0 by running the \n following command:\n
\n sysctl -w net.ipv4.tcp_timestamps=0\n
\n Additionally, put the following value in the default sysctl\n configuration file, generally sysctl.conf:\n
\n net.ipv4.tcp_timestamps=0\n
",
+ "solution_id":"generic-tcp-timestamp-disable-linux",
+ "solution_summary":"Disable TCP timestamp responses on Linux",
+ "solution_type":"workaround",
+ "status":"VULNERABLE_EXPL",
+ "vulnerability_id":"generic-tcp-timestamp"
+ }
+ ]
+ },
+ {
+ "assessed_for_policies":false,
+ "assessed_for_vulnerabilities":true,
+ "credential_assessments":[
+ {
+ "port":161,
+ "protocol":"UDP",
+ "status":"NO_CREDS_SUPPLIED"
+ },
+ {
+ "port":22,
+ "protocol":"TCP",
+ "status":"NO_CREDS_SUPPLIED"
+ }
+ ],
+ "critical_vulnerabilities":0,
+ "exploits":0,
+ "host_name":"srv-elk-041.company.com",
+ "id":"1b09c714-daaa-4d5e-88af-730e1167c6fc-default-asset-55",
+ "ip":"101.111.152.41",
+ "last_assessed_for_vulnerabilities":"2021-06-10T11:43:56.699Z",
+ "last_scan_end":"2021-06-10T11:43:56.699Z",
+ "last_scan_start":"2021-06-10T11:36:42.482Z",
+ "malware_kits":0,
+ "moderate_vulnerabilities":4,
+ "os_architecture":"",
+ "os_description":"Linux 3.10",
+ "os_family":"Linux",
+ "os_name":"Linux",
+ "os_system_name":"Linux",
+ "os_type":"General",
+ "os_vendor":"Linux",
+ "os_version":"3.10",
+ "risk_score":1625.71630859375,
+ "severe_vulnerabilities":3,
+ "tags":[
+ {
+ "name":"soc prime site",
+ "type":"SITE"
+ }
+ ],
+ "total_vulnerabilities":7,
+ "unique_identifiers":[
+
+ ],
+ "new":[
+
+ ],
+ "remediated":[
+
+ ],
+ "same":[
+ {
+ "check_id":null,
+ "first_found":"2021-06-02T07:26:34Z",
+ "key":"",
+ "last_found":"2021-06-10T11:43:56.699Z",
+ "port":null,
+ "proof":"Able to determine remote system time.
",
+ "protocol":null,
+ "solution_fix":"Linux offers neither a sysctl nor a /proc/sys/net/ipv4 interface\n to disable ICMP timestamp responses. Therefore, you should block\n ICMP on the affected host using iptables, and/or block it at the\n firewall. For example:
ipchains -A input -p icmp --icmp-type timestamp-request -j DROP
ipchains -A output -p icmp --icmp-type timestamp-reply -j DROP
The easiest and most effective solution is to configure your\n firewall to block incoming and outgoing ICMP packets with ICMP\n types 13 (timestamp request) and 14 (timestamp response).
",
+ "solution_id":"generic-icmp-timestamp-disable-linux",
+ "solution_summary":"Disable ICMP timestamp responses on Linux",
+ "solution_type":"workaround",
+ "status":"VULNERABLE_EXPL",
+ "vulnerability_id":"generic-icmp-timestamp"
+ },
+ {
+ "check_id":null,
+ "first_found":"2021-06-02T07:26:34Z",
+ "key":"",
+ "last_found":"2021-06-10T11:43:56.699Z",
+ "port":null,
+ "proof":"Able to determine system boot time.
",
+ "protocol":null,
+ "solution_fix":"\n Set the value of net.ipv4.tcp_timestamps to 0 by running the \n following command:\n
\n sysctl -w net.ipv4.tcp_timestamps=0\n
\n Additionally, put the following value in the default sysctl\n configuration file, generally sysctl.conf:\n
\n net.ipv4.tcp_timestamps=0\n
",
+ "solution_id":"generic-tcp-timestamp-disable-linux",
+ "solution_summary":"Disable TCP timestamp responses on Linux",
+ "solution_type":"workaround",
+ "status":"VULNERABLE_EXPL",
+ "vulnerability_id":"generic-tcp-timestamp"
+ },
+ {
+ "check_id":null,
+ "first_found":"2021-06-02T07:26:34Z",
+ "key":"",
+ "last_found":"2021-06-10T11:43:56.699Z",
+ "port":22,
+ "proof":"- Running SSH service
- Insecure 3DES ciphers in use: 3des-cbc
",
+ "protocol":"TCP",
+ "solution_fix":"Remove all 3DES ciphers from the cipher list specified in sshd_config.
",
+ "solution_id":"ssh-disable-3des-ciphers",
+ "solution_summary":"Disable SSH support for 3DES cipher suite",
+ "solution_type":"workaround",
+ "status":"VULNERABLE_VERS",
+ "vulnerability_id":"ssh-3des-ciphers"
+ },
+ {
+ "check_id":null,
+ "first_found":"2021-06-02T07:26:34Z",
+ "key":"",
+ "last_found":"2021-06-10T11:43:56.699Z",
+ "port":22,
+ "proof":"- Running SSH service
- Insecure CBC ciphers in use: aes128-cbc,aes192-cbc,aes256-cbc,blowfish-cbc,cast128-cbc,3des-cbc
",
+ "protocol":"TCP",
+ "solution_fix":"SSH can be done using Counter (CTR) mode encryption. This mode generates the keystream by encrypting successive values of a "counter" function. In order to mitigate this vulnerabilty SSH can be setup to use CTR mode rather CBC mode.
",
+ "solution_id":"ssh-disable-cbc-ciphers",
+ "solution_summary":"Disable SSH support for CBC cipher suite",
+ "solution_type":"workaround",
+ "status":"VULNERABLE_VERS",
+ "vulnerability_id":"ssh-cbc-ciphers"
+ },
+ {
+ "check_id":null,
+ "first_found":"2021-06-02T07:26:34Z",
+ "key":"",
+ "last_found":"2021-06-10T11:43:56.699Z",
+ "port":22,
+ "proof":"- Running SSH service
- Insecure key exchange in use: diffie-hellman-group1-sha1
",
+ "protocol":"TCP",
+ "solution_fix":"Remove ssh-diffie-hellman-group1-sha1 from the KexAlgorithms list specified in sshd_config.
