-
Notifications
You must be signed in to change notification settings - Fork 1.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Windows build number not detected properly #23275
Comments
Hello @andonovski ! It happens that the NVD isn't specific about the Windows Server 2022 version affected https://nvd.nist.gov/vuln/detail/CVE-2023-36046 So the scanner considers that unless Soon, the new Wazuh v4.8.0 will be released (see issue #14156) and the vulnerability detector module will be able to handle this type of situations |
Hello,
Thanks for the reply.
So, works as intended, I didn't check the NVD link, I just checked es MS
one. Could have saved you a bit of time if I checked.
Good to know that future version will be able to handle these kind of
things.
Best regards,
Marjan
…On Mon, May 6, 2024, 17:00 Matias Pereyra ***@***.***> wrote:
Hello @andonovski <https://github.com/andonovski> !
It happens that the NVD isn't specific about the Windows Server 2022
version affected
https://nvd.nist.gov/vuln/detail/CVE-2023-36046
2024-05-06_10-01.png (view on web)
<https://github.com/wazuh/wazuh/assets/65046601/14045e22-83e4-4988-8a46-543e657ebdd4>
So the scanner considers that unless KB5032202 (or any equivalent update)
is installed, all Windows Server 2022 systems are vulnerable. The Wazuh
agent collects properly the 22H2 version field but the vulnerability
content has to be fixed.
Soon, the new Wazuh v4.8.0 will be released (see issue #14156
<#14156>) and the vulnerability
detector module will be able to handle this type of situations
—
Reply to this email directly, view it on GitHub
<#23275 (comment)>, or
unsubscribe
<https://github.com/notifications/unsubscribe-auth/ASPGAGTIN4L4UOVUM4CCYEDZA6LJDAVCNFSM6AAAAABHH5CJ62VHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDAOJWGI2DEOBQGQ>
.
You are receiving this because you were mentioned.Message ID:
***@***.***>
|
Thanks to you! Regards. |
Wazuh version 4.74 is installed using docker on Ubuntu server 22.04 LTS.
The issue is in Vulnerabilities for Windows Server 2022 22H2, build is 20348. Selecting any Windows Server 2022 22H2 shows CVE-2023-36046. Link for this CVE is https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36046, further going to KB link https://support.microsoft.com/en-us/topic/november-14-2023-kb5032202-os-build-25398-531-e1ee8019-47f8-4314-be67-32d4e48ac140.
As it can be seen, this CVE is only for Windows Server 2022 23H2, not for 22H2.
Now, my question is, is this a bug not properly detecting Windows build? Or is it just working this way, not detecting build number at all? Maybe something is wrong with my Wazuh configuration?
The text was updated successfully, but these errors were encountered: