I wonder if its possible to map a given vulnerability to a specific port (i.e. understand which port/service is vulnerable).
It happens that is really hard to troubleshoot vulns that pop from weak ciphers, when you have an asset with lots of ports using ssl. There is no way of knowing which port is vulnerable.
Moreover, it seems that when an asset has multiple ports negotiating with weak ciphers, only one vulnerability will be generated. You can imagine how hard it is to explain, to the sys admin solving the vulns, that the vuln persists even though he already patched the 443, but did not the 1311...
Thanks in advance.
This is currently not possible. It's a feature that we have been trying to work into the product for a little while now but its more complicated than it seems.
The missing of this feature can have significant impact on how vulnerabilities are addressed and how 'real' your foundscore/risk can be.
- you don't know specifically where the vuln lies. Most of the time I have to run FSDiag in order to guess which port is vulnerable to a given FSL;
- your foundscore may be influenced by grouping, e.g., 3 https vulns, in the same vuln, thus less points are deducted in the foundscore. giving a false sense of security. A server negotiating with weak ciphers on 5 services, has the same risk as one server that only negotiates one service with weak ciphers?;
At least for me, this already began to give me a hard time, both with project and risk managers. I already opened a FMR for this.