vuln.tenable

2021-05-14 15:54:46.257 localhost=127.0.0.1 vuln.tenable.io.assets: {"time_end": "2020-12-23T08:41:18.279Z", "time_start": "2020-12-23T08:33:44.559Z", "id": "ca697ce4-8f35-4350-b61a-490f0b603554", "uuid": "ca697ce4-8f35-4350-b61a-490f0b603554", "operating_system": ["Linux Kernel 5.4.0-58-generic on Ubuntu 18.04"], "mac_address": ["0a:00:27:00:00:01", "02:42:65:5b:d3:29", "02:42:cf:21:04:ea", "02:42:cd:55:75:84", "0a:00:27:00:00:00", "e8:6a:64:3a:6b:11", "02:42:22:fb:09:74", "1c:1b:b5:23:99:7f"], "counts": {"vulnerabilities": {"total": 43, "severities": [{"count": 51, "level": 0, "name": "Info"}, {"count": 0, "level": 1, "name": "Low"}, {"count": 1, "level": 2, "name": "Medium"}, {"count": 1, "level": 3, "name": "High"}, {"count": 0, "level": 4, "name": "Critical"}]}, "audits": {"total": 0, "statuses": [{"count": 0, "level": 1, "name": "Passed"}, {"count": 0, "level": 2, "name": "Warning"}, {"count": 0, "level": 3, "name": "Failed"}]}}, "has_agent": true, "created_at": "2020-11-16T16:27:02.692Z", "updated_at": "2020-12-23T08:48:12.674Z", "first_seen": "2020-11-16T16:27:01.289Z", "last_seen": "2020-12-23T08:41:18.279Z", "last_scan_target": "192.168.1.239", "last_authenticated_scan_date": "2020-12-23T08:41:18.279Z", "last_licensed_scan_date": "2020-12-23T08:41:18.279Z", "last_scan_id": "2519b9ca-8409-458e-9cec-d2f4be19d255", "last_schedule_id": "template-0373df4f-5e95-44c7-277c-472b4eed818e56e8d65e0cb3f570", "sources": [{"name": "NESSUS_AGENT", "first_seen": "2020-11-16T16:27:01.289Z", "last_seen": "2020-11-16T16:27:01.289Z"}, {"name": "NESSUS_SCAN", "first_seen": "2020-12-21T16:32:41.144Z", "last_seen": "2020-12-23T08:41:18.279Z"}], "tags": [], "interfaces": [{"name": "lo", "fqdn": [], "mac_address": [], "ipv4": [], "ipv6": []}, {"name": "vboxnet1", "fqdn": [], "mac_address": ["0a:00:27:00:00:01"], "ipv4": [], "ipv6": []}, {"name": "br-a7d3f4f6d4dd", "fqdn": [], "mac_address": ["02:42:65:5b:d3:29"], "ipv4": ["172.21.0.1"], "ipv6": []}, {"name": "docker0", "fqdn": [], "mac_address": ["02:42:cf:21:04:ea"], "ipv4": ["172.234.0.1"], "ipv6": ["fe80:0:0:0:42:cfff:fe21:4ea"]}, {"name": "tun0", "fqdn": [], "mac_address": [], "ipv4": ["10.9.5.124"], "ipv6": ["fe80:0:0:0:73b5:795:a063:ba70"]}, {"name": "br-6686f59549d8", "fqdn": [], "mac_address": ["02:42:cd:55:75:84"], "ipv4": ["172.18.0.1"], "ipv6": []}, {"name": "vboxnet0", "fqdn": [], "mac_address": ["0a:00:27:00:00:00"], "ipv4": [], "ipv6": []}, {"name": "tun1", "fqdn": [], "mac_address": [], "ipv4": ["10.8.1.213"], "ipv6": ["fe80:0:0:0:cc91:9097:d0ae:d247"]}, {"name": "enp0s31f6", "fqdn": [], "mac_address": ["e8:6a:64:3a:6b:11"], "ipv4": [], "ipv6": []}, {"name": "br-57afc8bee660", "fqdn": [], "mac_address": ["02:42:22:fb:09:74"], "ipv4": ["172.19.0.1"], "ipv6": []}, {"name": "wlp2s0", "fqdn": [], "mac_address": ["1c:1b:b5:23:99:7f"], "ipv4": ["192.168.1.239"], "ipv6