Vulnerabilities in Security Levels
Added on 2023-01-16
21 Pages3691 Words92 Views
Running head: VULNERABILITIES
VULNERABILITIES
Name of the Student:
Name of the University:
Author Note:
VULNERABILITIES
Name of the Student:
Name of the University:
Author Note:
1VULNERABILITIES
Table of Contents
Introduction................................................................................................................................2
Three Vulnerabilities in the three level of security (Medium, High and Critical).................3
Base score calculation:...............................................................................................................5
Algorithm:..............................................................................................................................5
Calculations:...........................................................................................................................6
Comparison of the three Vulnerabilities (Spectre, Meltdown, Eternal Blue)......................10
CVSS Temporal and Environmental scores.........................................................................11
Potential Mitigation Strategies:............................................................................................15
Exploitation of High risk vulnerability CVE-2017-18330...................................................16
Conclusion:..............................................................................................................................17
References:...............................................................................................................................18
Table of Contents
Introduction................................................................................................................................2
Three Vulnerabilities in the three level of security (Medium, High and Critical).................3
Base score calculation:...............................................................................................................5
Algorithm:..............................................................................................................................5
Calculations:...........................................................................................................................6
Comparison of the three Vulnerabilities (Spectre, Meltdown, Eternal Blue)......................10
CVSS Temporal and Environmental scores.........................................................................11
Potential Mitigation Strategies:............................................................................................15
Exploitation of High risk vulnerability CVE-2017-18330...................................................16
Conclusion:..............................................................................................................................17
References:...............................................................................................................................18
2VULNERABILITIES
Introduction
The overall importance of vulnerabilities is completely based on various level of
security. The level of security goes from 1 the lowest to 5 the highest. Vulnerabilities can be
stated as the reliability to which they can be found as potential vulnerabilities. High
vulnerabilities are the one that comes up with security level of 4 or 5. Vulnerability of the
group is given to the attacker which come up with possibility for execution of code of target.
If the attacker comes up with unauthorized potential along with high privileges, then the code
can extract the required information. It can also result in tampering of data and deletion of
data of the user. The group of low or medium vulnerability is considered to be common one
which represents the attack vectors that more specific information about the given target.
There can be increase in overall degree of sensitivity that is from 1 to 3. In high vulnerability,
attacker can easily code on the target. While in medium and low vulnerability there is only
leakage of information. Medium level vulnerabilities are considered to be very less
complicated in nature as they depend on the given context. CVSS can be expanded as
common vulnerability scoring system that provides a framework that is open that comes up
with communicating characteristics. CVSS can create huge amount of impact on overall IT
vulnerabilities.
In the coming pages of the report, an idea has been provided with respect to three
vulnerabilities in the security level that is Medium, High and critical. After that, a derivation
has been done with respect to their CVSS score of 3.0 by making use of algorithm. All the
validation has been done by the help of proper calculation. All the possible similarities and
differences that are Spectre, Meltdown and Eternal blue have been done.
Introduction
The overall importance of vulnerabilities is completely based on various level of
security. The level of security goes from 1 the lowest to 5 the highest. Vulnerabilities can be
stated as the reliability to which they can be found as potential vulnerabilities. High
vulnerabilities are the one that comes up with security level of 4 or 5. Vulnerability of the
group is given to the attacker which come up with possibility for execution of code of target.
If the attacker comes up with unauthorized potential along with high privileges, then the code
can extract the required information. It can also result in tampering of data and deletion of
data of the user. The group of low or medium vulnerability is considered to be common one
which represents the attack vectors that more specific information about the given target.
There can be increase in overall degree of sensitivity that is from 1 to 3. In high vulnerability,
attacker can easily code on the target. While in medium and low vulnerability there is only
leakage of information. Medium level vulnerabilities are considered to be very less
complicated in nature as they depend on the given context. CVSS can be expanded as
common vulnerability scoring system that provides a framework that is open that comes up
with communicating characteristics. CVSS can create huge amount of impact on overall IT
vulnerabilities.
In the coming pages of the report, an idea has been provided with respect to three
vulnerabilities in the security level that is Medium, High and critical. After that, a derivation
has been done with respect to their CVSS score of 3.0 by making use of algorithm. All the
validation has been done by the help of proper calculation. All the possible similarities and
differences that are Spectre, Meltdown and Eternal blue have been done.
