Forum Discussion
Plugin 138600 - Windows DNS Server RCE (CVE-2020-1350)...
Hi Team,
I can still see non-DNS servers are also showing as vulnerable. i am not sure it is checking DNS services are installed or not. Could you please confirm me
I am having the same issue. Tenable still flag non-DNS servers, I check plugin 44871, I dont find DNS service showing up.
- Approved
Hello @Vikram Boddu and @Maria Huang
Can you please still confirm if you're using version 1.3 of the plugin 138600 - Windows DNS Server RCE (CVE-2020-1350).
Update for this plugin has it the feed on 2020/07/21. If you can confirm to us your plugin feed version that would help it should be 202007211621 or higher.
If your feed version is previous you might need to update the feed and scan again.
Let us know if you have further questions.
Thanks
- Approved
When i checked my scan results , i can see in plugin Details like it is updated:
Last Modified: Jul 21, 2020
Version: 1.3.
I have performed scan with plugins-138600,138554. Let me know any suggestions.
- Approved
Hi @Vikram Boddu
If the DNS Feature is enabled within the host and neither the mitigation or the patch is installed the plugin should fire. If the DNS Feature capabilities are installed in a Windows Server even if the server is not running the plugin will fire as there is a Risk that a vulnerable service might be started later on.
In case you're stating you don't have the DNS Feature installed in that server I'd recommend to create a case with our Support Team so we can take a deep dive into your case.
Thanks,
Pablo
