Causes of Common Vulnerabilities in Network

A vulnerability is a weakness in computer software that allows unauthorized access. For example, software that processes credit card information should not allow people to read the card information it handles. However, a malicious party might exploit a vulnerability to access and read card information.

What is a common vulnerability?

A common vulnerability is a vulnerability that is well-known, already discovered, defined, and listed in the public domain. The United States Department of Homeland Security (DHS) publishes and maintains a database of common vulnerabilities and exposures. This database is known as CVE (Common Vulnerabilities and Exposures).

DHS updates this database whenever it discovers a new common vulnerability. A vulnerability qualifies as a common vulnerability when it is independent, acknowledged by a vendor to have a negative impact on security, and affects only one product or software.

Causes of vulnerabilities

It can be challenging to consider a specific vulnerability in isolation because there are many pieces of software, often with numerous vulnerabilities of different types. In addition, several common configuration mistakes can also lead to vulnerabilities in systems and networks. As a network administrator, you should know the causes of these common vulnerabilities.

Running unnecessary services

Services provide functionalities on the system. By default, operating systems include services for all essential tasks. It makes the operating system more productive for users. However, it also makes the system vulnerable to hackers. A service is an application software. It needs various configurations and settings to run. Hackers find bugs and misconfigurations in the service and use that to gain access to the service for miscellaneous purposes. You should run only the required services and stop all unnecessary services on the system.

Keeping all ports open

Services use ports to provide necessary functionalities. An opened port on the system is an invitation for a hacker to gain access to the system. You should close any open ports on the system that are not required. In addition, you should also use a firewall to block access to ports that must remain open.

Using outdated software

When developers find a vulnerability in software, they fix it and release the new version of the software. Until you update the software, it runs with the discovered vulnerability. If a hacker finds it before you update the software, he can use it to gain access. You should keep your systems up-to-date with patches and security fixes. That way, any software on the system is less likely to have vulnerabilities that a hacker can exploit.

Using unencrypted channels

When you access a remote service or communicate with another person on the network, data flows between your computer and the remote computer. If computers exchange this data in regular format, hackers can use wire sniffer tools to steal information from data packets in the middle. You can mitigate this risk by using encrypted channels to exchange information. If you use encrypted channels, computers exchange information in encrypted format.

Using clear-text credentials

Services use various authentication methods to identify users. For backward compatibilities, many services still support clear-text credentials. However, if you use login credentials in clear-text format, hackers can steal them from the middle using network-safe tools.


Using insecure protocols

Many protocols have been outdated in modern networking environments. Most of them use insecure connections. They send data packets without encryption. It causes security risks. You can prevent it by encrypting all communications. You should investigate each protocol used on the network and find secure replacements for those that do not encrypt communication. For example, you should use Secure Shell (SSH) instead of Telnet for remote administration.


In this tutorial, we discussed common causes of network vulnerabilities and learned how to mitigate them. The causes discussed in this tutorial are essential but sufficient for any entry-level networking exam such as CCNA or CompTIA Network Plus.

ComputerNetworkingNotes CCNA Study Guide Causes of Common Vulnerabilities in Network