3VULNERABILITIES
Three Vulnerabilities in the three level of security (Medium, High and Critical)
Software, Hardware and firmware vulnerability can result in huge amount of risk of
an organization by making use of computer system. Common Vulnerability Scoring System
(CVSS) aims to provide the best way by which they have characteristics of any vulnerability.
It aims to provide a numerical value along with representing in text of the score. The
collected numerical value of score can be used for translating it into critical, medium and
high. It will ultimately help the organization to give priority for the whole vulnerability
management process. CVSS aims to provide mainly three kinds of benefits like
It aims to provide proper standardization based on the vulnerability scores. There are
many instances when the organization makes use of common vulnerability in all the
IT platforms. This will result in single policy of vulnerability management which
provides maximum time for validation.
CVSS aims to provide framework where user is completely confused at the time of
validation and remediation of vulnerability. By the help of CVSS, the individual
characteristics can be used for driving the score which is transparent.
CVSS helps in prioritizing of the given risk at the instance of computing the
environmental score. Vulnerability can become textual to any organization. It
ultimately helps to provide a much better idea of risk which is posed by the
vulnerability to this organization.
In medium security level, vulnerabilities (CVE-2018-20650) which can score in the
medium range. It usually comes up with list of characteristics like
The affect system does not have any validation or even incorrect validation the input
which can affect overall control flow of data or even flow of diagram.
When the software does not validate the input properly for attacker which can draft
the input form which is not expected for the remaining portion of application.
Three Vulnerabilities in the three level of security (Medium, High and Critical)
Software, Hardware and firmware vulnerability can result in huge amount of risk of
an organization by making use of computer system. Common Vulnerability Scoring System
(CVSS) aims to provide the best way by which they have characteristics of any vulnerability.
It aims to provide a numerical value along with representing in text of the score. The
collected numerical value of score can be used for translating it into critical, medium and
high. It will ultimately help the organization to give priority for the whole vulnerability
management process. CVSS aims to provide mainly three kinds of benefits like
It aims to provide proper standardization based on the vulnerability scores. There are
many instances when the organization makes use of common vulnerability in all the
IT platforms. This will result in single policy of vulnerability management which
provides maximum time for validation.
CVSS aims to provide framework where user is completely confused at the time of
validation and remediation of vulnerability. By the help of CVSS, the individual
characteristics can be used for driving the score which is transparent.
CVSS helps in prioritizing of the given risk at the instance of computing the
environmental score. Vulnerability can become textual to any organization. It
ultimately helps to provide a much better idea of risk which is posed by the
vulnerability to this organization.
In medium security level, vulnerabilities (CVE-2018-20650) which can score in the
medium range. It usually comes up with list of characteristics like
The affect system does not have any validation or even incorrect validation the input
which can affect overall control flow of data or even flow of diagram.
When the software does not validate the input properly for attacker which can draft
the input form which is not expected for the remaining portion of application.
4VULNERABILITIES
It will ultimately to different part of the application at the instance of receiving any
kind of input. This will result in control flow in altered and improper control of the
resources.
Vulnerabilities which require the attacker to make manipulation of the individual
victim through engineering tactics.
Vulnerabilities with respect to denial of service vulnerability can be considered to be
very much set up.
There are exploits which require an attacker to completely reside in the same local
network as the victim.
There are some instances vulnerabilities where the exploitation aims to provide
limited access.
There is large number of vulnerabilities that require the privilege of exploitation in
successful way.
In critical security level, vulnerabilities (CVE-2018-20718) that can score the critical
range which comes up with list of characteristics.
Software comes up with data and control in the given way that comprises of data and
control in proper way. It generally lacks any kind of vulnerability for user control that
results in injection issues.
In general, exploitation is considered to be very much straightforward in nature. It
merely the attackers do not require any particular kind of authentication. A list of
authentication credential and knowledge about the victim is produced. It does not
require to peruse the given target user. Social engineering can be considered to be as
one of the methods of performing any of the given special function.
Exploitation of the given vulnerability can easily result in root –level of both server
and infrastructure based devices.
It will ultimately to different part of the application at the instance of receiving any
kind of input. This will result in control flow in altered and improper control of the
resources.
Vulnerabilities which require the attacker to make manipulation of the individual
victim through engineering tactics.
Vulnerabilities with respect to denial of service vulnerability can be considered to be
very much set up.
There are exploits which require an attacker to completely reside in the same local
network as the victim.
