An unsupported version of .NET Core SDK is installed on the remote host.

According to its version, the .NET Core SDK installed on the remote host is no longer maintained by its vendor or provider.

Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it may contain security vulnerabilities.

Upgrade to a version of .NET Core SDK that is currently supported.

Critical

10.0 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)

10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

Published: 2023/03/07, Modified: 2023/03/07

Path : C:\\program files\dotnet\\sdk\3.1.416
Installed version : 3.1.416
Security End of Life : December 13, 2022
Time since Security End of Life (Est.) : >= 3 years

An unsupported version of ASP.NET Core is installed on the remote host.

According to its version, the ASP.NET Core installed on the remote host is no longer maintained by its vendor or provider.

Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it may contain security vulnerabilities.

Upgrade to a version of ASP.NET Core that is currently supported.

Critical

10.0 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)

10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

Published: 2023/03/07, Modified: 2023/03/07

Path : C:\Program Files\dotnet\shared\Microsoft.AspNetCore.App\3.1.22
Installed version : 3.1.22
Security End of Life : December 13, 2022
Time since Security End of Life (Est.) : >= 3 years

Path : C:\Program Files\dotnet\shared\Microsoft.AspNetCore.App\6.0.3
Installed version : 6.0.3
Security End of Life : November 12, 2024
Time since Security End of Life (Est.) : >= 1 year

The remote host contains an unsupported version of Adobe Flash Player.

There is at least one unsupported version of Adobe Flash Player installed on the remote host.

Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it is likely to contain security vulnerabilities.

Remove the unsupported software.

Critical

10.0 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)

10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

Published: 2012/05/18, Modified: 2024/10/01

Path : C:\Windows\SysWOW64\Macromed\Flash\Flash.ocx
Installed version : 32.0.0.387
Security End of Life : December 31, 2020
Time since Security End of Life (Est.) : >= 5 years

The remote Windows host is affected by multiple vulnerabilities.

The remote Windows host is missing security update 4592440. It is, therefore, affected by multiple vulnerabilities:

- An elevation of privilege vulnerability. An attacker can exploit this to gain elevated privileges.
(CVE-2020-16958, CVE-2020-16959, CVE-2020-16960, CVE-2020-16961, CVE-2020-16962, CVE-2020-16963, CVE-2020-16964, CVE-2020-17092, CVE-2020-17097, CVE-2020-17103, CVE-2020-17134, CVE-2020-17136)

- A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. (CVE-2020-17095, CVE-2020-17096)

- An information disclosure vulnerability. An attacker can exploit this to disclose potentially sensitive information. (CVE-2020-17094, CVE-2020-17098, CVE-2020-17140)

- A security feature bypass vulnerability exists. An attacker can exploit this and bypass the security feature and perform unauthorized actions compromising the integrity of the system/application.
(CVE-2020-16996, CVE-2020-17099, CVE-2020-17139)

Apply Cumulative Update KB4592440.

High

9.9 (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H)

8.9 (CVSS:3.0/E:P/RL:O/RC:C)

8.4

0.8165

9.0 (CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C)

7.0 (CVSS2#E:POC/RL:OF/RC:C)

I

Published: 2020/12/08, Modified: 2025/08/29

The remote host is missing one of the following rollup KBs :
- 4592440

- C:\Windows\system32\gdiplus.dll has not been patched.
Remote version : 10.0.17763.1577
Should be : 10.0.17763.1637

The remote Windows host is affected by multiple vulnerabilities.

The remote Windows host is missing security updates. It is, therefore, affected by multiple vulnerabilities:

- Windows AppX Deployment Extensions Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-1685. (CVE-2021-1642)

- Windows DNS Query Information Disclosure Vulnerability (CVE-2021-1637)

- Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-1680. (CVE-2021-1651)

- Windows CSC Service Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-1653, CVE-2021-1654, CVE-2021-1655, CVE-2021-1659, CVE-2021-1688, CVE-2021-1693. (CVE-2021-1652)

- Windows CSC Service Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-1652, CVE-2021-1654, CVE-2021-1655, CVE-2021-1659, CVE-2021-1688, CVE-2021-1693. (CVE-2021-1653)

- Windows CSC Service Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-1652, CVE-2021-1653, CVE-2021-1655, CVE-2021-1659, CVE-2021-1688, CVE-2021-1693. (CVE-2021-1654)

- Windows CSC Service Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-1652, CVE-2021-1653, CVE-2021-1654, CVE-2021-1659, CVE-2021-1688, CVE-2021-1693. (CVE-2021-1655)

- TPM Device Driver Information Disclosure Vulnerability (CVE-2021-1656)

- Windows Fax Compose Form Remote Code Execution Vulnerability (CVE-2021-1657)

- Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-1660, CVE-2021-1664, CVE-2021-1666, CVE-2021-1667, CVE-2021-1671, CVE-2021-1673, CVE-2021-1700, CVE-2021-1701. (CVE-2021-1658)

