Research relevant vulnerabilities/CVEs
|Research relevant vulnerabilities/CVEs|
|Tactic||Technical Weakness Identification|
Common Vulnerability Enumeration (CVE) is a dictionary of publicly known information about security vulnerabilities and exposures. An adversary can use this information to target specific software that may be vulnerable.12
Difficulty for the Adversary
Easy for the Adversary (Yes/No): Yes
Explanation: Using standard headers/fingerprints from normal traffic, it is often trivial to identify the SW or HW the target is running, which can be correlated against known CVEs and exploit packages.
Detectable by Common Defenses (Yes/No/Partial): No
Explanation: Public source external to the defender's organization.