Any vulnerability is an attack vector.

What a security expert!

Maybe you can at least read a figure and understand that they are not the same: https://upload.wikimedia.org/wikipedia/commons/8/86/2010-T10-ArchitectureDiagram.png

It comes from the Wikipedia article on vulnerability (computing): https://en.wikipedia.org/wiki/Vulnerability_%28computing%29

The article starts with a definition: "Vulnerability is the intersection of three elements: a system susceptibility or flaw, attacker access to the flaw, and attacker capability to exploit the flaw". That applies to the security bug in Bash before Shellshock was corrected. That does not apply to 'dhclient' that did not contain any "system susceptibility or flaw". There was no vulnerability in 'dhclient'. Nothing to fix. And nothing was fixed. 'dhclient' was one of the vectors through which the attacker had "access to the flaw" and could "exploit the flaw". That is the definition of an exploit vector. The description of the figure in the article says it: "a threat agent through an attack vector exploits a weakness (vulnerability) of the system ...".

Reply via email to