Lucene search
Alexander LeonovAVLEONOV:98069D08913ADA26D85B10C827D3FE97HistoryFeb 11, 2020 - 1:46 p.m.
Is Vulnerability Management more about Vulnerabilities or Management?
2020-02-1113:46:54
Alexander Leonov
feedproxy.google.com
340
0.974 High
EPSS
Percentile
99.9%
Iβve just read a nice article about Vulnerability Management in the Acribia blog (in Russian). An extract and my comments below.
In the most cases Vulnerability Management is not about Vulnerabilities, but about Management. Just filtering the most critical vulnerabilities is not enough.
Practical Cases:
- βOh, yes, we know ourselves that that everything is bad!β - CVE-2013β4786 IPMI password hash disclosure on > 500 servers. Customer just accepted the risks, Acribia proposed an effective workaround (unbrutable user IDs and passwords)._ Itβs often hard to figure out right remediation measures and implement them. Someone should do it!_
- βWe can download OpenVAS without your help!β - CVE-2018-0171 Cisco Smart Install RCE on 350 hosts. Vulnerability detection rules of several Vulnerability Scanners were not good enough to detect this vulnerability. Do not rely on scanners, know how they work and their limitations.
- βIf the attackers wanted to hack us, they would have already done it!β - CVE-2017-0144 (MS17-010) Windows SMB RCE on domain controller and several other critical servers. Vulnerability was detected in infrastructure several times, the remediation was agreed with the management, but it was ignored by responsible IT guys. As a result, during the next successful WannaCry-like malware attack the servers, including the DC were destroyed. Vulnerability Management is about the willingness to patch anything, very quickly, as often as required. Otherwise, it makes no sense.
Related
attackerkb
attackerkb
f5
f5
K16846 : IPMI vulnerability CVE-2013-4786
2015-07-02 00:00:00
SOL16846 - IPMI vulnerability CVE-2013-4786
2015-07-02 00:00:00
ubuntucve
ubuntucve
CVE-2013-4786
2013-07-08 00:00:00
cve
cve
prion
prion
Authentication flaw
2013-07-08 22:55:00
Buffer overflow
2018-03-28 22:29:00
Remote code execution
2017-03-17 00:59:00
cvelist
cvelist
nvd
nvd
nessus
nessus
IPMI v2.0 Password Hash Disclosure
2014-12-18 00:00:00
Cisco IOS XE Software Smart Install Remote Code Execution Vulnerability
2018-03-29 00:00:00
Cisco IOS Software Smart Install Remote Code Execution Vulnerability
2018-03-29 00:00:00
securityvulns
securityvulns
saint
saint
Windows SMB PsImpersonateClient null token vulnerability
2017-07-13 00:00:00
Windows SMB PsImpersonateClient null token vulnerability
2017-07-13 00:00:00
Windows SMB PsImpersonateClient null token vulnerability
2017-07-13 00:00:00
malwarebytes
malwarebytes
Threat spotlight: the curious case of Ryuk ransomware
2019-12-12 22:33:53
trellix
trellix
How Groove Gang is Shaking up the RAAS to Empower Affiliates
2021-09-08 00:00:00
How Groove Gang is Shaking up the RAAS to Empower Affiliates
2021-09-08 00:00:00
seebug
seebug
Cisco Smart Install Remote Code Execution(CVE-2018-0171)
2018-03-29 00:00:00
ETERNALBLUE - Remote RCE via SMB & NBT (Windows XP to Windows 2012)
2017-04-15 00:00:00
thn
thn
Here's how hackers are targeting Cisco Network Switches in Russia and Iran
2018-04-09 09:48:00
Vulnerability Scanning Frequency Best Practices
2021-12-06 12:22:00
cisa_kev
cisa_kev
Microsoft SMBv1 Remote Code Execution Vulnerability
2022-02-10 00:00:00
cisco
cisco
packetstorm
packetstorm
Microsoft Windows 7/2008 R2 x64 EternalBlue Remote Code Execution
2017-05-20 00:00:00
Microsoft Windows 8/2012 R2 x64 EternalBlue Remote Code Execution
2017-05-20 00:00:00
