The remote Windows host is missing security update 5040434. It is, therefore, affected by multiple vulnerabilities

  - RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any     valid Response (Access-Accept, Access-Reject, or Access-Challenge) to any other response using a chosen-     prefix collision attack against MD5 Response Authenticator signature. (CVE-2024-3596)

  - A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute     unauthorized arbitrary commands. (CVE-2024-30013, CVE-2024-38104)     Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

KB5040434: Windows 10 Version 1607 / Windows Server 2016 Security Update (July 2024)

critical Nessus Plugin ID 202043

Version 1.3