RELAYTO Endpoints Penetration Test Results (17/101)

Pass Cisco IOS Extensible Authentication Protocol Vulnerability (cisco-sr-20071019-eap) CVE-2007-5651 22 Jul 2013 7.1 (v2) High Pass Cisco Expressway Series and TelePresence Video Communication DoS (cisco-sa-expressway-vcs-dos-n6xxTMZB) CVE-2020-3596 09 Oct 2020 7.5 (v3) High Pass Puppet Enterprise 2015.x / 2016.x < 2016.4.0 Multiple Vulnerabilities CVE-2016-5715 09 Oct 2019 6.1 (v3) Medium Pass RealNetworks Helix DNA Server RTSP Service Crafted Require Header Remote Over fl ow CVE-2007-4561 28 Aug 2007 10 (v2) Critical Pass Cisco Web Security Appliance Version 26 Jul 2013 None Pass Mercury SMTP Server AUTH CRAM-MD5 Remote Bu ff er Over fl ow CVE-2007-4440 23 Aug 2007 7.5 (v2) High Pass Sybase ASA Client Connection Broadcast Remote Information Disclosure 22 Aug 2007 5 (v2) Medium Pass Sybase ASA Default Database Password 22 Aug 2007 7.5 (v2) High Pass Cisco Content Security Management Appliance Version 26 Jul 2013 None Pass Juniper Junos OSPF Protocol Vulnerability (JSA10582) CVE-2013-0149 CVE-2013-7313 02 Aug 2013 7.8 (v2) High Pass Trend Micro ServerProtect Multiple Remote Over fl ows CVE-2007-4218 CVE-2007-4219 CVE-2007-4731 22 Aug 2007 10 (v2) Critical Pass SIDVault < 2.0f LDAP Server Malformed Search Request Bu ff er Over fl ow CVE-2007-4566 28 Aug 2007 10 (v2) Critical Pass OSPF LSA Manipulation Vulnerability in Cisco IOS (cisco-sa-20130801-lsaospf) CVE-2013-0149 16 Aug 2013 5.8 (v2) Medium Pass OSPF LSA Manipulation Vulnerability in Cisco NX-OS (cisco-sa-20130801-lsaospf) CVE-2013-0149 16 Aug 2013 5.8 (v2) Medium Pass HP Switch Identi fi cation 13 Aug 2013 None Pass OpenSSL 1.0.2 < 1.0.2d Multiple Vulnerabilities CVE-2015-1793 CVE-2015-3196 09 Jul 2015 6.5 (v3) Medium Pass Cisco Nexus 1000V VEM DoS (CSCtj17451) CVE-2011-0355 13 Aug 2013 7.8 (v2) High Pass lighttpd mod_fastcgi HTTP Request Header Remote Over fl ow CVE-2007-4727 17 Sep 2007 5.6 (v3) Medium Pass Kerio MailServer < 6.4.1 Attachment Filter Unspeci fi ed Vulnerability CVE-2007-3993 05 Sep 2007 10 (v2) Critical Pass OEJP Daemon Detection 28 Sep 2007 None Pass Web Server Transmits Cleartext Credentials 28 Sep 2007 2.6 (v2) Low Pass Hexamail Server pop3 Service USER Command Remote Over fl ow CVE-2007-4646 11 Sep 2007 10 (v2) Critical Pass BrightStor Hierarchical Storage Manager < r11.6 Multiple Remote Vulnerabilities CVE-2007-5082 CVE-2007-5083 CVE-2007-5084 04 Oct 2007 10 (v2) Critical Pass CA BrightStor HSM Engine Detection (UDP) 04 Oct 2007 None Pass Microsoft Windows SMB Blank Administrator Password CVE-1999-0504 CVE-1999-0505 CVE-1999-0506 CVE-2000-0222 CVE-2005-3595 04 Oct 2007 10 (v2) Critical Pass SSL Weak