Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

How to Read a CVE

A comprehensive guide to understanding CVE entries, their structure, fields, and how to interpret vulnerability information for effective security management.

Quick Navigation

CVE Structure CVE ID Format Severity Scores Description Affected Products References

Understanding CVE Structure

A CVE (Common Vulnerabilities and Exposures) entry contains standardized information about a security vulnerability. Each CVE includes several key components that help security professionals understand the threat, assess its severity, and determine appropriate remediation actions.

Key Components of a CVE:

  • 1.
    CVE ID: Unique identifier (e.g., CVE-2021-44228)
  • 2.
    Description: Detailed explanation of the vulnerability
  • 3.
    Severity Score: CVSS score indicating severity (0.0-10.0)
  • 4.
    Affected Products: Software/products impacted by the vulnerability
  • 5.
    References: Links to advisories, patches, and additional information
  • 6.
    Published Date: When the CVE was assigned and disclosed

CVE ID Format

Every CVE has a unique identifier following the format: CVE-YYYY-NNNNN

CVE-2021-44228
Example: Log4Shell
One of the most critical vulnerabilities of 2021
Prefix
CVE
Always "CVE"
Year
2021
Year assigned
Sequence
44228
Unique number

Note: The sequence number can be 4-7 digits long. Earlier CVEs may have shorter sequences (e.g., CVE-1999-0067), while recent ones typically have 5-7 digits.

Understanding Severity Scores

CVEs include severity ratings to help prioritize remediation efforts. The most common scoring system is CVSS (Common Vulnerability Scoring System).

CVSS Score Ranges

CRITICAL
9.0 - 10.0
9.0-10.0

Requires immediate action. Vulnerabilities that can lead to complete system compromise, data breach, or service disruption.

HIGH
7.0 - 8.9
7.0-8.9

Should be addressed promptly. Significant security risk that could lead to unauthorized access or data exposure.

MEDIUM
4.0 - 6.9
4.0-6.9

Moderate security risk. Should be addressed in regular patching cycles.

LOW
0.1 - 3.9
0.1-3.9

Low security risk. Minimal impact, but should still be addressed when possible.

EPSS Score

EPSS (Exploit Prediction Scoring System) predicts the probability that a vulnerability will be exploited in the wild within 30 days. Scores range from 0.0 (very low probability) to 1.0 (very high probability).

Low Risk
0.0 - 0.3
Medium Risk
0.3 - 0.7
High Risk
0.7 - 1.0

Reading CVE Descriptions

The CVE description provides a clear, concise explanation of the vulnerability. It typically includes:

What the vulnerability is

The type of security flaw (e.g., buffer overflow, SQL injection, authentication bypass)

How it can be exploited

The attack vector and conditions required for exploitation

Potential impact

What an attacker could achieve if the vulnerability is successfully exploited

Example Description:

"Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled."

Affected Products

CVEs specify which software products and versions are affected by the vulnerability. This information is crucial for determining if your infrastructure is at risk.

Product Information Includes:

  • Vendor: The company or organization that develops the software
  • Product: The specific software application or component
  • Version Range: Which versions are vulnerable (e.g., "2.0.0 through 2.15.0")
  • Fixed Versions: Versions that include the security patch

Tip: Use vulnerability management tools to automatically scan your infrastructure and match installed software against CVE databases to identify affected systems.

References and Advisories

CVE entries include references to additional resources that provide more context, patches, and remediation guidance.

Vendor Advisories

Official security advisories from the software vendor with detailed information and patch availability.

Exploit References

Links to proof-of-concept exploits, exploit databases, and security research.

Patch Information

Links to security updates, patches, and fixed versions of affected software.

Security Research

Academic papers, blog posts, and detailed technical analysis of the vulnerability.

Best Practices for Reading CVEs

1. Start with Severity

Check the CVSS score first to understand the severity. CRITICAL (9.0+) vulnerabilities require immediate attention.

2. Check EPSS Score

High EPSS scores (>0.7) indicate active exploitation is likely. Prioritize these even if CVSS is lower.

3. Verify Affected Products

Confirm if your infrastructure uses the affected software versions. Not all CVEs affect all systems.

4. Check for Exploits

Look for public exploits (PoCs) or active exploitation indicators. These significantly increase urgency.

5. Review References

Follow vendor advisories and patch information links for official remediation guidance.

Ready to Start Monitoring CVEs?

HuntDB provides real-time CVE intelligence with CVSS scores, EPSS predictions, exploit detection, and comprehensive vulnerability data.

Search CVEs Start Monitoring

Related Resources

Security Glossary CVE vs CWE Top Critical CVEs