head first cve
play

Head First CVE Ken Lee @echain + Who is Ken? * Former Product - PowerPoint PPT Presentation

Aug 02, 2023 •37 likes •907 views

A Brain-Friendly Guide Head First CVE Ken Lee @echain + Who is Ken? * Former Product Developer * Chief Security Officer (WIP) * Head of Synology SIRT https://www.synology.com/security + 2013 T he P hantom M enace * Started working in 2013/01 * No

  1. A Brain-Friendly Guide Head First CVE Ken Lee @echain

  2. + Who is Ken? * Former Product Developer * Chief Security Officer (WIP) * Head of Synology SIRT

  3. https://www.synology.com/security

  4. + 2013 T he P hantom M enace * Started working in 2013/01 * No developer to respond to vulnerabilities * Lacked a sense of cybersecurity * High-profile CVEs were notified by customers

  5. + 2014 R evenge of the S ith * Severely affected by you-know-who * Built a working group for cybersecurity * Deployed security mitigations to DSM 5 * Built private Bounty Program

  6. + 2016 T he E mpire S trikes B ack * Built Vulnerability Response Program * Built invitation-only Bounty Program * Reported critical flaws of Photo Station * Disclosed vulnerabilities w/o confirmation

  7. + 2017 R eturn of the J edi * Authorized as the CNA * Built Incident Response Program * Announced Security Bug Bounty Program * Built Product Security Assurance Program

  8. + Agenda * 00 | Common Vulnerabilities and Exposures * 01 | CVE Numbering Authority * 10 | Phrasing and Counting Rules * 11 | Tool for dummies

  9. https://cve.mitre.org/news/archives/2019/news.html

  16. https://cve.mitre.org/cve/cna/rules.html

  17. https://cve.mitre.org/cve/cna/rules.html

  18. [CWE] in [CPE] allows [ATTACKER] to have IMPACT via [CAPEC].

  19. + MITRE’s Template * [VULNTYPE] in [COMPONENT] in [VENDOR] * [PRODUCT] [VERSION] allows [ATTACKER] * to [IMPACT] via [VECTOR]. * [COMPONENT] in [VENDOR] [PRODUCT] * [VERSION] [ROOT CAUSE], which allows * [ATTACKER] to [IMPACT] via [VECTOR]. https://cveproject.github.io/docs/content/key-details-phrasing.pdf

  28. + Version * List vulnerable version * - 1.2.3 * - 1.2.3, 2.3.1, and 3.1.2

  29. + Version * List vulnerable version * Earlier versions are affected * - 1.2.3 and earlier * - 1.2.3, 2.3.1, 3.1.2, and earlier

  30. + Version * List vulnerable version * Earlier versions are affected * Fixed or updated version * - before 1.2.3 * - before 1.2.3, 2.x before 2.3.1, and 3.x before 3.1.2

  31. + Version * List vulnerable version * Earlier versions are affected * Fixed or updated version * Vulnerable range * - 1.2.1 through 1.2.3 * - 1.2.1 through 1.2.3 and 2.0.1 through 2.3.1

  32. https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

  33. + Attacker * Remote attackers * - AV:N * Remote authenticated users * - AC:L * Local users * - PR:N * Physically proximate attackers * Man-in-the-middle attackers

  34. + Attacker * Remote attackers * - AV:N * Remote authenticated users * - AC:L * Local users * - PR:L * Physically proximate attackers * Man-in-the-middle attackers

  35. + Attacker * Remote attackers * - AV:L * Remote authenticated users * - AC:L * Local users * - PR:L * Physically proximate attackers * Man-in-the-middle attackers

  36. + Attacker * Remote attackers * - AV:P * Remote authenticated users * - AC:L * Local users * - PR:N * Physically proximate attackers * Man-in-the-middle attackers

  37. + Attacker * Remote attackers * - AV:N * Remote authenticated users * - AC:H * Local users * - PR:N * Physically proximate attackers * Man-in-the-middle attackers

  38. + Attacker * Remote [TYPE] servers * Guest OS users * Guest OS administrators * Context-dependent attackers * [EXTENT] user-assisted [ATTACKER] * Attackers

  46. https://devco.re/blog/2019/11/11/HiNet-GPON-Modem-RCE/

  52. + CVE-2019-13411 (TWCERT/CC) An “invalid command” handler issue was discovered in HiNet GPON firmware < I040GWR190731. It allows an attacker to execute arbitrary command through port 3097. CVSS 3.0 Base score 10.0. CVSS vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H) .

