RELAYTO Penetration Test Results (37/101)

Pass Juniper Junos OS Vulnerability (JSA11129) CVE-2021-0234 15 Apr 2021 5.8 (v3) Medium Pass Juniper Junos OS Vulnerability (JSA11151) CVE-2021-0260 15 Apr 2021 7.3 (v3) High Pass Juniper Junos OS Vulnerability (JSA11133) CVE-2021-0238 15 Apr 2021 5.5 (v3) Medium Pass Juniper Junos OS Vulnerability (JSA11146) CVE-2021-0253 15 Apr 2021 7.8 (v3) High Pass Juniper Junos OS Vulnerability (JSA11130) CVE-2021-0235 15 Apr 2021 7.3 (v3) High Pass Cisco Catalyst 9200 Series Switches Jumbo Frame DoS (cisco-sa-JP-DOS-g5FfGm8y) CVE-2020-3527 23 Apr 2021 8.6 (v3) High Pass Cisco NX-OS Precision Time Protocol (PTP) Denial of Service Vulnerability CVE-2018-0378 17 Sep 2019 8.6 (v3) High Pass Cisco NX-OS Software Call Home Command Injection (cisco-sa-callhome-cmdinj-zkxzSCY) CVE-2020-3454 03 Sep 2020 7.2 (v3) High Pass Cisco NX-OS Software 802.1X Extensible Authentication Protocol over LAN Denial of Service VulnerabilityCVE-2019-1594 10 Jul 2019 7.4 (v3) High Pass WordPress Plugin Detection 20 Jul 2017 None Pass Jenkins Enterprise and Operations Center < 2.249.33.0.1 / 2.277.42.0.1 / 2.303.2.5 Multiple Vulnerabilities (CloudBees Security Advisory 2021-10-06)CVE-2014-3577 CVE-2021-21682 CVE-2021-21683 CVE-2021-21684 22 Nov 2021 6.5 (v3) Medium Pass ThinkPHP < 5.0.24 RCE CVE-2019-9082 10 Dec 2021 8.8 (v3) High Pass Cisco IOS XE Software Errdisable Vulnerabilities (cisco-sa-20180926-errdisable) CVE-2018-0480 05 Oct 2018 6.1 (v3) Medium Pass Cisco IOS XE Software IPsec DoS Vulnerability (cisco-sa-20180926-ipsec) CVE-2018-0472 05 Oct 2018 8.6 (v3) High Pass Cisco IOS XE Software IPv6 Hop-by-Hop DoS Vulnerability (cisco-sa-20180926-ipv6hbh) CVE-2018-0467 05 Oct 2018 8.6 (v3) High Pass Cisco IOS XE Software Command Injection Vulnerabilities (cisco-sa-20180926-iosxe-cmdinj) CVE-2018-0477 CVE-2018-0481 05 Oct 2018 6.7 (v3) Medium Pass VMware vCenter Server Virtual SAN Health Check plug-in RCE (CVE-2021-21985) (direct check) CVE-2021-21985 03 Jun 2021 9.8 (v3) Critical Pass GitLab SSRF (CVE-2021-22214) CVE-2021-22214 11 Aug 2021 8.6 (v3) High Pass Nagios XI < 5.8.5 Multiple Vulnerabilities CVE-2021-33177 CVE-2021-33179 CVE-2021-36363 CVE-2021-36364 CVE-2021-36365 CVE-2021-36366 CVE-2021-37343 CVE-2021-37345 CVE-2021-37347 CVE-2021-37348 CVE-2021-37349 CVE-2021-37350 CVE-2021-37351 CVE-2021-3735224 Sep 2021 9.8 (v3) Critical Pass ManageEngine EventLog Analyzer < Build 12201 REST API Restriction Bypass RCE CVE-2021-40539 04 Oct 2021 9.8 (v3) Critical Pass Oracle E-Business Multiple Vulnerabilities (January 2015 CPU) CVE-2014-6525 