What do the different values and information for vulnerabilities in "Vulnerability Tests" mean?

Avatar
Daniel Bezzina
Follow

Here is information about the different values and information for vulnerabilities on the "Vulnerability Tests" page.

The "Vulnerability Tests" contains vulnerabilities for network and web application scanning.

Title
The name/short description of the vulnerability.

Example: FOG Server Multiple Vulnerabilities

Severity level
The Holm Security VMP severity level that basically indicates how serious the vulnerability is. The severity level is a translation from CVSS Score (see "CVSS Base"). To quickly and easily recognize the level severity each level has a related color.

The severity levels and colors are as follows:

  • Info  Blue 
    A vulnerability that is not likely to mean that you are exposed to a potential threat.
  • Low  Green 
    Low level of severity. In most cases does not mean that you are exposed to a potential threat.
  • Medium  Yellow 
    Medium level of severity. Can mean that you are exposed to a potential threat.
  • High  Orange 
    High level of severity. In most cases you are exposed to a potential threat.
  • Critical  Red 
    Critical level of severity. You are exposed to a threat, only with some exceptions.

Example: Medium

Discovery method
Discover method describes what method that was used to discover the vulnerability.

  • Remote Only
    Detected only using remote, unauthenticated scanning.
  • Authenticated Only
    Detected only using authenticated scanning.
  • Remote or Authenticated
    Detected using remote, unauthenticated scanning or authenticated scanning.

Example: Remote

Authentication
Ignore, this information will be removed in later versions.

Published
The time for when the vulnerability was published.

Service modified
When the vulnerability was modified.

HID

The HID (Holm Security ID) is a unique identifier for all vulnerabilities in Holm Security VMP.

Example: HID-2-1-339509

Category
The category for the vulnerability.

Example: Windows

CVE ID
A unique ID for the vulnerability commonly used by different software providers and vendors. Read more about CVE here (external website):
https://en.wikipedia.org/wiki/CVSS

Example: CVE-2014-0224

Vendor reference
Information from the software provider or similar.

Example: http://www.securityfocus.com/bid/67899, http://openssl.org/

Bugtraq ID
Bugtraq ID is the unique ID given to vulnerabilities by SecurityFocus, read more here (external website):
http://www.securityfocus.com

Example: 67899

Patch available
If there’s a patch available.

CVSS Base
The Common Vulnerability Scoring System (CVSS) is an open framework for communicating the characteristics and severity of software vulnerabilities. CVSS consists of three metric groups: Base, Temporal, and Environmental. The Base group represents the intrinsic qualities of a vulnerability, the Temporal group reflects the characteristics of a vulnerability that change over time, and the Environmental group represents the characteristics of a vulnerability that are unique to a user's environment. The Base metrics produce a score ranging from 0.0 to 10.0, which can then be modified by scoring the Temporal and Environmental metrics. A CVSS score is also represented as a vector string, a compressed textual representation of the values used to derive the score.

The CVSS Score is translated into a severity level (see headline "Severity level") in Holm Security VMP to simplify the vulnerability levels.

Translation from CVSS Score to Holm Security severity levels:

  • 0: Info
  • 0,1–2,0: Low
  • 2,1–5,0: Medium
  • 5,1–8,0: High
  • 8,1–10: Critical

Example: 6,3

CVSS Access Vector
The access vector shows how a vulnerability may be exploited.

  • Local
    The attacker must either have physical access to the vulnerable system (e.g. firewire attacks) or a local account (e.g. a privilege escalation attack).
  • Adjacent Network
    The attacker must have access to the broadcast or collision domain of the vulnerable system (e.g. ARP spoofing, bluetooth attacks).
  • Network
    The vulnerable interface is working at layer 3 or above of the OSI Network stack. These types of vulnerabilities are often described as remotely exploitable (e.g. a remote buffer overflow in a network service)

Example: Network 

Software
The software concerned for the vulnerability.

Example: OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m and 1.0.1 before 1.0.1h

Impact
The impact the vulnerability have.

Example: Successfully exploiting this issue may allow attackers to obtain sensitive information by conducting a man-in-the-middle attack. This may lead to other attacks.

Solution
Solution for the vulnerability.

Example: Updates are available.

Detection

How the Holm Security script operates to find the vulnerability. 

Insight

Extended information on a more technical level, sometimes covering CVE specific cases for vulnerabilities titled as multiple.

Have more questions? Submit a request

0 Comments

Please sign in to leave a comment.