Module 05 - Vulnerability Analysis PDF

Summary

This module provides an overview of vulnerability assessment concepts, including vulnerability scoring systems, vulnerability databases, and the vulnerability management life cycle. It discusses various approaches and tools used to perform vulnerability assessments, and the analysis of vulnerability assessment reports.

Full Transcript

CEH
Certified | Ethical Hacker
EC-Counc

MODULE 05

VULNERABILITY
ANALYSIS

EC-COUNCIL OFFICIAL CURRICULA
Ethical Hacking and Countermeasures Exam 312-50 Certified Ethical Hacker
Vulnerability Analysis

LEARNING OBJECTIVES
LO#01: Summarize Vulnerability Assessment Concepts

LO#02: Explain Vulnerability Classification and Assessment Types
(¢ 2

LO#03: Use Vulnerability Assessment Tools

LO#04: Analyze Vulnerability Assessment Reports
(L2

Copyright© by All Rights Reserved. Reproduction is Strictly Pr

Learning Objectives
In today’s world, organizations depend heavily on information technology for protecting vital
information. This information is associated with areas of finance, research and development,
personnel, legality, and security. Vulnerability assessments scan networks for known security
weaknesses.
Attackers perform vulnerability analysis to identify security loopholes in the target
organization’s network, communication infrastructure, and end systems. The identified
vulnerabilities are used by attackers to further exploit that target network.
Vulnerability assessment plays a major role in providing security to any organization’s resources
and infrastructure from various internal and external threats. To secure a network, an
administrator needs to perform patch management, install proper antivirus software, check
configurations, solve known issues in third-party applications, and troubleshoot hardware with
default configurations. All these activities together constitute a vulnerability assessment.
This module starts with an introduction to vulnerability assessment concepts. It also discusses
the various vulnerability scoring systems, vulnerability databases, vulnerability management life
cycle, and various approaches and tools used to perform vulnerability assessments. This
module will provide knowledge about the tools and techniques used by attackers to perform a
quality vulnerability analysis. It concludes with an analysis of the vulnerability assessment
reports that help an ethical hacker to fix the identified vulnerabilities.
At the end of this module, you will be able to:
o Understand vulnerability, vulnerability research, vulnerability assessment, and
vulnerability scoring systems

Module 05 Page 513 Ethical Hacking and Countermeasures Copyright © by EG-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
Ethical Hacking and Countermeasures Exam 312-50 Certified Ethical Hacker
Vulnerability Analysis

Describe the vulnerability management life cycle (vulnerability assessment phases)
o

o Understand various types of vulnerabilities and vulnerability assessment techniques
o Understand different approaches to vulnerability assessment solutions
o Describe different characteristics of good vulnerability assessment solutions
o Explain different types of vulnerability assessment tools and the criteria for choosing
them
o Use various vulnerability assessment tools
o Generate and analyze vulnerability assessment reports

Module 05 Page 514 Ethical Hacking and Countermeasures Copyright © by EG-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
Ethical Hacking and Countermeasures Exam 312-50 Certified Ethical Hacker
Vulnerability Analysis

LO#01: Summarize Vulnerability Assessment Concepts

Vulnerability Assessment Concepts
This section provides an overview of vulnerability and its examples, vulnerability assessment,
vulnerability scoring systems, vulnerability databases, and the vulnerability assessment
lifecycle.

Module 05 Page 515 Ethical Hacking and Countermeasures Copyright © by EG-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
Ethical Hacking and Countermeasures Exam 312-50 Certified Ethical Hacker
Vulnerability Analysis

What is Vulnerability? C:EH
QO Refers to the existence of weakness in an asset that can be exploited by threat agents

Common Reasons behind the
Existence of Vulnerability

Hardware or software misconfiguration

Insecure or poor design of the network and application

Inherent technology weaknesses

Careless approach of end users

What is Vulnerability?
A vulnerability refers to a weakness in the design or implementation of a system that can be
exploited to compromise the security of the system. It is frequently a security loophole that
enables an attacker to enter the system by bypassing user authentication. There are generally
two main causes for vulnerable systems in a network, software or hardware misconfiguration
and poor programming practices. Attackers exploit these vulnerabilities to perform various
types of attacks on organizational resources.
Common Reasons for the Existence of Vulnerabilities

= Hardware or software misconfiguration
The insecure configuration of the hardware or software in a network can lead to
security loopholes. For example, a misconfiguration or the use of an unencrypted
protocol may lead to network intrusions, resulting in the leakage of sensitive
information. While a misconfiguration of hardware may allow attackers to obtain access
to the network or system, a misconfiguration of software may allow attackers to obtain
access to applications and data.
* Insecure or poor design of network and application
An improper and insecure design of a network may make it susceptible to various
threats and potential data loss. For example, if firewalls, IDS, and virtual private network
(VPN) technologies are not implemented securely, they can expose the network to
numerous threats.

Module 05 Page 516 Ethical Hacking and Countermeasures Copyright © by EG-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
Ethical Hacking and Countermeasures Exam 312-50 Certified Ethical Hacker
Vulnerability Analysis

Inherent technology weaknesses
If the hardware or software is not capable of defending the network against certain
types of attacks, the network will be vulnerable to those attacks. Certain hardware,
applications, or web browsers tend to be prone to attacks such as DoS or man-in-the-
middle attacks. For example, systems running old versions of web browsers are prone to
distributed attacks. If systems are not updated, a small Trojan attack can force the user
to scan and clean the entire storage in the machine, which often leads to data loss.
End-user carelessness

End-user carelessness considerably impacts network security. Human behavior is fairly
susceptible to various types of attacks and can be exploited to effect serious outcomes,
including data loss and information leakage. Intruders can obtain sensitive information
through various social engineering techniques. The sharing of account information or
login credentials by users with potentially malicious entities can lead to the loss of data
or exploitation of the information. Connecting systems to an insecure network can also
lead to attacks from third parties.
Intentional end-user acts

Ex-employees who continue to have access to shared drives can misuse them by
revealing the company’s sensitive information. Such an act is called an intentional end-
user act and can lead to heavy data and financial losses for the company.

Module 05 Page 517 Ethical Hacking and Countermeasures Copyright © by EG-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
Ethical Hacking and Countermeasures Exam 312-50 Certified Ethical Hacker
Vulnerability Analysis

Examples of Vulnerabilities C IE H
Ll

Technological o Configuration C.

