An unsupported version of .NET Core SDK is installed on the remote host.

According to its version, the .NET Core SDK installed on the remote host is no longer maintained by its vendor or provider.

Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it may contain security vulnerabilities.

Upgrade to a version of .NET Core SDK that is currently supported.

Critical

10.0 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)

10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

Published: 2023/03/07, Modified: 2023/03/07

Path : C:\\program files\dotnet\\sdk\3.1.416
Installed version : 3.1.416
Security End of Life : December 13, 2022
Time since Security End of Life (Est.) : >= 3 years

An unsupported version of ASP.NET Core is installed on the remote host.

According to its version, the ASP.NET Core installed on the remote host is no longer maintained by its vendor or provider.

Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it may contain security vulnerabilities.

Upgrade to a version of ASP.NET Core that is currently supported.

Critical

10.0 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)

10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

Published: 2023/03/07, Modified: 2023/03/07

Path : C:\Program Files\dotnet\shared\Microsoft.AspNetCore.App\3.1.22
Installed version : 3.1.22
Security End of Life : December 13, 2022
Time since Security End of Life (Est.) : >= 3 years

A logging library running on the remote host has multiple vulnerabilities.

According to its self-reported version number, the installation of Apache Log4j on the remote host is 1.x and is no longer supported. Log4j reached its end of life prior to 2016. Additionally, Log4j 1.x is affected by multiple vulnerabilities, including :

- Log4j includes a SocketServer that accepts serialized log events and deserializes them without verifying whether the objects are allowed or not. This can provide an attack vector that can be exploited. (CVE-2019-17571)

- Improper validation of certificate with host mismatch in Apache Log4j SMTP appender. This could allow an SMTPS connection to be intercepted by a man-in-the-middle attack which could leak any log messages sent through that appender. (CVE-2020-9488)

- JMSSink uses JNDI in an unprotected manner allowing any application using the JMSSink to be vulnerable if it is configured to reference an untrusted site or if the site referenced can be accesseed by the attacker.
(CVE-2022-23302)

Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it is likely to contain security vulnerabilities.

Upgrade to a version of Apache Log4j that is currently supported.

Upgrading to the latest versions for Apache Log4j is highly recommended as intermediate versions / patches have known high severity vulnerabilities and the vendor is updating their advisories often as new research and knowledge about the impact of Log4j is discovered. Refer to https://logging.apache.org/log4j/2.x/security.html for the latest versions.

High

9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

9.1 (CVSS:3.0/E:F/RL:O/RC:C)

6.7

0.4904

9.0 (CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C)

7.4 (CVSS2#E:F/RL:OF/RC:C)

I

Published: 2022/01/19, Modified: 2024/06/13

Path : C:\oracle\product\10.2.0\db_1\oc4j\j2ee\oc4j_applications\applications\isqlplus\isqlplus.war
Installed version : 1.2.6

Path : C:\oracle\product\10.2.0\db_1\oc4j\j2ee\oc4j_applications\applications\isqlplus\isqlplus\WEB-INF\lib\log4j-1.2.6.jar
Installed version : 1.2.6

Path : D:\DC\sqldeveloper-3.2.20.09.87-no-jre\sqldeveloper\sqldeveloper\lib\log4j-1.2.13.jar
Installed version : 1.2.13

An unsupported version of Apache Log4j is installed on the remote host.

According to its version, Apache Log4j is less than or equal to 1.x. It is, therefore, no longer maintained by its vendor or provider.

Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it may contain security vulnerabilities.

Upgrade to a version of Apache Log4j that is currently supported.

Critical

10.0 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)

10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

Published: 2023/09/29, Modified: 2023/11/02

Path : C:\oracle\product\10.2.0\db_1\oc4j\j2ee\oc4j_applications\applications\isqlplus\isqlplus.war
Installed version : 1.2.6
Security End of Life : August 4, 2015
Time since Security End of Life (Est.) : >= 10 years

Path : C:\oracle\product\10.2.0\db_1\oc4j\j2ee\oc4j_applications\applications\isqlplus\isqlplus\WEB-INF\lib\log4j-1.2.6.jar
Installed version : 1.2.6
Security End of Life : August 4, 2015
Time since Security End of Life (Est.) : >= 10 years

Path : D:\DC\sqldeveloper-3.2.20.09.87-no-jre\sqldeveloper\sqldeveloper\lib\log4j-1.2.13.jar
Installed version : 1.2.13
Security End of Life : August 4, 2015
Time since Security End of Life (Est.) : >= 10 years

The remote Windows host is affected by multiple vulnerabilities.

The remote Windows host is missing security update 5063871. It is, therefore, affected by multiple vulnerabilities

- Heap-based buffer overflow in Windows GDI+ allows an unauthorized attacker to execute code over a network.
(CVE-2025-53766)

- Missing synchronization in Windows Hyper-V allows an authorized attacker to deny service over an adjacent network. (CVE-2025-49751)

- Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally. (CVE-2025-49743)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Apply Security Update 5063871

Critical

9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

8.5 (CVSS:3.0/E:U/RL:O/RC:C)

7.4

0.0127

10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

7.4 (CVSS2#E:U/RL:OF/RC:C)

I

Published: 2025/08/12, Modified: 2025/10/29

The remote host is missing one of the following rollup KBs :
- 5063871

- C:\WINDOWS\system32\ntoskrnl.exe has not been patched.
Remote version : 10.0.14393.7870
Should be : 10.0.14393.8330

The remote Windows host is affected by multiple vulnerabilities.

