Exercise: Prioritizing Findings

Consider this to be a list of vulnerabilities found within your organization. Explore these issues and then answer the exercise question.

• CVE-2020-0609 Remote code execution
• CVE-2019-7183 Error handling
• CVE-2019-1483 Windows priv escalation
• CVE-2019-16444 Adobe Acrobat
• CVE-2019-8512 iOS issue
• CVE-2014-3211 Publify software
• CVE-2019-20669 Netgear

QUESTION:

Let's say you've done validation and all of the findings in the list are true positives. Which vulnerability would you fix first, what harm could it cause, and how can it be fixed?