There are some instances vulnerabilities where the exploitation aims to provide
limited access.
There is large number of vulnerabilities that require the privilege of exploitation in
successful way.
In critical security level, vulnerabilities (CVE-2018-20718) that can score the critical
range which comes up with list of characteristics.
Software comes up with data and control in the given way that comprises of data and
control in proper way. It generally lacks any kind of vulnerability for user control that
results in injection issues.
In general, exploitation is considered to be very much straightforward in nature. It
merely the attackers do not require any particular kind of authentication. A list of
authentication credential and knowledge about the victim is produced. It does not
require to peruse the given target user. Social engineering can be considered to be as
one of the methods of performing any of the given special function.
Exploitation of the given vulnerability can easily result in root –level of both server
and infrastructure based devices.
5VULNERABILITIES
In the cases of critical vulnerabilities, the best choice to upgrade the given patch
quickly. It needs to have another kind of mitigation measures for detection of attack.
A proper mitigation factor needs to be installed which is not accessible from the
internet.
In high-security level, there are some vulnerabilities (CVE-2017-18330) that can
score in the given high range that comes up with huge number of characteristics like
There is some instance of buffer overflow in AES- CCM encryption which is done
through initialization vector in Snapdragon mobile.
Any kind of exploitation can result in elevation of privileges.
Exploitation of the data in the system and network can result in huge amount of
system downtime.
Base score calculation:
Algorithm:
The Base Score is a function of the Impact and Exploitability sub score equations. Where the
Base score is defined as,
If (Impact sub score <= 0) 0 else,
Scope Unchanged 𝑅𝑜𝑢𝑛(𝑀𝑖𝑛𝑖𝑚𝑢𝑚[(𝐼𝑚𝑝𝑎𝑐𝑡 + 𝐸𝑥𝑝𝑙𝑜𝑖𝑡𝑎𝑏𝑖𝑙𝑖𝑡𝑦), 10])
Scope Changed 𝑅𝑜𝑢𝑛(𝑀𝑖𝑛𝑖𝑚𝑢𝑚[1.08 × (𝐼𝑚𝑝𝑎𝑐𝑡 + 𝐸𝑥𝑝𝑙𝑜𝑖𝑡𝑎𝑏𝑖𝑙𝑖𝑡𝑦), 10])
and the Impact sub score (ISC) is defined as,
In the cases of critical vulnerabilities, the best choice to upgrade the given patch
quickly. It needs to have another kind of mitigation measures for detection of attack.
A proper mitigation factor needs to be installed which is not accessible from the
internet.
In high-security level, there are some vulnerabilities (CVE-2017-18330) that can
score in the given high range that comes up with huge number of characteristics like
There is some instance of buffer overflow in AES- CCM encryption which is done
through initialization vector in Snapdragon mobile.
Any kind of exploitation can result in elevation of privileges.
Exploitation of the data in the system and network can result in huge amount of
system downtime.
Base score calculation:
Algorithm:
The Base Score is a function of the Impact and Exploitability sub score equations. Where the
Base score is defined as,
If (Impact sub score <= 0) 0 else,
Scope Unchanged 𝑅𝑜𝑢𝑛(𝑀𝑖𝑛𝑖𝑚𝑢𝑚[(𝐼𝑚𝑝𝑎𝑐𝑡 + 𝐸𝑥𝑝𝑙𝑜𝑖𝑡𝑎𝑏𝑖𝑙𝑖𝑡𝑦), 10])
Scope Changed 𝑅𝑜𝑢𝑛(𝑀𝑖𝑛𝑖𝑚𝑢𝑚[1.08 × (𝐼𝑚𝑝𝑎𝑐𝑡 + 𝐸𝑥𝑝𝑙𝑜𝑖𝑡𝑎𝑏𝑖𝑙𝑖𝑡𝑦), 10])
and the Impact sub score (ISC) is defined as,
End of preview
Want to access all the pages? Upload your documents or become a member.
Related Documents
Exploiting the Eternal Blue Vulnerability (CVE-2017-0144) in SMBlg...
|8
|1879
|487
Security Challenges in IoT Platforms | Articlelg...
|4
|805
|19
Report on Cyber Security Managementlg...
|17
|3861
|45
Cyber Security: BYOD Risk Assessment, Certificate-based Authentication, and Anti-phishing Guidelinelg...
|9
|2240
|285
How to Measure Anything in Cybersecurity Risklg...
|57
|5110
|81