Network Vulnerability Scanner Report (Light)

Unlock the full capabilities of this scanner

See what the DEEP scanner can do

Perform in-depth scanning and detect a wider range of vulnerabilities.

Scanner capabilities Light scan Deep scan

Open ports detection  

Version based vulnerability detection  

Active vulnerability detection (57000+ plugins)  

Find service misconfigurations  
Detect missing security patches  

 143.0.14.121

The Light Network Scanner only ran limited, version-based detection. Upgrade to run Deep scans that check for 20,000+ additional
vulnerabilities - with fewer False Positives

Summary

Overall risk level: Risk ratings: Scan information:

High Critical: 0 Start time: Apr 25, 2025 / 14:23:41 UTC+03
High: 1 Finish time: Apr 25, 2025 / 14:24:02 UTC+03
Medium: 2 Scan duration: 21 sec

Low: 1 Tests performed: 8/8

Info: 4 Scan status: Finished

Findings

 Vulnerabilities found for Openssh 7.4 UNCONFIRMED 

port 22/tcp

Risk
CVSS CVE Summary Exploit
level

The PKCS#11 feature in ssh-agent in OpenSSH before 9.3p2 has an

insufficiently trustworthy search path, leading to remote code execution if an
 9.8 CVE-2023-38408 agent is forwarded to an attacker-controlled system. (Code in /usr/lib is not N/A
necessarily safe for loading into ssh-agent.) NOTE: this issue exists because
of an incomplete fix for CVE-2016-10009.

scp in OpenSSH through 8.3p1 allows command injection in the scp.c

toremote function, as demonstrated by backtick characters in the destination
 6.8 CVE-2020-15778 argument. NOTE: the vendor reportedly has stated that they intentionally omit N/A
validation of "anomalous argument transfers" because that could "stand a
great chance of breaking existing workflows."

1/6
 A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option is
enabled. A machine-in-the-middle attack can be performed by a malicious
machine impersonating a legit server. This issue occurs due to how OpenSSH
 6.8 CVE-2025-26465 mishandles error codes in specific conditions when verifying the host key. For N/A
an attack to be considered successful, the attacker needs to manage to
exhaust the client's memory resource first, turning the attack complexity high.

In ssh in OpenSSH before 9.6, OS command injection might occur if a user

name or host name has shell metacharacters, and this name is referenced by
 6.5 CVE-2023-51385 an expansion token in certain situations. For example, an untrusted Git N/A
repository can have a submodule with shell metacharacters in a user name or
host name.

The SSH transport protocol with certain OpenSSH extensions, found in

OpenSSH before 9.6 and other products, allows remote attackers to bypass
integrity checks such that some packets are omitted (from the extension
negotiation message), and a client and server may consequently end up with
a connection for which some security features have been downgraded or
disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet
Protocol (BPP), implemented by these extensions, mishandles the handshake
phase and mishandles use of sequence numbers. For example, there is an
effective attack against SSH's use of ChaCha20-Poly1305 (and CBC with
Encrypt-then-MAC). The bypass occurs in chacha20-poly1305@openssh.com
and (if CBC is used) the -etm@openssh.com MAC algorithms. This also
affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear
through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80,
AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, libssh before
 5.9 CVE-2023-48795 N/A
0.10.6, libssh2 through 1.11.0, Thorn Tech SFTP Gateway before 3.4.6, Tera
Term before 5.1, Paramiko before 3.4.0, jsch before 0.2.15, SFTPGo before
2.5.6, Netgate pfSense Plus through 23.09.1, Netgate pfSense CE through
2.7.2, HPN-SSH through 18.2.0, ProFTPD before 1.3.8b (and before 1.3.9rc2),
ORYX CycloneSSH before 2.3.4, NetSarang XShell 7 before Build 0144,
CrushFTP before 10.6.0, ConnectBot SSH library before 2.2.22, Apache MINA
sshd through 2.11.0, sshj through 0.37.0, TinySSH through 20230101, trilead-
ssh2 6401, LANCOM LCOS and LANconfig, FileZilla before 3.66.4, Nova
before 11.8, PKIX-SSH before 14.4, SecureCRT before 9.4.3, Transmit5 before
5.10.4, Win32-OpenSSH before 9.5.0.0p1-Beta, WinSCP before 6.2.2, Bitvise
SSH Server before 9.32, Bitvise SSH Client before 9.33, KiTTY through
0.76.1.13, the net-ssh gem 7.2.0 for Ruby, the mscdex ssh2 module before
1.15.0 for Node.js, the thrussh library before 0.35.1 for Rust, and the Russh
crate before 0.40.2 for Rust.

