Detections
Analytics

Ncat TLS Listener

critical Nessus Plugin ID 122316

Language:

Synopsis

The remote host may have been compromised.

Description

This host seems to be running an instance of Ncat that is listening over TLS. Ncat is an open source networking tool that can be used as a backdoor to allow unauthorized entry and control of the remote host

An attacker may use it to steal your passwords, modify your data, and prevent you from working properly.

Solution

Reinstall your operating system or restore your system from known clean backups.

Plugin Details

Severity: Critical

ID: 122316

File Name: ncat_tls_listener.nasl

Version: 1.3

Type: remote

Family: Backdoors

Published: 2/19/2019

Updated: 2/11/2022

Supported Sensors: Nessus

Risk Information

CVSS Score Rationale: The presence of a backdoor is an indicator of complete system compromise.

CVSS v2

Risk Factor: Critical

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: manual

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H