System Filter: FireEye Exposure

Information regarding the FireEye Exposure system filter in RiskSense.

Nine out of the 16 vulnerabilities that exposed FireEye were included in RiskSense’s Attack Surface list first published on October 28th, 2020. The table below captures the vulnerabilities associated with the breach, along with their corresponding Common Vulnerability Scoring System (CVSS), Vulnerability Risk Rating (VRR) and whether it is present in the Attack Surface list.

RiskSense believes in the value of the Attack Surface list and FireEye’s attack is just one example of the apparent need to prioritize and fix the vulnerabilities on the Attack Surface first.

CVE

Name

Threat Type

CVSS

VRR

In Attack Surface List?

CVE-2019-11510

Pre-auth arbitrary file reading from Pulse Secure SSL VPNs

Web Apps

10

9.66

Yes

CVE-2018-13379

Pre-auth arbitrary file reading from Fortinet Fortigate SSL VPN

Web Apps

9.8

9.13

No

CVE-2018-15961

RCE via Adobe ColdFusion (arbitrary file upload that can be used to upload a JSP web shell)

Web Apps

9.8

10

Yes

CVE-2019-0604

RCE for Microsoft Sharepoint

RCE

9.8

10

Yes

CVE-2019-11580

Atlassian Crowd Remote Code Execution

RCE

9.8

10

Yes

CVE-2019-19781

RCE of Citrix Application Delivery Controller and Citrix Gateway

RCE

9.8

10

Yes

CVE-2019-3398

Confluence Authenticated Remote Code Execution

RCE

8.8

10

No

CVE-2020-0688

Remote Command Execution in Microsoft Exchange - requires auth

RCE

8.8

9.92

Yes

CVE-2018-8581

Microsoft Exchange Server escalation of privileges - requires auth

PE

7.4

8.18

No

CVE-2020-10189

RCE for ZoHo ManageEngine Desktop Central

RCE

9.8

10

Yes

CVE-2019-8394

Arbitrary pre-auth file upload to ZoHo ManageEngine ServiceDesk Plus

Web App

6.5

6.47  

No

CVE-2020-1472

Netlogon Elevation of Privilege Vulnerability

PE

10

9.88

Yes

CVE-2019-0708

Remote Desktop Services Remote Code Execution Vulnerability

RCE

9.8

10

Yes

CVE-2014-1812

Group Policy Preferences Password Elevation of Privilege Vulnerability.

PE

9.0

9.18

No

CVE-2016-0167

Win32k Elevation of Privilege Vulnerability

PE

7.8

8.44

No

CVE-2017-11774

Microsoft Outlook Security Feature Bypass Vulnerability

Exploit

7.8

7.22

No