Vulnerability Details Page

The CVE ID links to a page about the vulnerability in the National Institute of Standards and Technology (NIST) database. For example, clicking CVE-2022-4436 opens https://nvd.nist.gov/vuln/detail/CVE-2022-4436.



The CVSS (Common Vulnerability Scoring System) score ranks the vulnerability on a scale of 0-10, where 0 is the least severe and 10 is the most.

The

IoT Security

rating system, which is based on the CVSS, categorizes a vulnerability score into one of several severity levels. There are two CVSS versions and both are presented:

The
Description
summarizes the vulnerability.
The
Impact
section explains how attackers can exploit the vulnerability and the threat it poses.
Detection Reasons
explain how confirmed vulnerability instances were detected. When you click
View Details
, a panel appears over the right side of the page showing each detection reason, the device profiles it applies to, and the number of vulnerability instances that were detected for different profiles. (Reasons for the detection of potential vulnerabilities are not shown.)
The
Vulnerability Type
identifies the category of the vulnerability, such as code execution, info leak, overflow, and denial of service.
The
Vulnerability Source
identifies where the vulnerability was detected. One source of detection is
IoT Security
when it's based on device attributes such as firmware, model, and OS. Another source is
IoT Security
Device Software Library when the detection is based on the software and applications running on a device. Yet another source is one of the third-party vulnerability scanners with which
IoT Security
integrates: Qualys, Rapid7, or Tenable.
IoT Security
lists any identified software patches that can remediate the vulnerability.
We recommend that you don't apply patch updates identified by
IoT Security
to your devices until your security or vulnerability management team or the product vendor has qualified them to ensure there are not any unexpected results or side effects.
On the right side of the Summary section is a list of recommendations. It typically includes various options you can take to reduce the risk that the vulnerability poses or even remediate the issue.

The exploitability metrics include the attack vector (Network, Adjacent, Local, or Physical), attack complexity (High or Low), what privileges are required to launch an attack, and whether human action—other than that of the attacker—is required during the exploit.
The impact metrics indicate what areas an exploit might affect—confidentiality, integrity, and availability—and what the impact is in these areas—none, low, or high.
The scope metric indicates if the effects of an exploited vulnerability are limited to the impacted component (Unchanged) or they can extend to other components as well (Changed).

The Exploit Prediction Scoring System (EPSS) percentile is a daily estimate of the probability that the vulnerability will be exploited within the next 30 days. To learn more about EPSS, see the EPSS Model.
The exploit status can be one of the following:
Unknown
– There is no known or weaponized malware exploiting this vulnerability.
POC
– There's known code to exploit the vulnerability to demonstrate a security weakness.
Weaponized
– There's a known exploit that is malicious or works consistently against targets.
Exploited in the Wild
– An exploit of the vulnerability has been publicly reported in the wild, either by threat actors or in the Known Exploited Vulnerability (KEV) catalog.
By clicking
View Details
for Exploits Identified, you can see a list of known POC and Weaponized exploits (but not any whose status is Unknown or Exploited in the Wild). For each one, there is a URL (source) where you can learn more, the exploit status, and the date that the exploit was published.
Advanced Persistent Threat (APT) indicates if any exploits are known to have been used by an APT. By clicking
View Details
, you can see a list of APTs. For each one, there's the name of the APT, a description about it, the countries they've targeted, the known CVEs they've exploited, and the tactics and techniques they've employed.
Threat prevention coverage indicates if a vulnerability is covered by the Palo Alto Networks Threat Prevention application or not. By clicking
View Details
, you can see the name of the vulnerability, its unique threat ID number, the minimum PAN-OS version that supports it, the dates of its first release and latest update, and a URL (reference) where you can learn more.

Asset Criticality
– In the Asset Criticality tab, a chart and accompanying table show the total number of assets (instances) affected by the vulnerability and the number and percent of affected assets at each level of criticality. The chart provides a visual representation of the data contained numerically in the table. By selecting and clearing the Critical, High, Medium, and Low check boxes in the table, you can show and hide the corresponding segments in the chart.
Confirmed
– In the Confirmed tab, a chart and table show the total number of assets that are confirmed to be vulnerable and those that are potentially vulnerable but not yet confirmed. In addition to the total, they also show the percent of assets that are confirmed and unconfirmed to be vulnerable. You can select and clear the check box for each row to show or hide the corresponding segment in the chart.
Profiles
– In the Profiles tab, a chart shows the total number of affected devices grouped by profile and the relative sizes of each group. When you hover your cursor over a section in the chart, a pop-up appears identifying that profile and the number of devices in it. This is particularly helpful when a vulnerability affects numerous device profiles.

Detected
: This is the state of a newly detected vulnerability instance. It makes sense to keep it in this state if no action has been taken to investigate, remediate, or resolve it.
Investigating
: Consider setting a vulnerability instance in this state after preliminary work on it has started and it’s being verified, researched, and its impact analyzed.
Remediating
: Consider setting an instance in this state while action is being taken to remediate it but has not yet completed.
Resolved
: An instance becomes resolved either by mitigating the issue or by ignoring and accepting it.