Treck Stack Detection Nessus Plugins Update

Summary

Nessus plugins 138614 and 138615 will require paranoid settings enabled

New Ripple20 scan template available for Nessus

Change

Nessus plugin 137702 checks for targets vulnerable to Ripple20, based on three different remote detection plugins (138615, 138614, and 137703, implemented and released in collaboration with JSOF) for the Treck stack. While plugin 137702 and the Treck stack remote detections are able to flag vulnerable targets, it is difficult to identify mitigations already in place and corner case instances of the stack, which may affect reporting accuracy.

In order to improve the accuracy of reporting and minimise corner cases, we will require paranoid settings (level 2) for running the Treck Stack detection plugins 138614 and 138615. Note that the Treck stack detection plugin 137703, and the critical vulnerability check 137702 will remain the same.

Also, to facilitate the detection of potentially vulnerable targets, we are also releasing a specific Ripple20 scan template for Nessus. This template will have paranoid settings (level 2) enabled, including all of our available Ripple20 checks.

Impact

Plugins 138614 and 138615 will require paranoid settings enabled to run. This should improve the accuracy of the Ripple20 checks experienced by customers.

Plugins

138614 - Treck/Kasago Network Stack Detection

138615 - Treck/Kasago Network Stack Detection With IP Option.

Target Release Date

7 September 2020