Kenna Security is now part of Cisco

|Learn more
Contact Us
Talk to an Expert
Request a demo

The Three CVEs that You’re Not Paying Attention to (But Probably Should)

Jun 17, 2015
Michael Roytman
Chief Data Scientist

Share with Your Network

The Risk I/O philosophy is all about fixing what matters – that is, using data to make decisions that make the most of the limited actions you can take in a day, a week, a month. It’s not about the sheer volume of vulnerabilities that your team closes — it’s closing the ones that reduce your overall risk the most.

Sometimes, the vulnerabilities that get the most attention aren’t the ones that represent the greatest threat. In my research, I’ve discovered a series of vulnerabilities that aren’t sexy, and don’t hog the spotlight–but in many environments actually represent major weaknesses. In fact, these three vulnerabilities have each been exploited over 100,000 times in 2014 alone!

The vulns I want to highlight are CVE-2010-3055, CVE-2002-0649, and CVE-2000-1209. They don’t have cutesy publicized names, so it might be a bit boring to talk about them. But you know what? If other people get to put ridiculous code names on their vulns, then I get to do the same thing. So let’s take a look.

Vulnerability CVE-2010-30551 Poster. CVE-2010-3055 has been exploited 121,000 times in 2014. Let’s call it the Poster vulnerability. It allows attackers to run arbitrary code in phpmyadmin via a POST request, and phpmyadmin runs millions of sites worldwide. It’s a CVSS 7.5, which means it’s bound to fly under the radar more often than not. But it shouldn’t. Security teams need to start worrying about Poster! https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3055

Vulnerability CVE-200-12092. Slammer. I’m calling CVE-2002-0649 the Slammervulnerability. It’s an ancient worm that exploits SQL Server 2000 and Microsoft Desktop Engine 2000. Reading the wikipedia article on the worm (http://en.wikipedia.org/wiki/SQL_Slammer) makes it seem like it’s a long forgotten problem, but we’ve seen 156,000 successful exploitations in 2014. It’s not new, it’s not hip, it’s not current, so one talks about it–but it’s a significant threat. https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2002-0649

Vulnerability CVE-2002-06493. Enterprise. Last up is Enterprise, which exploits (1) Microsoft SQL Server 2000, (2) SQL Server 7.0, and (3) Data Engine (MSDE) 1.0, including third party packages that use these products such as (4) Tumbleweed Secure Mail (MMS) (5) Compaq Insight Manager, and (6) Visio 2000, and are exploited by the Voyager Alpha worm. CVE-2000-1209 is also not to be forgotten, with 272,000 successful exploitations. Resistance is futile? https://web.nvd.nist.gov/view/vuln/detail?vulnId=2000-1209

To name something is to have power over it – but it’s the quiet ones that you need to be worried about. Pay less attention to the flashy, glitzy vulnerabilities and pay more to the ones that are truly a lurking threat.

Read the Latest Content

Research Reports

Prioritization to Prediction Volume 5: In Search of Assets at Risk

The fifth volume of the P2P series explores the vulnerability risk landscape by looking at how enterprises often view vulnerabilities.
DOWNLOAD NOW
eBooks

5 Things Every CIO Should Know About Vulnerability Management

If you view vulnerability management (VM) as just a small part of your operation, it might be time to take another look.  Managing vulnerabilities is...
DOWNLOAD NOW

Videos

Videos

Get Started Using the Exploit Prediction Scoring System (EPSS).

Cyentia Institute’s Chief Data Scientist and Founder Jay Jacobs gives tips on how to get started using the Exploit Prediction Scoring System (EPSS). You...
READ MORE
Sign up to get the latest updates
FacebookLinkedInTwitterYouTube

© 2021 Kenna Security. All Rights Reserved. Privacy Policy.