- Windows CSC Service Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-1652, CVE-2021-1653, CVE-2021-1654, CVE-2021-1655, CVE-2021-1688, CVE-2021-1693. (CVE-2021-1659)

- Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-1658, CVE-2021-1664, CVE-2021-1666, CVE-2021-1667, CVE-2021-1671, CVE-2021-1673, CVE-2021-1700, CVE-2021-1701. (CVE-2021-1660)

- Windows Installer Elevation of Privilege Vulnerability (CVE-2021-1661)

- Windows Event Tracing Elevation of Privilege Vulnerability (CVE-2021-1662)

- Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-1658, CVE-2021-1660, CVE-2021-1666, CVE-2021-1667, CVE-2021-1671, CVE-2021-1673, CVE-2021-1700, CVE-2021-1701. (CVE-2021-1664)

- GDI+ Remote Code Execution Vulnerability (CVE-2021-1665)

- Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-1658, CVE-2021-1660, CVE-2021-1664, CVE-2021-1667, CVE-2021-1671, CVE-2021-1673, CVE-2021-1700, CVE-2021-1701. (CVE-2021-1666)

- Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-1658, CVE-2021-1660, CVE-2021-1664, CVE-2021-1666, CVE-2021-1671, CVE-2021-1673, CVE-2021-1700, CVE-2021-1701. (CVE-2021-1667)

- Microsoft DTV-DVD Video Decoder Remote Code Execution Vulnerability (CVE-2021-1668)

- Windows Remote Desktop Security Feature Bypass Vulnerability (CVE-2021-1669)

- Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-1658, CVE-2021-1660, CVE-2021-1664, CVE-2021-1666, CVE-2021-1667, CVE-2021-1673, CVE-2021-1700, CVE-2021-1701. (CVE-2021-1671)

- Windows Projected File System FS Filter Driver Information Disclosure Vulnerability This CVE ID is unique from CVE-2021-1663, CVE-2021-1670. (CVE-2021-1672)

- Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-1658, CVE-2021-1660, CVE-2021-1664, CVE-2021-1666, CVE-2021-1667, CVE-2021-1671, CVE-2021-1700, CVE-2021-1701. (CVE-2021-1673)

- Windows Remote Desktop Protocol Core Security Feature Bypass Vulnerability (CVE-2021-1674)

- Windows NT Lan Manager Datagram Receiver Driver Information Disclosure Vulnerability (CVE-2021-1676)

- Windows CryptoAPI Denial of Service Vulnerability (CVE-2021-1679)

- Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-1651. (CVE-2021-1680)

- Windows WalletService Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-1686, CVE-2021-1687, CVE-2021-1690. (CVE-2021-1681)

- Windows Kernel Elevation of Privilege Vulnerability (CVE-2021-1682)

- Windows Bluetooth Security Feature Bypass Vulnerability This CVE ID is unique from CVE-2021-1638, CVE-2021-1684. (CVE-2021-1683)

- Windows Bluetooth Security Feature Bypass Vulnerability This CVE ID is unique from CVE-2021-1638, CVE-2021-1683. (CVE-2021-1684)

- Windows AppX Deployment Extensions Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-1642. (CVE-2021-1685)

- Windows WalletService Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-1681, CVE-2021-1687, CVE-2021-1690. (CVE-2021-1686)

- Windows WalletService Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-1681, CVE-2021-1686, CVE-2021-1690. (CVE-2021-1687)

- Windows CSC Service Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-1652, CVE-2021-1653, CVE-2021-1654, CVE-2021-1655, CVE-2021-1659, CVE-2021-1693. (CVE-2021-1688)

- Windows Multipoint Management Elevation of Privilege Vulnerability (CVE-2021-1689)

- Windows WalletService Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-1681, CVE-2021-1686, CVE-2021-1687. (CVE-2021-1690)

- Windows CSC Service Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-1652, CVE-2021-1653, CVE-2021-1654, CVE-2021-1655, CVE-2021-1659, CVE-2021-1688. (CVE-2021-1693)

- Windows Update Stack Elevation of Privilege Vulnerability (CVE-2021-1694)

- Windows Print Spooler Elevation of Privilege Vulnerability (CVE-2021-1695)

- Windows Graphics Component Information Disclosure Vulnerability (CVE-2021-1696)

- Windows InstallService Elevation of Privilege Vulnerability (CVE-2021-1697)

- Windows GDI+ Information Disclosure Vulnerability (CVE-2021-1708)

- Windows Win32k Elevation of Privilege Vulnerability (CVE-2021-1709)

- Microsoft Windows Media Foundation Remote Code Execution Vulnerability (CVE-2021-1710)

- Windows Runtime C++ Template Library Elevation of Privilege Vulnerability (CVE-2021-1650)

- Active Template Library Elevation of Privilege Vulnerability (CVE-2021-1649)