CVE-2014-6556 CVE-2014-6572 CVE-2014-6581 CVE-2014-6582 CVE-2014-6583 CVE-2015-0380 CVE-2015-0393 CVE-2015-0404 CVE-2015-041523 Jan 2015 6.4 (v2) Medium Pass Apache Log4Shell RCE detection via Path Enumeration (Direct Check HTTP) CVE-2021-44228 12 Dec 2021 10 (v3) Critical Pass Apache Log4Shell RCE detection via callback correlation (Direct Check IMAP) CVE-2021-44228 17 Dec 2021 10 (v3) Critical Pass VMware Horizon Log4Shell Direct Check (CVE-2021-44228) (VMSA-2021-0028) CVE-2021-44228 07 Jan 2022 10 (v3) Critical Pass Cisco Small Business Wireless Access Point Web Detection 10 Jan 2022 None Pass Oracle E-Business Multiple Vulnerabilities (April 2015 CPU) CVE-2015-0447 CVE-2015-0504 CVE-2015-2565 16 Apr 2015 4.3 (v2) Medium Pass Atlassian Jira < 8.19.0 Broken Access Control (JRASERVER-72737) CVE-2021-39119 27 Jan 2022 5.3 (v3) Medium Pass Microsoft Windows 10 Version 20H2 Unsupported Version Detection 07 Jun 2022 10 (v3) Critical Pass Tenable Nessus 10.x < 10.1.1 / 8.x < 8.15.3 Third-Party Vulnerabilities (TNS-2022-05) CVE-2021-45960 CVE-2021-46143 CVE-2022-22822 CVE-2022-22823 CVE-2022-22824 CVE-2022-22825 CVE-2022-22826 CVE-2022-22827 CVE-2022-23852 CVE-2022-2399008 Feb 2022 9.8 (v3) Critical Pass Western Digital MyCloud Web Interface Detection 10 Jan 2018 None Pass Oracle GoldenGate Manager Version Detection 05 Jun 2017 None Pass Splunk Enterprise 8.1.x < 8.1.7.2 / 8.2.x < 8.2.3.3 Log4j CVE-2021-44228 CVE-2021-45046 25 Feb 2022 10 (v3) Critical Pass ESXi 6.5 / 6.7 / 7.0 Multiple Vulnerabilities (VMSA-2022-0004) CVE-2021-22040 CVE-2021-22041 CVE-2021-22042 CVE-2021-22043 CVE-2021-22050 01 Mar 2022 7.8 (v3) High Pass Symantec pcAnywhere Default Accounts 17 Apr 2018 9.8 (v3) Critical Pass Huawei Versatile Routing Platform Version Detection 25 Jul 2014 None Pass Cisco Application Policy Infrastructure Controller Arbitrary File Read and Write (cisco-sa-capic-frw-Nt3RYxR2)CVE-2021-1577 10 Feb 2022 9.1 (v3) Critical Pass Cisco NX-OS Software MPLS OAM DoS (cisco-sa-nxos-mpls-oam-dos-sGO9x5GM) CVE-2021-1588 11 Feb 2022 8.6 (v3) High Pass Oracle E-Business Multiple Vulnerabilities (April 2016 CPU) CVE-2016-0697 CVE-2016-3434 CVE-2016-3436 CVE-2016-3437 CVE-2016-3439 CVE-2016-3447 CVE-2016-3466 20 Apr 2016 9.1 (v3) Critical Pass Apache APISIX HTTP Detection 20 Apr 2022 None Pass GitLab < 14.3.6 / 14.4.x < 14.4.4 / 14.5.x < 14.5.2 Invalid Authorization CVE-2022-0549 14 Mar 2022 6.5 (v3) Medium Pass Juniper Junos OS Vulnerability (JSA11189) CVE-2021-0287 15 Mar 2022 6.5 (v3) Medium Pass SSL Certiﬁcate Signed Using Weak Hashing Algorithm (Known