Fermilab Computing Sector

Critical Vulnerabilities

sidemenu
Policy Guidelines

Restricted Access

What is Critical Vulnerability

A Critical Vulnerability is a Computer Security declared alert regarding a vulnerability in an application, operating system or configuration that, because of an increased risk or active exploit, must be patched outside of normal patching cycles. Critical Vulnerabilities often have a very short patching window, from hours to days, and that patching window may be reduced as the risk or threats increase. In most cases, Critical Vulnerabilities are declared for remotely accessible vulnerabilities that require no user interaction. Critical Vulnerabilities are continuously scanned for by CST, and network access is denied for systems not in compliance due to the increased risk of its presence on the FNAL network.

What to do about a Critical Vulnerability

The following vulnerabilities have been declared to be so severe that mitigation measures are MANDATORY for network connection at Fermilab. Mitigations are in order of preference:

  1. Remove, reconfigure, or disable the affected software
  2. Patch the affected software to a current enough level to fix the vulnerability.
  3. Remove the machine from the Fermilab network
  4. After you fix your vulnerabilities, remember to update the remediation actions taken in TIssue to lift the network block

In exceptional circumstances, one can request permission to restrict access to the host machine to a tightly controlled list of inbound connections.

You can also scan yourself using the site Nessus scanner.

List of Critical Vulnerabilities

 

 

For assistance contact helpdesk@fnal.gov.
Information compiled and maintained by Computer Security Team ; last modified by JK on Nov 11, 2011.
(Address comments about page to the Computer Security Team.)