Research relevant vulnerabilities/CVEs

From pre-attack
Jump to: navigation, search

Research relevant vulnerabilities/CVEs
ID PRE-T1068
Tactic Technical Weakness Identification


Common Vulnerability Enumeration (CVE) is a dictionary of publicly known information about security vulnerabilities and exposures. An adversary can use this information to target specific software that may be vulnerable.12

Difficulty for the Adversary

Easy for the Adversary (Yes/No): Yes

Explanation: Using standard headers/fingerprints from normal traffic, it is often trivial to identify the SW or HW the target is running, which can be correlated against known CVEs and exploit packages.


Detectable by Common Defenses (Yes/No/Partial): No

Explanation: Public source external to the defender's organization.