openvas failing to import due to CVSS3 tags #30
Description
openvas Version 23.2.1
faraday community edition: 5.5.0
Running the community docker
I failing to import reports from openvas using the option to export reports from openvas community edition as xml
Looking at the logs i see the following when i try to import.
==> celery.log <==
[2024-08-15 14:28:55,653: ERROR/ForkPoolWorker-5] Could not create cvss2
Traceback (most recent call last):
File "/usr/local/lib/python3.8/site-packages/faraday/server/api/modules/bulk_create.py", line 756, in set_cvss2
cvss_instance = cvss.CVSS2(vs2)
File "/usr/local/lib/python3.8/site-packages/cvss/cvss2.py", line 100, in __init__
self.parse_vector()
File "/usr/local/lib/python3.8/site-packages/cvss/cvss2.py", line 141, in parse_vector
raise CVSS2MalformedError(
cvss.exceptions.CVSS2MalformedError: Unknown metric "CVSS" in field "CVSS:3.1"
[2024-08-15 14:28:55,674: ERROR/ForkPoolWorker-2] Could not create cvss2
Traceback (most recent call last):
File "/usr/local/lib/python3.8/site-packages/faraday/server/api/modules/bulk_create.py", line 756, in set_cvss2
cvss_instance = cvss.CVSS2(vs2)
File "/usr/local/lib/python3.8/site-packages/cvss/cvss2.py", line 100, in __init__
self.parse_vector()
File "/usr/local/lib/python3.8/site-packages/cvss/cvss2.py", line 141, in parse_vector
raise CVSS2MalformedError(
cvss.exceptions.CVSS2MalformedError: Unknown metric "CVSS" in field "CVSS:3.1"
when i run faraday-plugins process-report i see the following entries with cvss2 of "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
{
"name": "cpe:/a:ietf:transport_layer_security:1.3",
"protocol": "tcp",
"port": 8443,
"status": "open",
"version": "",
"description": "",
"credentials": [],
"vulnerabilities": [
{
"name": "SSL/TLS: Report Vulnerable Cipher Suites for HTTPS",
"desc": "This routine reports all SSL/TLS cipher suites accepted by a service where attack vectors exists only on HTTPS services. These rules are applied for the evaluation of the vulnerable cipher suites: - 64-bit block cipher 3DES vulnerable to the SWEET32 attack (CVE-2016-2183).",
"severity": "high",
"refs": [
{
"name": "cpe:/a:ietf:transport_layer_security",
"type": "other"
},
{
"name": "SEVERITY NUMBER: 7.5",
"type": "other"
},
{
"name": "THREAT: High",
"type": "other"
}
],
"external_id": "OPENVAS-1.3.6.1.4.1.25623.1.0.108031",
"type": "Vulnerability",
"resolution": "The configuration of this services should be changed so that it does not accept the listed cipher suites anymore. Please see the references for more resources supporting you with this task.",
"data": "\n\nid 5abd2194-5e6f-4550-9df2-ab6632322cb5",
"custom_fields": {},
"status": "open",
"impact": {},
"policyviolations": [],
"cve": [],
"cvss3": {},
"cvss2": {
"vector_string": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
},
"easeofresolution": null,
"confirmed": false,
"tags": [],
"cwe": []
},
the original xml looks like
<result id="5abd2194-5e6f-4550-9df2-ab6632322cb5">
<name>SSL/TLS: Report Vulnerable Cipher Suites for HTTPS</name>
<owner>
<name>admin</name>
</owner>
<modification_time>2024-08-09T22:50:21Z</modification_time>
<comment/>
<creation_time>2024-08-09T22:50:21Z</creation_time>
<detection>
<result id="52811c30-efb1-4e7a-ae89-1e171bc5d83d">
<details>
<detail>
<name>product</name>
<value>cpe:/a:ietf:transport_layer_security</value>
</detail>
<detail>
<name>location</name>
<value>8443/tcp</value>
</detail>
<detail>
<name>source_oid</name>
<value>1.3.6.1.4.1.25623.1.0.802067</value>
</detail>
<detail>
<name>source_name</name>
<value>SSL/TLS: Report Supported Cipher Suites</value>
</detail>
</details>
</result>
</detection>
<host>1.1.1.1<asset asset_id="4a2957ed-1848-4f26-a498-9c587d3a7fe9"/><hostname>redacted.redacted.com</hostname></host>
<port>8443/tcp</port>
<nvt oid="1.3.6.1.4.1.25623.1.0.108031">
<type>nvt</type>
<name>SSL/TLS: Report Vulnerable Cipher Suites for HTTPS</name>
<family>SSL and TLS</family>
<cvss_base>7.5</cvss_base>
<severities score="7.5">
<severity type="cvss_base_v3">
<origin>NVD</origin>
<date>2022-07-28T11:27:00Z</date>
<score>7.5</score>
<value>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N</value>
</severity>
</severities>
<tags>cvss_base_vector=CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N|summary=This routine reports all SSL/TLS cipher suites accepted by a service
where attack vectors exists only on HTTPS services.|insight=These rules are applied for the evaluation of the vulnerable cipher suites:
- 64-bit block cipher 3DES vulnerable to the SWEET32 attack (CVE-2016-2183).|affected=Services accepting vulnerable SSL/TLS cipher suites via HTTPS.|impact=|solution=The configuration of this services should be changed so
that it does not accept the listed cipher suites anymore.
