The remote Windows host is missing security update 5040456. It is, therefore, affected by multiple vulnerabilities

  - RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any     valid Response (Access-Accept, Access-Reject, or Access-Challenge) to any other response using a chosen-     prefix collision attack against MD5 Response Authenticator signature. (CVE-2024-3596)

  - A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute     unauthorized arbitrary commands. (CVE-2024-38104)


Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

KB5040456: Windows Server 2012 R2 Security Update (July 2024)

critical Nessus Plugin ID 202034

Version 1.4

Version 1.3

Version 1.2

Version 1.1

Version 1.4 Jul 12, 2024, 1:38 PM IAVM reference STIG Severity (set to "I") Plugin Feed: 202407121338
Version 1.3 Jul 10, 2024, 6:14 PM CISA reference CVSS temporal metrics ("CVSSv2 temporal vector" set to "CVSS2#E:F/RL:OF/RC:C") CVSS temporal metrics ("CVSSv3 temporal vector" set to "CVSS:3.0/E:F/RL:O/RC:C") CVSSv2 score source (changed from "CVE-2024-38104" to "CVE-2024-38077") Exploit attributes ("Exploit available" set to "True") Exploit attributes ("Exploitability ease" changed from "No known exploits are available" to "Exploits are available") Plugin Feed: 202407101814
Version 1.2 Jul 10, 2024, 7:57 AM CVSS temporal metrics ("CVSSv2 temporal vector" set to "CVSS2#E:F/RL:OF/RC:C") CVSS temporal metrics ("CVSSv3 temporal vector" set to "CVSS:3.0/E:F/RL:O/RC:C") CVSSv2 score source (changed from "CVE-2024-38104" to "CVE-2024-38077") Exploit attributes ("Exploit available" set to "True") Exploit attributes ("Exploitability ease" changed from "No known exploits are available" to "Exploits are available") Plugin Feed: 202407100757
Version 1.1 Jul 9, 2024, 9:54 PM New Plugin Feed: 202407092154