I have a Debian11 system with vulnerability in libcurl (package name: libcurl4, version 7.74.0-1.3).
It has a vulnerability: CVE-2022-32221 with critical severity.
I ran a two scans:
Full and fast with OpenVAS default scanner with credentials (with privilege escalation credentials).
After the above finishes: a new scan with CVE scanner (with credentials)
Unfortunatley the CVE is NOT found (even though the CVE is in the CVE database).
Thanks for quick response. Actually the notus-scanner is running (as I checked it is a python script, nonetheless it is run by systemd - notus-scanner.service).
But in the scanners list (Configuration → scanners) I can see only “CVE” and OpenVAS Default scanner - there’s no information about notus scanner.
Btw. I checked notus-scanner log file (in the /var/log/notus-scanner) and there is only a single entry saying: “INFO (notus.scanner.daemon) Starting notus-scanner version 22.4.4.”
Nothing more
Is there any special configuration I need to create/set in order for this to run?
I think you may have missed this part from Lukas’ reply:
Go to Configuration → Credentials and add credentials for the system you want to scan, because otherwise there won’t be an authenticated scan but rather a blackbox scan that cannot pick up this vulnerability.