Common Vulnerabilities

Below you will find a some of the most common vulnerabilities and a brief description of them. These are ones that we should be on the look out for when searching for vulnerabilities. In the next module we will look at exploiting some of these vulnerabilities, but we should become familiar with them before doing so. Please read below for a brief description of them. 

Missing Patches: The system or application is missing various security patches that have been released. 

Missing Updates: The system or application is missing various updates that have been released.

Misconfigurations: A system or service is not configured correctly and provides access that it should not provide. For example, a SMB Share that shares the /etc/ directory which contains the /etc/passwd and /etc/shadow files. The sysadmin might have wished to share other parts of the filesystem, but also by accident shared the /etc directory. 

Unsupported OS/Application: The OS has become end of life or the application is not longer supported. This means they will not receive updates to fix any known issues.

Buffer Overflow: This is when you can place more data into an area of memory that what was allocated. The goal is to overwrite other information in memory to execute instructions to start a different process. 

Privilege Escalation: The goal is to gain higher privilege and more access to the system. Most times a system is compromised at a lower level and a privilege escalation vulnerability needs to be found to gain more access.

Arbitrary Code Execution: The attacker is allowed to run any code they wish on the system. 

Hardware/Firmware Vulnerabilities: Sometimes a vulnerability can be found within hardware. Two major ones were found in the last several years: Spectre and Meltdown. 

Insecure Protocols: Older protocols did not take security into account, so they might not have been using encryption. For example, FTP should no longer be used and should be replaced with FTPS or SFTP. 

Outdated SSL/TSL Version: SSL is no longer considered secure and TSL should be used in place. Older versions of TSL are also not secure and can be prone to eavesdropping attacks. TSL version 1.2 should be used.

Insecure SSL/TSL Cipher: SSL and TSL use cryptograhic ciphers to secure network communication. Though, not all cryptographic ciphers are secure and some contain vulnerabilities. It might be possible to get a client/server to agree upon using an insecure cipher. 

SSL/TSL Certificate Issues: Various issues could be noticed with a certificate on a website. Some of the common ones are a mismatch between a name on the cert and the name of the server, the digital certificate has expired or an unknown Certificate Authority was used. 

Virtual Machines: Virtual Machines are extremely popular and several issues exist with VMs. Not only do you need to make sure the OS is patched of the VM, but you also need to make sure you hypervisor is also updated. VM Escape is another vulnerability where the attacker has access to a VM running on a host and they are able to gain access and intrude on resources assigned to a different VM. Type-1 Hypervisors also have a management interface and access ot this needs to be tightly controlled.  Weak and shared passwords present an issue to the management interface.