Tech

Security: This is the acronym CVE






In reports on vulnerabilities in software or firmware, a CVE ID is often given for each individual vulnerability, such as CVE-2020-1020. What is it?

This specific vulnerability is, for example, a vulnerability in the type manager library atmfd.dll from Adobe, which is located on Windows computers. This loophole is already being exploited by criminals to attack Windows.

The abbreviation CVE stands for “Common Vulnerabilities and Exposures”, which can be translated as “Known security gaps and threats”. CVE is thus a standard that describes and catalogs IT gaps. Consecutive numbers clearly identify the various entries. The system is managed by the American non-profit organization Miter, which is supported by the American government. Furthermore, representatives of security organizations, academic institutions as well as security manufacturers and experts participate in the system.

Thanks to a clear naming, security researchers and software manufacturers around the world can exchange information about the respective vulnerability or the relevant security risk much more easily. This is also the main goal of the CVE standard. This is the syntax of CVE: CVE names are structured according to a defined syntax. Sometimes they are also called CVE IDs or just CVEs. Each CVE name contains the following information:

  1. CVE. What stands for Common Vulnerabilities and Exposures.

  2. Year in the format YYYY, i.e. currently 2020.

  3. A consecutive identification number with leading zeros, such as 0001, or as in our example above, “1020”. The ID numbers were initially four digits with leading zeros. The format now allows any number of digits (but at least four).

The example

CVE-2020-1020

denotes vulnerability 1020 in 2020. For each CVE ID there is a short description of the vulnerability and a reference, which is usually given as a link. There is also more information, such as the day on which the vulnerability was reported. In addition, each CVE is given a status that is either “Candidate” or “Entry”. For information on a known CVE name, go to https://cve.mitre.org/cve/search_cve_list.html and enter it there. You will receive a link to the entry as well as to other CVE names that relate to the name you are looking for in your description.

You can download the complete list of all CVE IDs since 1999 at https://cve.mitre.org/data/downloads/index.html. For example, select the CSV or TXT format and the packed version of the list so that the download works faster.

Attention:

Plug these security holes

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button