Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

openvas failing to import due to CVSS3 tags #30

Open
bruman opened this issue Aug 15, 2024 · 1 comment
Open

openvas failing to import due to CVSS3 tags #30

bruman opened this issue Aug 15, 2024 · 1 comment

Comments

@bruman
Copy link

bruman commented Aug 15, 2024

openvas Version 23.2.1
faraday community edition: 5.5.0
Running the community docker

I failing to import reports from openvas using the option to export reports from openvas community edition as xml

Looking at the logs i see the following when i try to import.

==> celery.log <==
[2024-08-15 14:28:55,653: ERROR/ForkPoolWorker-5] Could not create cvss2
Traceback (most recent call last):
  File "/usr/local/lib/python3.8/site-packages/faraday/server/api/modules/bulk_create.py", line 756, in set_cvss2
    cvss_instance = cvss.CVSS2(vs2)
  File "/usr/local/lib/python3.8/site-packages/cvss/cvss2.py", line 100, in __init__
    self.parse_vector()
  File "/usr/local/lib/python3.8/site-packages/cvss/cvss2.py", line 141, in parse_vector
    raise CVSS2MalformedError(
cvss.exceptions.CVSS2MalformedError: Unknown metric "CVSS" in field "CVSS:3.1"
[2024-08-15 14:28:55,674: ERROR/ForkPoolWorker-2] Could not create cvss2
Traceback (most recent call last):
  File "/usr/local/lib/python3.8/site-packages/faraday/server/api/modules/bulk_create.py", line 756, in set_cvss2
    cvss_instance = cvss.CVSS2(vs2)
  File "/usr/local/lib/python3.8/site-packages/cvss/cvss2.py", line 100, in __init__
    self.parse_vector()
  File "/usr/local/lib/python3.8/site-packages/cvss/cvss2.py", line 141, in parse_vector
    raise CVSS2MalformedError(
cvss.exceptions.CVSS2MalformedError: Unknown metric "CVSS" in field "CVSS:3.1"

when i run faraday-plugins process-report i see the following entries with cvss2 of "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"

{
    "name": "cpe:/a:ietf:transport_layer_security:1.3",
    "protocol": "tcp",
    "port": 8443,
    "status": "open",
    "version": "",
    "description": "",
    "credentials": [],
    "vulnerabilities": [
        {
            "name": "SSL/TLS: Report Vulnerable Cipher Suites for HTTPS",
            "desc": "This routine reports all SSL/TLS cipher suites accepted by a service where attack vectors exists only on HTTPS services. These rules are applied for the evaluation of the vulnerable cipher suites: - 64-bit block cipher 3DES vulnerable to the SWEET32 attack (CVE-2016-2183).",
            "severity": "high",
            "refs": [
                {
                    "name": "cpe:/a:ietf:transport_layer_security",
                    "type": "other"
                },
                {
                    "name": "SEVERITY NUMBER: 7.5",
                    "type": "other"
                },
                {
                    "name": "THREAT: High",
                    "type": "other"
                }
            ],
            "external_id": "OPENVAS-1.3.6.1.4.1.25623.1.0.108031",
            "type": "Vulnerability",
            "resolution": "The configuration of this services should be changed so that it does not accept the listed cipher suites anymore. Please see the references for more resources supporting you with this task.",
            "data": "\n\nid 5abd2194-5e6f-4550-9df2-ab6632322cb5",
            "custom_fields": {},
            "status": "open",
            "impact": {},
            "policyviolations": [],
            "cve": [],
            "cvss3": {},
            "cvss2": {
                "vector_string": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
            },
            "easeofresolution": null,
            "confirmed": false,
            "tags": [],
            "cwe": []
        },

the original xml looks like

       <result id="5abd2194-5e6f-4550-9df2-ab6632322cb5">
        <name>SSL/TLS: Report Vulnerable Cipher Suites for HTTPS</name>
        <owner>
          <name>admin</name>
        </owner>
        <modification_time>2024-08-09T22:50:21Z</modification_time>
        <comment/>
        <creation_time>2024-08-09T22:50:21Z</creation_time>
        <detection>
          <result id="52811c30-efb1-4e7a-ae89-1e171bc5d83d">
            <details>
              <detail>
                <name>product</name>
                <value>cpe:/a:ietf:transport_layer_security</value>
              </detail>
              <detail>
                <name>location</name>
                <value>8443/tcp</value>
              </detail>
              <detail>
                <name>source_oid</name>
                <value>1.3.6.1.4.1.25623.1.0.802067</value>
              </detail>
              <detail>
                <name>source_name</name>
                <value>SSL/TLS: Report Supported Cipher Suites</value>
              </detail>
            </details>
          </result>
        </detection>
        <host>1.1.1.1<asset asset_id="4a2957ed-1848-4f26-a498-9c587d3a7fe9"/><hostname>redacted.redacted.com</hostname></host>
        <port>8443/tcp</port>
        <nvt oid="1.3.6.1.4.1.25623.1.0.108031">
          <type>nvt</type>
          <name>SSL/TLS: Report Vulnerable Cipher Suites for HTTPS</name>
          <family>SSL and TLS</family>
          <cvss_base>7.5</cvss_base>
          <severities score="7.5">
            <severity type="cvss_base_v3">
              <origin>NVD</origin>
              <date>2022-07-28T11:27:00Z</date>
              <score>7.5</score>
              <value>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N</value>
            </severity>
          </severities>
          <tags>cvss_base_vector=CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N|summary=This routine reports all SSL/TLS cipher suites accepted by a service
  where attack vectors exists only on HTTPS services.|insight=These rules are applied for the evaluation of the vulnerable cipher suites:

