8 Types of High-Risk Cybersecurity Vulnerabilities
Share with Your Network
Cybersecurity vulnerabilities are weak spots within your environment and your assets—weaknesses that open you up to potential threats and increased risk. A decade of research has revealed the eight most prevalent types of high-risk vulnerabilities observed in actual enterprise environments. Read this blog to learn about these high-risk vulns and their implications.
What is a vulnerability?
A vulnerability is a weakness in your infrastructure, networks or applications that can potentially expose you to threats, such as data thefts, denial of service attacks, or ransomware attacks.
When vulnerabilities are discovered (often by software vendors or their customers), they’re almost always published to the Common Vulnerabilities and Exposures (CVE) list. A CVE listing puts a new vulnerability (and often associated patch information) on the radar screens of the cybersecurity establishment. This allows vulnerability scanners to pick it up and remediation teams to fix the vuln if they determine that it poses a risk to their environment. Listen to the following pod clip for an explanation.
When hackers publish exploit code to take advantage of a CVE, and especially when they are observed successfully executing those exploits, the relative risk represented by that CVE increases.
The 8 most prevalent types of high-risk vulnerabilities
Between the beginning of 2010 and November of 2020, Kenna Security assigned a total of 203 CVEs with a risk score of 100 (out of 100). This means these vulnerabilities posed the highest possible risk of damage from a breach or attack, and the greatest likelihood that unpatched vulnerabilities could be exploited by bad actors. These vulnerabilities are, in fact, the worst of the worst across an entire decade of real-world observation. (To put these 203 CVEs in perspective, more than 18,000 CVEs were added to the National Vulnerability Database in 2020 alone.)
These highest-risk vulnerabilities fall into eight categories. In the list below, we’ve ranked these vulnerability types based on their prevalence within our total of 203 CVEs earning risk scores of 100. It’s important to note that many CVEs enable multiple vulnerability strategies—in other words, they offer bad actors multiple avenues for exploits. For instance, three vulnerability types apply to CVE-2018-11529: Memory Corruption, Remote Code Execution and Denial of Service.
- Remote Code Execution. Among our list of the 203 worst vulnerabilities of 2010-2020, this was by far the most common. Remote Code Execution vulnerabilities leave an enterprise vulnerable to an attacker remotely injecting and executing code that can give attackers the ability to take control over a process or device. This often involves changing the instruction pointer to point to the injected code, which can then be activated and controlled over a network. Remote Code Execution exploits often are paired with Privilege Escalation exploits (No. 6 on our hit list), which if successful can enhance their impact.
- Memory Corruption. A Memory Corruption vulnerability leaves systems and software open to a violation of memory safety, with exploits potentially leading to harmful crashes or strange system behavior, disclosure of memory content, and other, even more serious problems. Attackers can also target Memory Corruption vulnerabilities to assist in other types of attacks, such as Denial of Service.
- Distributed/Denial of Service. When popular services like Slack or eBay make headlines by being unavailable online for hours, the cause is likely a Denial of Service exploit. Denial of Service vulnerabilities make it possible for an attacker to flood a website or online service with superfluous requests to the point where legitimate traffic simply can’t get through, effectively disabling the site or service. Distributed Denial of Service attacks target the same type of vulnerability, but they employ multiple sources of superfluous traffic, which makes it even more difficult to stop the attack.
- Buffer Overflow. Sometimes difficult to discover and often difficult to exploit, buffer overflow vulnerabilities are still common due to the variety of ways these vulnerabilities can occur and the error-prone approaches used to prevent them. Buffer Overflow vulnerabilities arise when programs try to put more data into a buffer than they are designed to hold. Writing outside the designated bounds of allocated memory can lead to various problems, from corrupting data to crashing an application, and even initiating the execution of malicious code.
- Directory Traversal. Also known as file path traversal, a Directory Traversal vulnerability can allow an attacker to read arbitrary files (including application code and data, credentials for back-end systems, and sensitive OS files) on the server where the vuln is present. Sometimes, attackers can even write code to arbitrary files, allowing them to change how applications behave and even take full control of the server.
- Privilege Escalation. These vulnerabilities can allow attackers to improve the foothold they have already established within a system by either taking over another account (in a method called horizontal privilege escalation) or moving vertically and trying to gain additional permissions for an account they have already compromised. Privilege Escalation vulnerabilities can be exploited in multiple ways, and can lead to hackers gaining access to ever more sensitive systems and data.
- SQL Injection. Weaknesses in data entry security filters and other shortcomings can produce vulnerabilities that enable attackers to input malicious SQL commands into database-driven fields, even something as simple as a name field in a website form. A successful SQL Injection exploit can lead to various negative outcomes, from voiding transactions or changing balances to the outright theft and disclosure of entire databases. In some cases, attackers can take administrative control of the database server, and even destroy or prevent access to its contents.
- Backdoor/Hardcoded Password. Hardcoding passwords is the still-existing (though generally unadvisable) practice of embedding plain text credentials into source code. It’s not advisable because it can create a backdoor vulnerability for attackers to exploit. And yet it persists because it can help keep unsophisticated users from tampering with the program or code, while also allowing software developers to simplify deployments at scale. A favorite target of password guessing exploits, hardcoded password vulnerabilities make it easier for attackers to hijack firmware, devices, systems and applications. Like many of the vuln types listed here, hardcoded password vulnerabilities are often used in conjunction with other vulns to execute a multi-strategy attack.
The right tools lower your risk
In 1964, U.S. Supreme Court Judge Potter Stewart offered his famous quote about what constitutes obscenity: “I know it when I see it.”
Fortunately for Security professionals, the most advanced modern vulnerability management tools likewise know a high-risk vulnerability when they see it—though their assessment methods are arguably far more involved than Justice Stewart’s. These state-of-the-art solutions harness real-time threat and vulnerability intelligence, advanced data science and machine learning-powered prioritization to assess the relative risk that each vulnerability poses to a particular organization. Easily understood metrics like the Kenna Risk Score give Security, IT and AppSec teams a common, risk-based language around which they can prioritize their remediation efforts.
A risk-based approach to vulnerability management helps isolate the organization’s top risks, eliminating the need for guesswork and wasted cycles spent chasing vulns that won’t move the needle on risk. This ultimately helps you make real, significant strides in lowering your risk profile—so you’ll spend less time trying to identify the types of vulnerabilities that exist in your organization, and more time fixing them.
Get more insight straight from the expert
Hear from Jerry Gamblin, Director of Security Research with Kenna Security at Cisco as he talks about what makes a vulnerability truly dangerous and unpacks the eight vulnerability classes that any risk-based vulnerability management program should focus on to eliminate the most risk.
Registrants can also earn one CPE credit through ISC².