Please see the references for more resources supporting you with this task.|vuldetect=|solution_type=Mitigation</tags>
<solution type="Mitigation">The configuration of this services should be changed so
that it does not accept the listed cipher suites anymore.
Please see the references for more resources supporting you with this task.</solution>
<refs>
<ref type="cve" id="CVE-2016-2183"/>
<ref type="cve" id="CVE-2016-6329"/>
<ref type="cve" id="CVE-2020-12872"/>
<ref type="url" id="https://bettercrypto.org/"/>
<ref type="url" id="https://mozilla.github.io/server-side-tls/ssl-config-generator/"/>
<ref type="url" id="https://sweet32.info/"/>
<ref type="cert-bund" id="WID-SEC-2024-1277"/>
<ref type="cert-bund" id="WID-SEC-2024-0209"/>
<ref type="cert-bund" id="WID-SEC-2024-0064"/>
<ref type="cert-bund" id="WID-SEC-2022-2226"/>
<ref type="cert-bund" id="WID-SEC-2022-1955"/>
<ref type="cert-bund" id="CB-K21/1094"/>
<ref type="cert-bund" id="CB-K20/1023"/>
<ref type="cert-bund" id="CB-K20/0321"/>
<ref type="cert-bund" id="CB-K20/0314"/>
<ref type="cert-bund" id="CB-K20/0157"/>
<ref type="cert-bund" id="CB-K19/0618"/>
<ref type="cert-bund" id="CB-K19/0615"/>
<ref type="cert-bund" id="CB-K18/0296"/>
<ref type="cert-bund" id="CB-K17/1980"/>
<ref type="cert-bund" id="CB-K17/1871"/>
<ref type="cert-bund" id="CB-K17/1803"/>
<ref type="cert-bund" id="CB-K17/1753"/>
<ref type="cert-bund" id="CB-K17/1750"/>
<ref type="cert-bund" id="CB-K17/1709"/>
<ref type="cert-bund" id="CB-K17/1558"/>
<ref type="cert-bund" id="CB-K17/1273"/>
<ref type="cert-bund" id="CB-K17/1202"/>
<ref type="cert-bund" id="CB-K17/1196"/>
<ref type="cert-bund" id="CB-K17/1055"/>
<ref type="cert-bund" id="CB-K17/1026"/>
<ref type="cert-bund" id="CB-K17/0939"/>
<ref type="cert-bund" id="CB-K17/0917"/>
<ref type="cert-bund" id="CB-K17/0915"/>
<ref type="cert-bund" id="CB-K17/0877"/>
<ref type="cert-bund" id="CB-K17/0796"/>
<ref type="cert-bund" id="CB-K17/0724"/>
<ref type="cert-bund" id="CB-K17/0661"/>
<ref type="cert-bund" id="CB-K17/0657"/>
<ref type="cert-bund" id="CB-K17/0582"/>
<ref type="cert-bund" id="CB-K17/0581"/>
<ref type="cert-bund" id="CB-K17/0506"/>
<ref type="cert-bund" id="CB-K17/0504"/>
<ref type="cert-bund" id="CB-K17/0467"/>
<ref type="cert-bund" id="CB-K17/0345"/>
<ref type="cert-bund" id="CB-K17/0098"/>
<ref type="cert-bund" id="CB-K17/0089"/>
<ref type="cert-bund" id="CB-K17/0086"/>
<ref type="cert-bund" id="CB-K17/0082"/>
<ref type="cert-bund" id="CB-K16/1837"/>
<ref type="cert-bund" id="CB-K16/1830"/>
<ref type="cert-bund" id="CB-K16/1635"/>
<ref type="cert-bund" id="CB-K16/1630"/>
<ref type="cert-bund" id="CB-K16/1624"/>
<ref type="cert-bund" id="CB-K16/1622"/>
<ref type="cert-bund" id="CB-K16/1500"/>
<ref type="cert-bund" id="CB-K16/1465"/>
<ref type="cert-bund" id="CB-K16/1307"/>
<ref type="cert-bund" id="CB-K16/1296"/>
<ref type="dfn-cert" id="DFN-CERT-2021-1618"/>
<ref type="dfn-cert" id="DFN-CERT-2021-0775"/>
<ref type="dfn-cert" id="DFN-CERT-2021-0770"/>
<ref type="dfn-cert" id="DFN-CERT-2021-0274"/>
<ref type="dfn-cert" id="DFN-CERT-2020-2141"/>
<ref type="dfn-cert" id="DFN-CERT-2020-0368"/>
<ref type="dfn-cert" id="DFN-CERT-2019-1455"/>