CA) CVE-2004-2761 08 Dec 2016 None Pass MySQL Enterprise Monitor (MEM) Web Detection 07 Jun 2010 None Pass Juniper Junos OS Buﬀer Overﬂow (JSA11142) CVE-2021-0249 24 May 2021 9.8 (v3) Critical Pass SSL Certiﬁcate Signed Using Weak Hashing Algorithm CVE-2004-2761 05 Jan 2009 7.5 (v3) High Pass mDNS Detection (Remote Network) 28 Apr 2004 5 (v2) Medium Pass Juniper Junos OS Vulnerability (JSA11164) CVE-2021-0273 15 Apr 2021 5.3 (v3) Medium Pass Juniper Junos OS Vulnerability (JSA11140) CVE-2021-0247 15 Apr 2021 5.5 (v3) Medium Pass IBM DB2 Unsupported Version Detection 26 Jul 2011 10 (v2) Critical Pass Cisco IOS XE Version 10 Jul 2013 None Pass IBM WebSphere Java Object Deserialization RCE CVE-2015-7450 02 Dec 2015 9.8 (v3) Critical Pass Nessus Unsupported Version Detection 16 Dec 2013 10 (v2) Critical Pass Apple iTunes < 12.11.3 Multiple Vulnerabilities (uncredentialed check) CVE-2020-7463 CVE-2021-1811 CVE-2021-1825 CVE-2021-1857 27 Apr 2021 6.5 (v3) Medium Pass Rockwell Automation MicroLogix 1400 PLC Default Credentials 20 Apr 2016 10 (v2) Critical Pass Cisco IOS XE Software IP Detail Record DoS (cisco-sa-20160928-ipdr) CVE-2016-6379 12 Nov 2019 7.5 (v3) High Pass Emerson SM-Ethernet Web Interface Default Credentials 01 Dec 2015 7.5 (v2) High Pass Cisco NX-OS Software IPv6 Netstack DoS (cisco-sa-nxos-ipv6-netstack-edXPGV7K) CVE-2021-1387 06 May 2021 8.6 (v3) High Pass Juniper Junos OS Information Disclosure (JSA11126) CVE-2021-0231 13 May 2021 6.5 (v3) Medium Pass Cisco Telepresence Management Suite Web Detection 10 Jul 2019 None Pass Cisco NX-OS Software IPv6 Access Control List Bypass (cisco-sa-ipv6-acl-CHgdYk8j) CVE-2021-1389 12 Feb 2021 6.5 (v3) Medium Pass FNET TCP/IP Stack - HTTP Detection 14 May 2021 None Pass Keil TCPnet TCP/IP Stack - HTTP Detection 14 May 2021 None Pass Sybase ASE Login Possible 16 Dec 2019 None Pass uIP/Contiki TCP/IP Stack - HTTP Detection 14 May 2021 None Pass Nut/Net TCP/IP Stack - HTTP Detection 14 May 2021 None Pass lwIP TCP/IP Stack - HTTP Detection 14 May 2021 None Pass emNet TCP/IP Stack - HTTP Detection 14 May 2021 None Pass Cisco Application Services Engine (ASE) Detection 14 May 2021 None Pass Cisco Nexus 9000 Series Fabric Switches ACI Mode Fabric Infrastructure VLAN Unauthorized Access (cisco-sa-n9kaci-unauth-access-5PWzDx2w)CVE-2021-1228 11 May 2021 6.5 (v3) Medium Pass CMX-TCP/IP Stack - HTTP Detection 17 May 2021 None Pass NicheStack TCP/IP Stack - HTTP Detection 17 May 2021 None Pass emNet TCP/IP Stack - FTP Detection 18 May 2021 None Pass CMX-TCP/IP Stack - FTP Detection 18 May 2021 None Pass Keil