Chapter 8 - 03 - Discuss Vulnerability Assessment - 03_ocred.pdf

Full Transcript

Certified Cybersecurity Technician Network Security Assessment Techniques and Tools Exam 212-82 Common Vulnerabilities and Exposures (CVE) Source: https://cve.mitre.org CVE® is a publicly available and free-to-use list or dictionary of standardized identifiers for common software vulnerabilities and exposures. The use of CVE Identifiers, or “CVE IDs,” which are assigned by CVE Numbering Authorities (CNAs) from around the world, ensures confidence among parties when vulnerability. CVE discussing or sharing information provides a baseline for tool about a unique evaluation and software enables data or firmware exchange for cybersecurity automation. CVE IDs provide a baseline for evaluating the coverage of tools and services so that users can determine which tools are most effective and appropriate for their organization’s needs. In short, products and services coverage, easier interoperability, and enhanced security. compatible with CVE provide better What CVE is: = One identifier for one vulnerability or exposure = One standardized description for each vulnerability or exposure = Adictionary rather than a database = A method for disparate databases and tools to “speak” the same language = The way to interoperability and better security coverage = A basis for evaluation among services, tools, and databases = Free for the public to download and use = Industry-endorsed via the CVE Numbering Authorities, CVE Board, and the numerous products and services that include CVE NVD Go to for: Common Vulnerabilities and Exposures Search CVE List Download CVE Data Feeds Request CVE IDs TOTAL HOME > CVE Search SEARCH Update a CVE Entry CVE Entries: 118175 RESULTS Results [There are 414 CVE entries that match your search. Name Description CVE-2019-9565 Druide Antidote RX, HD, 8 before 8.05.2287, 9 before 9.5.3937 and 10 before 10.1.2147 allows remote attackers to steal NTLM hashes or perform SMB relay attacks upon a direct launch of the product, or upon an indirect launch via an integration such as Chrome, Firefox, Word, Outlook, etc. This occurs because the product attempts to access a share with the PLUG-INS subdemain name; an attacker may be able to use Active Directory Domain Services to register that name. CVE-2019-7097 Adobe Dreamweaver versions 19.0 and earlier have an insecure protocol implementation vulnerability. Successful exploitation could lead to sensitive data disclosure if smb request is subject to a relay attack. CVE-2019-6452 Kyocera Command Center RX TASKalfa4501i and TASKalfa5052ci allows remote attackers to abuse the Test button in the machine address book to obtain a cleartext FTP or SMB password. Figure 8.13: Common Vulnerabilities and Exposures (CVE) Module 08 Page 1068 Certified Cybersecurity Technician Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Network Security Assessment Techniques and Tools Exam 212-82 National Vulnerability Database (NVD) Source: https://nvd.nist.gov The NVD is the U.S. government repository of standards-based vulnerability management data. It uses the Security Content Automation Protocol (SCAP). Such data enable the automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, misconfigurations, product names, and impact metrics. The NVD performs an analysis on CVEs that have been published to the CVE Dictionary. NVD staff are tasked with the analysis of CVEs by aggregating data points from the description, references supplied, and any supplemental data that are publicly available. This analysis results in association impact metrics (Common Vulnerability Scoring System — CVSS), vulnerability types (Common Weakness Enumeration — CWE), and applicability statements (Common Platform Enumeration — CPE), as well as other pertinent metadata. The NVD does not actively perform vulnerability testing; it relies on vendors, third party security researchers, and vulnerability coordinators to provide information that is used to assign these attributes. NIST Information Technology Laboratory NATIONAL VULNERABILITY DATABASE Vulnerability Identifier VULNERABILITIES = Vulnerability INCVE-2019-6452|Detail Published Date s gt Current Description Q UICK INFO Kyocera Command Center RX TASKalfa4501i and TASKalfa5052ci allows remote attackers to abuse the Test button in the CVE Dictionary Entry: machine address book to obtain a cleartext FTP or SMB password.. CVE-2019-6452 NVD Published Date: i‘;"": '"lTRE 1ewY\ 06/06/2019 Analysis ¢ /. Description NVD Last Modified: N CVSS v3 Score Impact CVSS v3.0 Severit [ Base