Cipher Suites Supported 08 Oct 2007 5.3 (v3) Medium Pass MagniComp SysInfo Agent Accessible 10 Oct 2007 5 (v2) Medium Pass CA BrightStor ARCserve Backup Multiple Remote Vulnerabilities (QO91094) CVE-2007-5325 CVE-2007-5326 CVE-2007-5327 CVE-2007-5328 CVE-2007-5329 CVE-2007-5330 CVE-2007-5331 CVE-2007-5332 12 Oct 2007 10 (v2) Critical Pass HP Linux Imaging and Printing Project (hplip) hpssd from Address Command Injection CVE-2007-5208 15 Oct 2007 7.6 (v2) High Pass CA Host-Based Intrusion Prevention System Server Default Credentials 23 Oct 2007 7.5 (v2) High Pass Datagram Transport Layer Security Detection 16 Oct 2007 None Pass HP Linux Imaging and Printing System HPSSD Daemon Detection 15 Oct 2007 None Pass K2 KeyServer Default Credentials 12 Oct 2007 7.5 (v2) High Pass Perdition IMAPD IMAP Tag Remote Format String Arbitrary Code Execution CVE-2007-5740 01 Nov 2007 7.5 (v2) High Pass Citrix Application Delivery Controller (ADC) / Citrix NetScaler Detection 06 Dec 2007 None Pass TikiWiki < 1.9.8.2 Multiple Scripts Local File Inclusion CVE-2007-5684 26 Oct 2007 5.1 (v2) Medium Pass Multiple Vulnerabilities in Cisco Wireless LAN Controllers (cisco-sa-20130123-wlc) CVE-2013-1102 CVE-2013-1103 CVE-2013-1104 CVE-2013-1105 25 Sep 2013 9 (v2) High Pass SNMP GETBULK Large max-repetitions Remote DoS CVE-2007-5846 09 Nov 2007 7.8 (v2) High Pass ManageEngine OpManager Login.do Multiple Parameter XSS CVE-2007-5891 07 Nov 2007 4.3 (v2) Medium Pass IBM Lotus Domino < 7.0.2 FP2 Multiple Vulnerabilities CVE-2007-5924 10 Nov 2007 10 (v2) Critical Pass IBM Lotus Domino < 6.5.6 FP2 Multiple Vulnerabilities CVE-2007-3510 CVE-2007-5924 10 Nov 2007 10 (v2) Critical Pass IBM Domino Detection (uncredentialed check) 10 Nov 2007 None Pass Mac OS X 10.8 < 10.8.5 Supplemental Update CVE-2013-5163 04 Oct 2013 6.6 (v2) Medium Pass Plumtree Portal Default Credentials 02 Dec 2007 7.5 (v2) High Pass I Hear U Detection 27 Nov 2007 None Pass NetScaler Web Management Successful Authentication 06 Dec 2007 None Pass ipMonitor Encoded Traversal Arbitrary File Access 13 Dec 2007 5 (v2) Medium Pass Rendezvous < 8.0.0 Crafted Packet Remote DoS CVE-2007-4158 02 Dec 2007 7.8 (v2) High Pass Cisco IOS Software DHCP Denial of Service Vulnerability (cisco-sa-20130925-dhcp) CVE-2013-5475 07 Oct 2013 7.8 (v2) High Pass MS07-065: Vulnerability in Message Queuing Could Allow Remote Code Execution (937894) (uncredentialed check) CVE-2007-3039 12 Dec 2007 10 (v2) Critical Pass Fire fl y Media Server Limited Directory Traversal Admin Credential Disclosure 10 Dec 2007 7.5 (v2) High Pass Websense Reporting Tools WsCgiLogin.exe username Parameter XSS CVE-2007-6312 11 Dec 2007 4.3 (v2) Medium