Blog
Share This Post
[ad_1]
I love a good chance to evaluate the risk of vulnerabilities. It often isn’t clear until you dig into the vulnerability details. What’s the access vector? What does the exploit do? What level of privilege would the attacker gain?
In this case, it sounds really bad – wireless access points with a CVSS 10 vulnerability! The access vector is network, attack complexity is low, no authentication required. Sounds like an urgent one, right?
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
But then, why is the EPSS score 0.04? Probably because exploiting the vulnerability requires access to the access point’s web management console, which isn’t going to be available outside the network.
So that means, you need to be on the inside to hack them. But if you’re on the internal network already, you have no need for hacking them.
Many vulnerabilities have this paradoxical effect. Vulnerabilities look terrifying, until you take a closer look and realize that no attacker would ever leverage it, because it doesn’t make sense from the attacker’s perspective.
[ad_2]
Source link
Subscribe To Our Newsletter
Get updates and learn from the best
More To Explore
US Charges Five People Over North Korean IT Worker Scheme
[ad_1] The US has announced charges against five individuals involved in a fake IT workers scheme to funnel funds to
In Other News: VPN Supply Chain Attack, PayPal $2M Settlement, RAT Builder Hacks Script Kiddies
[ad_1] Noteworthy stories that might have slipped under the radar: Korean VPN supply chain attack, PayPal settles with New York
