Vmware Tools vulnerability

German Sanchez

unread,

Sep 27, 2022, 3:19:08 AM9/27/22

to Wazuh mailing list

Hi, I´ve several servers with Vmware Tools 10.X, affected by CVE-2022-31676 , but Wazuh doesn´t recognize it, however appears another vulnerabilities like CVE-2018-6969

Vulnerability is -> https://nvd.nist.gov/vuln/detail/CVE-2022-31676

Any idea why it's not showing up?

Regards

Marcel Kemp

unread,

Sep 27, 2022, 8:27:10 AM9/27/22

to Wazuh mailing list

Hi Yercito,

Depending on the OS, there may be different situations:

In the case of Linux servers, Vulnerability Detector will check both the OVAL and the NVD to see if the vulnerability affects the OS. However, in the case where the OVAL indicates that the vulnerability does not affect the product in its repository, then it will not show the vulnerability because it is not vulnerable for that OS.

If it is this problem (Linux), share the agent's OS and the VMware package, so that we can tell you more accurately why the vulnerability is discarded.

In the case of Windows servers, there is a known issue with this type of vulnerabilities that causes them not to be detected correctly, specifically, vulnerabilities that contain a Windows system dependency (i.e. with a generic Windows CPE in the running on/with section).

For this reason, vulnerabilities that do not have any dependency (such as CVE-2018-6969) are correctly detected, while those with such a system dependency are not being detected (CVE-2022-31676).

The good news is that we are already working on this issue to fix it ASAP. Here is the Epic issue where you can see the progress:

- https://github.com/wazuh/wazuh/issues/10633

Sorry for the inconvenience.
If you have any questions, don't hesitate to ask.

German Sanchez

unread,

Sep 27, 2022, 10:13:54 AM9/27/22

to Wazuh mailing list

Hi Marcel, thanks for you answer. There is any temporary solution?

Regards

Marcel Kemp

unread,

Sep 28, 2022, 6:07:21 AM9/28/22

to Wazuh mailing list

Hi German,

Unfortunately, there is no temporary fix or workaround to detect these vulnerabilities in Windows agents, as it is a logical problem within the module... Sorry for that.

If you have any other questions, just ask.

Adv Suscripciones

unread,

Oct 5, 2022, 4:36:00 AM10/5/22

to Wazuh mailing list

And when is the solution expected to be released? there are a lot of vulnerabilities that aren't being detected...

Thank you.

Reply all

Reply to author

Forward