Questions tagged [vulnerability-assessment]

74 questions
108
votes
15 answers

How can I argue against: "System is unhackable so why patch vulnerabilities?"

An operating system has reached End of Support (EoS) so no more security patches are coming for the OS ever. An embedded device running this OS needs to be updated to a newer version. However, the engineers who designed the original product feel…
Ken
  • 1,091
  • 2
  • 6
  • 5
25
votes
4 answers

Should a vulnerability in a service that is present on the device, but not running and not used at all, be mentioned in the vulnerability report?

Say, I have scanned our Cisco Router, and it returned 20 vulnerabilities back. However, most of them are tied to specific services that this router is not running, for example CVE-2016-6380 - we are not running dns server on our cisco thus we are…
12
votes
2 answers

Tons of vulnerabilities are found on tcp/0 port using vulnerability scanners

Performed credentialed Vulnerability scan on linux/Unix servers by Nessus and thousand of vulnerability came out of port tcp/0. How could a IANA reserved port(tcp/0) handle traffic? Are those vulnerability truly countable or those came out as false…
9
votes
3 answers

Is "Discoverability = low" an acceptable reason to reduce the risk of a vulnerability?

The outdated DREAD risk model (wikipedia) lists Discoverability as a criteria for judging the severity of a vulnerability. The idea being that something which is not publicly known and you would be unlikely to discover without deep knowledge of the…
Mike Ounsworth
  • 57,707
  • 21
  • 150
  • 207
8
votes
1 answer

Security risks of using ffmpeg as part of web service

I'm working on a web service that uses ffmpeg on the backend for processing user uploaded media files. I'm giving the users some options to customize how their videos are processed, which is essentially parameterize the ffmpeg command. I'm planning…
leros
  • 183
  • 1
  • 5
6
votes
1 answer

What exactly is CVE-2021-23978 (from MSFA2021-08 in Mozilla Firefox)?

A number of vulnerabilities were fixed in Firefox in the latest update. MSFA2021-08 describes it only as "memory issues that may be exploitable", and doesn't give any information: Mozilla developers Alexis Beingessner, Tyson Smith, Nika Layzell,…
forest
  • 64,616
  • 20
  • 206
  • 257
5
votes
2 answers

Vulnerable framework and IIS server version's are being displayed in an error page of a 3rd party application

As security tester, I need to report and justify that a security misconfiguration in a 3rd party application is a risk to us. Following is the scenario: 1.) There is a 3rd party application which the customers use to submit their applications to…
5
votes
2 answers

Why are the CVSS scores differ so much between Redhat and NVD page?

take CVE-2016-7872 for example. in National Vulnerability Database webpage, we can see that the cvss2 and cvss3 score are 9.8 and 10.0 respectively. but in the redhat security advisory page, they are 6.8 and 8.8. To my understanding, cvss score are…
5
votes
2 answers

How do pentesters approach a large complex network?

Lots of books talk about using tools such as whois and other information gathering tools to collect information on the network and of course, not forgetting nmap. However, in a real network with such a large number of hosts, wouldn't there be an…
4
votes
2 answers

OpenVAS won't generate SCAP Database

To deploy OpenVAS to Virtual machines I've been using Ansible for a while and it worked pretty well. Now today I wanted to deploy it to another machine but the openvas-check-setup script keeps telling me that the setup isn't yet finished because the…
4
votes
3 answers

How to maintain balance between integrity and client satisfaction in vulnerability assessments

I have done a number of vulnerability assessments and I'm noticing a trend. In the first assessment the clients are impressed and grateful for the massive security holes I find. During the second and third assessments, they feel frustrated because…
user3280964
  • 1,130
  • 2
  • 7
  • 13
4
votes
2 answers

Buffer Overflow doesn't have enough space for exploit after being crashed

So I'm trying to write a buffer overflow for a knowingly vulnerable server application, I want to learn how to do this on my own and just want some direction. I'm watching it in immunity debugger on the server and have control over the ECX, EBP, and…
4
votes
2 answers

Way of categorising and organising types of security issues and areas

I have recently done a security review and uncovered 200 or so areas to improve upon covering a very diverse range of topics; Some points are process, some are config, some are new systems to be implemented. Everything from SAST, architecture to…
3
votes
4 answers

Risk of web admin portal without extra authentication steps

more of a philosophical question, suppose there is one behavior which allows an attacker to do something with high impact but by itself cannot be used to cause that impact. For example, internet accessible admin portal which even though still…
thevpt
  • 31
  • 1
3
votes
0 answers

Version earlier than 0 in Debian OVAL feeds

I'm trying to parse Debian OVAL feeds to establish if some packages are vulnerable or not. I'm using criterions to establish what's the vulnerable version for a package, however often there are entries saying that "version is earlier than 0", e.g. …
1
2 3 4 5