There are two types of vulnerability scans. Authenticated Scan and Non-authenticated scan
Non-authenticated scan: This is when you scan target systems without providing any login credentials. In this type of scan, the scanning tool can only gather information that is accessible from external. This means the information that attackers scanning your network without any credentials from outside your organization can access, such as open ports. While non-authenticated scans may not provide as much detail as authenticated scans, they still play a valuable role in identifying common vulnerabilities, misconfigurations, and exposures that could be exploited by attackers. You can learn more here
Authenticated Scan This is a type of scan when you provide login credentials (such as usernames and passwords) to the scanning tool to log in to the target systems as an authorized user. This enables the scanning tool to access and collect more accurate and comprehensive vulnerability assessment results, which reduces false positives and produces more reliable risk prioritization. You can learn more here
In this post, we are going to analyze the results of the Qualys virtual scanner from the previous lab. Click here for a step-by-step guide on launching a Non-authenticated scan in Qualys virtual appliance. Click here for a step-by-step guide on launching an Authenticated scan in Qualys virtual appliance.
What are Confirmed Vulnerabilities?
Confirmed vulnerabilities refer to security issues that have been verified and confirmed through the scanning process. These vulnerabilities have been detected with a high level of confidence and are considered legitimate security risks. Confirmed vulnerabilities typically result from the identification of known security weaknesses in software, configurations, or systems. Specific details, such as vulnerability IDs, severity ratings, affected systems, and remediation recommendations, accompany them. Organizations prioritize addressing confirmed vulnerabilities to mitigate security risks and reduce the likelihood of exploitation by attackers.
What are Potential Vulnerabilities?
Potential vulnerabilities represent security findings that require further investigation or validation to confirm their existence or severity. These findings may indicate areas of concern that merit additional scrutiny or follow-up actions. Potential vulnerabilities may arise due to factors such as ambiguous scan results, incomplete information, or the presence of indicators that suggest a possible security issue but do not conclusively confirm its presence. It’s important for organizations to assess potential vulnerabilities carefully and determine whether they pose genuine security risks that warrant remediation efforts. Further analysis or testing may be needed to confirm the presence and severity of potential vulnerabilities.
What is Information Gathered?
Information gathered refers to data collected during the scanning process that may not necessarily indicate the presence of vulnerabilities but provides valuable insights into the target environment. This category may include details such as network topology, system configurations, installed software, service banners, and other information relevant to assessing the security posture of the target systems. While the information gathered may not directly represent security vulnerabilities, it can help security teams gain a better understanding of the target environment, identify potential attack vectors, and prioritize security measures accordingly.
Understanding Qualys Severity Levels
Qualys severity levels are a classification system used to prioritize and categorize vulnerabilities detected during security scans conducted by the Qualys vulnerability management platform. These severity levels help organizations identify and address security risks based on the potential impact and severity of the vulnerabilities. Qualys assigns severity levels to vulnerabilities based on various factors, including the type of vulnerability, its exploitability, and the potential impact on affected systems. The severity levels used by Qualys range from 1 to 5, with 5 being the most severe and 1 being the least severe.
Critical (Severity Level 5)
Critical vulnerabilities represent the most severe security risks and pose a significant threat to the confidentiality, integrity, and availability of affected systems or data. Critical vulnerabilities often include Remote root/administrator, privilege escalation flaws, and vulnerabilities that allow unauthorized access to sensitive data.
High (Severity Level 4)
High-severity vulnerabilities represent significant security risks that could lead to system compromise, data breaches, or service disruptions if exploited.
High-severity vulnerabilities may include issues such as Remote control over the system with user privileges and authentication bypass vulnerabilities.
Medium (Severity Level 3)
Medium-severity vulnerabilities represent potential security risks that could lead to information disclosure, unauthorized access, or system compromise. This may include issues such as Remote access to applications or services.
Low (Severity Level 2)
Low-severity vulnerabilities represent security issues that pose limited risk to affected systems or data and may require additional context or conditions to be exploited. This may include issues such as sensitive information disclosure and determining precise service/system versions. For example, outdated software versions.
Informational (Severity Level 1)
Informational findings represent basic information gathered during scans, such as Open ports, system configurations, and other easily gathered information. In the report, you will see the scan status, date, target IP/Asset group, the scanner that was used, the option profile, the severity, and so on. The severity level of this scan is severe, which is 5 color-coded red.
Here you see the result by Categories
Detailed Results: Here, you will find the severity levels and a list of color codes. Click the > icon next to each result to expand each section and view its vulnerability details. Click on the Associated CVEs to read more about the vulnerability and how to fix it.
About The Author