- Microsoft splwow64 Elevation of Privilege Vulnerability (CVE-2021-1648)

- Windows WLAN Service Elevation of Privilege Vulnerability (CVE-2021-1646)

- Windows Docker Information Disclosure Vulnerability (CVE-2021-1645)

- Windows Bluetooth Security Feature Bypass Vulnerability This CVE ID is unique from CVE-2021-1683, CVE-2021-1684. (CVE-2021-1638)

- NTLM Security Feature Bypass Vulnerability (CVE-2021-1678)

- Windows (modem.sys) Information Disclosure Vulnerability (CVE-2021-1699)

- Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-1658, CVE-2021-1660, CVE-2021-1664, CVE-2021-1666, CVE-2021-1667, CVE-2021-1671, CVE-2021-1673, CVE-2021-1701. (CVE-2021-1700)

- Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-1658, CVE-2021-1660, CVE-2021-1664, CVE-2021-1666, CVE-2021-1667, CVE-2021-1671, CVE-2021-1673, CVE-2021-1700. (CVE-2021-1701)

- Windows Remote Procedure Call Runtime Elevation of Privilege Vulnerability (CVE-2021-1702)

- Windows Hyper-V Elevation of Privilege Vulnerability (CVE-2021-1704)

- Microsoft Edge (HTML-based) Memory Corruption Vulnerability (CVE-2021-1705)

- Windows LUAFV Elevation of Privilege Vulnerability (CVE-2021-1706)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Apply Cumulative Update KB4598230.

High

9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

9.4 (CVSS:3.0/E:H/RL:O/RC:C)

8.9

0.6343

9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)

8.1 (CVSS2#E:H/RL:OF/RC:C)

I

Published: 2021/01/12, Modified: 2024/11/29

The remote host is missing one of the following rollup KBs :
- 4598230

- C:\Windows\system32\gdiplus.dll has not been patched.
Remote version : 10.0.17763.1577
Should be : 10.0.17763.1697

The remote Windows host is affected by multiple vulnerabilities.

The remote Windows host is missing security update 5004244. It is, therefore, affected by multiple vulnerabilities.

Apply Cumulative Update 5004244

High

9.9 (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H)

9.5 (CVSS:3.0/E:H/RL:O/RC:C)

9.0

0.1713

9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)

8.1 (CVSS2#E:H/RL:OF/RC:C)

I

Published: 2021/07/13, Modified: 2024/06/17

The remote host is missing one of the following rollup KBs :
- 5004244

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 10.0.17763.1577
Should be : 10.0.17763.2061

The remote Windows host is affected by multiple vulnerabilities.

The remote Windows host is missing security update 5005030.
It is, therefore, affected by multiple vulnerabilities :

- A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. (CVE-2021-26424, CVE-2021-26432, CVE-2021-34530, CVE-2021-34533, CVE-2021-34534, CVE-2021-34535, CVE-2021-36936, CVE-2021-36937, CVE-2021-36947)

- A session spoofing vulnerability exists. An attacker can exploit this to perform actions with the privileges of another user. (CVE-2021-36942)

- An elevation of privilege vulnerability. An attacker can exploit this to gain elevated privileges.
(CVE-2021-26425, CVE-2021-26426, CVE-2021-34483, CVE-2021-34484, CVE-2021-34486, CVE-2021-34487, CVE-2021-34536, CVE-2021-34537, CVE-2021-36948)

- An memory corruption vulnerability exists. An attacker can exploit this to corrupt the memory and cause unexpected behaviors within the system/application.
(CVE-2021-34480)

- An information disclosure vulnerability. An attacker can exploit this to disclose potentially sensitive information. (CVE-2021-26433, CVE-2021-36926, CVE-2021-36932, CVE-2021-36933, CVE-2021-36938)

Apply Cumulative Update KB5005030.

High

9.9 (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H)

9.5 (CVSS:3.0/E:H/RL:O/RC:C)

9.2

0.9355

7.5 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)

6.5 (CVSS2#E:H/RL:OF/RC:C)

I

Published: 2021/08/10, Modified: 2024/06/17

The remote host is missing one of the following rollup KBs :
- 5005030

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 10.0.17763.1577
Should be : 10.0.17763.2114

The remote Windows host is affected by multiple vulnerabilities.

