Vulnerability

Definition

A Vulnerability is a weakness that could allow an attacker to:

• Gain unauthorized access
• Escalate privileges
• Steal data
• Disrupt services
• Execute arbitrary code

Vulnerabilities exist in:

• Software – Bugs in applications or operating systems
• Hardware – Flaws in chips or firmware
• Configuration – Insecure settings (default passwords, open ports)
• Processes – Security gaps in how systems are managed

Vulnerability vs. Exploit

• Vulnerability – The flaw itself (unpatched XSS vulnerability in web app)
• Exploit – The tool or technique used to exploit it (XSS payload that steals cookies)

A vulnerability is worthless to an attacker without an exploit. Conversely, an exploit requires a corresponding vulnerability.

Vulnerability Lifecycle

1. Discovery – Researcher or hacker finds a flaw
2. Disclosure – Researcher reports to vendor (or publicly)
3. Patch Development – Vendor fixes the flaw
4. Patch Release – Fix becomes available
5. Exploitation – Attackers create tools and begin exploiting
6. Patching – Organizations deploy patches
7. Remediation – Vulnerability no longer exploitable

The time between disclosure and exploitation is critical. Organizations must patch during this window.

Vulnerability Severity

Severity depends on:

• Exploitability – How easy is it to exploit?
• Impact – What damage would compromise cause?
• Affected Systems – How many systems are vulnerable?
• Threat Context – Are attackers actively exploiting it?

Vulnerability Management

Organizations manage vulnerabilities through:

1. Discovery – Scan systems for known vulnerabilities
2. Prioritization – Rank by severity and impact
3. Remediation – Patch or mitigate
4. Verification – Confirm patch effectiveness
5. Reporting – Track metrics and progress

See Also

• CVE
• CVSS