RELAYTO Penetration Test Results (18/101)

Pass Juniper NSM < 2012.2R9 Apache HTTP Server Multiple Vulnerabilities (JSA10685) (credentialed check) CVE-2008-0456 CVE-2012-2687 CVE-2012-3499 CVE-2012-4558 CVE-2013-1862 CVE-2013-1896 CVE-2013-6438 CVE-2014-0098 CVE-2014-0118 CVE-2014-0226 CVE-2014-023120 Jul 2015 6.8 (v2) Medium Pass Juniper Junos MX and T4000 Series MPC Reboot DoS (JSA10621) CVE-2014-2713 14 Apr 2014 5 (v2) Medium Pass Cisco UCS Director Authentication Bypass (cisco-sa-20190821-imcs-ucs-cmdinj) CVE-2019-1936 24 Sep 2019 7.2 (v3) High Pass Unsupported Brocade Fabric OS 17 Apr 2014 10 (v2) Critical Pass Kibana ESA-2018-14 CVE-2018-3830 24 Sep 2018 6.1 (v3) Medium Pass ISC BIND Service Downgrade / Reﬂected DoS CVE-2020-8616 22 May 2020 8.6 (v3) High Pass Citrix NetScaler Gateway XSS (CTX140291) CVE-2014-1899 15 May 2014 4.3 (v2) Medium Pass McAfee Web Gateway OpenSSL Information Disclosure (SB10071) (Heartbleed) CVE-2014-0160 02 May 2014 7.5 (v3) High Pass Citrix NetScaler Multiple Vulnerabilities (CTX140651) CVE-2014-2881 CVE-2014-2882 15 May 2014 10 (v2) Critical Pass Apple TV < 6.1 Multiple Vulnerabilities CVE-2012-2088 CVE-2013-2909 CVE-2013-2926 CVE-2013-2928 CVE-2013-5196 CVE-2013-5197 CVE-2013-5198 CVE-2013-5199 CVE-2013-5225 CVE-2013-5228 CVE-2013-6625 CVE-2013-6629 CVE-2013-6635 CVE-2014-1267 CVE-2014-1269 CVE-2014-1270 CVE-2014-1271 CVE-2014-1272 CVE-2014-1273 CVE-2014-1275 CVE-2014-1278 CVE-2014-1279 CVE-2014-1280 CVE-2014-1282 CVE-2014-1287 CVE-2014-1289 CVE-2014-1290 CVE-2014-1291 CVE-2014-1292 CVE-2014-1293 CVE-2014-129412 Mar 2014 7.5 (v2) High Pass Cisco IOS XR Software IPv6 Malformed Packet DoS (cisco-sa-20140611-ipv6) CVE-2014-2176 30 Jun 2014 7.1 (v2) High Pass Puppet Enterprise < 2015.3.0 Information Disclosure Vulnerability CVE-2015-8470 09 Oct 2019 6.5 (v3) Medium Pass Puppet Enterprise < 2015.3.1 Information Disclosure Vulnerability CVE-2015-8470 09 Oct 2019 6.5 (v3) Medium Pass IBM Tivoli Storage Manager FastBack 6.1.x < 6.1.12.1 Multiple Vulnerabilities CVE-2015-4931 CVE-2015-4932 CVE-2015-4933 CVE-2015-4934 CVE-2015-4935 06 Aug 2015 10 (v2) Critical Pass macOS 10.12.x < 10.12.5 Multiple Vulnerabilities CVE-2017-2494 CVE-2017-2497 CVE-2017-2501 CVE-2017-2502 CVE-2017-2503 CVE-2017-2507 CVE-2017-2509 CVE-2017-2512 CVE-2017-2513 CVE-2017-2516 CVE-2017-2518 CVE-2017-2519 CVE-2017-2520 CVE-2017-2524 CVE-2017-2527 CVE-2017-2533 CVE-2017-2534 CVE-2017-2535 CVE-2017-2537 CVE-2017-2540 CVE-2017-2541 CVE-2017-2542 CVE-2017-2543 CVE-2017-2545 CVE-2017-2546 CVE-2017-2548 CVE-2017-6977 CVE-2017-6978 CVE-2017-6979 CVE-2017-6981 