本期话题:Greekn爱分析第四期(漏洞动态跟踪方法)
当需要跟踪一个新的CVE编号的漏洞动态,有什么方法。可以通过ATTACKERKB这个项目进行开展工作,ATTACKERKB项目是由Rapid7官方支持的一个漏洞评估交流平台,通过借助社区的力量去评估一个新爆发的通用型漏洞,收集整理关于新的漏洞技术指标,来评估漏洞是否会被威胁参与者利用,或者漏洞是否值得修补。
官网链接:https://attackerkb.com/我们还是按照上篇文章,Greekn爱分析第三期(如何理解网络中的漏洞动态)。
链接:https://mp.weixin.qq.com/s/ANfHj0d2Cgn2VJeOr8j89g里面提到的漏洞技术指标进行搜索演示:
1.CVE漏洞编号定义漏洞身份
当我们对一个CVE漏洞编号感兴趣比如:CVE-2021-39144这个漏洞代表2021年爆发的,39144是漏洞身份编号。
2.CAPEC通过知识图谱对漏洞类型动作的定义
目前平台没有引入CAPEC知识图谱
3.CVSS漏洞利用价值评估
该漏洞CVSS v3 评分为: 8.5,下面是CVSS攻击向量参数。
攻击向量(AV):网络攻击复杂性 (AC):高的所需特权 (PR):低的用户交互(用户界面):没有任何范围(S):改变了保密性(C):高的完整性(一):高的可用性 (A):高的
4.CPE配置漏洞对应软件版本
CPE打击范围
供应商:debianfedoraprojectnetapporaclexstream project产品:business activity monitoring 12.2.1.4.0commerce guided search 11.3.2communications billing and revenue management elastic charging engine 11.3,communications billing and revenue management elastic charging engine 12.0,communications cloud native core automated test suite 1.9.0communications cloud native core binding support function 1.10.0communications cloud native core policy 1.14.0communications unified inventory management 7.3.4communications unified inventory management 7.3.5communications unified inventory management 7.4.0communications unified inventory management 7.4.1communications unified inventory management 7.4.2debian linux 10.0debian linux 11.0debian linux 9.0fedora 33fedora 34fedora 35retail xstore point of service 16.0.6retail xstore point of service 17.0.4retail xstore point of service 18.0.3retail xstore point of service 19.0.2retail xstore point of service 20.0.1snapmanager -utilities framework 4.2.0.2.0utilities framework 4.2.0.3.0utilities framework 4.3.0.1.0utilities framework 4.3.0.6.0utilities framework 4.4.0.0.0utilities framework 4.4.0.2.0utilities framework 4.4.0.3.0utilities testing accelerator 6.0.0.1.1webcenter portal 12.2.1.3.0webcenter portal 12.2.1.4.0xstream
5.详细的漏洞细节和POC&EXP
POC模块
Metasploit 模块exploit/linux/http/vmware_nsxmgr_xstream_rce_cve_2021_39144 (https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/vmware_nsxmgr_xstream_rce_cve_2021_39144.rb)
漏洞细节链接:
CVE第三方平台链接:CVE-2021-39144 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39144)厂商公告链接:https://github.com/x-stream/xstream/security/advisories/GHSA-j9h8-phrw-h4fhhttps://security.netapp.com/advisory/ntap-20210923-0003/[debian-lts-announce] 20210929 [SECURITY] [DLA 2769-1] libxstream-java security update (https://lists.debian.org/debian-lts-announce/2021/09/msg00017.html)FEDORA-2021-fbad11014a (https://lists.fedoraproject.org/archives/list/package[email protected]/message/22KVR6B5IZP3BGQ3HPWIO2FWWCKT3DHP/)FEDORA-2021-d894ca87dc (https://lists.fedoraproject.org/archives/list/package[email protected]/message/QGXIU3YDPG6OGTDHMBLAFN7BPBERXREB/)FEDORA-2021-5e376c0ed9 (https://lists.fedoraproject.org/archives/list/package[email protected]/message/PVPHZA7VW2RRSDCOIPP2W6O5ND254TU7/)DSA-5004 (https://www.debian.org/security/2021/dsa-5004)其他参考链接:https://x-stream.github.io/CVE-2021-39144.htmlhttps://www.oracle.com/security-alerts/cpujan2022.htmlhttps://www.oracle.com/security-alerts/cpuapr2022.htmlhttps://www.oracle.com/security-alerts/cpujul2022.htmlhttp://packetstormsecurity.com/files/169859/VMware-NSX-Manager-XStream-Unauthenticated-Remote-Code-Execution.html
平台对CVE-2021-39144漏洞打的标签:
企业常见易于武器化给予特权访问未经认证默认配置易受攻击
还有一些其他数据比如漏洞在野等等可以拿来做参考。
原文始发于微信公众号(我的安全梦):Greekn爱分析第四期(漏洞动态跟踪方法)
- 左青龙
- 微信扫一扫
-
- 右白虎
- 微信扫一扫
-
评论