The remote system is providing an SSL/TLS certificate without a subject field. While this is not required in all cases, it is recommended to ensure broad compatibility.

The remote system is providing an SSL/TLS certificate without a subject common name field. While this is not required in all cases, it is recommended to ensure broad compatibility.

The remote host has open SSL/TLS ports which advertise discouraged cipher suites. It is recommended to only enable support for the following cipher suites:

TLSv1.3:
  - 0x13,0x01 TLS_AES_128_GCM_SHA256
  - 0x13,0x02 TLS_AES_256_GCM_SHA384
  - 0x13,0x03 TLS_CHACHA20_POLY1305_SHA256

TLSv1.2:
  - 0xC0,0x2B ECDHE-ECDSA-AES128-GCM-SHA256
  - 0xC0,0x2F ECDHE-RSA-AES128-GCM-SHA256
  - 0xC0,0x2C ECDHE-ECDSA-AES256-GCM-SHA384
  - 0xC0,0x30 ECDHE-RSA-AES256-GCM-SHA384
  - 0xCC,0xA9 ECDHE-ECDSA-CHACHA20-POLY1305
  - 0xCC,0xA8 ECDHE-RSA-CHACHA20-POLY1305
  - 0x00,0x9E DHE-RSA-AES128-GCM-SHA256
  - 0x00,0x9F DHE-RSA-AES256-GCM-SHA384

This is the recommended configuration for the vast majority of services, as it is highly secure and compatible with nearly every client released in the last five (or more) years.

The version of VMware Workstation installed on the remote host is 16.0.x prior to 16.2.1. It is, therefore, affected by multiple vulnerabilities:

  - VMware ESXi, Workstation, and Fusion contain a use-after-free vulnerability in the XHCI USB controller. A     malicious actor with local administrative privileges on a virtual machine may exploit this issue to     execute code as the virtual machine's VMX process running on the host. (CVE-2021-22040)

  - VMware ESXi, Workstation, and Fusion contain a double-fetch vulnerability in the UHCI USB controller. A     malicious actor with local administrative privileges on a virtual machine may exploit this issue to     execute code as the virtual machine's VMX process running on the host. (CVE-2021-22041)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

VMware Workstation contains a heap-overflow vulnerability in CD-ROM device emulation. A malicious actor with access to a virtual machine with CD-ROM device emulation may be able to exploit this vulnerability in conjunction with other issues to execute code on the hypervisor from a virtual machine.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Report the mounted devices information on the target machine at scan time using the following commands.
/bin/df -h /bin/lsblk /bin/mount -l

This plugin only reports on the tools available on the system and omits any tool that did not return information when the command was ran.

The remote host appears to be running SIP. SIP itself is not vulnerable to Log4Shell; however, the SIP application could potentially be affected if it attempts to log packet data via a vulnerable log4j library.

A negative result from this plugin does not prove conclusively that the remote system is not affected by Log4Shell, only that any scripts the SIP proxy may be running do not create the conditions that are exploitable via the Log4Shell flaw.

The remote host is an OCI (Oracle Cloud Infrastructure) instance for which metadata could be retrieved.

The remote SSH server has a host key size that is smaller than 2048 bits. NIST Special Publication 800-57 Part 3 Recommendation for Key Management recommends RSA keys greater or equal to 2048 bits in length.

The version of VMware Workstation installed on the remote host is 15.0.x prior to 15.5.7. It is, therefore, affected by a vulnerability.  Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of VMware Workstation installed on the remote Windows host is 16.0.x prior to 16.1.2. It is, therefore, affected by multiple vulnerabilities.  Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

One or more instances of Amazon Corretto Java are installed on the remote host.  This may include private JREs bundled with the Java Development Kit (JDK).

Notes:

  - Addition information provided in plugin     Java Detection and Identification (Unix)

  - Additional instances of Java may be discovered by enabling thorough     tests

One or more instances of AdoptOpenJDK Java are installed on the remote host.  This may include private JREs bundled with the Java Development Kit (JDK).

