Top 19+ Vulnerability CVEs in Santa’s Dashboard Tracking

Felix Jimenez

A recent report identified 19+ vulnerabilities that should be mitigated by end of year 2019. These are a range of top vulnerabilities attacked and leveraged by Advance Persistent Threat (APT) actors from all parts of the world.

The list below shows those top 19 vulnerabilities, and it should be no surprise that you can easily track and remediate them via a dashboard within Qualys. Import the dashboard into your subscription for easy insight into what assets and vulnerabilities in your organization are at risk.

No.CVEProducts Affected by CVECVSS Score (NVD)Examples of Threat Actors
1CVE-2017-11882Microsoft Office7.8APT32 (Vietnam), APT34 (Iran), APT40 (China), APT-C-35 (India), Cobalt Group (Spain, Ukraine), Silent Group (Russia), Lotus Blossom (China), FIN7 (Russia)
2CVE-2018-8174Microsoft Windows7.5Silent Group (Russia), Dark Hotel APT (North Korea)
3CVE-2017-0199Microsoft Office, Windows7.8APT34 (Iran), APT40 (China), APT-C-35 (India), Cobalt Group (Spain, Ukraine), APT37 (North Korea), Silent Group (Russia), Gorgon Group (Pakistan), Gaza Cybergang (Iran)
4CVE-2018-4878Adobe Flash Player, Red Hat Enterprise Linux9.8APT37 (North Korea), Lazarus Group (North Korea)
5CVE-2017-10271Oracle WebLogic Server7.5Rocke Gang (Chinese Cybercrime)
6CVE-2019-0708Microsoft Windows9.8Kelvin SecTeam (Venezuela, Colombia, Peru)
7CVE-2017-5638Apache Struts10Lazarus Group (North Korea)
8CVE-2017-5715ARM, Intel5.6Unknown
9CVE-2017-8759Microsoft .net Framework7.8APT40 (China), Cobalt Group (Spain, Ukraine), APT10 (China)
10CVE-2018-20250RARLAB WinRAR7.8APT32 (Vietnam), APT33 (Iran), APT-C-27 (Iran), Lazarus Group (North Korea), MuddyWater APT (Iran)
11CVE-2018-7600Debian, Drupal9.8Kelvin SecTeam (Venezuela, Colombia, Peru), Sea Turtle (Iran)
12CVE-2018-10561DASAN Networks9.8Kelvin SecTeam (Venezuela, Colombia, Peru)
13CVE-2012-0158MicrosoftN/A; 9.3*APT28 (Russia), APT-C-35 (India), Cobalt Group (Spain, Ukraine), Lotus Blossom (China), Goblin Panda (China), Gorgon Group (Pakistan), APT40 (China)
14CVE-2017-8570Microsoft Office7.8APT-C-35 (India), Cobalt Group (Spain, Ukraine), APT23 (China)
15CVE-2018-0802Microsoft Office7.8Cobalt Group (Spain, Ukraine), APT37 (North Korea), Silent Group (Russia), Cloud Atlas (Unknown), Cobalt Group (Spain, Ukraine), Goblin Panda (China), APT23 (China), APT27 (China), Rancor Group (China), Temp.Trident (China)
16CVE-2017-0143Microsoft SMB8.1APT3 (China), Calypso (China)
17CVE-2018-12130Fedora5.6Iron Tiger (China), APT3 (China), Calypso (China)
18CVE-2019-2725Oracle WebLogic Server9.8Panda (China)
19CVE-2019-3396Atlassian Confluence9.8APT41 (China), Rocke Gang (Chinese Cybercrime)

* according to cvedetails.com

Detecting the Top 19 CVEs

Qualys has detections (QIDs) for Qualys Vulnerability Management that cover authenticated and remotely detected vulnerabilities supported by Qualys scanners and Qualys Cloud Agent.

To return a list of all impacted hosts, use the following QQL query within the VM Dashboard:

vulnerabilities.vulnerability.cveIds:[CVE-2017-11882, CVE-2018-8174, CVE-2017-0199, CVE-2018-4878, CVE-2017-10271, CVE-2019-0708, CVE-2017-5638, CVE-2017-5715, CVE-2017-8759, CVE-2018-20250, CVE-2018-7600, CVE-2018-10561, CVE-2012-0158, CVE-2017-8570, CVE-2018-0802, CVE-2017-0143, CVE-2018-12130, CVE-2019-2725, CVE-2019-3396]

You can import the following dashboard to track all 19 CVEs as shown in the template below:

Alerts

The Qualys Cloud Platform enables you to continuously monitor for vulnerabilities and misconfigurations and get alerted for your most critical assets.

See how to set up notifications for new and updated QIDs.

Tracking Per-Year Environment Impact and Remediation

The Qualys visualization team has included a Per-Year Environment Insight View Dashboard for easy tracking and remediation. This dashboard has been included in release 2.42 and can be found within the dashboard templates library. It will automatically show your systems whether scanned internally, externally or on remote mobile computers with the groundbreaking Qualys Cloud Agent.

This Per-Year Environment Insight View Dashboard will display data per year based on First Found date, followed by Vulnerability Status, Severity, Compliance, Real-Time Threat Intelligence (RTI)s from Qualys Threat Protection, and Vulnerability Published Dates, allowing for an easy glance across your environment.

Get Started Now

To start detecting and remediating these vulnerabilities now, get a Qualys Suite trial.

Visit the Qualys Community to download other dashboards created by your SMEs and Product Management team and import them into your subscription for further data insights.

Show Comments (1)

Comments

Your email address will not be published. Required fields are marked *