The Netlogon service on the remote host is vulnerable to the zerologon vulnerability. An unauthenticated, remote attacker can exploit this, by spoofing a client credential to establish a secure channel to a domain controller using the Netlogon remote protocol (MS-NRPC). The attacker can then use this to change the computer’s Active Directory (AD) password, and escalate privileges to domain admin.
In order for this plugin to run, you must disable ‘Only use credentials provided by the user’ in the scanner settings.
Binary data netlogon_zerologon_CVE-2020-1472.nbin