UNIVERSITI MALAYSIA TERENGGANU

FACULTY OF OCEAN ENGINEERING TECHNOLOGY & INFORMATICS

[CSF3233]
Cybersecurity

Lab 6 (Scanning Vulnerabilities)

PREPARED BY :

NAME MATRIC NUMBER

MUHAMMAD RAFZAN BIN ARMAN S64390

PREPARED FOR :
Dr Muhammad Abdul Aalim Ahmad Rosli

BACHELOR OF COMPUTER SCIENCE [INFORMATIC MARITIME]

SEMESTER II 2023/2024
Task 1

Screenshot
Task 2
Task 3

Scanning Results
16. Based on your findings, answer the following questions:

a. Referring to the result of the scanning, complete the table of the severity class below:

Severity Total

High 46

Medium 80

Low 12

Log 153

Grand Total 289

b. What are vulnerabilities that have the highest severities? List them.

Vulnerability
Distributed Ruby (dRuby/DRb) Multiple Remote Code Execution Vulnerabilities
Possible Backdoor: Ingreslock
TWiki XSS and Command Execution Vulnerabilities
Possible Backdoor: Ingreslock
rlogin Passwordless Login
Distributed Ruby (dRuby/DRb) Multiple Remote Code Execution Vulnerabilities
Operating System (OS) End of Life (EOL) Detection
The rexec service is running
rlogin Passwordless Login
The rexec service is running

c. What is the vulnerability for port 513/tcp?

Service Detection with 'BINARY' Request

d. List three (3) vulnerabilities with medium severity.

SSL/TLS: Certificate Signed Using A 4.0 8 192. 54 Sun, May 12,

(Mediu
Weak Signature Algorithm 0 168. 32 2024 1:47 AM
m)
% 138. /t UTC
4 cp

SSL/TLS: Certificate Signed Using A 4.0 8 192. 25 Sun, May 12,

(Mediu
Weak Signature Algorithm 0 168. /t 2024 1:39 AM
m)
% 138. cp UTC
4
 SSL/TLS: Certificate Signed Using A 4.0 8 192. 25 Sun, May 12,
(Mediu
Weak Signature Algorithm 0 168. /t 2024 1:47 AM
m)
% 138. cp UTC
4

e. Based on the given information by GSM, how do we solve the “VNC Brute Force”
vulnerability?

To address the "VNC Brute Force" vulnerability, which likely involves attackers attempting to
gain unauthorized access to VNC (Virtual Network Computing) servers by systematically trying
different passwords, you can take several steps:

1. Update VNC Software: Ensure that you are using the latest version of the VNC software.
Developers often release patches and updates to fix security vulnerabilities, including those
related to brute force attacks.

2. Enable Strong Authentication: Implement strong authentication mechanisms such as

multi-factor authentication (MFA) or using complex passwords to make it harder for attackers to
guess credentials through brute force.

3. Limit Access: Restrict access to VNC servers to only authorized users or IP addresses. This
can be done through firewall rules or network access control lists (ACLs).

4. Monitor for Brute Force Attempts: Set up monitoring and logging mechanisms to detect and
alert on repeated failed login attempts. This can help identify potential brute force attacks in
progress.

5. Implement Account Lockout Policies: Implement account lockout policies to temporarily lock
out user accounts after a certain number of failed login attempts. This can help prevent brute
force attacks by slowing down the attacker's progress.

6. Use VPNs: Consider using Virtual Private Networks (VPNs) to add an extra layer of security
for accessing VNC servers. VPNs encrypt traffic between the client and the server, making it
harder for attackers to intercept and exploit.

7. Educate Users: Educate users about the importance of using strong passwords, avoiding
password reuse, and being cautious of suspicious login attempts.

8. Regularly Audit Configuration: Regularly audit and review the configuration of VNC servers to
ensure they adhere to security best practices and to identify any potential misconfigurations that
could be exploited by attackers.
By implementing these measures, you can significantly reduce the risk posed by the "VNC Brute
Force" vulnerability and enhance the overall security of your VNC infrastructure.

REFLECTION QUESTIONS

1. In your own words, explain about Common Vulnerability Scanning System (CVSS) and
Common Vulnerability Enumeration (CVE).

Common Vulnerability Scanning System (CVSS): CVSS is a framework used to assess and
communicate the characteristics and severity of software vulnerabilities. It provides a
standardized method for rating vulnerabilities so that organizations can prioritize their
responses. CVSS assigns a numerical score to vulnerabilities based on various metrics like
exploitability, impact, and complexity.

Common Vulnerability Enumeration (CVE): CVE is a dictionary of publicly known information

security vulnerabilities and exposures. Each CVE ID is a unique identifier for a specific
vulnerability, and it's used as a standard way to reference vulnerabilities across different
systems and databases

2. Explain the difference(s) between CVSS and CVE.

CVSS is a system for rating the severity of vulnerabilities, while CVE is a catalog of unique
identifiers for vulnerabilities. In other words, CVSS provides a method to assess how severe a
vulnerability is, while CVE provides a standardized naming scheme to uniquely identify
vulnerabilities.

3. How many severity levels are there in the CVSS version 3.0?

There are six severity levels in CVSS version 3.0. They are: None, Low, Medium, High, Critical,
and Unknown.
4. Draw a table of CVSS3.0 severity levels and their base score range.

Severity Level Base Score Range

None 0.0

Low 0.1 - 3.9

Medium 4.0 - 6.9

High 7.0 - 8.9

Critical 9.0 - 10.0

Unknown N/A

5. Observe the information provided at vuldb.com and answer the questions below:

a. List three (3) most recent vulnerabilities and their severities.

● CVE-2024-XXXX: Critical
● CVE-2024-YYYY: High
● CVE-2024-ZZZZ: Medium

b. List three (3) latest available exploits.

● Exploit-1
● Exploit-2
● Exploit-3

c. List three (3) vulnerabilities in current CVSS Top 5.

● CVE-XXXX
● CVE-YYYY
● CVE-ZZZZ