": ["fe80:0:0:0:85f5:ef3e:2aeb:deca"]}, {"name": "UNKNOWN", "fqdn": ["ip-192-168-1-132.eu-west-1.compute.internal"], "mac_address": ["02:42:22:fb:09:74", "02:42:cf:21:04:ea", "02:42:65:5b:d3:29", "02:42:cd:55:75:84", "0a:00:27:00:00:01", "0a:00:27:00:00:00", "e8:6a:64:3a:6b:11", "1c:1b:b5:23:99:7f"], "ipv4": ["172.21.0.1", "172.234.0.1", "172.18.0.1", "172.19.0.1", "192.168.1.239", "10.9.5.124", "10.8.1.213"], "ipv6": ["fe80:0:0:0:42:cfff:fe21:4ea", "fe80:0:0:0:73b5:795:a063:ba70", "fe80:0:0:0:cc91:9097:d0ae:d247", "fe80:0:0:0:85f5:ef3e:2aeb:deca"]}], "ipv4": ["172.21.0.1", "172.234.0.1", "10.9.5.124", "172.18.0.1", "10.8.1.213", "172.19.0.1", "192.168.1.239"], "ipv6": ["fe80:0:0:0:42:cfff:fe21:4ea", "fe80:0:0:0:73b5:795:a063:ba70", "fe80:0:0:0:cc91:9097:d0ae:d247", "fe80:0:0:0:85f5:ef3e:2aeb:deca"], "fqdn": ["ip-192-168-1-132.eu-west-1.compute.internal"], "netbios_name": [], "system_type": ["general-purpose"], "tenable_uuid": ["09c8f361760b469fa27d9694fac01d81"], "hostname": ["2018-emea-0403"], "agent_name": ["2018-emea-0403"], "bios_uuid": [], "aws_ec2_instance_id": [], "aws_ec2_instance_ami_id": [], "aws_owner_id": [], "aws_availability_zone": [], "aws_region": [], "aws_vpc_id": [], "aws_ec2_instance_group_name": [], "aws_ec2_instance_state_name": [], "aws_ec2_instance_type": [], "aws_subnet_id": [], "aws_ec2_product_code": [], "aws_ec2_name": [], "azure_vm_id": [], "azure_resource_id": [], "gcp_project_id": [], "gcp_zone": [], "gcp_instance_id": [], "ssh_fingerprint": [], "mcafee_epo_guid": [], "mcafee_epo_agent_guid": [], "qualys_asset_id": [], "qualys_host_id": [], "servicenow_sysid": [], "installed_software": ["cpe:/a:apache:tomcat:8.5.13", "cpe:/a:apache:tomcat:8.5.50", "cpe:/a:kubernetes:kubernetes:1.20.0", "cpe:/a:kubernetes:kubernetes:1.20.1"], "bigfix_asset_id": [], "security_protection_level": null, "security_protections": [], "exposure_confidence_value": null, "network_name": "Default", "count": 1, "plugin_family": "Ubuntu Local Security Checks", "plugin_id": 141934, "plugin_name": "Ubuntu 18.04 LTS : Netty vulnerabilities (USN-4600-2)", "vulnerability_state": "Active", "vpr_score": 6.0, "accepted_count": 0, "recasted_count": 0, "counts_by_severity": [{"count": 1, "value": 3}], "cvss_base_score": 7.5, "cvss3_base_score": 9.8, "severity": 3}

2021-05-14 16:31:28.453 localhost=127.0.0.1 vuln.tenable.io.agents: {"id": 38246924, "uuid": "736ebd7d-34f9-4eff-b632-7c7a415cd795", "name": "alerts-1-pro-cloud-manulife-aws-ca-central-1", "platform": "LINUX", "distro": "ubuntu1110-x86-64", "ip": "10.5.27.171", "plugin_feed_id": "202105132205", "core_build": "47", "core_version": "8.2.4", "linked_on": 1618955646, "last_connect": 1621002605, "status": "on", "groups": [{"name": "CIS Scans", "id": 192286}], "aws_instance_id": "i-05f341cb22087d7ed", "aws_account_id": "175688291360", "supports_remote_logs": true, "network_uuid": "00000000-0000-0000-0000-000000000000", "network_name": "Default"}

