Vulnerability CVE-2022-31676 not detected
212 views
Skip to first unread message
Adv Suscripciones
Sep 9, 2022, 7:31:27 AM9/9/22
to Wazuh mailing list
Hi,
My server has VMware Tools 10.1.5 installed, and it has the vulnerability CVE-2022-31676.
I modified the cpe_helper.json file with the translation for the vmware tools software, but i get the
CVE-2018-6969 vulnerability on wazuh but not the CVE-2022-31676.
The nvd database is up to date.
what could it be?
i paste here the vmware tools entry from my CPE_HELPER file and I attached a screenshot from my wazuh vulnerability scan result of that server.
{
"target": "windows",
"source": {
"vendor": [
"^VMware"
],
"product": [
"^VMware Tools"
],
"version": []
},
"translation": {
"vendor": [
"vmware"
],
"product": [
"tools"
],
"version": []
},
"action": [
"replace_vendor",
"replace_product"
]
}
"target": "windows",
"source": {
"vendor": [
"^VMware"
],
"product": [
"^VMware Tools"
],
"version": []
},
"translation": {
"vendor": [
"vmware"
],
"product": [
"tools"
],
"version": []
},
"action": [
"replace_vendor",
"replace_product"
]
}
Federico Gustavo Galland
Sep 9, 2022, 11:50:21 AM9/9/22
to Wazuh mailing list
Hi There,
There is already a VMware vendor block within the default cpe_helper.json. If you need to add the Tools package you can do it like so:
{
"target": "windows",
"source": {
"vendor": [
"^VMware"
],
"product": [
"target": "windows",
"source": {
"vendor": [
"^VMware"
],
"product": [
"^VMware Workstation$",
"^VMware Player$",
"^VMware Tools$",
"test_entry"
"^VMware Player$",
"^VMware Tools$",
"test_entry"
],
"version": []
},
"translation": {
"vendor": [
"vmware"
],
"product": [
[
"workstation",
"workstation_pro (version >= 12.0.0)"
],
[
"workstation_player (version >= 12.0.0)",
"workstation (version >= 12.0.0)",
"player (version < 12.0.0)"
],
"tools",
"test_entry_translation"
"workstation",
"workstation_pro (version >= 12.0.0)"
],
[
"workstation_player (version >= 12.0.0)",
"workstation (version >= 12.0.0)",
"player (version < 12.0.0)"
],
"tools",
"test_entry_translation"
],
"version": []
},
"action": [
"replace_vendor",
"replace_product_if_matches"
]
},
]
},
Please check if you do get the proper alert after the changes.
Adv Suscripciones
Sep 11, 2022, 10:00:21 AM9/11/22
to Wazuh mailing list
I changed it and I'm getting the same result.
I should get the CVE-2022-31676 using that version of vmware tools, right? What am i doing wrong?
I forced a full scan, but it just shows 1 vulnerability.
Adv Suscripciones
Sep 12, 2022, 2:51:02 AM9/12/22
to Wazuh mailing list
I think it should show the vulnerability CVE-2022-31676, right?
It just shows the
CVE-2018-6969.
My server has this Vmware tools version:
Name: VMware Tools
Architecture: x86_64
Version: 10.1.5.5055683
Vendor: VMware, Inc.
This is the vmware block within my cpe_helper.json:
Adv Suscripciones
Sep 13, 2022, 2:42:29 AM9/13/22
to Wazuh mailing list
Is there something i can do to solve the problem?
Federico Gustavo Galland
Sep 20, 2022, 12:02:43 PM9/20/22
to Adv Suscripciones, Wazuh mailing list
Hi there,
Unfortunately it's hard for me to replicate this without a VMWare license, but I'll dig into the possibility of the check never being run with my team and get back to you.
Regards,
Fede
--
You received this message because you are subscribed to a topic in the Google Groups "Wazuh mailing list" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/wazuh/66xBf4WqPZQ/unsubscribe.