An issue was discovered in OpenSSH 7.9. Due to the scp implementation

being derived from 1983 rcp, the server chooses which files/directories are
sent to the client. However, the scp client only performs cursory validation of
the object name returned (only directory traversal attacks are prevented). A
 5.8 CVE-2019-6111 EDB-ID:46193
malicious scp server (or Man-in-The-Middle attacker) can overwrite arbitrary
files in the scp client target directory. If recursive operation (-r) is performed,
the server can manipulate subdirectories as well (for example, to overwrite
the .ssh/authorized_keys file).

The process_open function in sftp-server.c in OpenSSH before 7.6 does not

 5 CVE-2017-15906 properly prevent write operations in readonly mode, which allows attackers to N/A
create zero-length files.

OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not

EDB-ID:45210
delaying bailout for an invalid authenticating user until after the packet
 5 CVE-2018-15473 EDB-ID:45233
containing the request has been fully parsed, related to auth2-gss.c, auth2-
EDB-ID:45939
hostbased.c, and auth2-pubkey.c.

Remotely observable behaviour in auth-gss2.c in OpenSSH through 7.8 could

be used by remote attackers to detect existence of users on a target system
 5 CVE-2018-15919 when GSS2 is in use. NOTE: the discoverer states 'We understand that the N/A
OpenSSH developers do not want to treat such a username enumeration (or
"oracle") as a vulnerability.'

sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default
configurations are used, allows privilege escalation because supplemental
groups are not initialized as expected. Helper programs for
 4.4 CVE-2021-41617 N/A
AuthorizedKeysCommand and AuthorizedPrincipalsCommand may run with
privileges associated with group memberships of the sshd process, if the
configuration specifies running the command as a different user.

2/6
 The client side in OpenSSH 5.7 through 8.4 has an Observable Discrepancy
leading to an information leak in the algorithm negotiation. This allows man-in-
 4.3 CVE-2020-14145 the-middle attackers to target initial connection attempts (where no host key N/A
for the server has been cached by the client). NOTE: some reports state that
8.5 and 8.6 are also affected.

OpenSSH through 8.7 allows remote attackers, who have a suspicion that a
certain combination of username and public key is known to an SSH server, to
 4.3 CVE-2016-20012 test whether this suspicion is correct. This occurs because a challenge is sent N/A
only when that combination could be valid for a login session. NOTE: the
vendor does not recognize user enumeration as a vulnerability for this product

An issue was discovered in OpenSSH 7.9. Due to missing character encoding

in the progress display, a malicious server (or Man-in-The-Middle attacker)
 4 CVE-2019-6109 can employ crafted object names to manipulate the client output, e.g., by N/A
using ANSI control codes to hide additional files being transferred. This
affects refresh_progress_meter() in progressmeter.c.

In OpenSSH 7.9, due to accepting and displaying arbitrary stderr output from
the server, a malicious server (or Man-in-The-Middle attacker) can
 4 CVE-2019-6110 EDB-ID:46193
manipulate the client output, for example to use ANSI control codes to hide
additional files being transferred.

In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass
 2.6 CVE-2018-20685 intended access restrictions via the filename of . or an empty filename. The N/A
impact is modifying the permissions of the target directory on the client side.

An issue was discovered in OpenSSH before 8.9. If a client is using public-key

authentication with agent forwarding but without -oLogLevel=verbose, and an
attacker has silently modified the server to support the None authentication
option, then the user cannot determine whether FIDO authentication is going
 2.6 CVE-2021-36368 N/A
to confirm that the user wishes to connect to that server, or that the user
wishes to allow that server to connect to a different server on the user's
behalf. NOTE: the vendor's position is "this is not an authentication bypass,
since nothing is being bypassed.

 Details

Risk description:
These vulnerabilities expose the affected applications to the risk of unauthorized access to confidential data and possibly to denial of
service attacks. An attacker could search for an appropriate exploit (or create one) for any of these vulnerabilities and use it to attack the
system.

Notes:
The vulnerabilities are identified based on the server's version.
Only the first 30 vulnerabilities with the highest risk are shown for each port.

Recommendation:
We recommend you to upgrade the affected software to the latest version in order to eliminate the risks imposed by these vulnerabilities.

 SSH service exposed to the Internet CONFIRMED

port 22/tcp

We managed to detect a publicly accessible SSH service.

Starting Nmap ( https://nmap.org ) at 2025-04-25 14:23 EEST
Nmap scan report for 143.0.14-121.prt.globo.com (143.0.14.121)
Host is up (0.19s latency).

PORT STATE SERVICE VERSION

22/tcp open ssh OpenSSH 7.4 (protocol 2.0)
| ssh-auth-methods:
| Supported authentication methods:
| publickey
| gssapi-keyex
| gssapi-with-mic
|_ password

Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .

Nmap done: 1 IP address (1 host up) scanned in 2.92 seconds

 Details

Vulnerability description:
We found that the SSH service with username/password authentication is publicly accessible. Network administrators often use remote
administration protocols to control devices like switches, routers, and other essential systems. However, allowing these services to be
accessible via the Internet can increase security risks, creating potential opportunities for attacks on the organization.

3/6
 Risk description:
Exposing this service online with username/password authentication can enable attackers to launch authentication attacks, like guessing
login credentials, and potentially gaining unauthorized access. Vulnerabilities, such as unpatched software, protocol flaws, or backdoors
could also be exploited. An example is the CVE-2024-3094 (XZ Utils Backdoor) vulnerability.

Recommendation:
We recommend turning off SSH with username/password authentication access over the Internet and instead using a Virtual Private
Network (VPN) that mandates two-factor authentication (2FA). If the SSH service is essential for business purposes, we recommend
limiting access only from designated IP addresses using a firewall. Furthermore, it is advisable to utilize SSH Public Key Authentication
since it employs a key pair to verify the identity of a user or process.

 Vulnerabilities found for Vsftpd 3.0.2 UNCONFIRMED 

port 21/tcp

Risk
CVSS CVE Summary Exploit
level

ALPACA is an application layer protocol content confusion attack, exploiting TLS servers
implementing different protocols but using compatible certificates, such as multi-domain or
wildcard certificates. A MiTM attacker having access to victim's traffic at the TCP/IP layer can
 5.8 CVE-2021-3618 N/A
redirect traffic from one subdomain to another, resulting in a valid TLS session. This breaks the
authentication of TLS and cross-protocol attacks may be possible where the behavior of one
protocol service may compromise the other at the application layer.

Unspecified vulnerability in vsftpd 3.0.2 and earlier allows remote attackers to bypass access
 5 CVE-2015-1419 N/A
restrictions via unknown vectors, related to deny_file parsing.

 Details

Risk description:
These vulnerabilities expose the affected applications to the risk of unauthorized access to confidential data and possibly to denial of
service attacks. An attacker could search for an appropriate exploit (or create one) for any of these vulnerabilities and use it to attack the
system.

Notes:
The vulnerabilities are identified based on the server's version.
Only the first 30 vulnerabilities with the highest risk are shown for each port.

Recommendation:
We recommend you to upgrade the affected software to the latest version in order to eliminate the risks imposed by these vulnerabilities.

