Misconfigurations with Associated CVEs

Misconfigurations with Associated CVEs

Some misconfigurations have associated CVEs. Previously, these CVEs were only mentioned in the misconfiguration description and were not displayed in the Vulnerabilities view or the Detected CVEs view.

Enhancement

We have enhanced the detection logic to identify misconfigurations that are associated with CVEs as vulnerabilities. As a result, these CVEs will now be displayed in both the Vulnerabilities view and the Detected CVEs view. As a result, it may lead to an increase in the overall vulnerability count. 

Note: The affected misconfiguration will continue to be listed in the Misconfigurations view as before. 

How to Fix?

In order to fix the CVE, deploy the remediation for the corresponding misconfiguration from the Misconfigurations view. Once the remediation has been successfully applied, the CVE will no longer appear in subsequent scans.


Decline Behavior

If a misconfiguration is declined and has an associated CVE that is supported as a vulnerability, the vulnerability will still be detected. Similarly, declining the vulnerability will not affect the detection of the associated misconfiguration. The misconfiguration and the associated vulnerability are treated independently and must be declined separately if both need to be excluded from detection.

Note: This enhancement is applicable from build version 11.5.2616.01 and above. For cloud customers, the enhancement will be reflected in 2-3 months.

Some of the misconfigurations for which Associated CVEs displayed include:

  • Autorun commands are allowed to run without user intervention.

  • The Server Message Block (SMB) v1 protocol is not disabled.

  • Telnet Client is not disabled.

  • Simple Network Management Protocol (SNMP) is not disabled.

  • TFTP Client is not disabled.

  • NetBIOS over TCP/IP is not disabled.

  • LAN Manager Authentication Level is not configured to a secure setting (accept NTLMv2 only and refuse LM and NTLM).

  • Inbound connections on UDP port 137 are not blocked by Windows Firewall.

  • Inbound connections on UDP port 138 are not blocked by Windows Firewall.

  • Inbound connections on TCP port 139 are not blocked by Windows Firewall.

  • Inbound connections on TCP port 445 are not blocked by Windows Firewall.

  • ActiveX control initialization is not disabled in Office 10.

  • TightVNC server communication is not protected by a password.

  • TLS 1.0 is not disabled.

  • TLS 1.1 is enabled.

  • Diffie-Hellman key length is not configured to a minimum of 2048 bits.

  • SSL 2.0 is not disabled.

  • SSL 3.0 is not disabled.

  • Default cipher suites are in use.

  • DES and 3DES cipher algorithms are not disabled.

  • EXPORT-grade ciphers are not disabled.

  • RC4 cipher algorithms are not disabled.

  • MD5 hashing algorithm is not disabled.

  • Chrome is not configured to enforce a minimum TLS/SSL version of TLS 1.2.

  • Minimum session security requirements for NTLM SSP-based clients are not configured.

  • Minimum session security requirements for NTLM SSP-based servers are not configured.

  • Kerberos authentication is not configured to prevent the use of DES and RC4 encryption suites.

  • DSM plug-in is not configured for UltraVNC.

  • Untrusted font blocking is not enabled.


Regards,
The ManageEngine Team


            New to M365 Manager Plus?
            New to M365 Manager Plus?
              New to RecoveryManager Plus?
              New to RecoveryManager Plus?
                New to Exchange Reporter Plus?
                New to Exchange Reporter Plus?
                  New to SharePoint Manager Plus?
                  New to SharePoint Manager Plus?
                    See all integrations
                    New to ADManager Plus?
                    See all integrations
                    New to ADManager Plus?

                      New to ADSelfService Plus?

                      Start your free trial
                      Start your free trial
                          Related Products