Skip to content

Hide Navigation Hide TOC

Edit

Branded Vulnerability

List of known vulnerabilities and attacks with a branding

Authors
Authors and/or Contributors
Unknown

Meltdown

Meltdown exploits the out-of-order execution feature of modern processors, allowing user-level programs to access kernel memory using processor caches as covert side channels. This is specific to the way out-of-order execution is implemented in the processors. This vulnerability has been assigned CVE-2017-5754.

Internal MISP references

UUID 70bee5b7-0fa3-4a4d-98ee-d8ab787c6db1 which can be used as unique global reference for Meltdown in MISP communities and other software using the MISP galaxy

Associated metadata
Metadata key Value
aliases ['CVE-2017-5754']
logo ['https://upload.wikimedia.org/wikipedia/commons/thumb/5/56/Meltdown_with_text.svg/300px-Meltdown_with_text.svg.png']

Spectre

Spectre exploits the speculative execution feature that is present in almost all processors in existence today. Two variants of Spectre are known and seem to depend on what is used to influence erroneous speculative execution. The first variant triggers speculative execution by performing a bounds check bypass and has been assigned CVE-2017-5753. The second variant uses branch target injection for the same effect and has been assigned CVE-2017-5715.

Internal MISP references

UUID 36168188-6d14-463a-9713-f88764a83329 which can be used as unique global reference for Spectre in MISP communities and other software using the MISP galaxy

Associated metadata
Metadata key Value
aliases ['CVE-2017-5753', 'CVE-2017-5715']
logo ['https://en.wikipedia.org/wiki/File:Spectre_with_text.svg']

Heartbleed

Heartbleed is a security bug in the OpenSSL cryptography library, which is a widely used implementation of the Transport Layer Security (TLS) protocol. It was introduced into the software in 2012 and publicly disclosed in April 2014. Heartbleed may be exploited regardless of whether the vulnerable OpenSSL instance is running as a TLS server or client. It results from improper input validation (due to a missing bounds check) in the implementation of the TLS heartbeat extension, thus the bug's name derives from heartbeat. The vulnerability is classified as a buffer over-read,[5] a situation where more data can be read than should be allowed.

Internal MISP references

UUID d6d85947-e6ee-4d2e-bb48-437f31c7a270 which can be used as unique global reference for Heartbleed in MISP communities and other software using the MISP galaxy

Associated metadata
Metadata key Value
aliases ['CVE-2014–0160']
logo ['https://upload.wikimedia.org/wikipedia/commons/thumb/d/dc/Heartbleed.svg/440px-Heartbleed.svg.png']

Shellshock

Shellshock, also known as Bashdoor, is a family of security bugs in the widely used Unix Bash shell, the first of which was disclosed on 24 September 2014. Many Internet-facing services, such as some web server deployments, use Bash to process certain requests, allowing an attacker to cause vulnerable versions of Bash to execute arbitrary commands. This can allow an attacker to gain unauthorized access to a computer system.

Internal MISP references

UUID 2102db77-5a51-40c1-bfc1-38fb7dcb7f05 which can be used as unique global reference for Shellshock in MISP communities and other software using the MISP galaxy

Associated metadata
Metadata key Value
aliases ['CVE-2014–6271']
logo ['https://upload.wikimedia.org/wikipedia/commons/thumb/4/44/Shellshock-bug.png/440px-Shellshock-bug.png', 'https://upload.wikimedia.org/wikipedia/commons/8/86/Shellshock.png', 'https://cdn-images-1.medium.com/max/1600/1*bopQcJtKouPOJ_isSzanLw.png']

Ghost

The GHOST vulnerability is a serious weakness in the Linux glibc library. It allows attackers to remotely take complete control of the victim system without having any prior knowledge of system credentials. CVE-2015-0235 has been assigned to this issue. During a code audit Qualys researchers discovered a buffer overflow in the __nss_hostname_digits_dots() function of glibc. This bug can be triggered both locally and remotely via all the gethostbyname() functions. Applications have access to the DNS resolver primarily through the gethostbyname() set of functions. These functions convert a hostname into an IP address.

Internal MISP references

UUID a1640081-aa8d-4070-84b2-d23e2ae82799 which can be used as unique global reference for Ghost in MISP communities and other software using the MISP galaxy

Associated metadata
Metadata key Value
aliases ['CVE-2015–0235']
logo ['https://cdn-images-1.medium.com/max/1600/1*HnCEOo0RUT1fliJjRT02lA.png']

Stagefright

Stagefright is the name given to a group of software bugs that affect versions 2.2 ("Froyo") and newer of the Android operating system. The name is taken from the affected library, which among other things, is used to unpack MMS messages. Exploitation of the bug allows an attacker to perform arbitrary operations on the victim's device through remote code execution and privilege escalation. Security researchers demonstrate the bugs with a proof of concept that sends specially crafted MMS messages to the victim device and in most cases requires no end-user actions upon message reception to succeed—the user doesn’t have to do anything to ‘accept’ the bug, it happens in the background. The phone number is the only target information.

