CSIRT-IE Reports on Common Vulnerabilities and Exposures (CVE)

Objective

CSIRT-IE primary focus, in regard to the following reports, is to identify vulnerable servers and services within the Republic of Ireland which may be exploited due to Common Vulnerabilities and Exposures (CVE) that have been identify, define, catalogued and publicly disclosed.  CSIRT-IE seek to inform responsible network operators and constituents, based upon the IP address of the affected server and service, by email and to provide advice and recommendations on how to reduce the threat posed by the CVE to the vulnerable servers and services.

Common Vulnerabilities and Exposures (CVE)

CVE is a database of publicly disclosed information related to cybersecurity issues.  CVE is managed and maintained by the Cybersecurity Federally Funded Research and Development Center and operated by the US based not-for-profit MITRE Corporation.  CVE is sponsored by the United States Federal Government and receives funding from the US Cybersecurity and Infrastructure Security Agency (CISA).

A CVE is assigned a number known as a CVE identifier by the CVE Numbering Authorities (CNAs).  The CNAs include Information Technology (IT) vendors, research organisations and cybersecurity companies.

A CVE identifier consist of a [Year] and a [Number].  The Year represents the year in which the vulnerability was reported.  The Number is a sequential number assigned by the CNA.

A vulnerability is a weakness which can be exploited to gain unauthorised access to a system or a network, execute code, install malware, and access internal systems to steal, destroy, or modify sensitive data.   If undetected, it could allow a threat actor to pose as a super-user or system administrator with full access privileges.

An exposure is a mistake that gives an attacker access to a system or network.  An exposure can allow an attacker to access personally identifiable information (PIL) and exfiltrate it.  Some of the largest breaches were the result of accidental exposure rather than sophisticated cyber attacks.

Details of a CVE are often withheld until the corresponding vendor can issue a patch or fix, ensuring that organisations can protect themselves once the information is made public.  Sharing of information in relation to CVEs can help to mitigate the publicly disclosed vulnerabilities and exposures in a fast and efficient manner and ensure that all organisations are protected.

Information Source

The Shadowserver Foundation is a Non-Governmental Organisation and one of the world's leading resources for internet security reporting and malicious activity investigation.  The Shadowserver Foundation works with national governments, network providers, enterprises, financial and academic institutions, law enforcement agencies, and others, to reveal security vulnerabilities, expose malicious activity and help remediate victims.  The Shadowserver Foundation performs a scan of the entire IPv4 internet every day for Internet accessible servers & services and reports the security vulnerabilities found.  It has also participated in the SISSDEN EU Horizon 2020 project using SISSDEN'S Network of Honeypot Sensors to log unsolicited attack traffic which was directed at them.   Information on Shadowserver Reports and the data contain therein can be found at Shadowserver Reports

Secure Information Sharing Sensor Delivery Event Network

The Secure Information Sharing Sensor Delivery Event Network(SISSDEN) seeks to improve the cyber security posture of EU organisations and citizens through the development of increased situational awareness and the effective sharing of actionable information.  The SISSDEN project has received funding from the European Union's Horizon 2020 research and innovation programme.

CVE Reports