9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.973 High
EPSS
Percentile
99.8%
Detects the TeamSpeak 2 voice communication server and attempts to determine version and configuration information.
A single UDP packet (a login request) is sent. If the server does not have a password set, the exact version, name, and OS type will also be reported on.
nmap -sU -sV -p 8767 <target>
PORT STATE SERVICE REASON VERSION
8767/udp open teamspeak2 script-set TeamSpeak 2.0.23.19 (name: COWCLANS; no password)
Service Info: OS: Win32
local comm = require "comm"
local shortport = require "shortport"
local nmap = require "nmap"
local string = require "string"
description = [[
Detects the TeamSpeak 2 voice communication server and attempts to determine
version and configuration information.
A single UDP packet (a login request) is sent. If the server does not have a
password set, the exact version, name, and OS type will also be reported on.
]]
---
-- @usage
-- nmap -sU -sV -p 8767 <target>
-- @output
-- PORT STATE SERVICE REASON VERSION
-- 8767/udp open teamspeak2 script-set TeamSpeak 2.0.23.19 (name: COWCLANS; no password)
-- Service Info: OS: Win32
author = "Marin Maržić"
license = "Same as Nmap--See https://nmap.org/book/man-legal.html"
categories = { "version" }
local payload = "\xf4\xbe\x03\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\z
\x00\x002x\xba\x85\tTeamSpeak\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\z
\x00\x00\x00\x00\x00\x00\x00\x00\x00\nWindows XP\x00\x00\x00\x00\x00\x00\x00\z
\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00 \x00<\x00\z
\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\z
\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\z
\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\z
\x00\x00\x00\x00\x00\x08nickname\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\z
\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
portrule = shortport.version_port_or_service({8767}, "teamspeak2", "udp")
action = function(host, port)
local status, result = comm.exchange(
host, port.number, payload, { proto = "udp", timeout = 3000 })
if not status then
return
end
nmap.set_port_state(host, port, "open")
local name, platform, version = string.match(result,
"^\xf4\xbe\x04\0\0\0\0\0.............([^\0]*)%G+([^\0]*)\0*(........)")
if not name then
return
end
port.version.name = "teamspeak2"
port.version.name_confidence = 10
port.version.product = "TeamSpeak"
if name == "" then
port.version.version = "2"
else
local v_a, v_b, v_c, v_d = string.unpack("<I2 I2 I2 I2", version)
port.version.version = v_a .. "." .. v_b .. "." .. v_c .. "." .. v_d
port.version.extrainfo = "name: " .. name .. "; no password"
if platform == "Win32" then
port.version.ostype = "Windows"
elseif platform == "Linux" then
port.version.ostype = "Linux"
end
end
nmap.set_port_version(host, port, "hardmatched")
return
end
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.973 High
EPSS
Percentile
99.8%