The Common Vulnerability Scoring System $($CVSS$)$ provides a framework that supports the classification and assessment of severity for specific vulnerabilities. A vulnerabilitys CVSS score is made up of a base score: how easily a vulnerability can be exploited and how much damage it can inflict, and in some cases, a temporal score: ranking how aware people are of the vulnerability, what remedial steps are being taken, and whether threat actors are actively targeting it$.$ In addition, a vulnerability may be given an environmental score: a more customized metric specific to an organization or work environment.For this assignment, you will choose one of the security vulnerabilities below. Then, using the CVSS v$3\mathrm{.}1$ calculator Links to an external site., assign values that describe the specific vulnerability, such as exploitability metrics and impact metrics. Assume your organization has a significant deployment of the impacted software. Based on the resulting CVSS $3\mathrm{.}1$ score and the potential impact on your organization, construct a course of action to be presented to your change advisory board that includes the following:$>$CVSS v$3\mathrm{.}1$ calculationsVulnerabilitys criticality in the context of your organizationA recommended course of action to include possible mitigations and follow$-$on remediation and patchingAdditional ResourcesCVSS v$3\mathrm{.}1$ User Guide Links to an external site.Mastering CVSS v$3\mathrm{.}1$ Elearning Transcript Links to an external site.Recorded Future CVSS Scores: A Useful Guide Links to an external site. Vulnerability #$1$: Microsoft Exchange Server Pre$-$Authentication Remote Code Execution CVE$-2021-26855$VulnerabilityA server$-$side request forgery $($SSRF$)$ vulnerability exists on specific versions of on$-$prem Exchange servers that provide an unauthenticated, remote actor sending crafted HTTP requesting admin access to the system.AttackThis vulnerability, part of an exploit chain, can be exploited only when the following conditions are present:The Exchange on$-$prem server must accept untrusted connections over port $443$ for the vulnerability to be exploited.The HTTP request contains an XML SOAP payload directed at the Exchange Web Services $($EWS$)$ Application Programming Interface $($API$)$ endpoint to exploit this vulnerability. The SOAP request bypasses authentication using specially crafted cookies. It allows an unauthenticated, remote actor to execute EWS requests encoded in the XML payload and ultimately perform operations on users' mailboxes. This vulnerability, combined with the knowledge of a victim's email address, means the remote actor can exfiltrate all emails from the victim's Exchange mailbox.An attacker can bypass authentication and impersonate the admin by chaining this bug with another post$-$auth arbitrary file$-$write vulnerability $($CVE$-2021-27065)$ to get code execution. As a result, an unauthenticated attacker can execute arbitrary commands on the Exchange server.The vulnerability affects Windows $2013$ versions below $15\mathrm{.}00\mathrm{.}1497\mathrm{.}012,$ Exchange $2016$ CU$18$ below $15\mathrm{.}01\mathrm{.}2106\mathrm{.}013,$ Exchange $2016$ CU$19$ below $15\mathrm{.}01\mathrm{.}2176\mathrm{.}009,$ Exchange $2019$ CU$7$ below $15\mathrm{.}020721\mathrm{.}013,$ and Exchange $2019$ CU$8$ below $15\mathrm{.}02\mathrm{.}0792\mathrm{.}010.$Proof$-$of$-$concept $($POC$)$ code to exploit this vulnerability was released on March $10,2021,$ on GitHub, followed by another POC released on March $14,2021.$Vulnerability #$2$: Android Privilege Escalation CVE$-2020-0069$VulnerabilityA vulnerability in the ioctl handlers of the Mediatek command queue driver creates a possible out$-$of$-$bounds write due to insufficient input sanitization and missing SELinux restrictions. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.AttackThis vulnerability can be exploited only when the following conditions are present:Attackers can gain access to the affected device.An exploit script allows an attacker with device access to read and write to the system memory, thereby gaining root access on a vulnerable device. Impacted devices include Android $7,8,$ and $9.$ Android $10.$ Later devices are not vulnerable to this exploit.Vulnerability #$3$: macOS Big Sur TCC Security Bypass CVE$-2021-30713$VulnerabilityA security bypass issue with Apple's Transparency Consent and Control $($TCC$)$ mechanism is being exploited in the wild. CVE$-2021-30713,$ spotted by Apple specialists Jamf, can be abused by a malicious application surreptitiously taking screenshots of Macs. The TCC is the system that controls what resources an application can access, such as its camera and microphone.AttackAn attacker can gain Full Disk Access, Screen Recording, or other permissions without requiring the users explicit consent by exploiting this bug. Additionally, the bug can be potentially exploited to access files on the machine and record from the camera and microphone.This vulnerability impacts macOS Big Sur $11\mathrm{.}14.$ Apple is aware of a report that this issue may have been actively exploited. XCSSET Links to an external site. malware was observed using this bypass to take screenshots of the victims desktop without requiring additional permissions. By utilizing an AppleScript module to identify an application with permissions to capture a screenshot, the XCSSET malware compiles it into a custom AppleScript application injected into that donor application.Vulnerability #$4$: F$5$ BIG$-$IP Unauthenticated Remote Command Execution CVE$-2021-22986$VulnerabilityAn unauthenticated, remote command execution flaw $($CVE$-2021-22986)$ exists in the iControl REST interface in F$5$ BIG$-$IP and BIG$-$IQ enterprise networking infrastructure. It could allow attackers to take complete control of a vulnerable system.AttackAn unauthenticated attacker with network access to the iControl REST interface can exploit this vulnerability to execute arbitrary system commands, create or delete files and disable services. Once an attacker has complete control over a load$-$balancing appliance, they can also control the web applications served through it$.$This vulnerability can only be exploited through the control plane and cannot be exploited through the data plane. Additionally, the BIG$-$IP system in Appliance mode is also vulnerable.