Not finding installed software with CVE's

Gregg · February 10, 2023, 10:05pm

We have Windows client machines with software that we know is old but OpenVAS isn’t catching the problem.

I’m running the self compiled community edition. GSA is v21.4.3

For a specific example of our problem, we have machines with Mozilla Firefox 52.2.1 ESR (multiple vulnerabilities) - but OpenVAS isn’t finding it. The Target is configured to use SMB credentials with admin rights on the client machine. The Task is configured with the “Full and fast” scan config. The results of the scan show that SMB log in is successful.

I must have made some mistakes when configuring my scans. I’d appreciate any advice.

cfi · February 11, 2023, 9:20am

A few short suggestions:

Updating to the latest 22.4 releases as 21.4 and below are EOL (see Greenbone Community Edition 21.04: End of Life)
Making sure that the installation is build with https://github.com/greenbone/openvas-smb
Checking all other points listed on Hint: Verify target configuration / access for authenticated (LSC) scans

Gregg · February 22, 2023, 9:28pm

First of all, I would like to congratulate everyone who worked on making the installation and instructions that I followed on the greenbone.github.io website. Amazingly easy to follow.

It was with some trepidation that I wiped out our EOL installation of OpenVAS. We had put a lot of work into making LDAP connect to Active Directory and configuring our scanning targets and alerts. It would be nice if the installation instructions gave us a way to migrate those. I still haven’t managed to get them working again.

Anyway, following those instructions took care of #1 and #2 of your short suggestions. Your #3 suggestion is a bit more difficult. The page that you linked no longer functions correctly. Many of the links on that page are broken (404). However, I believe that your 3rd suggestion is also satisfied because:

“SMB log in” shows: "It was possible to log into the remote host using the SMB protocol.
among other things, OpenVas logged “Detected Mozilla Firefox ESR Version: 52.2.1”

So I’m still stuck wondering why such an old and vulnerable version of ESR didn’t trigger a High Severity result.

bricks · February 23, 2023, 7:03am

Thanks a lot for the nice words. We put a lot of energy into it to keep it up-to-date and functional. Please always let me know if some things can still be improved.

I’ve tried to fix the URLs to link to the latest appliance docs. @cfi could you check if the links are correct now?

Gregg · February 23, 2023, 2:17pm

Thanks for fixing those links. There are quite a few things that we’ll need to change on our workstations. I’ll have to try creating a group policy to do the work for me.

In the meantime, I manually made a few changes on a test client machine - and GSA is triggering High Severity alerts on ESR now! Yay!

Thank you @cfi and @bricks

cfi · February 23, 2023, 4:37pm

LGTM, thanks for the updates.