Notes:

  - Addition information provided in plugin     Java Detection and Identification (Unix)

  - Additional instances of Java may be discovered by enabling thorough     tests

One or more instances of Azul Zulu Java are installed on the remote host.  This may include private JREs bundled with the Java Development Kit (JDK).

Notes:

  - Addition information provided in plugin     Java Detection and Identification (Unix)

  - Additional instances of Java may be discovered by enabling thorough     tests

One or more instances of OpenJDK Java are installed on the remote host.  This may include private JREs bundled with the Java Development Kit (JDK).

Notes:

  - Addition information provided in plugin     Java Detection and Identification (Unix)

  - Additional instances of Java may be discovered by enabling thorough     tests

One or more instances of IBM Java are installed on the remote host.  This may include private JREs bundled with the Java Development Kit (JDK).

Notes:

  - Addition information provided in plugin     Java Detection and Identification (Unix)

  - Additional instances of Java may be discovered by enabling thorough     tests

One or more instances of Java are installed on the remote Linux / Unix host. This may include private JREs bundled with the Java Development  Kit (JDK).
Notes:
  - This plugin attempts to detect Oracle and non-Oracle JRE instances     such as Zulu Java, Amazon Corretto, AdoptOpenJDK, IBM Java, etc
  - To discover instances of JRE that are not in PATH,     or installed via a package manager, 'Perform thorough tests'     setting must be enabled.

Nessus has determined via netstat, that the remote host has a connection to one or more hosts that are listed the custom netstat IP threat list.

The account 'vsnap' on the remote host has the static password 'YKojGy3mBmRh'. An unauthenticated, remote attacker can exploit this issue to gain administrative access to the affected system.

The version of VMware Workstation installed on the remote host is 15.x prior to 15.5.7. It is, therefore, affected by a DoS vulnerability due to improper input validation in GuestInfo. A malicious actor with normal user privilege access to a virtual machine can crash the virtual machine's vmx process leading to a denial of service condition.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of VMware Workstation installed on the remote Windows host is 15.x prior to 15.5.7. It is, therefore, affected by a use-after-free error in the XHCI USB Controller. An unauthenticated, local attacker with administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host.

Note that Nessus has not tested for this issue, but has instead relied only on the application's self-reported version number.

The IBM Spectrum Protect Operations Center running on the remote host is version 7.1.x < 7.1.11.000 or 8.1.x < 8.1.10.000. It is, therefore, vulnerable to a code injection vulnerability which could allow an unauthenticated, remote attacker to execute arbitrary code on the system.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The IBM Spectrum Protect Plus (SPP) administrative console running on the remote host is affected by a remote code execution vulnerability due to the fact that it allows remote installation of console plugins. An unauthenticated, remote attacker can exploit this and CVE-2020-4711 together, via specially crafted HTTP requests, to execute arbitrary code on the system with root privileges.

Note that the application is reportedly affected by other vulnerabilities; however, this plugin has not tested for those issues.

IBM Spectrum Protect, formerly known as Tivoli Storage Manager, running on the remote host is version 7.1.x <= 7.1.10.000 or 8.1.x <= 8.1.10.000. It is, therefore, affected by a denial of service (DoS) vulnerability due to insufficient validation of user-supplied input. An unauthenticated, remote attacker can exploit this issue, to impose a DoS condition on the application.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

IBM Spectrum Protect, formerly known as Tivoli Storage Manager, installed on the remote host is version 8.1.x < 8.1.10.100. It is, therefore, affected by an information disclosure vulnerability in nondefault settings due to occasionally not encrypting the second chunk of an object in an encrypted container pool.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The IBM Spectrum Protect Plus (SPP) administrative console running on the remote host is affected by a remote command injection vulnerability due to improper validation of user-supplied data when processing a 'set hostname' HTTP request. An unauthenticated, remote attacker can exploit this, via a specially crafted HTTP request, to execute arbitrary code on the system with root privileges.

