2. Identified Risks
There are a number of organisations that maintain a database of vulnerabilities. The list below is not exhaustive, but the vulnerabilities listed in this report have been extracted from Cve.mitre.org (n.d.).
2.1 The Catastrophic List
These vulnerabilities were identified during the assessment and need urgent remediation as they pose a serious security risk to the organisation.
ID Vulnerability Description Risk Category Remediation Method
V001 A firewall is on the edge of the network acting as the first line of defence against any attempts to access the network without permission. However, the network not optimally protected, as the firewall is poorly managed. Catastrophic:
Attempts to scan or penetrate network will not be detected all the time. • Operating system firewall installed where required.
• Hardware firewall …show more content…
A penetration test can be performed.
V008 The kernel-mode drivers allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability. Marginal Validation of vulnerability must be conduct. A penetration test can be performed.
V009 The Graphics component allows attackers to execute arbitrary code via a crafted True Type font, aka "True Type Font Parsing Elevation of Privilege Vulnerability." Marginal Validation of vulnerability must be conduct. A penetration test can be performed.
V010 Graphics Device Interface (aka GDI or GDI) allows remote attackers to execute arbitrary code via a crafted embedded font, aka "GDI+ Remote Code Execution Vulnerability." Marginal Validation of vulnerability must be conduct. A penetration test can be