Adobe AIR, Flash Player and Flash Media Server (PVS)

This report template is focused on Adobe software vulnerabilities detected using Tenable’s Passive Vulnerability Scanner, PVS. Vulnerabilities can be detected for any network connected host, including smartphones, on a wired or wireless connection. The sample trending graph above was cut from one of five chapters and provides a five day vulnerability trend for Adobe Flash Player software. It is divided into ranges using the Common Vulnerability Scoring System Version 2, CVSS v2. To see a full report use the download example link below.

• May 27th 2012, version 1, SecurityCenter 4.4
• Required Tools: PVS
• Download Example - Adobe AIR, Flash Player and Flash Media Server (PVS)
• Download Template - Adobe AIR, Flash Player and Flash Media Server (PVS)

The template when reporting on host details includes DNS name, NetBIOS name and MAC address information. This information will need to be retrieved using Nessus and may already be provided if Nessus and PVS vulnerability data is being blended together in SecurityCenter. Alternatively the fields with the extra host information can be easily removed from reporting using the GUI driven SecurityCenter report builder leaving just the host IP address. Internal DNS names and NetBIOS names may not be appropriate when reporting on hosts such as smart phones which is reflected by a couple of the hosts in the example report.

The template consists of five chapters:

 

The "Summary" chapter contains a trending graph measuring the overall success for the remediation of vulnerabilities with a CVSS v2 score of greater than or equal to, >=, 4 for the last five days:

The trending graph above can be easily modified to reflect a different timeframe or CVSS range:

 

The “Adobe Air”, “Adobe Flash Player”, and “Adobe Flash Media Server” chapters all follow the same format:

1. List of hosts detected with software installed regardless of vulnerabilities
2. Vulnerability Summary for vulnerabilities with a CVSS v2 score >= 4
3. CVE Summary
4. Vulnerabilities by Location (Asset List Summary) with a CVSS v2 score >= 4
5. Vulnerabilities by Subnet with a CVSS v2 score >= 4
6. 5 Day Vulnerability Trend by CVSS v2 Ranges

As mentioned earlier in regards to the trending graph in the “Summary” chapter the individual reporting components, elements, in each chapter can be easily modified using the SecurityCenter GUI driven report builder. For example, the CVSS ranges in the 5 Day Vulnerabilty trend graphs can be modified to reflect different ranges.

Much of the template has used CVSS v2 for reporting but can be modified to use the PVS assigned vulnerability severity ratings of Low, Medium and High if required. SecurityCenter’s GUI driven report builder includes a very flexible set of vulnerability filters for report elements.

The template in many places only reports vulnerabilities that have a CVSS v2 score greater than or equal to 4. This is from experience of working with Tenable customers who often want to initially focus on medium to high risk vulnerabilities after deploying Tenable's enterprise software, however, as mentioned previously the range can be easily modified or the filter removed completely.

The "Adobe Related Vulnerabilities with Known Exploits" chapter reports on all passively discovered Adobe software related vulnerabilities that have been flagged as having a known exploit:

The components, elements, of the final chapter filter by Medium, High and Critical vulnerability severity. The filters can be easily changed to include or exclude other vulnerability severity ratings:

A severity rating of Critical is not currently assigned by PVS but a vulnerability can have its rating recast to Critical by a SecurityCenter user with the appropriate permissions.