Open jamesraay opened 3 years ago
"Potentially vulnerable" means that this script cannot determine anything (because it's just looking at the version, which is not saying anything). Also see #4
I strongly suggest people use Microsoft's nmap script instead, which does proper detection:
https://github.com/microsoft/CSS-Exchange/blob/main/Security/src/http-vuln-cve2021-26855.nse
That’s what I used.
From: Lukas Tribus @.> Sent: Sunday, March 14, 2021 11:28 AM To: GossiTheDog/scanning @.> Cc: Raaymakers. James @.>; Author @.> Subject: Re: [GossiTheDog/scanning] Exchange 2019 potentially vulnerable, check latest security update is applied (Exchange 2019 CU7 or CU8 installed) (#6)
EXTERNAL EMAIL: If unknown sender, do not click links/attachments. NEVER give out your user ID or password. !!!!WARNING!!!! Be aware of Phishing emails asking to update payment information. DO NOT CLICK THE ATTACHMENT. Please forward a copy to SPAMBIN@TheRaaymakers.Net, delete the message and let me know. Thanks. Tito/James/Dad/.__
"Potentially vulnerable" means that this script cannot determine anything (because it's just looking at the version, which is not saying anything). Also see #4https://github.com/GossiTheDog/scanning/issues/4
I strongly suggest people use Microsoft's nmap script instead, which does proper detection:
https://github.com/microsoft/CSS-Exchange/blob/main/Security/src/http-vuln-cve2021-26855.nse
— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHubhttps://github.com/GossiTheDog/scanning/issues/6#issuecomment-798955498, or unsubscribehttps://github.com/notifications/unsubscribe-auth/ATGO3LSAPBHF4SJ6EA62TFDTDT53BANCNFSM4ZCVAHDA.
Correction. I just now ran the Microsoft version. Here was my output..
PS C:\users\james\documents\nmapscripts> nmap -p 443 --script .\http-vuln-exchange.nse MBX01.domain.net Starting Nmap 7.91 ( https://nmap.org ) at 2021-03-14 11:49 Pacific Daylight Time Nmap scan report for MBX01.domain.net (192.168.1.10) Host is up (0.0010s latency).
PORT STATE SERVICE 443/tcp open https MAC Address: 00:0C:29:00:99:AF (VMware)
Nmap done: 1 IP address (1 host up) scanned in 0.85 seconds PS C:\users\james\documents\nmapscripts>
I assume this means it is NOT vulnerable?
From: Lukas Tribus @.> Sent: Sunday, March 14, 2021 11:28 AM To: GossiTheDog/scanning @.> Cc: Raaymakers. James @.>; Author @.> Subject: Re: [GossiTheDog/scanning] Exchange 2019 potentially vulnerable, check latest security update is applied (Exchange 2019 CU7 or CU8 installed) (#6)
EXTERNAL EMAIL: If unknown sender, do not click links/attachments. NEVER give out your user ID or password. !!!!WARNING!!!! Be aware of Phishing emails asking to update payment information. DO NOT CLICK THE ATTACHMENT. Please forward a copy to SPAMBIN@TheRaaymakers.Net, delete the message and let me know. Thanks. Tito/James/Dad/.__
"Potentially vulnerable" means that this script cannot determine anything (because it's just looking at the version, which is not saying anything). Also see #4https://github.com/GossiTheDog/scanning/issues/4
I strongly suggest people use Microsoft's nmap script instead, which does proper detection:
https://github.com/microsoft/CSS-Exchange/blob/main/Security/src/http-vuln-cve2021-26855.nse
— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHubhttps://github.com/GossiTheDog/scanning/issues/6#issuecomment-798955498, or unsubscribehttps://github.com/notifications/unsubscribe-auth/ATGO3LSAPBHF4SJ6EA62TFDTDT53BANCNFSM4ZCVAHDA.
PS C:\users\james\documents\nmapscripts> nmap -p 443 --script .\http-vuln-exchange.nse MBX01.domain.net
Starting Nmap 7.91 ( https://nmap.org ) at 2021-03-14 11:49 Pacific Daylight Time
Nmap scan report for MBX01.domain.net (192.168.1.10)
Host is up (0.0010s latency).
PORT STATE SERVICE
443/tcp open https
MAC Address: 00:0C:29:00:99:AF (VMware)
Nmap done: 1 IP address (1 host up) scanned in 0.85 seconds
PS C:\users\james\documents\nmapscripts>
I assume this means it is NOT vulnerable?
Correct.
Thank you very much. I appreciate your time.
From: Lukas Tribus @.> Sent: Sunday, March 14, 2021 11:56 AM To: GossiTheDog/scanning @.> Cc: Raaymakers. James @.>; Author @.> Subject: Re: [GossiTheDog/scanning] Exchange 2019 potentially vulnerable, check latest security update is applied (Exchange 2019 CU7 or CU8 installed) (#6)
EXTERNAL EMAIL: If unknown sender, do not click links/attachments. NEVER give out your user ID or password. !!!!WARNING!!!! Be aware of Phishing emails asking to update payment information. DO NOT CLICK THE ATTACHMENT. Please forward a copy to SPAMBIN@TheRaaymakers.Net, delete the message and let me know. Thanks. Tito/James/Dad/.__
PS C:\users\james\documents\nmapscripts> nmap -p 443 --script .\http-vuln-exchange.nse MBX01.domain.net
Starting Nmap 7.91 ( https://nmap.org ) at 2021-03-14 11:49 Pacific Daylight Time
Nmap scan report for MBX01.domain.net (192.168.1.10)
Host is up (0.0010s latency).
PORT STATE SERVICE
443/tcp open https
MAC Address: 00:0C:29:00:99:AF (VMware)
Nmap done: 1 IP address (1 host up) scanned in 0.85 seconds
PS C:\users\james\documents\nmapscripts>
I assume this means it is NOT vulnerable?
Correct.
— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHubhttps://github.com/GossiTheDog/scanning/issues/6#issuecomment-798959711, or unsubscribehttps://github.com/notifications/unsubscribe-auth/ATGO3LXQ4TJ5PRTL4MHCZA3TDUBEHANCNFSM4ZCVAHDA.
All servers have the latest CU and the security patch installed. What does this message mean?
|_http-server-header: Microsoft-IIS/10.0 |_http-vuln-exchange: (15.2.792) Exchange 2019 potentially vulnerable, check latest security update is applied (Exchange 2019 CU7 or CU8 installed)
For all other scans I get "Error 403 for /owa" or similar.