cpe_helper alternative in Wazuh 4.8+
116 views
Skip to first unread message
John
Oct 28, 2024, 5:11:06 AM10/28/24
to Wazuh | Mailing List
Hello!
What's current way of extending detection capabilities of Wazuh 4.8+?
I see software in Inventory of Windows Servers that is definetely vulnerable, but wazuh is not reporing it.
Victor Carlos Erenu
Oct 28, 2024, 6:52:39 AM10/28/24
to Wazuh | Mailing List
Hello John
We don't have Extending Detection Capabilities with Vulnerability Detection in Wazuh 4.8+, but we can check which vulnerability it doesn't detect to see if we have any problems with the detection.
Could you tell me what software you have with vulnerabilities, its version and which CVE is the one that Wazuh is not detecting?
It should be noted that Wazuh compares the data of your software with our database to detect which installed software has declared vulnerabilities:
https://documentation.wazuh.com/current/compliance/nist/vulnerability-detection.html
We don't have Extending Detection Capabilities with Vulnerability Detection in Wazuh 4.8+, but we can check which vulnerability it doesn't detect to see if we have any problems with the detection.
Could you tell me what software you have with vulnerabilities, its version and which CVE is the one that Wazuh is not detecting?
It should be noted that Wazuh compares the data of your software with our database to detect which installed software has declared vulnerabilities:
https://documentation.wazuh.com/current/compliance/nist/vulnerability-detection.html
Regards
John
Oct 28, 2024, 8:04:01 AM10/28/24
to Wazuh | Mailing List
Got it. Let's start with this example:
Isaiah Daboh
Oct 29, 2024, 2:45:41 AM10/29/24
to Wazuh | Mailing List
Hello,
I have created an issue to further analyze this and fix the CVEs accordingly.
However, CVE-2023-31102 according to NVD, does not affect your host since the expected platform is Linux. CVE-2022-29072 will be investigated and you should be able to track the issue https://github.com/wazuh/wazuh/issues/26595.
Regards,
Openime Oniagbi
Nov 7, 2024, 9:14:49 AM11/7/24
to Wazuh | Mailing List
Hello John,
We have resolved the issues with CVE-2022-29072 and CVE-2023-31102, and both updates should be available from tomorrow. All you need to do is restart the Wazuh manager to force the feed update and rescan the affected endpoints. If you have any other CVEs like this, please report them so we can resolve them as quickly as possible. Thank you.
John
Nov 8, 2024, 8:04:04 AM11/8/24
to Wazuh | Mailing List
I can confirm that CVE-2022-29072 is now reported correctly on Windows machine. Thank you for the fix!
I'll post other findings, but not just now.
j885...@gmail.com
Dec 9, 2025, 8:29:56 AM (8 days ago) Dec 9
to Wazuh | Mailing List
New findings. These software packages are detected by Wazuh Inventory but corresponding CVEs are not:
1)
Package Name: Adobe Reader 9.1 - Russian
Package Version: 9.1.0
Package Vendor: Adobe Systems Incorporated
2)
Package Name: Adobe Acrobat XI Standard
Package Version: 11.0.23
Package Vendor: Adobe Systems
Similarly the following are not matched to CVEs:
Package Name: Adobe Reader XI (11.0.11) - Russian
Package Version: 11.0.11
Package Vendor: Adobe Systems Incorporated
Package Name: Adobe Reader XI (11.0.12) - Russian
Package Version: 10.1.0
Package Vendor: Adobe Systems Incorporated
Package Name: Adobe Reader XI (11.0.23) - Russian
Package Version: 11.0.23
Package Vendor: Adobe Systems Incorporated
Package Name: Adobe Reader X (10.1.0) - Russian
Package Version: 10.1.0
Package Vendor: Adobe Systems Incorporated
j885...@gmail.com
Dec 9, 2025, 8:46:19 AM (8 days ago) Dec 9
to Wazuh | Mailing List
Also
Package Name: WinRAR 5.40 (64-bit)
Package Version: 5.40.0
Package Vendor: win.rar GmbH
John Ackley
Dec 16, 2025, 5:55:21 AM (yesterday) Dec 16
to Wazuh | Mailing List
Kind reminder
Reply all
Reply to author
Forward
0 new messages