We will perform an Advanced Nessus Scan to assess the security of the newly installed software with identified vulnerabilities from our previous session.
Back to Nessus, we will scan the Windows VM one more time and wait for the result.
- After Nessus completed it's scanning. We can see that it detected Apache Log4j, Google Chrome, and 7-Zip as a vulnerability.
- We will look at the Apache Log4j and Google Chrome vulnerabilities.
- Let's look at the Apache Log4j vulnerability first by clicking on it.
- As of now, the Minecraft server has not been installed or initiated. Therefore, the attack vector remains inactive. However, Nessus has identified a potential vulnerability that warrants attention.
- Nessus had identified the Remote Code Execution a score of ten on CVSS, which is the highest severity rating.
- We can examine the vulnerability more by clicking on it.
- It shows the downloaded path of the file in Output section.
- Also it's correct that version 2.15.0 will fix this vulnerability.
- Let's look at the Google Chrome vulnerability now by returning to the vulnerabilities page and clicking on it.
- Nessus had identified the Google Chrome vulnerability a score of 9.8 on CVSS.
- We can examine the vulnerability more by clicking on it.
- On this page, we can see a lot of CVE numbers and the solution to fix it.
- Finally we can create a report that list all the vulnerabilities.
- We can achieve this by going back to the vulnerability page and clicking on the Report button on the top right corner.
- We will generate the report on "Complete List of Vulnerabilities by Host" and clicking on Generate Report.
- A html document will be downloaded and it will show all the vulnerability that had been detected.
The full Report can be found:
- [PDF File](https://github.com/jefftsui1/Cybersecurity-Home-Labs/blob/main/Guided-Labs/Ethical%20Hacking/Pavel%20Hrabec/Vulnerability%20Scanner%20Deployment/Nessus%20Vulnerability%20Report%20PDF.pdf)
- [Html Document](https://github.com/jefftsui1/Cybersecurity-Home-Labs/blob/main/Guided-Labs/Ethical%20Hacking/Pavel%20Hrabec/Vulnerability%20Scanner%20Deployment/Nessus%20Vulnerability%20Report.html)
- This you will have to download it to view it.
Performing Advanced Scan on Nessus
We will perform an Advanced Nessus Scan to assess the security of the newly installed software with identified vulnerabilities from our previous session.
- After Nessus completed it's scanning. We can see that it detected Apache Log4j, Google Chrome, and 7-Zip as a vulnerability. - We will look at the Apache Log4j and Google Chrome vulnerabilities.
- Let's look at the Apache Log4j vulnerability first by clicking on it. - As of now, the Minecraft server has not been installed or initiated. Therefore, the attack vector remains inactive. However, Nessus has identified a potential vulnerability that warrants attention. - Nessus had identified the Remote Code Execution a score of ten on CVSS, which is the highest severity rating. - We can examine the vulnerability more by clicking on it.
- It shows the downloaded path of the file in Output section. - Also it's correct that version 2.15.0 will fix this vulnerability.
- Let's look at the Google Chrome vulnerability now by returning to the vulnerabilities page and clicking on it. - Nessus had identified the Google Chrome vulnerability a score of 9.8 on CVSS. - We can examine the vulnerability more by clicking on it.
- On this page, we can see a lot of CVE numbers and the solution to fix it.
- Finally we can create a report that list all the vulnerabilities. - We can achieve this by going back to the vulnerability page and clicking on the Report button on the top right corner.
- We will generate the report on "Complete List of Vulnerabilities by Host" and clicking on Generate Report.
- A html document will be downloaded and it will show all the vulnerability that had been detected.
The full Report can be found: - [PDF File](https://github.com/jefftsui1/Cybersecurity-Home-Labs/blob/main/Guided-Labs/Ethical%20Hacking/Pavel%20Hrabec/Vulnerability%20Scanner%20Deployment/Nessus%20Vulnerability%20Report%20PDF.pdf) - [Html Document](https://github.com/jefftsui1/Cybersecurity-Home-Labs/blob/main/Guided-Labs/Ethical%20Hacking/Pavel%20Hrabec/Vulnerability%20Scanner%20Deployment/Nessus%20Vulnerability%20Report.html) - This you will have to download it to view it.