gestiónvulnerabilidades-activos ti - bpp actividad 14

Upload: andres-miranda

Post on 05-Apr-2018

218 views

Category:

Documents


0 download

TRANSCRIPT

  • 7/31/2019 GestinVulnerabilidades-Activos TI - BPP actividad 14

    1/65

    ID Activo Clase de Activo Direccin IP Nombre Activo

    SO001 Sistema Operativo Windows Server 2003

    SO002 Sistema Operativo Windows 7

    SO003 Sistema Operativo Windows Server 2008

    FW001 Firewall Cisco ASA 5500

    AP001 Access Point AP Cisco Aironet

    SW001 Switch Cisco Catalyst 3560

    SOF001 Software Asterisk

    TVOP001 Telefono Telefono VOIP

    SOF002 Navegador Internet Explorer

    SOF003 Office Microsoft Office

  • 7/31/2019 GestinVulnerabilidades-Activos TI - BPP actividad 14

    2/65

    Descripcin del Activo de TI Fabricante URL Fabricante

    Soporta aplicaciones o servicios corporativos Microsoft

    Sistema operativo de usuario final Microsoft

    Terminal Server Microsoft

    Firewall de la red corporativa Cisco

    Punto de Acceso inalambrico Cisco

    Switch de Core Cisco

    Asterisk es un programa de software libre (bajo licencia

    GPL) que proporciona funcionalidades

    de una central telefnica (PBX) para telefonia

    VOIP. Asterisk

    Telefono Grandstream que permite la

    comunicacin por Voz sobre IP Grandstream

    Navegador Web Internet Explorer Microsoft

    Herramienta de Ofimtica Microsoft

  • 7/31/2019 GestinVulnerabilidades-Activos TI - BPP actividad 14

    3/65

    Ubicacin Propietario Cantidad

    Piso 1 Cordinador de Sistemas 2

    Sala de Internet Cordinador de Sistemas 30

    Piso 1 Cordinador de Sistemas 5

    Piso 1 Cordinador de Sistemas 4

    Piso 1 Cordinador de Sistemas 10

    Piso 1 Cordinador de Sistemas 2

    Piso 1 Cordinador de Sistemas 1

    oficinas administrativas Cordinador de Sistemas 40

    Sala de Internet Cordinador de Sistemas 30

    Sala de Internet Cordinador de Sistemas 30

  • 7/31/2019 GestinVulnerabilidades-Activos TI - BPP actividad 14

    4/65

    Servicio o Procesos del negocio Valor (Segn el Riesgo)