TCPnet TCP/IP Stack - FTP Detection 18 May 2021 None Pass Juniper Junos OS DoS (JSA11131) CVE-2021-0236 20 May 2021 6.5 (v3) Medium Pass Juniper Junos OS DoS (JSA11125) CVE-2021-0230 20 May 2021 7.5 (v3) High Pass Cisco Web Security Appliance Information Disclosure (cisco-sa-esa-wsa-sma-info-gY2AEz2H) CVE-2021-1516 21 May 2021 6.5 (v3) Medium Pass Cisco Email Security Appliance Information Disclosure (cisco-sa-esa-wsa-sma-info-gY2AEz2H) CVE-2021-1516 21 May 2021 6.5 (v3) Medium Pass Cisco FXOS, NX-OS, and UCS Manager Software Cisco Discovery Protocol DoS (cisco-sa-20180620-nxos-cdp)CVE-2018-0331 09 Jul 2020 6.5 (v3) Medium Pass iLO 3 < 1.65 / iLO 4 < 1.32 Multiple Vulnerabilities CVE-2013-4842 CVE-2013-4843 14 Feb 2019 6.1 (v3) Medium Pass Cisco FXOS and NX-OS Software Cisco Discovery Protocol Arbitrary Code Execution (cisco-sa-20180620-fxnxos-dos)CVE-2018-0303 09 Jul 2020 8.8 (v3) High Pass Cisco FXOS and NX-OS Software Cisco Discovery Protocol Arbitrary Code Execution (cisco-sa-20180620-fxnxos-dos)CVE-2018-0303 09 Jul 2020 8.8 (v3) High Pass Cisco FXOS, NX-OS, and UCS Manager Software Cisco Discovery Protocol DoS (cisco-sa-20180620-nxos-cdp)CVE-2018-0331 09 Jul 2020 6.5 (v3) Medium Pass iLO 3 < 1.50 / iLO 4 < 1.13 Information Disclosure Vulnerability CVE-2012-3271 14 Feb 2019 7.5 (v3) High Pass Cisco NX-OS Software Role-Based Access Control Elevated Privileges (cisco-sa-20180620-nxosrbac) CVE-2018-0293 09 Jul 2020 8.8 (v3) High Pass iLO 3 < 1.85 / iLO 4 < 2.22 Denial of Service Vulnerability CVE-2015-5435 14 Feb 2019 5.3 (v3) Medium Pass CoDeSys Unprotected Gateway Service 11 Mar 2013 7.5 (v2) High Pass Cisco IOS XE Software Privilege Escalation (cisco-sa-XE-FSM-Yj8qJbJc) CVE-2021-1391 29 Mar 2021 6.7 (v3) Medium Pass Cisco IOS Software for Industrial Routers Virtual LPWA Unauthorized Access (cisco-sa-ios-lpwa-access-cXsD7PRA)CVE-2020-3426 02 Apr 2021 9.1 (v3) Critical Pass iLO 5 < 1.40 Cross Site Scripting (XSS) Vulnerability CVE-2018-7117 17 Apr 2019 6.1 (v3) Medium Pass iLO 3 < 1.90 / iLO 4 < 2.61 / iLO 5 < 1.35 Remote Code Execution Vulnerability (HPESBHF03866) CVE-2018-7105 27 Mar 2020 7.2 (v3) High Pass Cisco NX-OS Software CLI Arbitrary Command Execution (cisco-sa-20180620-nx-os-cli-execution) CVE-2018-0306 09 Jul 2020 7.8 (v3) High Pass OS Identiﬁcation : SSH 21 May 2007 None Pass iLO 4 < 2.60 / iLO 5 < 1.30 Multiple Vulnerabilities CVE-2018-7078 CVE-2018-7101 08 Feb 2019 7.2 (v3) High Pass HP iLO 4 <= 2.52 RCE CVE-2017-12542 28 Aug 2017 10 (v3) Critical Pass MySQL 8.0.x < 8.0.16 Multiple Vulnerabilities (Apr 2019 CPU) (Jul 2019 