Score: 8.5 HIGH ' d Metrics: CVSS v2 Score 06/11/2019 CVSS v2.0 Severity ap |_Base Score: 4.0 MeDIUM [ Vector: AV:N/AC:L/PR:L/UEN/S:U/C:H/IEH/AH (V3 Vector: (AV:N/AC:L/AU:S/C:P/IEN/A:N) (V2 legend) legend) Impact Subscore: 2.9 Impact Score: 5.9 Exploitability Subscore: 8.0 Exploitability Score: 2.8 Access Vector (AV): Network Attack Vector (AV): Network Access Complexity (AC): Low Attack Complexity (AC): Low Authentication (AU): Single Privileges Required (PR): Low Confidentiality (C): Partial User Interaction (Ul): None Integrity (1): None Figure 8.14: Screenshot showing CVE details in the National Vulnerability Database (NVD) Module 08 Page 1069 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Network Security Assessment Techniques and Tools Exam 212-82 Common Weakness Enumeration (CWE) Source: https://cwe.mitre.org Common Weakness Enumeration (CWE) is a category system for software vulnerabilities and weaknesses. It is sponsored by the National Cybersecurity FFRDC, which is owned by The MITRE Corporation, with support from US-CERT and the National Cyber Security Division of the U.S. Department of Homeland Security. The latest version 3.2 of the CWE standard was released in January 2019. It has over 600 categories of weaknesses, which gives CWE the ability to be effectively employed by the community as a baseline for weakness identification, mitigation, and prevention efforts. It also has an advanced search technique where attackers can search and view weaknesses based on research concepts, development concepts, and architectural concepts. « Common Weakness Enumeration 00 ERE A Community-Developed List of Software IWeakness Tipes 25 Wiy ID Lookup: N | Home | About | CWEList | Scoring | Community = News Search CWE™ is a community-developed list of common software security weaknesses. It serves as a common language, a measuring stick for software security tools, and as a baseline for weakness identification, mitigation, and prevention efforts. View by Research Concepts ) the List of Weaknesses by Development Concepts Search ) by Architectural Concepts ) CWE Easily find a specific software weakness by performing a search of the CWE Number. To search by multiple keywords, separate each by a space. List by keywords(s) or by CWE-ID EE all o About 10 results (0.17 seconds) CWE-427_ Uncontrolled Search Path Element (3.2) - CWE https:/lcwe.mitre org/data/definitions/d27 html In some cases, the attack can be conducted remotely, such as when SMB or WebDAV network shares are used. In some Unix-based systems, a PATH might be RIO| g.of LengthParameter - CWE https: llcwe mitre org/data/definitions/130 html Product allows remote attackers to cause a denial of service and possibly execute arbitrary code via an SMB packet that spacifies a smaller buffer length than is. ypass by Capture-replay (3.2) - CWE hitps: Ilc\/e mitre org/dataldef initions/294 html A capture-replay flaw exists when the design of the software makes it possible for a malicious user to sniff network traffic and bypass authentication by replaying Figure 8.15: Screenshot showing CWE results for SMB query Module 08 Page 1070 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Network Security Assessment Techniques and Tools Exam 212-82 Types of Vulnerability Assessment Active Assessment | ///> Used to sniff the network traffic to discover present Passive Assessment active systems, network services, applications, and vulnerabilities present External Assessment Internal Uses a network scanner to find hosts, services, and vulnerabilities P Assesses the network from a hacker's perspective to discover exploits and vulnerabilities that are accessible to the outside world [ Assessment | Scans the internal infrastructure to discover exploits and vulnerabilities Copyright © by Conducts a configuration-level check to identify system configurations, user directories, file systems, registry settings, etc., to evaluate the possibility of compromise. All Rights Reserved. Reproduction is Strictly Prohibited. Host-based Assessment ) Determines possible network security attacks that may occur on the organization’s system Tests and analyzes all elements of the web infrastructure for any misconfiguration, outdated content, or known vulnerabilities Focuses on testing databases, such as MYSQL, MSSQL, ORACLE, POSTGRESQL, etc., for the presence of data exposure or injection type vulnerabilities v Module 08 Page 1071 Networkbased Assessment. | I ESBRREARNRRN ¥ =.. poum sT00 Ll | Application Assessment Database Assessment. All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.