",
+ "solution_id":"ssh-diffie-hellman-group1-sha1",
+ "solution_summary":"Disable SSH support for ssh-diffie-hellman-group1-sha1",
+ "solution_type":"workaround",
+ "status":"VULNERABLE_VERS",
+ "vulnerability_id":"ssh-cve-2015-4000"
+ },
+ {
+ "check_id":null,
+ "first_found":"2021-06-02T07:26:34Z",
+ "key":"",
+ "last_found":"2021-06-10T11:43:56.699Z",
+ "port":22,
+ "proof":"- Running SSH service
- Insecure 3DES ciphers in use: 3des-cbc
",
+ "protocol":"TCP",
+ "solution_fix":"Remove all 3DES ciphers from the cipher list specified in sshd_config.
",
+ "solution_id":"ssh-disable-3des-ciphers",
+ "solution_summary":"Disable SSH support for 3DES cipher suite",
+ "solution_type":"workaround",
+ "status":"VULNERABLE_VERS",
+ "vulnerability_id":"ssh-cve-2016-2183-sweet32"
+ },
+ {
+ "check_id":null,
+ "first_found":"2021-06-02T07:26:34Z",
+ "key":"",
+ "last_found":"2021-06-10T11:43:56.699Z",
+ "port":22,
+ "proof":"- Running SSH service
- Insecure key exchange algorithms in use: diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
",
+ "protocol":"TCP",
+ "solution_fix":null,
+ "solution_id":"ssh-disable-weak-kex-algorithms",
+ "solution_summary":"Disable weak Key Exchange Algorithms",
+ "solution_type":"workaround",
+ "status":"VULNERABLE_VERS",
+ "vulnerability_id":"ssh-weak-kex-algorithms"
+ }
+ ]
+ }
+]
\ No newline at end of file
diff --git a/Sample Data/Custom/NexposeInsightVMCloud_vulnerabilities_CL.json b/Sample Data/Custom/NexposeInsightVMCloud_vulnerabilities_CL.json
new file mode 100644
index 0000000000..2488613e44
--- /dev/null
+++ b/Sample Data/Custom/NexposeInsightVMCloud_vulnerabilities_CL.json
@@ -0,0 +1,887 @@
+[
+ {
+ "asset_id":"1b09c714-daaa-4d5e-88af-730e1167c6fc-default-asset-17",
+ "host_name":"srv-gr-002.company.com",
+ "ip":"10.1.1.6",
+ "vuln_details":{
+ "added":"2020-03-31T00:00:00Z",
+ "categories":"Network,SSH",
+ "cves":"",
+ "cvss_v2_access_complexity":"medium",
+ "cvss_v2_access_vector":"network",
+ "cvss_v2_authentication":"none",
+ "cvss_v2_availability_impact":"none",
+ "cvss_v2_confidentiality_impact":"partial",
+ "cvss_v2_exploit_score":8.588799953460693,
+ "cvss_v2_impact_score":2.8627500620484354,
+ "cvss_v2_integrity_impact":"none",
+ "cvss_v2_score":4.3,
+ "cvss_v2_vector":"(AV:N/AC:M/Au:N/C:P/I:N/A:N)",
+ "cvss_v3_attack_complexity":null,
+ "cvss_v3_attack_vector":null,
+ "cvss_v3_availability_impact":null,
+ "cvss_v3_confidentiality_impact":null,
+ "cvss_v3_exploit_score":0.0,
+ "cvss_v3_impact_score":null,
+ "cvss_v3_integrity_impact":null,
+ "cvss_v3_privileges_required":null,
+ "cvss_v3_scope":null,
+ "cvss_v3_score":0.0,
+ "cvss_v3_user_interaction":null,
+ "cvss_v3_vector":null,
+ "denial_of_service":false,
+ "description":"The server supports one or more weak key exchange algorithms. It is highly adviseable to remove weak key exchange algorithm support from SSH configuration files on hosts to prevent them from being used to establish connections.",
+ "exploits":[
+
+ ],
+ "id":"ssh-weak-kex-algorithms",
+ "links":[
+ {
+ "href":"https://wiki.mozilla.org/Security/Guidelines/OpenSSH",
+ "id":"https://wiki.mozilla.org/Security/Guidelines/OpenSSH",
+ "source":"url"
+ }
+ ],
+ "malware_kits":[
+
+ ],
+ "modified":"2020-04-07T00:00:00Z",
+ "pci_cvss_score":4.3,
+ "pci_fail":true,
+ "pci_severity_score":3,
+ "pci_special_notes":"",
+ "pci_status":"fail",
+ "published":"2017-07-13T00:00:00Z",
+ "references":"url:https://wiki.mozilla.org/Security/Guidelines/OpenSSH",
+ "risk_score":405.49,
+ "severity":"severe",
+ "severity_score":4,
+ "title":"SSH Server Supports Weak Key Exchange Algorithms"
+ }
+ },
+ {
+ "asset_id":"1b09c714-daaa-4d5e-88af-730e1167c6fc-default-asset-34",
+ "host_name":null,
+ "ip":"101.111.152.254",
+ "vuln_details":{
+ "added":"2011-04-01T00:00:00Z",
+ "categories":"DNS,ISC,ISC BIND",
+ "cves":"",
+ "cvss_v2_access_complexity":"low",
+ "cvss_v2_access_vector":"network",
+ "cvss_v2_authentication":"none",
+ "cvss_v2_availability_impact":"none",
+ "cvss_v2_confidentiality_impact":"partial",
+ "cvss_v2_exploit_score":9.996799945831299,
+ "cvss_v2_impact_score":2.8627500620484354,
+ "cvss_v2_integrity_impact":"none",
+ "cvss_v2_score":5.0,
+ "cvss_v2_vector":"(AV:N/AC:L/Au:N/C:P/I:N/A:N)",
+ "cvss_v3_attack_complexity":null,
+ "cvss_v3_attack_vector":null,
+ "cvss_v3_availability_impact":null,
+ "cvss_v3_confidentiality_impact":null,
+ "cvss_v3_exploit_score":0.0,
+ "cvss_v3_impact_score":null,
+ "cvss_v3_integrity_impact":null,
+ "cvss_v3_privileges_required":null,
+ "cvss_v3_scope":null,
+ "cvss_v3_score":0.0,
+ "cvss_v3_user_interaction":null,
+ "cvss_v3_vector":null,
+ "denial_of_service":false,
+ "description":"This DNS server is susceptible to DNS cache snooping, whereby an attacker can make non-recursive queries to a DNS server, looking for records potentially already resolved by this DNS server for other clients. Depending on the response, an attacker can use this information to potentially launch other attacks.",