  53. [VULNTYPE] in [COMPONENT] in [VENDOR] [PRODUCT] [VERSION] allows [ATTACKER] to [IMPACT] via [VECTOR].

  54. + CVE-2019-13411 (Revised) OS command injection vulnerability in omcimain in HiNet GPON firmware before I040GWR190731 allows remote attackers to execute arbitrary command via port 3097.

  55. + Cross-site Scripting (1-1) Cross-site scripting (XSS) vulnerability in [COMPONENT] in [VENDOR] [PRODUCT] [VERSION] allows remote attackers to inject arbitrary web script or HTML via the [PARAM] parameter.

  56. + Cross-site Scripting (1-N) Multiple cross-site scripting (XSS) vulnerabilities in [VENDOR] [PRODUCT] [VERSION] allow remote attackers to inject arbitrary web script or HTML via the [PARAM] parameter to (1) [COMPONENT 1 ] , (2) [COMPONENT 2 ] , ..., or (n) [COMPONENT n ] .

  57. + Cross-site Scripting (N-1) Multiple cross-site scripting (XSS) vulnerabilities in [COMPONENT] in [VENDOR] [PRODUCT] [VERSION] allow remote attackers to inject arbitrary web script or HTML via the [PARAM 1 ] , (2) [PARAM 2 ] , ..., or (n) [PARAM n ] parameter.

  58. + Cross-site Scripting (N-N) Multiple cross-site scripting (XSS) vulnerabilities in [VENDOR] [PRODUCT] [VERSION] allow remote attackers to inject arbitrary web script or HTML via the (1) [PARAM 1 ] or (2) [PARAM 2 ] parameter to [COMPONENT 1 ] ; the (3) [PARAM 3 ] parameter to [COMPONENT 2 ] ; ...; or (n) [PARAM n ] parameter to [COMPONENT m ] .

  59. + SQL Injection (1-1) SQL injection vulnerability in [COMPONENT] in [VENDOR] [PRODUCT] [VERSION] allows [ATTACKER] to execute arbitrary SQL commands via the [PARAM] parameter.

  60. + SQL Injection (1-N) Multiple SQL injection vulnerabilities in [VENDOR] [PRODUCT] [VERSION] allow [ATTACKER] to execute arbitrary SQL commands via the [PARAM] parameter to (1) [COMPONENT 1 ] , (2) [COMPONENT 2 ] , ..., or (n) [COMPONENT n ] .

  61. + SQL Injection (N-1) Multiple SQL injection vulnerabilities in [COMPONENT] in [VENDOR] [PRODUCT] [VERSION] allow [ATTACKER] to execute arbitrary SQL commands via the (1) [PARAM 1 ] , (2) [PARAM 2 ] , ..., or (n) [PARAM n ] parameter.

  62. + SQL Injection (N-N) Multiple SQL injection vulnerabilities in [VENDOR] [PRODUCT] [VERSION] allow [ATTACKER] to execute arbitrary SQL commands via the (1) [PARAM 1 ] or (2) [PARAM 2 ] parameter to [COMPONENT 1 ] ; the (3) [PARAM 3 ] parameter to [COMPONENT 2 ] ; ...; (n) [PARAM n ] parameter to [COMPONENT m ] .

  63. + Counting Decisions * CNT1 | Independently Fixable * CNT2 | Vulnerability * - CNT2.1 | Vendor Acknowledgment * - CNT2.2A | Claim-Based * - CNT2.2B | Security Model-Based

  64. + Counting Decisions * CNT3 * - Shared Codebase * - Libraries, Protocols, or Standards

  65. + Inclusion Decisions * INC1 | In Scope of Authority * INC2 | Intended to be Public * INC3 | Installable / Customer-Controlled Software * INC4 | Generally Available and Licensed Product * INC5 | Duplicate

  66. + Edge Cases * MD5 / SHA-1 * Default Credentials * Cloudbleed * End-of-life products

  67. + Edge Cases * MD5 / SHA-1 * Default Credentials * Cloudbleed * End-of-life products

