head first cve
play

Head First CVE Ken Lee @echain + Who is Ken? * Former Product - PowerPoint PPT Presentation

Aug 02, 2023 •37 likes •907 views

A Brain-Friendly Guide Head First CVE Ken Lee @echain + Who is Ken? * Former Product Developer * Chief Security Officer (WIP) * Head of Synology SIRT https://www.synology.com/security + 2013 T he P hantom M enace * Started working in 2013/01 * No

  1. A Brain-Friendly Guide Head First CVE Ken Lee @echain

  2. + Who is Ken? * Former Product Developer * Chief Security Officer (WIP) * Head of Synology SIRT

  3. https://www.synology.com/security

  4. + 2013 T he P hantom M enace * Started working in 2013/01 * No developer to respond to vulnerabilities * Lacked a sense of cybersecurity * High-profile CVEs were notified by customers

  5. + 2014 R evenge of the S ith * Severely affected by you-know-who * Built a working group for cybersecurity * Deployed security mitigations to DSM 5 * Built private Bounty Program

  6. + 2016 T he E mpire S trikes B ack * Built Vulnerability Response Program * Built invitation-only Bounty Program * Reported critical flaws of Photo Station * Disclosed vulnerabilities w/o confirmation

  7. + 2017 R eturn of the J edi * Authorized as the CNA * Built Incident Response Program * Announced Security Bug Bounty Program * Built Product Security Assurance Program

  8. + Agenda * 00 | Common Vulnerabilities and Exposures * 01 | CVE Numbering Authority * 10 | Phrasing and Counting Rules * 11 | Tool for dummies

  9. https://cve.mitre.org/news/archives/2019/news.html

  16. https://cve.mitre.org/cve/cna/rules.html

  17. https://cve.mitre.org/cve/cna/rules.html

  18. [CWE] in [CPE] allows [ATTACKER] to have IMPACT via [CAPEC].

  19. + MITRE’s Template * [VULNTYPE] in [COMPONENT] in [VENDOR] * [PRODUCT] [VERSION] allows [ATTACKER] * to [IMPACT] via [VECTOR]. * [COMPONENT] in [VENDOR] [PRODUCT] * [VERSION] [ROOT CAUSE], which allows * [ATTACKER] to [IMPACT] via [VECTOR]. https://cveproject.github.io/docs/content/key-details-phrasing.pdf

  28. + Version * List vulnerable version * - 1.2.3 * - 1.2.3, 2.3.1, and 3.1.2

  29. + Version * List vulnerable version * Earlier versions are affected * - 1.2.3 and earlier * - 1.2.3, 2.3.1, 3.1.2, and earlier

  30. + Version * List vulnerable version * Earlier versions are affected * Fixed or updated version * - before 1.2.3 * - before 1.2.3, 2.x before 2.3.1, and 3.x before 3.1.2

  31. + Version * List vulnerable version * Earlier versions are affected * Fixed or updated version * Vulnerable range * - 1.2.1 through 1.2.3 * - 1.2.1 through 1.2.3 and 2.0.1 through 2.3.1

  32. https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

  33. + Attacker * Remote attackers * - AV:N * Remote authenticated users * - AC:L * Local users * - PR:N * Physically proximate attackers * Man-in-the-middle attackers

  34. + Attacker * Remote attackers * - AV:N * Remote authenticated users * - AC:L * Local users * - PR:L * Physically proximate attackers * Man-in-the-middle attackers

  35. + Attacker * Remote attackers * - AV:L * Remote authenticated users * - AC:L * Local users * - PR:L * Physically proximate attackers * Man-in-the-middle attackers

  36. + Attacker * Remote attackers * - AV:P * Remote authenticated users * - AC:L * Local users * - PR:N * Physically proximate attackers * Man-in-the-middle attackers

  37. + Attacker * Remote attackers * - AV:N * Remote authenticated users * - AC:H * Local users * - PR:N * Physically proximate attackers * Man-in-the-middle attackers

  38. + Attacker * Remote [TYPE] servers * Guest OS users * Guest OS administrators * Context-dependent attackers * [EXTENT] user-assisted [ATTACKER] * Attackers

  46. https://devco.re/blog/2019/11/11/HiNet-GPON-Modem-RCE/

  52. + CVE-2019-13411 (TWCERT/CC) An “invalid command” handler issue was discovered in HiNet GPON firmware < I040GWR190731. It allows an attacker to execute arbitrary command through port 3097. CVSS 3.0 Base score 10.0. CVSS vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H) .