Descnptlon

TCP/IP protocol HTTP, FTP, ICMP, SNMP, SMTP are (T Originating from the insecure transmission of
vulnerabilities inherently insecure user account details such as usernames and
vulnerabilities
passwords, over the network

An OS can be vulnerable because: System account Originating from setting of weak passwords for
Operating System A ) vulnerabilities system accounts
vulnerabilities @ Itis inherently insecure
@ Itis not patched with the latest updates Misconfiguring internet services can pose
serious security risks. For example, enabling
Ir::;netse. JavaScript and misconfiguring IS, Apache, FTP,
Various network devices such as misconfigurat and Terminal services, can create security
routers, firewall, and switches can be vulnerabilities in the network
vulnerable due to:
Network Device 4 | ack of password protection Default password Leaving the network devices/products with their
Vulnerabilities @ Lack of authentication and settings default passwords and settings

@ Insecure routing protocols Network device
A G Tk s e ey Misconfiguring the network device

Examples of Vulnerabilities
The following tables summarize examples of technological and configuration vulnerabilities:

Technological Vulnerabilities Description
TCP/IP protocol vulnerabilities = HTTP, FTP, ICMP, SNMP, SMTP are inherently insecure

= An OS can be vulnerable because:
Operating System vulnerabilities o ltisinherently insecure
o Itis not patched with the latest updates

= Various network devices such as routers, firewall, and
switches can be vulnerable due to:
o Lack of password protection
Network Device Vulnerabilities L.
o Lack of authentication
o Insecure routing protocols
o Firewall vulnerabilities

Table 5.1: Technological Vulnerabilities

Module 05 Page 518 Ethical Hacking and Countermeasures Copyright © by E@-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
Ethical Hacking and Countermeasures Exam 312-50 Certified Ethical Hacker
Vulnerability Analysis

Configuration Vulnerabilities Description
= QOriginating from the insecure transmission of user
User account vulnerabilities account details such as usernames and passwords,
over the network

= QOriginating from setting of weak passwords for system
System account vulnerabilities
accounts
= Misconfiguring internet services can pose serious
security risks. For example, enabling JavaScript and
Internet service misconfiguration
misconfiguring 1S, Apache, FTP, and Terminal services,
can create security vulnerabilities in the network

= Leaving the network devices/products with their
Default password and settings default passwords and settings

Network device misconfiguration = Misconfiguring the network device

Table 5.2: Configuration Vulnerabilities

Module 05 Page 519 Ethical Hacking and Countermeasures Copyright © by EG-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
Ethical Hacking and Countermeasures Exam 312-50 Certified Ethical Hacker
Vulnerability Analysis

Vulnerability Research C :E

1 The process of analyzing protocols, services, and configurations to discover vulnerabilities and design flaws
that will expose an operating system and its applications to exploit, attack, or misuse

J Vulnerabilities are classified based on severity level (low, medium, or high) and exploit range (local or
remote)

An administrator needs vulnerability research:

\
To gather information concerning security trends,
To gather information to aid in the prevention of 1
threats, attack surfaces, attack vectors and o
security issues \
techniques

To discover weaknesses in the OS and applications,
and alert the network administrator before a To know how to recover from a network attack
network attack

All Rights Reserved. Reproduction s Strictly Prohibited

Vulnerability Research
Vulnerability research is the process of analyzing protocols, services, and configurations to
discover the vulnerabilities and design flaws that will expose an operating system and its
applications to exploit, attack, or misuse.
An administrator needs vulnerability research:
To gather information about security trends, newly discovered threats, attack surfaces,
attack vectors and techniques
To find weaknesses in the OS and applications and alert the network administrator
before a network attack
To understand information that helps prevent security problems
To know how to recover from a network attack

An ethical hacker needs to keep up with the most recently discovered vulnerabilities and
exploits to stay one step ahead of attackers through vulnerability research, which includes:
Discovering the system design faults and weaknesses that might allow attackers to
compromise a system
Staying updated about new products and technologies and reading news related to
current exploits

Checking underground hacking web sites (Deep and Dark websites) for newly discovered
vulnerabilities and exploits
Checking newly released alerts regarding relevant innovations and product
improvements for security systems

Module 05 Page 520 Ethical Hacking and Countermeasures Copyright © by EG-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
Ethical Hacking and Countermeasures Exam 312-50 Certified Ethical Hacker
Vulnerability Analysis

Security experts and vulnerability scanners classify vulnerabilities by:
= Severity level (low, medium, or high)
= Exploit range (local or remote)
Ethical hackers need to conduct intense research with the help of information acquired in the
footprinting and scanning phases to find vulnerabilities.

Module 05 Page 521 Ethical Hacking and Countermeasures Copyright © by EG-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
Ethical Hacking and Countermeasures Exam 312-50 Certified Ethical Hacker
Vulnerability Analysis

Resources for Vulnerability Research

Packet Storm
https://pocketstormsecurity.com
3400 W' v your Pendback. Plense Ok have 10 I rouf Vg o1 ol ug ot

Microsoft Security
Response Center (MSRC)
The Mcros Secusity Response Center OMSAC) investigatesol reports ?o i o Mol poiacts Sl Dark Reading
Yervies. and rovides the MIOMIBON Rere
a5 Pivt of e CRGORG €45 10 Melp YTU MaNIPEseCUnty Eks and hep Leep your 179 https://www.darkreoding.com
B

A Ovpik -
3 Feb9.2022 s 28 202 2 tatconmms 4 Oowriosa 7 Fien ,‘@E Trend Micro
1079 https://www.trendmicro.com
et — ) [ ’

Petease Product Plattorm ot Seermy Aude Do F] security Magazine
https:// com

PenTest Magazine
— https://pentestmog.com

https://msrc.microsoft. com

Resources for Vulnerability Research
The following are some of the websites used to perform vulnerability research.
= Microsoft Security Response Center (MSRC)
Source: https://msrc.microsoft.com
The Microsoft Security Response Center (MSRC) investigates all reports of security
vulnerabilities affecting Microsoft products and services, and it provides information as
part of an ongoing effort to help security professionals manage security risks and keep
organizational systems protected.

