Vulnerability Management Explained | Scanning Vulnerabilities with OpenVas | TryHackMe

We covered vulnerability management, vulnerability scanning, vulnerability management frameworks and the lifecycle of a vulnerability management program starting with discover, prioritize, assess, report and ending with remediate. We used OpenVas as an open source vulnerability scanner to demonstrate an example of scanning assets for vulnerabilities and reporting the findings along with classifying the vulnerabilities according to severity and CVSS score.

What is Vulnerability Management

Vulnerability management is an ongoing, structured process within cybersecurity programs aimed at identifying, assessing, prioritizing, and remediating security vulnerabilities across digital assets. It integrates with risk management and includes more than just automated scanning, it’s a strategic approach involving multiple departments.

Distinction Between Vulnerability Scanning and Management

While vulnerability scanning uses tools to detect weaknesses, vulnerability management encompasses an end-to-end process. It includes asset inventory, choosing the appropriate tools (like OpenVAS or commercial options), deciding which threats to fix or accept, and ensuring long-term mitigation planning.

Tools for Vulnerability Scanning

Commercial: Nessus, Nexpose

Open-Source: OpenVAS, OWASP ZAP
Although tools like Nmap are also viable, the tutorial centers around OpenVAS. Demonstrations highlight how to add targets, initiate scans, and analyze outcomes in this software.

CVE-Based Classification

Vulnerabilities are standardized using CVE (Common Vulnerabilities and Exposures) IDs. Each ID includes the year and a sequence number. CVEDetails website can be used to examine specific CVEs and shows how to extract key attributes such as access complexity and affected software versions.

Understanding and Using CVSS Scores

CVSS scores, such as 4.6 (medium) or 2.1 (low), quantify the severity and exploitability of each vulnerability. These scores help determine which issues to tackle first. High-severity vulnerabilities are prioritized for immediate remediation, while low-risk ones may be accepted with monitoring.

Implementing the NIST Cybersecurity Framework (CSF)

The NIST CSF is presented as a foundational guide for organizing vulnerability management workflows. It covers steps like Identify, Protect, Detect, Respond, and Recover, and serves as the reference point for designing enterprise-grade security strategies.

Vulnerability Management Lifecycle in Detail

Discover: Identify all assets in the network, from servers to IoT devices. Scan these for known vulnerabilities.

Prioritize: Rank discovered vulnerabilities based on CVSS scores and asset criticality.

Assess: Evaluate business impact and decide on remediation urgency.

Report: Compile findings in structured formats like PDFs for audits or team coordination.

Remediate: Apply security patches, workarounds, or compensating controls. This might include OS upgrades or disabling vulnerable services.

Vulnerability Scanning with OpenVAS

The video tutorial at the end walks through setting up a new scan:

1. Define asset (host) and IP address
2. Add targets via manual entry or file upload
3. Configure scanning task and schedule
4. Launch scan and review results in the reports tab
5. Download report and interpret detailed breakdowns (e.g., severity, detection method, references)

In one scan example, OpenVAS found one high, one medium, and two low vulnerabilities on a host. Each vulnerability entry included:

• Description and CVE ID
• Severity score
• Potential impact
• Solution (patch, mitigation, workaround)
• Detection method and affected products

TryHackMe Vulnerability Management Room Answers

Video Walkthrough