CEH v13: Vulnerability Analysis

Table of Contents
Click Here to Return To the Certified Ethical Hacker (CEH v13) Course Page
Vulnerability Analysis identifies weaknesses to exploit in the EC-Council CEH v13 course. This module covers how you scan systems, score findings, and map them to known exploits. Scanning generates traffic and load, so schedule it within your authorized window.
After enumeration you have a list of services and versions. Vulnerability analysis matches those against known flaws so you focus effort on weaknesses that actually exist.
The Vulnerability Management Cycle
You repeat four steps to keep findings current.
- Identify weaknesses with scanners and manual checks.
- Prioritize findings by risk and exploitability.
- Remediate through patches, configuration, or compensating controls.
- Verify the fix with a rescan.
Scanning Tools
Automated scanners compare service data against vulnerability databases.
| Tool | Strength |
|---|---|
| Nessus | Broad, detailed commercial scanner |
| OpenVAS | Free and open-source scanner |
| Qualys | Cloud-based, agent and network scanning |
| Nikto | Focused on web server flaws |
You also choose the scan type:
- Unauthenticated scans test from the outside, like an external attacker.
- Authenticated scans log in with credentials for deeper, accurate results.
CVSS Scoring and CVE Mapping
You rank flaws with the Common Vulnerability Scoring System (CVSS), a 0.0 to 10.0 scale.
| CVSS score | Severity |
|---|---|
| 0.1 - 3.9 | Low |
| 4.0 - 6.9 | Medium |
| 7.0 - 8.9 | High |
| 9.0 - 10.0 | Critical |
Each known flaw gets a CVE identifier (for example, CVE-2021-44228 for Log4Shell). You map findings to CVE entries and search exploit databases like Exploit-DB to confirm a working exploit exists. A high CVSS score with a public exploit and internet exposure is your top priority.
From Findings to Action
A scan report lists far more than you exploit. You filter out false positives, confirm real issues with manual testing, and translate each into a clear remediation step. The defensive side of this process appears in the CompTIA Security+ Security Operations module .
Next Steps
Use confirmed weaknesses to gain access in System Hacking . Revisit service detail in Enumeration . Return to the Certified Ethical Hacker (CEH v13) Course .


