0xor1day

Vulnerabilities 101

2 min read

Vulnerability: weakness or flaw in the design, implementation or behavior of a system or application -an attacker can exploit these weaknesses to gain access to unauthorized information or perform unauthorized actions Five Categories

  1. Operating System: result in privilege escalation
  2. (Mis)Configuration: incorrectly configured app or service
  3. Weak or Default credentials: easy to guess by an attacker to gain authentication
  4. Application Logic: poorly designed applications
  5. Human-Factor: leverage human behavior

Vulnerability management: process of evaluating, categorising and ultimately remediating threats -2% of vulnerabilities end up being exploited(Kenna security., 2020) -address the most dangerous vulnerabilites and reduce likelihood of an attack vector Vulnerability scoring: used to determine the potential risk and impact a vulnerability may have on a network or computer system Common vulnerability scoring system (CVSS): awards points to a vuln based upon its features, availability and reproducibility -introduced 2005 -score ranges: Rating Score None 0 Low 0.1 - 3.9 Medium 4.0 - 6.9 High 7.0 - 8.9 Critical 9.0 - 10.0 -CVSS advantages:

  1. Long time usage
  2. Free framework
  3. recommended by organizations such as NIST -CVSS disadvantages
  4. only designed to assign a value of severity
  5. assesses vulns based on an exploit being available(only 20% vulns have an exploit available(Tenable., 2020)
  6. vulns rarely change scoring after assessment despite new developments

Vulnerability Prority Rating(VPR) -modern framework -risk-driven, rating with focus on the risk a vuln poses to organization itself -takes account the relevancy of a vulnerability -same catagories as CVSS but no “informational or none” category -VPR advantages:

  1. modern framework
  2. considers over 150 factors
  3. risk-driven to help orgs prioritize patching vulns
  4. scoring is dynamic -VPR disadvantages:
  5. not open-source
  6. can only be adopted aprt of a commercial platform
  7. does not consider CIA triad to the extent of CVSS

Vulnerability Databases

  1. NVD (National Vulnerability Database)
  2. Exploit-DB

Exploit: an action or behavior that utilizes a vulnerability on a system or application Proof of Concept: technique or tool that often demonstrates the exploitation of a vulnerability

  1. NVD - National Vulnerability Database -lists all publically categorized vulnerabilities -vulnerabilities are classified under “common vulnerability and exposures” - CVE -format: CVE-YEAR-IDNUMBER eg: wannacry: CVE-2017-0144

  2. Exploit-DB -retains exploits for software and applications sotred under the name, author and version of software or application -used Exploit-DB to look for snippets of code

Graph View