Using ChatGPT to Analyze Cybersecurity Vulnerabilities

Because you are hoping ChatGPT can help with #Cybersecurity vulnerability analysis, I got curious.

How can #ChatGPT be used in Cybersecurity events?

I added the following custom instruction in my ChatGPT sessions:

When given a prompt that contains a RegEx format of ^CVE-\d{4}-\d{4,}$, analyze the result from the following URL, https://nvd.nist.gov/vuln/detail/^CVE-\d{4}-\d{4,}$, replacing the RegEx value in the URL with the CVE value from the prompt. Follow any links from the CVE details for additional analysis.

Then I started a new chat, enabled the WebPilot plugin, and tested the custom instruction with a random CVE published today using the following prompt:

What can you tell me about CVE-2023-5020

The results were close to what I expected and interesting.

ChatGPT extracted the CVE from my prompt and followed the link from my custom instruction. ChatGPT did not provide much more of a summary than what is in the NVD page, nor automatically follow the links listed on the page.

However, ChatGPT did offer proactive measures, speculation, and questions to consider. It is likely these elements were provided because my other custom instructions ask for speculation and suggestions.

To get ChatGPT to follow the links from the NVD CVE details I only had to ask.

This is where I found ChatGPT to be more helpful than I expected.

The gist of this is I can get ChatGPT to summarize and compile the details of a vulnerability in a single page and do so interactively. This may be helpful to quickly explore the implications of a CVE by asking for analysis from different perspectives or purposes.

For example, I used the prompt:

Provide a summary of the CVE for a CIO executive

This is the ChatGPT reply:


Executive Summary: Critical SQL Injection Vulnerability in 07FLY CRM V2 (CVE-2023-5020)

Overview

A critical SQL Injection vulnerability has been identified in 07FLY CRM V2, a Customer Relationship Management software. This security flaw poses a significant risk as it allows unauthorized access to the administrator login page, potentially compromising sensitive data. The exploit code for this vulnerability has been publicly disclosed, elevating the urgency for immediate action.

Risk Level

  • Severity: Critical
  • Attack Vector: Remote

Business Impact

  1. Data Breach Risk: Unauthorized access to sensitive customer data and internal records.
  2. Reputation Damage: Public disclosure of the exploit increases the risk of exploitation, which could harm the company’s reputation.
  3. Compliance Risks: Failure to address the vulnerability may result in non-compliance with data protection regulations.

Recommended Actions

  1. Immediate Patching: Coordinate with the IT team to apply any available patches or workarounds.
  2. Security Audit: Conduct a comprehensive security audit to identify any similar vulnerabilities.
  3. Strengthen Monitoring: Enhance security monitoring to detect any attempts to exploit this vulnerability.

Next Steps

  1. Vendor Communication: Engage with 07FLY to understand the timeline for an official fix.
  2. Internal Briefing: Update the board and relevant stakeholders on the situation and the steps being taken to mitigate the risks.
  3. Public Communication: Prepare a communication plan to inform customers if necessary, focusing on transparency and steps taken for resolution.

Of course, this result is entirely based only on the CVE itself, without any consideration of the consumer’s environment, assets, or configurations. This posting is not a recommendation on how to proceed with this randomly selected CVE. It is merely an example.

It shows the potential for how ChatGPT, or other AI assistants, may be used to delve into an investigation using real and current information while tailoring it to specific consumer use cases.

Cheers