CCE-95482-6| Platform: cpe:/o:amazon:linux:2, cpe:/o:centos:centos:7, cpe:/o:oracle:linux:7, cpe:/o:oracle:linux:8, cpe:/o:redhat:enterprise_linux:7, cpe:/o:redhat:enterprise_linux:8, cpe:/o:redhat:enterprise_linux:9 | Date: (C)2021-03-05 (M)2023-07-04 |
The Network File System (NFS) is one of the first and most widely distributed file systems in the UNIX environment. It provides the ability for systems to mount file systems of other servers through the network. If the system does not export NFS shares or act as an NFS client, it is recommended that these services be disabled to reduce remote attack surface.
Parameter:
[yes/no]
Technical Mechanism:
Run the following command to mask the nftables service:
# systemctl --now mask nftables
| CCSS Severity: | CCSS Metrics: |
| CCSS Score : 9.8 | Attack Vector: NETWORK |
| Exploit Score: 3.9 | Attack Complexity: LOW |
| Impact Score: 5.9 | Privileges Required: NONE |
| Severity: CRITICAL | User Interaction: NONE |
| Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | Scope: UNCHANGED |
| | Confidentiality: HIGH |
| | Integrity: HIGH |
| | Availability: HIGH |
| | |
References: | Resource Id | Reference |
|---|
| SCAP Repo OVAL Definition | oval:org.secpod.oval:def:72309 |
| SCAP Repo OVAL Definition | oval:org.secpod.oval:def:72822 |
| SCAP Repo OVAL Definition | oval:org.secpod.oval:def:72928 |
| SCAP Repo OVAL Definition | oval:org.secpod.oval:def:71943 |
| SCAP Repo OVAL Definition | oval:org.secpod.oval:def:68633 |
| SCAP Repo OVAL Definition | oval:org.secpod.oval:def:84183 |
| SCAP Repo OVAL Definition | oval:org.secpod.oval:def:73033 |
| SCAP Repo OVAL Definition | oval:org.secpod.oval:def:72719 |