+ "exploits":[
+
+ ],
+ "id":"dns-allows-cache-snooping",
+ "links":[
+ {
+ "href":"http://cs.unc.edu/~fabian/course_papers/cache_snooping.pdf",
+ "id":"http://cs.unc.edu/~fabian/course_papers/cache_snooping.pdf",
+ "source":"url"
+ }
+ ],
+ "malware_kits":[
+
+ ],
+ "modified":"2016-04-08T00:00:00Z",
+ "pci_cvss_score":5.0,
+ "pci_fail":true,
+ "pci_severity_score":3,
+ "pci_special_notes":"",
+ "pci_status":"fail",
+ "published":"1990-01-01T00:00:00Z",
+ "references":"url:http://cs.unc.edu/~fabian/course_papers/cache_snooping.pdf",
+ "risk_score":599.57,
+ "severity":"severe",
+ "severity_score":5,
+ "title":"DNS server allows cache snooping"
+ }
+ },
+ {
+ "asset_id":"1b09c714-daaa-4d5e-88af-730e1167c6fc-default-asset-34",
+ "host_name":null,
+ "ip":"101.111.152.254",
+ "vuln_details":{
+ "added":"2011-04-01T00:00:00Z",
+ "categories":"DNS,ISC,ISC BIND",
+ "cves":"",
+ "cvss_v2_access_complexity":"low",
+ "cvss_v2_access_vector":"network",
+ "cvss_v2_authentication":"none",
+ "cvss_v2_availability_impact":"none",
+ "cvss_v2_confidentiality_impact":"partial",
+ "cvss_v2_exploit_score":9.996799945831299,
+ "cvss_v2_impact_score":2.8627500620484354,
+ "cvss_v2_integrity_impact":"none",
+ "cvss_v2_score":5.0,
+ "cvss_v2_vector":"(AV:N/AC:L/Au:N/C:P/I:N/A:N)",
+ "cvss_v3_attack_complexity":null,
+ "cvss_v3_attack_vector":null,
+ "cvss_v3_availability_impact":null,
+ "cvss_v3_confidentiality_impact":null,
+ "cvss_v3_exploit_score":0.0,
+ "cvss_v3_impact_score":null,
+ "cvss_v3_integrity_impact":null,
+ "cvss_v3_privileges_required":null,
+ "cvss_v3_scope":null,
+ "cvss_v3_score":0.0,
+ "cvss_v3_user_interaction":null,
+ "cvss_v3_vector":null,
+ "denial_of_service":false,
+ "description":"This DNS server is susceptible to DNS cache snooping, whereby an attacker can make non-recursive queries to a DNS server, looking for records potentially already resolved by this DNS server for other clients. Depending on the response, an attacker can use this information to potentially launch other attacks.",
+ "exploits":[
+
+ ],
+ "id":"dns-allows-cache-snooping",
+ "links":[
+ {
+ "href":"http://cs.unc.edu/~fabian/course_papers/cache_snooping.pdf",
+ "id":"http://cs.unc.edu/~fabian/course_papers/cache_snooping.pdf",
+ "source":"url"
+ }
+ ],
+ "malware_kits":[
+
+ ],
+ "modified":"2016-04-08T00:00:00Z",
+ "pci_cvss_score":5.0,
+ "pci_fail":true,
+ "pci_severity_score":3,
+ "pci_special_notes":"",
+ "pci_status":"fail",
+ "published":"1990-01-01T00:00:00Z",
+ "references":"url:http://cs.unc.edu/~fabian/course_papers/cache_snooping.pdf",
+ "risk_score":599.57,
+ "severity":"severe",
+ "severity_score":5,
+ "title":"DNS server allows cache snooping"
+ }
+ },
+ {
+ "asset_id":"1b09c714-daaa-4d5e-88af-730e1167c6fc-default-asset-34",
+ "host_name":null,
+ "ip":"101.111.152.254",
+ "vuln_details":{
+ "added":"2014-12-10T00:00:00Z",
+ "categories":"DNS,Denial of Service,ISC,ISC BIND",
+ "cves":"",
+ "cvss_v2_access_complexity":"low",
+ "cvss_v2_access_vector":"network",
+ "cvss_v2_authentication":"none",
+ "cvss_v2_availability_impact":"none",
+ "cvss_v2_confidentiality_impact":"none",
+ "cvss_v2_exploit_score":9.996799945831299,
+ "cvss_v2_impact_score":0.0,
+ "cvss_v2_integrity_impact":"none",
+ "cvss_v2_score":0.0,
+ "cvss_v2_vector":"(AV:N/AC:L/Au:N/C:N/I:N/A:N)",
+ "cvss_v3_attack_complexity":null,
+ "cvss_v3_attack_vector":null,
+ "cvss_v3_availability_impact":null,
+ "cvss_v3_confidentiality_impact":null,
+ "cvss_v3_exploit_score":0.0,
+ "cvss_v3_impact_score":null,
+ "cvss_v3_integrity_impact":null,
+ "cvss_v3_privileges_required":null,
+ "cvss_v3_scope":null,
+ "cvss_v3_score":0.0,
+ "cvss_v3_user_interaction":null,
+ "cvss_v3_vector":null,
+ "denial_of_service":false,
+ "description":"A Domain Name Server (DNS) amplification attack is a popular form of distributed denial of service (DDoS) that relies on the use of publically accessible open DNS servers to overwhelm a victim system with DNS response traffic. \n\n A Domain Name Server (DNS) Amplification attack is a popular form of Distributed Denial of Service (DDoS), in which attackers use publically accessible open DNS servers to flood a target system with DNS response traffic. The primary technique consists of an attacker sending a DNS name lookup request to an open DNS server with the source address spoofed to be the target's address. When the DNS server sends the DNS record response, it is sent instead to the target. Attackers will typically submit a request for as much zone information as possible to maximize the amplification effect. In most attacks of this type observed by US-CERT, the spoofed queries sent by the attacker are of the type, \"ANY\" which returns all known information about a DNS zone in a single request. Because the size of the response is considerably larger than