CVE-2017-6983 CVE-2017-6985 CVE-2017-6986 CVE-2017-6987 CVE-2017-6988 CVE-2017-6990 CVE-2017-6991 CVE-2017-7000 CVE-2017-7001 CVE-2017-7002 CVE-2017-7003 CVE-2017-700418 May 2017 7.8 (v3) High Pass McAfee Web Gateway < 7.3.2.2 DoS (SB10052) CVE-2013-4854 18 Jun 2014 7.8 (v2) High Pass IBM InfoSphere IGC Multiple Vulnerabilities CVE-2017-1350 CVE-2018-1432 CVE-2018-1454 08 Jun 2018 7.8 (v3) High Pass Puppet Enterprise 2018.x < 2018.1.1 Code Execution Vulnerability CVE-2018-6512 09 Oct 2019 9.8 (v3) Critical Pass Elasticsearch ESA-2017-10 CVE-2017-8442 22 Aug 2018 6.5 (v3) Medium Pass SuperMicro IPMI PSBlock File Plaintext Password Disclosure 25 Jun 2014 9.8 (v3) Critical Pass EMC RSA Archer 6.x < 6.4.10500.1006 Authorization Bypass Vulnerability CVE-2018-15780 10 Jan 2019 6.5 (v3) Medium Pass Citrix NetScaler nsconﬁgd Remote DoS (CTX139017) CVE-2013-6011 26 Jun 2014 7.8 (v2) High Pass Juniper Junos SRX Series SIP ALG Remote DoS (JSA10633) CVE-2014-3815 15 Jul 2014 7.8 (v2) High Pass Juniper Junos CLI Privilege Escalation (JSA10634) CVE-2014-3816 15 Jul 2014 7.2 (v2) High Pass Juniper Junos SRX Series NAT IPv6 to IPv4 Remote DoS (JSA10635) CVE-2014-3817 15 Jul 2014 7.8 (v2) High Pass OpenSSL 1.1.0 < 1.1.0j Multiple Vulnerabilities CVE-2018-0734 CVE-2018-0735 25 Jan 2019 5.9 (v3) Medium Pass Cisco Prime Infrastructure Cross-Site Scripting Vulnerability (cisco-sa-20190123-cpi-xss) CVE-2019-1643 20 Feb 2019 6.1 (v3) Medium Pass Juniper Junos SRX Series Web Authentication XSS (JSA10640) CVE-2014-3821 15 Jul 2014 4.3 (v2) Medium Pass Juniper Junos SRX Series NAT IPv6 to IPv4 Remote DoS (JSA10641) CVE-2014-3822 15 Jul 2014 5.4 (v2) Medium Pass Apple iTunes < 12.2 Multiple Vulnerabilities (uncredentialed check) CVE-2014-3192 CVE-2014-4452 CVE-2014-4459 CVE-2014-4466 CVE-2014-4468 CVE-2014-4469 CVE-2014-4470 CVE-2014-4471 CVE-2014-4472 CVE-2014-4473 CVE-2014-4474 CVE-2014-4475 CVE-2014-4476 CVE-2014-4477 CVE-2014-4479 CVE-2015-1068 CVE-2015-1069 CVE-2015-1070 CVE-2015-1071 CVE-2015-1072 CVE-2015-1073 CVE-2015-1074 CVE-2015-1075 CVE-2015-1076 CVE-2015-1077 CVE-2015-1078 CVE-2015-1079 CVE-2015-1080 CVE-2015-1081 CVE-2015-1082 CVE-2015-1083 CVE-2015-1119 CVE-2015-1120 CVE-2015-1121 CVE-2015-1122 CVE-2015-1124 CVE-2015-1152 CVE-2015-1153 CVE-2015-115426 Oct 2015 7.5 (v2) High Pass Citrix NetScaler Multiple Vulnerabilities (CTX140863) CVE-2014-4346 CVE-2014-4347 30 Jul 2014 5 (v2) Medium Pass Apple TV < 11.4 Multiple Vulnerabilities CVE-2018-4188 CVE-2018-4190 CVE-2018-4192 CVE-2018-4198 CVE-2018-4199 CVE-2018-4200 CVE-2018-4201 CVE-2018-4204 CVE-2018-4206 CVE-2018-4211 