The remote Windows host is missing security update 5007206.
It is, therefore, affected by multiple vulnerabilities:

- A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. (CVE-2021-26443, CVE-2021-38666, CVE-2021-41378, CVE-2021-42275, CVE-2021-42276, CVE-2021-42279)

- An information disclosure vulnerability. An attacker can exploit this to disclose potentially sensitive information. (CVE-2021-38631, CVE-2021-38665, CVE-2021-41371)

- An elevation of privilege vulnerability. An attacker can exploit this to gain elevated privileges.
(CVE-2021-36957, CVE-2021-41366, CVE-2021-41367, CVE-2021-41370, CVE-2021-41377, CVE-2021-41379, CVE-2021-42277, CVE-2021-42278, CVE-2021-42280, CVE-2021-42282, CVE-2021-42283, CVE-2021-42285, CVE-2021-42287, CVE-2021-42291)

- A security feature bypass vulnerability exists. An attacker can exploit this and bypass the security feature and perform unauthorized actions compromising the integrity of the system/application.
(CVE-2021-42288)

- A denial of service (DoS) vulnerability. An attacker can exploit this issue to cause the affected component to deny system or application services. (CVE-2021-41356, CVE-2021-42274, CVE-2021-42284)

Apply Cumulative Update KB5007206.

High

9.0 (CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H)

8.6 (CVSS:3.0/E:H/RL:O/RC:C)

9.6

0.9407

7.7 (CVSS2#AV:A/AC:L/Au:S/C:C/I:C/A:C)

6.7 (CVSS2#E:H/RL:OF/RC:C)

I

Published: 2021/11/09, Modified: 2024/06/17

The remote host is missing one of the following rollup KBs :
- 5007206

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 10.0.17763.1577
Should be : 10.0.17763.2300

The Windows 10 1809 / Windows Server 2019 installation on the remote host is affected by multiple vulnerabilities.

The Windows 10 1809 / Windows Server 2019 installation on the remote host is missing security updates. It is, therefore, affected by multiple vulnerabilities:

- An elevation of privilege vulnerability. An attacker can exploit this to gain elevated privileges.
(CVE-2021-41333, CVE-2021-43207, CVE-2021-43223, CVE-2021-43226, CVE-2021-43229, CVE-2021-43230, CVE-2021-43231, CVE-2021-43237, CVE-2021-43238, CVE-2021-43239, CVE-2021-43240, CVE-2021-43247, CVE-2021-43248, CVE-2021-43880, CVE-2021-43883, CVE-2021-43893)

- An information disclosure vulnerability. An attacker can exploit this to disclose potentially sensitive information. (CVE-2021-43216, CVE-2021-43222, CVE-2021-43224, CVE-2021-43227, CVE-2021-43235, CVE-2021-43236)

- A denial of service (DoS) vulnerability. An attacker can exploit this issue to cause the affected component to deny system or application services. (CVE-2021-43219, CVE-2021-43228)

- A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. (CVE-2021-43217, CVE-2021-43232, CVE-2021-43233, CVE-2021-43234)

Microsoft has released KB5008218 to address this issue.

High

9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

9.4 (CVSS:3.0/E:H/RL:O/RC:C)

9.7

0.2366

7.5 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)

6.5 (CVSS2#E:H/RL:OF/RC:C)

I

Published: 2021/12/14, Modified: 2025/10/06

The remote host is missing one of the following rollup KBs :
- 5008218

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 10.0.17763.1577
Should be : 10.0.17763.2366

The remote Windows host is affected by multiple vulnerabilities.

The remote Windows host is missing security update 5009557.
It is, therefore, affected by multiple vulnerabilities:

- A session spoofing vulnerability exists. An attacker can exploit this to perform actions with the privileges of another user. (CVE-2022-21836)

- A denial of service (DoS) vulnerability. An attacker can exploit this issue to cause the affected component to deny system or application services. (CVE-2022-21839, CVE-2022-21843, CVE-2022-21847, CVE-2022-21848, CVE-2022-21883, CVE-2022-21889, CVE-2022-21890, CVE-2022-21918)

- An information disclosure vulnerability. An attacker can exploit this to disclose potentially sensitive information. (CVE-2022-21876, CVE-2022-21877, CVE-2022-21880, CVE-2022-21904, CVE-2022-21915)

- A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. (CVE-2022-21849, CVE-2022-21850, CVE-2022-21851, CVE-2022-21874, CVE-2022-21878, CVE-2022-21888, CVE-2022-21892, CVE-2022-21893, CVE-2022-21898, CVE-2022-21907, CVE-2022-21912, CVE-2022-21922, CVE-2022-21928, CVE-2022-21958, CVE-2022-21959, CVE-2022-21960, CVE-2022-21961, CVE-2022-21962, CVE-2022-21963)

- An elevation of privilege vulnerability. An attacker can exploit this to gain elevated privileges.
(CVE-2022-21833, CVE-2022-21834, CVE-2022-21835, CVE-2022-21838, CVE-2022-21852, CVE-2022-21857, CVE-2022-21858, CVE-2022-21859, CVE-2022-21860, CVE-2022-21861, CVE-2022-21862, CVE-2022-21863, CVE-2022-21864, CVE-2022-21865, CVE-2022-21866, CVE-2022-21867, CVE-2022-21868, CVE-2022-21869, CVE-2022-21870, CVE-2022-21871, CVE-2022-21872, CVE-2022-21873, CVE-2022-21875, CVE-2022-21879, CVE-2022-21881, CVE-2022-21882, CVE-2022-21884, CVE-2022-21885, CVE-2022-21895, CVE-2022-21896, CVE-2022-21897, CVE-2022-21901, CVE-2022-21902, CVE-2022-21903, CVE-2022-21908, CVE-2022-21910, CVE-2022-21914, CVE-2022-21916, CVE-2022-21919, CVE-2022-21920)

