Exercise: Researching and Validating Findings

Consider this to be a list of vulnerabilities found within your organization. Explore these issues and then answer the exercise question.

• CVE-2020-0609 Remote code execution
• CVE-2019-7183 Error handling
• CVE-2019-1483 Windows priv escalation
• CVE-2019-16444 Adobe Acrobat
• CVE-2019-8512 iOS issue
• CVE-2014-3211 Publify software
• CVE-2019-20669 Netgear

Context

The company primarily uses Windows, but there are a few Apple devices as well. Last year the company started paying special attention to access security and put a privileged access management solution in place. In addition, to reduce risks, administrative rights have been removed from end-user devices, and Windows Remote Desktop Gateway (RD Gateway) has been disabled from all company systems through a group managed security policy.

QUESTION:

Use the context provided to identify and explain which vulnerability might be a false positive in the provided list of issues.