D$482-$ Secure Network Design Company B Vulnerability Report Company B performed this vulnerability assessment in anticipation of system integration with Company A$.$ This assessment was performed by a qualified third$-$party assessor, and this report has been generated with the results. This assessment was performed in accordance with a methodology described in NIST $800-30$ Rev $1$ to identify the following: Vulnerabilities using the CVSS model Severity Likelihood of occurrence Table A$.$ Risk ClassificationsRisk LevelDescriptionHighThe loss of confidentiality, integrity, or availability may be expected to have a severe or catastrophic adverse effect on organizational operations, organizational assets, or individuals.ModerateThe loss of confidentiality, integrity, or availability may be expected to have a serious adverse effect on organizational operations, organizational assets, or individuals.LowThe loss of confidentiality, integrity, or availability may be expected to have a limited adverse effect on organizational operations, organizational assets, or individuals. Table B$.$ Severity Severity Level $($CVSS Model$)$DescriptionCritical Exploitation of the vulnerability likely results in root$-$level compromise of servers or infrastructure devices. Exploitation is usually straightforward in the sense that the attacker does not need any special authentication credentials or knowledge about individual victims and does not need to persuade a target user, for example, via social engineering, to perform any special functions.High The vulnerability is difficult to exploit. Exploitation could result in elevated privileges. Exploitation could result in significant data loss or downtime.Medium Vulnerabilities that require the attacker to manipulate individual victims via social engineering tactics. Denial of service vulnerabilities that are difficult to set up$.$ Exploits that require an attacker to reside on the same local network as the victim. Vulnerabilities where exploitation provides only very limited access. Vulnerabilities that require user privileges for successful exploitation. LowExploitation of such vulnerabilities usually requires local or physical system access and would have little impact on the organization. Table C$.$ Level of Effort Level of EffortDescriptionHighThis requires a high level of dedicated effort from one or more teams on critical systems, including patching, multiple configuration changes, or highly technical changes that risk bringing services down.ModerateThis is a medium$-$level effort that requires substantial dedication from a partial or entire team. This could impact services or cause a partial outage.LowThese are individual or small team efforts generally requiring a minimal time commitment and require running an update or remedial command or series of commands that will not impact production services. Table D$.$ System InventorySystem ComponentsServersVirtualized farm running on Hyper$-$V $(2$ hosts$).$ Windows Server $2019$ and Ubuntu Linux. Approximately $20$ virtualized servers $($across the $2$ hosts$),$ including the following roles: $($Ubuntu Linux$)$ FTP server for EDI Incoming Operations $3$x Domain Controllers $(1$ used for M$365$ identity sync$)1$x File Storage$/$Server $1$x Ruby On Rails server $3$x ElasticSearch servers $($cluster$)5$x web application servers $($Ubuntu Linux cluster, $1$x PostGRESQL, $1$x MariaDB SQL$,3$x running nginX Plus w$\backslash$reverse caching proxy, $1$x running Apache Tomcat, PHP $8,$ hosting SSL$/$TLS certificates$)4$x Remote Desktop Servers for internal shared$/$applications $2$x legacy Exchange servers $($post$-$migration$)75$ WorkstationsWindows XP$,7,10/11$ Pro, Ubuntu Linux, MacOSSwitchesHPE JL$262$A Aruba $2930$F $48$G PoE$+$ Firewall$2$x Sophos XG firewallsBorder routerVerizon FIOS router $($CR$1000$A$)$Laptops Windows $10,11,$ Ubuntu $22\mathrm{.