Description
The assignment will focus in researching a popular product, describing what could be considered an impactful CVE of that product.
The presentation should be take at most 15 minutes and have the following content:
- The product: what is is, what it does, use cases where it is present
- The security record of it: how many vulnerabilities in the last years, types of vulnerabilities, reputation.
- The most relevant CVE: what was the vulnerability, how it was reported, how it was fixed and how long it took, known exploitation and impact
Students should create groups of 4 students, and must address a unique software and CVE.
Some of the potential CVEs:
- Rubrik CDM - CVE-2020-9478
- Zerologon - CVE-2020-1472
- DLINK Devices - CVE-2019-17510
- Linux Out of Bounds - CVE-2019-15926
- Exim Backslash - CVE-2019-15846
- Eternalblue - CVE-2017-0144
- Ping6 of Death - CVE-2013-3183
- Heartbleed - CVE-2014-0160
- Shellshock - CVE-2014-6271
- Poodle - CVE-2014-3566
- Kaminsky DNS - CVE-2008-1447
- DoubleKill - CVE-2018-8174
- Stagefright - CVE-2015-1538
- Bluekeep - CVE-2019-0708
- Flash - CVE-2018-15982
- Emotet - CVE-2017-11882
- xt_TCPMSS - CVE-2017-18017
- UDP - CVE-2016-10229
- Meltdown - CVE-2017-5754
- Spectre - CVE-2017-5753
- BlueKeep - CVE- 2019-0708
- BLURtooth - CVE-2020-15802
- KRACK - CVE-2017-13077
- Dragonblood - CVE-2019-13377
- MSCHAP - CVE-2009-3677
- SMBGhost - CVE-2020-0796
- Print Spooler - CVE-2022-36958
- Log4j - CVE-2021-44228
- Proxylogon - CVE-2021-26855
Delivery and Grading
- Reserve a software and CVE using discord, by posting a message with group members, software and CVE.
- Submit the presentation through elearning
- Present the deck in class
A presentation should provide the information requested, in a visually adequate manner, allowing other students to understand the role of the product, how the vulnerability presented, its impact and how the vendor handled the process.
References
- CVE Details: https://www.cvedetails.com