search

CyberSecAI / CWEMap

Apache License 2.0
0 stars 0 forks source link

Extract Key Phrases #6

Closed Crashedmind closed 1 month ago

Crashedmind commented 2 months ago

Description, Use Case and User Stories

From: Connor Mullaly 8/12/2024 possibility for the model to return hints when the inputs are using impact-oriented, attack-oriented, or mitigation-oriented language

See also the clarification comment below from 8/28 meeting https://github.com/CyberSecAI/CWEMap/issues/6#issuecomment-2315889418

Definition of Ready

  1. Requirement is understood

Acceptance Criteria

  1. The output is demo'd and feedback received - to be implemented in future iterations.

Additional context

Crashedmind commented 2 months ago

Aug 28 clarification:

sometimes CVE descriptions will focus on the technical impact - not the Root Cause weakness e.g. information disclosure

weakness not about controlling info in your output e.g. info exposure

i.e. info exposure impact vs info exposure weakness

memory leak is an impact oriented term in some cases the weakness is in not freeing the memory also memory disclosure

need to:

  1. disambiguate
  2. need to help people think in terms of weakness - not impacts e.g. RCE, DOS, info leak

causes, results in

Weakness vs. Vulnerability Language

  1. https://cwe.mitre.org/documents/cwe_usage/guidance.html
  2. https://www.cve.org/Resources/General/Key-Details-Phrasing.pdf
Crashedmind commented 2 months ago

here's an example of an auto-generated report that extracts the keyphrases to disambiguate weakness vs impact

Vulnerability Report

Original Vulnerability Description

The Cisco Discovery Protocol implementation in Cisco IOS XR Software does not do improper validation of string input from certain fields which could allow an unauthenticated, adjacent attacker to execute arbitrary code or cause a reload on an affected device. The vulnerability is due to improper validation of string input from certain fields in Cisco Discovery Protocol messages. An attacker could exploit this vulnerability by sending a malicious Cisco Discovery Protocol packet to an affected device.

Extracted Key Phrases

Category Description
[WEAKNESS] Improper validation of string input
[PRODUCT] Cisco Discovery Protocol implementation in Cisco IOS XR Software
[VERSION] Not specified
[ATTACKER] Unauthenticated, adjacent attacker
[IMPACT] Execute arbitrary code or cause a reload on an affected device
[VECTOR] Sending a malicious Cisco Discovery Protocol packet to an affected device
[ROOTCAUSE] Improper validation of string input from certain fields in Cisco Discovery Protocol messages

Similar CVEs from the NVD

CWE-ID CWE-Description CVE-ID CVE-Description
CWE-78 OS Command Injection CVE-2017-12243 A vulnerability in the Cisco Unified Computing System (UCS) Manager, Cisco Firepower 4100 Series Next-Generation Firewall (NGFW), and Cisco Firepower 9300 Security Appliance could allow an authenticated, local attacker to obtain root shell privileges on the device, aka Command Injection. The vulnerability is due to improper validation of string input in the shell application. An attacker could exploit this vulnerability through the use of malicious commands. A successful exploit could allow the attacker to obtain root shell privileges on the device.
CWE-20 Improper Input Validation CVE-2019-1831 A vulnerability in the email message scanning of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass configured content filters on the device. The vulnerability is due to improper input validation of the email body. An attacker could exploit this vulnerability by inserting specific character strings in the message. A successful exploit could allow the attacker to bypass configured content filters that would normally drop the email.
CWE-787, CWE-134 Out-of-bounds Write, Use of Externally-Controlled Format String CVE-2020-3118 A vulnerability in the Cisco Discovery Protocol implementation for Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to execute arbitrary code or cause a reload on an affected device. The vulnerability is due to improper validation of string input from certain fields in Cisco Discovery Protocol messages. An attacker could exploit this vulnerability by sending a malicious Cisco Discovery Protocol packet to an affected device. A successful exploit could allow the attacker to cause a stack overflow, which could allow the attacker to execute arbitrary code with administrative privileges on an affected device.

Similar CVEs from Top 25 CWE Mappings

CWE-ID CWE-Description CVE-ID CVE-Description
CWE-20 Improper Input Validation CVE-2021-0322 In onCreate of SlicePermissionActivity.java, there is a possible misleading string displayed due to improper input validation. This could lead to local information disclosure with User execution privileges needed. User interaction is needed for exploitation.
CWE-704 Incorrect Type Conversion or Cast CVE-2021-28918 Improper input validation of octal strings in netmask npm package v1.0.6 and below allows unauthenticated remote attackers to perform indeterminate SSRF, RFI, and LFI attacks on many of the dependent packages. A remote unauthenticated attacker can bypass packages relying on netmask to filter IPs and reach critical VPN or LAN hosts.