  68. + Edge Cases * MD5 / SHA-1 * Default Credentials * Cloudbleed * End-of-life products

  69. + Edge Cases * MD5 / SHA-1 * Default Credentials * Cloudbleed * End-of-life products

  74. + Update CVE Entries * Reject * - Not a vulnerability (fails CNT2) * - Not to make the vulnerability public (fails INC2) * - Not customer controlled (fails INC3) * - Not generally available (fails INC4)

  75. + Update CVE Entries * Reject * Merge * - Not independently fixable (fails CNT1) * - Result of shared codebase, library, etc. (fails CNT3) * - Duplicate assignment (fails INC5)

  76. + Update CVE Entries * Reject * Merge * Split * - Contains interpedently fixable bugs (passes CNT1) * - Not share a codebase (fails CNT3) * - To be implementation specific (fails CNT3)

  77. + Update CVE Entries * Reject * Merge * Split * Dispute * - Validity of the vulnerability is questioned

  78. + Update CVE Entries * Reject * Merge * Split * Dispute * Partial Duplicate

  84. + Catch 'Em All * How CVE and CNA works

  85. + Catch 'Em All * How CVE and CNA works * Why Synology want to be a CNA * - Expertise around products within our scope * - Control the disclosure policy and procedure

  86. + Catch 'Em All * How CVE and CNA works * Why Synology want to be a CNA * How to write CVE descriptions * - CWE / CPE * - Version * - Attacker

  87. + Catch 'Em All * How CVE and CNA works * Why Synology want to be a CNA * How to write CVE descriptions * CVE counting rules * - Counting decisions * - Inclusion decisions

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Head Start and Early Head Start What is Head Start? Head Start is a federal program that

Head Start and Early Head Start What is Head Start? Head Start is a federal program that

Head Start and Early Head Start What is Head Start? Head Start is a federal program that promotes the school readiness of children ages birth to 5 from low-income families by enhancing their cognitive, social and emotional development.

318 views • 8 slides
Welcome to Y10 Guidance Evening Mrs Donlon Deputy Headteacher Mr Gunning Head of

Welcome to Y10 Guidance Evening Mrs Donlon Deputy Headteacher Mr Gunning Head of

Welcome to Y10 Guidance Evening Mrs Donlon Deputy Headteacher Mr Gunning Head of Maths Mr Macaulay Head of Science Mr Trevelyan Head of RE Mrs Robertson Head of English Mr Goodland Head of Year 10 The Y10

315 views • 27 slides
Head ad an and d Ne Neck Chapter 10 1 The Head and Neck Ch 10 INHIRAH QADRI Head

Head ad an and d Ne Neck Chapter 10 1 The Head and Neck Ch 10 INHIRAH QADRI Head

Head ad an and d Ne Neck Chapter 10 1 The Head and Neck Ch 10 INHIRAH QADRI Head Cranial bones Sutures Facial bones Structure and Function 3 Facial expressions are formed by the facial muscles Head Mediated

848 views • 33 slides
Head Lice 101 An Overview for Parents, Teachers and Communities Head Lice Fast Facts Head

Head Lice 101 An Overview for Parents, Teachers and Communities Head Lice Fast Facts Head

Head Lice 101 An Overview for Parents, Teachers and Communities Head Lice Fast Facts Head lice are a common community issue In the United States, an estimated 6 to 12 million lice infestations occur each year among children aged 3 to 11

445 views • 10 slides
17.08.20 OPPORTUNITY DAY Every Team Needs a Great Leader But they also need a Good Team.

17.08.20 OPPORTUNITY DAY Every Team Needs a Great Leader But they also need a Good Team.

17.08.20 OPPORTUNITY DAY Every Team Needs a Great Leader But they also need a Good Team. Meet our TEAM. TEAM LINEUP Head of Operations Head of Expansion Head of Apple Business Head of True Business Head of E-Commerce Head of Brand

604 views • 41 slides
In this video The three head positions Head positions There are three typical head

In this video The three head positions Head positions There are three typical head

In this video The three head positions Head positions There are three typical head positions: crown bregma back of crown In the next video Evaluating a students ability to do headstand

57 views • 3 slides
Welcomes 1 www.rudrabuildwell.com rbd@rudrabuildwell.com Managing Director Business Head .