Note that this plugin does not flag SPP 10.1.5 build 2218 having the spp-emi-10.1.5-227 RPM package as vulnerable because it partially fixed the vulnerabilities by enabling authentication for URL /emi/api/hostname. A full fix is in spp-emi-10.1.6-21 in SPP 10.1.6 build 1974, which performs additional checking on the hostname parameter in the HTTP request to prevent authenticated command injection. 

Also note that the application is reportedly affected by other vulnerabilities; however, this plugin has not tested for those issues.

kpatch is being used to maintain the remote host's operating system kernel without requiring reboots.

The Trading Technologies Messaging (TTM) running on the remote host is affected by a remote code execution vulnerability due to the lack of validation of user-supplied data prior to copying it to a fixed-length stack-based buffer when processing a remove_park message. An unauthenticated, remote attacker can exploit this, via a specially crafted message, to execute arbitrary code on the system with SYSTEM privileges.

Note that the application is reportedly affected by other vulnerabilities; however, this plugin has not tested for those issues.

IBM Spectrum Protect, formerly known as Tivoli Storage Manager, running on the remote host is version 7.1.x < 7.1.10.100 or 8.1.x < 8.1.9.300. It is, therefore, is vulnerable to a stack-based buffer overflow which could allow an unauthenticated, remote attacker to executive arbitrary code on the system or cause the IBM Spectrum Protect Server to crash.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The IBM Spectrum Protect Plus administrative console running on the remote host is affected by a remote command injection vulnerability due to improper validation of user-supplied data when processing a login HTTP request. An unauthenticated, remote attacker can exploit this, via a specially crafted HTTP request, to execute arbitrary code on the system with root privileges.

Note that the application is reportedly affected by other vulnerabilities; however, this plugin has not tested for those issues.

The version of VMware Workstation installed on the remote Linux host is 15.x prior to 15.5.2. It is, therefore, affected by multiple vulnernabilities.  Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The IBM Spectrum Protect server or storage agent running on the remote host is affected by a remote code execution vulnerability due to improper invalidation of user-supplied data during communication exchanges. An unauthenticated, remote attacker can exploit this, via a series of specially crafted messages, to execute arbitrary code on the system with instance id privileges or cause the server or storage agent to crash.

SELinux is available on the host and plugin was able to check if it is enabled.

This script attempts to identify the operating system type and version by using a machine learning variant of SinFP.

This plugin detects if the remote host has any open ports which only support SSLv2. This protocol has been deprecated since 2011 because of security vulnerabilities and most major SSL libraries such as OpenSSL, NSS, Mbed TLS, and wolfSSL do not provide this functionality in their latest versions.

Nessus 8.9 and later no longer supports SSLv2.

The remote host has open SSL/TLS ports which advertise deprecated cipher suites. The ciphers contained in these suites are no longer supported by most major ssl libraries such as OpenSSL, NSS, Mbed TLS, and wolfSSL and, as such, should not be used for secure communication.

Nessus 8.9 and later no longer supports these ciphers.

This plugin enumerates and reports any SSLv2 connections which   were attempted as part of a scan. This protocol has been deemed prohibited since 2011 because of security   vulnerabilities and most major ssl libraries such as openssl, nss, mbed and wolfssl do not provide this functionality   in their latest versions. This protocol has been deprecated in Nessus 8.9 and later.

The remote host has open SSL/TLS ports which advertise deprecated cipher suites. The ciphers contained in these suites are no longer supported by most major ssl libraries such as OpenSSL, NSS, Mbed TLS, and wolfSSL and, as such, should not be used for secure communication.

Nessus 8.9 and later no longer supports these ciphers.

This plugin was deprecated on 2021/11/18 and has been replaced with plugin ID 132675.