- A security feature bypass vulnerability exists. An attacker can exploit this and bypass the security feature and perform unauthorized actions compromising the integrity of the system/application.
(CVE-2022-21894, CVE-2022-21900, CVE-2022-21905, CVE-2022-21906, CVE-2022-21913, CVE-2022-21924, CVE-2022-21925)

Apply Cumulative Update KB5009557.

Critical

9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

9.4 (CVSS:3.0/E:H/RL:O/RC:C)

9.7

0.9189

10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

8.7 (CVSS2#E:H/RL:OF/RC:C)

I

Core Impact (true) Metasploit (true)

Published: 2022/01/11, Modified: 2024/11/28

The remote host is missing one of the following rollup KBs :
- 5009557

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 10.0.17763.1577
Should be : 10.0.17763.2452

The remote Windows host is affected by multiple vulnerabilities.

The remote Windows host is missing security update 5012591.
It is, therefore, affected by multiple vulnerabilities:

- An elevation of privilege vulnerability. An attacker can exploit this to gain elevated privileges.
(CVE-2022-26790, CVE-2022-26828, CVE-2022-26827, CVE-2022-26807, CVE-2022-26796, CVE-2022-26798, CVE-2022-26808, CVE-2022-26810, CVE-2022-26803, CVE-2022-26802, CVE-2022-26801, CVE-2022-26794, CVE-2022-26792, CVE-2022-26904, CVE-2022-26788, CVE-2022-26793, CVE-2022-26914, CVE-2022-26789, CVE-2022-26797, CVE-2022-26787, CVE-2022-24549, CVE-2022-26795, CVE-2022-26786, CVE-2022-24496, CVE-2022-24544, CVE-2022-24540, CVE-2022-24489, CVE-2022-24486, CVE-2022-24481, CVE-2022-24479, CVE-2022-24527, CVE-2022-24474, CVE-2022-24521, CVE-2022-24550, CVE-2022-24499, CVE-2022-24547, CVE-2022-24546, CVE-2022-24494, CVE-2022-24542, CVE-2022-24530)

- A denial of service (DoS) vulnerability. An attacker can exploit this issue to cause the affected component to deny system or application services. (CVE-2022-26831, CVE-2022-26915, CVE-2022-24538, CVE-2022-24484, CVE-2022-26784)

- A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. (CVE-2022-26824, CVE-2022-26812, CVE-2022-26919, CVE-2022-26918, CVE-2022-26809, CVE-2022-26825, CVE-2022-26916, CVE-2022-26819, CVE-2022-26817, CVE-2022-26815, CVE-2022-26814, CVE-2022-26823, CVE-2022-26811, CVE-2022-26829, CVE-2022-26821, CVE-2022-26917, CVE-2022-26820, CVE-2022-26826, CVE-2022-26818, CVE-2022-26822, CVE-2022-26813, CVE-2022-24545, CVE-2022-24541, CVE-2022-24492, CVE-2022-24491, CVE-2022-24537, CVE-2022-24536, CVE-2022-24487, CVE-2022-24534, CVE-2022-24485, CVE-2022-24533, CVE-2022-26903, CVE-2022-24495, CVE-2022-24528, CVE-2022-21983, CVE-2022-22008, CVE-2022-24500)

- An information disclosure vulnerability. An attacker can exploit this to disclose potentially sensitive information. (CVE-2022-26920, CVE-2022-26816, CVE-2022-24493, CVE-2022-24539, CVE-2022-24490, CVE-2022-26783, CVE-2022-26785, CVE-2022-24498, CVE-2022-24483)

Apply Cumulative Update 5012647

Critical

9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

9.4 (CVSS:3.0/E:H/RL:O/RC:C)

9.0

0.9256

10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

8.7 (CVSS2#E:H/RL:OF/RC:C)

I

Core Impact (true) Metasploit (true)

Published: 2022/04/12, Modified: 2024/11/28

The remote host is missing one of the following rollup KBs :
- 5012647

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 10.0.17763.1577
Should be : 10.0.17763.2803

The remote Windows host is affected by multiple vulnerabilities.