    Gestin de Prstamos

    Gestin de Prstamos

    Internet y Wifi

    Internet y Wifi

    Internet y Wifi

    Internet y Wifi

    Gestin de Prstamos

    Gestin de Prstamos

    Gestin de Prstamos

    Internet y Wifi

  • 7/31/2019 GestinVulnerabilidades-Activos TI - BPP actividad 14

    5/65

    Nombre Activo de TI Fuente (URL) Aviso Fecha Aparicin Internet

    Windows Server 2008http://www.cvedetails.com/cve/CVE-2012-

    0157/3/13/2012

    Windows Server 2008http://www.cvedetails.com/cve/CVE-2012-

    0154/2/14/2012

    Windows Server 2008http://www.cvedetails.com/cve/CVE-2012-

    0148/2/14/2012

    Windows Server 2008http://www.cvedetails.com/cve/CVE-2012-

    0005/1/10/2012

    Windows Server 2008http://www.cvedetails.com/cve/CVE-2010-

    5082/1/17/2012

  • 7/31/2019 GestinVulnerabilidades-Activos TI - BPP actividad 14

    6/65

    Cisco ASA 5500http://www.cvedetails.com/cve/CVE-2012-

    0358/3/12/2012

    Cisco ASA 5500

    http://www.cvedetails.com/cve/CVE-2012-

    0356/ 3/14/2012

    Cisco ASA 5500http://www.cvedetails.com/cve/CVE-2012-

    0355/3/14/2012

  • 7/31/2019 GestinVulnerabilidades-Activos TI - BPP actividad 14

    7/65

    Cisco ASA 5500http://www.cvedetails.com/cve/CVE-2012-

    0354/3/14/2012

    Cisco ASA 5500http://www.cvedetails.com/cve/CVE-2012-

    0354/3/14/2012

    AP Cisco Aironet

    http://cert.inteco.es/vulnDetail/Actualidad

    /Actualidad_Vulnerabilidades/detalle_vuln

    erabilidad/CVE-2009-2861

    8/28/2009

    AP Cisco Aironet

    http://cert.inteco.es/vulnDetail/Actualidad

    /Actualidad_Vulnerabilidades/detalle_vuln

    erabilidad/CVE-2009-2976

    8/27/2009

  • 7/31/2019 GestinVulnerabilidades-Activos TI - BPP actividad 14

    8/65

    AP Cisco Aironet

    http://cert.inteco.es/vulnDetail/Actualidad

    /Actualidad_Vulnerabilidades/detalle_vuln

    erabilidad/CVE-2006-0354

    1/22/2006

    AP Cisco Aironet

    http://cert.inteco.es/vulnDetail/Actualidad

    /Actualidad_Vulnerabilidades/detalle_vuln

    erabilidad/CVE-2005-3482

    11/12/2005

    AP Cisco Aironet http://tools.cisco.com/security/center/cont 4/9/2002

    Cisco Catalyst 3560

    http://www.cvedetails.com/cve/CVE-2005-

    4258/ 12/15/2005

    Cisco Catalyst 3560https://supportforums.cisco.com/thread/210

    72489/28/2011

  • 7/31/2019 GestinVulnerabilidades-Activos TI - BPP actividad 14

    9/65

    Cisco Catalyst 2960https://supportforums.cisco.com/thread/2

    1072489/28/2011

    Cisco Router 2921http://www.securityfocus.com/archive/1/5

    178635/4/2011

    Cisco Router 2921http://www.securityfocus.com/archive/1/5

    17865/30/0/threaded5/4/2011

    Asterisk http://osvdb.org/show/osvdb/80125 3/15/2012

    Asterisk http://osvdb.org/show/osvdb/80126 3/15/2012

    Asterisk http://osvdb.org/show/osvdb/78482 1/15/2012

    Asterisk http://osvdb.org/show/osvdb/77597 7/18/2011

  • 7/31/2019 GestinVulnerabilidades-Activos TI - BPP actividad 14

    10/65

    Asterisk http://osvdb.org/show/osvdb/77598 8/12/2011

    Telefono VOIP http://osvdb.org/show/osvdb/40185 8/22/2007

    Internet Explorer http://www.securityfocus.com/bid/45246 12/22/2010

    Internet Explorer http://www.securityfocus.com/bid/40487 6/1/2010

    Internet Explorer http://web.nvd.nist.gov/view/vuln/detail?v 3/9/2010

    Internet Explorer http://web.nvd.nist.gov/view/vuln/detail?vulnI 4/13/2010

    Internet Explorerhttp://www.cvedetails.com/cve/CVE-2010-

    1118/3/25/2012

    Microsoft Office

    http://www.cvedetails.com/cve/CVE-2011-

    3413/ 12/13/2011

  • 7/31/2019 GestinVulnerabilidades-Activos TI - BPP actividad 14

    11/65

    Microsoft Officehttp://www.cvedetails.com/cve/CVE-2011-

    3403/12/13/2011

    Microsoft Officehttp://www.cvedetails.com/cve/CVE-2011-

    1990/9/15/2011

    Microsoft Officehttp://www.cvedetails.com/cve/CVE-2011-

    1989/9/15/2011

    Microsoft Officehttp://www.cvedetails.com/cve/CVE-2011-

    1988/

    9/15/2011

  • 7/31/2019 GestinVulnerabilidades-Activos TI - BPP actividad 14

    12/65

    http://osvdb.org/show/osvdb/80125 Fecha Publicacin por el Fabricante

    http://technet.microsoft.com/en-

    us/security/bulletin/ms12-0183/13/2012

    http://technet.microsoft.com/security/bulletin/MS12-

    0082/14/2012

    http://technet.microsoft.com/security/bulletin/MS12-

    0092/14/2012

    http://technet.microsoft.com/security/bulletin/MS12-

    0031/10/2012

    http://technet.microsoft.com/security/bulletin/MS12-

    0121/17/2012

  • 7/31/2019 GestinVulnerabilidades-Activos TI - BPP actividad 14

    13/65

    http://tools.cisco.com/security/center/content/CiscoSe

    curityAdvisory/cisco-sa-20120314-asaclient3/12/2012

    http://tools.cisco.com/security/center/content/CiscoSe

    curityAdvisory/cisco-sa-20120314-asa 3/14/2012

    http://tools.cisco.com/security/center/content/CiscoSe

    curityAdvisory/cisco-sa-20120314-asa3/14/2012

  • 7/31/2019 GestinVulnerabilidades-Activos TI - BPP actividad 14

    14/65

    http://tools.cisco.com/security/center/content/CiscoSe

    curityAdvisory/cisco-sa-20120314-asa3/14/2012

    http://tools.cisco.com/security/center/content/CiscoSe

    curityAdvisory/cisco-sa-20120314-asa3/14/2012

    http://tools.cisco.com/security/center/viewAlert.x?alertId=18919

    2/27/2009

    http://www.airmagnet.com/assets/AM_Technote_SkyJa

    ck_082509.pdf2/27/2009

  • 7/31/2019 GestinVulnerabilidades-Activos TI - BPP actividad 14

    15/65

    http://tools.cisco.com/security/center/content/CiscoSe

    curityAdvisory/cisco-sa-20060112-wireless1/22/2006

    http://tools.cisco.com/security/center/content/CiscoSe

    curityAdvisory/cisco-sa-20051102-lwapp11/12/2005

    http://tools.cisco.com/security/center/content/CiscoSec 4/9/2002

    http://www.cisco.com/warp/public/cc/pd/si/casi/ca350

    0xl/index.shtml 12/15/2005

    https://supportforums.cisco.com/thread/2107248 9/28/2011

  • 7/31/2019 GestinVulnerabilidades-Activos TI - BPP actividad 14

    16/65

    https://supportforums.cisco.com/thread/2107248 9/28/2011

    http://tools.cisco.com/security/center/content/CiscoSe

    curityResponse/cisco-sr-20110505-ios5/4/2011

    http://www.securityfocus.com/archive/1/517865/30/0/

    threaded5/4/2011

    http://downloads.asterisk.org/pub/security/AST-2012-

    002.html3/14/2012

    http://downloads.asterisk.org/pub/security/AST-2012-

    003.html3/14/2012

    http://downloads.asterisk.org/pub/security/AST-2012-

    001.html1/15/2012

    http://downloads.asterisk.org/pub/security/AST-2011-

    013.html 7/18/2011

  • 7/31/2019 GestinVulnerabilidades-Activos TI - BPP actividad 14

    17/65

    http://downloads.asterisk.org/pub/security/AST-2011-

    014.html8/12/2011

    http://archives.neohapsis.com/archives/fulldisclosure/2

    007-08/0401.html8/22/2007

    http://www.microsoft.com/technet/security/Bulletin/M

    12/22/2010

    http://www.securityfocus.com/bid/40487 6/12/2010

    http://www.microsoft.com/technet/security/Bulletin/M 3/16/2010

    http://www.microsoft.com/technet/security/Bulletin/M

    S10-022.mspx4/13/2010

    http://vreugdenhilresearch.nl/Pwn2Own-2010-

    Windows7-InternetExplorer8.pdf03/25/2010

    http://technet.microsoft.com/security/bulletin/MS11-