<ref type="dfn-cert" id="DFN-CERT-2019-0068"/>
<ref type="dfn-cert" id="DFN-CERT-2018-1296"/>
<ref type="dfn-cert" id="DFN-CERT-2018-0323"/>
<ref type="dfn-cert" id="DFN-CERT-2017-2070"/>
<ref type="dfn-cert" id="DFN-CERT-2017-1954"/>
<ref type="dfn-cert" id="DFN-CERT-2017-1885"/>
<ref type="dfn-cert" id="DFN-CERT-2017-1831"/>
<ref type="dfn-cert" id="DFN-CERT-2017-1821"/>
<ref type="dfn-cert" id="DFN-CERT-2017-1785"/>
<ref type="dfn-cert" id="DFN-CERT-2017-1626"/>
<ref type="dfn-cert" id="DFN-CERT-2017-1326"/>
<ref type="dfn-cert" id="DFN-CERT-2017-1239"/>
<ref type="dfn-cert" id="DFN-CERT-2017-1238"/>
<ref type="dfn-cert" id="DFN-CERT-2017-1090"/>
<ref type="dfn-cert" id="DFN-CERT-2017-1060"/>
<ref type="dfn-cert" id="DFN-CERT-2017-0968"/>
<ref type="dfn-cert" id="DFN-CERT-2017-0947"/>
<ref type="dfn-cert" id="DFN-CERT-2017-0946"/>
<ref type="dfn-cert" id="DFN-CERT-2017-0904"/>
<ref type="dfn-cert" id="DFN-CERT-2017-0816"/>
<ref type="dfn-cert" id="DFN-CERT-2017-0746"/>
<ref type="dfn-cert" id="DFN-CERT-2017-0677"/>
<ref type="dfn-cert" id="DFN-CERT-2017-0675"/>
<ref type="dfn-cert" id="DFN-CERT-2017-0611"/>
<ref type="dfn-cert" id="DFN-CERT-2017-0609"/>
<ref type="dfn-cert" id="DFN-CERT-2017-0522"/>
<ref type="dfn-cert" id="DFN-CERT-2017-0519"/>
<ref type="dfn-cert" id="DFN-CERT-2017-0482"/>
<ref type="dfn-cert" id="DFN-CERT-2017-0351"/>
<ref type="dfn-cert" id="DFN-CERT-2017-0090"/>
<ref type="dfn-cert" id="DFN-CERT-2017-0089"/>
<ref type="dfn-cert" id="DFN-CERT-2017-0088"/>
<ref type="dfn-cert" id="DFN-CERT-2017-0086"/>
<ref type="dfn-cert" id="DFN-CERT-2016-1943"/>
<ref type="dfn-cert" id="DFN-CERT-2016-1937"/>
<ref type="dfn-cert" id="DFN-CERT-2016-1732"/>
<ref type="dfn-cert" id="DFN-CERT-2016-1726"/>
<ref type="dfn-cert" id="DFN-CERT-2016-1715"/>
<ref type="dfn-cert" id="DFN-CERT-2016-1714"/>
<ref type="dfn-cert" id="DFN-CERT-2016-1588"/>
<ref type="dfn-cert" id="DFN-CERT-2016-1555"/>
<ref type="dfn-cert" id="DFN-CERT-2016-1391"/>
<ref type="dfn-cert" id="DFN-CERT-2016-1378"/>
</refs>
</nvt>
<scan_nvt_version>2024-06-14T05:05:48Z</scan_nvt_version>
<threat>High</threat>
<severity>7.5</severity>
<qod>
<value>98</value>
<type/>
</qod>
<description>'Vulnerable' cipher suites accepted by this service via the TLSv1.0 protocol:
TLS_RSA_WITH_3DES_EDE_CBC_SHA (SWEET32)
</description>
<original_threat>High</original_threat>
<original_severity>7.5</original_severity>
<overrides>
<override id="f4356011-97b8-4bbc-b0f9-960faf598b59">
<permissions>
<permission>
<name>Everything</name>
</permission>
</permissions>
<owner>
<name>ian</name>
</owner>
<nvt oid="1.3.6.1.4.1.25623.1.0.108031">
<name>SSL/TLS: Report Vulnerable Cipher Suites for HTTPS</name>
<type>nvt</type>
</nvt>
<creation_time>2024-06-18T21:33:56Z</creation_time>
<modification_time>2024-06-18T21:33:56Z</modification_time>
<writable>1</writable>
<in_use>0</in_use>
<active>1</active>
<text excerpt="0">Hubspot</text>
<threat>Alarm</threat>
<severity>0.1</severity>
<new_threat>False Positive</new_threat>
<new_severity>-1</new_severity>
<orphan>0</orphan>
</override>
</overrides>
</result>
so it looks like some logic needs to be added to detect CVSS3 and parse as CVSS3 verse 2?