CVE-2024-21404 and CVE-2024-21386 wrongfully detected
31 views
Skip to first unread message
Md. Nazmur Sakib
Dec 9, 2025, 7:32:07 AM (11 days ago) Dec 9
to Wazuh | Mailing List
Hello Daniel,
To evaluate this vulnerability, please share the following information from the vulnerability dashboard: OS version, package.name, package.version, and vulnerability.id
Also, share the syscollector information from the Manager.
From the Web interface, go to Dashboard
Go toServer management > Dev ToolsAnd run this commandGET /syscollector/010/packages?search=ASPReplace 010 with your agent ID
Looking forward to your update on this.
To evaluate this vulnerability, please share the following information from the vulnerability dashboard: OS version, package.name, package.version, and vulnerability.id
Also, share the syscollector information from the Manager.
From the Web interface, go to Dashboard
Go toServer management > Dev ToolsAnd run this commandGET /syscollector/010/packages?search=ASPReplace 010 with your agent ID
Looking forward to your update on this.
Daniel
Dec 11, 2025, 7:05:24 AM (9 days ago) Dec 11
to Wazuh | Mailing List
Hi,
here the info required:
{
"data": {
"affected_items": [
{
"scan": {
"id": 0,
"time": "2025-11-27T02:56:08+00:00"
},
"source": " ",
"priority": " ",
"format": "win",
"vendor": "Microsoft Corporation",
"architecture": "x86_64",
"description": " ",
"install_time": "2025-11-27T02:30:45+00:00",
"size": 0,
"location": " ",
"name": "Microsoft ASP.NET Core Module V2",
"section": " ",
"version": "18.0.25301.0",
"agent_id": "238"
},
{
"scan": {
"id": 0,
"time": "2025-11-27T02:56:08+00:00"
},
"source": " ",
"priority": " ",
"format": "win",
"vendor": "Microsoft Corporation",
"architecture": "x86_64",
"description": " ",
"install_time": "2025-11-27T02:30:53+00:00",
"size": 0,
"location": " ",
"name": "Microsoft ASP.NET Core 8.0.22 Shared Framework (x64)",
"section": " ",
"version": "8.0.22.25528",
"agent_id": "238"
},
{
"scan": {
"id": 0,
"time": "2025-11-27T02:56:08+00:00"
},
"source": " ",
"priority": " ",
"format": "win",
"vendor": "Microsoft Corporation",
"architecture": "i686",
"description": " ",
"install_time": "2025-11-27T02:30:42+00:00",
"size": 0,
"location": " ",
"name": "Microsoft ASP.NET Core 8.0.22 Hosting Bundle Options",
"section": " ",
"version": "8.0.22.25528",
"agent_id": "238"
},
{
"scan": {
"id": 0,
"time": "2025-11-27T02:56:15+00:00"
},
"source": " ",
"priority": " ",
"format": "win",
"vendor": "Microsoft Corporation",
"architecture": "i686",
"description": " ",
"install_time": "2025-11-27T02:30:54+00:00",
"size": 0,
"location": " ",
"name": "Microsoft ASP.NET Core 8.0.22 Shared Framework (x86)",
"section": " ",
"version": "8.0.22.25528",
"agent_id": "238"
},
{
"scan": {
"id": 0,
"time": "2025-12-04T02:02:06+00:00"
},
"source": " ",
"priority": " ",
"format": "win",
"vendor": "Microsoft Corporation",
"architecture": "x86_64",
"description": " ",
"install_time": "2025-12-04T02:00:24+00:00",
"size": 0,
"location": " ",
"name": "Microsoft ASP.NET Core 6.0.36 Shared Framework (x64)",
"section": " ",
"version": "6.0.36.24516",
"agent_id": "238"
},
{
"scan": {
"id": 0,
"time": "2025-12-04T02:02:09+00:00"
},
"source": " ",
"priority": " ",
"format": "win",
"vendor": "Microsoft Corporation",
"architecture": "i686",
"description": " ",
"install_time": "2025-12-04T02:00:11+00:00",
"size": 0,
"location": " ",
"name": "Microsoft ASP.NET Core 6.0.36 Hosting Bundle Options",
"section": " ",
"version": "6.0.36.24516",
"agent_id": "238"
},
{
"scan": {
"id": 0,
"time": "2025-12-04T02:02:09+00:00"
},
"source": " ",
"priority": " ",
"format": "win",
"vendor": "Microsoft Corporation",
"architecture": "i686",
"description": " ",
"install_time": "2025-12-04T02:00:26+00:00",
"size": 0,
"location": " ",
"name": "Microsoft ASP.NET Core 6.0.36 Shared Framework (x86)",
"section": " ",
"version": "6.0.36.24516",
"agent_id": "238"
},
{
"scan": {
"id": 0,
"time": "2025-12-04T12:03:32+00:00"
},
"source": " ",
"priority": " ",
"format": "win",
"vendor": "Microsoft Corporation",
"architecture": "x86_64",
"description": " ",
"install_time": "2023-08-28T01:00:00+00:00",
"size": 0,
"location": " ",
"name": "Microsoft ASP.NET Core 6.0.18 Shared Framework (x64)",
"section": " ",
"version": "6.0.18.23269",
"agent_id": "238"
},
{
"scan": {
"id": 0,
"time": "2025-12-04T12:03:32+00:00"
},
"source": " ",
"priority": " ",
"format": "win",
"vendor": "Microsoft Corporation",
"architecture": "i686",
"description": " ",
"install_time": "2025-12-04T11:34:04+00:00",
"size": 0,
"location": " ",
"name": "Microsoft ASP.NET Core 6.0.36 - Shared Framework (x86)",
"section": " ",
"version": "6.0.36.24516",
"agent_id": "238"
}
],
"total_affected_items": 9,
"total_failed_items": 0,
"failed_items": []
},
"message": "All specified syscollector information was returned",
"error": 0
}
I see that for some reason the sysinventory has ASP.NET 6.0.18, but this is the control panel from the VM:
Is it possible that the syscollector is not updating correctly?
Regards,
Daniel D.
Md. Nazmur Sakib
Dec 18, 2025, 4:44:19 AM (2 days ago) Dec 18
to Wazuh | Mailing List
Sorry for the late response, I was on holiday.
We can see the old package in the vulnerability details and the syscollector.
"scan": {
"id": 0,
"time": "2025-12-04T12:03:32+00:00"
},
"source": " ",
"priority": " ",
"format": "win",
"vendor": "Microsoft Corporation",
"architecture": "x86_64",
"description": " ",
"install_time": "2023-08-28T01:00:00+00:00",
"size": 0,
"location": " ",
"name": "Microsoft ASP.NET Core 6.0.18 Shared Framework (x64)",
"section": " ",
"version": "6.0.18.23269",
"agent_id": "238"
},You can run in PowerShell with administrative privilege and run this command to get the information.
Select-String -Path 'C:\Program Files (x86)\ossec-agent\ossec.log' -Pattern 'syscollector'
Also, you can check if there is any other version of the package installed on your endpoint, following this document.
https://learn.microsoft.com/en-us/dotnet/core/install/how-to-detect-installed-versions?pivots=os-windows
Let me know your findings on this.
Reply all
Reply to author
Forward
0 new messages