the request, the attacker is able to increase the amount of traffic directed at the victim. By leveraging a botnet to produce a large number of spoofed DNS queries, an attacker can create an immense amount of traffic with little effort. Additionally, because the responses are legitimate data coming from valid servers, it is extremely difficult to prevent these types of attacks. While the attacks are difficult to stop, network operators can apply several possible mitigation strategies. \n\n While the most common form of this attack that US-CERT has observed involves DNS servers configured to allow unrestricted recursive resolution for any client on the Internet, attacks can also involve authoritative name servers that do not provide recursive resolution. The attack method is similar to open recursive resolvers, but is more difficult to mitigate since even a server configured with best practices can still be used in an attack. In the case of authoritative servers, mitigation should focus on using Response Rate Limiting to restrict the amount of traffic.",
+ "exploits":[
+
+ ],
+ "id":"dns-amplification",
+ "links":[
+ {
+ "href":"http://www.us-cert.gov/cas/techalerts/TA13-088A.html",
+ "id":"TA13-088A",
+ "source":"cert"
+ },
+ {
+ "href":"http://www.us-cert.gov/cas/techalerts/TA14-017A.html",
+ "id":"TA14-017A",
+ "source":"cert"
+ }
+ ],
+ "malware_kits":[
+
+ ],
+ "modified":"2018-03-21T00:00:00Z",
+ "pci_cvss_score":0.0,
+ "pci_fail":false,
+ "pci_severity_score":1,
+ "pci_special_notes":"",
+ "pci_status":"pass",
+ "published":"2013-03-29T00:00:00Z",
+ "references":"cert:TA13-088A,cert:TA14-017A",
+ "risk_score":0.0,
+ "severity":"moderate",
+ "severity_score":1,
+ "title":"DNS Traffic Amplification"
+ }
+ },
+ {
+ "asset_id":"1b09c714-daaa-4d5e-88af-730e1167c6fc-default-asset-34",
+ "host_name":null,
+ "ip":"101.111.152.254",
+ "vuln_details":{
+ "added":"2010-02-26T00:00:00Z",
+ "categories":"DNS,Denial of Service,ISC,ISC BIND",
+ "cves":"",
+ "cvss_v2_access_complexity":"low",
+ "cvss_v2_access_vector":"network",
+ "cvss_v2_authentication":"none",
+ "cvss_v2_availability_impact":"partial",
+ "cvss_v2_confidentiality_impact":"none",
+ "cvss_v2_exploit_score":9.996799945831299,
+ "cvss_v2_impact_score":2.862749751806259,
+ "cvss_v2_integrity_impact":"none",
+ "cvss_v2_score":5.0,
+ "cvss_v2_vector":"(AV:N/AC:L/Au:N/C:N/I:N/A:P)",
+ "cvss_v3_attack_complexity":null,
+ "cvss_v3_attack_vector":null,
+ "cvss_v3_availability_impact":null,
+ "cvss_v3_confidentiality_impact":null,
+ "cvss_v3_exploit_score":0.0,
+ "cvss_v3_impact_score":null,
+ "cvss_v3_integrity_impact":null,
+ "cvss_v3_privileges_required":null,
+ "cvss_v3_scope":null,
+ "cvss_v3_score":0.0,
+ "cvss_v3_user_interaction":null,
+ "cvss_v3_vector":null,
+ "denial_of_service":true,
+ "description":"Allowing nameservers to process recursive queries coming from any system may, in certain situations, help attackers conduct denial of service or cache poisoning attacks.",
+ "exploits":[
+
+ ],
+ "id":"dns-processes-recursive-queries",
+ "links":[
+ {
+ "href":"http://www.us-cert.gov/reading_room/DNS-recursion033006.pdf",
+ "id":"http://www.us-cert.gov/reading_room/DNS-recursion033006.pdf",
+ "source":"url"
+ }
+ ],
+ "malware_kits":[
+
+ ],
+ "modified":"2012-10-23T00:00:00Z",
+ "pci_cvss_score":5.0,
+ "pci_fail":false,
+ "pci_severity_score":2,
+ "pci_special_notes":"Denial-of-Service-only vulnerability marked as compliant. ",
+ "pci_status":"pass",
+ "published":"1990-01-01T00:00:00Z",
+ "references":"url:http://www.us-cert.gov/reading_room/DNS-recursion033006.pdf",
+ "risk_score":199.86,
+ "severity":"severe",
+ "severity_score":5,
+ "title":"Nameserver Processes Recursive Queries"
+ }
+ },
+ {
+ "asset_id":"1b09c714-daaa-4d5e-88af-730e1167c6fc-default-asset-34",
+ "host_name":null,
+ "ip":"101.111.152.254",
+ "vuln_details":{
+ "added":"2010-02-26T00:00:00Z",
+ "categories":"DNS,Denial of Service,ISC,ISC BIND",
+ "cves":"",
+ "cvss_v2_access_complexity":"low",
+ "cvss_v2_access_vector":"network",
+ "cvss_v2_authentication":"none",
+ "cvss_v2_availability_impact":"partial",
+ "cvss_v2_confidentiality_impact":"none",
+ "cvss_v2_exploit_score":9.996799945831299,
+ "cvss_v2_impact_score":2.862749751806259,
+ "cvss_v2_integrity_impact":"none",
+ "cvss_v2_score":5.0,
+ "cvss_v2_vector":"(AV:N/AC:L/Au:N/C:N/I:N/A:P)",
+ "cvss_v3_attack_complexity":null,
+ "cvss_v3_attack_vector":null,
+ "cvss_v3_availability_impact":null,
+ "cvss_v3_confidentiality_impact":null,
+ "cvss_v3_exploit_score":0.0,
+ "cvss_v3_impact_score":null,
+ "cvss_v3_integrity_impact":null,
+ "cvss_v3_privileges_required":null,
+ "cvss_v3_scope":null,
+ "cvss_v3_score":0.0,
+ "cvss_v3_user_interaction":null,
+ "cvss_v3_vector":null,
+ "denial_of_service":true,
+ "description":"Allowing nameservers to process recursive queries coming from any system may, in certain situations, help attackers conduct denial of service or cache poisoning attacks.",
