Please use this category only if you’re using the virtual GCE appliance (virtual machine) provided by Greenbone.
Before posting please read About the Greenbone Community Edition (GCE) VM.
I wanted to scan my DNS servers for the recently released CVE-2020-1350 but I noticed that the CVE database in OpenVAS will list the CVE but the Serverity, Complexity, Vector, etc all show N/A.
Why is that?
If I scan in this setting will it actually list the vulnerability in the results?
SecInfo -> CVEs view within the GSA isn’t related to the availability of VTs for a specific vulnerability.
This database is filled / updated by the “SCAP” feed shown in About GVM Architecture and is based on e.g. the data feed provided by https://nvd.nist.gov/vuln/data-feeds.
For this specific vulnerability the severity was assigned by the NVD yesterday:
There might be 1 or 2 days delay (depending on when this change is available in the NVD data feed), afterwards the severity will be shown instead of the
Generally it might be also possible (unrelated to this specific CVE) that a CVE is shown as
N/A for more then a few days or even a few weeks depending on when the NVD is doing the vulnerability analysis for a specific CVE. Such CVEs can be identified when browsing the related entry like https://nvd.nist.gov/vuln/detail/CVE-2020-1353. As long as the
Undergoing Analysis is shown there the CVE will show up with a
N/A severity within the GSA:
As a side note:
If you want to check for the availability of specific VTs to be used for a scan you need to check the
SecInfo -> NVTs item within the GSA.