LoonSecIO

Applications that tell you what Platform, Part 1

Kyle Pazandak • September 25, 2024

Applications that tell you what Platform Part 1


When a vendor releases a Vulnerability they may specify a platform that the vulnerability exists on. There are many reasons they might do this, perhaps the vulnerability only exists with this software and that platform. It could be inherited from the operating system or platform but the vendor wants to declare they have a fix, workaround, or have otherwise remediated it. This was common for applications reporting Log4J and other industry similar ones. Sometimes they are good natured and want to assist you in specifying the platform it runs on. Very common with iPhone and Android apps.


In this case we are going to look at CVE-2024-31489 to examine one of the ways that vulnerabilities can be declared. I often refer to this method as the Easy Application, Operating System Included. Yesterday’s blog on Wireshare was an example of an Easy Application and I will give a brief description but save the complicated part for another blog. But here is the Configuration object from the CVE.


{

  "vulnerable": true,

  "criteria": "cpe:2.3:a:fortinet:forticlient:*:*:*:*:*:macos:*:*",

  "versionStartIncluding": "7.2.0",

  "versionEndExcluding": "7.2.5",

  "matchCriteriaId": "2244A437-D579-4065-8FB0-37476ED7AC3C"

}
 
If you split the criteria string on the colon you end up with 13 objects. If the slots 6-10 are *’s I refer this as an easy application. You don’t need any logic further to help identify the application. If the 11th index is filed then this is almost exclusively a platform or operating system. Thus calling it the Operating System Included. You can also not that this includes the versionStart/End/Including/Excluding keys. You have at least one of these of which 90+ will be versionEndExcluding. Which helps declare the fixed version.
 
If you are looking at this from the lens of the operating system of “I am checking for this vulnerability on a specific platform” this is becomes really helpful. Because it is declarative and not ambiguous. Thus easier to detect and easier to resolve.
 
There are other methods that they may include either Operating System or Hardware designations in to the mix. IE only Intel MacBooks or Only the M2 Mac Pro, both examples given in later blog posts.
 
Thanks for reading


NVD Version Limits: Version End Including

By Kyle Pazandak October 6, 2024
This is a subtitle for your new post

NVD Version Limits: Version End Excluding

By Kyle Pazandak September 27, 2024
This is a subtitle for your new post

Applications that tell you what Platform, Part 2

By Kyle Pazandak September 26, 2024
This is a subtitle for your new post

100 Detections in 100 Days: Part 1 Wireshark

By Kyle Pazandak August 30, 2024
Quick walkthrough on why Wireshark is an amazing application to start learning about how to detect vulnerabilities.
Share by: