Insecure Guest Logons Enabled (CIS LEVEL 1)
Created:2022/11/17 | Revised:2022/11/17
SYXSCORE
Severity:A level of a security risk associated with a vulnerability exploitation
|
INFO |
CVSS:Indication of a severity level of each CVE
|
N/A |
Countermeasure:Availability of measures to reduce a probability of an attack or an impact of a threat
|
No |
Public Aware:Availability of a public announcement of a vulnerability
|
Yes |
Weaponized:Vulnerability being abused by exploit or malware
|
No |
Overview
'Enable insecure guest logons' policy setting recommended state is 'Disabled'
Description
This policy setting determines if the SMB client will allow insecure guest logons to an SMB server.
The Server Message Block (SMB) protocol provides the basis for file and print sharing and many other networking operations.
Impact
Insecure guest logons are used by file servers to allow unauthenticated access to shared folders. While uncommon in an enterprise environment, insecure guest logons are frequently used by consumer Network Attached Storage (NAS) appliances acting as file servers.
Clients that allow insecure guest logons are vulnerable to a variety of man-in-the-middle attacks that can result in data loss, data corruption, and exposure to malware. Additionally, any data written to a file server using an insecure guest logon is potentially accessible to anyone on the network.
Solution
To configure the policy as recommended follow the steps below (choose one of the suggested ways): Fix using Syxsense ConsoleThis vulnerability can be automatically fixed within the Syxsense console. Check the example of Syxsense Cortex Workflow implementation. Using Local Group Policy Editor
This Group Policy path may not exist by default. It is provided by the Group Policy template LanmanWorkstation.admx/adml that is included with the Microsoft Windows 10 Release 1511 Administrative Templates (or newer). Follow the link for download: Administrative Templates (.admx) for Windows 10 November 2021 Update [21H2] |
©2024 by Syxsense Inc. All Rights Reserved |
|