  53. [VULNTYPE] in [COMPONENT] in [VENDOR] [PRODUCT] [VERSION] allows [ATTACKER] to [IMPACT] via [VECTOR].

  54. + CVE-2019-13411 (Revised) OS command injection vulnerability in omcimain in HiNet GPON firmware before I040GWR190731 allows remote attackers to execute arbitrary command via port 3097.

  55. + Cross-site Scripting (1-1) Cross-site scripting (XSS) vulnerability in [COMPONENT] in [VENDOR] [PRODUCT] [VERSION] allows remote attackers to inject arbitrary web script or HTML via the [PARAM] parameter.

  56. + Cross-site Scripting (1-N) Multiple cross-site scripting (XSS) vulnerabilities in [VENDOR] [PRODUCT] [VERSION] allow remote attackers to inject arbitrary web script or HTML via the [PARAM] parameter to (1) [COMPONENT 1 ] , (2) [COMPONENT 2 ] , ..., or (n) [COMPONENT n ] .

  57. + Cross-site Scripting (N-1) Multiple cross-site scripting (XSS) vulnerabilities in [COMPONENT] in [VENDOR] [PRODUCT] [VERSION] allow remote attackers to inject arbitrary web script or HTML via the [PARAM 1 ] , (2) [PARAM 2 ] , ..., or (n) [PARAM n ] parameter.

  58. + Cross-site Scripting (N-N) Multiple cross-site scripting (XSS) vulnerabilities in [VENDOR] [PRODUCT] [VERSION] allow remote attackers to inject arbitrary web script or HTML via the (1) [PARAM 1 ] or (2) [PARAM 2 ] parameter to [COMPONENT 1 ] ; the (3) [PARAM 3 ] parameter to [COMPONENT 2 ] ; ...; or (n) [PARAM n ] parameter to [COMPONENT m ] .

  59. + SQL Injection (1-1) SQL injection vulnerability in [COMPONENT] in [VENDOR] [PRODUCT] [VERSION] allows [ATTACKER] to execute arbitrary SQL commands via the [PARAM] parameter.

  60. + SQL Injection (1-N) Multiple SQL injection vulnerabilities in [VENDOR] [PRODUCT] [VERSION] allow [ATTACKER] to execute arbitrary SQL commands via the [PARAM] parameter to (1) [COMPONENT 1 ] , (2) [COMPONENT 2 ] , ..., or (n) [COMPONENT n ] .

  61. + SQL Injection (N-1) Multiple SQL injection vulnerabilities in [COMPONENT] in [VENDOR] [PRODUCT] [VERSION] allow [ATTACKER] to execute arbitrary SQL commands via the (1) [PARAM 1 ] , (2) [PARAM 2 ] , ..., or (n) [PARAM n ] parameter.

  62. + SQL Injection (N-N) Multiple SQL injection vulnerabilities in [VENDOR] [PRODUCT] [VERSION] allow [ATTACKER] to execute arbitrary SQL commands via the (1) [PARAM 1 ] or (2) [PARAM 2 ] parameter to [COMPONENT 1 ] ; the (3) [PARAM 3 ] parameter to [COMPONENT 2 ] ; ...; (n) [PARAM n ] parameter to [COMPONENT m ] .

  63. + Counting Decisions * CNT1 | Independently Fixable * CNT2 | Vulnerability * - CNT2.1 | Vendor Acknowledgment * - CNT2.2A | Claim-Based * - CNT2.2B | Security Model-Based

  64. + Counting Decisions * CNT3 * - Shared Codebase * - Libraries, Protocols, or Standards

  65. + Inclusion Decisions * INC1 | In Scope of Authority * INC2 | Intended to be Public * INC3 | Installable / Customer-Controlled Software * INC4 | Generally Available and Licensed Product * INC5 | Duplicate

  66. + Edge Cases * MD5 / SHA-1 * Default Credentials * Cloudbleed * End-of-life products

  67. + Edge Cases * MD5 / SHA-1 * Default Credentials * Cloudbleed * End-of-life products

  68. + Edge Cases * MD5 / SHA-1 * Default Credentials * Cloudbleed * End-of-life products