The remote Windows host is missing security update 5016623. It is, therefore, affected by multiple vulnerabilities

- Windows Point-to-Point Protocol (PPP) Denial of Service Vulnerability (CVE-2022-35747, CVE-2022-35769)

- Windows Point-to-Point Protocol (PPP) Remote Code Execution Vulnerability (CVE-2022-30133, CVE-2022-35744)

- Windows Bluetooth Service Remote Code Execution Vulnerability (CVE-2022-30144)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Apply Security Update 5016623

Critical

9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

9.4 (CVSS:3.0/E:H/RL:O/RC:C)

9.2

0.4615

10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

8.7 (CVSS2#E:H/RL:OF/RC:C)

I

Published: 2022/08/09, Modified: 2024/06/17

The remote host is missing one of the following rollup KBs :
- 5016623

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 10.0.17763.1577
Should be : 10.0.17763.3287

The remote Windows host is affected by multiple vulnerabilities.

The remote Windows host is missing security update 5017315. It is, therefore, affected by multiple vulnerabilities

- Windows Photo Import API Elevation of Privilege Vulnerability (CVE-2022-26928)

- Windows Credential Roaming Service Elevation of Privilege Vulnerability (CVE-2022-30170)

- Windows Secure Channel Denial of Service Vulnerability (CVE-2022-30196, CVE-2022-35833)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Apply Security Update 5017315

Critical

9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

9.4 (CVSS:3.0/E:H/RL:O/RC:C)

9.2

0.8578

10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

8.7 (CVSS2#E:H/RL:OF/RC:C)

I

Core Impact (true)

Published: 2022/09/13, Modified: 2024/06/17

The remote host is missing one of the following rollup KBs :
- 5017315

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 10.0.17763.1577
Should be : 10.0.17763.3406

The remote Windows host is affected by multiple vulnerabilities.

The remote Windows host is missing security update 5022840. It is, therefore, affected by multiple vulnerabilities

- Windows iSCSI Discovery Service Remote Code Execution Vulnerability (CVE-2023-21803)

- Microsoft PostScript Printer Driver Remote Code Execution Vulnerability (CVE-2023-21684, CVE-2023-21801)

- Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability (CVE-2023-21685, CVE-2023-21686, CVE-2023-21799)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Apply Security Update 5022840

Critical

9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

9.4 (CVSS:3.0/E:H/RL:O/RC:C)

9.2

0.3497

10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

8.7 (CVSS2#E:H/RL:OF/RC:C)

I

Published: 2023/02/14, Modified: 2024/06/17

The remote host is missing one of the following rollup KBs :
- 5022840

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 10.0.17763.1577
Should be : 10.0.17763.4010

The remote Windows host is affected by multiple vulnerabilities.

The remote Windows host is missing security update 5023702. It is, therefore, affected by multiple vulnerabilities

- An out-of-bounds write vulnerability exists in TPM2.0's Module Library allowing writing of a 2-byte data past the end of TPM2.0 command in the CryptParameterDecryption routine. An attacker who can successfully exploit this vulnerability can lead to denial of service (crashing the TPM chip/process or rendering it unusable) and/or arbitrary code execution in the TPM context. (CVE-2023-1017)

- An out-of-bounds read vulnerability exists in TPM2.0's Module Library allowing a 2-byte read past the end of a TPM2.0 command in the CryptParameterDecryption routine. An attacker who can successfully exploit this vulnerability can read or access sensitive data stored in the TPM. (CVE-2023-1018)

- Remote Procedure Call Runtime Remote Code Execution Vulnerability (CVE-2023-21708, CVE-2023-23405, CVE-2023-24869, CVE-2023-24908)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Apply Security Update 5023702

Critical

9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

9.4 (CVSS:3.0/E:H/RL:O/RC:C)

9.2

0.7729

10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

8.7 (CVSS2#E:H/RL:OF/RC:C)

I

Published: 2023/03/14, Modified: 2024/06/17

The remote host is missing one of the following rollup KBs :
- 5023702

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 10.0.17763.1577
Should be : 10.0.17763.4131

The remote Windows host is affected by multiple vulnerabilities.

The remote Windows host is missing security update 5025229. It is, therefore, affected by multiple vulnerabilities

- Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability (CVE-2023-28275)

- Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability (CVE-2023-28250)

- Microsoft Message Queuing Remote Code Execution Vulnerability (CVE-2023-21554)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Apply Security Update 5025229

Critical

9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

9.4 (CVSS:3.0/E:H/RL:O/RC:C)

9.4

0.9216

10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

8.7 (CVSS2#E:H/RL:OF/RC:C)

I

Core Impact (true) Metasploit (true)

Published: 2023/04/11, Modified: 2024/06/17

The remote host is missing one of the following rollup KBs :
- 5025229

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 10.0.17763.1577
Should be : 10.0.17763.4252

The remote Windows host is affected by multiple vulnerabilities.