    094 12/13/2011

  • 7/31/2019 GestinVulnerabilidades-Activos TI - BPP actividad 14

    18/65

    http://technet.microsoft.com/security/bulletin/MS11-

    09612/13/2011

    http://technet.microsoft.com/en-

    us/security/bulletin/MS11-0729/15/2011

    http://technet.microsoft.com/en-

    us/security/bulletin/MS11-0729/15/2011

    http://technet.microsoft.com/en-

    us/security/bulletin/MS11-072

    9/15/2011

  • 7/31/2019 GestinVulnerabilidades-Activos TI - BPP actividad 14

    19/65

    Categora Identificador (CVE) de la Vulnerabilidad Nombre Vulnerabilidad

    Importante CVE-2012-0157

    Vulnerability in Windows

    Kernel-Mode Drivers Could

    Allow Elevation of Privilege

    Importante CVE-2012-0154Keyboard Layout Use After

    Free Vulnerability

    Importante CVE-2012-0148AfdPoll Elevation of

    Privilege Vulnerability

    Importante CVE-2012-0005CSRSS Elevation of

    Privilege Vulnerability

    Importante CVE-2010-5082

    Color Control Panel

    Insecure Library Loading

    Vulnerability

  • 7/31/2019 GestinVulnerabilidades-Activos TI - BPP actividad 14

    20/65

    CriticoCVE-2012-0358

    CSCtr00165

    CISCO 20120314 Cisco

    ASA 5500 Series Adaptive

    Security Appliance

    Clientless VPN ActiveX

    Control Remote CodeExecution Vulnerability

    Importante CVE-2012-0356

    CISCO 20120314 Multiple

    Vulnerabilities in Cisco ASA

    5500 Series Adaptive

    Security Appliances and

    Cisco Catalyst 6500 Series

    ASA Services Module

    Importante CVE-2012-0355

    CISCO 20120314 Multiple

    Vulnerabilities in Cisco ASA

    5500 Series Adaptive

    Security Appliances and

    Cisco Catalyst 6500 Series

    ASA Services Module

  • 7/31/2019 GestinVulnerabilidades-Activos TI - BPP actividad 14

    21/65

    Importante CVE-2012-0354

    CISCO 20120314 MultipleVulnerabilities in Cisco ASA

    5500 Series Adaptive

    Security Appliances and

    Cisco Catalyst 6500 Series

    ASA Services Module

    Importante CVE-2012-0353

    CISCO 20120314 Multiple

    Vulnerabilities in Cisco ASA

    5500 Series Adaptive

    Security Appliances and

    Cisco Catalyst 6500 Series

    ASA Services Module

    Importante CVE-2009-2861CSCtb56664.

    Vulnerabilidad en Cisco

    Aironet Lightweight AccessPoint

    Importante CVE-2009-2976

    Vulnerabilidad en los

    dispositivos Cisco Aironet

    Lightweight Access Point

  • 7/31/2019 GestinVulnerabilidades-Activos TI - BPP actividad 14

    22/65

    ImportanteCVE-2006-0354

    CSCsc16644

    Access Point Memory

    Exhaustion from ARP

    Attacks

    Importante CVE-2005-3482

    Cisco Airespace Wireless

    LAN Controllers Allow

    Unencrypted Network

    Access

    Importante cisco-sa-20020409 Aironet Telnet Vulnerability

    Importante CVE-2005-4258

    Multiple Unspecified Cisco

    Catalyst Switches LanD

    Packet Denial Of ServiceVulnerability

    Importante 2363 - CVE-MAP-NOMATCHSSH vulnerability in Cisco

    Catalyst

  • 7/31/2019 GestinVulnerabilidades-Activos TI - BPP actividad 14

    23/65

    Importante 2363 - CVE-MAP-NOMATCHSSH vulnerability in Cisco

    Catalyst

    Importante N/ACisco IOS Software Denial

    of Service Vulnerabilities

    Importante N/A

    Cisco IOS SNMP Message

    Processing Denial Of

    Service Vulnerability

    Importante osvdb: 80125Asterisk Request Response

    Port SIP Peer Enumeration

    Importante osvdb: 80126

    Asterisk main/utils.c

    ast_parse_digest() Function

    HTTP Digest Authentication

    String Parsing Remote

    Overflow

    Importante CVE-2012-0885

    Asterisk main/utils.c

    ast_parse_digest() Function

    HTTP Digest Authentication

    String Parsing Remote

    Overflow

    Importante osvdb: 77597

    Asterisk Request Response

    Port SIP Peer Enumeration

  • 7/31/2019 GestinVulnerabilidades-Activos TI - BPP actividad 14

    24/65

    Importante osvdb: 77598

    Asterisk

    channels/chan_sip.c

    handle_request_info()

    Function SIP Packet

    Parsing Remote DoS

    Importante isvdb: 40185

    Grandstream SIP Phone

    GXV-3000 Crafted SIP

    INVITE Message Privilege

    Escalation

    Critica CVE-2010-3971 Ejecucin de cdigo remoto

    Critica Vulnerabilidad de denegaci

    Importante CVE-2010-0806 Ejecucin de cdigo arbitrari

    Importante CVE-2010-0483 Ejecucin de cdigo arbitrari

    Importante CVE-2010-1118 Ejecucin de cdigo arbitrari

    Importante CVE-2011-3413

    OfficeArt Shape RCE

    Vulnerability

  • 7/31/2019 GestinVulnerabilidades-Activos TI - BPP actividad 14

    25/65

    Importante CVE-2011-3413Record Memory Corruption

    Vulnerability

    Importante CVE-2011-1990Excel Out of Bounds Array

    Indexing Vulnerability

    Importante CVE-2011-1989Excel ConditionalExpression Parsing

    Vulnerability

    Importante CVE-2011-1988Excel Heap Corruption

    Vulnerability

  • 7/31/2019 GestinVulnerabilidades-Activos TI - BPP actividad 14

    26/65

    Descripcin de la Vulnerabilidad Versiones Afectadas Impacto

    win32k.sys in the kernel-mode drivers in Microsoft

    Windows XP SP2 and SP3, Windows Server 2003

    SP2, Windows Vista SP2, Windows Server 2008 SP2,

    R2, and R2 SP1, and Windows 7 Gold and SP1 does

    not properly handle window messaging, which allowslocal users to gain privileges via a crafted application

    that calls the PostMessage function, aka

    "PostMessage Function Vulnerability."

    XP SP3, 2003 SP2, Vista

    SP2, 2008 SP2, 7 SP1,

    2008 R2 SP1

    Medio

    Use-after-free vulnerability in win32k.sys in the kernel-

    mode drivers in Microsoft Windows XP SP2 and SP3,

    Windows Server 2003 SP2, Windows Vista SP2,

    Windows Server 2008 SP2, R2, and R2 SP1, and

    Windows 7 Gold and SP1 allows local users to gain

    privileges via a crafted application that triggers

    keyboard layout errors, aka "Keyboard Layout Use

    After Free Vulnerability.

    Microsoft Windows XP

    SP2 and SP3, Windows

    Server 2003 SP2,

    Windows Vista SP2,

    Windows Server 2008

    SP2, R2, and R2 SP1,

    and Windows 7 Gold and

    SP1

    Medio

    afd.sys in the Ancillary Function Driver in Microsoft

    Windows XP SP2, Windows Server 2003 SP2,

    Windows Vista SP2, Windows Server 2008 SP2, R2,

    and R2 SP1, and Windows 7 Gold and SP1 on 64-bit

    platforms does not properly validate user-mode input

    passed to kernel mode, which allows local users to

    gain privileges via a crafted application, aka "AfdPoll

    Elevation of Privilege Vulnerability."

    Microsoft Windows XPSP2, Windows Server

    2003 SP2, Windows Vista

    SP2, Windows Server

    2008 SP2, R2, and R2

    SP1, and Windows 7 Gold

    and SP1 on 64-bit

    Bajo

    The Client/Server Run-time Subsystem (aka CSRSS)

    in the Win32 subsystem in Microsoft Windows XP SP2

    and SP3, Server 2003 SP2, Vista SP2, and Server

    2008 SP2, when a Chinese, Japanese, or Korean

    system locale is used, can access uninitialized memory

    during the processing of Unicode characters, which

    allows local users to gain privileges via a craftedapplication, aka "CSRSS Elevation of Privilege

    Vulnerability."