CVE-2018-4214 CVE-2018-4218 CVE-2018-4222 CVE-2018-4223 CVE-2018-4224 CVE-2018-4232 CVE-2018-4233 CVE-2018-4235 CVE-2018-4237 CVE-2018-4240 CVE-2018-4241 CVE-2018-4243 CVE-2018-4246 CVE-2018-4249 CVE-2018-538305 Jun 2018 7.8 (v3) High Pass Cisco IOS Software EnergyWise DoS (cisco-sa-20140806-energywise CVE-2014-3327 12 Aug 2014 7.5 (v3) High Pass Cisco IOS XR Software Static Punt Policer DoS (CSCun83985) CVE-2014-3308 07 Aug 2014 6.4 (v2) Medium Pass Cisco NX-OS Arbitrary File Read Vulnerability (CSCul05217 / CSCul23419) CVE-2013-6975 20 Aug 2014 4.6 (v2) Medium Pass Avirt Gateway Suite Telnet Proxy Arbitrary Command Execution CVE-2002-0134 21 Aug 2002 7.5 (v2) High Pass Cisco IOS Software Network Address Translation (NAT) ALG Module DoS (cisco-sa-20140924-nat) CVE-2014-3361 30 Sep 2014 7.1 (v2) High Pass Cisco IOS Software RSVP DoS (cisco-sa-20140924-rsvp) CVE-2014-3354 02 Oct 2014 7.8 (v2) High Pass Cisco Uniﬁed Communications Manager Multiple Arbitrary File Manipulation Vulnerabilities (CSCuo17199 / CSCuo17302)CVE-2014-3292 29 Sep 2014 5.4 (v3) Medium Pass HP Ignite-UX TFTP /etc/pass File Disclosure CVE-2004-0951 26 Aug 2005 5 (v2) Medium Pass pfSense < 2.2.5 Multiple Vulnerabilities (SA-15_08) CVE-2014-2653 CVE-2015-1283 CVE-2015-1416 CVE-2015-1418 CVE-2015-5600 CVE-2015-5675 CVE-2015-6563 CVE-2015-6564 CVE-2015-6565 CVE-2015-7691 CVE-2015-7692 CVE-2015-7701 CVE-2015-7702 CVE-2015-7703 CVE-2015-7704 CVE-2015-7705 CVE-2015-7803 CVE-2015-7804 CVE-2015-7848 CVE-2015-7849 CVE-2015-7850 CVE-2015-7851 CVE-2015-7852 CVE-2015-7853 CVE-2015-7854 CVE-2015-7855 CVE-2015-787131 Jan 2018 7.8 (v3) High Pass Juniper Junos SRX Series ALG 'ﬂowd' Remote DoS (JSA10650) CVE-2014-3825 14 Oct 2014 7.8 (v2) High Pass Oracle Application Express Listener Remote Information Disclosure Vulnerability (July 2012 CPU) CVE-2012-1740 07 Oct 2014 7.8 (v2) High Pass HPE Moonshot Provisioning Manager < 1.22 Multiple Vulnerabilities CVE-2017-8975 CVE-2017-8976 29 Jan 2018 9.8 (v3) Critical Pass Webmin chooser.cgi Cross-Site Scripting (< 1.330) CVE-2007-1276 22 Mar 2018 4.7 (v3) Medium Pass ManageEngine Desktop Central 9 < Build 92027 Multiple Vulnerabilities CVE-2018-8722 30 Mar 2018 6.1 (v3) Medium Pass Juniper Junos BGP UPDATE 'rpd' Remote DoS (JSA10653) CVE-2014-3818 14 Oct 2014 7.8 (v2) High Pass Juniper Junos RADIUS Security Bypass (JSA10654) CVE-2014-6379 14 Oct 2014 5.5 (v2) Medium Pass Cisco MDS 9000 VRRP DoS (CSCte27874) CVE-2013-5566 17 Oct 2014 5 (v2) Medium Pass HP Network Automation 9.x, 10.x < 10.00.022 / 10.1x.x < 10.11.03 / 10.20.x < 10.21.01 Multiple VulnerabilitiesCVE-2017-5810 