Pass Cisco IOS Software Network Address Translation Vulnerabilities (cisco-sa-20130925-nat) CVE-2013-5479 CVE-2013-5480 CVE-2013-5481 07 Oct 2013 7.8 (v2) High Pass CUPS SNMP Back End (backend/snmp.c) asn1_get_string Function Crafted SNMP Response Remote Over fl ow CVE-2007-5849 19 Dec 2007 9.3 (v2) High Pass WordPress 'query.php' is_admin() Function Information Disclosure 23 Dec 2007 5 (v2) Medium Pass Cisco IOS Software Queue Wedge Denial of Service Vulnerability (cisco-sa-20130925-wedge) CVE-2013-5477 07 Oct 2013 7.8 (v2) High Pass CuteNews search.php fi les_arch Array Arbitrary File Access 26 Dec 2007 5 (v2) Medium Pass ClamAV clamav-milter black-hole-mode Sendmail Recipient Field Arbitrary Command Execution CVE-2007-4560 03 Jan 2008 7.6 (v2) High Pass RunCMS Detection 07 Jan 2008 None Pass AXIS Camera Uncon fi gured Password Detection 09 Apr 2019 9.8 (v3) Critical Pass Cisco Open Network Environment Platform Unvalidated Pointer (CSCui51551) CVE-2013-5496 11 Oct 2013 6.3 (v2) Medium Pass Xerox WorkCentre Multiple Samba Vulnerabilities (XRX08-001) CVE-2007-2446 CVE-2007-2447 14 Jan 2008 10 (v2) Critical Pass Juniper Junos J-Web CSRF Protection Bypass (JSA10597) CVE-2013-4689 17 Oct 2013 9.3 (v2) High Pass Juniper Junos SRX Series fl owd Remote DoS (JSA10596) CVE-2013-6015 17 Oct 2013 7.8 (v2) High Pass Juniper Junos PIM Remote Denial of Service (JSA10548) CVE-2013-6170 17 Oct 2013 6.3 (v2) Medium Pass netOctopus Agent Detection (UDP) 14 Jan 2008 None Pass Blind Command Injection Vulnerability in Grandstream Products CVE-2019-10656 CVE-2019-10657 CVE-2019-10658 08 Apr 2019 8.8 (v3) High Pass Juniper Junos SRX Series fl owd telnet Messages Remote Code Execution (JSA10594) CVE-2013-6013 17 Oct 2013 10 (v2) Critical Pass Juniper Junos Unnumbered Interface Cache Poisoning Remote DoS and Information Disclosure (JSA10595) CVE-2013-6014 17 Oct 2013 6.1 (v2) Medium Pass Juniper Junos GNU libc glob Remote DoS (JSA10598) CVE-2010-2632 17 Oct 2013 6.8 (v2) Medium Pass IBM WebSphere Application Server 8.5 < Fix Pack 1 Multiple Vulnerabilities CVE-2012-2159 CVE-2012-2190 CVE-2012-2191 CVE-2012-3293 CVE-2012-3304 CVE-2012-3305 CVE-2012-3306 CVE-2012-3311 CVE-2012-3325 CVE-2012-3330 CVE-2012-4850 CVE-2012-4851 CVE-2012-4853 20 Nov 2012 7.5 (v2) High Pass Mac OS X 10.x < 10.9 Multiple Vulnerabilities (BEAST) CVE-2011-2391 CVE-2011-3389 CVE-2011-3427 CVE-2011-4944 CVE-2012-0845 CVE-2012-0876 CVE-2012-1150 CVE-2013-0249 CVE-2013-1667 CVE-2013-1944 CVE-2013-3950 CVE-2013-3954 CVE-2013-4073 CVE-2013-5135 CVE-2013-5138 CVE-2013-5 23 Oct 2013 9.3 (v2) High Pass HTTP DoS Vulnerability in Cisco Wireless LAN Controllers CVE-2013-6684 03 Dec 2013 6.8 (v2) Medium Pass Citadel/UX lprintf() Function Remote Format String CVE-2004-1192 13 Dec 2004 10 (v2) Critical Pass HP Data Protector Multiple Vulnerabilities (HPSBMU02895 SSRT101253) CVE-2013-2344 CVE-2013-2345 CVE-2013-2346 CVE-2013-2347 CVE-2013-2348 CVE-2013-2349 CVE-2013-2350 CVE-2013-6194 CVE-2013-6195 06 Jan 2014 10 (v2) Critical Pass Symantec Messaging Gateway 10.x < 10.7.0 Information Disclosure Vulnerability (SYMSA1482) CVE-2019-9699 24 May 2019 4.5 (v3) Medium Pass Apple TV < 9.2.1 Multiple Vulnerabilities CVE-2016-1801 CVE-2016-1802 CVE-2016-1803 CVE-2016-1807 CVE-2016-1808 CVE-2016-1811 CVE-2016-1813 CVE-2016-1814 CVE-2016-1817 CVE-2016-1818 CVE-2016-1819 CVE-2016-1823 CVE-2016-1824 CVE-2016-1827 CVE-2016-1828 CVE-2016-1 24 May 2016 7.8 (v3) High Pass Juniper Junos XNM Command Remote DoS (JSA10607) CVE-2014-0613 16 Jan 2014 5 (v2) Medium Pass Juniper Junos CLI Multiple Privilege Escalation Vulnerabilities (JSA10608) CVE-2014-0615 16 Jan 2014 7.2 (v2) High Pass Juniper Junos CLI libc recomp() rpd DoS (JSA10612) CVE-2010-4051 CVE-2010-4052 16 Jan 2014 2.1 (v2) Low Pass Cisco Data Center Network Manager XSS (cisco-sa-dncm-xss-AvMyAwd2) CVE-2020-3348 CVE-2020-3349 28 Jul 2020 4.8 (v3) Medium Pass Juniper Junos SRX Series fl owd Remote DoS (JSA10610) CVE-2014-0617 16 Jan 2014 7.8 (v2) High Pass Cisco WLC Web-Based Management Interface XSS Vulnerability (CSCuf77810) CVE-2013-5519 12 Feb 2014 4.3 (v2) Medium Pass IBM WebSphere Application Server 7.0 < Fix Pack 27 Multiple Vulnerabilities CVE-2012-3330 CVE-2012-4853 CVE-2013-0458 CVE-2013-0459 CVE-2013-0460 CVE-2013-0461 25 Jan 2013 6.8 (v2) Medium Pass Cisco ASA AnyConnect Client Authentication Attempt Handling Information Disclosure (cisco-sa-20160115-asa) CVE-2016-1295 06 Jul 2016 5.3 (v3) Medium Pass Palo Alto Networks PAN-OS 3.1.10 / 4.x < 4.0.5 Multiple Command Injections CVE-2012-6591 CVE-2012-6592 05 Mar 2014 10 (v2) Critical Pass Oracle GlassFish Server 3.1.2.x < 3.1.2.15 Multiple Vulnerabilities (July 2016 CPU) CVE-2015-3237 CVE-2016-3607 20 Jul 2016 9.8 (v3) Critical Pass Cisco RV110W, RV130W, and RV215W Routers Syslog Disclosure (cisco-sa-20190619-rv- fi leaccess) CVE-2019-1898 19 Jun 2019 5.3 (v3) Medium Pass Palo Alto Networks PAN-OS < 3.1.10 / 4.x < 4.0.4 Multiple Command Injections CVE-2012-6593 CVE-2012-6602 05 Mar 2014 10 (v2) Critical Pass Palo Alto Networks PAN-OS < 3.1.11 / 4.0.x < 4.0.8 / 4.1.x < 4.1.1 Command Injection CVE-2012-6594 05 Mar 2014 9 (v2) High Pass ISC BIND Race Condition Vulnerability (CVE-2019-6471) CVE-2019-6471 28 Jun 2019 5.9 (v3) Medium Pass Palo Alto Networks PAN-OS < 4.0.9 / 4.1.x < 4.1.3 Information Disclosure CVE-2012-6596 05 Mar 2014 6.5 (v2) Medium Pass Palo Alto Networks PAN-OS < 4.0.8 / 4.1.x < 4.1.1 Command Injection CVE-2012-6599 05 Mar 2014 9 (v2) High Pass Siemens SCALANCE X-200IRT < 5.2.0 Session Hijacking CVE-2015-1049 16 Feb 2015 6.8 (v2) Medium Pass PHP 7.3.x < 7.3.7 Multiple Vulnerabilities. 