Qualys VM is a cloud-based service that gives you immediate, global visibility into where your IT systems might be vulnerable to the latest Internet threats and how to protect them. It helps you to continuously identify threats and monitor unexpected changes in your network before they turn into breaches.
Vulnerability Management in VMDR Mobile gives you visibility into mobile devices that are vulnerable to threats due to outdated OS. Vulnerabilities are detected for both Android and iOS devices enrolled in Qualys.
For Android, QIDs are marked as "Confirmed" if the device manufacturers such as Samsung, Google, LG and Huawei has published the advisory of security updates. For the rest of the devices, the QIDs are marked as "Potential".
Navigate to Vulnerabilities tab to see the list of vulnerability detections for the mobile devices.
Click a particular QID to view the vulnerability details.
Vulnerability details includes:
- Detection Summary: Displays vulnerability detected
- General Information: Displays vulnerability summary with possible threats and solution
- Exploitability: Lists known exploits for this vulnerability available from third-party vendors and/or publicly available sources
- Patches: Displays available patches for this vulnerability
- Malware: Displays any published malware, where you can assess its malware family and risk.
The severity level assigned to a vulnerability tells you the security risk associated with its exploitation.
Confirmed vulnerabilities (QIDs) are design flaws, programming errors, or mis-configurations that make your mobile device susceptible to malicious attacks. Depending on the level of the security risk, the successful exploitation of a confirmed vulnerability can vary from the disclosure of information to a complete compromise of the mobile device. Even if the device isn't fully compromised, an exploited confirmed vulnerability could still lead to mobile device being used to launch attacks against users of the mobile device.
See confirmed severity levelsSee confirmed severity levels
Severity |
Level |
Description |
Minimal |
Basic information disclosure might enable intruders to discover other vulnerabilities, but lack of this information does not make the vulnerability harder to find. |
|
Medium |
Intruders may be able to collect sensitive information about the mobile device, such as the precise version of software used. With this information, intruders can easily exploit known vulnerabilities specific to software versions. Other types of sensitive information might disclose a few lines of source code or hidden directories. |
|
Serious |
Vulnerabilities at this level typically disclose security-related information that could result in misuse or an exploit. Examples include source code disclosure or transmitting authentication credentials over non-encrypted channels. |
|
Critical |
Intruders can exploit the vulnerability to gain highly sensitive content or affect other users of the mobile device. Examples include certain types of cross-site scripting and SQL injection attacks. |
|
Urgent |
Intruders can exploit the vulnerability to compromise the mobile device's data store, obtain information from other users' accounts, or obtain command execution on a host in the mobile device's architecture. |
Potential Vulnerabilities indicate the observation of weakness or error that is commonly used to attack a mobile device, and unable to confirm if the weakness or error could be exploited. Where possible, the QID's description and results section include information and hints for following-up with manual analysis. For example, the exploitability of a QID may be influenced by characteristics that cannot be confirmed, such as the native Android vulnerabilities which might be present on the Android manufacturer's devices for which advisory is not published.
See potential severity levelsSee potential severity levels
Severity |
Level |
Description |
Minimal |
Presence of this vulnerability is indicative of basic information disclosure and might enable intruders to discover other vulnerabilities. For example in this scenario, information such as web server type, programming language, passwords or file path references can be disclosed. |
|
Medium |
Presence of this vulnerability is indicative of basic information disclosure and might enable intruders to discover other vulnerabilities. For example version of software or session data can be disclosed, which could be used to exploit. |
|
Serious |
Presence of this vulnerability might give access to security-related information to intruders who are bound to misuse or exploit. Examples of what could happen if this vulnerability was exploited include bringing down the server or causing hindrance to the regular service. |
|
Critical |
Presence of this vulnerability might give intruders the ability to gain highly sensitive content or affect other users of the mobile device. |
|
Urgent |
Presence of this vulnerability might enable intruders to compromise the mobile device's data store, obtain information from other users' accounts, or obtain command execution on a host in the mobile device's architecture. For example in this scenario, the mobile device users can potentially be targeted if the device is exploited. |
Information Gathered issues (QIDs) include visible information about the mobile device's platform, OS version, model and installed security patch level.
See information gathered severity levelsSee information gathered severity levels
Severity |
Level |
Description |
Minimal |
Intruders may be able to retrieve sensitive information related to the mobile device. |
|
Medium |
Intruders may be able to retrieve sensitive information related to internal functionality or business logic of the mobile device. |
|
Serious |
Intruders may be able to detect highly sensitive data, such as personally identifiable information (PII) about other users of the mobile device. |
You'll see the status of the detected vulnerabilities under the Inventory > Vulnerabilities tab. We continuously update the status of detected vulnerabilities based on the mobile asset data synced as per the asset sync interval.
Each vulnerability instance is assigned a status - New, Active, Fixed or Reopened.
New - The first time a vulnerability is detected by a scan the status is set to New.
Active - A vulnerability detected by two or more scans is set to Active.
Fixed - A vulnerability was verified by the most recent scan as fixed, and this vulnerability was detected by the previous scan.
Reopened - A vulnerability was reopened by the most recent scan, and this vulnerability was verified as fixed by the previous scan. The next time the vulnerability is detected by a scan, the status is set to Active.