Open Port Finding Messages: Potentially Vulnerable – Bitsight Knowledge Base

Potentially vulnerable Open Port findings are observed for informational purposes only. Even if these ports are observed to be open, their level of risk may vary. Therefore, these open ports do not have a set impact on the Open Ports letter grade.

Chunking Potential

Chunking is an extension that allows large amounts of email to be sent in chunks. It has known vulnerabilities that allows a remote attacker to execute arbitrary code or cause a DoS condition using specially crafted BDAT commands.

Remediation Tips: Disable chunking in your mail transfer agent (MTA).

CVE-2018-10933

LibSSH versions 0.6 and above have an authentication bypass vulnerability in the server code, which allows attackers to steal encryption keys, access user data, install rootkits, and erase logs that recorded the unauthorized access. Learn more about CVE-2018-10933. If observed from October 23, 2018 and onward, this is graded BAD.

Remediation Tips: If you have LibSSH installed and you are using the server component, conduct a thorough audit of your network and to apply these patches. If patches are unavailable, limit exposure as a temporary workaround.

Detected service: HTTP (potential ROBOT vulnerability)

ROBOT is an RSA vulnerability which enables attackers to passively record traffic and later decrypt it.

Remediation Tips: Update all affected hardware and software packages that are vulnerable to this exploit. See the list of affected enterprise vendors that have released updates that fix this vulnerability. If patches are not available for the organization's hardware, disable ciphers that start with TLS_RSA.

Detected service: HTTP (potential VPNFilter)

The VPNFilter malware targets small office and home office routers. The malware can collect information passing through the router (such as website credentials), can render an infected device unusable, can be triggered on individual machines or en masse, block network traffic, and has the potential of cutting off internet access worldwide.

Detected service: HTTPS (potential ROBOT vulnerability)

ROBOT is an RSA vulnerability which enables attackers to passively record traffic and later decrypt it.

Detected service: HTTPS (potential VPNFilter)

Detected service: SNMP (potential VPNFilter)

This port was observed running SNMP, which is a protocol for managing devices on IP networks. It has known security vulnerabilities, including the VPNFilter malware, which targets small office and home office routers. The malware can collect information passing through the router (such as website credentials), can render an infected device unusable, can be triggered on individual machines or en masse, block network traffic, and has the potential of cutting off internet access worldwide.

Remediation Tips: Use SNMP over TLS or Datagram TLS, as specified in RFC-5953. Implement and cease use of the unencrypted SNMP protocol.

Detected service: Ubiquiti (potential VPNFilter)

This port was observed running Ubiquiti, which provides a platform for internet access, enterprise, and smart home applications. It has known security vulnerabilities, including the VPNFilter malware, which targets small office and home office routers. The malware can collect information passing through the router (such as website credentials), can render an infected device unusable, can be triggered on individual machines or en masse, block network traffic, and has the potential of cutting off internet access worldwide.

VPNFilter Malware

Ports:

80
161
443

Remediation Tips: Reboot the devices to temporarily disrupt the malware. Consider disabling remote management settings on devices and secure with strong passwords and encryption when enabled. Network devices should be upgraded to the latest available versions of firmware.

March 20, 2025: Separated Open Port finding messages.

Related articles