 FTP service exposed to the Internet CONFIRMED

port 21/tcp

We managed to detect a publicly accessible File Transfer Protocol (FTP) service.

PORT STATE SERVICE VERSION
21/tcp open ftp vsftpd 3.0.2

 Details

Vulnerability description:
We found that the File Transfer Protocol (FTP) service is publicly accessible. The FTP enables client systems to connect to upload and
download files. Nonetheless, FTP lacks encryption for the data exchanged between the server and the client, leaving all transferred data
exposed in plaintext.

Risk description:
Exposing this service online can enable attackers to execute man-in-the-middle attacks, capturing sensitive user credentials and the
contents of files because FTP operates without encryption. The entirety of the communication between the client and the server remains
unsecured in plaintext. This acquired information could further facilitate additional attacks within the network.

Recommendation:
We recommend turning off FTP access over the Internet and instead using a Virtual Private Network (VPN) that mandates two-factor
authentication (2FA). If the FTP service is essential for business purposes, we recommend limiting access only from designated IP
addresses using a firewall. Furthermore, utilizing SFTP (Secure File Transfer Protocol) is recommended as this protocol employs encryption
to secure data transfers.

 IP Information CONFIRMED

Autonomous system (AS)

IP Address Hostname Location Organization (Name & Type)
Information

4/6
 143.0.14- Rio de Janeiro, Rio de Globo Comunica O E Participa Globo Comunica O E Participa
143.0.14.121
121.prt.globo.com Janeiro, Brazil OES SA (AS28604) OES SA (business)

 Details

Risk description:
If an attacker knows the physical location of an organization's IP address and its Autonomous System (AS) number, they could launch
targeted physical or cyber attacks, exploiting regional vulnerabilities or disrupting critical infrastructure.

Recommendation:
We recommend reviewing physical security measures and monitoring network traffic for unusual activity, indicating potential cyber
threats. Additionally, implementing robust network segmentation and adopting encryption protocols for data in transit can help protect
sensitive information, even if attackers are aware of the IP addresses and the Autonomous System (AS) number.

 DNS Records CONFIRMED

port 53/udp

Domain Queried DNS Record Type Description Value

143.0.14.121 PTR Pointer record 143.0.14-121.prt.globo.com

 Details

Risk description:
An initial step for an attacker aiming to learn about an organization involves conducting searches on its domain names to uncover DNS
records associated with the organization. This strategy aims to amass comprehensive insights into the target domain, enabling the
attacker to outline the organization's external digital landscape. This gathered intelligence may subsequently serve as a foundation for
launching attacks, including those based on social engineering techniques. DNS records pointing to services or servers that are no longer
in use can provide an attacker with an easy entry point into the network.

Recommendation:
We recommend reviewing all DNS records associated with the domain and identifying and removing unused or obsolete records.

 Open ports discovery CONFIRMED

Port State Service Product Product Version

21 open ftp vsftpd 3.0.2

22 open ssh OpenSSH 7.4

 Details

Risk description:
This is the list of ports that have been found on the target host. Having unnecessary open ports may expose the target to more risks
because those network services and applications may contain vulnerabilities.

Recommendation:
We recommend reviewing the list of open ports and closing the ones which are not necessary for business purposes.

 OS Detection UNCONFIRMED 

Operating System

Linux 4.4

 Details

Vulnerability description:
OS Detection

Scan coverage information

5/6
List of tests performed (8/8)
 Running IP information lookup phase
 Performing DNS enumeration
 Performing OS detection
 Running port discovery
 Scanning for publicly exposed File Transfer Protocol (FTP) service
 Scanning for publicly exposed SSH service
 Scanning for vulnerabilities of Vsftpd on port 21
 Scanning for vulnerabilities of Openssh on port 22

Scan parameters
Target: 143.0.14.121
Preset: Custom
Scanning engines: Version_based
Check alive: False
Extensive modules: -
Protocol type: TCP
Ports to scan: Top 10 ports
CVEs:
Requests per
-
second:

6/6