CVE-2018-20718 VULNERABILITY TYPE: INJECTION.

Verified

Added on 2023/01/16

AI Summary

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.

CVE-2018-20718
VULNERABILITY TYPE: INJECTION

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

💎 Get Pro

Introduction
 This type of vulnerability uses the injection
mode of the attack.
 This attack can lead to the loss of control of
the system
 The attack tries to change the flow of
control of the process of the system.
 This attack is frequently used and can be
used in a variety of forms.
 Some of the common ways to implement
this attack is by sending the malicious code
through legitimate data channels.

Vulnerability
 The vulnerability is of type injection.
The software is capable of injecting
the attacker controlled data plan into
the user controlled data plan.
 This injection attack can lead to many
parsing problems.
 This vulnerability can also cause
buffer overflows and many other
problems.
 The main vulnerability of this can lead
to system execution ability gain.

Scope Impact
Confidentiali
ty
Technical Impact: Read Application Data
More than one injection attacks is capable of disclosing sensitive
information and important useful data for further exploitation.
Access
Control
Technical Impact: Bypass Protection Mechanism
In few cases, the injection method also contains system control flow
changing codes that can result in loss of control.
Other
Technical Impact: Alter Execution Logic
Injection assaults are portrayed by the capacity to essentially
change the stream of a given procedure, and now and again, to the
execution of discretionary code.
Integrity
Other
Technical Impact: Other
Information injection assaults lead to loss of information integrity in
about all cases as the control-plane information infused is constantly
coincidental to information review or composing.
Non-
Repudiation
Technical Impact: Hide Activities
Most of the time, the activities performed by injection control code
are unlogged.
SCOPE AND VULNERABILITY

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

💎 Try AI Paraphraser

Mitigation and Patching
 The vulnerability can be patched by using
a programming language that cannot be
affected by such a vulnerability type.
 This type of language cannot be attacked
using this type of attack.
 The languages without this weakness are
Java and Perl which have their own
memory management feature.
 Another way is to implement whitelist and
blacklist parsing feature to parse the code.
 This can lead to filtering of control-plane
syntax from all input.

References
 Ma, S., Thung, F., Lo, D., Sun, C. and
Deng, R.H., 2017, September. Vurle:
Automatic vulnerability detection and
repair by learning from examples. In
European Symposium on Research in
Computer Security (pp. 229-246).
Springer, Cham.
 Ali, B. and Awad, A., 2018. Cyber and
physical security vulnerability
assessment for IoT-based smart
homes. Sensors, 18(3), p.817.

1 out of 7

+13062052269

info@desklib.com

CVE-2018-20718 VULNERABILITY TYPE: INJECTION.

Contribute Materials

Secure Best Marks with AI Grader

Paraphrase This Document

Related Documents

TRANSCRIPT Slide 2: There are a few limited mitigation

Desklib: Study Material Library with Solved Assignments & Essays

CRYPTOGRAPHY AND SECURITY VULNERABILITIES OF SYSTEMS

Advanced E-Security: Defences against Injection Attacks, DLP Products, HTTPS, Cloud Services, and Cybersecurity Approaches

Secure Web Server: Attacks, SDLC Security Measures, and Protection Applications

Vulnerabilities in SCADA