    Windows XP SP2 and

    SP3, Server 2003 SP2,

    Vista SP2, and Server

    2008 SP2

    Untrusted search path vulnerability in colorcpl.exe

    6.0.6000.16386 in the Color Control Panel in Microsoft

    Windows Server 2008 SP2, R2, and R2 SP1 allows

    local users to gain privileges via a Trojan horse sti.dll

    file in the current working directory, as demonstrated by

    a directory that contains a .camp, .cdmp, .gmmp, .icc,

    or .icm file, aka "Color Control Panel Insecure Library

    Loading Vulnerability."

    Microsoft Windows Server

    2008 SP2, R2, and R2

    SP1

    Bajo

  • 7/31/2019 GestinVulnerabilidades-Activos TI - BPP actividad 14

    27/65

    Buffer overflow in the Cisco Port Forwarder ActiveX

    control in cscopf.ocx, as distributed through the

    Clientless VPN feature on Cisco Adaptive Security

    Appliances (ASA) 5500 series devices with software

    7.0 through 7.2 before 7.2(5.6), 8.0 before 8.0(5.26),

    8.1 before 8.1(2.53), 8.2 before 8.2(5.18), 8.3 before

    8.3(2.28), 8.2 before 8.4(2.16), and 8.6 before 8.6(1.1),

    allows remote attackers to execute arbitrary code via

    unspecified vectors, aka Bug ID CSCtr00165.

    Cisco Adaptive Security

    Appliances (ASA) 5500

    series devices with

    software 7.0 through 7.2

    before 7.2(5.6), 8.0 before

    8.0(5.26), 8.1 before

    8.1(2.53), 8.2 before

    8.2(5.18), 8.3 before

    8.3(2.28), 8.2 before

    8.4(2.16), and 8.6 before

    8.6(1.1),

    Alto

    Cisco ASA 5500 Series Adaptive Security Appliances

    (ASA) and Cisco Catalyst 6500 Series ASA Services

    Module (ASASM) are affected by the following

    vulnerabilities:

    Cisco ASA UDP Inspection Engine Denial of Service

    Vulnerability

    Cisco ASA Threat Detection Denial of Service

    VulnerabilityCisco ASA Syslog Message 305006 Denial of Service

    Vulnerability

    Protocol Independent Multicast Denial of Service

    Vulnerability

    These vulnerabilities are independent of each other; a

    release that is affected by one of the vulnerabilities

    may not be affected by the others.

    (ASA) 5500 series

    devices, and the ASA

    Services Module

    (ASASM) in Cisco

    Catalyst 6500 series

    devices, with software 7.0

    through 7.2 before

    7.2(5.7), 8.0 before

    8.0(5.27), 8.1 before

    8.1(2.53), 8.2 before8.2(5.8), 8.3 before

    8.3(2.25), 8.4 before

    8.4(2.5), and 8.5 before

    8.5(1.2) and the Firewall

    Services Module (FWSM)

    3.1 and 3.2 before 3.2(23)

    and 4.0 and 4.1 before

    4.1(8) in Cisco Catalyst

    6500

    Medio

    Cisco ASA 5500 Series Adaptive Security Appliances

    (ASA) and Cisco Catalyst 6500 Series ASA Services

    Module (ASASM) are affected by the followingvulnerabilities:

    Cisco ASA UDP Inspection Engine Denial of Service

    Vulnerability

    Cisco ASA Threat Detection Denial of Service

    Vulnerability

    Cisco ASA Syslog Message 305006 Denial of Service

    Vulnerability

    Protocol Independent Multicast Denial of Service

    Vulnerability

    These vulnerabilities are independent of each other; a

    release that is affected by one of the vulnerabilities

    may not be affected by the others.

    (ASA) 5500 series

    devices, and the ASA

    Services Module

    (ASASM) in Cisco

    Catalyst 6500 seriesdevices, with software 7.0

    through 7.2 before

    7.2(5.7), 8.0 before

    8.0(5.27), 8.1 before

    8.1(2.53), 8.2 before

    8.2(5.8), 8.3 before

    8.3(2.25), 8.4 before

    8.4(2.5), and 8.5 before

    8.5(1.2) and the Firewall

    Services Module (FWSM)

    3.1 and 3.2 before 3.2(23)

    and 4.0 and 4.1 before

    4.1(8) in Cisco Catalyst6500

    Medio

  • 7/31/2019 GestinVulnerabilidades-Activos TI - BPP actividad 14

    28/65

    The Threat Detection feature on Cisco Adaptive

    Security Appliances (ASA) 5500 series devices, and

    the ASA Services Module (ASASM) in Cisco Catalyst

    6500 series devices, with software 8.0 through 8.2

    before 8.2(5.20), 8.3 before 8.3(2.29), 8.4 before

    8.4(3), 8.5 before 8.5(1.6), and 8.6 before 8.6(1.1)

    allows remote attackers to cause a denial of service

    (device reload) via (1) IPv4 or (2) IPv6 packets that

    trigger a shun event, aka Bug ID CSCtw35765.

    (ASA) 5500 series

    devices, and the ASA

    Services Module

    (ASASM) in Cisco

    Catalyst 6500 series

    devices, with software 7.0

    through 7.2 before

    7.2(5.7), 8.0 before

    8.0(5.27), 8.1 before

    8.1(2.53), 8.2 before

    8.2(5.8), 8.3 before

    8.3(2.25), 8.4 before

    8.4(2.5), and 8.5 before

    8.5(1.2) and the Firewall

    Services Module (FWSM)

    3.1 and 3.2 before 3.2(23)

    and 4.0 and 4.1 before

    4.1(8) in Cisco Catalyst

    6500

    Medio

    The UDP inspection engine on Cisco Adaptive Security

    Appliances (ASA) 5500 series devices, and the ASAServices Module (ASASM) in Cisco Catalyst 6500

    series devices, with software 8.0 before 8.0(5.25), 8.1

    before 8.1(2.50), 8.2 before 8.2(5.5), 8.3 before

    8.3(2.22), 8.4 before 8.4(2.1), and 8.5 before 8.5(1.2)

    does not properly handle flows, which allows remote

    attackers to cause a denial of service (device reload)

    via a crafted series of (1) IPv4 or (2) IPv6 UDP

    packets, aka Bug ID CSCtq10441.