CVE-2017-5811 CVE-2017-5812 CVE-2017-5813 CVE-2017-5814 12 May 2017 9.8 (v3) Critical Pass Apple TV < 10.2.1 Multiple Vulnerabilities CVE-2017-2499 CVE-2017-2501 CVE-2017-2502 CVE-2017-2504 CVE-2017-2505 CVE-2017-2507 CVE-2017-2513 CVE-2017-2515 CVE-2017-2518 CVE-2017-2519 CVE-2017-2520 CVE-2017-2521 CVE-2017-2524 CVE-2017-2525 CVE-2017-2530 CVE-2017-2531 CVE-2017-2536 CVE-2017-2549 CVE-2017-6979 CVE-2017-6980 CVE-2017-6984 CVE-2017-6987 CVE-2017-6989 CVE-2017-7003 CVE-2017-700517 May 2017 7.8 (v3) High Pass Palo Alto Networks PAN-OS < 5.0.14 / 5.1.x < 5.1.9 / 6.0.x < 6.0.4 OpenSSL MitM CVE-2014-0224 20 Oct 2014 6.8 (v2) Medium Pass Apple Time Capsule and AirPort Base Station Firmware < 7.5.2 (APPLE-SA-2010-12-16-1) CVE-2008-4309 CVE-2009-2189 CVE-2010-0039 CVE-2009-1574 CVE-2010-1804 17 Dec 2010 9.3 (v2) High Pass Sophos Web Appliance < 4.3.2 FTP Redirect Page Reﬂected XSS CVE-2017-9523 19 Jun 2017 6.1 (v3) Medium Pass WebChat deﬁnes.php WEBCHATPATH Parameter Remote File Inclusion CVE-2007-0485 03 Mar 2003 7.3 (v3) High Pass Sophos Web Appliance < 4.3.1 Multiple Remote Command Injection Vulnerabilities CVE-2016-9553 CVE-2016-9554 16 Jun 2017 7.2 (v3) High Pass Cisco Nexus 1000V Series Switches Arbitrary Command Execution Vulnerability (CSCui21340) CVE-2013-5556 04 Nov 2014 6.8 (v2) Medium Pass Check_MK < 1.4.0p6 webapi.py XSS CVE-2017-9781 28 Jun 2017 6.1 (v3) Medium Pass EMC RSA Authentication Manager < 8.2 SP1 Patch 2 Self-Service Console Brute-force PIN Disclosure (ESA-2017-084)CVE-2017-8006 20 Jul 2017 5.9 (v3) Medium Pass Plex Media Server < 1.19.3 Authenticated RCE CVE-2020-5741 11 Jun 2020 7.2 (v3) High Pass Palo Alto Networks PAN-OS < 5.0.15 / 5.1.x < 5.1.10 / 6.0.x < 6.0.6 XSS CVE-2014-3764 29 Dec 2014 4.3 (v2) Medium Pass Cisco Uniﬁed Communications Manager Unspeciﬁed SQL Injection (CSCup88089) CVE-2014-3366 02 Dec 2014 6.5 (v2) Medium Pass Apache Tomcat 7.0.0 < 7.0.104 Remote Code Execution CVE-2020-9484 22 May 2020 7 (v3) High Pass ESXi 6.5 < Build 5969300 Multiple Vulnerabilities (VMSA-2017-0015) (remote check) CVE-2017-4924 CVE-2017-4925 21 Sep 2017 8.8 (v3) High Pass Citrix NetScaler Unspeciﬁed Remote Unauthorized Access (CTX200254) CVE-2014-8580 12 Feb 2015 4.9 (v2) Medium Pass Schneider Electric InduSoft Web Studio < 8.0 SP2 Patch 1 Unspeciﬁed Remote Command Execution (LFSEC00000121)CVE-2017-13997 23 Oct 2017 9.8 (v3) Critical Pass OpenSSL 1.1.0 < 1.1.0g RSA/DSA Unspeciﬁed Carry Issue CVE-2017-3735 CVE-2017-3736 06 Nov 2017 5.3 (v3) Medium Pass Juniper Junos Fragmented OSPFv3 Packet DoS (JSA10668) CVE-2014-6385 23 Jan 2015 5.7 (v2) Medium Pass Juniper Junos BGP FlowSpec rpd DoS (JSA10670) CVE-2014-6386 23 Jan 2015 7.1 (v2) High Pass IBM BigFix Platform 9.x < 9.1.9 / 9.2.x < 9.2.9 / 9.5.x < 9.5.4 Multiple Vulnerabilities CVE-2016-6082 CVE-2016-6084 CVE-2016-6085 19 Jan 2017 10 (v3) Critical Pass Palo Alto Networks PAN-OS <= 5.0.15 / 6.0.x <= 6.0.8 / 6.1.x <= 6.1.2 GNU C Library (glibc) Buﬀer Overﬂow (GHOST)CVE-2015-0235 04 Feb 2015 7.6 (v2) High Pass Subversion < 1.0.3 apr_time_t data Conversion Remote Overﬂow CVE-2004-0397 08 Jun 2004 7.5 (v2) High Pass Ansible Tower 3.x.x < 3.7.2 / 3.8.0 Data Exposure CVE-2020-14337 07 Aug 2020 5.8 (v3) Medium Pass Acme thttpd < 2.26 Multiple Vulnerabilities CVE-2006-1078 CVE-2006-1079 CVE-2006-4248 14 Feb 2017 7.8 (v3) High Pass IBM Tivoli Storage Manager FastBack Server Opcode 1329 Information Disclosure CVE-2015-1941 07 Jun 2016 7.8 (v2) High Pass Cisco TelePresence Conductor SDP Media Description Vulnerability CVE-2015-0652 19 Mar 2015 7.8 (v2) High Pass HP Intelligent Management Center SOM Module ﬁlePath Information Disclosure CVE-2017-5797 13 Apr 2017 7.5 (v3) High Pass Cisco IOS Software TCP CIP DoS CVE-2015-0647 CVE-2015-0648 CVE-2015-0649 03 Apr 2015 7.5 (v3) High Pass Cisco IOS Software mDNS Gateway DoS CVE-2015-0650 03 Apr 2015 7.8 (v2) High Pass Cisco Nexus 9000 Series Platform Manager Service DoS CVE-2015-0686 09 Apr 2015 6.3 (v2) Medium Pass Juniper Junos SRX Series 'log-out-on-disconnect' Persistent Admin Access (JSA10672) CVE-2015-3002 15 Apr 2015 6.9 (v2) Medium Pass Juniper Junos X-Frame-Options Clickjacking (JSA10675) CVE-2015-3004 15 Apr 2015 4.3 (v2) Medium Pass Juniper Junos SRX Series Dynamic VPN XSS (JSA10677) CVE-2015-3005 15 Apr 2015 4.3 (v2) Medium Pass Juniper Junos QFX Low Entropy Vulnerability (JSA10678) CVE-2015-3006 15 Apr 2015 6.8 (v2) Medium Pass Juniper Junos Multiple Privilege Escalation Vulnerabilities (JSA10674) CVE-2015-3003 15 Apr 2015 6.9 (v2) Medium Pass Cisco TelePresence Server HTTP Parsing Engine DoS (cisco-sa-20160406-cts1) CVE-2015-6313 15 Apr 2016 7.5 (v3) High Pass Cisco NX-OS DHCP POAP Command Injection Vulnerability CVE-2015-0658 27 Apr 2015 7.9 (v2) High Pass HP Data Protector Multiple Vulnerabilities (HPSBMU03321 SSRT101677) CVE-2015-2116 23 Apr 2015 9.8 (v3) Critical Pass EMC RSA Authentication Manager < 8.1 SP1 Patch 14 Multiple Vulnerabilities CVE-2016-0900 CVE-2016-0901 CVE-2016-0902 13 May 2016 5.3 (v3) Medium Pass Palo Alto Networks PAN-OS < 5.0.16 / 6.0.x < 6.0.9 / 6.1.x < 6.1.3 XSS 26 May 2015 4.3 (v2) Medium Pass Eaton Network Shutdown Module Default Administrator Credentials 20 Jul 2012 