Query host for the existance and functionality of commands wrapped by the command builder library.

The remote host is affected by an information disclosure vulnerability. The SSL/TLS service supports RSA key exchanges, and incorrectly leaks whether or not the RSA key exchange sent by a client was correctly formatted. This information can allow an attacker to decrypt previous SSL/TLS sessions or impersonate the server.

Note that this plugin does not attempt to recover an RSA ciphertext, however it sends a number of correct and malformed RSA ciphertexts as part of an SSL handshake and observes how the server responds.

This plugin attempts to discover the vulnerability in multiple ways, by not completing the handshake and by completing it incorrectly, as well as using a variety of cipher suites. Only the first method that finds the service to be vulnerable is reported.

This plugin requires report paranoia as some services will report as affected even though the issue is not exploitable.

VMware ESXi (6.7 before ESXi670-201908101-SG and 6.5 before ESXi650-201910401-SG), Workstation (15.x before 15.5.0) and Fusion (11.x before 11.5.0) contain a denial-of-service vulnerability in the shader functionality. Successful exploitation of this issue may allow attackers with normal user privileges to create a denial-of-service condition on their own VM. Exploitation of this issue require an attacker to have access to a virtual machine with 3D graphics enabled. It is not enabled by default on ESXi and is enabled by default on Workstation and Fusion.

The version of VMware Workstation installed on the remote host is 15.0.x prior to 15.5.0. It is, therefore, affected by the following issues:

  - A use-after-free error in the virtual sound device that     allows a local attacker on the guest machine with low     privileges to execute code on the host. (CVE-2019-5527)

  - A denial of service vulnerability caused by improper     handling of some IPv6 packets. An attacker can exploit     this vulnerability to disallow network access for all     guest machines using the VMware NAT mode. To exploit     this vulnerability, the attacker must send specially     crafted IPv6 packets from a guest machine when IPv6 mode     for VMNAT is enabled. (CVE-2019-5535)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Microsoft Visual Studio Code, an integrated development environment software application, is installed on the remote Linux host.

Note: If thorough tests is enabled, this plugin will check for snap installs.

The remote host is missing one or more security patches. This plugin ensures that supersedence has been calculated for all missing patches and stores the supersedence data in the scan report so that recommendations can be made for the latest and least number of patches to install to make sure the remote host is up-to-date.

This script attempts to identify the operating system type and version by looking at the capabilities of the remote Apple AirPlay server.

IBM Spectrum Protect, formerly known as Tivoli Storage Manager, installed on the remote host is version 7.1.x < 7.1.9.300 or 8.1.x < 8.1.8. It is, therefore, affected by multiple IBM Db2 remote code execution and privilege escalation vulnerabilities. These vulnerabilities could allow an attacker to gain system-level access to the affected host.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of the Symantec Endpoint Encryption (SEE) installed on the remote Windows host is prior to 11.3.0. It is, therefore, affected by a two privilege escalation vulnerabilities. An authenticated, local attacker could exploit these vulnerabilities to gain elevated access to the system.

The version of Symantec Encryption Desktop installed on the remote host is affected by two privilege escalation vulnerabilities. A local attacker could exploit these vulnerabilities to gain elevated access to the system.