The remote Windows host is missing security update 5066836. It is, therefore, affected by multiple vulnerabilities

- tif_predict.h and tif_predict.c in libtiff 4.0.6 have assertions that can lead to assertion failures in debug mode, or buffer overflows in release mode, when dealing with unusual tile size like YCbCr with subsampling. Reported as MSVR 35105, aka Predictor heap-buffer-overflow. (CVE-2016-9535)

- In IGEL OS before 11, Secure Boot can be bypassed because the igel-flash-driver module improperly verifies a cryptographic signature. Ultimately, a crafted root filesystem can be mounted from an unverified SquashFS image. (CVE-2025-47827)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Apply Security Update 5066836

High

9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

9.1 (CVSS:3.0/E:F/RL:O/RC:C)

9.2

0.0824

7.5 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)

6.2 (CVSS2#E:F/RL:OF/RC:C)

I

Published: 2025/10/14, Modified: 2025/11/18

The remote host is missing one of the following rollup KBs :
- 5066836

- C:\WINDOWS\system32\ntoskrnl.exe has not been patched.
Remote version : 10.0.14393.7870
Should be : 10.0.14393.8519

The remote Windows host is affected by multiple vulnerabilities.

The remote Windows host is missing security update 5068864. It is, therefore, affected by multiple vulnerabilities

- A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands.
(CVE-2025-60724, CVE-2025-60714, CVE-2025-60715, CVE-2025-62452)
- An elevation of privilege vulnerability. An attacker can exploit this to gain elevated privileges.
(CVE-2025-59505, CVE-2025-59506, CVE-2025-59507, CVE-2025-59508, CVE-2025-59512, CVE-2025-59514, CVE-2025-60703, CVE-2025-60704, CVE-2025-60705, CVE-2025-60709, CVE-2025-60713, CVE-2025-60719, CVE-2025-60720, CVE-2025-62213, CVE-2025-62217)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Apply Security Update 5068864

Critical

9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

8.5 (CVSS:3.0/E:U/RL:O/RC:C)

6.7

0.0007

10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

7.4 (CVSS2#E:U/RL:OF/RC:C)

I

Published: 2025/11/11, Modified: 2025/11/14

The remote host is missing one of the following rollup KBs :
- 5068864

- C:\WINDOWS\system32\ntoskrnl.exe has not been patched.
Remote version : 10.0.14393.7870
Should be : 10.0.14393.8592

An endpoint security application is installed on the remote host, but it is not working properly.

Kaspersky Endpoint Security, a commercial endpoint security software package for Windows, is installed on the remote host. However, there is a problem with the installation; either its services are not running or its engine and/or virus definitions are out of date.

Make sure that updates are working and the associated services are running.

Critical

10.0 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)

10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

Published: 2005/12/09, Modified: 2025/05/27

Kaspersky Anti-Virus is installed on the remote host :

Product name : Kaspersky Endpoint Security for Windows
Version : 21.15.8.493
Installation path : C:\Program Files (x86)\Kaspersky Lab\KES.12.3.0
Virus signatures : 04/10/2024

The virus signatures on the remote host are out-of-date - the last
known update from the vendor is 12/16/2025

As a result, the remote host might be infected by viruses.

An unsupported version of Microsoft .NET Core is installed on the remote host.

According to its version, the Microsoft .NET Core installed on the remote host is no longer maintained by its vendor or provider.

Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it may contain security vulnerabilities.

Upgrade to a version of Microsoft .NET Core that is currently supported.

Critical

10.0 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)

10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

Published: 2023/03/07, Modified: 2023/03/07

Path : C:\Program Files\dotnet\shared\Microsoft.NETCore.App\3.1.22\
Installed version : 3.1.22
Security End of Life : December 13, 2022
Time since Security End of Life (Est.) : >= 3 years

The remote host contains an unsupported version of Microsoft Office.

According to its version, the installation of Microsoft Office on the remote Windows host is no longer supported.
Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it is likely to contain security vulnerabilities.

Upgrade to a version of Microsoft Office that is currently supported.

Critical

10.0 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)

10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

Published: 2011/12/02, Modified: 2024/03/22

Installed product : Office 2010
End of support date : October 13, 2020
Supported versions : Office 2016, 2019, 2021 or Office 365

The remote database server is affected by multiple vulnerabilities.

The remote Oracle database server is missing the January 2010 Critical Patch Update (CPU) and therefore is potentially affected by security issues in the following components :

- Listener

- Oracle OLAP

- Application Express Application Builder

- Oracle Data Pump

- Oracle Spatial

- Logical Standby

- RDBMS

- Oracle Spatial

- Unzip

Apply the appropriate patch according to the January 2010 Oracle Critical Patch Update advisory.

Critical

6.7

0.1936

10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

7.8 (CVSS2#E:POC/RL:OF/RC:C)

Published: 2010/04/26, Modified: 2022/04/11

The following vulnerable instance of Oracle Database is installed on the
remote host :

Ohome Name(s) : OraDb10g_home1
Ohome : c:\oracle\product\10.2.0\db_1
Missing DB Patches : 9169460

The remote database server is affected by multiple vulnerabilities.

The remote Oracle database server is missing the October 2009 Critical Patch Update (CPU) and therefore is potentially affected by security issues in the following components :

- Advanced Queuing

- Application Express

- Auditing

- Authentication

- Core RDBMS

- Data Mining

- Data Pump

- Network Authentication

- Net Foundation Layer

- Oracle Spatial

- Oracle Text

- PL/SQL

- Workspace Manager

Apply the appropriate patch according to the October 2009 Oracle Critical Patch Update advisory.

Critical

7.4

0.8575

10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

8.3 (CVSS2#E:F/RL:OF/RC:C)

Core Impact (true) Metasploit (true)

Published: 2011/11/16, Modified: 2022/04/11

The following vulnerable instance of Oracle Database is installed on the
remote host :

Ohome Name(s) : OraDb10g_home1
Ohome : c:\oracle\product\10.2.0\db_1
Missing DB Patches : 8880861

The remote host is running an unsupported version of a database server.