Module 05 Page 522 Ethical Hacking and Countermeasures Copyright © by EG-Gouncil
All Rights Reserved. Reproduction is Strictly Prohibited.
Ethical Hacking and Countermeasures Exam 312-50 Certified Ethical Hacker
Vulnerability Analysis

Microsoft MSRC (3 Security Updates f Acknowledgements {} Developer

MSRC > Customer Guidance > Security Update Guide

(© Welcome to the new and improved Security Update Guide! We'd love your feedback. Please click here to share your thoughts or email us at
msrc eng_support@microsoft com. Thank you!

Security Update Guide

The Microsoft Security Response Center (MSRC) investigates all reports of security vulnerabilities affecting Microsoft products and
services, and provides the information here as part of the ongoing effort to help you manage security risks and help keep your systems
protected.

All Deployments Vulnerabilities

[T Feb 9, 2022 - Mar 28, 2022 & Editcolumns L Download < Filters

L Keyword Product Family Severity Vv Impact Platform Release notes

Clear X

v Release.. | Product Platform Impact Severity Article Doy

Mar 8, 2022 Raw Image Extension :::nj,sj';;sz:;zz;?w ::::;:we Important Update Informa' Secy

Mar 8, 2022 Raw Image Extension :Z:P;;\b; 1505\.::;“ 1607 :\:::z:iiwe Important Update Informa* Sec

Mar 8, 2022 Raw Image Extension :jls::ron\ss [ oxCihased ::\‘jzleoiwe Important Update Informat Sec

Mar 8, 2022 Raw Image Extension :i';:;\ss 10 for 32-bit ::z:igwe Important Update Informa* Sec

Figure 5.1: Screenshot of Microsoft Security Response Center (MSRC)

= Packet Storm (https.//packetstormsecurity.com)
* Dark Reading (https.//www.darkreading.com)
= Trend Micro (https://www.trendmicro.com)
» Security Magazine (https://www.securitymagazine.com)
» PenTest Magazine (https://pentestmag.com)
» SC Magazine (https.//www.scmagazine.com)
= Exploit Database (https://www.exploit-db.com)
» Help Net Security (https://www.helpnetsecurity.com)
» HackerStorm (http://www.hackerstorm.co.uk)
* Computerworld (https.//www.computerworld.com)
= D’Crypt (https://www.d-crypt.com)

Module 05 Page 523 Ethical Hacking and Countermeasures Copyright © by EG-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
Ethical Hacking and Countermeasures Exam 312-50 Certified Ethical Hacker
Vulnerability Analysis

What is Vulnerability Assessment? et
:E H

4 Vulnerability assessment is an in-depth examination of the ability of a system or application, including current
security procedures and controls, to withstand the exploitation
J It recognizes, measures, and classifies security vulnerabilities in a computer system, network, and communication
channels

A vulnerability assessment Information obtained from the

¢
may be used to: vulnerability scanner includes:

©
&
© Identify weaknesses that could be exploited © Network vulnerabilities

©
© Predict the effectiveness of additional security © Open ports and running services

&
measures in protecting information resources
from attacks © Application and services vulnerabilities

®
®
®
© Application and services configuration errors

Copyright © by Al Rights Reserved. Reproduction is Strictly Prohibited.

What is Vulnerability Assessment?
A vulnerability assessment is an in-depth examination of the ability of a system or application,
including current security procedures and controls, to withstand exploitation. It scans networks
for known security weaknesses, and recognizes, measures, and classifies security vulnerabilities
in computer systems, networks, and communication channels. It identifies, quantifies, and
ranks possible vulnerabilities to threats in a system. Additionally, it assists security professionals
in securing the network by identifying security loopholes or vulnerabilities in the current
security mechanism before attackers can exploit them.
A vulnerability assessment may be used to:
= |dentify weaknesses that could be exploited
= Predict the effectiveness of additional security measures in protecting information
resources from attack
Typically, vulnerability-scanning tools search network segments for IP-enabled devices and
enumerate systems, operating systems, and applications to identify vulnerabilities resulting
from vendor negligence, system or network administration activities, or day-to-day activities.
Vulnerability-scanning software scans the computer against the Common Vulnerability and
Exposures (CVE) index and security bulletins provided by the software vendor.
Vulnerability scanners are capable of identifying the following information:
= The OS version running on computers or devices

= |P and Transmission Control Protocol/User Datagram Protocol (TCP/UDP) ports that are
listening
= Applications installed on computers

Module 05 Page 524 Ethical Hacking and Countermeasures Copyright © by E¢-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
Ethical Hacking and Countermeasures Exam 312-50 Certified Ethical Hacker
Vulnerability Analysis

Accounts with weak passwords
Files and folders with weak permissions
Default services and applications that might have to be uninstalled
Errors in the security configuration of common applications
Computers exposed to known or publicly reported vulnerabilities
EOL/EOS software information
Missing patches and hotfixes
Weak network configurations and misconfigured or risky ports
Help to verify the inventory of all devices on the network
There are two approaches to network vulnerability scanning:
Active Scanning: The attacker interacts directly with the target network to find
vulnerabilities. Active scanning helps in simulating an attack on the target network to
uncover vulnerabilities that can be exploited by the attacker.
Example: An attacker sends probes and specially crafted requests to the target host in
the network to identify vulnerabilities.
Passive Scanning: The attacker tries to find vulnerabilities without directly interacting
with the target network. The attacker identifies vulnerabilities via information exposed
by systems during normal communications. Passive scanning identifies the active
operating systems, applications, and ports throughout the target network, monitoring
activity to determine its vulnerabilities. This approach provides information about
weaknesses but does not provide a path for directly combating attacks.

Example: An attacker guesses the operating system information, applications, and
application and service versions by observing the TCP connection setup and teardown.
Attackers scan for vulnerabilities using tools such as Nessus Professional, Qualys, GFI LanGuard,
and OpenVAS.
Limitations of Vulnerability Assessment
The following are some of the limitations of vulnerability assessment:
Vulnerability scanning software is limited in its ability to detect vulnerabilities at a given
point in time.

Vulnerability scanning software must be updated when new vulnerabilities are
discovered or when improvements are made to the software being used.
Software is only as effective as the maintenance performed on it by the software vendor
and by the administrator who uses it.

