We often see some related security terms in news or documents following significant security incidents, such as VUL, CVE, Exp, PoC, etc. Today, we will gain a basic understanding of the specific meanings and uses of these common terms so that we won’t be confused by them in the future.
01
What is VUL?
VUL is the abbreviation for Vulnerability, which generally refers to a flaw or weakness.
What is a 0-day vulnerability and a 0-day attack? A 0-day vulnerability, also known as a zero-day vulnerability, is a flaw that has been discovered (possibly not publicly disclosed) for which no official patch exists. Simply put, it is a vulnerability known only to the discoverer, who can effectively exploit it, often leading to sudden and destructive attacks.
A zero-day attack refers to the exploitation of such a vulnerability. The person providing the details of the vulnerability or the exploit program is usually the discoverer. Zero-day exploits pose a significant threat to network security and are highly prized by hackers. The number of zero-day vulnerabilities a hacker controls is often a key metric in assessing their technical skill.
02
What is CVE?
CVE stands for Common Vulnerabilities & Exposures, such as CVE-2015-0057, CVE-1999-0001, etc. CVE acts like a dictionary, providing a common name for widely recognized information security vulnerabilities or exposures.
If a vulnerability report specifies a CVE name, you can quickly find corresponding patch information in any other CVE-compatible database to resolve the security issue.
Here are some platforms for vulnerability information release, where you can search for the description of a vulnerability by its CVE number:
03
What is PoC?
PoC stands for Proof of Concept. In the security field, it can be understood as a vulnerability verification program. Compared to some applications, a PoC is an incomplete program, just a piece of code to prove the presenter’s point. This term is used in vulnerability reports, where the PoC is a description or example of an attack to confirm the existence of the vulnerability.
04
What is Exp?
Exp stands for Exploit, which is a program that can exploit a vulnerability. For example, if a target has an SQL injection vulnerability, and you write a program to gain access to the target using this vulnerability, that program is an Exp. If you don’t use the vulnerability, it holds no value to you.
Misconceptions about PoC / Exp
- Writing PoC requires knowing Python: The sole purpose of PoC is to prove the existence of a vulnerability. The form or implementation of PoC can be in any way you choose. Python is recommended because many in the security field use it, making your work more understandable to others. Python’s flexibility and powerful libraries also provide great convenience for developers.
- PoC is the same as Exp: Strictly speaking, PoC and Exp are different. PoC proves the existence of a vulnerability, while Exp is used to exploit it. In many cases, knowing a vulnerability exists is easier than knowing how to exploit it. Writing a PoC is relatively simple while writing an Exp can be quite challenging.
The difference between PoC and Exp is like discovering a problem with a supermarket lock and proving it has a problem versus using the problem to steal from the store. These are two different things.
05
What is a vulnerability firing range?
A vulnerability firing range is an environment where a vulnerability has been reproduced for testing, usually implemented using virtual machines or Docker.
If you want to quickly set up a testing vulnerability firing range, you can use the Vulhub project to deploy a vulnerability testing range quickly. Vulhub is a collection of vulnerability environments based on Docker and Docker-compose, making vulnerability reproduction easier and allowing security researchers to focus more on the principles of vulnerabilities.
Vulhub project address: https://vulhub.org/
06
What is CVSS?
CVSS stands for Common Vulnerability Scoring System. It is an industry standard designed to assess the severity of vulnerabilities and help determine the urgency and importance of response actions.
CVSS is part of the Security Content Automation Protocol (SCAP) and is usually published alongside CVE by the National Vulnerability Database (NVD), created under the commission of the National Infrastructure Advisory Council (NIAC). It is a set of open assessment standards commonly used to evaluate the security of IT systems, supported by companies like eBay, Symantec, Cisco, and Oracle.
The goal of CVSS is to provide a severity rating for all software security vulnerabilities, meaning it aims to give a numerical score to the severity of a known security vulnerability, regardless of the type of software it affects, whether it is an operating system, antivirus software, database, mail server, desktop, or business application.
Since this rating covers a wide range, the system rates known security vulnerabilities that can completely compromise the operating system layer with a baseline score of 10.0. In other words, a security vulnerability with a CVSS base score of 10.0 typically indicates a vulnerability that can completely compromise the system.
A typical result is that the attacker gains full control of the system, including administrative or root privileges at the operating system layer. For example, a vulnerability in a third-party product listed in the National Vulnerability Database could allow an attacker to install programs, view, modify, or delete data, or create new accounts with full user rights.
The main purpose of CVSS is to help establish a standard for measuring the severity of vulnerabilities, enabling people to compare the severity of vulnerabilities and prioritize their remediation. CVSS scores are based on measurements in a series of dimensions, known as metrics. The final score of a vulnerability ranges from 0 to 10, with 7-10 indicating high severity, 4-6.9 indicating medium severity, and 0-3.9 indicating low severity.
07
What is SCAP?
SCAP stands for Security Content Automation Protocol. It is a framework that integrates multiple security standards and includes six elements: CVE, OVAL, CCE, CPE, CVSS, and XCCDF. Its purpose is to present and operate security data in a standardized manner, maintained by NIST.
SCAP is a mature information security assessment standard system in the United States, with its standardized and automated approach profoundly impacting the information security industry.
SCAP mainly addresses three issues:
- Implementing high-level policies and regulations down to the ground level.
- Standardizing various elements involved in information security.
- Automating the complex task of system configuration checks.
Related:
Disclaimer: This article is created by the original author. The content of the article represents their personal opinions. Our reposting is only for sharing and discussion purposes and does not imply our endorsement or agreement. If you have any objections, please get in touch with us through the provided channels. Source: Hi-Linux
