Vulnerability Management in VMDR Mobile
Click here to see this page in full context


Vulnerability Management

Qualys VM is a cloud-based service that gives you immediate, global visibility into where your IT systems might be vulnerable to the latest Internet threats and how to protect them. It helps you to continuously identify threats and monitor unexpected changes in your network before they turn into breaches.

Vulnerability Management in VMDR Mobile

Vulnerability Management in VMDR Mobile gives you visibility into mobile devices that are vulnerable to threats due to outdated OS.

For Android, if the device manufacturers like Samsung, Google, LG and Huawei has published the advisory of security updates for such devices, the QIDs are marked as Confirmed and for rest of the devices, the QIDs are marked as Potential.

Navigate to Vulnerabilities tab to see the list of vulnerability detections for the mobile devices.

Click a particular QID to view the vulnerability details.

Vulnerability details includes:

- Detection Summary: Displays vulnerability detected

- General Information: Displays vulnerability summary with possible threats and solution

- Exploitability: Lists known exploits for this vulnerability available from third-party vendors and/or publicly available sources

- Patches: Displays available patches for this vulnerability

- Malware: Displays any published malware, where you can assess its malware family and risk.

Tell me about Severity Levels

The severity level assigned to a vulnerability tells you the security risk associated with its exploitation.

Confirmed Vulnerabilities

Confirmed vulnerabilities (QIDs) are design flaws, programming errors, or mis-configurations that make your mobile device susceptible to malicious attacks. Depending on the level of the security risk, the successful exploitation of a confirmed vulnerability can vary from the disclosure of information to a complete compromise of the mobile device. Even if the device isn't fully compromised, an exploited confirmed vulnerability could still lead to mobile device being used to launch attacks against users of the mobile device.

See confirmed severity levelsSee confirmed severity levels

Severity

Level

Description

Confirmed Vulnerability with severity level 1.

Minimal

Basic information disclosure might enable intruders to discover other vulnerabilities, but lack of this information does not make the vulnerability harder to find.

Confirmed Vulnerability with severity level 2.

Medium

Intruders may be able to collect sensitive information about the mobile device, such as the precise version of software used. With this information, intruders can easily exploit known vulnerabilities specific to software versions. Other types of sensitive information might disclose a few lines of source code or hidden directories.

Confirmed Vulnerability with severity level 3.

Serious

Vulnerabilities at this level typically disclose security-related information that could result in misuse or an exploit. Examples include source code disclosure or transmitting authentication credentials over non-encrypted channels.

Confirmed Vulnerability with severity level 4.

Critical

Intruders can exploit the vulnerability to gain highly sensitive content or affect other users of the mobile device. Examples include certain types of cross-site scripting and SQL injection attacks.

Confirmed Vulnerability with severity level 5.

Urgent

Intruders can exploit the vulnerability to compromise the mobile device's data store, obtain information from other users' accounts, or obtain command execution on a host in the mobile device's architecture.

 

Potential Vulnerabilities

Potential Vulnerabilities indicate the observation of weakness or error that is commonly used to attack a mobile device, and unable to confirm if the weakness or error could be exploited. Where possible, the QID's description and results section include information and hints for following-up with manual analysis. For example, the exploitability of a QID may be influenced by characteristics that cannot be confirmed, such as the native Android vulnerabilities which might be present on the Android manufacturer's devices for which advisory is not published.

See potential severity levelsSee potential severity levels

Severity

Level

Description

Potential Vulnerability with severity level 1.

Minimal

Presence of this vulnerability is indicative of basic information disclosure and might enable intruders to discover other vulnerabilities. For example in this scenario, information such as web server type, programming language, passwords or file path references can be disclosed.

Potential Vulnerability with severity level 2.

Medium

Presence of this vulnerability is indicative of basic information disclosure and might enable intruders to discover other vulnerabilities. For example version of software or session data can be disclosed, which could be used to exploit.

Potential Vulnerability with severity level 3.

Serious

Presence of this vulnerability might give access to security-related information to intruders who are bound to misuse or exploit. Examples of what could happen if this vulnerability was exploited include bringing down the server or causing hindrance to the regular service.

Potential Vulnerability with severity level 4.

Critical

Presence of this vulnerability might give intruders the ability to gain highly sensitive content or affect other users of the mobile device.

Potential Vulnerability with severity level 5.

Urgent

Presence of this vulnerability might enable intruders to compromise the mobile device's data store, obtain information from other users' accounts, or obtain command execution on a host in the mobile device's architecture. For example in this scenario, the mobile device users can potentially be targeted if the device is exploited.

 

Information Gathered

Information Gathered issues (QIDs) include visible information about the mobile device's platform, OS version, model and installed security patch level.

See information gathered severity levelsSee information gathered severity levels

Severity

Level

Description

Information Gathered issues with severity level 1.

Minimal

Intruders may be able to retrieve sensitive information related to the mobile device.

Information Gathered issues with severity level 2.

Medium

Intruders may be able to retrieve sensitive information related to internal functionality or business logic of the mobile device.

Information Gathered issues with severity level 3.

Serious

Intruders may be able to detect highly sensitive data, such as personally identifiable information (PII) about other users of the mobile device.

 

Tell me about vulnerability status

You'll see the status of the detected vulnerabilities under the Inventory > Vulnerabilities tab. We continuously update the status of detected vulnerabilities based on the mobile asset data synced as per the asset sync interval.

Each vulnerability instance is assigned a status - New, Active, Fixed or  Reopened.

New - The first time a vulnerability is detected by a scan the status is set to New.

Active - A vulnerability detected by two or more scans is set to Active.

Fixed - A vulnerability was verified by the most recent scan as fixed, and this vulnerability was detected by the previous scan.

Reopened - A vulnerability was reopened by the most recent scan, and this vulnerability was verified as fixed by the previous scan. The next time the vulnerability is detected by a scan, the status is set to Active.