Operating System Unsupported Version Detection in banner reporting (PCI-DSS check)

Critical Nessus Plugin ID 122403

Synopsis

The OS version reported in banners possesses one or more vulnerabilities.

Description

A service banner response from the remote host indicates an operating system install at a level that indicates the operating system running on the remote host is no longer supported.

Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it is likely to contain security vulnerabilities.

This plugin only runs when 'Check for PCI-DSS compliance' is enabled in the scan policy. It does not run if local security checks are enabled. It runs off of self-reported OS versions in banners and fingerprinting.

Solution

Upgrade to a version of the operating system that is currently supported.

Plugin Details

Severity: Critical

ID: 122403

File Name: os_banner_unsupported_operating_system.nasl

Version: 1.1

Type: remote

Family: Web Servers

Published: 2019/02/22

Updated: 2019/02/22

Risk Information

Risk Factor: Critical

CVSS Score Source: manual

CVSS Score Rationale: Default unsupported software score.

CVSS v2.0

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS v3.0

Base Score: 10

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H