To unsubscribe from this group and all its topics, send an email to wazuh+un...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/wazuh/7f793597-4299-42b2-9815-e6ffcd85df9en%40googlegroups.com.
 |
|
+1 (844) 349 2984
wazuh.com
federico...@wazuh.com
f-gallandAdv Suscripciones
Sep 21, 2022, 3:15:03 AM9/21/22
to Wazuh mailing list
Hi,
Ok, but you can do it with the free license of vmware.
Adv Suscripciones
Sep 22, 2022, 6:38:43 AM9/22/22
to Wazuh mailing list
It seems like it doesn't check the CVE for the windows version of vmware tools ?
This is what i see on the ossec.log:
root@soc:/var/ossec/nvdfeed# cat /var/ossec/logs/ossec.log | grep "CVE-2022-31676"
2022/09/22 00:33:09 wazuh-modulesd:vulnerability-detector[686467] wm_vuln_detector.c:2323 at wm_vuldet_linux_oval_vulnerabilities(): DEBUG: (5460): Package 'open-vm-tools' not vulnerable to 'CVE-2022-31676'. Version (2:11.3.0-2ubuntu0~ubuntu20.04.3) not 'less than' '2:11.3.0-2ubuntu0~ubuntu20.04.3' (feed 'OVAL').
2022/09/22 00:33:11 wazuh-modulesd:vulnerability-detector[686467] wm_vuln_detector_nvd.c:2623 at wm_vuldet_check_generic_package(): DEBUG: (5458): Package 'linux_kernel' inserted into the vulnerability 'CVE-2022-31676'. Version (5.4.0) 'equals' '*' (feed 'NVD').
2022/09/22 00:33:42 wazuh-modulesd:vulnerability-detector[686467] wm_vuln_detector.c:1967 at wm_vuldet_linux_rm_nvd_not_dependencies_met_packages(): DEBUG: (5463): Package 'linux_kernel' not vulnerable to 'CVE-2022-31676' since it don't meet its 'sibling' dependency on package with ID '832289'
2022/09/22 07:36:22 wazuh-modulesd:vulnerability-detector[686467] wm_vuln_detector_nvd.c:2623 at wm_vuldet_check_generic_package(): DEBUG: (5458): Package 'linux_kernel' inserted into the vulnerability 'CVE-2022-31676'. Version (4.12.14) 'equals' '*' (feed 'NVD').
2022/09/22 07:36:22 wazuh-modulesd:vulnerability-detector[686467] wm_vuln_detector.c:1967 at wm_vuldet_linux_rm_nvd_not_dependencies_met_packages(): DEBUG: (5463): Package 'linux_kernel' not vulnerable to 'CVE-2022-31676' since it don't meet its 'sibling' dependency on package with ID '832289'
2022/09/22 07:36:40 wazuh-modulesd:vulnerability-detector[686467] wm_vuln_detector.c:2323 at wm_vuldet_linux_oval_vulnerabilities(): DEBUG: (5460): Package 'open-vm-tools' not vulnerable to 'CVE-2022-31676'. Version (11.0.5-3.el7_9.3) not 'less than' '11.0.5-3.el7_9.4' (feed 'OVAL').
2022/09/22 07:36:40 wazuh-modulesd:vulnerability-detector[686467] wm_vuln_detector.c:2323 at wm_vuldet_linux_oval_vulnerabilities(): DEBUG: (5460): Package 'open-vm-tools-desktop' not vulnerable to 'CVE-2022-31676'. Version (11.0.5-3.el7_9.3) not 'less than' '11.0.5-3.el7_9.4' (feed 'OVAL').
2022/09/22 07:36:41 wazuh-modulesd:vulnerability-detector[686467] wm_vuln_detector_nvd.c:2623 at wm_vuldet_check_generic_package(): DEBUG: (5458): Package 'linux_kernel' inserted into the vulnerability 'CVE-2022-31676'. Version (3.10.0) 'equals' '*' (feed 'NVD').