Welcomes 1 www.rudrabuildwell.com rbd@rudrabuildwell.com Managing Director Business Head .

Welcomes 1 www.rudrabuildwell.com rbd@rudrabuildwell.com Managing Director Business Head . Head- Head- CRM/ Head- Head- F &amp; A Head- Sales Head- HR Projects RCP Marketing 2 www.rudrabuildwell.com rbd@rudrabuildwell.com Vis

640 views • 22 slides
The Disabled Patient Head Injuries Head Injuries - Head Injuries, Dont change who

The Disabled Patient Head Injuries Head Injuries - Head Injuries, Dont change who

The Disabled Patient Head Injuries Head Injuries - Head Injuries, Dont change who you are, they just intensify who you are. Physiatrist: Dr. Bob Haile, MMC -Routines become very important and changes in a routine can be

696 views • 47 slides
From Head to Toe: Integrated Care to Meet the Whole Person s Needs From Head to Toe:

From Head to Toe: Integrated Care to Meet the Whole Person s Needs From Head to Toe:

From Head to Toe: Integrated Care to Meet the Whole Person s Needs From Head to Toe: Trip Gardner, MD Becky Hayes Boober, PhD Medical Director of Senior Program Officer

1.31k views • 77 slides
Triple Science Head of science Miss White Head of Biology Mr Bristoll Head of Physics

Triple Science Head of science Miss White Head of Biology Mr Bristoll Head of Physics

Triple Science Head of science Miss White Head of Biology Mr Bristoll Head of Physics Mr Yapp Head of Chemistry Miss Sumner Why take triple science? Cover more content than combined science, Better prepared if you want to

410 views • 12 slides
SESSION YEAR HEAD ADDRESS 7 February 2020 Contact details of Year Head (YH) &amp; Assistant

SESSION YEAR HEAD ADDRESS 7 February 2020 Contact details of Year Head (YH) &amp; Assistant

MEET-THE-PARENTS SESSION YEAR HEAD ADDRESS 7 February 2020 Contact details of Year Head (YH) &amp; Assistant Year Head (AYH) Year Head : Mrs Suzanna Bambang (P6) suzanna_abdul_rahim@schools.gov.sg Assistant Year Head : Miss

507 views • 38 slides
New generation FIA Approved Head and Neck Restraints FHR HNRS Frontal Head Restraint Head and

New generation FIA Approved Head and Neck Restraints FHR HNRS Frontal Head Restraint Head and

New generation FIA Approved Head and Neck Restraints FHR HNRS Frontal Head Restraint Head and Neck Restraint An Explanation of the increased protection angles with a Simpson Hybrid System The Simpson Hybrid Range High quality carbon

541 views • 16 slides
Head Start to Early Head Start Conversions Kay Willmoth, Regional Program Manager, Region V

Head Start to Early Head Start Conversions Kay Willmoth, Regional Program Manager, Region V

Head Start to Early Head Start Conversions Kay Willmoth, Regional Program Manager, Region V Office of Head Start March 9, 2015 Authority for Conversions Sections 640(f)(2)(B) and 645(a)(5) of the Head Start Act allow any Head Start grantee the

790 views • 23 slides
EVENTS AND CELEBRATIONS THE BULLS HEAD WWW.THEBULLSHEADMERIDEN.CO.UK WELCOME TO THE

EVENTS AND CELEBRATIONS THE BULLS HEAD WWW.THEBULLSHEADMERIDEN.CO.UK WELCOME TO THE

EVENTS AND CELEBRATIONS THE BULLS HEAD WWW.THEBULLSHEADMERIDEN.CO.UK WELCOME TO THE BULLS HEAD Located in the village of Meriden, Tie Bulls Head is the ideal venue for your next event or celebration. Situated in what is claimed to be

306 views • 6 slides
Head Lice Presentation Patricia Guenther RN, BSN Aviano Elementary School What are Head Lice?

Head Lice Presentation Patricia Guenther RN, BSN Aviano Elementary School What are Head Lice?