ID	Name	Severity
159545	SSL Certificate with no Subject	info
159544	SSL Certificate with no Common Name	info
159543	SSL/TLS Recommended Cipher Suites (PCI DSS)	medium
158148	VMware Workstation 16.0.x < 16.2.1 Multiple Vulnerabilities (VMSA-2022-0004)	medium
157422	VMware Workstation 16.0.x < 16.2.0 Heap Overflow RCE (VMSA-2022-0001)	high
157358	Linux Mounted Devices	info
156899	SSL/TLS Recommended Cipher Suites	info
156017	SIP Script Remote Command Execution via log4shell	critical
154138	Oracle Cloud Infrastructure Instance Metadata Enumeration (Linux / Unix)	info
153954	SSH Host Keys < 2048 Bits Considered Weak	low
150961	VMware Workstation 15.0.x < 15.5.7 Vulnerability (VMSA-2020-0029.1)	medium
149853	VMware Workstation 16.0.x < 16.1.2 Multiple Vulnerabilities (VMSA-2021-0009)	medium
148376	Amazon Corretto Java Detection (Linux / Unix)	info
148375	AdoptOpenJDK Java Detection (Linux / Unix)	info
148374	Azul Zulu Java Detection (Linux / Unix)	info
148373	OpenJDK Java Detection (Linux / Unix)	info
148372	IBM Java Detection (Linux / Unix)	info
147817	Java Detection and Identification (Linux / Unix)	info
147190	Active Connection to or from Host Listed in Custom Netstat IP Threat List	info
146571	IBM Spectrum Protect Plus vsnap Static Credential Vulnerability	critical
144852	VMware Workstation 15.x < 15.5.7 DoS (VMSA-2020-0029)	medium
143223	VMware Workstation 15.x < 15.5.7 Use-after-free (VMSA-2020-0026)	high
143123	IBM Spectrum Protect Operations Center 7.1.x < 7.1.11.000 / 8.1.x < 8.1.10.000 Code Injection Vulnerability	critical
141471	IBM Spectrum Protect Plus File Upload RCE	critical
140201	IBM Spectrum Protect 7.1.x <= 7.1.10.000 / 8.1.x <= 8.1.10.000 DoS	high
140200	IBM Spectrum Protect 8.1.x < 8.1.10.100 Information Disclosure	low
139330	IBM Spectrum Protect Plus hostname Command Injection	critical
138014	kpatch : Installed Patches	info
137053	Trading Technologies Messaging remove_park Stack Overflow	critical
136547	IBM Spectrum Protect 7.1.x < 7.1.10.100 / 8.1.x < 8.1.9.300 Stack-based Buffer Overflow	critical
135852	IBM Spectrum Protect Plus username Command Injection	critical
134626	VMware Workstation 15.x < 15.5.2 Multiple Vulnerabilities (VMSA-2020-0004) (Linux)	high
134564	IBM Spectrum Protect Server and Storage Agent RCE	critical
133964	SELinux Status Check	info
132935	OS Identification: SinFP with Machine Learning	info
132676	SSLv2-Only Open Ports Unsupported	critical
132675	SSL/TLS Deprecated Ciphers Unsupported	critical
132634	Deprecated SSLv2 Connection Attempts	info
131290	SSL/TLS Deprecated Ciphers (deprecated)	info
131286	Command Builder Initialization	info
131127	SSLv2-Only Open Ports	info
105415	Return Of Bleichenbacher's Oracle Threat (ROBOT) Information Disclosure	high
130453	VMware Workstation < 15.5.0 Vulnerability (VMSA-2019-0019)	medium
129495	VMware Workstation 15.0.x < 15.5.0 Multiple Vulnerabilities (VMSA-2019-0014)	high
129056	Microsoft Visual Studio Code for Installed (Linux)	info
128276	Patch Data Finalization	info
127857	OS Identification : Apple AirPlay	info
126987	IBM Spectrum Protect 7.1.x < 7.1.9.300 / 8.1.x < 8.1.8 Multiple Vulnerabilities	high
126626	Symantec Endpoint Encryption < 11.3.0 Multiple Vulnerabilities (SYMSA1485)	high
126625	Symantec Encryption Desktop Multiple Vulnerabilities (SYMSA1485)	high

General Family for Nessus

info

info

medium

medium

high

info

info

critical

info

low

medium

medium

info

info

info

info

info

info

info

critical

medium

high

critical

critical

high

low

critical

info

critical

critical

critical

high

critical

info

info

critical

critical

info

info

info

info

high

medium

high

info

info

info

high

high

high