Understanding Vulnerabilities
NetVigil identifies vulnerabilities by combining the results of web fingerprinting and service detection with the National Vulnerability Database (NVD). This page explains how findings are surfaced and what they mean.
How Vulnerabilities Are Discovered
When a scan identifies software running on your infrastructure (e.g., nginx 1.18.0, WordPress 6.4.2, OpenSSH 8.9), NetVigil queries the NVD for known CVEs affecting those specific versions. This includes:
- Web server and framework vulnerabilities
- CMS plugin and theme vulnerabilities (WordPress)
- Operating system service vulnerabilities
- TLS/SSL configuration weaknesses
Severity Levels
Each vulnerability is assigned a severity based on its CVSS v3.x score from the NVD:
| Severity | CVSS Score | Example |
|---|---|---|
| Critical | 9.0 – 10.0 | Remote code execution |
| High | 7.0 – 8.9 | SQL injection, auth bypass |
| Medium | 4.0 – 6.9 | Cross-site scripting (XSS) |
| Low | 0.1 – 3.9 | Information disclosure |
Vulnerability Lifecycle
- Discovered — A scan finds matching CVEs for your detected software
- Tracked — The finding is recorded with the affected asset and severity
- Alerted — If alert rules are configured, notifications are sent
- Updated — Rescans may discover new CVEs or confirm that patched versions resolve existing ones
Limitations
NetVigil's vulnerability detection is based on version matching against the NVD. It does not perform active exploitation or authenticated scanning. This means:
- Findings indicate potential exposure — confirm with your own penetration testing
- Backported security patches (common in Debian/RHEL) may result in false positives
- Vulnerabilities requiring authentication or specific configurations may not apply to your setup