According to its version, the installation of Oracle Database running on the remote host is no longer supported.

Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it is likely to contain security vulnerabilities.

Upgrade to a version of Oracle Database that is currently supported.

Critical

10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

Published: 2011/08/09, Modified: 2022/09/28

The following unsupported instance of Oracle Database is installed on the
remote host :

SID :
Oracle home path : c:\oracle\product\10.2.0\db_1
Database version : 10.2.0.4.0
Supported versions : 19c / 21c
EOL URL : http://www.oracle.com/us/support/library/lifetime-support-technology-069183.pdf

The remote host is affected by multiple vulnerabilities

The 9.0.0 versions of MySQL Connectors installed on the remote host are affected by multiple vulnerabilities as referenced in the October 2024 CPU advisory.

- Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/C++ (OpenSSL)).
Supported versions that are affected are 9.0.0 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors.
Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Connectors accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Connectors. Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/ODBC (OpenSSL)). Supported versions that are affected are 9.0.0 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Connectors accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Connectors.
(CVE-2024-5535, CVE-2024-6119)

- Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/Python). Supported versions that are affected are 9.0.0 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in takeover of MySQL Connectors. (CVE-2024-21272)

- Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/ODBC). Supported versions that are affected are 9.0.0 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Connectors accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Connectors. (CVE-2024-21262)

- Security-in-Depth issue in the MySQL Connectors product of Oracle MySQL (component: Connector/C++ (zlib)).
This vulnerability cannot be exploited in the context of this product. Security-in-Depth issue in the MySQL Connectors product of Oracle MySQL (component: Connector/ODBC (zlib)). This vulnerability cannot be exploited in the context of this product. (CVE-2023-45853)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Apply the appropriate patch according to the October 2024 Oracle Critical Patch Update advisory.

Critical

9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

8.8 (CVSS:3.0/E:P/RL:O/RC:C)

6.7

0.1655

10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

7.8 (CVSS2#E:POC/RL:OF/RC:C)

I

Published: 2024/10/17, Modified: 2025/04/14

Path : C:\Program Files\MySQL\Connector ODBC 5.1\
Installed version : 5.1.12
Fixed version : 9.1.0

A package installed on the remote host is affected by a remote code execution vulnerability.

The version of Apache Log4j on the remote host is 1.2. It is, therefore, affected by a remote code execution vulnerability when specifically configured to use JMSAppender.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Upgrade to Apache Log4j version 2.16.0 or later since 1.x is end of life.

Upgrading to the latest versions for Apache Log4j is highly recommended as intermediate versions / patches have known high severity vulnerabilities and the vendor is updating their advisories often as new research and knowledge about the impact of Log4j is discovered. Refer to https://logging.apache.org/log4j/2.x/security.html for the latest versions.

Medium

7.5 (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H)

7.0 (CVSS:3.0/E:F/RL:O/RC:C)

6.7

0.722

6.0 (CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P)

5.0 (CVSS2#E:F/RL:OF/RC:C)

I

Published: 2021/12/15, Modified: 2024/06/13

Path : C:\oracle\product\10.2.0\db_1\oc4j\j2ee\oc4j_applications\applications\isqlplus\isqlplus.war
Installed version : 1.2.6
Fixed version : 2.16.0

Path : C:\oracle\product\10.2.0\db_1\oc4j\j2ee\oc4j_applications\applications\isqlplus\isqlplus\WEB-INF\lib\log4j-1.2.6.jar
Installed version : 1.2.6
Fixed version : 2.16.0

Path : D:\DC\sqldeveloper-3.2.20.09.87-no-jre\sqldeveloper\sqldeveloper\lib\log4j-1.2.13.jar
Installed version : 1.2.13
Fixed version : 2.16.0

At least one improperly configured Windows service may have a privilege escalation vulnerability.

At least one Windows service executable with insecure permissions was detected on the remote host. Services configured to use an executable with weak permissions are vulnerable to privilege escalation attacks.
An unprivileged user could modify or overwrite the executable with arbitrary code, which would be executed the next time the service is started. Depending on the user that the service runs as, this could result in privilege escalation.

This plugin checks if any of the following groups have permissions to modify executable files that are started by Windows services :

- Everyone
- Users
- Domain Users
- Authenticated Users

Ensure that the Everyone, Users, Domain Users and Authenticated Users groups do not have permissions to modify or write service executables. Additionally, ensure these groups do not have Full Control permission to any directories that contain service executables.

High

8.4 (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)

Published: 2013/03/06, Modified: 2025/03/14

Path : c:\users\public\goto.exe
Used by services : GotoHTTP
Full control of directory allowed for groups : Everyone (S-1-1-0)

Bad Shares :

The remote Windows host is affected by multiple vulnerabilities.

The remote Windows host is missing security update 5055521. It is, therefore, affected by multiple vulnerabilities

- Use after free in Windows Win32K - GRFX allows an unauthorized attacker to elevate privileges over a network. (CVE-2025-26687)

- A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. (CVE-2025-27481)
- An elevation of privilege vulnerability. An attacker can exploit this to gain elevated privileges. (CVE-2025-27740)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Apply Security Update 5055521

Critical

8.8 (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

8.2 (CVSS:3.0/E:F/RL:O/RC:C)

8.4

0.2827

10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

8.3 (CVSS2#E:F/RL:OF/RC:C)

I

Published: 2025/04/08, Modified: 2025/09/17

The remote host is missing one of the following rollup KBs :
- 5055521

- C:\WINDOWS\system32\ntoskrnl.exe has not been patched.
Remote version : 10.0.14393.7870
Should be : 10.0.14393.7962

The remote Windows host is affected by multiple vulnerabilities.