The remote Windows host is missing security update 5026362. It is, therefore, affected by multiple vulnerabilities

- Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability (CVE-2023-24943)

- Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability (CVE-2023-28283)

- Server for NFS Denial of Service Vulnerability (CVE-2023-24939)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Apply Security Update 5026362

Critical

9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

9.1 (CVSS:3.0/E:F/RL:O/RC:C)

8.4

0.4022

10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

8.3 (CVSS2#E:F/RL:OF/RC:C)

I

Published: 2023/05/09, Modified: 2024/06/17

The remote host is missing one of the following rollup KBs :
- 5026362

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 10.0.17763.1577
Should be : 10.0.17763.4377

The remote Windows host is affected by multiple vulnerabilities.

The remote Windows host is missing security update 5027222. It is, therefore, affected by multiple vulnerabilities

- Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability (CVE-2023-29363, CVE-2023-32014, CVE-2023-32015)

- Windows Collaborative Translation Framework Elevation of Privilege Vulnerability (CVE-2023-32009)

- Microsoft ODBC Driver Remote Code Execution Vulnerability (CVE-2023-29373)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Apply Security Update 5027222

Critical

9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

9.4 (CVSS:3.0/E:H/RL:O/RC:C)

9.2

0.2211

10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

8.7 (CVSS2#E:H/RL:OF/RC:C)

I

Core Impact (true)

Published: 2023/06/13, Modified: 2024/06/17

The remote host is missing one of the following rollup KBs :
- 5027222

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 10.0.17763.1577
Should be : 10.0.17763.4499

The remote Windows host is affected by multiple vulnerabilities.

The remote Windows host is missing security update 5028168. It is, therefore, affected by multiple vulnerabilities

- Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability (CVE-2023-35365, CVE-2023-35366, CVE-2023-35367)

- Windows Netlogon Information Disclosure Vulnerability (CVE-2023-21526)

- Windows Win32k Elevation of Privilege Vulnerability (CVE-2023-21756)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Apply Security Update 5028168

Critical

9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

9.4 (CVSS:3.0/E:H/RL:O/RC:C)

9.5

0.6873

10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

8.7 (CVSS2#E:H/RL:OF/RC:C)

I

Core Impact (true) Metasploit (true)

Published: 2023/07/11, Modified: 2024/06/17

The remote host is missing one of the following rollup KBs :
- 5028168

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 10.0.17763.1577
Should be : 10.0.17763.4644

The remote Windows host is affected by multiple vulnerabilities.

The remote Windows host is missing security update 5029247. It is, therefore, affected by multiple vulnerabilities

- Microsoft Message Queuing Remote Code Execution Vulnerability (CVE-2023-35385, CVE-2023-36910, CVE-2023-36911)

- Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability (CVE-2023-36882)

- Windows Bluetooth A2DP driver Elevation of Privilege Vulnerability (CVE-2023-35387)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Apply Security Update 5029247

Critical

9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

9.4 (CVSS:3.0/E:H/RL:O/RC:C)

9.6

0.9322

10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

8.7 (CVSS2#E:H/RL:OF/RC:C)

I

Core Impact (true)

Published: 2023/08/08, Modified: 2024/11/13

The remote host is missing one of the following rollup KBs :
- 5029247

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 10.0.17763.1577
Should be : 10.0.17763.4737

The remote Windows host is affected by multiple vulnerabilities.

The remote Windows host is missing security update 5031361. It is, therefore, affected by multiple vulnerabilities

- The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. (CVE-2023-44487)
- Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability (CVE-2023-36577)

- Windows IIS Server Elevation of Privilege Vulnerability (CVE-2023-36434)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Apply Security Update 5031361

Critical

9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

9.4 (CVSS:3.0/E:H/RL:O/RC:C)

8.4

0.9443

10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

8.7 (CVSS2#E:H/RL:OF/RC:C)

I

Core Impact (true)

Published: 2023/10/10, Modified: 2024/06/17

The remote host is missing one of the following rollup KBs :
- 5031361

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 10.0.17763.1577
Should be : 10.0.17763.4974

The remote Windows host is affected by multiple vulnerabilities.

The remote Windows host is missing security update 5032196. It is, therefore, affected by multiple vulnerabilities

- Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability (CVE-2023-36402)

- Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability (CVE-2023-36397)

- Microsoft Protected Extensible Authentication Protocol (PEAP) Remote Code Execution Vulnerability (CVE-2023-36028)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Apply Security Update 5032196

Critical

9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

9.4 (CVSS:3.0/E:H/RL:O/RC:C)

9.5

0.9021

10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

8.7 (CVSS2#E:H/RL:OF/RC:C)

I

Core Impact (true)

Published: 2023/11/14, Modified: 2024/06/17

The remote host is missing one of the following rollup KBs :
- 5032196

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 10.0.17763.1577
Should be : 10.0.17763.5122

The remote Windows host is affected by multiple vulnerabilities.

