Vulnerability Management
The views under Vulnerability Management bring together all information about detected Common Vulnerable Exposures (CVEs), as well as possible vulnerabilities in your IT, in one central location.
CVE-Cockpit
Evaluation
At a glance you can see which softwares are particularly affected by CVEs. On the one hand you get a pie chart of the 10 softwares with the highest CVE vulnerability. While on the other side you get the listing of the 10 softwares with the most dangerous CVEs. The assigned vulnerability of these can be traced back to the associated Common Vulnerability Exoposure Scoring System (CVSS) score. Especially high CVE scores require your attention and possibly a review of your previous patch management.
Here you will find the CVEs with the highest occurrence on your systems, the criticality level behind them refers to the classification according to the CVSS score. Next to it is the summed risk level, which is the result of the original CVSS score times the number of affected hosts.
Use the additional view to get a quick overview of the most dangerous vulnerabilities in your IT. By looking at the detailed view, you can see which assets are affected by them and where your next priorities should be.
The overview presented here is particularly useful for checking your own security measures for success. The breakdown of CVEs found according to urgency gives you a good overall view of the actual security status of your IT.
This section informs you about those assets that have the highest overall risk score when summing up your CVEs and the corresponding CVSS score. In the right view you will find this information visualized once again. The higher up on the right an asset is, the more CVE findings there are on that device and the higher the risk score on that host. Assets with this ranking usually need a lot and urgent increase in security measures. The closer an asset gets to the lower left corner, the fewer (critical) vulnerabilities it usually has. Zoom in on a specific time period to analyze accumulations within that time. Double-click on the view to return to the initial view.
Current warning messages
Under the item current warnings, the latest warnings from the BSI are issued to you and assigned to affected CVEs within your systems. As before, the summed risk at the end refers to the assigned CVSS score multiplied by the number of affected assets. Use this view to close or respond to just emerging vulnerabilities in your systems at an early stage.
CVE-DB
The CVE database provides you with a comprehensive overview of all CVEs occurring within your systems. In the default setting, only manually unhandled results are displayed. If you want to display all results, delete these filters in the upper bar. In addition, you can still filter the results using the free text field or fall back on provided filters. Click on a CVE to display detailed information about the CVE in question.
Within the detail view you get the broken down components that make up the CVSS score:
Access Vector
| Specification | Meaning |
|---|---|
Network | Vulnerability can be exploited remotely. |
Adjacent | Can only be exploited via neighboring network. Attack must originate from the same network. |
Local | Cannot be exploited over network. Attack must be local or remote. |
Physical | Attackers need physical access to system. |
Access Complexity
| Specification | Meaning |
|---|---|
Low | Exploitation of the vulnerability does not require any special preconditions. |
High | Preconditions for successful attack are required that cannot be controlled by attackers. |
Privileges required
| Specification | Meaning |
|---|---|
None | No special privileges required. |
Low | Access rights of a normal user required. |
High | Administrative rights or similar privileges required. |
Scope
| Specification | Meaning |
|---|---|
Unchanged | Exploited vulnerability limited in damage only to local security instance. |
Changed | Exploited vulnerability can affect other component (without belonging to the same security instance). |
Confidentiality Impact
| Specification | Meaning |
|---|---|
None | No disclosure of information. |
Low | Attacker gains partial access to information. |
High | Attacker gains full access to all information. |
Integrity Impact
| Specification | Meaning |
|---|---|
None | No loss of data integrity. |
Low | Subset of information can be changed but without impact on entire system. |
High | Attacker can change information on target system. Leads to complete loss of integrity. |
Availability Impact
| Specification | Meaning |
|---|---|
None | No loss of availability. |
Low | Availability may be temporarily limited or performance negatively affected. |
High | Availability of the affected system/information gets lost. |
User Interaction
| Ausprägung | Bedeutung |
|---|---|
Non | No user interaction required. |
Required | User must perform at least one step to execute vulnerability. |
Use the collection of affected references to plan your next steps. Clicking on an individual host takes you to the host details view and shows you which additional vulnerabilities affect the host. In particular, reconsider your patch management of those hosts that have numerous CVEs listed.
If you scroll down a bit, you will come across the Common Weakness Enumeration (CWE) of the vulnerability. Here you can expect the unique identifier of known vulnerabilities in software and hardware and the summary of possible measures as well as examples.
Last updated