  69. + Edge Cases * MD5 / SHA-1 * Default Credentials * Cloudbleed * End-of-life products

  74. + Update CVE Entries * Reject * - Not a vulnerability (fails CNT2) * - Not to make the vulnerability public (fails INC2) * - Not customer controlled (fails INC3) * - Not generally available (fails INC4)

  75. + Update CVE Entries * Reject * Merge * - Not independently fixable (fails CNT1) * - Result of shared codebase, library, etc. (fails CNT3) * - Duplicate assignment (fails INC5)

  76. + Update CVE Entries * Reject * Merge * Split * - Contains interpedently fixable bugs (passes CNT1) * - Not share a codebase (fails CNT3) * - To be implementation specific (fails CNT3)

  77. + Update CVE Entries * Reject * Merge * Split * Dispute * - Validity of the vulnerability is questioned

  78. + Update CVE Entries * Reject * Merge * Split * Dispute * Partial Duplicate

  84. + Catch 'Em All * How CVE and CNA works

  85. + Catch 'Em All * How CVE and CNA works * Why Synology want to be a CNA * - Expertise around products within our scope * - Control the disclosure policy and procedure

  86. + Catch 'Em All * How CVE and CNA works * Why Synology want to be a CNA * How to write CVE descriptions * - CWE / CPE * - Version * - Attacker

  87. + Catch 'Em All * How CVE and CNA works * Why Synology want to be a CNA * How to write CVE descriptions * CVE counting rules * - Counting decisions * - Inclusion decisions

Recommend

Head Start and Early Head Start What is Head Start? Head Start is a federal program that

Head Start and Early Head Start What is Head Start? Head Start is a federal program that

Head Start and Early Head Start What is Head Start? Head Start is a federal program that promotes the school readiness of children ages birth to 5 from low-income families by enhancing their cognitive, social and emotional development.

318 views • 8 slides
Welcome to Y10 Guidance Evening Mrs Donlon Deputy Headteacher Mr Gunning Head of

Welcome to Y10 Guidance Evening Mrs Donlon Deputy Headteacher Mr Gunning Head of

Welcome to Y10 Guidance Evening Mrs Donlon Deputy Headteacher Mr Gunning Head of Maths Mr Macaulay Head of Science Mr Trevelyan Head of RE Mrs Robertson Head of English Mr Goodland Head of Year 10 The Y10

315 views • 27 slides
Head ad an and d Ne Neck Chapter 10 1 The Head and Neck Ch 10 INHIRAH QADRI Head

Head ad an and d Ne Neck Chapter 10 1 The Head and Neck Ch 10 INHIRAH QADRI Head

Head ad an and d Ne Neck Chapter 10 1 The Head and Neck Ch 10 INHIRAH QADRI Head Cranial bones Sutures Facial bones Structure and Function 3 Facial expressions are formed by the facial muscles Head Mediated

848 views • 33 slides
Head Lice 101 An Overview for Parents, Teachers and Communities Head Lice Fast Facts Head

Head Lice 101 An Overview for Parents, Teachers and Communities Head Lice Fast Facts Head

Head Lice 101 An Overview for Parents, Teachers and Communities Head Lice Fast Facts Head lice are a common community issue In the United States, an estimated 6 to 12 million lice infestations occur each year among children aged 3 to 11

445 views • 10 slides
17.08.20 OPPORTUNITY DAY Every Team Needs a Great Leader But they also need a Good Team.

17.08.20 OPPORTUNITY DAY Every Team Needs a Great Leader But they also need a Good Team.

17.08.20 OPPORTUNITY DAY Every Team Needs a Great Leader But they also need a Good Team. Meet our TEAM. TEAM LINEUP Head of Operations Head of Expansion Head of Apple Business Head of True Business Head of E-Commerce Head of Brand

604 views • 41 slides
In this video The three head positions Head positions There are three typical head

In this video The three head positions Head positions There are three typical head

In this video The three head positions Head positions There are three typical head positions: crown bregma back of crown In the next video Evaluating a students ability to do headstand

57 views • 3 slides
Welcomes 1 www.rudrabuildwell.com rbd@rudrabuildwell.com Managing Director Business Head .

Welcomes 1 www.rudrabuildwell.com rbd@rudrabuildwell.com Managing Director Business Head .