    (ASA) 5500 series

    devices, and the ASAServices Module

    (ASASM) in Cisco

    Catalyst 6500 series

    devices, with software 8.0

    before 8.0(5.25), 8.1

    before 8.1(2.50), 8.2

    before 8.2(5.5), 8.3 before

    8.3(2.22), 8.4 before

    8.4(2.1),

    Medio

    La funcionalidad Over-the-Air Provisioning (OTAP) en

    dispositivos Cisco Aironet Lightweight Access Point

    1100 y 1200 no implementan apropiadamente la

    asociacin al punto de acceso, lo que permite a los

    atacantes remoto suplantar un controlador y causaruna denegacin de servicio (parada de servicio) a

    travs de una gestin de paquetes de radio remota

    (RRM) manipulados, tambin conocidos como

    "SkyJack" o Bug ID CSCtb56664.

    Cisco Aironet LightweightAccess Point 1100 y 1200

    Medio

    Los dispositivos Cisco Aironet Lightweight Access

    Point (AP) envan el contenido de ciertos paquetes de

    multidifusin en texto plano, lo que permite a atacantes

    remotos descubrir las direcciones IP y MAC del

    Wireless LAN Controller as como los detalles de

    configuracin del Punto de Acceso (AP) espiando la

    red wireless.

    Cisco Aironet Lightweight

    Access Point 1100 y 1200Medio

  • 7/31/2019 GestinVulnerabilidades-Activos TI - BPP actividad 14

    29/65

    Cisco IOS before 12.3-7-JA2 on Aironet Wireless

    Access Points (WAP) allows remote authenticated

    users to cause a denial of service (termination of

    packet passing or termination of client connections) by

    sending the management interface a large number of

    spoofed ARP packets, which creates a large ARP table

    that exhausts memory, aka Bug ID CSCsc16644

    Cisco Aironet 1400 Series

    Wireless Bridges

    Cisco Aironet 1300 Series

    Access Points

    Cisco Aironet 1240AG

    Series Access Points

    Cisco Aironet 1230AG

    Series Access Points

    Cisco Aironet 1200 Series

    Access Points

    Cisco Aironet 1130AG

    Series Access Points

    Cisco Aironet 1100 Series

    Access Points

    Cisco Aironet 350 Series

    Access Points running

    IOS

    Bajo

    Cisco 1200, 1131, and 1240 series Access Points,

    when operating in Lightweight Access Point Protocol

    (LWAPP) mode and controlled by 2000 and 4400

    series Airespace WLAN controllers running 3.1.59.24,

    allow remote attackers to send unencrypted traffic to a

    secure network using frames with the MAC address of

    an authenticated end host.

    Cisco 1200, 1131, and

    1240 series access points

    controlled by Cisco 2000

    and 4400 series

    Airespace Wireless LAN

    (WLAN) Controllers that

    are running software

    version 3.1.59.24 are

    affected by thisvulnerability.

    Bajo

    It is possible to cause a denial-of-service attack if

    Cisco Aironet products have Telnet access enabled.

    Telnet access is the only requirement for such an

    attack; there are no additional conditions.

    All releases up to, but

    excluding, 11.21 are

    vulnerable.

    Unspecified Cisco Catalyst Switches allow remote

    attackers to cause a denial of service (device crash)

    via an IP packet with the same source and destination

    IPs and ports, and with the SYN flag set (aka LanD).NOTE: the provenance of this issue is unknown; the

    details are obtained solely from the BID.

    Cisco Catalyst,

    FreeIPS FreeIPS 1.0 Bajo

    Recently we have been warn by our security team for a

    SSH vulnerability been detected on our Cisco devices

    (Cisco catalyst 2960, 3560) using McAfee Foundstone

    Cisco catalyst 3560 Bajo

  • 7/31/2019 GestinVulnerabilidades-Activos TI - BPP actividad 14

    30/65

    Recently we have been warn by our security team for a

    SSH vulnerability been detected on our Cisco devices

    (Cisco catalyst 2960, 3560) using McAfee Foundstone

    Cisco catalyst 2960 Bajo

    A potential denial of service condition may exist in

    Cisco's IOS firmware.

    The problem reportedly occurs when a large number of

    UDP packets are sent to device running IOS. This

    causes the system to use all available CPU resources

    and thus become unresponsive. The device may have

    to be reset manually if the attack is successful

    Cisco Router 2921 Medio

    It has been reported that the Cisco Internet Operating

    System (IOS) is affected by a remote SNMP message

    processing denial of service vulnerability. This issue

    may be leveraged to cause a denial of service

    condition in the affected device. The denial of service

    is due to the process consumed all available CPU

    resources in the affected device.The device may have

    to be reset manually if the attack is successful.

    Cisco router 2921/K9 IOS

    15.0M6Medio

    The SIP over UDP implementation in Asterisk Open

    Source 1.4.x before 1.4.43, 1.6.x before 1.6.2.21, and

    1.8.x before 1.8.7.2 uses different port numbers for

    responses to invalid requests depending on whether a

    SIP username exists, which allows remote attackers to

    enumerate usernames via a series of requests

    1.4.x before 1.4.43, 1.6.x

    before 1.6.2.21, and 1.8.x

    before 1.8.7.2

    Medio

    The SIP over UDP implementation in Asterisk Open

    Source 1.4.x before 1.4.43, 1.6.x before 1.6.2.21, and

    1.8.x before 1.8.7.2 uses different port numbers for

    responses to invalid requests depending on whether a

    SIP username exists, which allows remote attackers toenumerate usernames via a series of requests

    1.4.x before 1.4.43, 1.6.x

    before 1.6.2.21, and 1.8.x

    before 1.8.7.2

    Medio

    chan_sip.c in Asterisk Open Source 1.8.x before

    1.8.8.2 and 10.x before 10.0.1, when the res_srtp

    module is used and media support is improperly

    configured, allows remote attackers to cause a denial

    of service (NULL pointer dereference and daemon

    crash) via a crafted SDP message with a crypto

    attribute and a (1) video or (2) text media type, as

    demonstrated by CSipSimple.

    1.4.x before 1.4.43, 1.6.x

    before 1.6.2.21, and 1.8.x

    before 1.8.7.2

    Medio

    The SIP over UDP implementation in Asterisk Open

    Source 1.4.x before 1.4.43, 1.6.x before 1.6.2.21, and

    1.8.x before 1.8.7.2 uses different port numbers for

    responses to invalid requests depending on whether aSIP username exists, which allows remote attackers to

    enumerate usernames via a series of requests.

