The average hacker shopping list – the CVE

When i take an X-Rey my doctor sits me down and simply “roast” me with stuff like how

un-healthy i am, how i should stop eating sugar and maintain my heart and all these unimportant things,

just like my body has a doctor to tell him what’s wrong with him, so does the field of information security.

CVE who stands for Common Vulnerabilities and Exposures, is a system that shares and allows the public to read and learn about the best known vulnerabilities, threats and risks we have to deal with.

operated by the Mitre Corporation and funded by the United States Department of Homeland Security (woo fancy), this system is available to all while trying and trying to stay relevant with all the stuff being discovered daily.

The MITRE Corporation tags and document all those threats and vulnerabilities as identifiers usually named “CVE names”, “CVE numbers”, “CVE-IDs”, and “CVEs”, for example:

  • CVE-2020-12321 represent a CVE discovered in the year 2020 whose catalog number is 12321,the CVE talks about the improper buffer restriction in some Intel(R) Wireless Bluetooth(R) products before version 21.110 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access.
  • CVE-2021-0078 represent a CVE discovered in the year 2021 whose catalog number is 0078, the CVE talks about the improper input validation in software for some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi in Windows 10 may allow an unauthenticated user to potentially enable denial of service (DoS) or information disclosure via adjacent access

Each CVE discovered gets a CVSS “score”, this score is being given based on severity, relevance, and overall impact this CVE has on certain things, the rating goes from 1.0 (lowest) to 10.0 (highest), when CVE’s with a rating of 1.0 – 4.5 are considered “low” severity, 4.5 -7.0 are “medium” severity and 7.0 -10.0 are considered the most dangerous ones with a “high” severity.

Basically, thanks to the “good-guys” at MITRE Corporation we are able to know and defend ourselves from (the majority) of threats out there.

Let’s try and look at this subject from the perspective of the attacker –

Just like the CVE system can help us to protect ourselves, it does the exact opposite for the attacker,

it’s simply “giving” attackers and people who wish to exploit vulnerabilities a “guide-book”, it means that, if you as an attacker wants to “harm” a certain app, all you need to do is going into the system, and simply try different variations listed there which actually makes it difficult for organizations since they need to shield themselves from every CVE that lists on the site because they don’t know where is the next “blow” going to come from.

It allows the attacker to be better-prepared, know different kinds of attacks and methods, and in addition, the CVSS even “tells” them what are the best vulnerabilities they can try, download, distribute and analyze, and all of that? FOR FREE.

On the other hand, The CVE database allows organizations and companies to set a baseline for evaluating the coverage of their security tools, and, if they need to invest more\less on security, whether it means spending more resources or hiring more Cyber-Sec officials, those decisions will be based according to the threats currently relevant to them and the level of severity they need to deal with, the CVE system makes vulnerabilities and all sorts of attacks more “accessible” to the un-professional eye, it also compares different security tools (Kayran is probably first just saying).

In conclusion, my advises to you are:

  • Know your risks – not every CVE is relevant to your platform, or to the method you use to store data,

so calculate the resources you need to protect it accordingly.

  • Practice makes the battle easy – it’s always good to let your pen-testers and security experts to “train” constantly which makes them even better and faster in case the day comes.

All in all, you can take a pill for headaches or you can take a PRO PILL to help and ease your mind and save yourselves some math,

and, since the Kayran platform updates itself constantly and make assessments all the time, trust us, you won’t need this system.

As always, stay safe, choose Kayran.

SQLI to RCE

How to preform SQLI TO RCE? One of the most interesting and important things about any site is the database. So, it’s important to protect

Read More »