Vulnerability assessment does not measure the strength of security controls.

Module 05 Page 525 Ethical Hacking and Countermeasures Copyright © by EG-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
Ethical Hacking and Countermeasures Exam 312-50 Certified Ethical Hacker
Vulnerability Analysis

= Vulnerability scanning software is not immune to software engineering flaws that might
lead to serious vulnerabilities being missed.
= Human judgment is required to analyze the data after scanning and identifying false
positives and false negatives.
= Vulnerability scanning software cannot define the impact of an identified vulnerability
on different business operations.
= Vulnerability assessment reports are not always easy to understand and assess for risk
factors and triage response.
= Vulnerability scanning tools have a narrow focus and do not cover attack vectors such as
social engineering.
= Vulnerability scanning software is limited in its ability to perform live tests on web
applications to detect errors or unexpected behavior.
The methodology used may have an impact on the test results. For example, vulnerability
scanning software that runs in the security context of the domain administrator will yield
different results from software that runs in the security context of an authenticated or non-
authenticated user. Similarly, diverse vulnerability scanning software packages differently
assess security and have unique features. This can influence the assessment results.

Module 05 Page 526 Ethical Hacking and Countermeasures Copyright © by EG-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
Ethical Hacking and Countermeasures Exam 312-50 Certified Ethical Hacker
Vulnerability Analysis

Vulnerability Scoring Systems and Databases C :E!'_I
Common Vulnerability Scoring System (CVSS)

[ Common Vulnerability Scoring System Calculator CVE-2022-22620
Common Vulnerabilities and Exposures (CVE)
Source: NIST

TOTAL CVE Records: 172394
NOTICE: Transition
1o the all new CVE Md(ll’?lflbmulu‘u-unw.

NOTICE: Changes coming to CVE Record Format JSON and CVE List Content Downloads n 2022,
8v3.2 veeter

Exploitability Metrics
e ——
Seage
T e
e —
There are 6255 CVE Ricords that match your search.
Name
[PRSST PP S Impact Metrics
A Comptarny T Contubemtianny
tepoct 7"
e acu e
Prcrege hegared (R0 ety g
v e i
froepn A brpnt A
~ _ AN e

https://avd.nist.gov bec
n _netdev.c In the Linux kermel 5.4 trough 5.6.10 sllows locs! users to gan prvileged
T Labies_oMosd
Mtps//www.cve.org

Vulnerability Scoring Systems and Databases (Cont’d) C :_E_I_'_I
National Vulnerability Database (NVD) Common Weakness Enumeration (CWE)

NIST C ' _/[ C Weak E ation [‘/ N
armation Iechnology Laboratos F————— 10 Losdupe | =
NATIONAL VULNERABILITY DATABASE N\,D | S
Mome | Abowt CWEUSt Scorieg MappiegGuidaece Community e
News Seach
Scarch the CWE Web Site
Soarch

L 7o searc e O e st e 8 beywrdBy 1Y 8 3900 e o e e segaated by 8 ce. and hck s Google

[sve ] |

J¥CVE-2022-22652 Detail
CWE 284 improger Access Control (46) - OWE

Current Description QUICKINFO e e
ne lock 3 ™ CVE Dictionary Untry: W

I;NWM' e
o N18/2022 WE-295 imgroper Centicate Vishdation (4 6) - OWE
>
Loty
NVD Last Modified: -
N okt o camedty vebdoms. o uslism » Esuaded eOsiption Wheo 8 codfcs & buekd o melious. § gt show
P P Source W Ohd Search Pah ENevint
(4 6) - OWE

ESASA Do - s v - P e e 9s g Gy s S, O O o e ey o s U
severity |EEEIIRY - | i Accensie © Exsernal Partes
(4 6)

CVI62.x Severity and Motrics: ehresses el Mgh wow Catepates
Pl wy wand b P cesvns [ hese rkearatge we deved A Fareni X Marvber

@ e s — e
Vecton CVES:L LAY ARCLPRNULNSUCH AN P P e

hetps//ovd.nist.gov https:/fcwe.mitre.org

Vulnerability Scoring Systems and Databases
Due to the growing severity of cyber-attacks, vulnerability research has become critical as it
helps to mitigate the chance of attacks. Vulnerability research provides awareness of advanced
techniques to identify flaws or loopholes in the software that can be exploited by attackers.
Vulnerability scoring systems and vulnerability databases are used by security analysts to rank
information system vulnerabilities and to provide a composite score of the overall severity and

Module 05 Page 527 Ethical Hacking and Countermeasures Copyright © by EG-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
Ethical Hacking and Countermeasures Exam 312-50 Certified Ethical Hacker
Vulnerability Analysis

risk associated with identified vulnerabilities. Vulnerability databases collect and maintain
information about various vulnerabilities present in information systems.
Following are some of the vulnerability scoring systems and databases:
= Common Vulnerability Scoring System (CVSS)
= Common Vulnerabilities and Exposures (CVE)
= National Vulnerability Database (NVD)
= Common Weakness Enumeration (CWE)

Common Vulnerability Scoring System (CVSS)
Source: https://www.first.org, https://nvd.nist.gov
The CVSS is a published standard that provides an open framework for communicating the
characteristics and impacts of IT vulnerabilities. The quantitative model of the system ensures
repeatable and accurate measurement while enabling users to view the underlying vulnerability
characteristics that were used to generate the scores. Thus, the CVSS is well-suited as a
standard measurement system for industries, organizations, and governments that need
accurate and consistent vulnerability impact scores. Two common uses of CVSS are the
prioritization of vulnerability remediation activities and calculation of the severity of
vulnerabilities discovered in a system. The National Vulnerability Database (NVD) provides CVSS
scores for almost all known vulnerabilities.
The CVSS helps capture the principal characteristics of a vulnerability and produces a numerical
score to reflect its severity. This numerical score can thereafter be translated into a qualitative
representation (such as low, medium, high, or critical) to help organizations properly assess and
prioritize their vulnerability management processes.

CVSS assessment consists of the following three metrics for measuring vulnerabilities.
= Base Metric: It represents the inherent qualities of a vulnerability.
= Temporal Metric: It represents the features that continue to change during the lifetime
of the vulnerability.
= Environmental Metric: It represents vulnerabilities that are based on a particular
environment or implementation.

