Vulnerability Analysis

Vulnerability analysis is the process of identifying, classifying, and prioritising security weaknesses discovered during scanning. Rather than immediately exploiting every finding, skilled penetration testers analyse vulnerabilities to determine which ones pose the greatest risk and are most likely to succeed.

---

What is a Vulnerability?

A vulnerability is a weakness in a system that can be exploited to compromise its confidentiality, integrity, or availability:

Category	Examples
Software bugs	Buffer overflows, use-after-free, race conditions
Misconfigurations	Default credentials, open ports, excessive permissions
Design flaws	Weak authentication mechanisms, lack of encryption
Missing patches	Unpatched operating systems, libraries, or applications
Human factors	Weak passwords, susceptibility to phishing

---

CVE — Common Vulnerabilities and Exposures

CVEs are standardised identifiers for publicly known vulnerabilities:

CVE Format

CVE-YYYY-NNNNN
│    │     │
│    │     └── Sequential number
│    └── Year of assignment
└── CVE prefix

Example

CVE-2021-44228 — Log4Shell
  - Affected: Apache Log4j 2.x
  - Impact: Remote Code Execution
  - CVSS Score: 10.0 (Critical)

CVE Databases

Database	URL	Description
NVD	nvd.nist.gov	NIST National Vulnerability Database
MITRE CVE	cve.mitre.org	Official CVE list
CVE Details	cvedetails.com	Searchable CVE database with statistics
Exploit-DB	exploit-db.com	Vulnerability exploits and proof-of-concepts
VulnDB	vulndb.cyberriskanalytics.com	Commercial vulnerability intelligence

---

CVSS — Common Vulnerability Scoring System

CVSS provides a standardised way to rate vulnerability severity:

CVSS v3.1 Severity Ratings

Score Range	Severity	Example
0.0	None	Informational finding
0.1–3.9	Low	Information disclosure with limited impact
4.0–6.9	Medium	Cross-site scripting requiring user interaction
7.0–8.9	High	SQL injection with data access
9.0–10.0	Critical	Remote code execution without authentication

CVSS Base Metrics

Metric Group	Metrics	Description
Attack Vector	Network, Adjacent, Local, Physical	How the vulnerability is exploited
Attack Complexity	Low, High	Conditions required for exploitation
Privileges Required	None, Low, High	Authentication needed
User Interaction	None, Required	Does a user need to take action?
Scope	Unchanged, Changed	Can the impact extend beyond the vulnerable component?
Impact	Confidentiality, Integrity, Availability	What is affected? (None, Low, High)

Calculating a CVSS Score

Example: SQL Injection in a login form