+ "exploits":[
+
+ ],
+ "id":"dns-processes-recursive-queries",
+ "links":[
+ {
+ "href":"http://www.us-cert.gov/reading_room/DNS-recursion033006.pdf",
+ "id":"http://www.us-cert.gov/reading_room/DNS-recursion033006.pdf",
+ "source":"url"
+ }
+ ],
+ "malware_kits":[
+
+ ],
+ "modified":"2012-10-23T00:00:00Z",
+ "pci_cvss_score":5.0,
+ "pci_fail":false,
+ "pci_severity_score":2,
+ "pci_special_notes":"Denial-of-Service-only vulnerability marked as compliant. ",
+ "pci_status":"pass",
+ "published":"1990-01-01T00:00:00Z",
+ "references":"url:http://www.us-cert.gov/reading_room/DNS-recursion033006.pdf",
+ "risk_score":199.86,
+ "severity":"severe",
+ "severity_score":5,
+ "title":"Nameserver Processes Recursive Queries"
+ }
+ },
+ {
+ "asset_id":"1b09c714-daaa-4d5e-88af-730e1167c6fc-default-asset-34",
+ "host_name":null,
+ "ip":"101.111.152.254",
+ "vuln_details":{
+ "added":"2004-11-01T00:00:00Z",
+ "categories":"Network",
+ "cves":"CVE-1999-0524",
+ "cvss_v2_access_complexity":"low",
+ "cvss_v2_access_vector":"local",
+ "cvss_v2_authentication":"none",
+ "cvss_v2_availability_impact":"none",
+ "cvss_v2_confidentiality_impact":"none",
+ "cvss_v2_exploit_score":3.948735978603363,
+ "cvss_v2_impact_score":0.0,
+ "cvss_v2_integrity_impact":"none",
+ "cvss_v2_score":0.0,
+ "cvss_v2_vector":"(AV:L/AC:L/Au:N/C:N/I:N/A:N)",
+ "cvss_v3_attack_complexity":null,
+ "cvss_v3_attack_vector":null,
+ "cvss_v3_availability_impact":null,
+ "cvss_v3_confidentiality_impact":null,
+ "cvss_v3_exploit_score":0.0,
+ "cvss_v3_impact_score":null,
+ "cvss_v3_integrity_impact":null,
+ "cvss_v3_privileges_required":null,
+ "cvss_v3_scope":null,
+ "cvss_v3_score":0.0,
+ "cvss_v3_user_interaction":null,
+ "cvss_v3_vector":null,
+ "denial_of_service":false,
+ "description":"The remote host responded to an ICMP timestamp request. The ICMP timestamp response contains the remote host's date and time. This information could theoretically be used against some systems to exploit weak time-based random number generators in other services.\n\nIn addition, the versions of some operating systems can be accurately fingerprinted by analyzing their responses to invalid ICMP timestamp requests.",
+ "exploits":[
+
+ ],
+ "id":"generic-icmp-timestamp",
+ "links":[
+ {
+ "href":"https://exchange.xforce.ibmcloud.com/vulnerabilities/322",
+ "id":"322",
+ "source":"xf"
+ },
+ {
+ "href":"http://nvd.nist.gov/vuln/detail/CVE-1999-0524",
+ "id":"CVE-1999-0524",
+ "source":"cve"
+ },
+ {
+ "href":"http://www.osvdb.org/95",
+ "id":"95",
+ "source":"osvdb"
+ },
+ {
+ "href":"https://exchange.xforce.ibmcloud.com/vulnerabilities/306",
+ "id":"306",
+ "source":"xf"
+ }
+ ],
+ "malware_kits":[
+
+ ],
+ "modified":"2019-06-11T00:00:00Z",
+ "pci_cvss_score":0.0,
+ "pci_fail":false,
+ "pci_severity_score":1,
+ "pci_special_notes":"",
+ "pci_status":"pass",
+ "published":"1997-08-01T00:00:00Z",
+ "references":"xf:306,xf:322,osvdb:95,cve:CVE-1999-0524",
+ "risk_score":0.0,
+ "severity":"moderate",
+ "severity_score":1,
+ "title":"ICMP timestamp response"
+ }
+ },
+ {
+ "asset_id":"1b09c714-daaa-4d5e-88af-730e1167c6fc-default-asset-34",
+ "host_name":null,
+ "ip":"101.111.152.254",
+ "vuln_details":{
+ "added":"2011-04-01T00:00:00Z",
+ "categories":"Network",
+ "cves":"",
+ "cvss_v2_access_complexity":"low",
+ "cvss_v2_access_vector":"network",
+ "cvss_v2_authentication":"none",
+ "cvss_v2_availability_impact":"none",
+ "cvss_v2_confidentiality_impact":"none",
+ "cvss_v2_exploit_score":9.996799945831299,
+ "cvss_v2_impact_score":0.0,
+ "cvss_v2_integrity_impact":"none",
+ "cvss_v2_score":0.0,
+ "cvss_v2_vector":"(AV:N/AC:L/Au:N/C:N/I:N/A:N)",
+ "cvss_v3_attack_complexity":null,
+ "cvss_v3_attack_vector":null,
+ "cvss_v3_availability_impact":null,
+ "cvss_v3_confidentiality_impact":null,
+ "cvss_v3_exploit_score":0.0,
+ "cvss_v3_impact_score":null,
+ "cvss_v3_integrity_impact":null,
+ "cvss_v3_privileges_required":null,
+ "cvss_v3_scope":null,
+ "cvss_v3_score":0.0,
+ "cvss_v3_user_interaction":null,
+ "cvss_v3_vector":null,
+ "denial_of_service":false,
+ "description":"The remote host responded with a TCP timestamp. The TCP timestamp response can be used to approximate the remote host's uptime, potentially aiding in further attacks. Additionally, some operating systems can be fingerprinted based on the behavior of their TCP timestamps.",
+ "exploits":[
+
+ ],
+ "id":"generic-tcp-timestamp",
+ "links":[
+ {
+ "href":"http://www.ietf.org/rfc/rfc1323.txt",
+ "id":"http://www.ietf.org/rfc/rfc1323.txt",
+ "source":"url"
+ },
+ {
+ "href":"http://www.forensicswiki.org/wiki/TCP_timestamps",
+ "id":"http://www.forensicswiki.org/wiki/TCP_timestamps",
+ "source":"url"
+ },
+ {
+ "href":"http://uptime.netcraft.com",
+ "id":"http://uptime.netcraft.com",
+ "source":"url"
+ }
+ ],
+ "malware_kits":[
+
+ ],
