A security analyst reviews a Nessus scan report for a public-facing web server and finds a critical vulnerability with a CVSS score of 9.8. The report's details indicate that an attacker could leverage this flaw to execute arbitrary commands at the operating system level. Which vulnerability category does this finding represent?
The correct answer is 'Remote code execution'. Remote code execution (RCE) vulnerabilities are flaws that allow an attacker to execute arbitrary code or commands on a target machine or in a target process. The scenario's description of executing arbitrary commands at the operating system level is a direct definition of RCE's impact. SQL injection is incorrect because it involves executing malicious SQL queries against a database, not directly executing OS commands. A Buffer overflow is a memory-related flaw that could potentially lead to RCE, but RCE is the resulting impact and the broader, more accurate category described. Cross-site scripting involves executing malicious scripts in a victim's browser, not on the server's operating system.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.