Head Lice Presentation Patricia Guenther RN, BSN Aviano Elementary School What are Head Lice? Head Lice are a tiny, wingless parasitic insect that live among human hair and feeds on tiny amounts of blood drawn from the scalp. Life Cycle

403 views • 21 slides
Ms Rodrigues Miss Franklin Miss Moser Mr White Head of Head of Head of Sixth Form Sixth

Ms Rodrigues Miss Franklin Miss Moser Mr White Head of Head of Head of Sixth Form Sixth

Ms Rodrigues Miss Franklin Miss Moser Mr White Head of Head of Head of Sixth Form Sixth Form Year 13 Year 12 Administrator To get academic qualificati alifications ons? A stepping stone to university niversity or a job? To

567 views • 27 slides
Week 2 -Wednesday What did we talk about last time? Binary representation C literals

Week 2 -Wednesday What did we talk about last time? Binary representation C literals

Week 2 -Wednesday What did we talk about last time? Binary representation C literals Unity can only be manifested by the Binary. Unity itself and the idea of Unity are already two. Buddha Function Result Function Result

739 views • 24 slides
At first, this title might seem to set something of a dark tone for my part of our presentation.

At first, this title might seem to set something of a dark tone for my part of our presentation.

At first, this title might seem to set something of a dark tone for my part of our presentation. However, the quotation Vexation and menace indeed! is drawn from the introduction of a most enlightening book on tonights topic as it relates

510 views • 20 slides
Objects and Aspects: Ownership Types Neel Krishnaswami Department of Computer Science Carnegie

Objects and Aspects: Ownership Types Neel Krishnaswami Department of Computer Science Carnegie

Objects and Aspects: Ownership Types Neel Krishnaswami Department of Computer Science Carnegie Mellon University neelk@cs.cmu.edu Overview The Problem An Introduction to Ownership Types Evaluating How Ownership Resolves the Problem

698 views • 26 slides
What are iterable objects ? P R AC TIC IN G C OD IN G IN TE R VIE W QU E STION S IN P YTH ON

What are iterable objects ? P R AC TIC IN G C OD IN G IN TE R VIE W QU E STION S IN P YTH ON

What are iterable objects ? P R AC TIC IN G C OD IN G IN TE R VIE W QU E STION S IN P YTH ON Kirill Smirno v Data Science Cons u ltant , Altran Definition iterable objects / Iterables - an y object that can be u sed in a for loop list t u ple

1.18k views • 101 slides
Actual Divergence of perturbative QCD series at Low Energy, I [Divergent Series, Summation,]

Actual Divergence of perturbative QCD series at Low Energy, I [Divergent Series, Summation,]

Actual Divergence of perturbative QCD series at Low Energy, I [Divergent Series, Summation,] Dmitry V. SHIRKOV Bogoliubov Lab, JINR, Dubna 8 Math. Phys. Meeting [SS+C] @Beograd, Sept12 Actual Divergence of pQCD series at LE, Pt. I p. 1

532 views • 16 slides
High Needs Block Planning Ahead Prudent forecasting and early action High Needs has not

High Needs Block Planning Ahead Prudent forecasting and early action High Needs has not

High Needs Block Planning Ahead Prudent forecasting and early action High Needs has not yet to overspent (nor has done for past 8 years) and might not this year Early forecasting carried out and action has been taken at an early

559 views • 10 slides
Rui Zhao*, Xudong Sun, Volker Tresp Siemens AG &amp; Ludwig Maximilian University of Munich |

Rui Zhao*, Xudong Sun, Volker Tresp Siemens AG &amp; Ludwig Maximilian University of Munich |

Maximum Entropy-Regularized Multi-Goal Reinforcement Learning Rui Zhao*, Xudong Sun, Volker Tresp Siemens AG &amp; Ludwig Maximilian University of Munich | June 2019 | ICML 2019 Introduction In Multi-Goal Reinforcement Learning, an agent

660 views • 10 slides
Embodied Carbon in MEP design Studies Louise Hamot Global Head of Lifecycle Research

Embodied Carbon in MEP design Studies Louise Hamot Global Head of Lifecycle Research

Embodied Carbon in MEP design Studies Louise Hamot Global Head of Lifecycle Research Lhamot@integralgroup.com Need for whole life carbon approach Embodied Carbon in MEP design Knowledge Gap Case Studies Building Level Evaluating embodied

428 views • 25 slides

More recommend