I love a good chance to evaluate the risk of vulnerabilities. It often isn’t clear until you dig into the vulnerability details. What’s the access vector? What does the exploit do? What level of privilege would the attacker gain?
In this case, it sounds really bad – wireless access points with a CVSS 10 vulnerability! The access vector is network, attack complexity is low, no authentication required. Sounds like an urgent one, right?
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
But then, why is the EPSS score 0.04? Probably because exploiting the vulnerability requires access to the access point’s web management console, which isn’t going to be available outside the network.
So that means, you need to be on the inside to hack them. But if you’re on the internal network already, you have no need for hacking them.
Many vulnerabilities have this paradoxical effect. Vulnerabilities look terrifying, until you take a closer look and realize that no attacker would ever leverage it, because it doesn’t make sense from the attacker’s perspective.
© Copyright 2024 CNB Tel. All rights reserved