Nessus Windows Scan Not Performed with Admin Privileges

info Nessus Plugin ID 24786
New! Plugin Severity Now Using CVSS v3

The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Synopsis

The Nessus scan of this host may be incomplete due to insufficient privileges provided.

Description

The Nessus scanner testing the remote host has been given SMB credentials to log into the remote host, however these credentials do not have administrative privileges.

Typically, when Nessus performs a patch audit, it logs into the remote host and reads the version of the DLLs on the remote host to determine if a given patch has been applied or not. This is the method Microsoft recommends to determine if a patch has been applied.

If your Nessus scanner does not have administrative privileges when doing a scan, then Nessus has to fall back to perform a patch audit through the registry which may lead to false positives (especially when using third-party patch auditing tools) or to false negatives (not all patches can be detected through the registry).

Solution

Reconfigure your scanner to use credentials with administrative privileges.

Plugin Details

Severity: Info

ID: 24786

File Name: smb_scan_not_admin.nasl

Version: 1.13

Type: local

Family: Settings

Published: 3/12/2007

Updated: 9/22/2020

Dependencies: netbios_name_get.nasl, smb_login.nasl

Vulnerability Information

CPE: cpe:/o:microsoft:windows

Required KB Items: SMB/name, SMB/login, SMB/password, SMB/transport

Excluded KB Items: SMB/not_windows

Reference Information

IAVB: 0001-B-0505