In: Computer Science
Search for followings CVEs and list in order of CVSS and describe the vulnerabilities and how to address these vulnerabilities.
CVE |
Explanation with CVSS Score. |
How you will address this vulnerability? |
CVE-2017-11882 |
||
CVE-2017-17215 |
||
CVE-2019-2725 |
||
CVE-2017-0143 |
||
CVE-2014-8361 |
Common Vulnerability Scoring System , CVSS, is a vulnerability scoring system designed to provide an open and standardized method for rating IT vulnerabilities. CVSS helps organizations prioritize and coordinate a joint response to security vulnerabilities by communicating the base, temporal and environmental properties of a vulnerability.
CVE: The Common Vulnerabilities and Exposures (CVE) system provides a reference-method for publicly known information-security vulnerabilities and exposures. The National Cybersecurity FFRDC, operated by the Mitre Corporation, maintains the system, with funding from the National Cyber Security Division of the United States Department of Homeland Security.
CVE identifiers are intended for use with respect to identifying vulnerabilities:
Common Vulnerabilities and Exposures (CVE) is a dictionary of common names (i.e., CVE Identifiers) for publicly known information security vulnerabilities. CVE’s common identifiers make it easier to share data across separate network security databases and tools, and provide a baseline for evaluating the coverage of an organization’s security tools. If a report from one of your security tools incorporates CVE Identifiers, you may then quickly and accurately access fix information in one or more separate CVE-compatible databases to remediate the problem.[7]
Users who have been assigned a CVE identifier for a vulnerability are encouraged to ensure that they place the identifier in any related security reports, web pages, emails, and so on.
CVE-2017-11882: Microsoft Office Memory Corruption Vulnerability
Security Vulnerability
A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Exploitation of the vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Office or Microsoft WordPad software. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) containing a specially crafted file designed to exploit the vulnerability. An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file.
The security update addresses the vulnerability by correcting how the affected Office component handles objects in memory.
Here are some of the countermeasures that can be used against threats that use CVE-2017-11882:
CVE-2017-17215 : CVE-2017-17215 Remote Code Execution Vulnerability.
It is prone to a remote code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will likely cause a denial-of-service condition.
Customers can take the following measures to circumvent or prevent the exploit of this vulnerability. For details, consult the local service provider or Huawei TAC.
(1) Configure the built-in firewall function.
(2) Change the default password.
(3) Deploy a firewall at the carrier side.
CVE-2019-2725 :Vulnerability in the Oracle WebLogic Server
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services). Supported versions that are affected are 10.3.6.0.0 and 12.1.3.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
Addressing CVE-2019-2725 Vulnerability:
Oracle has released an official fix for this vulnerability and it’s available here.
The following workaround steps are available for customers that are unable to apply the update from Oracle, and both of these steps must be performed:
Patches released through the Security Alert program are provided only for product versions that are covered under the Premier Support or Extended Support phases of the Lifetime Support Policy. Oracle recommends that customers plan product upgrades to ensure that patches released through the Security Alert program are available for the versions they are currently running.
Product releases that are not under Premier Support or Extended Support are not tested for the presence of vulnerabilities addressed by this Security Alert. However, it is likely that earlier versions of affected releases are also affected by these vulnerabilities. As a result, Oracle recommends that customers upgrade to supported versions.
Database, Fusion Middleware, Oracle Enterprise Manager products are patched in accordance with the Software Error Correction Support Policy explained in My Oracle Support Note 209768.1.
CVE-2017-0143 : Windows SMB Remote Code Execution Vulnerability
The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to execute arbitrary code via crafted packets, aka "Windows SMB Remote Code Execution Vulnerability." This vulnerability is different from those described in CVE-2017-0144, CVE-2017-0145, CVE-2017-0146, and CVE-2017-0148.
A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 1.0 (SMBv1) server handles certain requests. An attacker who successfully exploited the vulnerability could gain the ability to execute code on the target server.
Addressing CVE 2017-0143 Vulnerability:
CVE-2014-8361 :
The miniigd SOAP service in Realtek SDK allows remote attackers
to execute arbitrary code via a crafted NewInternalClient request.
This vulnerability allows remote attackers to execute arbitrary
code on vulnerable installations of the Realtek SDK. Authentication
is not required to exploit this vulnerability.
The specific flaw exists within the miniigd SOAP service. The issue
lies in the handling of the NewInternalClient requests due to a
failure to sanitize user data before executing a system call. An
attacker could leverage this vulnerability to execute code with
root privileges.
Addressing CVE-2014-8361 Vulnerability: