Identifying Software Vulnerabilities Exercise

In this exercise, you'll investigate known software vulnerabilities. The MITRE Common Vulnerabilities and Enumeration (CVE®) website is a list of common identifiers for publicly known cybersecurity vulnerabilities. It standardized names and information about security vulnerabilities and is used throughout cybersecurity. See the About CVE page for more information.

The National Vulnerability Database (NVD) maintained by NIST has the U.S. government repository of standards-based vulnerability management data. From the NVD website, the data "enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, misconfigurations, product names, and impact metrics".

Using the CVE and NVD List

Task Description:

Follow the tasks below and enter the information you learn from the CVE list for common software vulnerabilities.

Task List:

Go to the Search CVE List website: https://cve.mitre.org/cve/search_cve_list.html

In the search bar, type the name of a common operating system or application. For this exercise, you can use Windows 10 and click on the submit button.

Review the information about vulnerabilities associated with Windows 10. In the box below, list three that you observe. Include the CVE Name.

Click on the hyperlink for one of the CVE names in the list. This provides more information on that specific vulnerability.

Next to the CVE Name, click on the link that says Learn more at National Vulnerability Database (NVD). This takes you to even more information about the vulnerability from NIST's NVD. Note the vulnerability base score and links for more information.

Task Feedback:

Each of the websites in this exercise is part of the process for determining the severity of known software vulnerabilities. Explore the information about the vulnerability to determine the likelihood and impact of exploits.

Using the CVE and NVD List

QUESTION:

Use the area to note your results in performing the tasks above.

ANSWER:

Your answers will vary depending on the current results from the CVE and NVD searches. Explore the information about the vulnerability to determine the likelihood and impact of exploits.