Question

In: Computer Science

Search for followings CVEs and list in order of CVSS and describe the vulnerabilities and how...

Search for followings CVEs and list in order of CVSS and describe the vulnerabilities and how to address these vulnerabilities.

CVE

Explanation with CVSS Score.

How you will address this vulnerability?

CVE-2017-11882

CVE-2017-17215

CVE-2019-2725

CVE-2017-0143

CVE-2014-8361

Solutions

Expert Solution

Common Vulnerability Scoring System , CVSS, is a vulnerability scoring system designed to provide an open and standardized method for rating IT vulnerabilities. CVSS helps organizations prioritize and coordinate a joint response to security vulnerabilities by communicating the base, temporal and environmental properties of a vulnerability.

CVE: The Common Vulnerabilities and Exposures (CVE) system provides a reference-method for publicly known information-security vulnerabilities and exposures. The National Cybersecurity FFRDC, operated by the Mitre Corporation, maintains the system, with funding from the National Cyber Security Division of the United States Department of Homeland Security.

CVE identifiers are intended for use with respect to identifying vulnerabilities:

Common Vulnerabilities and Exposures (CVE) is a dictionary of common names (i.e., CVE Identifiers) for publicly known information security vulnerabilities. CVE’s common identifiers make it easier to share data across separate network security databases and tools, and provide a baseline for evaluating the coverage of an organization’s security tools. If a report from one of your security tools incorporates CVE Identifiers, you may then quickly and accurately access fix information in one or more separate CVE-compatible databases to remediate the problem.[7]

Users who have been assigned a CVE identifier for a vulnerability are encouraged to ensure that they place the identifier in any related security reports, web pages, emails, and so on.

CVE-2017-11882: Microsoft Office Memory Corruption Vulnerability

Security Vulnerability

A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Exploitation of the vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Office or Microsoft WordPad software. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) containing a specially crafted file designed to exploit the vulnerability. An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file.

The security update addresses the vulnerability by correcting how the affected Office component handles objects in memory.

Here are some of the countermeasures that can be used against threats that use CVE-2017-11882:

  • Blacklist, restrict, and secure the use of command-line applications and system administration tools such as PowerShell
  • Make sure the system and its applications are patched and updated; consider virtual patching for legacy or end-of-life systems
  • Secure the email gateway—the aforementioned threats use email as their main entry point
  • Implement security mechanisms that can mitigate further exposure of sensitive data, such as network segmentation and data categorization
  • Reduce the attack surface by monitoring and blocking anomalous activities in the system or network—firewalls, sandboxes, as well as intrusion detection and prevention systems, help in this regard.

CVE-2017-17215 : CVE-2017-17215 Remote Code Execution Vulnerability.

It is prone to a remote code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will likely cause a denial-of-service condition.

Customers can take the following measures to circumvent or prevent the exploit of this vulnerability. For details, consult the local service provider or Huawei TAC.

(1)     Configure the built-in firewall function.

(2)     Change the default password.

(3)     Deploy a firewall at the carrier side.

CVE-2019-2725 :Vulnerability in the Oracle WebLogic Server

Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services). Supported versions that are affected are 10.3.6.0.0 and 12.1.3.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

Addressing CVE-2019-2725 Vulnerability:

Oracle has released an official fix for this vulnerability and it’s available here.

The following workaround steps are available for customers that are unable to apply the update from Oracle, and both of these steps must be performed:

  •     Delete the wls9_async_response.war, wls-wsat.war packages from the WebLogic server, and restart the Weblogic service.
  •     Restrict access to, or disable, the “/_async/*” and “/wls-wsat/” URL paths on the WebLogic server.

Patches released through the Security Alert program are provided only for product versions that are covered under the Premier Support or Extended Support phases of the Lifetime Support Policy. Oracle recommends that customers plan product upgrades to ensure that patches released through the Security Alert program are available for the versions they are currently running.

Product releases that are not under Premier Support or Extended Support are not tested for the presence of vulnerabilities addressed by this Security Alert. However, it is likely that earlier versions of affected releases are also affected by these vulnerabilities. As a result, Oracle recommends that customers upgrade to supported versions.

Database, Fusion Middleware, Oracle Enterprise Manager products are patched in accordance with the Software Error Correction Support Policy explained in My Oracle Support Note 209768.1.