Module 05 Page 528 Ethical Hacking and Countermeasures Copyright © by EG-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
Ethical Hacking and Countermeasures Exam 312-50 Certified Ethical Hacker
Vulnerability Analysis

The metric ranges from 1 to 10, with 10 being the most severe. The CVSS score is calculated and
generated by a vector string that represents the numerical score for each group in the form of a
block of text. The CVSS calculator ranks security vulnerabilities and provides the user with
information on the overall severity and risks related to the vulnerability.

Severity Base Score Range
None 0.0
Low 0.1-3.9

Medium 4.0-6.9

High 7.0-8.9
Critical 9.0-10.0

Table 5.3: CVSS v3.0 ratings

E Common Vulnerability Scoring System Calculator CVE-2022-22620
Source: NIST
s page shows the components of the CVSS score for example and allows you to refir

hat the Base Score is used 1o calculate the

Base Scores Temporal Environmental Overall CVSS Base Score: 5.8
10.0 ] Impact Subscore: 5.9
‘ 804 | Exploitability Subscore: 2.8
6.0 1 6.04 6.04 | 6.0 4 | CVSS Temporal Score: NA
40 4.04 404 404 | CVSS Environmental
Score: NA
2 l ‘ 2.04 2.04 ‘ 204 | Modified Impact Subscore: NA
L. ! 0.0 A d Overall CVSS Score: 8.5

how Equations

CVSS v3.1 Vector
AVIN/AC:L/PRNJULR/S:U/CH/EH/AH

Base Score Metrics

Exploitability Metrics Scope (S)*
Attack Vector (AV)" Changed (5
AdjacentNetwork (AVA) | Local(AVA) | Physical (AV:P) Impact Metrics
Attack Complexity (AC)* Confidentiality Impact (C)*
High (AC:H) None (C:N) Low (C:L)
Privileges Required (PR)" Integrity Impact (1)*
Low(PRL) High (PRH None (EN) Low (L)
User Interaction (UI)* Availability Impact (A)*
None (UEN None (AN) Low (AL)

° - All base metrics are required to generate a base score.

Figure 5.2: CVSS Calculator Version 3.1

Common Vulnerabilities and Exposures (CVE)
Source: https://www.cve.org
CVE® is a publicly available and free-to-use list or dictionary of standardized identifiers for
common software vulnerabilities and exposures. The use of CVE Identifiers, or “CVE IDs,” which
are assigned by CVE Numbering Authorities (CNAs) from around the world, ensures confidence
among parties when discussing or sharing information about a unique software or firmware

Module 05 Page 529 Ethical Hacking and Countermeasures Copyright © by EG-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
Ethical Hacking and Countermeasures Exam 312-50 Certified Ethical Hacker
Vulnerability Analysis

vulnerability. CVE provides a baseline for tool evaluation and enables data exchange for
cybersecurity automation. CVE IDs provide a baseline for evaluating the coverage of tools and
services so that users can determine which tools are most effective and appropriate for their
organization’s needs. In short, products and services compatible with CVE provide better
coverage, easier interoperability, and enhanced security.
What CVE is:

One identifier for one vulnerability or exposure
One standardized description for each vulnerability or exposure
A dictionary rather than a database
A method for disparate databases and tools to “speak” the same language
The way to interoperability and better security coverage
A basis for evaluation among services, tools, and databases
Free for the public to download and use
Industry-endorsed via the CVE Numbering Authorities, CVE Board, and the numerous
products and services that include CVE

Search CVE List Downloads Data Feeds Update a CVE Record Request CVE
IDs

TOTAL CVE Records: 172594

NOTICE: Transition to the all-new CVE website at WWW.CVE.ORG is underway and will last up to one year.
(details)

NOTICE: Changes coming to CVE Record Format JSON and CVE List Content Downloads in 2022.
HOME CVE SEARCH RESULTS

Search Results
[There are 6255 CVE Records that match your search.

Name Description
CVE-2022-27950 In drivers/hid/hid-elo.c in the Linux kernel before 5.16.11, a memory leak exists for a certain hid_parse
CVE-2022-27666 A heap buffer overflow flaw was found in IPsec ESP transformation code in net/ipv4/esp4.c and net/ipve
with a normal user privilege to overwrite kernel heap objects and may cause a local privilege escalation
CVE-2022-27223 In drivers/usb/gadget/udc/udc-xilinx.c in the Linux kernel before 5.16.12, the endpoint index is not vali
host for out-of-array access.
CVE-2022-26966 An Issue was discovered in the Linux kernel before 5.16.12. drivers/net/usb/sr9700.c allows attackers tq
memory via crafted frame lengths from a device.
CVE-2022-26878 drivers/bluetooth/virtio_bt.c in the Linux kernel before 5.16.3 has a memory leak (socket buffers have 1
CVE-2022-26490 st21nfca_connectivity_event_received in drivers/nfc/st21nfca/se.c in the Linux kernel through 5.16.12 H
because of untrusted length parameters.
CVE-2022-25636 net/netfilter/nf_dup_netdev.c in the Linux kernel 5.4 through 5.6.10 allows local users to gain privileges
This is related to nf_tables_offload.

Figure 5.3: Common Vulnerabilities and Exposures (CVE)

Module 05 Page 530 Ethical Hacking and Countermeasures Copyright © by EG-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
Ethical Hacking and Countermeasures Exam 312-50 Certified Ethical Hacker
Vulnerability Analysis

National Vulnerability Database (NVD)
Source: https://nvd.nist.gov
The NVD is the U.S. government repository of standards-based vulnerability management data.
It uses the Security Content Automation Protocol (SCAP). Such data enable the automation of
vulnerability management, security measurement, and compliance. The NVD includes
databases of security checklist references, security-related software flaws, misconfigurations,
product names, and impact metrics.
The NVD performs an analysis on CVEs that have been published to the CVE Dictionary. NVD
staff are tasked with the analysis of CVEs by aggregating data points from the description,
references supplied, and any supplemental data that are publicly available. This analysis results
in association impact metrics (Common Vulnerability Scoring System — CVSS), vulnerability
types (Common Weakness Enumeration — CWE), and applicability statements (Common
Platform Enumeration — CPE), as well as other pertinent metadata. The NVD does not actively
perform vulnerability testing; it relies on vendors, third party security researchers, and
vulnerability coordinators to provide information that is used to assign these attributes.