The remote Windows host is missing security update 5058383. It is, therefore, affected by multiple vulnerabilities

- Heap-based buffer overflow in Remote Desktop Gateway Service allows an unauthorized attacker to execute code over a network. (CVE-2025-29967)

- Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network. (CVE-2025-29830, CVE-2025-29958, CVE-2025-29959)

- Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network. (CVE-2025-29832, CVE-2025-29835, CVE-2025-29836, CVE-2025-29960, CVE-2025-29961)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Apply Security Update 5058383

Critical

8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)

8.2 (CVSS:3.0/E:F/RL:O/RC:C)

8.1

0.2127

10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

8.3 (CVSS2#E:F/RL:OF/RC:C)

I

Published: 2025/05/13, Modified: 2025/10/29

The remote host is missing one of the following rollup KBs :
- 5058383

- C:\WINDOWS\system32\ntoskrnl.exe has not been patched.
Remote version : 10.0.14393.7870
Should be : 10.0.14393.8062

The remote Windows host is affected by multiple vulnerabilities.

The remote Windows host is missing security update 5061010. It is, therefore, affected by multiple vulnerabilities

- Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network. (CVE-2025-33066)

- Improper access control in Windows SMB allows an authorized attacker to elevate privileges over a network.
(CVE-2025-33073)

- Use after free in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.
(CVE-2025-32712)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Apply Security Update 5061010

Critical

8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)

8.4 (CVSS:3.0/E:H/RL:O/RC:C)

9.7

0.5119

10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

8.7 (CVSS2#E:H/RL:OF/RC:C)

I

Core Impact (true) Metasploit (true)

Published: 2025/06/10, Modified: 2025/10/21

The remote host is missing one of the following rollup KBs :
- 5061010

- C:\WINDOWS\system32\ntoskrnl.exe has not been patched.
Remote version : 10.0.14393.7870
Should be : 10.0.14393.8146

The remote Windows host is affected by multiple vulnerabilities.

The remote Windows host is missing security update 5062560. It is, therefore, affected by multiple vulnerabilities

- Buffer over-read in Windows TDX.sys allows an authorized attacker to elevate privileges locally.
(CVE-2025-49659)

- Improper link resolution before file access ('link following') in Windows Update Service allows an authorized attacker to elevate privileges locally. (CVE-2025-48799)

- Improper link resolution before file access ('link following') in Windows AppX Deployment Service allows an authorized attacker to elevate privileges locally. (CVE-2025-48820)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Apply Security Update 5062560

Medium

7.8 (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

6.8 (CVSS:3.0/E:U/RL:O/RC:C)

8.1

0.0055

6.8 (CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C)

5.0 (CVSS2#E:U/RL:OF/RC:C)

I

Published: 2025/07/08, Modified: 2025/10/29

The remote host is missing one of the following rollup KBs :
- 5062560

- C:\WINDOWS\system32\ntoskrnl.exe has not been patched.
Remote version : 10.0.14393.7870
Should be : 10.0.14393.8246

The remote Windows host is affected by multiple vulnerabilities.

The remote Windows host is missing security update 5065427. It is, therefore, affected by multiple vulnerabilities

- SMB Server might be susceptible to relay attacks depending on the configuration. An attacker who successfully exploited these vulnerabilities could perform relay attacks and make the users subject to elevation of privilege attacks. The SMB Server already supports mechanisms for hardening against relay attacks: SMB Server signing SMB Server Extended Protection for Authentication (EPA) Microsoft is releasing this CVE to provide customers with audit capabilities to help them to assess their environment and to identify any potential device or software incompatibility issues before deploying SMB Server hardening measures that protect against relay attacks. If you have not already enabled SMB Server hardening measures, we advise customers to take the following actions to be protected from these relay attacks:
Assess your environment by utilizing the audit capabilities that we are exposing in the September 2025 security updates. See Support for Audit Events to deploy SMB Server HardeningSMB Server Signing & SMB Server EPA. Adopt appropriate SMB Server hardening measures. (CVE-2025-55234)

- Improper restriction of communication channel to intended endpoints in Windows PowerShell allows an authorized attacker to elevate privileges locally. (CVE-2025-49734)

- Buffer over-read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network. (CVE-2025-53796, CVE-2025-53797, CVE-2025-53798, CVE-2025-53806)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Apply Security Update 5065427

Critical

8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)

7.7 (CVSS:3.0/E:U/RL:O/RC:C)

8.1

0.0073

10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

7.4 (CVSS2#E:U/RL:OF/RC:C)

I

Published: 2025/09/09, Modified: 2025/10/29

The remote host is missing one of the following rollup KBs :
- 5065427

- C:\WINDOWS\system32\ntoskrnl.exe has not been patched.
Remote version : 10.0.14393.7870
Should be : 10.0.14393.8422

The remote Windows host is affected by multiple vulnerabilities.

The remote Windows host is missing security update 5071543. It is, therefore, affected by multiple vulnerabilities

- Untrusted pointer dereference in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network. (CVE-2025-62549)

- Heap-based buffer overflow in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally. (CVE-2025-62458)

- Null pointer dereference in Windows Client-Side Caching (CSC) Service allows an authorized attacker to elevate privileges locally. (CVE-2025-62466)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Apply Security Update 5071543

Critical

8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)

7.7 (CVSS:3.0/E:U/RL:O/RC:C)

8.1

0.002

10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

7.4 (CVSS2#E:U/RL:OF/RC:C)

I

Published: 2025/12/09, Modified: 2025/12/12

The remote host is missing one of the following rollup KBs :
- 5071543

- C:\WINDOWS\system32\ntoskrnl.exe has not been patched.
Remote version : 10.0.14393.7870
Should be : 10.0.14393.8688

An application installed on the remote Windows host is affected by an elevation of privilege vulnerability.

