# 1. Perform Vulnerability Research with Vulnerability Scoring Systems and Databases ## 1. CWE common weakness enumeration Common Weakness Enumeration (CWE) is a category system for software vulnerabilities and weaknesses. It has numerous categories of weaknesses that means that CWE can be effectively employed by the community as a baseline for weakness identification, mitigation, and prevention efforts. Further, CWE has an advanced search technique with which you can search and view the weaknesses based on research concepts, development concepts, and architectural concepts. {% embed url="" %} 1. Launch any web browser, and go to **** website (here, we are using **Mozilla Firefox**). > If the **Default Browser** pop-up window appears, uncheck the **Always perform this check when starting Firefox** checkbox and click the **Not now** button. > If a **New in Firefox: Content Blocking** pop-up window appears, follow the step and click start browsing to finish viewing the information. 2. **CWE** website appears. Navigate to **Search** tab, in the **Google Custom Search** under **CWE List Quick Access** section and search for **SMB** in the search field. > Here, we are searching for the vulnerabilities of the running services that were found in the target systems in previous module labs (Module 04 Enumeration). ![](https://labondemand.blob.core.windows.net/content/lab168798/screens/afc0agzb.jpg) 3. The search results appear, scroll-down to view the underlying vulnerabilities in the target service (here, **SMB**). You can click any link to view detailed information on the vulnerability. > The search results might differ when you perform this task ![](https://labondemand.blob.core.windows.net/content/lab168798/screens/5smhdtx5.jpg) 4. Now, click any link (here, **CWE-284**) to view detailed information about the vulnerability. ![](https://labondemand.blob.core.windows.net/content/lab168798/screens/tnnjyosd.jpg) 5. Similarly, you can click on other vulnerabilities and view detailed information. 6. Now, navigate to the **CWE List** tab. **CWE List Version** will be displayed. Scroll down, and under the **External Mappings** section, select **CWE Top 25 (2023)**. > The result might differ when you perform this task. ![](https://labondemand.blob.core.windows.net/content/lab168798/screens/sk2upcls.jpg) 7. A webpage appears, displaying **CWE VIEW: Weaknesses in the 2023 CWE** **Top 25 Most Dangerous Software Weaknesses**. Scroll down and view a list of **Weaknesses in the 2023 CWE Top 25 Most Dangerous Software Weaknesses** under the **Relationships** section. You can check each weakness to view detailed information on it. > This information can be used to exploit the vulnerabilities in the software and further launch attacks. > The result showing publishing year might differ when you perform this task. ![](https://labondemand.blob.core.windows.net/content/lab168798/screens/0cd435es.jpg) ## 2. CVE Common vulnerabilities and exposures {% embed url="" %} ## 3. NVD National Vulnerability Database {% embed url="" %} {% embed url="" %} --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://ceh-practical.cavementech.com/module-5.-vulnerability-assessment/1.-perform-vulnerability-research-with-vulnerability-scoring-systems-and-databases.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.