7.5 (v2) High Pass Eaton Network Shutdown Module view_list.php paneStatusListSortBy Parameter eval() Call Remote PHP Code Execution 20 Jul 2012 10 (v2) Critical Pass Cisco APIC < 1.3(2f) Binary File Installation Handling Local Privilege Escalation CVE-2016-1420 21 Jun 2016 7.8 (v3) High Pass McAfee Agent Unsupported Version Detection 09 Jun 2015 10 (v3) Critical Pass Cisco Data Center Network Manager XSS (cisco-sa-dcnm-xss-3jkDLsLV) CVE-2020-3460 14 Aug 2020 6.1 (v3) Medium Pass Cisco IOS XE Software for 1000 Series Aggregation Services Routers H.323 DoS CVE-2015-0688 28 May 2015 7.1 (v2) High Pass Cisco NX-OS HSRP DoS (CSCup11309) CVE-2014-3295 30 May 2015 4.8 (v2) Medium Pass Juniper Junos SRX Series Network Security Daemon DoS (JSA10692) CVE-2015-5363 15 Jul 2015 5 (v2) Medium Pass Juniper Junos LAST_ACK State DoS (JSA10686) CVE-2015-5358 04 Aug 2015 7.1 (v2) High Pass Juniper Junos BGP-VPLS Advertisements RPD DoS (JSA10687) CVE-2015-5359 04 Aug 2015 7.1 (v2) High Pass Juniper Junos IPv6 sendd DoS (JSA10688) CVE-2015-5360 04 Aug 2015 5 (v2) Medium Pass Cisco Data Center Network Manager Path Traversal (cisco-sa-dcnm-path-trav-2xZOnJdR) CVE-2020-3383 12 Aug 2020 8.8 (v3) High Pass OpenSSL 1.1.0a read_state_machine() Function Message Handling RCE CVE-2016-6309 28 Sep 2016 9.8 (v3) Critical Pass Namazu < 2.0.14 Multiple Vulnerabilities CVE-2004-1318 23 Dec 2004 7.5 (v2) High Pass Junos Operating System On Extended Support 07 Aug 2015 None Pass W3 Total Cache Plugin For WordPress Cache Key XSS CVE-2014-8724 15 Jan 2015 4.3 (v2) Medium Pass IBM WebSphere Application Server 7.0 < Fix Pack 19 Multiple Vulnerabilities CVE-2011-1355 CVE-2011-1356 CVE-2011-1359 CVE-2011-1362 CVE-2011-1411 19 Sep 2011 5.8 (v2) Medium Pass Symantec Endpoint Protection Manager < 12.1 RU6 MP1 Multiple Vulnerabilities (SYM15-007) CVE-2015-1486 CVE-2015-1487 CVE-2015-1489 13 Aug 2015 8.5 (v2) High Pass OpenSSL 1.0.0 < 1.0.0p Multiple Vulnerabilities (FREAK) CVE-2014-3569 CVE-2014-3570 CVE-2014-3571 CVE-2014-3572 CVE-2014-8275 CVE-2015-0204 CVE-2015-0205 CVE-2015-0206 16 Jan 2015 5 (v2) Medium Pass Xerox WorkCentre 6400 OpenSSL RSA Temporary Key Handling EXPORT_RSA Ciphers Downgrade MitM (XRX15AP) (FREAK)CVE-2015-0204 11 Dec 2015 4.3 (v2) Medium Pass Cisco Prime Collaboration Assurance Default 'cmuser' Credentials (cisco-sa-20151209-pca) CVE-2015-6389 18 Dec 2015 8.6 (v3) High Pass Fortinet FortiOS SSH Undocumented Interactive Login Vulnerability CVE-2016-1909 13 Jan 2016 9.8 (v3) Critical 18

RELAYTO Penetration Test Results - Page 18

RELAYTO Penetration Test Results Page 17 Page 19