  - 64-bit block cipher 3DES vulnerable to the SWEET32 attack (CVE-2016-2183).|affected=Services accepting vulnerable SSL/TLS cipher suites via HTTPS.|impact=|solution=The configuration of this services should be changed so
  that it does not accept the listed cipher suites anymore.

  Please see the references for more resources supporting you with this task.|vuldetect=|solution_type=Mitigation</tags>
          <solution type="Mitigation">The configuration of this services should be changed so
  that it does not accept the listed cipher suites anymore.

  Please see the references for more resources supporting you with this task.</solution>
          <refs>
            <ref type="cve" id="CVE-2016-2183"/>
            <ref type="cve" id="CVE-2016-6329"/>
            <ref type="cve" id="CVE-2020-12872"/>
            <ref type="url" id="https://bettercrypto.org/"/>
            <ref type="url" id="https://mozilla.github.io/server-side-tls/ssl-config-generator/"/>
            <ref type="url" id="https://sweet32.info/"/>
            <ref type="cert-bund" id="WID-SEC-2024-1277"/>
            <ref type="cert-bund" id="WID-SEC-2024-0209"/>
            <ref type="cert-bund" id="WID-SEC-2024-0064"/>
            <ref type="cert-bund" id="WID-SEC-2022-2226"/>
            <ref type="cert-bund" id="WID-SEC-2022-1955"/>
            <ref type="cert-bund" id="CB-K21/1094"/>
            <ref type="cert-bund" id="CB-K20/1023"/>
            <ref type="cert-bund" id="CB-K20/0321"/>
            <ref type="cert-bund" id="CB-K20/0314"/>
            <ref type="cert-bund" id="CB-K20/0157"/>
            <ref type="cert-bund" id="CB-K19/0618"/>
            <ref type="cert-bund" id="CB-K19/0615"/>
            <ref type="cert-bund" id="CB-K18/0296"/>
            <ref type="cert-bund" id="CB-K17/1980"/>
            <ref type="cert-bund" id="CB-K17/1871"/>
            <ref type="cert-bund" id="CB-K17/1803"/>
            <ref type="cert-bund" id="CB-K17/1753"/>
            <ref type="cert-bund" id="CB-K17/1750"/>
            <ref type="cert-bund" id="CB-K17/1709"/>
            <ref type="cert-bund" id="CB-K17/1558"/>
            <ref type="cert-bund" id="CB-K17/1273"/>
            <ref type="cert-bund" id="CB-K17/1202"/>
            <ref type="cert-bund" id="CB-K17/1196"/>
            <ref type="cert-bund" id="CB-K17/1055"/>
            <ref type="cert-bund" id="CB-K17/1026"/>
            <ref type="cert-bund" id="CB-K17/0939"/>
            <ref type="cert-bund" id="CB-K17/0917"/>
            <ref type="cert-bund" id="CB-K17/0915"/>
            <ref type="cert-bund" id="CB-K17/0877"/>
            <ref type="cert-bund" id="CB-K17/0796"/>
            <ref type="cert-bund" id="CB-K17/0724"/>
            <ref type="cert-bund" id="CB-K17/0661"/>
            <ref type="cert-bund" id="CB-K17/0657"/>
            <ref type="cert-bund" id="CB-K17/0582"/>
            <ref type="cert-bund" id="CB-K17/0581"/>
            <ref type="cert-bund" id="CB-K17/0506"/>
            <ref type="cert-bund" id="CB-K17/0504"/>
            <ref type="cert-bund" id="CB-K17/0467"/>
            <ref type="cert-bund" id="CB-K17/0345"/>
            <ref type="cert-bund" id="CB-K17/0098"/>
            <ref type="cert-bund" id="CB-K17/0089"/>
            <ref type="cert-bund" id="CB-K17/0086"/>
            <ref type="cert-bund" id="CB-K17/0082"/>
            <ref type="cert-bund" id="CB-K16/1837"/>
            <ref type="cert-bund" id="CB-K16/1830"/>
            <ref type="cert-bund" id="CB-K16/1635"/>
            <ref type="cert-bund" id="CB-K16/1630"/>
