Identification of Risks, Threats, and Vulnerabilities

Identification of Risks, Threats, and Vulnerabilities

 

Question 1

CVE is a list of open source vulnerabilities presented as an identification number with descriptions and public references. The CVE avails an essential list of entries for common vulnerabilities and is usable in numerous capacities by cyber-security agents. The list is available online for free on the Common Vulnerabilities and Exposure website. One of the notable agencies that use data from this source is the U.S. National Vulnerability Database.

Question 2

The CVE program does not explicitly define the term, vulnerability, but relies on standard definitions from other sources. Murshed (2017), thus offers three explanations to this term; one, weakness is inherent if a product owner considers an issue a vulnerability to his or her product. The case implies that if the owner declares that specific entry is a vulnerability on his end, then the entry becomes publicly known for its vulnerability irrespective of other persons’ opinions. Similarly, weakness is an issue that violates the security protocol of a product. As such, whenever the CNA determines that an entry has bypassed security policies, the CAN enlists it as a public threat. Lastly, vulnerabilities also include reports from external sources about vulnerabilities. Ideally, if one reports that an issue is a vulnerability, then the CNA terms it a vulnerability irrespective of everything.

Question 2B

Exposure is the proximity to vulnerability. Once a product has numerous vulnerabilities, then it has exposure to hackers and remote attackers. Therefore, exposure is definable as the presence of loopholes, or weaknesses, in a product that may allow remote attackers to execute unwarranted codes.

Question 3

Having assessed the vulnerabilities of Microsoft XP 2003 Service Pack 1 from the CVE list, I came across 18 vulnerability entries. The following is a description of four of the results;

• Entry number, CVE-2013-3906, reveals that the GDI+ present in the 2003 version of Microsoft Windows Service Pack 1 enables hackers to perform arbitrary code executions through the craftion of TIFF images by external influences. Hackers demonstrated they issue by wildly exploiting word document-images between October and November 2013.
• Entry number CVE-2010-3946. The entry reveals an overflow of integers vulnerability in the image converter option of the PICT function. According to Perez-Botero et al. (2013), the graphic filters in the PICT image converter sustain integer overflows that permit external access and execution of arbitrary code using PICT image crafting in word documents. The issue applies to Microsoft Windows XP SP, Office 2003 SP 3, and Office converter pack.
• The third result is the entry number, CVE-3010-3945. It states that the overflows in the buffers during CGM image conversions through the graphic segregators of Office Converter Pack, Microsoft Office XP SP3, and Office 2003 SP3, enables the execution of arbitrary codes by hackers, who practice this by crafting CGM images in word documents. The issue is termed the vulnerability of the CGM Image Converter Buffer Overrun
• Text converters in Server 2003 SP2, 2002 SP3 and 2003, Microsoft office word, WordPad in Windows 2000 SP4, SP3, XP SP2, and office converter pack enables integer overflows, which allow attackers and hackers to execute arbitrary codes with the use of files with the inscription of DOCS. The issue, CVE-2009-2506, relies on an unprecedented quantity names of properties in the Document-Summary-Information stream that enables the buffering of overflows in a heap.

Question 4

After searching the CVE database by keying in words, Cisco ASA 5505

Security +, only two results of vulnerability emerged. They included;

• CVE-2013-1215: A Virtual Private Network for clients within the adaptive components of Cisco devices with Adaptive Security Appliances (ASA), code 5505, and associated features permit local users to achieve privileged access to vectors with limited specifications including Bug ID CSCuf85295.
• The Cisco-type Security Appliances within the (ASA) 5500 category and devices with operational softwares ranging from 8.2(3) backward may allow the passage of packets before the tools load their security configurations. As such, the feature may allow remote users to bypass the security protocols by issuing significant network and traffic data before the device starts up to initiate bugs like Bug ID CSCsy86769 (Subramanian, 2015).

 

 

 

 

 

 

 

References

Murshed, S. M. (2017). An investigation of software vulnerabilities in open source software

projects using data from publicly-available online sources (Doctoral dissertation, Carleton University).

Perez-Botero, D., Szefer, J., & Lee, R. B. (2013, May). Characterizing hypervisor vulnerabilities

in cloud computing servers. In Proceedings of the 2013 international workshop on Security in cloud computing (pp. 3-10).

Subramanian, P. (2015). Security Content Metadata Model with an Efficient Search

Methodology for Real-Time Monitoring and Threat Intelligence. Retrieved 12(04), 2017.