DOUBLEPULSAR Payload Execution / Neutralization
2019-10-01 00:00:00
zdt
zdt
Microsoft Windows 7 / 2008 R2 (x64) - EternalBlue SMB Remote Code Execution (MS17-010) Exploit
2017-05-19 00:00:00
Microsoft Windows 8 / 2012 R2 (x64) - EternalBlue SMB Remote Code Execution (MS17-010) Exploit
2017-05-19 00:00:00
DOUBLEPULSAR - Payload Execution and Neutralization Exploit
2019-10-04 00:00:00
threatpost
threatpost
EternalBlue Exploit Used in Retefe Banking Trojan Campaign
2017-09-22 14:02:28
InvisiMole Group Resurfaces Touting Fresh Toolset, Gamaredon Partnership
2020-06-18 09:30:00
PyRoMine Uses NSA Exploit for Monero Mining and Backdoors
2018-04-26 18:21:13
mscve
mscve
Windows SMB Remote Code Execution Vulnerability
2017-03-14 07:00:00
checkpoint_advisories
checkpoint_advisories
Cisco Smart Install Remote Code Execution (CVE-2018-0171)
2018-04-02 00:00:00
Microsoft Windows SMB Remote Code Execution (MS17-010: CVE-2017-0144)
2017-03-14 00:00:00
avleonov
avleonov
Downloading entire Vulners.com database in 5 minutes
2017-08-09 17:49:03
Petya the Great and why *they* donβt patch vulnerabilities
2017-06-29 21:29:50
trendmicroblog
trendmicroblog
WannaCry & The Reality Of Patching
2017-05-15 00:46:55
kitploit
kitploit
Eternal - An internet scanner for Eternal Blue [exploit CVE-2017-0144]
2017-07-22 20:30:00
symantec
symantec
jvn
jvn
JVN#38752718: Multiple NEC Products vulnerable to authentication bypass
2021-01-04 00:00:00
fireeye
fireeye
rapid7blog
rapid7blog
Metasploit Wrap-Up
2021-03-05 17:20:43
Open-Source Security: Getting to the Root of the Problem
2022-01-19 18:02:43
Conti Ransomware Group Internal Chats Leaked Over Russia-Ukraine Conflict
2022-03-01 19:15:58
mmpc
mmpc
New ransomware, old techniques: Petya adds worm capabilities
2017-06-28 06:57:43
Ransomware 1H 2017 review: Global outbreaks reinforce the value of security hygiene
2017-09-06 14:58:36
When coin miners evolve, Part 2: Hunting down LemonDuck and LemonCat attacks
2021-07-29 19:00:59
ics
ics
cert
cert
BMC software fails to validate IPMI session.
2024-04-30 00:00:00
securelist
securelist
A mining multitool
2018-07-26 10:00:25
APT trends report Q2 2019
2019-08-01 10:00:05
qualysblog
qualysblog
Conti Ransomware
2021-11-18 17:17:56
Emotet Re-emerges with Help from TrickBot
2022-01-06 14:05:53
The Rise of Ransomware
2021-10-05 12:50:00
myhack58
myhack58
ibm
ibm
Security Bulletin: Multiple vulnerabilities in Cloud Pak System
2019-10-24 21:43:28
huawei
huawei
openvas
openvas
Microsoft Windows SMB Server Multiple Vulnerabilities-Remote (4013389)
2017-03-22 00:00:00
Microsoft Windows SMB Server Multiple Vulnerabilities (4013389)
2017-03-15 00:00:00
kaspersky
kaspersky
KLA10977 Multiple vulnerabilities in Microsoft Server Message Block (SMB)
2017-03-14 00:00:00
KLA11902 Multiple vulnerabilities in Microsoft Products (ESU)
2017-03-14 00:00:00
KLA10979 Multiple vulnerabilities in Microsoft Windows
2017-03-14 00:00:00
mskb
mskb
MS17-010: Description of the security update for Windows SMB Server: March 14, 2017
2017-03-14 07:00:00
MS17-010: Security update for Windows SMB Server: March 14, 2017
2017-03-14 00:00:00
March 2017 Security Only Quality Update for Windows Server 2012
2017-03-14 07:00:00
rapid7community
rapid7community
Vulnerability Management Tips for the Shadow Brokers Leaked Exploits
2017-05-24 23:14:26
Scanning and Remediating WannaCry/MS17-010 in InsightVM and Nexpose
2017-05-15 18:25:42
mssecure
mssecure
nvidia
nvidia
cisa
cisa
CISA Adds 15 Known Exploited Vulnerabilities to Catalog
2022-02-10 00:00:00
oracle
oracle
Oracle Critical Patch Update Advisory - April 2016
2016-04-19 00:00:00