The version of Microsoft Azure Data Studio installed on the remote Windows host is prior to 1.48.0. It is, therefore, affected by an unspecified elevation of privilege vulnerability.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Upgrade to Microsoft Azure Data Studio version 1.48.0 or later.

Medium

7.3 (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H)

6.4 (CVSS:3.0/E:U/RL:O/RC:C)

6.7

0.0214

6.8 (CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C)

5.0 (CVSS2#E:U/RL:OF/RC:C)

I

Published: 2024/03/15, Modified: 2024/03/18

Path : C:\Program Files\Azure Data Studio\
Installed version : 1.41.2.0
Fixed version : 1.48.0

The text editor on the remote Windows host is affected by a arbitary code execution.

The version of Notepad++ installed on the remote host is prior to 8.1.1. It is, therefore, affected by a arbitary code execution vulnerability in the dbghelp.exe file, allowing a attacker with local access to abuse the uncontrolled search path to execute arbitrary code and gain access.
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Upgrade to Notepad++ 8.1.1 or later.

Medium

7.8 (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

7.0 (CVSS:3.0/E:P/RL:O/RC:C)

6.7

0.0006

6.8 (CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C)

5.3 (CVSS2#E:POC/RL:OF/RC:C)

I

Published: 2024/08/09, Modified: 2025/06/20

Path : C:\Program Files (x86)\Notepad++
Installed version : 7.0.0.0
Fixed version : 8.1.1

The text editor on the remote Windows host is affected by DLL hijacking

Notepad++ versions 8.4.1 and before are vulnerable to DLL hijacking where an attacker can replace the vulnerable dll (UxTheme.dll) with his own dll and run arbitrary code in the context of Notepad++.
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Upgrade to Notepad++ 8.4.1 or later.

High

7.8 (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)

7.0 (CVSS:3.0/E:P/RL:O/RC:C)

6.7

0.0004

7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)

5.6 (CVSS2#E:POC/RL:OF/RC:C)

Published: 2024/10/04, Modified: 2025/09/22

Path : C:\Program Files (x86)\Notepad++
Installed version : 7.0.0.0
Fixed version : 8.4.1

The text editor on the remote Windows host is affected by multiple vulnerabilties.

The version of Notepad++ installed on the remote host is prior to 8.5.7. It is, therefore, affected by multiple buffer overflow vulnerabilties. An authenticated, local attacker could exploit these to cause a denial of service condition or the execution of arbitrary code.
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Upgrade to Notepad++ 8.5.7 or later.

High

7.8 (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)

7.0 (CVSS:3.0/E:P/RL:O/RC:C)

6.7

0.0011

7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)

5.6 (CVSS2#E:POC/RL:OF/RC:C)

Published: 2023/09/26, Modified: 2023/09/27

Path : C:\Program Files (x86)\Notepad++
Installed version : 7.0.0.0
Fixed version : 8.5.7

A text editor on the remote Windows host is affected by privilege escalation.

The version of Notepad++ installed on the remote host is prior to 8.8.2. It is, therefore, affected by a privilege escalation vulnerability:

- Notepad++ is a free and open-source source code editor. In versions 8.8.1 and prior, a privilege escalation vulnerability exists in the Notepad++ v8.8.1 installer that allows unprivileged users to gain SYSTEM-level privileges through insecure executable search paths. An attacker could use social engineering or clickjacking to trick users into downloading both the legitimate installer and a malicious executable to the same directory (typically Downloads folder - which is known as Vulnerable directory). Upon running the installer, the attack executes automatically with SYSTEM privileges. This issue has been fixed and will be released in version 8.8.2.
(CVE-2025-49144) Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Upgrade to Notepad++ 8.8.2 or later.

Medium

7.3 (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H)

8.4

0.0001

6.8 (CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C)

I

Published: 2025/06/26, Modified: 2025/11/10

Path : C:\Program Files (x86)\Notepad++
Installed version : 7.0.0.0
Fixed version : 8.8.2

The remote database server is affected by multiple vulnerabilities.

The remote Oracle database server is missing the April 2009 Critical Patch Update (CPU) and therefore is potentially affected by security issues in the following components :

- Advanced Queuing

- Application Express

- Cluster Ready Services

- Core RDBMS

- Database Vault

- Listener

- Password Policy

- Resource Manager

- SQLX Functions

- Workspace Manager

Apply the appropriate patch according to the April 2009 Oracle Critical Patch Update advisory.

High

6.0

0.5392

8.5 (CVSS2#AV:N/AC:M/Au:S/C:C/I:C/A:C)

6.7 (CVSS2#E:POC/RL:OF/RC:C)

Published: 2011/11/16, Modified: 2022/04/11

The following vulnerable instance of Oracle Database is installed on the
remote host :

Ohome Name(s) : OraDb10g_home1
Ohome : c:\oracle\product\10.2.0\db_1
Missing DB Patches : 8307238

The remote database server is affected by multiple vulnerabilities.

The remote Oracle database server is missing the April 2010 Critical Patch Update (CPU) and therefore is potentially affected by security issues in the following components :

- Core RDBMS

- JavaVM

- Change Data Capture

- Audit

Apply the appropriate patch according to the April 2010 Oracle Critical Patch Update advisory.

High

5.9

0.5923

7.1 (CVSS2#AV:N/AC:H/Au:S/C:C/I:C/A:C)

5.3 (CVSS2#E:U/RL:OF/RC:C)

(true)

Published: 2010/04/26, Modified: 2022/04/11

The following vulnerable instance of Oracle Database is installed on the
remote host :

Ohome Name(s) : OraDb10g_home1
Ohome : c:\oracle\product\10.2.0\db_1
Missing DB Patches : 9393550

The remote database server is affected by multiple vulnerabilities.