N lsr =NVD MENU

Information Technology Laboratory

NATIONAL VULNERABILITY DATABASE NW

VULNERABILITIES

JIXCVE-2022-22652 Detail

Current Description QUICKINFO
The GSMA authentication panel could be presented on the lock screen. The CVE Dictionary Entry:
issue was resolved by requiring device unlock to interact with the GSMA CVE-2022-22652
authentication panel. This issue is fixed in i0S 15.4 and iPad0OS 15.4. A NVD Published Date:
person with physical access may be able to view and modify the carrier 03/18/2022
account information and settings from the lock screen. NVD Last Modified:
03/26/2022
Source:
+Vview Analysis Description
’ Apple Inc.
Severity WS TUER S CVSS Version 2.0

CVSS 3.x Severity and Metrics:

m NIST: NVD Base Score: [[EAMEDIUM]

Vector: CVSS:3.1/AV:P/AC:L/PR:N/UL:N/S:U/C:H/I:H/A:N

Figure 5.4: Screenshot showing CVE details in the National Vulnerability Database (NVD)

Module 05 Page 531 Ethical Hacking and Countermeasures Copyright © by EG-Gouncil
All Rights Reserved. Reproduction is Strictly Prohibited.
Ethical Hacking and Countermeasures Exam 312-50 Certified Ethical Hacker
Vulnerability Analysis

Common Weakness Enumeration (CWE)
Source: https://cwe.mitre.org

Common Weakness Enumeration (CWE) is a category system for software vulnerabilities and
weaknesses. It is sponsored by the National Cybersecurity FFRDC, which is owned by The MITRE
Corporation, with support from US-CERT and the National Cyber Security Division of the U.S.
Department of Homeland Security. The latest version 3.2 of the CWE standard was released in
January 2019. It has over 600 categories of weaknesses, which gives CWE the ability to be
effectively employed by the community as a baseline for weakness identification, mitigation,
and prevention efforts. It also has an advanced search technique where attackers can search
and view weaknesses based on research concepts, development concepts, and architectural
concepts.

Common Weakness Enumeration
~ A Community-Developed List of Software & Hardware Weakness Tipes

ome > Search
the Site ID Lookup: N =)

Search the CWE Web Site
Search

To search the CWE Web site, enter a keyword by typing in a specific term or multiple keywords separated by a space, and click the Google
Search button or press return.

| smM8 x| | ]
About S5 results (0.15 seconds)

CWE-284: Improper Access Control (4.6) - CWE
cwe.mitre.org > CWE List
C Weak E tion (CWE) is a list of software weaknesses.

CWE-200: Exposure of Sensitive Information to an.. - CWE
cwe.mitre.org > CWE List
c Weak E tion (CWE)
is a list of software weaknesses

CWE-295: Improper Certificate Validation (4.6) - CWE
cwe. mitre.org » CWE List
The software does not validate, or incorrectly validates, a certificate. + Extended Description. When a certificate is invalid or malicious, it might allow

CWE-427: Uncontrolled Search Path Element (4.6) - CWE
cwe.mitre.org > CWE List
the directory from which the program has been loaded; the current working directory. In some cases, the attack can be conducted remotely, such as when SMB
or

CWE-552: Files or Directories Accessible to External Parties (4.6)
cwe. mitre.org » CWE List
This table shows the weaknesses and high level categories that are related to this weak These relationships are defined as ChildOf, ParentOf, MemberOf
and.

CWE-313: Cleartext Storage in a File or on Disk (4.6) - CWE
cwe mitre.org > CWE List
C Weab Ei tion (CWE) is a list of software weaknesses

Figure 5.5: Screenshot showing CWE results for SMB query

Module 05 Page 532 Ethical Hacking and Countermeasures Copyright © by Eg-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
Ethical Hacking and Countermeasures Exam 312-50 Certified Ethical Hacker
Vulnerability Analysis

Vulnerability-Management Life Cycle C:EH

fl’ost Assessment Phash
‘\ Vulnerability
Pre-Assessment Phase AssessmentPhase. ——— memmmmmmem) Risk Assessment J
Meitity Assets? i ‘ ‘ Vulnerability Scan
Create a Baseline =
]
Remediation '

4
Verification '

]
Monitoring l

Vulnerability-Management Life Cycle
The vulnerability management life cycle is an important process that helps identify and
remediate security weaknesses before they can be exploited. This includes defining the risk
posture and policies for an organization, creating a complete asset list of systems, scanning and
assessing the environment for vulnerabilities and exposures, and taking action to mitigate the
vulnerabilities that are identified. The implementation of a vulnerability management lifecycle
helps gain a strategic perspective regarding possible cybersecurity threats and renders insecure
computing environments more resilient to attacks.

Vulnerability management should be implemented in every organization as it evaluates and
controls the risks and vulnerabilities in the system. The management process continuously
examines the IT environments for vulnerabilities and risks associated with the system.
Organizations should maintain a proper vulnerability management program to ensure overall
information security. Vulnerability management provides the best results when it is
implemented in a sequence of well-organized phases.

Module 05 Page 533 Ethical Hacking and Countermeasures Copyright © by EG-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
Ethical Hacking and Countermeasures Exam 312-50 Certified Ethical Hacker
Vulnerability Analysis

The phases involved in vulnerability management are:
= Pre-Assessment Phase

o Identify Assets and Create a Baseline
® Vulnerability Assessment Phase
o Vulnerability Scan
= Post Assessment Phase
o Risk Assessment
o Remediation
o \Verification
(o] Monitoring

Module 05 Page 534 Ethical Hacking and Countermeasures Copyright © by E¢-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
Ethical Hacking and Countermeasures Exam 312-50 Certified Ethical Hacker
Vulnerability Analysis

Pre-Assessment Phase CEH
Powl) povrpuie

| 0 ‘ Identify and understand business processes I

| 9 l Identify the applications, data, and services that support the business processes and perform code reviews I

| 9 ‘ Identify approved software, drivers, and the basic configuration of each system I

I o ‘ Create an inventory of all assets, and prioritize/rank critical assets I
Identify
AR
Createa e I Understand
d d the th network ork architecture
archi andd map the
h netw. ork inf rastructure