    All Alto

  • 7/31/2019 GestinVulnerabilidades-Activos TI - BPP actividad 14

    31/65

    channels/chan_sip.c in Asterisk Open Source 1.6.2.x

    before 1.6.2.21 and 1.8.x before 1.8.7.2, when

    automon is enabled, allows remote attackers to cause

    a denial of service (NULL pointer dereference and

    daemon crash) via a crafted sequence of SIP requests.

    All Alto

    The Grandstream SIP Phone GXV-3000 with firmware1.0.1.7, Loader 1.0.0.6, and Boot 1.0.0.18 allows

    remote attackers to force silent call completion,

    eavesdrop on the phone's local environment, and

    cause a denial of service (blocked call reception) via a

    certain SIP INVITE message followed by a certain

    "SIP/2.0 183 Session Progress" message.

    GXV3000

    El error se produce en la librera "mshtml.dll". Puede

    permitir que, al visitar una pgina web maliciosa, se

    ejecute cdigo en el ordenador comprometido, para,entre otras cosas, controlarla remotamente.

    IE 6, 7 y 8 Alto

    Microsoft Internet Explorer CSS 'expression'

    Vulnerabilidad de denegacin de Servicio remota

    Los atacantes pueden aprovechar este problema de

    atraer a un usuario desprevenido para ver una pgina

    web especialmente diseado.

    Versiones vulnerables de Internet Explorer 6, 7, y 8

    IE 6, 7 y 8

    Vulnerabilidad en Internet Explorer que podra permitir l IE 6 y 7

    Vulnerabilidad en Internet Explorer que podra permitir l IE 6, 7 y 8

    Unspecified vulnerability in Internet Explorer 8 on

    Microsoft Windows 7 allows remote attackers to

    execute arbitrary code via unknown vectors, possibly

    related to a use-after-free issue, as demonstrated by

    Peter Vreugdenhil during a Pwn2Own competition at

    CanSecWest 2010.

    IE 6, 7 y 8

    Microsoft PowerPoint 2007 SP2; Office 2008 for Mac;

    Office Compatibility Pack for Word, Excel, and

    PowerPoint 2007 File Formats SP2; and PowerPoint

    Viewer 2007 SP2 allow remote attackers to execute

    arbitrary code or cause a denial of service (memorycorruption) via an invalid OfficeArt record in a

    PowerPoint document, aka "OfficeArt Shape RCE

    Vulnerability."

    2007 y 2008 (mac)

  • 7/31/2019 GestinVulnerabilidades-Activos TI - BPP actividad 14

    32/65

    Microsoft Excel 2003 SP3 and Office 2004 for Mac do

    not properly handle objects in memory, which allows

    remote attackers to execute arbitrary code via a crafted

    Excel spreadsheet, aka "Record Memory Corruption

    Vulnerability."

    2003 y 2004 (mac)

    Microsoft Excel 2007 SP2; Excel in Office 2007 SP2;

    Excel Viewer SP2; Office Compatibility Pack for Word,Excel, and PowerPoint 2007 File Formats SP2; and

    Excel Services on Office SharePoint Server 2007 SP2

    do not properly validate the sign of an unspecified

    array index, which allows remote attackers to execute

    arbitrary code via a crafted spreadsheet, aka "Excel

    Out of Bounds Array Indexing Vulnerability."

    Excel 2007 SP2; Excel in

    Office 2007 SP2; Excel

    Viewer SP2; O

    Microsoft Excel 2003 SP3 and 2007 SP2; Excel in

    Office 2007 SP2; Excel 2010 Gold and SP1; Excel in

    Office 2010 Gold and SP1; Office 2004, 2008, and

    2011 for Mac; Open XML File Format Converter for

    Mac; Excel Viewer SP2; Office Compatibility Pack for

    Word, Excel, and PowerPoint 2007 File Formats SP2;

    Excel Services on Office SharePoint Server 2007 SP2;

    Excel Services on Office SharePoint Server 2010 Gold

    and SP1; and Excel Web App 2010 Gold and SP1 do

    not properly parse conditional expressions associated

    with formatting requirements, which allows remote

    attackers to execute arbitrary code via a crafted

    spreadsheet, aka "Excel Conditional Expression

    Parsing Vulnerability."

    Excel 2007 SP2; Excel inOffice 2007 SP2; Excel

    Viewer SP2; O

    Microsoft Excel 2003 SP3 and 2007 SP2; Excel in

    Office 2007 SP2; Office 2004 and 2008 for Mac; Open

    XML File Format Converter for Mac; Excel Viewer SP2;

    and Office Compatibility Pack for Word, Excel, and

    PowerPoint 2007 File Formats SP2 do not properly

    parse records in Excel spreadsheets, which allowsremote attackers to execute arbitrary code via a crafted

    spreadsheet, aka "Excel Heap Corruption

    Vulnerability."

    Excel 2007 SP2; Excel in

    Office 2007 SP2; Excel

    Viewer SP2; O

  • 7/31/2019 GestinVulnerabilidades-Activos TI - BPP actividad 14

    33/65

    Solucin Temporal (Workaround) Fecha en Internet Solucin Temporal

  • 7/31/2019 GestinVulnerabilidades-Activos TI - BPP actividad 14

    34/65

  • 7/31/2019 GestinVulnerabilidades-Activos TI - BPP actividad 14

    35/65

  • 7/31/2019 GestinVulnerabilidades-Activos TI - BPP actividad 14

    36/65

    The workaround for this vulnerability is to

    disable Telnet access.

  • 7/31/2019 GestinVulnerabilidades-Activos TI - BPP actividad 14

    37/65

  • 7/31/2019 GestinVulnerabilidades-Activos TI - BPP actividad 14

    38/65

  • 7/31/2019 GestinVulnerabilidades-Activos TI - BPP actividad 14

    39/65

  • 7/31/2019 GestinVulnerabilidades-Activos TI - BPP actividad 14

    40/65

    Fecha Implementacin Solucin Temporal Solucin definitiva

    Aplicar los parches del boletin de seguridad

    http://technet.microsoft.com/en-

    us/security/bulletin/ms12-018

    Aplicar los parches del boletin de seguridad

    http://technet.microsoft.com/en-

    us/security/bulletin/ms12-008

    Aplicar los parches del boletin de seguridad

    http://technet.microsoft.com/en-

    us/security/bulletin/ms12-009

    Aplicar los parches del boletin de seguridad

    http://technet.microsoft.com/en-

    us/security/bulletin/ms12-005

    Aplicar los parches del boletin de seguridad

    http://technet.microsoft.com/en-

    us/security/bulletin/ms12-012

  • 7/31/2019 GestinVulnerabilidades-Activos TI - BPP actividad 14

    41/65

    Actualizar de versin segn el iOS

    http://tools.cisco.com/security/center/content/

    CiscoSecurityAdvisory/cisco-sa-20120314-

    asaclient

    Cisco has released free software updates that

    address these vulnerabilities. Workarounds

    are available to mitigate some of the

    vulnerabilities. This advisory is available at the

    following link:

    http://tools.cisco.com/security/center/content/

    CiscoSecurityAdvisory/cisco-sa-20120314-asa

    Cisco has released free software updates that

    address these vulnerabilities. Workarounds

    are available to mitigate some of the

    vulnerabilities. This advisory is available at the

    following link:

    http://tools.cisco.com/security/center/content/

    CiscoSecurityAdvisory/cisco-sa-20120314-asa

  • 7/31/2019 GestinVulnerabilidades-Activos TI - BPP actividad 14

    42/65

    Cisco has released free software updates that

    address these vulnerabilities. Workaroundsare available to mitigate some of the

    vulnerabilities. This advisory is available at the

    following link:

    http://tools.cisco.com/security/center/content/

    CiscoSecurityAdvisory/cisco-sa-20120314-asa

    Cisco has released free software updates thataddress these vulnerabilities. Workarounds

    are available to mitigate some of the

    vulnerabilities. This advisory is available at the

    following link:

    http://tools.cisco.com/security/center/content/

    CiscoSecurityAdvisory/cisco-sa-20120314-asa

  • 7/31/2019 GestinVulnerabilidades-Activos TI - BPP actividad 14

    43/65

    Cisco has made free software available to

    address this vulnerability for affected

    customers. Prior to deploying software,

    customers should consult their maintenance

    provider or check the software for feature set

    compatibility and known issues specific to

    their environment.

    Customers may only install and expect

    support for the feature sets they have

    purchased. By installing, downloading,

    accessing or otherwise using such software

    upgrades, customers agree to be bound by

    the terms of Cisco's software license terms

    found at

    http://www.cisco.com/en/US/docs/general/warr

    anty/English/EU1KEN_.html, or as otherwise

    set forth at Cisco.com Downloads at

    http://www.cisco.com/public/sw-center/sw-

    usingswc.shtml.

    Cisco has made free software available to

    address this vulnerability for affected

    customers. Prior to deploying software,

    customers should consult their maintenance

    provider or check the software for feature set

    compatibility and known issues specific to

    their environment.

    Customers may only install and expect

    support for the feature sets they have

    purchased. By installing, downloading,

    accessing or otherwise using such software

    upgrades, customers agree to be bound by

    the terms of Cisco's software license termsfound at http://www.cisco.com/public/sw-

    license-agreement.html, or as otherwise set

    forth at Cisco.com Downloads at

    http://www.cisco.com/public/sw-center/sw-

    usingswc.shtml.

    This vulnerability is fixed in release 11.21,

    which is available now.

    Currently we are not aware of any vendor-

    supplied patches for this issue. If you feel we

    are in error or are aware of more recent

    information, please mail us at:[email protected]

    .

    Our ssh version is 2.0 and we did change the

    RSA key to 2048 but then the result still the

    same.

  • 7/31/2019 GestinVulnerabilidades-Activos TI - BPP actividad 14

    44/65

    Our ssh version is 2.0 and we did change the

    RSA key to 2048 but then the result still the

    same.

    Currently there are not any vendor-supplied

    patches for this issue.

    Currently there are not any vendor-supplied

    patches for this issue.

    Upgrade to version 1.4.44, 1.6.2.23, 1.8.10.1

    or 10.2.1 or higher, as they have been

    reported to fix this vulnerability. An upgrade is

    required as there are no known workarounds.

    Upgrade to version 1.4.44, 1.6.2.23, 1.8.10.1

    or 10.2.1 or higher, as they have been

    reported to fix this vulnerability. An upgrade is

    required as there are no known workarounds.

    Upgrade to version 10.0.1 or higher or 1.8.8.2

    or higher, as it has been reported to fix this

    vulnerability

    Upgrade to version 10.0.1 or higher or 1.8.8.2

    or higher, as it has been reported to fix thisvulnerability

  • 7/31/2019 GestinVulnerabilidades-Activos TI - BPP actividad 14

    45/65

    Upgrade to version 1.6.2.21 or higher or

    1.8.7.2 or higher, as it has been reported to fix

    this vulnerability

    Actualizar el Firmware

    http://www.grandstream.com/support/firmware

    La solucin propuesta por Microsoft: utilizar

    Enhanced Mitigation Experience Toolkit

    (EMET) de Microsoft.

    Esta herramienta permite que todas las DLL

    cargadas por un programa sean obligadas a

    usar ASLR. Esto quiere decir que serncolocadas en lugares aleatorios de la

    memoria.

    La solucin es para cada uno de los equipos y

    no se controla desde el dominio

    Aplicar en los servidores y en los PCs la actua

    Aplicar en los servidores y en los PCs la actua

    Actualizar http://www.microsoft.com/en-us/defa

    Actualizar http://www.microsoft.com/en-us/defa

    Aplicar los parches del boletin MS MS11-094

  • 7/31/2019 GestinVulnerabilidades-Activos TI - BPP actividad 14

    46/65

    Aplicar los parches del boletin MS MS11-096

    Aplicar los parches del boletin MS MS11-072

    Aplicar los parches del boletin MS MS11-072

    Aplicar los parches del boletin MS MS11-072

  • 7/31/2019 GestinVulnerabilidades-Activos TI - BPP actividad 14

    47/65

    Fecha Solucin Definitiva por el Fabricante Fecha Implementacin Solucin Definitiva

    3/13/2012

    2/14/2012

    2/14/2012

    1/10/2012

    1/17/2012

  • 7/31/2019 GestinVulnerabilidades-Activos TI - BPP actividad 14

    48/65

    3/12/2012

    3/14/2012

    3/14/2012

  • 7/31/2019 GestinVulnerabilidades-Activos TI - BPP actividad 14

    49/65

  • 7/31/2019 GestinVulnerabilidades-Activos TI - BPP actividad 14

    50/65

    1/12/2006

    11/12/2005

    4/9/2002

    12/15/2005

    9/28/2011

  • 7/31/2019 GestinVulnerabilidades-Activos TI - BPP actividad 14

    51/65

    9/28/2011

    3/15/2012

    3/15/2012

    1/15/2012

    7/18/2011

  • 7/31/2019 GestinVulnerabilidades-Activos TI - BPP actividad 14

    52/65

  • 7/31/2019 GestinVulnerabilidades-Activos TI - BPP actividad 14

    53/65

    12/13/2011

    9/15/2011

    9/15/2011

    9/15/2011

  • 7/31/2019 GestinVulnerabilidades-Activos TI - BPP actividad 14

    54/65

    Nro de OC Observacin

  • 7/31/2019 GestinVulnerabilidades-Activos TI - BPP actividad 14

    55/65

    Servicios o Procesos Crticos del negocio Descripcin

    Gestin de Catalogo en Linea

    Gestin de Afiliacin

    Gestin de Prstamos Proceso para la Afiliacin, prstamo, reserva y renovaci

    Gestin de Reservas de materiales

    Gestin de Renovacin del prstamo

    Internet y WIFI Ofrecer a los diferentes pblicos (nios, jvenes, adultos)

