Operating System Unsupported Version Detection in banner reporting (PCI-DSS check)

critical Nessus Plugin ID 122403

Language:

Synopsis

The OS version reported in banners possesses one or more vulnerabilities.

Description

A service banner response from the remote host indicates an operating system install at a level that indicates the operating system running on the remote host is no longer supported.

Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it is likely to contain security vulnerabilities.

This plugin only runs when 'Check for PCI-DSS compliance' is enabled in the scan policy. It does not run if local security checks are enabled. It runs off of self-reported OS versions in banners and fingerprinting.

Solution

Upgrade to a version of the operating system that is currently supported.

Plugin Details

Severity: Critical

ID: 122403

File Name: os_banner_unsupported_operating_system.nasl

Version: 1.2

Type: remote

Family: Web Servers

Published: 2/22/2019

Updated: 11/6/2019

Supported Sensors: Nessus

Risk Information

CVSS Score Rationale: Default unsupported software score.

CVSS v2

Risk Factor: Critical

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: manual

CVSS v3

Risk Factor: Critical

Base Score: 10

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Vulnerability Information

Required KB Items: Settings/PCI_DSS

Excluded KB Items: Host/local_checks_enabled, Host/OS/obsolete

Detections

Analytics