What is a common vulnerability?
A common vulnerability is a weakness or flaw in a device, software, system, or network that can be exploited by attackers to gain unauthorized access to systems and data. A common vulnerability is typically well-known and its remediation is already available to the public. Nevertheless, such vulnerabilities can be found in widely used software applications, operating systems, protocols, or configurations, making them a target for cyberattacks and exploitation by malicious actors.
Common vulnerabilities should not exist in a well-managed, secure environment. However, mistakes, errors, and oversight do happen, leading to the existence of such vulnerabilities. Although common vulnerabilities are a threat in any system or software, network-related vulnerabilities can be particularly punishing.
In this blog post, we take a look at common vulnerabilities that are present in networks, their causes, how to remediate them, and examples of network-related vulnerabilities.
Examples of common vulnerabilities in network
Common vulnerabilities in network environments include
1. Unpatched Systems
Technology is never perfect. Devices, systems, software, and protocols either have flaws or develop vulnerabilities due to changes in their environment and dependencies. Whenever a vulnerability is discovered, an official patch or update to fix the vulnerability is released.
However, a lack of awareness or oversight can lead to a failure in the timely application of security patches and updates, leaving critical equipment such as routers, switches, firewalls, and servers exposed to known vulnerabilities and exploits.
2. Weak Authentication
Insecure authentication is another easily preventable but very common vulnerability. Use of default passwords like “admin, “password”, etc. easily guessable passwords like “123456”, “qwerty”, etc., and lack of multi-factor authentication can be exploited by attackers to gain unauthorized access to network devices and services.
This is easily preventable by enforcing a strong password policy along with technical controls such as a password manager and two-factor authentication.
3. Misconfigured Firewalls
Network firewalls play an important role in protecting your network from cyberattacks by restricting and filtering inbound and outbound traffic. Misconfigured firewall rules or access control lists that fail to adequately restrict or filter traffic lead to vulnerabilities that can be exploited by attackers to bypass security controls and gain unauthorized access to the network.
The risk of misconfigured firewalls can be mitigated by creating and enforcing a network security policy within the overall IT security policy.
4. Open Ports and Services
Leaving unnecessary or unsecured network services running can serve as an easy entry point for attackers to gain unauthorized access to the network. Open ports should be closed, unused protocols disabled, and obsolete services should be continuously monitored and regularly updated.
5. Weak Encryption
The use of weak encryption protocols for securing network communications makes it easier for attackers to eavesdrop or launch man-in-the-middle (MitM) attacks. Using modern encryption standards such as AES and RSA with long encryption keys ensures that your communications are secure and untampered.
6. VLAN Misconfigurations
Weaknesses in VLAN (Virtual Local Area Network) configurations or trunking protocols enable attackers to bypass network segmentation and gain unauthorized access to sensitive network segments or resources.
Attacks that exploit vulnerabilities in VLAN pose significant security risks, as they enable attackers to gain access to sensitive information, perform reconnaissance, or launch further attacks within the network.
The risks of such attacks can be mitigated by disabling unused switch ports and enabling port security features, such as MAC address filtering to prevent unauthorized devices from joining VLANs.
7. Phishing and Social Engineering
Human vulnerabilities are the most exploited among all vulnerabilities. Social engineering attacks, including phishing, vishing, and smishing are abundantly and quite successfully used by cyber attackers.
Mitigating the risks arising from human vulnerabilities requires a layered approach including regular security awareness training, a robust IT security policy, and technical tools like 2FA, spam filters, and endpoint protection applications.
Causes of common vulnerabilities
Common vulnerabilities typically arise from several sources, including design flaws, misconfigurations, outdated software, and inadequate security controls. These vulnerabilities usually manifest in the form of bugs, insecure default settings, insufficient access controls, or failure to apply security patches and updates.
Given the complexity of a business environment that runs numerous pieces of software, applications, systems, and processes, pinning down a specific vulnerability in isolation can be challenging. Additionally, errors and mistakes can also lead to vulnerabilities. So it is useful for administrators to know the common causes of vulnerabilities.
Here are the common causes of vulnerabilities for quick reference:
Running unnecessary services
Services offer essential functionalities within the system and are included by default in operating systems to enhance user productivity. However, this inclusivity also exposes the system to potential vulnerabilities exploited by hackers. Services operate as application software, requiring specific configurations and settings to function optimally. Hackers often exploit bugs and misconfigurations in these services to gain unauthorized access for malicious purposes. To mitigate these risks, it's crucial to only run necessary services and disable any unnecessary ones on the system.