}04$ LTS$,$ MacOS $($Ventura$,$ Monterey, Big Sur$)$Wireless Access Points$10$x HPE JZ$337$A Aruba AP$-535$Cable plantCat$6$a Table E$.$ Risk IdentificationRisk #Vulnerability $($NVT Name$)$NVT OIDSeverityRiskLevel of Effort$1$Distributed Ruby $($dRuby$/$DRb$)$ Multiple Remote Code Execution Vulnerabilities$1\mathrm{.}3\mathrm{.}6\mathrm{.}1\mathrm{.}4\mathrm{.}1\mathrm{.}25623\mathrm{.}1\mathrm{.}0\mathrm{.}108010$CriticalHighHigh$2$MFA not enforced across all users HighHighHigh$3$Rexec service is running$1\mathrm{.}3\mathrm{.}6\mathrm{.}1\mathrm{.}4\mathrm{.}1\mathrm{.}25623\mathrm{.}1\mathrm{.}0\mathrm{.}100111$HighHighLow$4$All users have local administrative privileges MediumModerateHigh$5$Java RMI Server Insecure Default Configuration Remote Code Execution Vulnerability on publicly$-$facing server$1\mathrm{.}3\mathrm{.}6\mathrm{.}1\mathrm{.}4\mathrm{.}1\mathrm{.}25623\mathrm{.}1\mathrm{.}0\mathrm{.}140051$CriticalHighModerate$6$Operating System $($OS$)$ End of Life $($EOL$)$ Detection$1\mathrm{.}3\mathrm{.}6\mathrm{.}1\mathrm{.}4\mathrm{.}1\mathrm{.}25623\mathrm{.}1\mathrm{.}0\mathrm{.}103674$CriticalHighLow$7$rlogin Passwordless Login$1\mathrm{.}3\mathrm{.}6\mathrm{.}1\mathrm{.}4\mathrm{.}1\mathrm{.}25623\mathrm{.}1\mathrm{.}0\mathrm{.}113766$HighModerateLow$8$Apache Tomcat AJP RCE Vulnerability $($Ghostcat$)1\mathrm{.}3\mathrm{.}6\mathrm{.}1\mathrm{.}4\mathrm{.}1\mathrm{.}25623\mathrm{.}1\mathrm{.}0\mathrm{.}143545$CriticalHighModerate$9$PostgreSQL weak password$1\mathrm{.}3\mathrm{.}6\mathrm{.}1\mathrm{.}4\mathrm{.}1\mathrm{.}25623\mathrm{.}1\mathrm{.}0\mathrm{.}103552$HighHighLow$10$PostgreSQL admin is reachable from internet CriticalHighLow$11$VNC Brute Force Login$1\mathrm{.}3\mathrm{.}6\mathrm{.}1\mathrm{.}4\mathrm{.}1\mathrm{.}25623\mathrm{.}1\mathrm{.}0\mathrm{.}106056$HighHighLow$12$FTP Brute Force Logins Reporting$1\mathrm{.}3\mathrm{.}6\mathrm{.}1\mathrm{.}4\mathrm{.}1\mathrm{.}25623\mathrm{.}1\mathrm{.}0\mathrm{.}108718$HighHighLow$13$phpinfo$()$ output Reporting$1\mathrm{.}3\mathrm{.}6\mathrm{.}1\mathrm{.}4\mathrm{.}1\mathrm{.}25623\mathrm{.}1\mathrm{.}0\mathrm{.}11229$HighModerateLow$14$vsftpd Compromised Source Packages Backdoor Vulnerability$1\mathrm{.}3\mathrm{.}6\mathrm{.}1\mathrm{.}4\mathrm{.}1\mathrm{.}25623\mathrm{.}1\mathrm{.}0\mathrm{.}103185$HighHighModerate$15$rsh Unencrypted Cleartext Login$1\mathrm{.}3\mathrm{.}6\mathrm{.}1\mathrm{.}4\mathrm{.}1\mathrm{.}25623\mathrm{.}1\mathrm{.}0\mathrm{.}100080$HighModerateModerate$16$SSL$/$TLS: OpenSSL CCS Man in the Middle Security Bypass Vulnerability$1\mathrm{.}3\mathrm{.}6\mathrm{.}1\mathrm{.}4\mathrm{.}1\mathrm{.}25623\mathrm{.}1\mathrm{.}0\mathrm{.}105042$HighModerateModerate$17$Anonymous FTP Login Reporting$1\mathrm{.}3\mathrm{.}6\mathrm{.}1\mathrm{.}4\mathrm{.}1\mathrm{.}25623\mathrm{.}1\mathrm{.}0\mathrm{.}900600$Moderate Low$18$Samba MS$-$RPC Remote Shell Command Execution Vulnerability $-$ Active Check$1\mathrm{.}3\mathrm{.}6\mathrm{.}1\mathrm{.}4\mathrm{.}1\mathrm{.}25623\mathrm{.}1\mathrm{.}0\mathrm{.}108011$HighModerateHigh$19$SSL$/$TLS: Deprecated SSLv$2$ and SSLv$3$ Protocol Detection$1\mathrm{.}3\mathrm{.}6\mathrm{.}1\mathrm{.}4\mathrm{.}1\mathrm{.}25623\mathrm{.}1\mathrm{.}0\mathrm{.}111012$ModerateModerateModerate$20$Weak Host Key Algorithm$($s$)($SSH$)1\mathrm{.}3\mathrm{.}6\mathrm{.}1\mathrm{.}4\mathrm{.}1\mathrm{.}25623\mathrm{.}1\mathrm{.}0\mathrm{.}117687$ModerateModerateModerate