    Visitas guiadas

    Referencia y orientacin a los usuarios

    Cursos y capacitaciones

    Talleres (escritores, msica, artes)

    Salas de exposicin y auditorio

  • 7/31/2019 GestinVulnerabilidades-Activos TI - BPP actividad 14

    56/65

    Confidencialidad Disponibildiad Integridad Trazabilidad Total Alto=10 Medio=5

    Bajo Alto Media Bajo 16

    Bajo Media Media Bajo 11

  • 7/31/2019 GestinVulnerabilidades-Activos TI - BPP actividad 14

    57/65

    Bajo=1

  • 7/31/2019 GestinVulnerabilidades-Activos TI - BPP actividad 14

    58/65

    Nombre Activo de TI

    AP Cisco Aironet Asterisk Cisco ASA

    5 5 5

  • 7/31/2019 GestinVulnerabilidades-Activos TI - BPP actividad 14

    59/65

    Cisco Catalyst 29 Cisco Catalyst 3560 Cisco Router 2921 Internet Explorer Telefono VOIP

    1 2 2 4 1

  • 7/31/2019 GestinVulnerabilidades-Activos TI - BPP actividad 14

    60/65

    Windows Server (vaco) Microsoft Total Resultado

    5 5 35

  • 7/31/2019 GestinVulnerabilidades-Activos TI - BPP actividad 14

    61/65

    ACTIVOS VULNERABILIDAD AMENAZA

    NATURAL HUMANO

    Asterisk

    ubuntu server

    cisco2960

    joomla

    Windows 2003 server

    ESCALA RIESGO

    CUALITATIVO

    MUY ALTO 50

    ALTO

    MEDIO

    BAJO

    FUENTE

  • 7/31/2019 GestinVulnerabilidades-Activos TI - BPP actividad 14

    62/65

    PROBABILIDA IMPACTO RIESGO

    DISPONIBILIDAD CONFIDENCIALIDA INTEGRIDAD TRAZABILIDAD

    DIMENSIONES

  • 7/31/2019 GestinVulnerabilidades-Activos TI - BPP actividad 14

    63/65

    Nombre del Activo

    Valor

    Activo

    (dolares)

    Vulnerabilidad Amenaza

    Robo fisico

    Descarga electrica

    Intruso Interno

    Intruso Externo

    Escalar privilegios

    robo de

    informacion

    Intruso Externo

    modificacion de

    configuracion

    atacante interno

    mal manejo de

    contraseas

    falta capacitacionperdidas de

    informacion

    Caida de la linea

    Desconfiguracin

    intencional

    Consumo de red

    llamadas no

    permitidas

    PoC

    Cambiar los QoS

    atacaque de fuerza

    brutaclaves por defecto

    cambio de

    configuracin

    romper WEP

    AP Roguet

    suplantacin MAC

    malware

    exposicion

    informacion

    corporativa en

    internet

    phishing

    Man-in-the-browser

    Saltar proxy

    Exploits

    AP Cisco Aironet 700

    Configuraciones por defecto

    Cifrado inseguro de la red inalambirca

    Navegador internet

    explorer20

    Navegacin en sitios no autorizados

    Vulnerabilidades en el navegador

    Cisco Catalyst 3560 2000

    Vulnerabilidad SSH

    malas configuraciones

    Asterisk 500Fallas tcnicas

    Fallas de software

    Windows Server

    20031000

    Inadecuado Control de Seguridad Fisica

    Sistema operativo desactualizado

  • 7/31/2019 GestinVulnerabilidades-Activos TI - BPP actividad 14

    64/65

    Rango de

    ocurrencia

    al ao

    ValorProbabilidad

    AmenazaImpacto %

    Riesgo x Amenaza

    (dolares)

    Riesgo anual x

    vulnerabilidad

    (cuantivativo)

    2 veces 2/365 0.005479452 70.00% 3.835616438

    2veces 3/365 0.008219178 30.00% 2.465753425

    2 veces 2/365 0.005479452 15.00% 0.821917808

    4 veces 4/365 0.010958904 60.00% 6.575342466

    10 veces 10/365 0.02739726 20.00% 5.479452055 14.24657534

    7 veces1/365

    0.00273972680.00%

    2.191780822

    2veces 2/365 0.005479452 60.00% 6.575342466 27.94520548

    4 veces 4/365 0.010958904 60.00% 13.15068493

    6 veces 3/365 0.008219178 50.00% 8.219178082

    4 veces 4/365 0.01095890445.00%

    9.863013699 37.26027397

    2 veces 2/365 0.005479452 25.00% 2.739726027

    6 veces 6/365 0.01643835675.00%

    24.65753425

    3 veces 3/365 0.008219178 0.4 1.643835616 9.589041096

    4 veces 4/365 0.010958904 0.3 5.479452055

    3 veces 3/365 0.008219178 0.6 2.465753425

    9 veces 9/365 0.024657534 0.2 2.465753425 7.671232877

    4 veces 4/365 0.010958904 0.5 2.739726027

    3 veces 3/365 0.008219178 0.6 2.465753425

    2 veces 2/360 0.005555556 0.5 1.944444444 17.888888898 veces 8/360 0.022222222 0.9 14

    5 veces 5/360 0.013888889 0.2 1.944444444

    2 veces 2/360 0.005555556 0.3 1.166666667 4.472222222

    2 veces 2/360 0.005555556 0.7 2.722222222

    3 veces 3/360 0.008333333 0.1 0.583333333

    8 veces 8/360 0.022222222 0.4 0.177777778 0.377777778

    9 veces 9/360 0.025 0.2 0.1

    3 veces 3/360 0.008333333 0.6 0.1

    2 veces 2/360 0.005555556 0.2 0.022222222 0.366666667

    6 veces 6/360 0.016666667 0.5 0.166666667

    8 veces 8/360 0.022222222 0.4 0.177777778

    7.123287671

  • 7/31/2019 GestinVulnerabilidades-Activos TI - BPP actividad 14

    65/65