Baseline
| e Identify the controls already in place I

I e l Understand policy implementation and standards compliance I

I e ] Define the scope of the assessment I

l e ’ Create information protection procedures to support effective planning, scheduling, coordination, and logistics I

Pre-Assessment Phase
Identify Assets and Create a Baseline
The pre-assessment phase is a preparatory phase, which involves defining policies and
standards, clarifying the scope of the assessment, designing appropriate information protection
procedures, and identifying and prioritizing critical assets to create a good baseline for
vulnerability management and to define the risk based on the criticality and value of each
system. This phase involves the gathering of information about the identified systems to
understand the approved ports, software, drivers, and basic configuration of each system in
order to develop and maintain a system baseline.
The following are the steps involved in creating a baseline:
1. lIdentify and understand business processes
2. Identify the applications, data, and services that support the business processes and
perform code reviews
Identify the approved software, drivers, and basic configuration of each system
Create an inventory of all assets, and prioritize or rank the critical assets
A

Understand the network architecture and map the network infrastructure
Identify the controls already in place
L

Understand policy implementation and practice standard compliance with business
B

processes
8. Define the scope of the assessment

Module 05 Page 535 Ethical Hacking and Countermeasures Copyright © by EG-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
Ethical Hacking and Countermeasures Exam 312-50 Certified Ethical Hacker
Vulnerability Analysis

9. Create information protection procedures to support effective planning, scheduling,
coordination, and logistics
Classify the identified assets according to the business needs. Classification helps to identify the
high business risks in an organization. Prioritize the rated assets based on the impact of their
failure and their reliability in the business.
Prioritization helps:

= Evaluate and decide a solution for the consequence of the assets failing
= Examine the risk tolerance level
= QOrganize methods for prioritizing the assets

Module 05 Page 536 Ethical Hacking and Countermeasures Copyright © by EG-Gouncil
All Rights Reserved. Reproduction is Strictly Prohibited.
Ethical Hacking and Countermeasures Exam 312-50 Certified Ethical Hacker
Vulnerability Analysis

Vulnerability Assessment Phase

I 0 Examine and evaluate the physical security

20
| 9 Check for misconfigurationsand human errors

Run vulnerability scans

s | bR
000000

Select type of scan based on the organizationor compliance requirements

Identify and prioritize vulnerabilities

Identify false positives and false negatives

Applybusinessand technology context to scanner results

P &
Perform OSINT informationgatheringto validate the vulnerabilities

9 Create a vulnerability scan report E:/

Vulnerability Assessment Phase
This phase is very crucial in vulnerability management. The vulnerability assessment phase
refers to identifying vulnerabilities in the organization’s infrastructure, including the operating
system, web applications, and web server. It helps identify the category and criticality of the
vulnerability in an organization and minimizes the level of risk. The ultimate goal of vulnerability
scanning is to scan, examine, evaluate, and report the vulnerabilities in the organization’s
information system. Vulnerability scans can also be performed on applicable compliance
templates to assess the organization’s Infrastructure weaknesses against the respective
compliance guidelines.
The assessment phase involves examining the architecture of the network, evaluating threats to
the environment, performing penetration testing, examining and evaluating physical security,
analyzing physical assets, assessing operational security, observing policies and procedures, and
assessing the infrastructure’s interdependencies.
Steps involved in the assessment phase:
1. Examine and evaluate the physical security
2. Check for misconfigurations and human errors
3. Run vulnerability scans using tools
4. Select the type of scan based on the organization or compliance requirements
5. ldentify and prioritize vulnerabilities

6. ldentify false positives and false negatives
7. Apply the business and technology context to scanner results

Module 05 Page 537 Ethical Hacking and Countermeasures Copyright © by EG-Gouncil
All Rights Reserved. Reproduction is Strictly Prohibited.
Ethical Hacking and Countermeasures Exam 312-50 Certified Ethical Hacker
Vulnerability Analysis

8. Perform OSINT information gathering to validate the vulnerabilities
9. Create a vulnerability scan report

Module 05 Page 538 Ethical Hacking and Countermeasures Copyright © by Eg-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
Ethical Hacking and Countermeasures Exam 312-50 Certified Ethical Hacker
Vulnerability Analysis

Post Assessment Phase CEH
Gl | Bl Sk

1 Risk Assessment | { Remediation t

@ Pperform risk categorization @ Prioritize remediation based on the risk ranking
@ Assess the level of impact © Develop an action plan to implement the
recommendation/remediation
© Determine the threat and risk levels @ Perform root cause analysis

@ Apply patches/fixes
© Capture lessons learned
@===n=nsunnsdP o Conduct awareness training Q
:

-
| -
| Monitoring I 1 Verification I ;

€@ Periodic vulnerability scan and assessment @ Rescan of systems to identify if applied fix has
remediated the vulnerability
© Timely remediation of identified vulnerabilities i.
© Perform dynamic analysis
@ Intrusion detection and intrusion prevention logs @ Review of attack surface
@ Implementation of policies, procedures, and
controls — ,
irnnnnnnnnch@ [>

Copyright © by Al Rights Reserved. Reproduction

Post Assessment Phase

The post-assessment phase, also known as the recommendation phase, is performed after and
based on risk assessment. Risk characterization is categorized by key criteria, which helps
prioritize the list of recommendations.
The tasks performed in the post-assessment phase include:
= (Creating a priority list for assessment recommendations based on the impact analysis
= Developing an action plan to implement the proposed remediation
= Capturing lessons learned to improve the complete process in the future
= Conducting training for employees
Post assessment includes risk assessment, remediation, verification, and monitoring.

= Risk Assessment
In the risk assessment phase, risks are identified, characterized, and classified along with
the techniques used to control or reduce their impact. It is an important step toward
identifying the security weaknesses in the IT architecture of an organization.

In this phase, all serious uncertainties that are associated with the system are assessed
and prioritized, and remediation is planned to permanently eliminate system flaws. The
risk assessment summarizes the vulnerability and risk level identified for each of the
selected assets. It determines whether the risk level for a particular asset is high,
moderate, or low. Remediation is planned based on the determined risk level. For
example, vulnerabilities ranked high-risk are targeted first to decrease the chances of
exploitation that would adversely impact the organization.