CPU) CVE-2019-1559 CVE-2019-2566 CVE-2019-2580 CVE-2019-2581 CVE-2019-2584 CVE-2019-2585 CVE-2019-2587 CVE-2019-2589 CVE-2019-2592 CVE-2019-2593 CVE-2019-2596 CVE-2019-2606 CVE-2019-2607 CVE-2019-2614 CVE-2019-2617 CVE-2019-2620 CVE-2019-2623 CVE-2019-2624 CVE-2019-2625 CVE-2019-2626 CVE-2019-2627 CVE-2019-2628 CVE-2019-2630 CVE-2019-2631 CVE-2019-2632 CVE-2019-2634 CVE-2019-2635 CVE-2019-2636 CVE-2019-2644 CVE-2019-2681 CVE-2019-2683 CVE-2019-2685 CVE-2019-2686 CVE-2019-2687 CVE-2019-2688 CVE-2019-2689 CVE-2019-2691 CVE-2019-2693 CVE-2019-2694 CVE-2019-2695 CVE-2019-2755 CVE-2019-2798 CVE-2019-3822 CVE-2018-16890 CVE-2019-382318 Apr 2019 9.8 (v3) Critical Pass HSTS Missing From HTTPS Server (RFC 6797) 17 Nov 2020 6.5 (v3) Medium Pass Cisco Web Security Appliance XSS (cisco-sa-wsa-xss-mVjOWchB) CVE-2021-1490 13 May 2021 6.1 (v3) Medium Pass iLO 2 <= 2.23 Denial of Service Vulnerability CVE-2014-2601 18 Feb 2019 7.5 (v3) High Pass Cisco Firepower Threat Defense Software IP Fragment Memory Leak (cisco-sa-asaftd-frag-memleak-mCtqdP9n)CVE-2020-3373 24 May 2021 8.6 (v3) High Pass Schneider Electric C-Gate Detection 26 May 2021 None Pass Juniper Junos OS Multiple DoS Vulnerabilities (JSA11167) CVE-2019-9511 CVE-2019-9512 CVE-2019-9513 CVE-2019-9514 CVE-2019-9515 CVE-2019-9516 CVE-2019-9517 CVE-2019-9518 26 May 2021 7.5 (v3) High Pass Cisco Nexus 9000 Series Fabric Switches ACI Mode BGP Route Installation DoS (cisco-sa-n9kaci-bgp-De9dPKSK)CVE-2021-1230 26 May 2021 7.5 (v3) High Pass Nagios XI < 5.7.5 Multiple Vulnerabilities CVE-2020-28648 CVE-2020-28906 28 May 2021 8.8 (v3) High Pass Nagios XI < 5.7 Code Injection CVE-2021-3273 28 May 2021 7.2 (v3) High Pass Nagios XI < 5.8 Privilege Escalatioon CVE-2020-28910 28 May 2021 9.8 (v3) Critical Pass EMC RSA Archer < 6.6.0.6 and < 6.7.0.3 authorization bypass CVE-2020-5333 21 Aug 2020 4.3 (v3) Medium Pass EMC RSA Archer < 6.5.0.7, < 6.6.0.6 and < 6.7.0.1 Multiple Vulnerabilities CVE-2020-5336 CVE-2020-5337 21 Aug 2020 6.1 (v3) Medium Pass EMC RSA Archer < 6.7.0.3 Multiple Vulnerabilities CVE-2020-5331 CVE-2020-5332 08 May 2020 7.2 (v3) High Pass EMC RSA Archer < 6.5.0.7, < 6.6.0.6 and < 6.7.0.2 Multiple Vulnerabilities CVE-2020-5334 CVE-2020-5335 21 Aug 2020 8.8 (v3) High Pass EMC RSA Archer 6.8 < 6.8.0.4 / 6.9 < 6.9.0.1 URL Injection CVE-2020-26884 02 Dec 2020 6.1 (v3) Medium Pass VMware ESXi Multiple OpenSSL Vulnerabilities (VMSA-2014-0004) (Heartbleed) CVE-2014-0076 CVE-2014-0160 30 Dec 2015 7.5 (v3) High 37

RELAYTO Penetration Test Results - Page 37

RELAYTO Penetration Test Results Page 36 Page 38