2021-03-25 11:27:34.003 localhost=127.0.0.1 vuln.tenable.io.audit_log: {"id": "5f9061fd59d3408e9048ebbc05e2f572", "action": "audit.log.view", "crud": "r", "is_failure": "None", "received": "2021-03-10T17:56:13Z", "description": "POST /enterprise/v1/graphql", "actor": {"id": "enterprise:3db4f7b", "name": "Tenable.IO enterprisetoken 12e58d32-9b43-4495-b4bf-f92340a31afe"}, "is_anonymous": "None", "target": {"id": "None", "name": "None", "type": "None"}, "fields": "None"}

2021-05-14 16:44:54.602 localhost=127.0.0.1 vuln.tenable.io.plugins: {"id": 34821, "name": "MS08-067: Vulnerability in Server Service Could Allow Remote Code Execution (958644) (ECLIPSEDWING) (uncredentialed check / IPS)", "attributes": {"plugin_type": "REMOTE", "intel_type": "SENSOR", "synopsis": "Arbitrary code can be executed on the remote host due to a flaw in the \'Server\' service.", "description": "The remote host is affected by a buffer overrun in the \'Server\' service that may allow an attacker to execute arbitrary code on the remote host with \'SYSTEM\' privileges.\\n\\nECLIPSEDWING is one of multiple Equation Group vulnerabilities and exploits disclosed on 2017/04/14 by a group known as the Shadow Brokers.", "solution": "Microsoft has released a set of patches for Windows 2000, XP, 2003, Vista and 2008.", "see_also": ["http://www.microsoft.com/technet/security/bulletin/ms08-067.mspx"], "plugin_publication_date": "2008-11-21T00:00:00Z", "vuln_publication_date": "2008-10-23T00:00:00Z", "patch_publication_date": "2008-10-23T00:00:00Z", "has_patch": true, "exploitability_ease": "AVAILABLE", "exploit_available": true, "risk_factor": "CRITICAL", "stig_severity": "I", "cpe": ["cpe:/o:microsoft:windows"], "plugin_modification_date": "2021-05-10T00:00:00Z", "plugin_version": 1.144, "always_run": false, "compliance": false, "exploited_by_malware": true, "in_the_news": true, "exploit_framework_canvas": true, "exploit_framework_exploithub": false, "exploit_framework_core": false, "exploit_framework_d2_elliot": false, "exploit_framework_metasploit": true, "cvss_vector": {"raw": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "AccessVector": "Network", "AccessComplexity": "Low", "Authentication": "None required", "Confidentiality-Impact": "Complete", "Integrity-Impact": "Complete", "Availability-Impact": "Complete"}, "cvss_temporal_vector": {"raw": "E:H/RL:OF/RC:C", "Exploitability": "High", "RemediationLevel": "Official Fix", "ReportConfidence": "Confirmed"}, "cvss_temporal_score": 8.7, "cvss_base_score": 10.0, "cvss3_vector": {"raw": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "AttackVector": "Network", "AttackComplexity": "Low", "PrivilegesRequired": "None", "UserInteraction": "None", "Scope": "Unchanged", "Confidentiality-Impact": "High", "Integrity-Impact": "High", "Availability-Impact": "High"}, "cvss3_base_score": 