The remote Oracle database server is missing the April 2011 Critical Patch Update (CPU) and therefore is potentially affected by security issues in the following components :

- Oracle Warehouse Builder (CVE-2011-0792, CVE-2011-0799)

- Oracle Security Service (CVE-2009-3555)

- Application Service Level Management (CVE-2011-0787)

- Network Foundation (CVE-2011-0806)

- Oracle Help (CVE-2011-0785)

- UIX (CVE-2011-0805)

- Database Vault (CVE-2011-0793, CVE-2011-0804)

Apply the appropriate patch according to the April 2011 Oracle Critical Patch Update advisory.

High

7.4

0.0294

7.5 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)

5.9 (CVSS2#E:POC/RL:OF/RC:C)

Published: 2011/05/13, Modified: 2022/04/11

The following vulnerable instance of Oracle Database is installed on the
remote host :

Ohome Name(s) : OraDb10g_home1
Ohome : c:\oracle\product\10.2.0\db_1
Missing DB Patches : 12328503

The remote database server is affected by multiple vulnerabilities.

The remote Oracle database server is missing the April 2012 Critical Patch Update (CPU) and is, therefore, potentially affected by security issues in the following components :

- Core RDBMS

- Oracle Spatial

- OCI

- Enterprise Manager Base Platform

- Application Express

Apply the appropriate patch according to the April 2012 Oracle Critical Patch Update advisory.

High

5.9

0.0077

9.0 (CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C)

6.7 (CVSS2#E:U/RL:OF/RC:C)

Published: 2012/04/19, Modified: 2022/04/11

The following vulnerable instance of Oracle Database is installed on the
remote host :

Ohome Name(s) : OraDb10g_home1
Ohome : c:\oracle\product\10.2.0\db_1
Missing DB Patches : 13928776

The remote database server is affected by multiple vulnerabilities.

The remote Oracle database server is missing the January 2011 Critical Patch Update (CPU) and therefore is potentially affected by security issues in the following components :

- Client System Analyzer

- Cluster Verify Utility

- Database Vault

- Oracle Spatial

- Scheduler Agent

- UIX

Apply the appropriate patch according to the January 2011 Oracle Critical Patch Update advisory.

High

7.0

0.7697

7.5 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)

6.2 (CVSS2#E:F/RL:OF/RC:C)

Core Impact (true) (true) Metasploit (true)

Published: 2011/01/19, Modified: 2022/04/11

The following vulnerable instance of Oracle Database is installed on the
remote host :

Ohome Name(s) : OraDb10g_home1
Ohome : c:\oracle\product\10.2.0\db_1
Missing DB Patches : 10349200

The remote database server is affected by multiple vulnerabilities.

The remote Oracle database server is missing the July 2009 Critical Patch Update (CPU) and therefore is potentially affected by security issues in the following components :

- Advanced Replication

- Auditing

- Config Management

- Core RDBMS

- Listener

- Network Foundation

- Secure Enterprise Search

- Upgrade

- Visual Private Database

Apply the appropriate patch according to the July 2009 Oracle Critical Patch Update advisory.

High

6.7

0.3751

9.0 (CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C)

7.0 (CVSS2#E:POC/RL:OF/RC:C)

Published: 2011/11/16, Modified: 2022/04/11

The following vulnerable instance of Oracle Database is installed on the
remote host :

Ohome Name(s) : OraDb10g_home1
Ohome : c:\oracle\product\10.2.0\db_1
Missing DB Patches : 8559467

The remote database server is affected by multiple vulnerabilities.

The remote Oracle database server is missing the July 2010 Critical Patch Update (CPU) and therefore is potentially affected by security issues in the following components :

- Listener

- Net Foundation Layer

- Oracle OLAP

- Application Express

- Network Layer

- Export

Apply the appropriate patch according to the July 2010 Oracle Critical Patch Update advisory.

High

5.3

0.0082

7.8 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C)

5.8 (CVSS2#E:U/RL:OF/RC:C)

Published: 2010/07/14, Modified: 2022/04/11

The following vulnerable instance of Oracle Database is installed on the
remote host :

Ohome Name(s) : OraDb10g_home1
Ohome : c:\oracle\product\10.2.0\db_1
Missing DB Patches : 9777078

The remote database server is affected by multiple vulnerabilities.

The remote Oracle database server is missing the July 2011 Critical Patch Update (CPU) and therefore is potentially affected by security issues in the following components :

- Core RDBMS (CVE-2011-0832, CVE-2011-0835, CVE-2011-0838, CVE-2011-0880, CVE-2011-2230, CVE-2011-2239, CVE-2011-2243, CVE-2011-2253)

- Content Management (CVE-2011-0882)

- Database Target Type Menus (CVE-2011-2257)

- SQL Performance Advisories/UIs (CVE-2011-2248)

- Schema Management (CVE-2011-0870)

- Security Framework (CVE-2011-0848, CVE-2011-2244)

- Security Management (CVE-2011-0852)

- Streams, AQ & Replication Management (CVE-2011-0822)

- XML Developer Kit (CVE-2011-2231, CVE-2011-2232)

- CMDB Metadata & Instance APIs (CVE-2011-0816)

- EMCTL (CVE-2011-0875, CVE-2011-0881)

- Enterprise Config Management (CVE-2011-0811, CVE-2011-0831)

- Enterprise Manager Console (CVE-2011-0876)

- Event Management (CVE-2011-0830)

- Instance Management (CVE-2011-0877, CVE-2011-0879)

- Database Vault (CVE-2011-2238)

- Oracle Universal Installer (CVE-2011-2240)

Apply the appropriate patch according to the July 2011 Oracle Critical Patch Update advisory.