The remote Windows host is missing security update 5040430. It is, therefore, affected by multiple vulnerabilities

- RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response (Access-Accept, Access-Reject, or Access-Challenge) to any other response using a chosen- prefix collision attack against MD5 Response Authenticator signature. (CVE-2024-3596)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Apply Security Update 5040430

Critical

9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

9.4 (CVSS:3.0/E:H/RL:O/RC:C)

9.5

0.9286

10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

8.7 (CVSS2#E:H/RL:OF/RC:C)

I

Core Impact (true)

Published: 2024/07/09, Modified: 2025/10/06

The remote host is missing one of the following rollup KBs :
- 5040430

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 10.0.17763.1577
Should be : 10.0.17763.6054

The remote Windows host is affected by multiple vulnerabilities.

The remote Windows host is missing security update 5041578. It is, therefore, affected by multiple vulnerabilities

- An elevation of privilege vulnerability exists in Windows based systems supporting Virtualization Based Security (VBS) including a subset of Azure Virtual Machine SKUS. This can allow an attacker with administrator privileges to replace current versions of Windows system files with outdated versions. By exploiting this vulnerability, an attacker could reintroduce previously mitigated vulnerabilities, circumvent some features of VBS, and exfiltrate data protected by VBS. (CVE-2024-21302)

- A buffer overflow was found in grub_font_construct_glyph(). A malicious crafted pf2 font can lead to an overflow when calculating the max_glyph_size value, allocating a smaller than needed buffer for the glyph, this further leads to a buffer overflow and a heap based out-of-bounds write. An attacker may use this vulnerability to circumvent the secure boot mechanism. (CVE-2022-2601)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Apply Security Update 5041578

Critical

9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

9.4 (CVSS:3.0/E:H/RL:O/RC:C)

9.6

0.9006

10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

8.7 (CVSS2#E:H/RL:OF/RC:C)

I

Core Impact (true)

Published: 2024/08/13, Modified: 2025/10/06

The remote host is missing one of the following rollup KBs :
- 5041578

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 10.0.17763.1577
Should be : 10.0.17763.6189

The remote Windows host is affected by multiple vulnerabilities.

The remote Windows host is missing security update 5043050. It is, therefore, affected by multiple vulnerabilities

- Windows MSHTML Platform Spoofing Vulnerability (CVE-2024-43461)

- Windows Remote Desktop Licensing Service Spoofing Vulnerability (CVE-2024-43455)

- Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability (CVE-2024-38260, CVE-2024-38263, CVE-2024-43454, CVE-2024-43467)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Apply Security Update 5043050

Critical

9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

9.1 (CVSS:3.0/E:F/RL:O/RC:C)

8.4

0.2639

10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

8.3 (CVSS2#E:F/RL:OF/RC:C)

I

Core Impact (true)

Published: 2024/09/10, Modified: 2025/10/22

The remote host is missing one of the following rollup KBs :
- 5043050

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 10.0.17763.1577
Should be : 10.0.17763.6292

The remote Windows host is affected by multiple vulnerabilities.

The remote Windows host is missing security update 5044277. It is, therefore, affected by multiple vulnerabilities

- libcurl's ASN1 parser has this utf8asn1str() function used for parsing an ASN.1 UTF-8 string. Itcan detect an invalid field and return error. Unfortunately, when doing so it also invokes `free()` on a 4 byte localstack buffer. Most modern malloc implementations detect this error and immediately abort. Some however accept the input pointer and add that memory to its list of available chunks. This leads to the overwriting of nearby stack memory. The content of the overwrite is decided by the `free()` implementation; likely to be memory pointers and a set of flags. The most likely outcome of exploting this flaw is a crash, although it cannot be ruled out that more serious results can be had in special circumstances. (CVE-2024-6197)
- Remote Desktop Client Remote Code Execution Vulnerability (CVE-2024-43599)

- An unauthenticated attacker could send a specially crafted protocol message to a Routing and Remote Access Service (RRAS) server, which could lead to remote code execution (RCE) on the RAS server machine.
(CVE-2024-43607)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Apply Security Update 5044277

Critical

9.0 (CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H)

8.6 (CVSS:3.0/E:H/RL:O/RC:C)

9.6

0.5847

10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

8.7 (CVSS2#E:H/RL:OF/RC:C)

I

Published: 2024/10/08, Modified: 2024/11/18

The remote host is missing one of the following rollup KBs :
- 5044277

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 10.0.17763.1577
Should be : 10.0.17763.6414

The remote Windows host is affected by multiple vulnerabilities.

The remote Windows host is missing security update 5046615. It is, therefore, affected by multiple vulnerabilities

- Windows Kerberos Remote Code Execution Vulnerability (CVE-2024-43639)

- Windows NT OS Kernel Elevation of Privilege Vulnerability (CVE-2024-43623)

- Windows Telephony Service Elevation of Privilege Vulnerability (CVE-2024-43626)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Apply Security Update 5046615

Critical

9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

9.4 (CVSS:3.0/E:H/RL:O/RC:C)

10.0

0.9039

10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

8.7 (CVSS2#E:H/RL:OF/RC:C)