I am a somewhat new user, so bear with me as I try to figure this out.
I was recently running scans, from external unrelated infrastructure, on some of our company’s “internal” infrastructure, which is hosted by AWS. The scan picked up a CVSS level 10 vulnerability, CVE-1999-0636, based on the NVT: Check for discard Service. I was using the latest version of the Greenbone Security Assistant, and had updated everything just prior to running the scan.
- Full and Fast scan using the default settings.
- Run from a Kali VM using a VPN (if that helps).
Aside from the severity level, this caught my eye because it is a very old vulnerability. I was able to duplicate the results on the same infrastructure. I have now tested it on several other parts of the company infrastructure and each time, this is the only vulnerability that has been detected.
I feel like this is a false positive but am hoping the community can shed some light on how this might be happening.
Thanks for the help!