High

5.9

0.0233

7.1 (CVSS2#AV:N/AC:H/Au:S/C:C/I:C/A:C)

5.3 (CVSS2#E:U/RL:OF/RC:C)

Published: 2011/07/20, Modified: 2022/04/11

The following vulnerable instance of Oracle Database is installed on the
remote host :

Ohome Name(s) : OraDb10g_home1
Ohome : c:\oracle\product\10.2.0\db_1
Missing DB Patches : 12429521

The remote database server is affected by multiple vulnerabilities.

The remote Oracle database server is missing the October 2010 Critical Patch Update (CPU) and therefore is potentially affected by security issues in the following components :

- Enterprise Manager Console

- Java Virtual Machine

- Change Data Capture

- OLAP

- Job Queue

- XDK

- Core RDBMS

- Perl

Apply the appropriate patch according to the October 2010 Oracle Critical Patch Update advisory.

High

5.8

0.3653

7.5 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)

5.5 (CVSS2#E:U/RL:OF/RC:C)

Published: 2010/11/18, Modified: 2022/04/11

The following vulnerable instance of Oracle Database is installed on the
remote host :

Ohome Name(s) : OraDb10g_home1
Ohome : c:\oracle\product\10.2.0\db_1
Missing DB Patches : 10084982

The remote database server is affected by multiple vulnerabilities.

The remote Oracle database server is missing the October 2011 Critical Patch Update (CPU) and therefore is potentially affected by security issues in the following components :

- Oracle Text

- Application Express

- Core RDBMS

- Database Vault

Apply the appropriate patch according to the October 2011 Oracle Critical Patch Update advisory.

High

5.9

0.0093

8.5 (CVSS2#AV:N/AC:M/Au:S/C:C/I:C/A:C)

6.3 (CVSS2#E:U/RL:OF/RC:C)

Published: 2011/10/26, Modified: 2022/04/11

The following vulnerable instance of Oracle Database is installed on the
remote host :

Ohome Name(s) : OraDb10g_home1
Ohome : c:\oracle\product\10.2.0\db_1
Missing DB Patches : 12914910

The remote Windows host has an application installed which is affected by a directory traversal remote code execution vulnerability.

The remote host is running RARLAB WinRAR, an archive manager for Windows, whose reported version is prior to 7.12 Beta 1. It is, therefore, affected by a vulnerability:

- RARLAB WinRAR Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of RARLAB WinRAR. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of file paths within archive files. A crafted file path can cause the process to traverse to unintended directories. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-27198. (CVE-2025-6218)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Upgrade to RARLAB WinRAR version 7.12 Beta 1 or later.

High

7.8 (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)

7.2 (CVSS:3.0/E:F/RL:O/RC:C)

9.4

0.0029

7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)

6.0 (CVSS2#E:F/RL:OF/RC:C)

II

Published: 2025/07/14, Modified: 2025/12/09

Path : C:\Program Files\WinRAR\WinRAR.exe
Installed version : 5.91.0.0
Fixed version : 7.12 Beta 1

The remote Windows host has an application installed which is affected by a directory traversal vulnerability.

The remote host is running RARLAB WinRAR, an archive manager for Windows, whose reported version is prior to 7.13. It is, therefore, affected by a vulnerability:

- A path traversal vulnerability affecting the Windows version of WinRAR allows the attackers to execute arbitrary code by crafting malicious archive files. This vulnerability was exploited in the wild and was discovered by Anton Cherepanov, Peter Košinár, and Peter Strýček from ESET. (CVE-2025-8088)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Upgrade to RARLAB WinRAR version 7.13 or later.

Critical

8.4 (CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N)

8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)

8.2 (CVSS:3.0/E:F/RL:O/RC:C)

9.5

0.0562

10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

8.3 (CVSS2#E:F/RL:OF/RC:C)

II

Published: 2025/08/11, Modified: 2025/08/21

Path : C:\Program Files\WinRAR\WinRAR.exe
Installed version : 5.91.0.0
Fixed version : 7.13

The remote service supports the use of medium strength SSL ciphers.

The remote host supports the use of SSL ciphers that offer medium strength encryption. Nessus regards medium strength as any encryption that uses key lengths at least 64 bits and less than 112 bits, or else that uses the 3DES encryption suite.

Note that it is considerably easier to circumvent medium strength encryption if the attacker is on the same physical network.

Reconfigure the affected application if possible to avoid use of medium strength ciphers.

Medium

7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)

6.1

0.4002

5.0 (CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)

Published: 2009/11/23, Modified: 2025/02/12

Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
DES-CBC3-SHA 0x00, 0x0A RSA RSA 3DES-CBC(168) SHA1

The fields above are :

{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}

The remote service supports the use of medium strength SSL ciphers.

The remote host supports the use of SSL ciphers that offer medium strength encryption. Nessus regards medium strength as any encryption that uses key lengths at least 64 bits and less than 112 bits, or else that uses the 3DES encryption suite.

Note that it is considerably easier to circumvent medium strength encryption if the attacker is on the same physical network.

Reconfigure the affected application if possible to avoid use of medium strength ciphers.

Medium

7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)

6.1

0.4002

5.0 (CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)

Published: 2009/11/23, Modified: 2025/02/12

Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
DES-CBC3-SHA 0x00, 0x0A RSA RSA 3DES-CBC(168) SHA1

The fields above are :

{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}

The remote service supports the use of medium strength SSL ciphers.

The remote host supports the use of SSL ciphers that offer medium strength encryption. Nessus regards medium strength as any encryption that uses key lengths at least 64 bits and less than 112 bits, or else that uses the 3DES encryption suite.

Note that it is considerably easier to circumvent medium strength encryption if the attacker is on the same physical network.

Reconfigure the affected application if possible to avoid use of medium strength ciphers.

