| Name |
Scanning for Vulnerable Software |
|
| Likelyhood of attack |
Typical severity |
| High |
Low |
|
| Summary |
An attacker engages in scanning activity to find vulnerable software versions or types, such as operating system versions or network services. Vulnerable or exploitable network configurations, such as improperly firewalled systems, or misconfigured systems in the DMZ or external network, provide windows of opportunity for an attacker. Common types of vulnerable software include unpatched operating systems or services (e.g FTP, Telnet, SMTP, SNMP) running on open ports that the attacker has identified. Attackers usually begin probing for vulnerable software once the external network has been port scanned and potential targets have been revealed. |
| Prerequisites |
Access to the network on which the targeted system resides. Software tools used to probe systems over a range of ports and protocols. |
| Solutions | |
| Related Weaknesses |
|
CWE ID
|
Description
|
| CWE-200 |
Exposure of Sensitive Information to an Unauthorized Actor |
|
| Related CAPECS |
|
CAPEC ID
|
Description
|
| CAPEC-541 |
An adversary engages in fingerprinting activities to determine the type or version of an application installed on a remote target. |
|