2022/09/22 07:45:04 wazuh-modulesd:vulnerability-detector[686467] wm_vuln_detector.c:1967 at wm_vuldet_linux_rm_nvd_not_dependencies_met_packages(): DEBUG: (5463): Package 'linux_kernel' not vulnerable to 'CVE-2022-31676' since it don't meet its 'sibling' dependency on package with ID '832289'
2022/09/22 07:53:19 wazuh-modulesd:vulnerability-detector[686467] wm_vuln_detector_nvd.c:2623 at wm_vuldet_check_generic_package(): DEBUG: (5458): Package 'linux_kernel' inserted into the vulnerability 'CVE-2022-31676'. Version (3.10.0) 'equals' '*' (feed 'NVD').
2022/09/22 07:58:02 wazuh-modulesd:vulnerability-detector[686467] wm_vuln_detector.c:1967 at wm_vuldet_linux_rm_nvd_not_dependencies_met_packages(): DEBUG: (5463): Package 'linux_kernel' not vulnerable to 'CVE-2022-31676' since it don't meet its 'sibling' dependency on package with ID '832289'
2022/09/22 11:27:02 wazuh-modulesd:vulnerability-detector[751972] wm_vuln_detector_nvd.c:2623 at wm_vuldet_check_generic_package(): DEBUG: (5458): Package 'linux_kernel' inserted into the vulnerability 'CVE-2022-31676'. Version (3.0.101) 'equals' '*' (feed 'NVD').
2022/09/22 11:27:03 wazuh-modulesd:vulnerability-detector[751972] wm_vuln_detector.c:1967 at wm_vuldet_linux_rm_nvd_not_dependencies_met_packages(): DEBUG: (5463): Package 'linux_kernel' not vulnerable to 'CVE-2022-31676' since it don't meet its 'sibling' dependency on package with ID '2013915'
2022/09/22 11:30:07 wazuh-modulesd:vulnerability-detector[751972] wm_vuln_detector_nvd.c:2623 at wm_vuldet_check_generic_package(): DEBUG: (5458): Package 'linux_kernel' inserted into the vulnerability 'CVE-2022-31676'. Version (4.12.14) 'equals' '*' (feed 'NVD').
2022/09/22 11:30:08 wazuh-modulesd:vulnerability-detector[751972] wm_vuln_detector.c:1967 at wm_vuldet_linux_rm_nvd_not_dependencies_met_packages(): DEBUG: (5463): Package 'linux_kernel' not vulnerable to 'CVE-2022-31676' since it don't meet its 'sibling' dependency on package with ID '2013915'
2022/09/22 11:30:44 wazuh-modulesd:vulnerability-detector[751972] wm_vuln_detector.c:2323 at wm_vuldet_linux_oval_vulnerabilities(): DEBUG: (5460): Package 'open-vm-tools' not vulnerable to 'CVE-2022-31676'. Version (11.0.5-3.el7_9.3) not 'less than' '11.0.5-3.el7_9.4' (feed 'OVAL').
2022/09/22 11:30:44 wazuh-modulesd:vulnerability-detector[751972] wm_vuln_detector.c:2323 at wm_vuldet_linux_oval_vulnerabilities(): DEBUG: (5460): Package 'open-vm-tools-desktop' not vulnerable to 'CVE-2022-31676'. Version (11.0.5-3.el7_9.3) not 'less than' '11.0.5-3.el7_9.4' (feed 'OVAL').
2022/09/22 11:30:46 wazuh-modulesd:vulnerability-detector[751972] wm_vuln_detector_nvd.c:2623 at wm_vuldet_check_generic_package(): DEBUG: (5458): Package 'linux_kernel' inserted into the vulnerability 'CVE-2022-31676'. Version (3.10.0) 'equals' '*' (feed 'NVD').
2022/09/22 11:50:00 wazuh-modulesd:vulnerability-detector[754049] wm_vuln_detector.c:2323 at wm_vuldet_linux_oval_vulnerabilities(): DEBUG: (5460): Package 'open-vm-tools' not vulnerable to 'CVE-2022-31676'. Version (11.0.5-3.el7_9.3) not 'less than' '11.0.5-3.el7_9.4' (feed 'OVAL').