12 Jul 2019 6.5 (v3) Medium Pass Palo Alto Networks PAN-OS < 3.1.12 / 4.0.x < 4.0.10 / 4.1.x < 4.1.4 Multiple Vulnerabilities CVE-2012-6601 CVE-2012-6603 05 Mar 2014 10 (v2) Critical Pass Palo Alto Networks PAN-OS < 4.0.14 / 4.1.x < 4.1.11 / 5.0.x < 5.0.2 Security Bypass CVE-2013-5663 05 Mar 2014 4.3 (v2) Medium Pass Palo Alto Networks PAN-OS < 4.1.13 / 5.0.x < 5.0.6 XSS CVE-2013-5664 05 Mar 2014 3.5 (v2) Low Pass Palo Alto Networks PAN-OS < 5.0.10 / 5.1.x < 5.1.5 XSS 07 Mar 2014 3.5 (v2) Low Pass Apple TV < 9.2.2 Multiple Vulnerabilities CVE-2016-1684 CVE-2016-1836 CVE-2016-1863 CVE-2016-1865 CVE-2016-4447 CVE-2016-4448 CVE-2016-4449 CVE-2016-4483 CVE-2016-4582 CVE-2016-4583 CVE-2016-4584 CVE-2016-4585 CVE-2016-4586 CVE-2016-4587 CVE-2016-4588 CVE-2016-4 21 Jul 2016 9.8 (v3) Critical Pass Juniper Junos J-Web Persistent XSS (JSA10619) CVE-2014-2711 14 Apr 2014 4.3 (v2) Medium Pass Palo Alto Networks PAN-OS 5.0.9 Multiple Vulnerabilities 05 Mar 2014 3.5 (v2) Low Pass McAfee Web Gateway < 7.3.2.6 / 7.4.1 Information Disclosure (SB10063) CVE-2014-2535 21 Mar 2014 4 (v2) Medium Pass Palo Alto Networks PAN-OS 4.1.x < 4.1.16 / 5.0.x < 5.0.10 / 5.1.x < 5.1.5 API Key Bypass Flaw 21 Mar 2014 3.5 (v2) Low Pass PHP 5.6.x < 5.6.3 'donote' DoS CVE-2014-3710 14 Nov 2014 5 (v2) Medium Pass Cisco Wireless LAN Controller 802.11i Management Frame DoS CVE-2015-6311 20 Jul 2016 6.1 (v2) Medium Pass Symantec Messaging Gateway 10.x < 10.6.2 Multiple Vulnerabilities (SYM16-015) (SYM16-016) CVE-2016-5309 CVE-2016-5310 CVE-2016-5312 22 Sep 2016 6.5 (v3) Medium Pass Juniper Junos SRX Series Dynamic IPsec VPN DoS (JSA10620) CVE-2014-0612 14 Apr 2014 5 (v2) Medium Pass Citrix NetScaler Version Detection 10 Mar 2014 None Pass Webmin 1.890 - 1.920 Remote Command Execution (CVE-2019-15107, CVE-2019-15231) CVE-2019-15107 CVE-2019-15231 19 Aug 2019 9.8 (v3) Critical Pass Juniper Junos Kernel IGMP Flood DoS (JSA10618) CVE-2014-0614 14 Apr 2014 7.1 (v2) High Pass Apple iTunes < 11.0.3 Multiple Vulnerabilities (uncredentialed check) CVE-2012-2824 CVE-2012-2857 CVE-2012-3748 CVE-2012-5112 CVE-2013-0879 CVE-2013-0912 CVE-2013-0948 CVE-2013-0949 CVE-2013-0950 CVE-2013-0951 CVE-2013-0952 CVE-2013-0953 CVE-2013-0954 CVE-2013-0955 CVE-2013-0956 CVE-2013-0 17 May 2013 10 (v2) Critical 17

RELAYTO Endpoints Penetration Test Results - Page 17

RELAYTO Endpoints Penetration Test Results Page 16 Page 18