            <ref type="cert-bund" id="CB-K16/1624"/>
            <ref type="cert-bund" id="CB-K16/1622"/>
            <ref type="cert-bund" id="CB-K16/1500"/>
            <ref type="cert-bund" id="CB-K16/1465"/>
            <ref type="cert-bund" id="CB-K16/1307"/>
            <ref type="cert-bund" id="CB-K16/1296"/>
            <ref type="dfn-cert" id="DFN-CERT-2021-1618"/>
            <ref type="dfn-cert" id="DFN-CERT-2021-0775"/>
            <ref type="dfn-cert" id="DFN-CERT-2021-0770"/>
            <ref type="dfn-cert" id="DFN-CERT-2021-0274"/>
            <ref type="dfn-cert" id="DFN-CERT-2020-2141"/>
            <ref type="dfn-cert" id="DFN-CERT-2020-0368"/>
            <ref type="dfn-cert" id="DFN-CERT-2019-1455"/>
            <ref type="dfn-cert" id="DFN-CERT-2019-0068"/>
            <ref type="dfn-cert" id="DFN-CERT-2018-1296"/>
            <ref type="dfn-cert" id="DFN-CERT-2018-0323"/>
            <ref type="dfn-cert" id="DFN-CERT-2017-2070"/>
            <ref type="dfn-cert" id="DFN-CERT-2017-1954"/>
            <ref type="dfn-cert" id="DFN-CERT-2017-1885"/>
            <ref type="dfn-cert" id="DFN-CERT-2017-1831"/>
            <ref type="dfn-cert" id="DFN-CERT-2017-1821"/>
            <ref type="dfn-cert" id="DFN-CERT-2017-1785"/>
            <ref type="dfn-cert" id="DFN-CERT-2017-1626"/>
            <ref type="dfn-cert" id="DFN-CERT-2017-1326"/>
            <ref type="dfn-cert" id="DFN-CERT-2017-1239"/>
            <ref type="dfn-cert" id="DFN-CERT-2017-1238"/>
            <ref type="dfn-cert" id="DFN-CERT-2017-1090"/>
            <ref type="dfn-cert" id="DFN-CERT-2017-1060"/>
            <ref type="dfn-cert" id="DFN-CERT-2017-0968"/>
            <ref type="dfn-cert" id="DFN-CERT-2017-0947"/>
            <ref type="dfn-cert" id="DFN-CERT-2017-0946"/>
            <ref type="dfn-cert" id="DFN-CERT-2017-0904"/>
            <ref type="dfn-cert" id="DFN-CERT-2017-0816"/>
            <ref type="dfn-cert" id="DFN-CERT-2017-0746"/>
            <ref type="dfn-cert" id="DFN-CERT-2017-0677"/>
            <ref type="dfn-cert" id="DFN-CERT-2017-0675"/>
            <ref type="dfn-cert" id="DFN-CERT-2017-0611"/>
            <ref type="dfn-cert" id="DFN-CERT-2017-0609"/>
            <ref type="dfn-cert" id="DFN-CERT-2017-0522"/>
            <ref type="dfn-cert" id="DFN-CERT-2017-0519"/>
            <ref type="dfn-cert" id="DFN-CERT-2017-0482"/>
            <ref type="dfn-cert" id="DFN-CERT-2017-0351"/>
            <ref type="dfn-cert" id="DFN-CERT-2017-0090"/>
            <ref type="dfn-cert" id="DFN-CERT-2017-0089"/>
            <ref type="dfn-cert" id="DFN-CERT-2017-0088"/>
            <ref type="dfn-cert" id="DFN-CERT-2017-0086"/>
            <ref type="dfn-cert" id="DFN-CERT-2016-1943"/>
            <ref type="dfn-cert" id="DFN-CERT-2016-1937"/>
            <ref type="dfn-cert" id="DFN-CERT-2016-1732"/>
            <ref type="dfn-cert" id="DFN-CERT-2016-1726"/>
            <ref type="dfn-cert" id="DFN-CERT-2016-1715"/>
            <ref type="dfn-cert" id="DFN-CERT-2016-1714"/>
            <ref type="dfn-cert" id="DFN-CERT-2016-1588"/>
            <ref type="dfn-cert" id="DFN-CERT-2016-1555"/>
            <ref type="dfn-cert" id="DFN-CERT-2016-1391"/>
            <ref type="dfn-cert" id="DFN-CERT-2016-1378"/>
          </refs>
        </nvt>
        <scan_nvt_version>2024-06-14T05:05:48Z</scan_nvt_version>
        <threat>High</threat>
        <severity>7.5</severity>
        <qod>
          <value>98</value>
          <type/>
        </qod>
        <description>'Vulnerable' cipher suites accepted by this service via the TLSv1.0 protocol:

