Chapter 4 Analyzing Vulnerability Scans Flashcards
An industry standard for assessing the severity of security vulnerabilities - Provides a technique for scoring each vulnerability on a variety of measures
Common Vulnerability Scoring System (CVSS)
Describes how an attacker would exploit a vulnerability
Access Vector Metric
CVSS access vector metric
The attacker must have physical or logical access to the affected system
Score 0.395
Local (L)
CVSS access vector metric
The attacker must have access to the local network that the affected system is connected to
Score 0.646
Adjacent Network (A)
CVSS access vector metric
The attacker can exploit a vulnerability remotely over a network
Score 1.000
Network (N)
Describe the difficulty of exploitng the vulnerability
Access Complexity Metric
CVSS access complexity metric
Exploiting the vulnerability requires “specialized” conditions that would be difficult to find
Score 0.350
High (H)
CVSS access complexity metric
Exploiting the vulnerability requires “somewhat specialized” conditions
Score 0.610
Medium (M)
CVSS access complexity metric
Exploiting the vulnerability does not require any specialized conditions
Score 0.710
Low (L)
Describes the authentication hurdles that an attacker would need to clear to exploit a vulnerability
Authentication Metric
CVSS authentication metric
Attackers would need to authenticate two or more times to exploit the vulnerability
Score 0.450
Multiple (M)
CVSS authentication metric
Attackers would need to authenticate once to exploit the vulnerability
Score 0.560
Single (S)
CVSS authentication metric
Attackers do not need to authenticate to exploit the vulnerability
Score 0.704
None (N)
Describe the type of information disclosure that might occur if an attacker successfully exploit their vulnerability
Confidentiality Metric
CVSS confidentiality metric
There is no confidentiality impact
Score 0.000
None (N)
CVSS confidentiality metric
Access to some information is possible, but the attacker does not have control over what information is compromised
Score 0.275
Partial (P)
CVSS confidentiality metric
All information on the system is compromised
Score 0.660
Complete (C)
Describes the type of information alteration that might occur if attacker successfully exploit vulnerability
Integrity Metric
CVSS integrity metric
There is no integrity impact
Score 0.000
None (N)
CVSS integrity metric
Modification of some information is possible, but the attacker does not have control over what information is modified
Score 0.275
Partial (P)
CVSS integrity metric
The Integrity of the system is totally compromised, and the attacker may change any information at will
Score 0.660
Complete (C)
Describe the type of disruption that might occur if attacker successfully exploit a vulnerability
Availability metric
CVSS availability metric
There is no availability impact
Score 0.000
None (N)
CVSS availability metric
The performance of the system is degraded
Score 0.275
Partial (P)
CVSS availability metric
The system is completely shut down
Score 0.660
Complete (C)
Uses a single line format to convey the ratings of a vulnerability on all six metrics
CVSS Vector
Breakdown the following CVSS vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N
CVSS2# - informs the reader the vector is composed of CVSS version 2
Access Vector: Network (score: 1.000)
Access Complexity: Medium (score: 0.610)
Authentication: None (score: 0.704)
Confidentiality: Partial (score: 0.275)
Integrity: None (score: 0.000)
Availability: None (score: 0.000)
A single number representing the overall risk posed by a vulnerability
CVSS base score
Arriving at a base score requires first calculating what?
Exploitability score Impact score Impact function
Formula for calculating the exploitability score
Exploitability = 20 × AccessVector × AccessComplexity × Authentication
Formula for calculating impact score
Impact = 10.41 × (1 − (1 − Confidentiality) × (1 − Integrity) × (1 − Availability))
Formula for calculating impact function
If the impact score is 0, the impact function is also 0 Otherwise, the impact function value is 1.176
Formula for calculate CVSS the base score
BaseScore = ((0.6 × Impact) + (0.4 × Exploitability) − 1.5) × ImpactFunction
Nessus risk categories based on CVSS base scores
A scanner reports of vulnerability that does not exist is known as what?
False positive error
Systems that correlate login trees from multiple sources and provides actionable intelligence
Security information and event management (SIEM)
Occurs when an attacker manipulates a program into placing more data into an area of memory then is what is allocated for the program’s use
Buffer Overflow Attack
Allows an attacker to run software of his or hers choice on a targeted system
Arbitrary Code Execution Vulnerabilities
The attacker can exploit the vulnerabilitiy over a network connection without having physical or logical access to the target system
Remote Code Execution Vulnerabilities
Give developers crucial information needed to troubleshoot applications in the development process
Debug mode
How should debug mode be treated in mature organizations?
Debug mode should always take place in a dedicated development environment that is only accessible from private networks
Which protocol is the most preferred Secure Socket Layer (SSL) or Transport Layer Security (TLS) ?
TLS is the replacement for SSL that offers similar functionality but does not have the same security flaws as SSL
What are some common certificate vulnerabilities detected in scans?
Mismatch between the name on the certificate in the name of the server
Expiration of the digital certificate
Unknown Certificate Authority
Describe a DNS amplification vulnerability?
That attacker sends spoofed DNS requests to a DNS server that are designed to elicit responses that are much larger in size than the original request.
These response packets then go to the spoofed address where the DNS server believes the query originated; this causes a denial-of-service attack on the target.
An attacker has access to a virtual machine and uses this leverage to intrude other resources assigned to a different virtual machine
Virtual Machine Escape Vulnerabilities
What are the two best ways to protect against SQL injection attacks?
Input Validation - ensures that users don’t provide unexpected text to the web server
Least Privilege - restricts the tables that may be accessed by the web server and can prevent the retrieval of credit card information
An attacker embeds scripting commands on a website that will later be executed by unsuspecting visitor accessing the site
Cross-Site Scripting (XSS)
