VULNERABILITY ASSESSMENT

REPORT
Target : [Link] (Metasploitable 2)

Date : April 12 , 2026

Tool used : Nmap 7.98 | Nikto v2.6.0

[Link] Summary

A vulnerability assessment was conducted on the target system at IP address [Link]

(Metasploitable 2) using Nmap and Nikto scanning [Link] assessment identified 22 open
ports with multiple critical vulnerabilities including confirm CVEs, exposed backdoors, and
severely outdated software version.

The overall risk level of the system is

CRITICAL - Immediate action required

2. Scope of Assessment

Target IP [Link]

Target OS Linux ( Metasploitable 2)

Scan Type Vulnerability Assessment

Tools used Nmap 7.98 , Nikto v2.6.0

Assessment Date April 12 , 2026

Authorization Authorized lab environment ( Metasploitable 2 VM )

3. Risk Summary

Risk Level Count

🔴Citical
🟠High
🟡Medium
🟢Low

4. Nmap Port Scan Findings

The following open ports were identified on the target system:

Port Service Version Risk Description

21/tcp FTP Vsftpd 2.3.4 CRITICAL Contains a malicious [Link]

can gain unauthorized remote access to
the system.

22/tcp SSH OpenSSH MEDIUM Running an outdated version of OpenSSH

(4.7p1) (4.7p1),may allow attackers to perform
user enumeration or other attacks

23/tcp Telnet Linux HIGH Transmits data, including authentication

Telneted credentials, in plaintext. Allows attackers
to intercept sensitive information through
network sniffing or man-in-the-middle
attacks.

25/tcp SMTP Postfix HIGH Weak cryptographic configurations in the

smtpd SMTP service increase the risk of
Man-in-the-Middle (MitM) attacks.

80/tcp HTTP Apache CRITICAL Running an outdated version that

httpd 2.2.8 contains multiple known vulnerabilities . It
 is affected by SQL Injection, exposed
sensitive directories, and insecure
configurations such as enabled HTTP
TRACE and WebDAV.

111/tcp rpcbind 22 (RPC MEDIUM The rpcbind service is exposed on port

#100000) 111, revealing multiple RPC services
including NFS, mountd, and
nlockmg,which allows attackers to
enumerate available network services and
potentially access shared file systems if
misconfigured.

139/tcp NetBIOS Samba HIGH Running an open-source implementation

smbd of the SMB/CIFS protocol for Unix/Linux
3.X - 4.X [Link]-2017-7494
(SambaCry/EternalRed) detected with a
CVSS score of 9.8 (Critical), allowing
unauthenticated remote code execution
on affected Samba versions 3.5.0 through
4.6.4.

445/tcp SMB Samba CRITICAL Running an open-source implementation

smbd of the SMB/CIFS protocol directly over
3.X - 4.X TCP without NetBIOS dependency.
CVE-2017-7494 (SambaCry/EternalRed)
detected with a CVSS score of 9.8
(Critical),CVE-2017-0144(EternalBlue
(SMBv1))detected with a CVSS score
9.8,CVE-2020-0796(SMBGhost) detected
with a CVSS score of 10,CVE-2012-1182
(Heap Overflow RCE) with a CVSS score
of 10.

512/tcp rexecd netkit-rsh CRITICAL Running a legacy remote execution

daemon (rexecd) that transmits
authentication credentials and all session
data in cleartext without any
[Link]-1999-0618 detected with
critical severity that creates a risk of
Cleartext Auth . there is a critical and high
risk of Unauthorized RCE,Credential
Sniffing,Brute Force.

513/tcp rlogind OpenBSD CRITICAL Running a legacy remote login daemon

(rlogind) that transmits all authentication
credentials and session data in cleartext
without encryption. CVE-1999-0651 and
CVE-2001-0797 detected,creates
Password-less login via trust,and creates
 IP Spoofing by Trusted host
impersonation.

1099/tcp java-rmi GNU CRITICAL Running a Java RMI registry service with
Classpath default misconfiguration that allows
grmiregistry loading classes from remote URLs,
enabling unauthenticated remote code
[Link]-2011-3556 detected
containing RMI Registry RCE with a
CVSS rating of 10 and CVE-2011-3557
detected containing RMI Classloader
bypass with CVSS rating 8.5.

1524/tcp bindshell Metasploita CRITICAL A pre-configured backdoor root shell is

ble root actively listening on this port, providing
shell immediate unauthenticated root-level
command execution to any connecting
[Link] attacker with network access
can connect directly via netcat and obtain
full root access instantly without any
credentials or exploitation required.

2049/tcp nfs 2-4 (RPC MEDIUM Netwrok file system is exposed , which
#100003) allows attackers or unauthorized users to
access shared files . It also occurs
misconfiguration of files

2121/tcp ftp ProFTPD CRITICAL running an outdated version with multiple

1.3.1 known exploit. CVE-2019-12815 (9.8)
[Link] public exploits are
available here . It allows attackers to gain
unauthorized access,upload malicious
files, and potentially take full control of the
system.

3306/tcp MySQL MySQL HIGH Running Outdated database version with

5.0.51a-3ub known vulnerabilities . CVE-2017-15945
untu5 Detected . It occurs weak authentication
and possible privilege escalation. It allows
attackers to Unauthorized database
access and data leakage

5432/tcp postgresql PostgreSQL HIGH The service is vulnerable to CCS Injection

DB 8.3.0 - [Link] allows attackers to perform
8.3.7 man-in-the-middle attacks and decrypt
sensitive communications.

5900/tcp VNC VNC MEDIUM Running old VNC version with no

(protocol encryption. Allows attackers to get
 3.3) unauthorized access and session
hijacking.

6000/tcp X11 Version not LOW The X11 service is exposed on port 6000;
identified however, access is currently restricted.
(access X11 is a graphical display protocol, and if
denied) improperly configured, it may allow
remote users to access or control the
graphical interface of the system.

6667/tcp IRC UnrealIRCd CRITICAL Containing a known backdoor,allows

attackers to send malicious commands for
gaining shell access.

8009/tcp AJP Apache MEDIUM Can be exploited (Ghostcat-type attacks

Jserv in some cases)
(Protocol
v1.3)

8180/tcp HTTP Apache HIGH The web application is vulnerable to

Tomcat/Coy Cross-Site Request Forgery (CSRF),
ote JSP which may allow attackers to perform
engine 1.1 unauthorized actions on behalf of
authenticated users.