Vulnerabilities

Lecture Notes

This lecture will present an overview over vulnerability management processes and tools, CVEs, CWEs and the CVSS.

Download here

Practical tasks

The vulnerabilities tracked in CVEs may originate from a wide range of sources, and have an wide impact on computer systems, processes and the society. Other vulnerabilities are never tracked as CVEs and are handled in alternative ways, not ever disclosed to the public and tradded, or just ignored.

This task proposes that a group of 2 students analyze one CVE from the following list and identify:

  • what it affected
  • what was the vulnerability
  • how/when it was discovered
  • when was it fixed
  • how it was exploited by attackers
  • what was the impact of its exploitation
  • what was the timeline of major events

The result should be a presentation to be delivered in class for us to brainstorm. Students should reserve a CVE by sending a message through MS Teams. A FCFS approach will be followed.

  • List of CVEs
    • Rubrik CDM - CVE-2020-9478
    • Zerologon - CVE-2020-1472
    • DLINK Devices - CVE-2019-17510
    • Linux Out of Bounds - CVE-2019-15926
    • Exim Backslash - CVE-2019-15846
    • Eternalblue - CVE-2017-0144
    • Ping6 of Death - CVE-2013-3183
    • Heartbleed - CVE-2014-0160
    • Shellshock - CVE-2014-6271
    • Poodle - CVE-2014-3566
    • Kaminsky DNS - CVE-2008-1447
    • DoubleKill - CVE-2018-8174
    • Stagefright - CVE-2015-1538
    • Bluekeep - CVE-2019-0708
    • Flash - CVE-2018-15982
    • Emotet - CVE-2017-11882
    • xt_TCPMSS - CVE-2017-18017
    • UDP - CVE-2016-10229
    • Meltdown - CVE-2017-5754
    • Spectre - CVE-2017-5753
    • BlueKeep - CVE- 2019-0708
    • BLURtooth - CVE-2020-15802
    • KRACK - CVE-2017-13077
    • Dragonblood - CVE-2019-13377
    • MSCHAP - CVE-2009-3677
    • SMBGhost - CVE-2020-0796
    • Print Spooler - CVE-2022-36958
    • Log4j - CVE-2021-44228
    • Proxylogon - CVE-2021-26855

References

K. Tsipenyuk, B. Chess and G. McGraw, “Seven pernicious kingdoms: a taxonomy of software security errors,” in IEEE Security & Privacy, vol. 3, no. 6, pp. 81-84, Nov.-Dec. 2005, doi: 10.1109/MSP.2005.159.

Web pages

  • OWASP Top 10: The OWASP Top 10 is a standard awareness document for developers and web application security. It represents a broad consensus about the most critical security risks to web applications.
  • Top 25 CWE: Weaknesses in the 2020 CWE Top 25 Most Dangerous Software Weaknesses
  • CWE-348: Use of Less Trusted Source
  • CERT Vulnerability Notes Database
  • VulnDB
  • DISA IAVA and STIGS
  • CVE-2020-1472: An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC), aka ‘Netlogon Elevation of Privilege Vulnerability’.
  • CVE Details: security vulnerability datasource
  • CVSS: Common Vulnerability Scoring System SIG
Previous
Next

Last updated on 23 Sep 2022