Wireless Access

last person joined: 15 hours ago 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

Access Point Qualys Scan Non-CVE Finding

This thread has been viewed 1 times

  • 1.  Access Point Qualys Scan Non-CVE Finding

    Posted Aug 05, 2020 02:31 PM

    Our security team has been scanning our access points with Qualys and have returned a "non-CVE" finding for firewall bypass (QID: 34000) relating to source port of the TCP session. I saw some other non-CVE findings on the ArubaOS Hardening guide, but did not see this one mentioned.

     

    Raw scan to 20/tcp with source port 80/tcp returns TCP RST:

     

    ➜ ~ sudo nmap -sS -p 20 -g 80 <AP IP>
    Password:
    Starting Nmap 7.80 ( https://nmap.org ) at 2020-08-05 14:25 EDT
    Nmap scan report for<AP IP> (<AP IP>)
    Host is up (0.046s latency).

    PORT STATE SERVICE
    20/tcp closed ftp-data

    Nmap done: 1 IP address (1 host up) scanned in 0.31 seconds

     

    Raw scan to 20/tcp using random source port results in silent discard:


    ➜ ~ sudo nmap -sS -p 20 -g 12345 <AP IP>
    Starting Nmap 7.80 ( https://nmap.org ) at 2020-08-05 14:25 EDT
    Nmap scan report for<AP IP> (<AP IP>)
    Host is up (0.24s latency).

    PORT STATE SERVICE
    20/tcp filtered ftp-data

    Nmap done: 1 IP address (1 host up) scanned in 2.87 seconds

     

    Any reason for the discrepancy? 



  • 2.  RE: Access Point Qualys Scan Non-CVE Finding

    EMPLOYEE
    Posted Aug 10, 2020 04:44 AM

    Please reach out to Aruba TAC Support, or the Security Incident and Response Team.