Medium

7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)

6.1

0.4002

5.0 (CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)

Published: 2009/11/23, Modified: 2025/02/12

Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
DES-CBC3-SHA 0x00, 0x0A RSA RSA 3DES-CBC(168) SHA1

The fields above are :

{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}

The Microsoft .NET core installations on the remote host are affected by remote code execution vulnerability.

A remote code execution vulnerability exists in .NET Core 3.1, .NET 6.0, and .NET 7.0, where a malicious actor could cause a user to run arbitrary code as a result of parsing maliciously crafted xps files.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Update .NET Core Runtime to version 3.1.32 or 6.0.12 or 7.0.1.

High

7.8 (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)

6.8 (CVSS:3.0/E:U/RL:O/RC:C)

6.7

0.0893

7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)

5.3 (CVSS2#E:U/RL:OF/RC:C)

I

Published: 2022/12/15, Modified: 2024/01/16

Path : C:\Program Files\dotnet\shared\Microsoft.NETCore.App\3.1.22\
Installed version : 3.1.22
Fixed version : 3.1.32

The Microsoft .NET core installations on the remote host are affected by a privilege escalation vulnerability.

A privilege escalation vulnerability exists in .NET core 6.0 < 6.0.10 and .NET Core 3.1 < 3.1.30. An authenticated, local attacker can exploit this, via the NuGet client, to cause the user to execute arbitrary code.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Update .NET Core Runtime to version 3.1.30 or 6.0.10.

Medium

7.8 (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

7.2 (CVSS:3.0/E:F/RL:O/RC:C)

6.7

0.1877

6.8 (CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C)

5.6 (CVSS2#E:F/RL:OF/RC:C)

I

Published: 2022/10/12, Modified: 2024/01/16

Path : C:\Program Files\dotnet\shared\Microsoft.NETCore.App\3.1.22\
Installed version : 3.1.22
Fixed version : 3.1.30

The Microsoft .NET core installations on the remote host are affected by a denial of service vulnerability.

A denial of service vulnerability exists in .NET core 6.0 < 6.0.9 and .NET Core 3.1 < 3.1.29. An unauthenticated, remote attacker can exploit this, by sending a customized payload that is parsed during model binding, to cause a stack overflow, which may cause the application to stop responding.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Update .NET Core Runtime to version 3.1.29 or 6.0.9.

High

7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

7.0 (CVSS:3.0/E:F/RL:O/RC:C)

4.4

0.0103

7.8 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C)

6.4 (CVSS2#E:F/RL:OF/RC:C)

I

Published: 2022/09/14, Modified: 2024/01/16

Path : C:\Program Files\dotnet\shared\Microsoft.NETCore.App\3.1.22\
Installed version : 3.1.22
Fixed version : 3.1.29

The Microsoft .NET core installations on the remote host are affected by multiple vulnerabilities.

The Microsoft .NET core installations on the remote host are missing security updates. It is, therefore, affected by multiple denial of service vulnerabilities:

- A vulnerability where a malicious client can cause a denial of service via excess memory allocations through HttpClient. (CVE-2022-23267)

- A vulnerability where a malicious client can manipulate cookies and cause a denial of service. (CVE-2022-29117)

- A vulnerability where a malicious client can cause a denial of service when HTML forms are parsed. (CVE-2022-29145)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Update .NET Core Runtime to version 3.1.25, 5.0.17 or 6.0.5.

Medium

7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

7.0 (CVSS:3.0/E:F/RL:O/RC:C)

4.4

0.0238

5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)

4.1 (CVSS2#E:F/RL:OF/RC:C)

I

Published: 2022/05/13, Modified: 2023/10/27

Path : C:\Program Files\dotnet\shared\Microsoft.NETCore.App\3.1.22\
Installed version : 3.1.22
Fixed version : 3.1.25

The Microsoft ASP.NET core installations on the remote host are affected by remote code execution vulnerability.

A remote code execution vulnerability exists in ASP.NET core 3.1, ASP.NET 6.0, and ASP.NET 7.0, where a malicious actor could cause a user to run arbitrary code as a result of parsing maliciously crafted xps files.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Update ASP.NET Core Runtime to version 3.1.32 or 6.0.12 or 7.0.1.

High

7.8 (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)

6.8 (CVSS:3.0/E:U/RL:O/RC:C)

6.7

0.0893

7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)

5.3 (CVSS2#E:U/RL:OF/RC:C)

I

Published: 2022/12/15, Modified: 2023/11/20

Path : C:\Program Files\dotnet\shared\Microsoft.AspNetCore.App\3.1.22
Installed version : 3.1.22
Fixed version : 3.1.32

The Microsoft ASP.NET Core installations on the remote host are missing a security update.

A denial of service vulnerability exists in ASP.NET core 6.0 < 6.0.9 and ASP.NET Core 3.1 < 3.1.29. An unauthenticated, remote attacker can exploit this, by sending a customized payload that is parsed during model binding, to cause a stack overflow, which may cause the application to stop responding.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Update ASP.NET Core Runtime to version 3.1.29 or 6.0.9.

High

7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

7.0 (CVSS:3.0/E:F/RL:O/RC:C)

4.4

0.0103

7.8 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C)

6.4 (CVSS2#E:F/RL:OF/RC:C)

I

Published: 2022/09/14, Modified: 2023/10/11

Path : C:\Program Files\dotnet\shared\Microsoft.AspNetCore.App\3.1.22
Installed version : 3.1.22
Fixed version : 3.1.29

The Microsoft SQL Server installation on the remote host is missing a security update.

The Microsoft SQL Server installation on the remote host is missing a security update. It is, therefore, affected by the following vulnerability:

- An elevation of privilege vulnerability. (CVE-2025-53727)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Microsoft has released security updates for Microsoft SQL Server.

High

8.8 (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

6.7

0.0007