Vulnerability Reporting by Common Ports

by Cody Dumont
July 22, 2014

There are several methods of detecting port usage within a network. This report leverages a variety of active and passive port filters to display vulnerability information in multiple ways.  Contained within this report there are two chapters. The first contains an executive summary of vulnerabilities by some of the most popular ports.  The second chapter contains an iteration of the top 100 most vulnerable ports.

The report is available in the SecurityCenter Feed, an app store of dashboards, reports, and assets. The report can be easily located in the SecurityCenter Feed by selecting category Discovery & Detection, and then selecting tags trending and vulnerability. The report requirements are:

  • SecurityCenter 4.8.1
  • Nessus 5.2.7
  • PVS 4.0.2

The Executive Summary chapter contains several components that provide system counts and vulnerability counts based on specific port or range of ports.  This chapter also illustrates how to monitor risk levels using both CVSS scores and TCP ports.  The matrices provide an overview of the many methods that represent data within a matrix.  The first matrix provides a sample using the colored icons and an icon with an image, the red “X”.  The next two matrices use color codes to represent severity levels and a ratio bar to provide a visual percentage of matched entries.  The final two matrices provide eight column matrices and the vulnerability count by CVSS score.  The “CVSS Vulnerability Counts Per Port” matrix provides a vulnerability count, and a color based on the severity level.  The colors used are: yellow for medium, orange for high severity, and red for critical severities.  The last component is a mirror of the previous matrix, but the ratio is displayed.  Please note that if the less than 1% of the total vulnerabilities match the respective filter, than 0% will be displayed.

The Port Vulnerability Details chapter contains a top 100 port summary table and is followed by an iterator of each port.  For each report a pie chart summarizing the affected networks based on the 24 bit mask (aka class C mask).   Two tables, a table listing services found on this port, and a table providing the vulnerability summary and IP details for vulnerabilities found on the respective port follow the pie chart.