1. Perform Vulnerability Research with Vulnerability Scoring Systems and Databases

Vulnerability research provides awareness of advanced techniques to identify flaws or loopholes in the software that could be exploited.

1. CWE common weakness enumeration

Common Weakness Enumeration (CWE) is a category system for software vulnerabilities and weaknesses. It has numerous categories of weaknesses that means that CWE can be effectively employed by the community as a baseline for weakness identification, mitigation, and prevention efforts. Further, CWE has an advanced search technique with which you can search and view the weaknesses based on research concepts, development concepts, and architectural concepts.

Launch any web browser, and go to https://cwe.mitre.org/ website (here, we are using Mozilla Firefox).
If the Default Browser pop-up window appears, uncheck the Always perform this check when starting Firefox checkbox and click the Not now button.
If a New in Firefox: Content Blocking pop-up window appears, follow the step and click start browsing to finish viewing the information.
CWE website appears. Navigate to Search tab, in the Google Custom Search under CWE List Quick Access section and search for SMB in the search field.
Here, we are searching for the vulnerabilities of the running services that were found in the target systems in previous module labs (Module 04 Enumeration).
The search results appear, scroll-down to view the underlying vulnerabilities in the target service (here, SMB). You can click any link to view detailed information on the vulnerability.
The search results might differ when you perform this task
Now, click any link (here, CWE-284) to view detailed information about the vulnerability.
Similarly, you can click on other vulnerabilities and view detailed information.
Now, navigate to the CWE List tab. CWE List Version will be displayed. Scroll down, and under the External Mappings section, select CWE Top 25 (2023).
The result might differ when you perform this task.
A webpage appears, displaying CWE VIEW: Weaknesses in the 2023 CWE Top 25 Most Dangerous Software Weaknesses. Scroll down and view a list of Weaknesses in the 2023 CWE Top 25 Most Dangerous Software Weaknesses under the Relationships section. You can check each weakness to view detailed information on it.
This information can be used to exploit the vulnerabilities in the software and further launch attacks.
The result showing publishing year might differ when you perform this task.

2. CVE Common vulnerabilities and exposures

3. NVD National Vulnerability Database

PreviousModule 5. Vulnerability Assessment Next2. Perform Vulnerability Assessment using Various Vulnerability Assessment Tools

Last updated 1 month ago

1. CWE common weakness enumeration

Launch any web browser, and go to https://cwe.mitre.org/ website (here, we are using Mozilla Firefox).

If the Default Browser pop-up window appears, uncheck the Always perform this check when starting Firefox checkbox and click the Not now button.

If a New in Firefox: Content Blocking pop-up window appears, follow the step and click start browsing to finish viewing the information.

CWE website appears. Navigate to Search tab, in the Google Custom Search under CWE List Quick Access section and search for SMB in the search field.

Here, we are searching for the vulnerabilities of the running services that were found in the target systems in previous module labs (Module 04 Enumeration).

The search results appear, scroll-down to view the underlying vulnerabilities in the target service (here, SMB). You can click any link to view detailed information on the vulnerability.

The search results might differ when you perform this task

Now, click any link (here, CWE-284) to view detailed information about the vulnerability.

Similarly, you can click on other vulnerabilities and view detailed information.

Now, navigate to the CWE List tab. CWE List Version will be displayed. Scroll down, and under the External Mappings section, select CWE Top 25 (2023).

The result might differ when you perform this task.

A webpage appears, displaying CWE VIEW: Weaknesses in the 2023 CWE Top 25 Most Dangerous Software Weaknesses. Scroll down and view a list of Weaknesses in the 2023 CWE Top 25 Most Dangerous Software Weaknesses under the Relationships section. You can check each weakness to view detailed information on it.

This information can be used to exploit the vulnerabilities in the software and further launch attacks.

The result showing publishing year might differ when you perform this task.