2022/09/22 11:50:00 wazuh-modulesd:vulnerability-detector[754049] wm_vuln_detector.c:2323 at wm_vuldet_linux_oval_vulnerabilities(): DEBUG: (5460): Package 'open-vm-tools-desktop' not vulnerable to 'CVE-2022-31676'. Version (11.0.5-3.el7_9.3) not 'less than' '11.0.5-3.el7_9.4' (feed 'OVAL').
2022/09/22 11:50:01 wazuh-modulesd:vulnerability-detector[754049] wm_vuln_detector_nvd.c:2623 at wm_vuldet_check_generic_package(): DEBUG: (5458): Package 'linux_kernel' inserted into the vulnerability 'CVE-2022-31676'. Version (3.10.0) 'equals' '*' (feed 'NVD').
2022/09/22 11:59:07 wazuh-modulesd:vulnerability-detector[754049] wm_vuln_detector.c:1967 at wm_vuldet_linux_rm_nvd_not_dependencies_met_packages(): DEBUG: (5463): Package 'linux_kernel' not vulnerable to 'CVE-2022-31676' since it don't meet its 'sibling' dependency on package with ID '80104'
2022/09/22 12:31:36 wazuh-modulesd:vulnerability-detector[762794] wm_vuln_detector.c:2323 at wm_vuldet_linux_oval_vulnerabilities(): DEBUG: (5460): Package 'open-vm-tools' not vulnerable to 'CVE-2022-31676'. Version (11.0.5-3.el7_9.3) not 'less than' '11.0.5-3.el7_9.4' (feed 'OVAL').
2022/09/22 12:31:36 wazuh-modulesd:vulnerability-detector[762794] wm_vuln_detector.c:2323 at wm_vuldet_linux_oval_vulnerabilities(): DEBUG: (5460): Package 'open-vm-tools-desktop' not vulnerable to 'CVE-2022-31676'. Version (11.0.5-3.el7_9.3) not 'less than' '11.0.5-3.el7_9.4' (feed 'OVAL').
2022/09/22 12:31:37 wazuh-modulesd:vulnerability-detector[762794] wm_vuln_detector_nvd.c:2623 at wm_vuldet_check_generic_package(): DEBUG: (5458): Package 'linux_kernel' inserted into the vulnerability 'CVE-2022-31676'. Version (3.10.0) 'equals' '*' (feed 'NVD').
2022/09/22 00:33:09 wazuh-modulesd:vulnerability-detector[686467] wm_vuln_detector.c:2323 at wm_vuldet_linux_oval_vulnerabilities(): DEBUG: (5460): Package 'open-vm-tools' not vulnerable to 'CVE-2022-31676'. Version (2:11.3.0-2ubuntu0~ubuntu20.04.3) not 'less than' '2:11.3.0-2ubuntu0~ubuntu20.04.3' (feed 'OVAL').
2022/09/22 00:33:11 wazuh-modulesd:vulnerability-detector[686467] wm_vuln_detector_nvd.c:2623 at wm_vuldet_check_generic_package(): DEBUG: (5458): Package 'linux_kernel' inserted into the vulnerability 'CVE-2022-31676'. Version (5.4.0) 'equals' '*' (feed 'NVD').
2022/09/22 00:33:42 wazuh-modulesd:vulnerability-detector[686467] wm_vuln_detector.c:1967 at wm_vuldet_linux_rm_nvd_not_dependencies_met_packages(): DEBUG: (5463): Package 'linux_kernel' not vulnerable to 'CVE-2022-31676' since it don't meet its 'sibling' dependency on package with ID '832289'
2022/09/22 07:36:22 wazuh-modulesd:vulnerability-detector[686467] wm_vuln_detector_nvd.c:2623 at wm_vuldet_check_generic_package(): DEBUG: (5458): Package 'linux_kernel' inserted into the vulnerability 'CVE-2022-31676'. Version (4.12.14) 'equals' '*' (feed 'NVD').
2022/09/22 07:36:22 wazuh-modulesd:vulnerability-detector[686467] wm_vuln_detector.c:1967 at wm_vuldet_linux_rm_nvd_not_dependencies_met_packages(): DEBUG: (5463): Package 'linux_kernel' not vulnerable to 'CVE-2022-31676' since it don't meet its 'sibling' dependency on package with ID '832289'
2022/09/22 07:36:40 wazuh-modulesd:vulnerability-detector[686467] wm_vuln_detector.c:2323 at wm_vuldet_linux_oval_vulnerabilities(): DEBUG: (5460): Package 'open-vm-tools' not vulnerable to 'CVE-2022-31676'. Version (11.0.5-3.el7_9.3) not 'less than' '11.0.5-3.el7_9.4' (feed 'OVAL').
2022/09/22 07:36:40 wazuh-modulesd:vulnerability-detector[686467] wm_vuln_detector.c:2323 at wm_vuldet_linux_oval_vulnerabilities(): DEBUG: (5460): Package 'open-vm-tools-desktop' not vulnerable to 'CVE-2022-31676'. Version (11.0.5-3.el7_9.3) not 'less than' '11.0.5-3.el7_9.4' (feed 'OVAL').
2022/09/22 07:36:41 wazuh-modulesd:vulnerability-detector[686467] wm_vuln_detector_nvd.c:2623 at wm_vuldet_check_generic_package(): DEBUG: (5458): Package 'linux_kernel' inserted into the vulnerability 'CVE-2022-31676'. Version (3.10.0) 'equals' '*' (feed 'NVD').
2022/09/22 07:45:04 wazuh-modulesd:vulnerability-detector[686467] wm_vuln_detector.c:1967 at wm_vuldet_linux_rm_nvd_not_dependencies_met_packages(): DEBUG: (5463): Package 'linux_kernel' not vulnerable to 'CVE-2022-31676' since it don't meet its 'sibling' dependency on package with ID '832289'
2022/09/22 07:53:19 wazuh-modulesd:vulnerability-detector[686467] wm_vuln_detector_nvd.c:2623 at wm_vuldet_check_generic_package(): DEBUG: (5458): Package 'linux_kernel' inserted into the vulnerability 'CVE-2022-31676'. Version (3.10.0) 'equals' '*' (feed 'NVD').
2022/09/22 07:58:02 wazuh-modulesd:vulnerability-detector[686467] wm_vuln_detector.c:1967 at wm_vuldet_linux_rm_nvd_not_dependencies_met_packages(): DEBUG: (5463): Package 'linux_kernel' not vulnerable to 'CVE-2022-31676' since it don't meet its 'sibling' dependency on package with ID '832289'
2022/09/22 11:27:02 wazuh-modulesd:vulnerability-detector[751972] wm_vuln_detector_nvd.c:2623 at wm_vuldet_check_generic_package(): DEBUG: (5458): Package 'linux_kernel' inserted into the vulnerability 'CVE-2022-31676'. Version (3.0.101) 'equals' '*' (feed 'NVD').
2022/09/22 11:27:03 wazuh-modulesd:vulnerability-detector[751972] wm_vuln_detector.c:1967 at wm_vuldet_linux_rm_nvd_not_dependencies_met_packages(): DEBUG: (5463): Package 'linux_kernel' not vulnerable to 'CVE-2022-31676' since it don't meet its 'sibling' dependency on package with ID '2013915'
2022/09/22 11:30:07 wazuh-modulesd:vulnerability-detector[751972] wm_vuln_detector_nvd.c:2623 at wm_vuldet_check_generic_package(): DEBUG: (5458): Package 'linux_kernel' inserted into the vulnerability 'CVE-2022-31676'. Version (4.12.14) 'equals' '*' (feed 'NVD').
2022/09/22 11:30:08 wazuh-modulesd:vulnerability-detector[751972] wm_vuln_detector.c:1967 at wm_vuldet_linux_rm_nvd_not_dependencies_met_packages(): DEBUG: (5463): Package 'linux_kernel' not vulnerable to 'CVE-2022-31676' since it don't meet its 'sibling' dependency on package with ID '2013915'
2022/09/22 11:30:44 wazuh-modulesd:vulnerability-detector[751972] wm_vuln_detector.c:2323 at wm_vuldet_linux_oval_vulnerabilities(): DEBUG: (5460): Package 'open-vm-tools' not vulnerable to 'CVE-2022-31676'. Version (11.0.5-3.el7_9.3) not 'less than' '11.0.5-3.el7_9.4' (feed 'OVAL').
2022/09/22 11:30:44 wazuh-modulesd:vulnerability-detector[751972] wm_vuln_detector.c:2323 at wm_vuldet_linux_oval_vulnerabilities(): DEBUG: (5460): Package 'open-vm-tools-desktop' not vulnerable to 'CVE-2022-31676'. Version (11.0.5-3.el7_9.3) not 'less than' '11.0.5-3.el7_9.4' (feed 'OVAL').
2022/09/22 11:30:46 wazuh-modulesd:vulnerability-detector[751972] wm_vuln_detector_nvd.c:2623 at wm_vuldet_check_generic_package(): DEBUG: (5458): Package 'linux_kernel' inserted into the vulnerability 'CVE-2022-31676'. Version (3.10.0) 'equals' '*' (feed 'NVD').
2022/09/22 11:50:00 wazuh-modulesd:vulnerability-detector[754049] wm_vuln_detector.c:2323 at wm_vuldet_linux_oval_vulnerabilities(): DEBUG: (5460): Package 'open-vm-tools' not vulnerable to 'CVE-2022-31676'. Version (11.0.5-3.el7_9.3) not 'less than' '11.0.5-3.el7_9.4' (feed 'OVAL').
2022/09/22 11:50:00 wazuh-modulesd:vulnerability-detector[754049] wm_vuln_detector.c:2323 at wm_vuldet_linux_oval_vulnerabilities(): DEBUG: (5460): Package 'open-vm-tools-desktop' not vulnerable to 'CVE-2022-31676'. Version (11.0.5-3.el7_9.3) not 'less than' '11.0.5-3.el7_9.4' (feed 'OVAL').
2022/09/22 11:50:01 wazuh-modulesd:vulnerability-detector[754049] wm_vuln_detector_nvd.c:2623 at wm_vuldet_check_generic_package(): DEBUG: (5458): Package 'linux_kernel' inserted into the vulnerability 'CVE-2022-31676'. Version (3.10.0) 'equals' '*' (feed 'NVD').
2022/09/22 11:59:07 wazuh-modulesd:vulnerability-detector[754049] wm_vuln_detector.c:1967 at wm_vuldet_linux_rm_nvd_not_dependencies_met_packages(): DEBUG: (5463): Package 'linux_kernel' not vulnerable to 'CVE-2022-31676' since it don't meet its 'sibling' dependency on package with ID '80104'
2022/09/22 12:31:36 wazuh-modulesd:vulnerability-detector[762794] wm_vuln_detector.c:2323 at wm_vuldet_linux_oval_vulnerabilities(): DEBUG: (5460): Package 'open-vm-tools' not vulnerable to 'CVE-2022-31676'. Version (11.0.5-3.el7_9.3) not 'less than' '11.0.5-3.el7_9.4' (feed 'OVAL').
2022/09/22 12:31:36 wazuh-modulesd:vulnerability-detector[762794] wm_vuln_detector.c:2323 at wm_vuldet_linux_oval_vulnerabilities(): DEBUG: (5460): Package 'open-vm-tools-desktop' not vulnerable to 'CVE-2022-31676'. Version (11.0.5-3.el7_9.3) not 'less than' '11.0.5-3.el7_9.4' (feed 'OVAL').
2022/09/22 12:31:37 wazuh-modulesd:vulnerability-detector[762794] wm_vuln_detector_nvd.c:2623 at wm_vuldet_check_generic_package(): DEBUG: (5458): Package 'linux_kernel' inserted into the vulnerability 'CVE-2022-31676'. Version (3.10.0) 'equals' '*' (feed 'NVD').
German Sanchez
Sep 27, 2022, 10:15:51 AM9/27/22
to Wazuh mailing list
Hi, I think this is the problem you describe
Reply all
Reply to author
Forward
0 new messages