Welcomes 1 www.rudrabuildwell.com rbd@rudrabuildwell.com Managing Director Business Head . Head- Head- CRM/ Head- Head- F &amp; A Head- Sales Head- HR Projects RCP Marketing 2 www.rudrabuildwell.com rbd@rudrabuildwell.com Vis

640 views • 22 slides
The Disabled Patient Head Injuries Head Injuries - Head Injuries, Dont change who

The Disabled Patient Head Injuries Head Injuries - Head Injuries, Dont change who

The Disabled Patient Head Injuries Head Injuries - Head Injuries, Dont change who you are, they just intensify who you are. Physiatrist: Dr. Bob Haile, MMC -Routines become very important and changes in a routine can be

696 views • 47 slides
From Head to Toe: Integrated Care to Meet the Whole Person s Needs From Head to Toe:

From Head to Toe: Integrated Care to Meet the Whole Person s Needs From Head to Toe:

From Head to Toe: Integrated Care to Meet the Whole Person s Needs From Head to Toe: Trip Gardner, MD Becky Hayes Boober, PhD Medical Director of Senior Program Officer

1.31k views • 77 slides
Triple Science Head of science Miss White Head of Biology Mr Bristoll Head of Physics

Triple Science Head of science Miss White Head of Biology Mr Bristoll Head of Physics

Triple Science Head of science Miss White Head of Biology Mr Bristoll Head of Physics Mr Yapp Head of Chemistry Miss Sumner Why take triple science? Cover more content than combined science, Better prepared if you want to

410 views • 12 slides
SESSION YEAR HEAD ADDRESS 7 February 2020 Contact details of Year Head (YH) &amp; Assistant

SESSION YEAR HEAD ADDRESS 7 February 2020 Contact details of Year Head (YH) &amp; Assistant

MEET-THE-PARENTS SESSION YEAR HEAD ADDRESS 7 February 2020 Contact details of Year Head (YH) &amp; Assistant Year Head (AYH) Year Head : Mrs Suzanna Bambang (P6) suzanna_abdul_rahim@schools.gov.sg Assistant Year Head : Miss

507 views • 38 slides
New generation FIA Approved Head and Neck Restraints FHR HNRS Frontal Head Restraint Head and

New generation FIA Approved Head and Neck Restraints FHR HNRS Frontal Head Restraint Head and

New generation FIA Approved Head and Neck Restraints FHR HNRS Frontal Head Restraint Head and Neck Restraint An Explanation of the increased protection angles with a Simpson Hybrid System The Simpson Hybrid Range High quality carbon

541 views • 16 slides
Head Start to Early Head Start Conversions Kay Willmoth, Regional Program Manager, Region V

Head Start to Early Head Start Conversions Kay Willmoth, Regional Program Manager, Region V

Head Start to Early Head Start Conversions Kay Willmoth, Regional Program Manager, Region V Office of Head Start March 9, 2015 Authority for Conversions Sections 640(f)(2)(B) and 645(a)(5) of the Head Start Act allow any Head Start grantee the

790 views • 23 slides
EVENTS AND CELEBRATIONS THE BULLS HEAD WWW.THEBULLSHEADMERIDEN.CO.UK WELCOME TO THE

EVENTS AND CELEBRATIONS THE BULLS HEAD WWW.THEBULLSHEADMERIDEN.CO.UK WELCOME TO THE

EVENTS AND CELEBRATIONS THE BULLS HEAD WWW.THEBULLSHEADMERIDEN.CO.UK WELCOME TO THE BULLS HEAD Located in the village of Meriden, Tie Bulls Head is the ideal venue for your next event or celebration. Situated in what is claimed to be

306 views • 6 slides
Head Lice Presentation Patricia Guenther RN, BSN Aviano Elementary School What are Head Lice?

Head Lice Presentation Patricia Guenther RN, BSN Aviano Elementary School What are Head Lice?

