CVE Records of Known Exploited Vulnerabilities
Understanding vulnerability trends is critical to the risk management process. The goal of this paper is to raise the awareness and inform the users about the Common Vulnerabilities and Exposures (CVE) associated with Known Exploited Vulnerabilities that might affect users of the products by gathering data from the National Vulnerability Database (NVD) and CVE details from 2017 to Present. We built a system using Python and CVE Analyzer, which allow users to search for specific CVE records based on CVE ID, vendors, products, published date and the last updated date and export rows of data based on the filtered keyword. We also analyze the overall frequency of CVE records each year regarding Common Vulnerability Scoring System (CVSS) base metric trends, the vendors, and products with the most ransomware vulnerabilities. Our findings show that the frequency of all ransomware vulnerabilities increased from 2019 to 2021. Also, the number of high CVSS score of CVE records associated with ransomware is higher than those with low CVSS scores. Apple and Microsoft are the top vendors with the most exploited ransomware vulnerabilities, and IOS and Windows 10 are the products with the highest vulnerable versions by Apple and Microsoft. Our system can help users to prevent and mitigate the impact of ransomware attacks using datasets and data analysis.
Funding
SIT ignition project (No. R-IE2-A405-0002)
History
Journal/Conference/Book title
2023 8th International Conference on Computer and Communication Systems (ICCCS), 21-23 April 2023, Guangzhou, China.Publication date
2023Version
- Post-print
Rights statement
Jackson Lim, Yi Lin Lau, Leshawn Khin Ming Chan, Jia Ming Tristan Paul Goo, Huahua Zhang, Zhiyuan Zhang, Huaqun Guo, "CVE Records of Known Exploited Vulnerabilities," 2023 8th International Conference on Computer and Communication Systems (ICCCS), Guangzhou, China, 2023, pp. 738-743, doi: 10.1109/ICCCS57501.2023.10150856. © 2023 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works.Project ID
- 11679 (R-IE2-A405-0002) Investigating Security Situation Awareness against Ransomware Attacks