CVE-2017-0143 : Windows SMB Remote Code Execution Vulnerability

The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to execute arbitrary code via crafted packets, aka "Windows SMB Remote Code Execution Vulnerability." This vulnerability is different from those described in CVE-2017-0144, CVE-2017-0145, CVE-2017-0146, and CVE-2017-0148.

A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 1.0 (SMBv1) server handles certain requests. An attacker who successfully exploited the vulnerability could gain the ability to execute code on the target server.

Addressing CVE 2017-0143 Vulnerability:

  • To exploit the vulnerability, in most situations, an authenticated attacker could send a specially crafted packet to a targeted SMBv1 server.
  • The security update addresses the vulnerability by correcting how SMBv1 handles these specially crafted requests.

CVE-2014-8361 :

The miniigd SOAP service in Realtek SDK allows remote attackers to execute arbitrary code via a crafted NewInternalClient request. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Realtek SDK. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the miniigd SOAP service. The issue lies in the handling of the NewInternalClient requests due to a failure to sanitize user data before executing a system call. An attacker could leverage this vulnerability to execute code with root privileges.

Addressing CVE-2014-8361 Vulnerability:

  • Given the stated purpose of Realtek SDK, and the nature of the vulnerability, the only salient mitigation strategy is to restrict interaction with the service to trusted machines. Only the clients and servers that have a legitimate procedural relationship with products using Realtek SDK service should be permitted to communicate with it. This could be accomplished in a number of ways, most notably with firewall rules/whitelisting.
  • Different devices using the Realtek SDK with the miniigd daemon are vulnerable to OS command injection in the UPnP SOAP interface. Since it is a blind OS command injection vulnerability, there is no output for the executed command. This Metasploit module has been tested successfully on a Trendnet TEW-731BR router with emulation.

Related Solutions

List and describe the ecents of hemostais in order
List and describe the ecents of hemostais in order
In a short paragraph, briefly describe the underlying vulnerabilities that led to the financial crisis of...
In a short paragraph, briefly describe the underlying vulnerabilities that led to the financial crisis of 2007-2008, and the regulatory changes that have been implemented to avoid a repeat of a similar crisis in the future.
Create a List object that uses the binary search algorithm to search for the string "A"....
Create a List object that uses the binary search algorithm to search for the string "A". Display a message box indicating whether the value was found. Language: C#
Use google to search for VPN uses. Make a list of how a company that hires...
Use google to search for VPN uses. Make a list of how a company that hires remote employees might us a VPN. What kinds of hardware and software do you need to run a VPN? List general steps to install and use a VPN. Describe security risks of using VPNs to a business. Submit your findings in a brief 250 word essay.
describe how the visual search lab is completed and the data collected
describe how the visual search lab is completed and the data collected
How reliable are the advisories of vendors regarding the vulnerabilities of their own systems?
How reliable are the advisories of vendors regarding the vulnerabilities of their own systems?
14. Describe three of the cognitive vulnerabilities associated with the development of depression. Include in your...
14. Describe three of the cognitive vulnerabilities associated with the development of depression. Include in your response evidence indicating the significant role distorted cognitive schemas play in developing a mood disorder. How would an individual at high risk for depression and one at low risk for depression differ in how they would think, say and act after a significant appointment (e.g., failing an exam, breakup of a relationship).
List the five steps in the risk management process (in order) and describe each one in...
List the five steps in the risk management process (in order) and describe each one in at least one sentence: (5 pts.) ________________________________________________________________________ ________________________________________________________________________ ________________________________________________________________________ ________________________________________________________________________ ________________________________________________________________________ The following is the probability distribution of rate of return for a particular stock: (5 pts.) Rate of Return Probability 20% 0.30 5% 0.40 -10% 0.30 What is the expected return of this stock? What is the standard deviation of the expected return? What is the confidence interval of the expected return within...
How format string vulnerabilities can be exploited for buffer overflow attacks?
How format string vulnerabilities can be exploited for buffer overflow attacks?
[DATA COMMUNICATIONS] What is a vulnerability? How are vulnerabilities dealt with and what are the possible...
[DATA COMMUNICATIONS] What is a vulnerability? How are vulnerabilities dealt with and what are the possible results of leaving systems vulnerable? If a system has no vulnerabilities how is it exploited? Define Social Engineering and the types of attacks that step from Social Engineering.
ADVERTISEMENT
ADVERTISEMENT
ADVERTISEMENT