CVE_Prioritizer icon indicating copy to clipboard operation
CVE_Prioritizer copied to clipboard
verified publisher icon TURROKS

Look for CVE in Ransomware campaigns

Open dr4lekhine opened this issue 1 year ago • 4 comments

Hello Mario,

Hoping you are well.

Is possible for CVE_Prioritizer to retrieve from CISA KEV and VulnCheck KEV APIs the following attribute?. Will be very useful to be able to add a column to check is being abused in ransomware campaigns (on top of active exploitation). This can be used to show the priority mainly to non-technical or executives stakeholders. As you know, "ransomware" is a magic word... :P

Example: CVE-2024-37085

CISA KEV: https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities_schema.json image image

VulnCheck KEV: https://api.vulncheck.com/v3/index/vulncheck-kev?cve=CVE-2024-37085

image

Thanks in advance, as always!

Regards.

dr4lekhine avatar Sep 09 '24 16:09 dr4lekhine

Hi @dr4lekhine yes that should be fairly easy to add, I will work on it this week.

Best, Mario

TURROKS avatar Sep 22 '24 16:09 TURROKS

@dr4lekhine I have added a new column based on this request

TURROKS avatar Sep 29 '24 14:09 TURROKS

Thanks Mario.

Just in case, I have just checked, and with VulnCheck API, besides the values "KNOW" or "UNKNOWN", i´m also seeing some CVE populated with word "Error":

VulnCheck: sudo python3 cve_prioritizer.py -v --vulncheck -vck -f large_vuln_list.txt -o vulncheck_api.csv

image

as an example, for CVE-2024-21413 or CVE-2022-34721 should be unknown, but is populated with "Error": https://api.vulncheck.com/v3/index/vulncheck-kev?cve=CVE-2024-21413 https://api.vulncheck.com/v3/index/vulncheck-kev?cve=CVE-2022-34721

vulncheck_api.csv large_vuln_list.txt

N.

dr4lekhine avatar Sep 29 '24 16:09 dr4lekhine

Thanks @dr4lekhine I was able to replicate the error, Im looking into the root cause which seems to be associated with the vulncheck kev feature. I will update the code as soon as I fix this

TURROKS avatar Oct 03 '24 16:10 TURROKS

@dr4lekhine I've updated the code to fix the issue. I tested the fix using your file with no issues, but please let me know if it works for you.

BTW, when using --vulncheck_kev or -vck, you don't need to add -vc as well, as this is automatically selected; you can simply run

python3 cve_prioritizer.py -v -vck -f large_vuln_list.txt -o vulncheck_api.csv

Best, Mario

TURROKS avatar Oct 05 '24 12:10 TURROKS

Thanks Mario! good work.

I was able to just check this today, and tested in the same way so now seems to be working ok!.

You can close this issue as resolved ;)

dr4lekhine avatar Oct 12 '24 16:10 dr4lekhine

Glad to hear that @dr4lekhine thanks for the suggestion

TURROKS avatar Oct 12 '24 17:10 TURROKS