Recently, our research team recently wrote an extensive blog on the EXTRABACON exploit (finally a name that we can all get behind). Our research with Project Sonar showed that a large number of devices and organizations are still exposed to this vulnerability, even though a patch has been released; and today I thought we'd get pragmatic and show how you can measure your exposure using Nexpose vulnerability management.

Because Nexpose Live Monitoring is always-on, we allow you to automatically collect, monitor, and analyze your network for new and existing risk, including EXTRABACON.  And when you are integrated with Rapid7 SONAR research (see, tying it all together folks), you immediately identify these risks now, and even if they enter the network later.

There are a few ways to do it. Let's take a look.

Use Nexpose Dynamic Asset Groups. Here you can create a filter to show you every asset that contains the relevant CVE (in this case, CVE-2016-6366):

(Note: To avoid typos it may be easier to do “Contains” instead of “is” and just include the final number.)

This asset group is dynamic, so it will automatically update after scans. When the number of assets reaches 0, that means you're done!

You can also automatically tag every asset under that filter as highly critical, so that their risk scores get amplified and they get pushed to the top of your remediation reports.

To help visualize the impact of the vulnerability, you can also use the LiveBoards in Nexpose to filter cards by the vulnerability to see which newly discovered assets have the vuln, as well as what % of your assets are affected. Simply use the filter: asset.vulnerability.title CONTAINS "cve-2016-6366"

Finally, we're working on a Metasploit module for the exploit as well; Want to see how vulnerable your organization is to EXTRABACON? Download a free trial of our vulnerability scanner today!