Internal MISP references

UUID 352916e7-62bf-4b0c-bce7-da759d1a4f5f which can be used as unique global reference for Stagefright in MISP communities and other software using the MISP galaxy

Associated metadata
Metadata key Value
aliases ['CVE-2015-1538', 'CVE-2015-1539', 'CVE-2015-3824', 'CVE-2015-3826', 'CVE-2015-3827', 'CVE-2015-3828', 'CVE-2015-3829', 'CVE-2015-3864']
logo ['https://upload.wikimedia.org/wikipedia/en/f/f2/Stagefright_bug_logo.png', 'https://cdn-images-1.medium.com/max/1600/1*-Ivm3lZHNaOUwmklT4Rb1g.png']

Badlock

Badlock is a security bug disclosed on April 12, 2016 affecting the Security Account Manager (SAM) and Local Security Authority (Domain Policy) (LSAD) remote protocols[1] supported by Windows and Samba servers.

Internal MISP references

UUID 74f2bd2c-69f1-4d28-8d42-94b7ef89f31e which can be used as unique global reference for Badlock in MISP communities and other software using the MISP galaxy

Associated metadata
Metadata key Value
logo ['https://upload.wikimedia.org/wikipedia/commons/thumb/4/4b/Badlock_logo.svg/440px-Badlock_logo.svg.png', 'https://cdn-images-1.medium.com/max/1600/1*EVbwwxEBOU83NKxgQrPG9w.png']

Dirty COW

Dirty COW (Dirty copy-on-write) is a computer security vulnerability for the Linux kernel that affects all Linux-based operating systems including Android. It is a local privilege escalation bug that exploits a race condition in the implementation of the copy-on-write mechanism in the kernel's memory-management subsystem. The vulnerability was discovered by Phil Oester. Because of the race condition, with the right timing, a local attacker can exploit the copy-on-write mechanism to turn a read-only mapping of a file into a writable mapping. Although it is a local privilege escalation, remote attackers can use it in conjunction with other exploits that allow remote execution of non-privileged code to achieve remote root access on a computer. The attack itself does not leave traces in the system log.

Internal MISP references

UUID 54196537-cb0c-425c-83d6-437d41b4cc65 which can be used as unique global reference for Dirty COW in MISP communities and other software using the MISP galaxy

Associated metadata
Metadata key Value
aliases ['CVE-2016-5195']
logo ['https://upload.wikimedia.org/wikipedia/commons/thumb/1/1b/DirtyCow.svg/440px-DirtyCow.svg.png']

POODLE

The POODLE attack (which stands for "Padding Oracle On Downgraded Legacy Encryptio") is a man-in-the-middle exploit which takes advantage of Internet and security software clients' fallback to SSL 3.0. If attackers successfully exploit this vulnerability, on average, they only need to make 256 SSL 3.0 requests to reveal one byte of encrypted messages. Bodo Möller, Thai Duong and Krzysztof Kotowicz from the Google Security Team discovered this vulnerability; they disclosed the vulnerability publicly on October 14, 2014 (despite the paper being dated "September 2014" ). Ivan Ristic does not consider the POODLE attack as serious as the Heartbleed and Shellshock attacks. On December 8, 2014 a variation of the POODLE vulnerability that affected TLS was announced.

Internal MISP references

UUID 22b9af72-48c9-4da1-b13d-15667dbdd998 which can be used as unique global reference for POODLE in MISP communities and other software using the MISP galaxy

Associated metadata
Metadata key Value
aliases ['CVE-2014-3566']

BadUSB

The ‘BadUSB’ vulnerability exploits unprotected firmware in order to deliver malicious code to computers and networks. This is achieved by reverse-engineering the device and reprogramming it. As the reprogrammed firmware is not monitored or assessed by modern security software, this attack method is extremely difficult for antivirus/security software to detect and prevent.

Internal MISP references

UUID bc3a3299-1443-4390-8b25-4bb280c1abd7 which can be used as unique global reference for BadUSB in MISP communities and other software using the MISP galaxy

ImageTragick

Internal MISP references

UUID e85e1270-eec5-4331-8004-a063125a54b4 which can be used as unique global reference for ImageTragick in MISP communities and other software using the MISP galaxy

Associated metadata
Metadata key Value
aliases ['CVE-2016–3714']
logo ['https://imagetragick.com/img/logo-medium.png']

Blacknurse

Blacknurse is a low bandwidth DDoS attack involving ICMP Type 3 Code 3 packets causing high CPU loads first discovered in November 2016. The earliest samples we have seen supporting this DDoS method are from September 2017.

Internal MISP references

UUID 3c2325e4-b740-11e8-9504-b32b4d974add which can be used as unique global reference for Blacknurse in MISP communities and other software using the MISP galaxy

Associated metadata
Metadata key Value
logo ['http://blacknurse.dk/____impro/1/onewebmedia/blacknurse2.png?etag=W%2F%2214e7-5761287d%22&sourceContentType=image%2Fpng&ignoreAspectRatio&resize=200%2B200&extract=0%2B40%2B200%2B114']

SPOILER

SPOILER is a security vulnerability on modern computer central processing units that uses speculative execution to improve the efficiency of Rowhammer and other related memory and cache attacks. According to reports, all modern Intel CPUs are vulnerable to the attack. AMD has stated that its processors are not vulnerable.

Internal MISP references

UUID 3434339f-ea87-472e-a330-62d2b5cf2c26 which can be used as unique global reference for SPOILER in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value

BlueKeep

A ‘wormable’ critical Remote Code Execution (RCE) vulnerability in Remote Desktop Services that could soon become the new go-to vector for spreading malware

Internal MISP references

UUID 4f993170-f264-4c39-8c7f-58f9f2b9d105 which can be used as unique global reference for BlueKeep in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value