TLS_RSA_WITH_3DES_EDE_CBC_SHA (SWEET32)


</description>
        <original_threat>High</original_threat>
        <original_severity>7.5</original_severity>
        <overrides>
          <override id="f4356011-97b8-4bbc-b0f9-960faf598b59">
            <permissions>
              <permission>
                <name>Everything</name>
              </permission>
            </permissions>
            <owner>
              <name>ian</name>
            </owner>
            <nvt oid="1.3.6.1.4.1.25623.1.0.108031">
              <name>SSL/TLS: Report Vulnerable Cipher Suites for HTTPS</name>
              <type>nvt</type>
            </nvt>
            <creation_time>2024-06-18T21:33:56Z</creation_time>
            <modification_time>2024-06-18T21:33:56Z</modification_time>
            <writable>1</writable>
            <in_use>0</in_use>
            <active>1</active>
            <text excerpt="0">Hubspot</text>
            <threat>Alarm</threat>
            <severity>0.1</severity>
            <new_threat>False Positive</new_threat>
            <new_severity>-1</new_severity>
            <orphan>0</orphan>
          </override>
        </overrides>
      </result>

so it looks like some logic needs to be added to detect CVSS3 and parse as CVSS3 verse 2?
@bruman
Copy link
Author

bruman commented Aug 15, 2024
edited
Loading

possible fix, not sure how you like pull requests for this project :)

diff --git a/faraday_plugins/plugins/repo/openvas/plugin.py b/faraday_plugins/plugins/repo/openvas/plugin.py
index 734551e..09f20e3 100644
--- a/faraday_plugins/plugins/repo/openvas/plugin.py
+++ b/faraday_plugins/plugins/repo/openvas/plugin.py
@@ -185,6 +185,7 @@ class Item:
         self.description = ''
         self.resolution = ''
         self.cvss_vector = ''
+        self.cvss3_vector = ''
         self.tags = self.get_text_from_subnode('tags')
         self.data = self.get_text_from_subnode('description')
         self.data += f'\n\nid {item_node.attrib.get("id")}'
@@ -192,7 +193,10 @@ class Item:
             tags_data = self.get_data_from_tags(self.tags)
             self.description = tags_data['description']
             self.resolution = tags_data['solution']
-            self.cvss_vector = tags_data['cvss_base_vector']
+            if "CVSS:3" in tags_data['cvss_base_vector']:
+                self.cvss3_vector = tags_data['cvss_base_vector']
+            else:
+                self.cvss_vector = tags_data['cvss_base_vector']
             if tags_data['impact']:
                 self.data += f'\n\nImpact: {tags_data["impact"]}'

@@ -347,6 +351,7 @@ class OpenvasPlugin(PluginXMLFormat):
                 ref = []
                 cve = []
                 cvss2 = {}
+                cvss3 = {}
                 if item.cve:
                     cves = item.cve.split(',')
                     for i in cves:
@@ -359,6 +364,8 @@ class OpenvasPlugin(PluginXMLFormat):
                     ref.append(item.xref)
                 if item.tags and item.cvss_vector:
                     cvss2["vector_string"] = item.cvss_vector
+                if item.tags and item.cvss3_vector:
+                    cvss3["vector_string"] = item.cvss3_vector
                 if item.cpe:
                     ref.append(f"{item.cpe}")
                 if item.severity_nr:
@@ -390,7 +397,8 @@ class OpenvasPlugin(PluginXMLFormat):
                             data=item.data,
                             cve=cve,
                             cwe=item.cwe,
-                            cvss2=cvss2
+                            cvss2=cvss2,
+                            cvss3=cvss3
                         )
                 else:
                     if item.service:
@@ -425,7 +433,8 @@ class OpenvasPlugin(PluginXMLFormat):
                                 data=item.data,
                                 cve=cve,
                                 cwe=item.cwe,
-                                cvss2=cvss2
+                                cvss2=cvss2,
+                                cvss3=cvss3
                             )
                     elif item.severity not in self.ignored_severities:
                         self.createAndAddVulnToService(
@@ -440,7 +449,8 @@ class OpenvasPlugin(PluginXMLFormat):
                             data=item.data,
                             cve=cve,
                             cwe=item.cwe,
-                            cvss2=cvss2
+                            cvss2=cvss2,
+                            cvss3=cvss3
                         )
         del parser

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@bruman