espressobeanies commented 4 years ago

I'm encountering an issue to where I'm unable to pull CVE values from Tenable.sc (v5.11) using pyTenable. When I attempt to pull the values using the below code, I get blank results in my JSON output:

!/usr/bin/python

from tenable.sc import TenableSC import requests, json

SC_USERNAME=““ SC_PASSWORD=“”

sc=TenableSC(‘’) sc.login(SC_USERNAME, SC_PASSWORD)

for vuln in sc.analysis.vulns(fields=['xrefs:CVE'], tool='vulndetails'): print(vuln)

sc.logout()

SteveMcGrath commented 4 years ago

Firstly, the fields param wont work in analysis calls and is just silently ignored.

Secondly, not all plugins have CVEs. This is normal. A good example of how to pull the CVE field is below however. Note that in the vulndetails tool, the field is called "cve"

>>> from tenable.sc import TenableSC
>>> with TenableSC('ADDRESS', username='USERNAME', password='PASSWORD') as sc:
...     for v in sc.analysis.vulns(('severity', '=', '1,2,3,4')):
...         print('{ip}: {pluginName} ({cve})'.format(**v))

Example Output:

192.168.101.190: Google Chrome < 66.0.3359.170 Multiple Vulnerabilities (CVE-2018-6120,CVE-2018-6122)
192.168.101.190: Google Chrome < 67.0.3396.62 Multiple Vulnerabilities (CVE-2018-6124,CVE-2018-6127,CVE-2018-6128,CVE-2018-6129,CVE-2018-6130,CVE-2018-6131,CVE-2018-6133,CVE-20
18-6134,CVE-2018-6135,CVE-2018-6136,CVE-2018-6137,CVE-2018-6141,CVE-2018-6142,CVE-2018-6143,CVE-2018-6144,CVE-2018-6145,CVE-2018-6147,CVE-2018-6150)
192.168.101.190: Google Chrome < 67.0.3396.79 Security Bypass (CVE-2018-6148)
192.168.101.190: Google Chrome < 67.0.3396.87 RCE (CVE-2018-6149)
192.168.101.190: Google Chrome < 68.0.3440.75 Multiple Vulnerabilities (CVE-2018-4117,CVE-2018-6153,CVE-2018-6154,CVE-2018-6155,CVE-2018-6156,CVE-2018-6157,CVE-2018-6158,CVE-20
18-6159,CVE-2018-6160,CVE-2018-6162,CVE-2018-6163,CVE-2018-6164,CVE-2018-6165,CVE-2018-6166,CVE-2018-6168,CVE-2018-6170,CVE-2018-6173,CVE-2018-6174,CVE-2018-6175,CVE-2018-6177,
CVE-2018-6179)
192.168.101.190: Google Chrome < 72.0.3626.121 Use-After-Free (CVE-2019-5786)
192.168.101.190: Google Chrome < 72.0.3626.81 Multiple Vulnerabilities (CVE-2019-5754,CVE-2019-5755,CVE-2019-5756,CVE-2019-5757,CVE-2019-5758,CVE-2019-5759,CVE-2019-5760,CVE-20
19-5761,CVE-2019-5762,CVE-2019-5763,CVE-2019-5764,CVE-2019-5765,CVE-2019-5766,CVE-2019-5767,CVE-2019-5768,CVE-2019-5769,CVE-2019-5770,CVE-2019-5771,CVE-2019-5772,CVE-2019-5773,
CVE-2019-5774,CVE-2019-5775,CVE-2019-5776,CVE-2019-5777,CVE-2019-5778,CVE-2019-5779,CVE-2019-5780,CVE-2019-5781,CVE-2019-5782)
192.168.101.190: Google Chrome < 73.0.3683.75 Multiple Vulnerabilities (CVE-2019-5787,CVE-2019-5788,CVE-2019-5789,CVE-2019-5790,CVE-2019-5791,CVE-2019-5792,CVE-2019-5793,CVE-20
19-5794,CVE-2019-5795,CVE-2019-5796,CVE-2019-5797,CVE-2019-5798,CVE-2019-5799,CVE-2019-5800,CVE-2019-5801,CVE-2019-5802,CVE-2019-5803,CVE-2019-5804)
192.168.101.190: Google Chrome < 78.0.3904.87 Multiple Use-After-Free (CVE-2019-13720,CVE-2019-13721)
192.168.101.194: SSL 64-bit Block Size Cipher Suites Supported (SWEET32) ()
192.168.101.197: Client Data Leakage Detection (Username and Password) ()
192.168.101.197: Client Data Leakage Detection (Username and Password) ()
192.168.101.197: Client Data Leakage Detection (Username and Password) ()
192.168.101.197: Client Data Leakage Detection (Username and Password) ()

espressobeanies commented 4 years ago

Steve, I'm aware of this. I'm not sure what to do when I have no CVE values coming thru at all.

SteveMcGrath commented 4 years ago

If you aren't seeing any CVEs, you may want to check your dataset to ensure that you aren't being passed only Infos or something. Also, if the data is in the UI, it'll be in the API, so you can always spot-check what you're doing by poking around the same dataset in the UI.

I can't really offer anything more specific, as it isn't a pytenable issue at that point, its a data issue.

tenable / pyTenable

Issue pulling CVE values from Tenable.sc using pyTenable #181

!/usr/bin/python