icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons_061

CVE Analysis Report

by Cody Dumont
March 3, 2016

In the early days of the Internet, vulnerabilities were not publicly known or identifiable.  In 1999, the information security industry endorsed the importance using a common format in identifying vulnerabilities, thus the Common Vulnerabilities and Exposures (CVE®) was created. Since 1999, the adoption of CVE has grown from 29 organizations to over 150 organizations.  Tenable’s Renaud Deraison and Marcus Ranum have been past members of the CVE Editorial board.  Tenable products were first CVE Compatible in 2004, and currently SecurityCenter, Nessus and the Passive Vulnerability Scanner (PVS) are compatible. Tenable continues to lead the security industry in vulnerability management and continuous network monitoring by embracing accepted standards such as CVE.

SecurityCenter Continuous View (CV) utilizes the CVE program to reference each of the vulnerabilities detected by Nessus and the Passive Vulnerability Scanner. Logs collected from the Log Correlation Engine (LCE) are analyzed for vulnerabilities and where applicable the associated CVE identifier is applied. The CVE identifiers can be used through SecurityCenter for reporting, asset identification, risk management, and threat mitigation. The CVE Analysis report helps to identify vulnerabilities by their CVE identifiers from 1999 to 2019.

CVE is a widely used industry standard for identifying vulnerabilities across software vendors and vulnerability management systems. Using CVE identifiers to identify vulnerabilities allows organizations to easily target affected systems and software for remediation. As vendors provide patches for widespread vulnerabilities such as HeartBleed and ShellShock, many new plugins are released. The task of tracking vulnerabilities is simplified by using CVE identifiers, as the CVE identifiers for vulnerabilities remain the same even as new patches and plugins are released. Using CVE is a very flexible and useful method of detecting vulnerabilities to assist in the risk management process.

This report provides the analysts with easy to understand executive summary showing the current count of vulnerabilities based on CVE release data and collection methods. Next, the report is followed by two trending graphs showing CVE discovery over the past 3 months.  The third chapter providing a summary of mitigated vulnerabilities by both CVE year and subnet. The remaining chapters provide the details on the top 100 most severe CVE vulnerabilities.

The report is available in the SecurityCenter Feed, a comprehensive collection of dashboards, reports, Assurance Report Cards and assets. The report can be easily located in the SecurityCenter Feed under the category Threat Detection & Vulnerability Assessments. The report requirements are:

  • SecurityCenter 4.8.2
  • Nessus 6.5.5
  • LCE 4.6.1
  • PVS 5.0.0

Tenable provides continuous network monitoring to identify vulnerabilities, reduce risk, and ensure compliance.  SecurityCenter offers organizations a unique peace of mind by identifying their biggest threats and enable them to respond quickly. SecurityCenter Continuous View (CV) provides a unique combination of detection, reporting, and pattern recognition utilizing industry recognized algorithms and models. SecurityCenter CV combines active scanning, log analysis, and deep packet inspection to continuously discover and track users, applications, cloud infrastructure, trust relationships, and vulnerabilities.

Chapters

Executive Summary - This chapter provides a high level view of vulnerabilities by CVE.  The matrices and trend graphs provide an analyst with counts of vulnerabilities by CVE year and collection method.  The trend graphs provide an understanding of vulnerabilities filtered on CVE over the past three months. By tracking the current vulnerability count, analysts can track mitigation progress.

Mitigation Summary - This chapter provides an overview by subnet and severity on the number of vulnerabilities that have been mitigated.  The charts cover vulnerabilities that have mitigated by CVE for corresponding years.

Vulnerabilities with CVE from 1999 to 2009 - The chapter provides details for all vulnerabilities with CVE from 1999 to 2009.  The content provided is sorted by vulnerability and severity.  For each vulnerability, a list of applicable CVEs, vulnerability description, and the affected systems is provided.

Vulnerabilities with CVE from 2010 to 2019 - The chapter provides details for all vulnerabilities with CVE from 2010 to 2019.  The content provided is sorted by vulnerability and severity.  For each vulnerability, a list of applicable CVEs, vulnerability description, and the affected systems is provided.