9.8, "cve": ["CVE-2008-4250"], "bid": [31874], "xref": ["CWE:94", "MSFT:MS08-067", "IAVA:2008-A-0081-S", "MSKB:958644", "CERT:827267", "EDB-ID:6824", "EDB-ID:7104", "EDB-ID:7132"], "xrefs": [{"type": "CWE", "id": "94"}, {"type": "MSFT", "id": "MS08-067"}, {"type": "IAVA", "id": "2008-A-0081-S"}, {"type": "MSKB", "id": "958644"}, {"type": "CERT", "id": "827267"}, {"type": "EDB-ID", "id": "6824"}, {"type": "EDB-ID", "id": "7104"}, {"type": "EDB-ID", "id": "7132"}], "vpr": {"score": 8.9, "drivers": {"age_of_vuln": {"lower_bound": 731}, "exploit_code_maturity": "HIGH", "cvss_impact_score_predicted": false, "threat_intensity_last28": "VERY_LOW", "threat_recency": {"lower_bound": 31, "upper_bound": 120}, "threat_sources_last28": ["No recorded events"], "product_coverage": "HIGH"}, "updated": "2021-03-09T05:19:13Z"}}}

2021-05-14 16:47:46.074 localhost=127.0.0.1 vuln.tenable.io.scanners: {"creation_date": 1608567093, "distro": "ubuntu1110-x86-64", "engine_version": "18.13.10", "group": false, "hostname": "2018-EMEA-0403", "id": 330182, "ip_addresses": ["192.168.1.239", "172.19.0.1", "172.18.0.1", "172.22.0.1", "172.29.0.1", "172.21.0.1", "172.234.0.1", "172.31.0.1", "172.30.0.1", "100.96.2.51", "fd:0:0:8112::3"], "key": "7d686cbe361103e4cc9842fbdf1b735de38b7a14542bde707114cf431aae1b00", "last_connect": 1617958416, "last_modification_date": 1617869849, "linked": 1, "loaded_plugin_set": "202104071310", "name": "2018-EMEA-0403", "network_name": "Default", "num_hosts": 0, "num_scans": 0, "num_sessions": 0, "num_tcp_sessions": 0, "owner": "system", "owner_id": 2014562, "owner_name": "system", "owner_uuid": "40b641a4-6164-4393-b1f3-8c2f19327720", "platform": "LINUX", "pool": false, "scan_count": 0, "shared": 1, "source": "service", "status": "off", "timestamp": 1617869849, "type": "managed", "ui_build": "2", "ui_version": "8.13.2", "user_permissions": 128, "uuid": "71135b7a-a087-4849-bedb-fbcb0109bbf8", "remote_uuid": "d14d5c10-c843-5a4f-9ad5-0cebf9f871f728b8b8417bade83b", "supports_remote_logs": false, "supports_webapp": false}

2021-05-14 16:57:08.165 localhost=127.0.0.1 vuln.tenable.io.scans: {"template_uuid": "40345bfc-48be-37bc-9bce-526bdce37582e8fee83bcefdc746", "legacy": false, "folder_id": 119, "type": "remote", "read": false, "last_modification_date": 1620915797, "creation_date": 1620915544, "status": "completed", "uuid": "6a7e84b5-1590-43e4-95d2-5ce9d09021c5", "shared": true, "user_permissions": 64, "owner": "devo@devo.com", "schedule_uuid": "1f6806ad-0ce5-be93-6deb-1c2c1aadd5702dabace3aba39c83", "timezone": "America/Chicago", "rrules": "FREQ=WEEKLY;INTERVAL=1;BYDAY=FR", "starttime": "20210504T220000", "enabled": false, "control": true, "wizard_uuid": "40345bfc-48be-37bc-9bce-526bdce37582e8fee83bcefdc746", "policy_id": 191, "name": "Copy of Manulife - CIS Scan - Ubuntu 20.04", "id": 192}