+ "modified":"2018-03-21T00:00:00Z",
+ "pci_cvss_score":0.0,
+ "pci_fail":false,
+ "pci_severity_score":1,
+ "pci_special_notes":"",
+ "pci_status":"pass",
+ "published":"1997-08-01T00:00:00Z",
+ "references":"url:http://uptime.netcraft.com,url:http://www.forensicswiki.org/wiki/TCP_timestamps,url:http://www.ietf.org/rfc/rfc1323.txt",
+ "risk_score":0.0,
+ "severity":"moderate",
+ "severity_score":1,
+ "title":"TCP timestamp response"
+ }
+ },
+ {
+ "asset_id":"1b09c714-daaa-4d5e-88af-730e1167c6fc-default-asset-34",
+ "host_name":null,
+ "ip":"101.111.152.254",
+ "vuln_details":{
+ "added":"2020-03-31T00:00:00Z",
+ "categories":"Network,SSH",
+ "cves":"",
+ "cvss_v2_access_complexity":"high",
+ "cvss_v2_access_vector":"network",
+ "cvss_v2_authentication":"none",
+ "cvss_v2_availability_impact":"none",
+ "cvss_v2_confidentiality_impact":"none",
+ "cvss_v2_exploit_score":4.927999973297119,
+ "cvss_v2_impact_score":0.0,
+ "cvss_v2_integrity_impact":"none",
+ "cvss_v2_score":0.0,
+ "cvss_v2_vector":"(AV:N/AC:H/Au:N/C:N/I:N/A:N)",
+ "cvss_v3_attack_complexity":null,
+ "cvss_v3_attack_vector":null,
+ "cvss_v3_availability_impact":null,
+ "cvss_v3_confidentiality_impact":null,
+ "cvss_v3_exploit_score":0.0,
+ "cvss_v3_impact_score":null,
+ "cvss_v3_integrity_impact":null,
+ "cvss_v3_privileges_required":null,
+ "cvss_v3_scope":null,
+ "cvss_v3_score":0.0,
+ "cvss_v3_user_interaction":null,
+ "cvss_v3_vector":null,
+ "denial_of_service":false,
+ "description":"Since 3DES (Triple Data Encryption Standard) only provides an effective security of 112 bits, it is considered close to end of life by some agencies. ECRYPT II (from 2012) recommends for generic application independent long-term protection of at least 128 bits security. The same recommendation has also been reported by BSI Germany (from 2015) and ANSSI France (from 2014), 128 bit is the recommended symmetric size and should be mandatory after 2020. While NIST (from 2012) still considers 3DES being appropriate to use until the end of 2030.",
+ "exploits":[
+
+ ],
+ "id":"ssh-3des-ciphers",
+ "links":[
+ {
+ "href":"https://bettercrypto.org/static/applied-crypto-hardening.pdf",
+ "id":"https://bettercrypto.org/static/applied-crypto-hardening.pdf",
+ "source":"url"
+ },
+ {
+ "href":"http://www.ecrypt.eu.org/ecrypt2/documents/D.SPA.20.pdf",
+ "id":"http://www.ecrypt.eu.org/ecrypt2/documents/D.SPA.20.pdf",
+ "source":"url"
+ }
+ ],
+ "malware_kits":[
+
+ ],
+ "modified":"2020-03-31T00:00:00Z",
+ "pci_cvss_score":0.0,
+ "pci_fail":false,
+ "pci_severity_score":1,
+ "pci_special_notes":"",
+ "pci_status":"pass",
+ "published":"2009-02-01T00:00:00Z",
+ "references":"url:http://www.ecrypt.eu.org/ecrypt2/documents/D.SPA.20.pdf,url:https://bettercrypto.org/static/applied-crypto-hardening.pdf",
+ "risk_score":0.0,
+ "severity":"moderate",
+ "severity_score":1,
+ "title":"SSH Server Supports 3DES Cipher Suite"
+ }
+ },
+ {
+ "asset_id":"1b09c714-daaa-4d5e-88af-730e1167c6fc-default-asset-34",
+ "host_name":null,
+ "ip":"101.111.152.254",
+ "vuln_details":{
+ "added":"2020-03-31T00:00:00Z",
+ "categories":"Network,SSH",
+ "cves":"",
+ "cvss_v2_access_complexity":"high",
+ "cvss_v2_access_vector":"network",
+ "cvss_v2_authentication":"none",
+ "cvss_v2_availability_impact":"none",
+ "cvss_v2_confidentiality_impact":"partial",
+ "cvss_v2_exploit_score":4.927999973297119,
+ "cvss_v2_impact_score":2.8627500620484354,
+ "cvss_v2_integrity_impact":"none",
+ "cvss_v2_score":2.6,
+ "cvss_v2_vector":"(AV:N/AC:H/Au:N/C:P/I:N/A:N)",
+ "cvss_v3_attack_complexity":null,
+ "cvss_v3_attack_vector":null,
+ "cvss_v3_availability_impact":null,
+ "cvss_v3_confidentiality_impact":null,
+ "cvss_v3_exploit_score":0.0,
+ "cvss_v3_impact_score":null,
+ "cvss_v3_integrity_impact":null,
+ "cvss_v3_privileges_required":null,
+ "cvss_v3_scope":null,
+ "cvss_v3_score":0.0,
+ "cvss_v3_user_interaction":null,
+ "cvss_v3_vector":null,
+ "denial_of_service":false,
+ "description":"SSH contains a vulnerability in the way certain types of errors are handled. Attacks leveraging this vulnerabilty would lead to the loss of the SSH session. According to CPNI Vulnerability Advisory SSH: \n\n If exploited, this attack can potentially allow an attacker to recover up to 32 bits of plaintext from an arbitrary block of ciphertext from a connection secured using the SSH protocol in the standard configuration. If OpenSSH is used in the standard configuration, then the attacker's success probability for recovering 32 bits of plaintext is 2^{-18}. A variant of the attack against OpenSSH in the standard configuration can verifiably recover 14 bits of plaintext with probability 2^{-14}. The success probability of the attack for other implementations of SSH is not known.",
+ "exploits":[
+
+ ],
+ "id":"ssh-cbc-ciphers",
+ "links":[
+ {
+ "href":"https://www.kb.cert.org/vuls/id/958563",
+ "id":"https://www.kb.cert.org/vuls/id/958563",