Head Lice Presentation Patricia Guenther RN, BSN Aviano Elementary School What are Head Lice? Head Lice are a tiny, wingless parasitic insect that live among human hair and feeds on tiny amounts of blood drawn from the scalp. Life Cycle

403 views • 21 slides
Ms Rodrigues Miss Franklin Miss Moser Mr White Head of Head of Head of Sixth Form Sixth

Ms Rodrigues Miss Franklin Miss Moser Mr White Head of Head of Head of Sixth Form Sixth

Ms Rodrigues Miss Franklin Miss Moser Mr White Head of Head of Head of Sixth Form Sixth Form Year 13 Year 12 Administrator To get academic qualificati alifications ons? A stepping stone to university niversity or a job? To

567 views • 27 slides
Main Title Head Lice 101 Description An Overview for Parents, Teachers &amp; Communities Head

Main Title Head Lice 101 Description An Overview for Parents, Teachers &amp; Communities Head

Main Title Head Lice 101 Description An Overview for Parents, Teachers &amp; Communities Head Lice Fast Facts Head lice are a common community issue In the United States, an estimated 6 to 12 million lice infestations occur each year

256 views • 10 slides
3 HS HSC 2020 Head Head Star art t Lec ectur ture PD PD/H/PE: PE: Cor Core Top opics

3 HS HSC 2020 Head Head Star art t Lec ectur ture PD PD/H/PE: PE: Cor Core Top opics

3 HS HSC 2020 Head Head Star art t Lec ectur ture PD PD/H/PE: PE: Cor Core Top opics Introd oduction on Presented by: Lucy DaSilva Who Am I? Graduated in 2017 with an ATAR of 97.70 My subjects: Mathematics English Advanced

1.72k views • 127 slides
Social-Emotional Health in Head Start Head Start in NC (2016-2017) Programs 53 Centers ~450

Social-Emotional Health in Head Start Head Start in NC (2016-2017) Programs 53 Centers ~450

Social-Emotional Health in Head Start Head Start in NC (2016-2017) Programs 53 Centers ~450 Total Children 25,925 Head Start (3-5) 20,122 Early Head Start (0-3) 5,531 Trauma in Head Start 85% of children had experienced one or more

369 views • 20 slides
Dr S.D. Smallwood - Head Master Mrs H.J. Taylor - Head of Year 7 &amp; 8 How to find out more

Dr S.D. Smallwood - Head Master Mrs H.J. Taylor - Head of Year 7 &amp; 8 How to find out more

Open Afternoons Summer 2018 Dr S.D. Smallwood - Head Master Mrs H.J. Taylor - Head of Year 7 &amp; 8 How to find out more Sources of Information: Website - www.bws-school.org/admissions Email admissions@bws.wilts.sch.uk Twitter -

625 views • 15 slides
Year 10 Parents Information Evening Key Staff Head of School (KS4) Mrs McLaren

Year 10 Parents Information Evening Key Staff Head of School (KS4) Mrs McLaren

Year 10 Parents Information Evening Key Staff Head of School (KS4) Mrs McLaren Head of English - Mrs MacDonald Head of Year Mr Joiner Second in Department English - Ms Earle Head of Maths Miss Lord Assistant

703 views • 47 slides
HPV Testing in Head and Neck Think before you order p16 Cancer Annemieke van Zante MD/PhD Head

HPV Testing in Head and Neck Think before you order p16 Cancer Annemieke van Zante MD/PhD Head

5/27/2017 HPV Testing in Head and Neck Think before you order p16 Cancer Annemieke van Zante MD/PhD Head &amp; Neck Pathology and Cytopathology The WHO Head and Neck 2017 Disclosures I have nothing to disclose Oropharygeal squamous cell

304 views • 11 slides
Welcome Introduction Deep dives: DTV business Landlord business Q&amp;A 2

Welcome Introduction Deep dives: DTV business Landlord business Q&amp;A 2

S ELL SIDE ANALYST LUNCH Attending: Anders Nilsson - CEO Mikael Larsson - CFO Jon James - COO Petra von Rohr - Head of Group Communication Stefan Trampus - Head of Sales Tobias Lennr - New CEO of Phonera (B2B) Caroline Tivus - Head of

519 views • 26 slides
Head Lice Prevention and Treatment Ruth-Anne Morris Public Health Nurse September 2013 How Is

Head Lice Prevention and Treatment Ruth-Anne Morris Public Health Nurse September 2013 How Is

Head Lice Prevention and Treatment Ruth-Anne Morris Public Health Nurse September 2013 How Is Head Lice Spread? Head lice spread through direct contact among children (head-to-head),or indirectly on items such as : hats, combs, hairbrushes,

324 views • 18 slides

More recommend