Keeping unused ports open
Services utilize ports to deliver essential functionalities. However, an unused open port can be an invitation for hackers to exploit vulnerabilities and gain unauthorized access. Therefore, it's important to close any unnecessary open ports on the system. Additionally, employing a firewall to block access to ports that must remain open adds an extra layer of protection.
Using unpatched software
Developers regularly release security patches to fix known vulnerabilities and if you fail to apply these patches, you leave your systems vulnerable to hacking. Keeping your systems up-to-date with patches and security fixes is an easy way to safeguard against known vulnerabilities.
Using unencrypted channels
If data is exchanged between your computer and a remote system using plain text, it can leave the communication vulnerable to interception by hackers. They can use sophisticated techniques like wire sniffer tools to steal information from data packets. To mitigate this risk, always use encrypted channels for data exchange. Encryption ensures that data is transmitted securely, reducing the risk of unauthorized access.
Using outdated protocols
Many outdated protocols in modern networking lack encryption and adequate security features, posing serious security risks. To enhance security, replace outdated and insecure protocols with more advanced and secure alternatives. For instance, use Secure Shell (SSH) instead of Telnet for remote administration.
Common Vulnerabilities and Exposures (CVE)
For the average IT person, keeping track of all the known vulnerabilities can be next to impossible. Thankfully, there is a publicly available list of known computer security flaws, called the Common Vulnerabilities and Exposures (CVE) system. It is overseen by the MITRE Corporation and funded by the U.S. Department of Homeland Security.
CVE lists publicly known cybersecurity vulnerabilities and provides unique identifiers (CVE IDs) for each known vulnerability, serving as a standardized method for identifying and tracking vulnerabilities across different systems, devices, and software applications. CVE IDs are used by cybersecurity professionals, vendors, and researchers to reference and address security issues, facilitating communication and collaboration in the cybersecurity community. This system helps all stakeholders coordinate their efforts to prioritize and address known vulnerabilities and make their systems more secure.
Examples of network-related CVEs
Here are some of the most common network-related Common Vulnerabilities and Exposures (CVEs) that have been widely reported and addressed by vendors and security researchers:
CVE-2019-19781
Vulnerability in Citrix ADC (formerly known as NetScaler ADC) and Citrix Gateway (formerly known as NetScaler Gateway) that could allow an unauthenticated attacker to perform arbitrary code execution.
CVE-2020-0601
Vulnerability in Windows CryptoAPI that could allow an attacker to spoof digital signatures on certificates, leading to unauthorized access or data manipulation.
CVE-2019-11510
Vulnerability in Pulse Secure VPN that could allow unauthenticated remote attackers to send specially crafted requests to gain unauthorized access to the VPN appliance.
CVE-2017-5638
Vulnerability in Apache Struts that could allow remote attackers to execute arbitrary code via a crafted Content-Type header in an HTTP request.
CVE-2019-0708 (BlueKeep)
Vulnerability in Remote Desktop Services (RDS) on older versions of Windows operating systems that could allow remote code execution without authentication.
CVE-2017-0144 (EternalBlue)
Vulnerability in the Server Message Block (SMB) protocol of Microsoft Windows that could allow remote attackers to execute arbitrary code on vulnerable systems.
CVE-2019-11580
Vulnerability in Atlassian Crowd and Crowd Data Center that could allow remote attackers to execute arbitrary code via a remote code execution vulnerability in the Widget Connector macro.
CVE-2020-0688
Vulnerability in Microsoft Exchange Server that could allow remote attackers to execute arbitrary code via a deserialization vulnerability in the Exchange Control Panel (ECP) component.
CVE-2018-7600 (Drupalgeddon 2)
Vulnerability in Drupal that could allow remote attackers to execute arbitrary code via a remote code execution vulnerability in the Drupal core.
CVE-2018-10561
Vulnerability in MikroTik RouterOS that could allow remote attackers to execute arbitrary code via a stack-based buffer overflow vulnerability in the Winbox management interface.
Conclusion
Common vulnerabilities technically shouldn’t exist but are common in complex, dynamic network environments. An understanding of their common causes can help you to better manage them and mitigate potential security risks.
Are all your systems secure and up-to-date? Do you need help ensuring that all the latest security patches and updates are applied in a timely manner? Reach out to us by clicking the button below for a consultation on how we can help protect your systems from common vulnerabilities.
If you liked the blog, please share it with your friends