This essay has been submitted by a student. This is not an example of the work written by professional essay writers.
Activities

Common Vulnerabilities and exposure

Admin 21 Apr 2024

Pssst… we can write an original essay just for you.

Any subject. Any type of essay. We’ll even meet a 3-hour deadline.

GET YOUR PRICE

writers online

Common Vulnerabilities and exposure

c). How many vulnerabilities were discovered for each host?

d).

e ). Definition 0of CVE- Common Vulnerabilities and exposure is a list of information security vulnerabilities and exposure that is publicly disclosed. It was established in 1999 to help identify and categorize common vulnerabilities in firmware and software. CVE guides corporations on how to improve their cybersecurity.

f). Definitions of terminologies used in CVE. Vulnerability- it is a weakness in the computational logic of software and some specific hardware component. The failings are exploited during a cyber attack and may grant unauthorized access to the system. Unauthorized actions will have negative impacts on integrity, confidentiality, or availability of the software component. To mitigate these vulnerabilities, the organization may change the coding or remove the affected protocol in its entirety.

Exposure- An exposure is a configuration mistake or issue in the software that allows access to capabilities and information that may aid hackers to access the system. Any configuration issue or misstate that cannot be directly used but could be used indirectly to help cyber attack is considered an exposure by the CVE. Any exposure is a violation of a reasonable security policy. Any state in a software system that allows the following is an exposure:

  • Aids an attack to hide activities
  • Aids in information gathering activities
  • Is used as a primary point of entry which the attacker may use to initiate a cyber attack

g). There were several vulnerabilities discovered in the Microsoft XP 2003 Service page 1. They include the XMLHTTP ActiveX controls in XML Core Services found in different Microsoft software allowed remote attackers to bypass Original Policy through a web page in Internet Explorer.

Remote attackers were allowed to execute arbitrary code or cause a denial of service by the informatiuonCardSigningHelper Class ActiveX controls found in Microsoft software. Local users were able to access sensitive information from kernel memory through crafted applications due to its failure to handle unspecified page-fault system calls. Remote attackers were allowed to execute arbitrary code through font data in a word document or web page due to unspecified vulnerability in the True Type font parsing engine, the vulnerability is known as TrueType Passing vulnerability. The MHTML Mime-Formatted Request Vulnerability was found, which allows remote attackers to conduct cross-site scripting attacks through then EMBED elements on the web page. There was a fax Cover Page Editor memory corruption vulnerability, which allows attackers to execute arbitrary code via fxscover.exe in Microsoft. The CSRSS Local Eop SrvSetConsoleLocalEUDC Vulnerability allowed attackers to cause denial 0of service via application creating incorrect memory assignment. Also, they found a Page-Transition memory corruption vulnerability, which allowed attackers to run arbitrary codes through vectors involving multiple crafted pages and websites.

h).the TLS protocol of Legacy Cisco ASA 5500 series had a vulnerability that could allow access of sensitive information by an unauthenticated, remote attacker. The attack is commonly known as the ROBOT attack. A vulnerable server could be run iteratively by the attacker performing cryptanalytic operations that could decrypt the previous TLS sessions.

Local users were allowed to gain privileges through unspecified vectors which, was approved by the vpnclient program in the Easy VPN component in Cisco ASA 5500 series devices.

During this analysis, it was discovered that all the Cisco ASA series 5500 devices running on software version before 8.2 version, allowed packets to pass before loading configurations. The exposure could allow remote attackers to bypass the required restrictions and access the network during device start-ups.

The above results indicate vulnerabilities and exposures found in the Microsoft XP 2003 and Cisco ASA 5500 Security+ at a different time of scanning.

  1. When you identify known software vulnerability, the impact of the risk can be assessed by Nessus scanners, which is capable of exposing thousands of issues. It then classifies the issues in the degree of risk severity such as Critical, High, Medium, and low. Nessus is accompanied by a Common Vulnerability Scoring System that classifies the degree of risk posed by the exposures and vulnerability to the software, giving scores to the weaknesses.

Nessus scanners can be used by the security professionals to detect system vulnerabilities and take countermeasures to address the risks hence protecting the integrity of the system. On the other hand, hackers may use the Nessus scanners to identify the potential entry points for cyber attacks.

  Remember! This is just a sample.

Save time and get your custom paper from our expert writers

 Get started in just 3 minutes
 Sit back relax and leave the writing to us
 Sources and citations are provided
 100% Plagiarism free
GET CUSTOM ESSAY
Copyright © 2016
error: Content is protected !!
×
Hi, my name is Jenn 👋

In case you can’t find a sample example, our professional writers are ready to help you with writing your own paper. All you need to do is fill out a short form and submit an order

Check Out the Form
Need Help?
Dont be shy to ask