+ "source":"url"
+ }
+ ],
+ "malware_kits":[
+
+ ],
+ "modified":"2020-03-31T00:00:00Z",
+ "pci_cvss_score":2.6,
+ "pci_fail":false,
+ "pci_severity_score":2,
+ "pci_special_notes":"",
+ "pci_status":"pass",
+ "published":"2013-02-08T00:00:00Z",
+ "references":"url:https://www.kb.cert.org/vuls/id/958563",
+ "risk_score":497.83,
+ "severity":"moderate",
+ "severity_score":3,
+ "title":"SSH CBC vulnerability"
+ }
+ },
+ {
+ "asset_id":"1b09c714-daaa-4d5e-88af-730e1167c6fc-default-asset-34",
+ "host_name":null,
+ "ip":"101.111.152.254",
+ "vuln_details":{
+ "added":"2020-03-31T00:00:00Z",
+ "categories":"Network,SSH",
+ "cves":"CVE-2015-4000",
+ "cvss_v2_access_complexity":"medium",
+ "cvss_v2_access_vector":"network",
+ "cvss_v2_authentication":"none",
+ "cvss_v2_availability_impact":"none",
+ "cvss_v2_confidentiality_impact":"none",
+ "cvss_v2_exploit_score":8.588799953460693,
+ "cvss_v2_impact_score":2.8627500620484354,
+ "cvss_v2_integrity_impact":"partial",
+ "cvss_v2_score":4.3,
+ "cvss_v2_vector":"(AV:N/AC:M/Au:N/C:N/I:P/A:N)",
+ "cvss_v3_attack_complexity":"high",
+ "cvss_v3_attack_vector":"network",
+ "cvss_v3_availability_impact":"none",
+ "cvss_v3_confidentiality_impact":"none",
+ "cvss_v3_exploit_score":2.2211673,
+ "cvss_v3_impact_score":1.4123999999999999,
+ "cvss_v3_integrity_impact":"low",
+ "cvss_v3_privileges_required":"none",
+ "cvss_v3_scope":"unchanged",
+ "cvss_v3_score":3.7,
+ "cvss_v3_user_interaction":"none",
+ "cvss_v3_vector":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
+ "denial_of_service":false,
+ "description":"The prime modulus offered when diffie-hellman-group1-sha1 is used only has a size of 1024 bits. This size is considered weak and within theoretical range of the so-called Logjam attack.",
+ "exploits":[
+
+ ],
+ "id":"ssh-cve-2015-4000",
+ "links":[
+ {
+ "href":"http://nvd.nist.gov/vuln/detail/CVE-2015-4000",
+ "id":"CVE-2015-4000",
+ "source":"cve"
+ },
+ {
+ "href":"https://weakdh.org/",
+ "id":"https://weakdh.org/",
+ "source":"url"
+ }
+ ],
+ "malware_kits":[
+
+ ],
+ "modified":"2020-07-13T00:00:00Z",
+ "pci_cvss_score":4.3,
+ "pci_fail":true,
+ "pci_severity_score":3,
+ "pci_special_notes":"",
+ "pci_status":"fail",
+ "published":"2015-05-20T00:00:00Z",
+ "references":"cve:CVE-2015-4000,url:https://weakdh.org/",
+ "risk_score":196.45,
+ "severity":"severe",
+ "severity_score":4,
+ "title":"SSH Server Supports diffie-hellman-group1-sha1"
+ }
+ },
+ {
+ "asset_id":"1b09c714-daaa-4d5e-88af-730e1167c6fc-default-asset-34",
+ "host_name":null,
+ "ip":"101.111.152.254",
+ "vuln_details":{
+ "added":"2020-03-31T00:00:00Z",
+ "categories":"Network,SSH",
+ "cves":"CVE-2016-2183",
+ "cvss_v2_access_complexity":"low",
+ "cvss_v2_access_vector":"network",
+ "cvss_v2_authentication":"none",
+ "cvss_v2_availability_impact":"none",
+ "cvss_v2_confidentiality_impact":"partial",
+ "cvss_v2_exploit_score":9.996799945831299,
+ "cvss_v2_impact_score":2.8627500620484354,
+ "cvss_v2_integrity_impact":"none",
+ "cvss_v2_score":5.0,
+ "cvss_v2_vector":"(AV:N/AC:L/Au:N/C:P/I:N/A:N)",
+ "cvss_v3_attack_complexity":"low",
+ "cvss_v3_attack_vector":"network",
+ "cvss_v3_availability_impact":"none",
+ "cvss_v3_confidentiality_impact":"high",
+ "cvss_v3_exploit_score":3.8870427750000003,
+ "cvss_v3_impact_score":3.5952,
+ "cvss_v3_integrity_impact":"none",
+ "cvss_v3_privileges_required":"none",
+ "cvss_v3_scope":"unchanged",
+ "cvss_v3_score":7.5,
+ "cvss_v3_user_interaction":"none",
+ "cvss_v3_vector":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
+ "denial_of_service":false,
+ "description":"Legacy block ciphers having a block size of 64 bits are vulnerable to a practical collision attack when used in CBC mode. The security of a block cipher is often reduced to the key size k: the best attack should be the exhaustive search of the key, with complexity 2 to the power of k. However, the block size n is also an important security parameter, defining the amount of data that can be encrypted under the same key. This is particularly important when using common modes of operation: we require block ciphers to be secure with up to 2 to the power of n queries, but most modes of operation (e.g. CBC, CTR, GCM, OCB, etc.) are unsafe with more than 2 to the power of half n blocks of message (the birthday bound). With a modern block cipher with 128-bit blocks such as AES, the birthday bound corresponds to 256 exabytes. However, for a block cipher with 64-bit blocks, the birthday bound corresponds to only 32 GB, which is easily reached in practice. Once a collision between two cipher blocks occurs it is possible to use the collision to extract the plain text data.",
+ "exploits":[
+
+ ],
+ "id":"ssh-cve-2016-2183-sweet32",
+ "links":[
+ {
+ "href":"https://sweet32.info/",
+ "id":"https://sweet32.info/",
+ "source":"url"
+ },
+ {
+ "href":"http://nvd.nist.gov/vuln/detail/CVE-2016-2183",
