Kind of new to GB, but have a long history in various IT areas.
I am trying to get a CVE scan functioning on GCE.
Here is a quick layout of what I’ve done:
• Created VM on Hyper-V.
• Performed initial setup.
• Opened port TCP 873 for Community Feed.
• Waited a long time (note that it is mentioned a few times in here to be patient. Yeah, be patient. Come back tomorrow kind of patient. Data needs to be pulled, then built into databases - you don’t see this happening nor any kind of feedback)
• Created a target (lets call it Server1)
• Created a Task (Full and Very Deep)
• Performed the scan
• Reviewed the report
This is pretty darn helpful… but where I’m struggling is performing a CVE scan. My understanding is that I must have the data from a normal ‘full and fast’ or other ‘FULL and whatever’ scan to run a CVE scan.
I’ve created a separate task & set it for CVE scanning against Server1, but when I launch the task, it completes the moment it has started and there are no results.
I can view the CVEs under SecInfo & they are there…
Is there some troubleshooting I can perform to get this working properly?
Great tools. Thank you.
Did you add the results from your previous scan to the asset database ?
CVE scan happens only on the database and not on the target machine.
Thanks for the reply Lukas,
I looked at the task just now. Is that the same as ‘Edit Task > Add results to Asset Management’?
If so, then yes - the task was created & run that way.
The CVE scanner is also only working if applications are detected with a version and a related CPE registered in the NVD database.
So basically if the scan against Server1 is detecting a CPE like the following with a “Full scan”:
cpe:/a:apache:http_server (without a version)
the CVE scanner won’t return any results / vulnerabilities. It would require a CPE like e.g.:
with a version where a CPE <-> CVE reference / matching is registered within the NVD database.
That is helpful information, thank you!
I’ve run the ‘Full and Fast’ scans against a few of our internal and public facing IPs & came back with a report I am happy with (not a CVE report) - I was exploring the options I suppose & wanted to see all the angles.
Would like to express my thanks to Lukas, cfi, and of course any who may happen read this & work on these tools.
One update to this as the NVD page was down this morning and i wasn’t able to provide an example.
Basically the CVE scanner is doing a search like e.g.:
and shows all vulnerabilities listed there. If there is e.g. a current Apache HTTP Server 2.4.39 detected the CVE scanner currently won’t return any results as seen here: