CVE-2022-0847 is not reported by vulnerability-detector

[Kostiantyn]

Hi guys,

Few of my instances have linux-image-5.8.0-1042-aws installed and CVE-2020-35501 is reported for them by vulnerability-detector.

I cannot understand why https://nvd.nist.gov/vuln/detail/CVE-2022-0847 is not reported for the same outdated package.

Is there any way to find/debug why it was not reported?

I have Wazuh 4.2.2 running in my environment.

Thank you!

[Matias Pereyra]

Hi!

Sometimes, the vulnerability detector discards some CVEs after correlating the vendor feed against the NVD. There are many factors involved, like the agent's OS, the generated CPE, etc.

The details of the scan can be seen if you enable the debug logs. Please, add wazuh_modules.debug=2  to the /var/ossec/etc/local_internal_options.conf file to enable the debug logs for vulnerability detector. Also, reduce the <ignore_time> setting in ossec.conf temporarily, because if these packages were recently analyzed they will be ignored in the next scan.

Then, wait for the interval time to expire (or restart your manager if run_on_start is enabled for vulnerability detector) and make sure this particular agent is connected at the moment of the scan. The resulting ossec.log file will be considerably long, share the whole file or only the section related to this agent.

This way, we can know why it's reporting CVE-2020-35501 and not CVE-2022-0847.
Regards.