Vendor Provided Validation Details - Core IMPACT Professional v10.5

The following text was provided by the vendor during testing to describe how the product implements the specific capabilities.

 

Statement of SCAP Implementation:

Core IMPACT Pro has implemented the unauthenticated vulnerability scanning profile of SCAP by implementing the CVE, CVSS and CPE standards within the product and providing a machine readable XML export of vulnerability information with these three standard tags provided for each system and vulnerability found.

 

The XML format for the export is illustrated as follows:

<host ip="10.0.4.1">

<platform cpe="cpe:/o:linux:linux_kernel" />

<vulnerabilities>

<vulnerability name="Create Host Vulnerabilities">

<description>Buffer overflow in Microsoft PPTP Service on Windows XP and Windows 2000 allows remote attackers to cause a denial of service (hang) and possibly execute arbitrary code via a certain PPTP packet with malformed control data.

</description>

<cve id="CVE-2002-1214" />

<cvss>

<base_metrics score="7.5" vector_string="AV:N/AC:L/Au:N/C:P/I:P/A:P" />

</cvss>

</vulnerability>

#comment: host can have many vulns, next would be here.

</vulnerabilities>

</host>

#comment, next host from the export would follow here.

 

In an installation of IMPACT PRO v10.5, this CPE map file that helps generate this is located at:

%APPDATA%\IMPACT\components\modules\classic\site-packages\impact\cpe_map.py

 

SCAP is documented in both the user guide that ships with the product and the on-line help. The user guide can be found at: %APPDATA%\IMPACT\Help\ImpactUserGuide.pdf. The SCAP documentation refers the user to the SCAP export module, as well as information on how to retrieve the published and last updated dates for the exploits used within IMPACT Pro from the internal SQL database. Simply search ¡®SCAP¡¯ to find this.

 

Statement of CVE Implementation:

Core IMPACT Pro has made extensive use of CVE throughout the product and providing a machine readable XML export of vulnerability information including CVE for each system and vulnerability found.

 

The XML format for the export is illustrated as follows:

<host ip="10.0.4.1">

<platform cpe="cpe:/o:linux:linux_kernel" />

<vulnerabilities>

<vulnerability name="Create Host Vulnerabilities">

<description>Buffer overflow in Microsoft PPTP Service on Windows XP and Windows 2000 allows remote attackers to cause a denial of service (hang) and possibly execute arbitrary code via a certain PPTP packet with malformed control data.

</description>

<cve id="CVE-2002-1214" />

<cvss>

<base_metrics score="7.5" vector_string="AV:N/AC:L/Au:N/C:P/I:P/A:P" />

</cvss>

</vulnerability>

#comment: host can have many vulns, next would be here.

</vulnerabilities>

</host>

#comment, next host from the export would follow here.

 

In addition, CVE is used throughout the product appearing in several places:

Reports – where detailed vulnerability information is included, the CVE always appears. This includes the Host Report, Vulnerability Report, and PCI Vulnerability Report.

Quick Information Pane

When the user clicks on a host with vulnerabilities, the CVE information is shown for the vulnerabilities

When the user clicks on an exploitation module, the CVE is shown

 

CVE is documented in both the user guide that ships with the product and the on-line help. The user guide can be found at: %APPDATA%\IMPACT\Help\ImpactUserGuide.pdf. The CVE documentation refers the user to the various places where CVE is used in the product:

 

¡°Within IMPACT Pro, CVE names are used to uniquely identify the vulnerabilities exploited by each attack module. When the Quick Information Panel displays information about the currently selected attack, it includes the CVE name for the related vulnerability in the Exploits Vulnerability field. The CVE name is also a link which takes you to the CVE web site for industry-derived information on the vulnerability.

 

You can also search for attack modules by CVE name. To find all attacks related to a specific CVE name, select the CVE search criteria in the Search box in the Modules Panel and enter the desired name in the text box.

 

See the section called ¡°Searching for Modules¡± for more information on how to search for modules using the Search box on the Modules Panel.¡±

 

Statement of CVSS Implementation:

Core IMPACT Pro has implemented the CVSS standards within the product by providing a machine readable XML export of vulnerability information with this standard tag provided for each system and vulnerability found.

 

The XML format for the export is illustrated as follows:

<host ip="10.0.4.1">

<platform cpe="cpe:/o:linux:linux_kernel" />

<vulnerabilities>

<vulnerability name="Create Host Vulnerabilities">

<description>Buffer overflow in Microsoft PPTP Service on Windows XP and Windows 2000 allows remote attackers to cause a denial of service (hang) and possibly execute arbitrary code via a certain PPTP packet with malformed control data.

</description>

<cve id="CVE-2002-1214" />

<cvss>

<base_metrics score="7.5" vector_string="AV:N/AC:L/Au:N/C:P/I:P/A:P" />

</cvss>

</vulnerability>

#comment: host can have many vulns, next would be here.

</vulnerabilities>

</host>

#comment, next host from the export would follow here.

 

In addition, CVSS is used throughout the product appearing in several places:

Reports – CVSS is included with the Vulnerability Report.

Quick Information Pane – when  the user clicks on a host with vulnerabilities, the CVSS information is shown for the vulnerabilities

 

CVSS is documented in both the user guide that ships with the product and the on-line help. The user guide can be found at: %APPDATA%\IMPACT\Help\ImpactUserGuide.pdf. Simply search ¡®CVSS¡¯ to find this.

 

Statement of CPE Implementation:

Core IMPACT Pro has implemented the CPE standards within the product by providing a machine readable XML export of vulnerability information with this standard tags provided for each system and vulnerability found.

 

The XML format for the export is illustrated as follows:

<host ip="10.0.4.1">

<platform cpe="cpe:/o:linux:linux_kernel" />

<vulnerabilities>

<vulnerability name="Create Host Vulnerabilities">

<description>Buffer overflow in Microsoft PPTP Service on Windows XP and Windows 2000 allows remote attackers to cause a denial of service (hang) and possibly execute arbitrary code via a certain PPTP packet with malformed control data.

</description>

<cve id="CVE-2002-1214" />

<cvss>

<base_metrics score="7.5" vector_string="AV:N/AC:L/Au:N/C:P/I:P/A:P" />

</cvss>

</vulnerability>

#comment: host can have many vulns, next would be here.

</vulnerabilities>

</host>

#comment, next host from the export would follow here.

 

In an installation of IMPACT PRO v10.5, this CPE map file that helps generate this is located at:

%APPDATA%\IMPACT\components\modules\classic\site-packages\impact\cpe_map.py

 

The file has a comment header that mentions the CPE dictionary version from where the information was retrieved.

 

CPE documentation can be found through the SCAP documentation. SCAP is documented in both the user guide that ships with the product and the on-line help. The user guide can be found at: %APPDATA%\IMPACT\Help\ImpactUserGuide.pdf. The SCAP documentation refers the user to the SCAP export module, as well as information on how to retrieve the published and last updated dates for the exploits used within IMPACT Pro from the internal SQL database. Simply search ¡®SCAP¡¯ to find this. The quick info pane that is displayed when the use clicks on the ¡®Export results in SCAP xml format¡¯ module documents the fact that CPE is used by including the statement ¡°The CPE IDs are from the 'Official CPE dictionary v2.2'.¡± in the additional information field.