Top 19+ Vulnerability CVEs in Santa’s Dashboard Tracking

A recent report identified 19+ vulnerabilities that should be mitigated by end of year 2019. These are a range of top vulnerabilities attacked and leveraged by Advance Persistent Threat (APT) actors from all parts of the world.

The list below shows those top 19 vulnerabilities, and it should be no surprise that you can easily track and remediate them via a dashboard within Qualys. Import the dashboard into your subscription for easy insight into what assets and vulnerabilities in your organization are at risk.

No. CVE Products Affected by CVE CVSS Score (NVD) Examples of Threat Actors
1 CVE-2017-11882 Microsoft Office 7.8 APT32 (Vietnam), APT34 (Iran), APT40 (China), APT-C-35 (India), Cobalt Group (Spain, Ukraine), Silent Group (Russia), Lotus Blossom (China), FIN7 (Russia)
2 CVE-2018-8174 Microsoft Windows 7.5 Silent Group (Russia), Dark Hotel APT (North Korea)
3 CVE-2017-0199 Microsoft Office, Windows 7.8 APT34 (Iran), APT40 (China), APT-C-35 (India), Cobalt Group (Spain, Ukraine), APT37 (North Korea), Silent Group (Russia), Gorgon Group (Pakistan), Gaza Cybergang (Iran)
4 CVE-2018-4878 Adobe Flash Player, Red Hat Enterprise Linux 9.8 APT37 (North Korea), Lazarus Group (North Korea)
5 CVE-2017-10271 Oracle WebLogic Server 7.5 Rocke Gang (Chinese Cybercrime)
6 CVE-2019-0708 Microsoft Windows 9.8 Kelvin SecTeam (Venezuela, Colombia, Peru)
7 CVE-2017-5638 Apache Struts 10 Lazarus Group (North Korea)
8 CVE-2017-5715 ARM, Intel 5.6 Unknown
9 CVE-2017-8759 Microsoft .net Framework 7.8 APT40 (China), Cobalt Group (Spain, Ukraine), APT10 (China)
10 CVE-2018-20250 RARLAB WinRAR 7.8 APT32 (Vietnam), APT33 (Iran), APT-C-27 (Iran), Lazarus Group (North Korea), MuddyWater APT (Iran)
11 CVE-2018-7600 Debian, Drupal 9.8 Kelvin SecTeam (Venezuela, Colombia, Peru), Sea Turtle (Iran)
12 CVE-2018-10561 DASAN Networks 9.8 Kelvin SecTeam (Venezuela, Colombia, Peru)
13 CVE-2012-0158 Microsoft N/A; 9.3* APT28 (Russia), APT-C-35 (India), Cobalt Group (Spain, Ukraine), Lotus Blossom (China), Goblin Panda (China), Gorgon Group (Pakistan), APT40 (China)
14 CVE-2017-8570 Microsoft Office 7.8 APT-C-35 (India), Cobalt Group (Spain, Ukraine), APT23 (China)
15 CVE-2018-0802 Microsoft Office 7.8 Cobalt Group (Spain, Ukraine), APT37 (North Korea), Silent Group (Russia), Cloud Atlas (Unknown), Cobalt Group (Spain, Ukraine), Goblin Panda (China), APT23 (China), APT27 (China), Rancor Group (China), Temp.Trident (China)
16 CVE-2017-0143 Microsoft SMB 8.1 APT3 (China), Calypso (China)
17 CVE-2018-12130 Fedora 5.6 Iron Tiger (China), APT3 (China), Calypso (China)
18 CVE-2019-2725 Oracle WebLogic Server 9.8 Panda (China)
19 CVE-2019-3396 Atlassian Confluence 9.8 APT41 (China), Rocke Gang (Chinese Cybercrime)

* according to cvedetails.com

Detecting the Top 19 CVEs

Qualys has detections (QIDs) for Qualys Vulnerability Management that cover authenticated and remotely detected vulnerabilities supported by Qualys scanners and Qualys Cloud Agent.

To return a list of all impacted hosts, use the following QQL query within the VM Dashboard:

vulnerabilities.vulnerability.cveIds:[CVE-2017-11882, CVE-2018-8174, CVE-2017-0199, CVE-2018-4878, CVE-2017-10271, CVE-2019-0708, CVE-2017-5638, CVE-2017-5715, CVE-2017-8759, CVE-2018-20250, CVE-2018-7600, CVE-2018-10561, CVE-2012-0158, CVE-2017-8570, CVE-2018-0802, CVE-2017-0143, CVE-2018-12130, CVE-2019-2725, CVE-2019-3396]

You can import the following dashboard to track all 19 CVEs as shown in the template below:

Alerts

The Qualys Cloud Platform enables you to continuously monitor for vulnerabilities and misconfigurations and get alerted for your most critical assets.

See how to set up notifications for new and updated QIDs.

Tracking Per-Year Environment Impact and Remediation

The Qualys visualization team has included a Per-Year Environment Insight View Dashboard for easy tracking and remediation. This dashboard has been included in release 2.42 and can be found within the dashboard templates library. It will automatically show your systems whether scanned internally, externally or on remote mobile computers with the groundbreaking Qualys Cloud Agent.

This Per-Year Environment Insight View Dashboard will display data per year based on First Found date, followed by Vulnerability Status, Severity, Compliance, Real-Time Threat Intelligence (RTI)s from Qualys Threat Protection, and Vulnerability Published Dates, allowing for an easy glance across your environment.

 

Get Started Now

To start detecting and remediating these vulnerabilities now, get a Qualys Suite trial.

Visit the Qualys Community to download other dashboards created by your SMEs and Product Management team and import them into your subscription for further data insights.

One response to “Top 19+ Vulnerability CVEs in Santa’s Dashboard Tracking”

  1. Hello,
    very happy to say, your post is very interesting to read. I never stop myself to say something about it. You’re doing a great job. Keep it up.

Leave a Reply