Module 05 Page 539 Ethical Hacking and Countermeasures Copyright © by EG-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
Ethical Hacking and Countermeasures Exam 312-50 Certified Ethical Hacker
Vulnerability Analysis

The tasks performed in the risk assessment phase include:
o Perform risk categorization based on risk ranking (for example, critical, high,
medium, and low)

o Assess the level of impact

o Determine the threat and risk levels

= Remediation

Remediation is the process of applying fixes on vulnerable systems in order to mitigate
or reduce the impact and severity of vulnerabilities. These include steps like evaluating
vulnerabilities, locating risks, and designing responses for vulnerabilities. It is important
for the remediation process to be specific, measurable, attainable, relevant, and time-
bound.
This phase is initiated after the successful implementation of the baseline and
assessment steps.
The tasks performed in the remediation phase include:
o Prioritize remediation based on the risk ranking
o Develop an action plan to implement the recommendation or remediation

o Perform a root-cause analysis

o Apply patches and fixes
o Capture lessons learned
o Conduct awareness training
o Perform exception handling and risk acceptance for the vulnerabilities that cannot
be remediated
= Verification

In this phase, the security team performs a re-scan of systems to assess if the required
remediation is complete and whether the individual fixes have been applied to the
impacted assets. This phase includes the verification of the remedies used to mitigate
risks. It provides clear visibility into the firm and allows the security team to check
whether all the previous phases have been perfectly employed or not. Verification can
be performed by using various means such as ticketing systems, scanners, and reports.

The tasks performed in the verification phase include:
o Rescanning the systems to identify if an applied fix is effective in remediating the
vulnerability
o Performing dynamic analysis
o Reviewing the attack surface

Module 05 Page 540 Ethical Hacking and Countermeasures Copyright © by EG-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
Ethical Hacking and Countermeasures Exam 312-50 Certified Ethical Hacker
Vulnerability Analysis

= Monitoring

Organizations need to perform regular monitoring to maintain system security.
Continuous monitoring identifies potential threats and any new vulnerabilities that have
evolved. As per security best practices, all phases of vulnerability management must be
performed regularly.
This phase performs incident monitoring using tools such as IDS/IPS, SIEM, and firewalls.
It implements continuous security monitoring to thwart ever-evolving threats.
The tasks performed in the monitoring phase include:
(o] Periodic vulnerability scan and assessment
o Timely remediation of identified vulnerabilities
Monitoring intrusion detection and intrusion prevention logs

Implementing policies, procedures, and controls

Module 05 Page 541 Ethical Hacking and Countermeasures Copyright © by EG-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
Ethical Hacking and Countermeasures Exam 312-50 Certified Ethical Hacker
Vulnerability Analysis

LO#02: Explain Vulnerability Classification and Assessment Types

All Rights Reserved. Reproduction
is Stricly Pr

Vulnerability Classification and Assessment Types
Any vulnerability that is present in a system can be hazardous and can cause severe damage to
the organization. It is important for ethical hackers to have knowledge about various types of
vulnerabilities that they can employ, along with various vulnerability assessment techniques.
This section in the module discusses the various types of vulnerabilities and vulnerability
assessments.

Module 05 Page 542 Ethical Hacking and Countermeasures Copyright © by EG-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
Ethical Hacking and Countermeasures Exam 312-50 Certified Ethical Hacker
Vulnerability Analysis

Vulnerability Classification CIE H

Network Misconfigurations
© Misconfiguration is the most common vulnerability and is mainly
© Insecure protocols, open ports and services, errors,
Misconfigurations/Weak caused by human error and weak encryption
Configurations © Itallows attackers to break into a network
and gain unauthorized T e
access to systems o U
© Open permissions and unsecured root accounts
© Application flaws are vulnerabilities in applications that are exploited & Buffer overflows, memory leaks, resource exhaustion,
Application Flaws by attackers integer overflows, null pointer/object dereference,
© Flawed applications pose security threats such asdata tampering and DLLinjection, race conditions, improper input
unauthorized accessto configuration stores handling, and improper error handling
© Software vendors provide patches thatprevent exploitations and
Poos Parch Mooeeters reduce the probability of threats exploiting a specific vulnerability © Unpatched servers, unpatched firmware, unpatched
© Unpatched software can make an application, server, or device 05, and unpatched applications
vulnerable to various attacks
© Logical flaws in the functionality of the system are exploited by the
Design Flaws attackers to bypass the detection mechanismand acquire accesstoa © Incorrectencryption and poor validation of data
secure system
© Third-party services can have access to privileged systems and
© Vendor management, supply-chainrisks, outsourced
applications, through which financial information, customer and
Third-Party Risks code development, data storage, and cloud-based vs.
employee data, and processes in the enterprise’s supply chain can be
on-premises risks
compromised

Vulnerability Classification (Cont’d) C | EH

© Failing to change the default settings while deploying software or hardware allows the attacker to guess the
Default Installations/Default Configurations g5 to break Into the system

Operating System Flaws @ Owing to OS vulnerabilities, applications such as Trojans, worms, and viruses pose threats
© Manufacturers provide users with default passwords to access the device during its initial set-up, which users
must change for future use
Default Passwords
© When users forgetto update the passwords and continue using the default passwords, they make devices and
systems vulnerable to various attacks, such as brute-force and dictionary attacks
@ These are unknown vulnerabilities in software/hardware that are exposed but notyet patched
Zero-Day Vulnerabilities © These vulnerabilities are exploited by the attackers before being acknowledged and patched by the software
developers or security analysts
© Legacy platform vulnerabilities are caused by obsolete or familiar code
© Legacy platforms are usually not supported when patching technical assets such as smartphones, computers,
Legacy Platform Vulnerabilities
10T devices, OSes, applications, databases, firewalls, IDSes, or other network components
© This type of vulnerabilities can cause costly data breaches for organizations
@ The system sprawl vulnerability arises within an organizational network because of an increased numberof
S S 1/Und d Assets system or server connections without proper documentation or an ding of their mai e
@ These assets are often neglected over time, making them susceptible to attacks
© Improper certificate and key management may lead to many vulnerabilities that allow attackers to perform
Improper Certificate and Key g [ king and data exfiltration attacks