+ "id":"CVE-2016-2183",
+ "source":"cve"
+ }
+ ],
+ "malware_kits":[
+
+ ],
+ "modified":"2020-04-01T00:00:00Z",
+ "pci_cvss_score":5.0,
+ "pci_fail":true,
+ "pci_severity_score":3,
+ "pci_special_notes":"",
+ "pci_status":"fail",
+ "published":"2016-08-24T00:00:00Z",
+ "references":"cve:CVE-2016-2183,url:https://sweet32.info/",
+ "risk_score":527.51,
+ "severity":"severe",
+ "severity_score":5,
+ "title":"SSH Birthday attacks on 64-bit block ciphers (SWEET32)"
+ }
+ },
+ {
+ "asset_id":"1b09c714-daaa-4d5e-88af-730e1167c6fc-default-asset-34",
+ "host_name":null,
+ "ip":"101.111.152.254",
+ "vuln_details":{
+ "added":"2020-03-31T00:00:00Z",
+ "categories":"Network,SSH",
+ "cves":"",
+ "cvss_v2_access_complexity":"medium",
+ "cvss_v2_access_vector":"network",
+ "cvss_v2_authentication":"none",
+ "cvss_v2_availability_impact":"none",
+ "cvss_v2_confidentiality_impact":"partial",
+ "cvss_v2_exploit_score":8.588799953460693,
+ "cvss_v2_impact_score":2.8627500620484354,
+ "cvss_v2_integrity_impact":"none",
+ "cvss_v2_score":4.3,
+ "cvss_v2_vector":"(AV:N/AC:M/Au:N/C:P/I:N/A:N)",
+ "cvss_v3_attack_complexity":null,
+ "cvss_v3_attack_vector":null,
+ "cvss_v3_availability_impact":null,
+ "cvss_v3_confidentiality_impact":null,
+ "cvss_v3_exploit_score":0.0,
+ "cvss_v3_impact_score":null,
+ "cvss_v3_integrity_impact":null,
+ "cvss_v3_privileges_required":null,
+ "cvss_v3_scope":null,
+ "cvss_v3_score":0.0,
+ "cvss_v3_user_interaction":null,
+ "cvss_v3_vector":null,
+ "denial_of_service":false,
+ "description":"The server supports one or more weak key exchange algorithms. It is highly adviseable to remove weak key exchange algorithm support from SSH configuration files on hosts to prevent them from being used to establish connections.",
+ "exploits":[
+
+ ],
+ "id":"ssh-weak-kex-algorithms",
+ "links":[
+ {
+ "href":"https://wiki.mozilla.org/Security/Guidelines/OpenSSH",
+ "id":"https://wiki.mozilla.org/Security/Guidelines/OpenSSH",
+ "source":"url"
+ }
+ ],
+ "malware_kits":[
+
+ ],
+ "modified":"2020-04-07T00:00:00Z",
+ "pci_cvss_score":4.3,
+ "pci_fail":true,
+ "pci_severity_score":3,
+ "pci_special_notes":"",
+ "pci_status":"fail",
+ "published":"2017-07-13T00:00:00Z",
+ "references":"url:https://wiki.mozilla.org/Security/Guidelines/OpenSSH",
+ "risk_score":405.49,
+ "severity":"severe",
+ "severity_score":4,
+ "title":"SSH Server Supports Weak Key Exchange Algorithms"
+ }
+ },
+ {
+ "asset_id":"1b09c714-daaa-4d5e-88af-730e1167c6fc-default-asset-34",
+ "host_name":null,
+ "ip":"101.111.152.254",
+ "vuln_details":{
+ "added":"2020-03-31T00:00:00Z",
+ "categories":"Network,SSH",
+ "cves":"",
+ "cvss_v2_access_complexity":"high",
+ "cvss_v2_access_vector":"network",
+ "cvss_v2_authentication":"none",
+ "cvss_v2_availability_impact":"none",
+ "cvss_v2_confidentiality_impact":"partial",
+ "cvss_v2_exploit_score":4.927999973297119,
+ "cvss_v2_impact_score":4.938243839970231,
+ "cvss_v2_integrity_impact":"partial",
+ "cvss_v2_score":4.0,
+ "cvss_v2_vector":"(AV:N/AC:H/Au:N/C:P/I:P/A:N)",
+ "cvss_v3_attack_complexity":null,
+ "cvss_v3_attack_vector":null,
+ "cvss_v3_availability_impact":null,
+ "cvss_v3_confidentiality_impact":null,
+ "cvss_v3_exploit_score":0.0,
+ "cvss_v3_impact_score":null,
+ "cvss_v3_integrity_impact":null,
+ "cvss_v3_privileges_required":null,
+ "cvss_v3_scope":null,
+ "cvss_v3_score":0.0,
+ "cvss_v3_user_interaction":null,
+ "cvss_v3_vector":null,
+ "denial_of_service":false,
+ "description":"The SSH server supports cryptographically weak Hash-based message authentication codes (HMACs) including MD5 or 96-bit Hash-based algorithms.",
+ "exploits":[
+
+ ],
+ "id":"ssh-weak-message-authentication-code-algorithms",
+ "links":[
+ {
+ "href":"http://csrc.nist.gov/archive/ipsec/papers/rfc2403-hmacmd5.txt",
+ "id":"http://csrc.nist.gov/archive/ipsec/papers/rfc2403-hmacmd5.txt",
+ "source":"url"
+ }
+ ],
+ "malware_kits":[
+
+ ],
+ "modified":"2020-03-31T00:00:00Z",
+ "pci_cvss_score":4.0,
+ "pci_fail":true,
+ "pci_severity_score":3,
+ "pci_special_notes":"",
+ "pci_status":"fail",
+ "published":"2014-01-06T00:00:00Z",
+ "references":"url:http://csrc.nist.gov/archive/ipsec/papers/rfc2403-hmacmd5.txt",
+ "risk_score":557.98,
+ "severity":"severe",
+ "severity_score":4,
+ "title":"SSH Weak Message Authentication Code Algorithms"
+ }
+ }
+ ]
\ No newline at end of file
diff --git a/Solutions/Rapid7InsightVM/Data Connectors/InsightVMCloudAPISentinelConn.zip b/Solutions/Rapid7InsightVM/Data Connectors/InsightVMCloudAPISentinelConn.zip
new file mode 100644
index 0000000000000000000000000000000000000000..4c0c67d4c3c508c9b622b7815f89b463452bb933
GIT binary patch
literal 7049970
zcmb4p1zc3$w=azd(j_1r(jYA{AR--tGzbjR-90o6T?$C5l(cl03?h=!0un}tX!TiNYMEM@2{
za=nV<8>(eLWUKqxz2jw3jpFzN{wKm;R=0)BEC=0M+l6U$JuSM~POvi0?wMGdG^Y2j
zU;7Vw{8X7b`_b}2^$`b!iG#Vje%5!_@C^G4G98a8uaM3iwNqLb_XkP_TFX_k3FEed
zDeL7Fl=WDqh7QYGKTz2C!`Q@(E!x