Skip to main content

Checking CVE with RedHat Access

·1296 words·7 mins
zd
Posts redhat vulnmgmt
Table of Contents
A handy utility to check CVE details via Red Hat Access API.

Vulnerability management is an essential IT security practice that involves identifying, assessing, and remediating security flaws in devices, networks, and applications, in order to reduce the risks of cyberattacks and security breaches.

One of the time-consuming task to support vulnerability management is post-scan validation.

These includes false-postive verification, patch availability checking, and most important is “Does the CVE applicable to me?”.

RedHat Access
#

Luckily, RedHat has provide an excellent API access and CSAF/VEX framework to provide latest information.

CSAF is a replacement for the Common Vulnerability Reporting Framework (CVRF). VEX is a profile in the CSAF standard.

In short, RedHat Product Security Center has provided an easy way to check CVE details for post-scan validation tasks.

Util: rha_cve_check
#

The util is available at 2 formats: Python script rha_cve_check.py and Windows executable (exe) rha_cve_check.zip. Both can be downloaded at the GitHub repo below.

myseq/utils

some ultilities

Python
0
0

Below is how it works.

$ ./rha_cve_check.py

usage: rha_cve_check.py [-h] [-v] <cve> [<cve> ...]

   Zzzzz   |\      _,,,---,,_
           /,`.-'`'    -.  ;-;;,_   __author__ : [ zd ]
          |,4-  ) )-,_..;\ (  `'-'  __year__   : [ 2024.09 ]
          '---''(_/--'  `-'\_)

         Retrieve CVE details directly via RedHat Security Data API.

         [ base_url = 'https://access.redhat.com/hydra/rest/securitydata' ]

positional arguments:
  <cve>       Specify a CVE or a list of CVEs.

options:
  -h, --help  show this help message and exit
  -v          verbose output

    RedHat Security Data API:

        See https://docs.redhat.com/en/documentation/red_hat_security_data_api/1.0/html-single/red_hat_security_data_api/index

Below is sample outputs to check on CUPS’s cve. Note that it can accept different format of the CVEs.

c:\> rha_cve_check CVE-2024-47076 cve-2024-47175 2024-47176 2024-47177 -v

 [*] Searching 4/4 CVEs...

 [+] [200] https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-47177.json
 [+] [200] https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-47176.json
 [+] [200] https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-47076.json
 [+] [200] https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-47175.json

 [*] All [4 responses] are OK.

 [*] Successful fetched : 4/4

 [+] CVE-2024-47175 | cvss3:7.7 (released at 2024-09-26)
 [-] CVE-2024-47175 : cpe:/o:redhat:rhel_aus:7.7 [ Red Hat Enterprise Linux 7.7 Advanced Update Support ] Packages=cups-filters-0:1.0.35-26.el7_7.3 | RHSA-2024:7551 (2024-10-02)
 [-] CVE-2024-47175 : cpe:/o:redhat:rhel_els:7 [ Red Hat Enterprise Linux 7 Extended Lifecycle Support ] Packages=cups-filters-0:1.0.35-29.el7_9.3 | RHSA-2024:7553 (2024-10-02)
 [-] CVE-2024-47175 : cpe:/a:redhat:enterprise_linux:8 [ Red Hat Enterprise Linux 8 ] Packages=cups-filters-0:1.20.0-35.el8_10 | RHSA-2024:7463 (2024-10-01)
 [-] CVE-2024-47175 : cpe:/a:redhat:rhel_aus:8.2 [ Red Hat Enterprise Linux 8.2 Advanced Update Support ] Packages=cups-filters-0:1.20.0-19.el8_2.2 | RHSA-2024:7461 (2024-10-01)
 [-] CVE-2024-47175 : cpe:/a:redhat:rhel_aus:8.4 [ Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support ] Packages=cups-filters-0:1.20.0-24.el8_4.2 | RHSA-2024:7504 (2024-10-02)
 [-] CVE-2024-47175 : cpe:/a:redhat:rhel_tus:8.4 [ Red Hat Enterprise Linux 8.4 Telecommunications Update Service ] Packages=cups-filters-0:1.20.0-24.el8_4.2 | RHSA-2024:7504 (2024-10-02)
 [-] CVE-2024-47175 : cpe:/a:redhat:rhel_e4s:8.4 [ Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions ] Packages=cups-filters-0:1.20.0-24.el8_4.2 | RHSA-2024:7504 (2024-10-02)
 [-] CVE-2024-47175 : cpe:/a:redhat:rhel_aus:8.6 [ Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support ] Packages=cups-filters-0:1.20.0-27.el8_6.3 | RHSA-2024:7623 (2024-10-03)
 [-] CVE-2024-47175 : cpe:/a:redhat:rhel_tus:8.6 [ Red Hat Enterprise Linux 8.6 Telecommunications Update Service ] Packages=cups-filters-0:1.20.0-27.el8_6.3 | RHSA-2024:7623 (2024-10-03)
 [-] CVE-2024-47175 : cpe:/a:redhat:rhel_e4s:8.6 [ Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions ] Packages=cups-filters-0:1.20.0-27.el8_6.3 | RHSA-2024:7623 (2024-10-03)
 [-] CVE-2024-47175 : cpe:/a:redhat:rhel_eus:8.8 [ Red Hat Enterprise Linux 8.8 Extended Update Support ] Packages=cups-filters-0:1.20.0-29.el8_8.3 | RHSA-2024:7462 (2024-10-01)
 [-] CVE-2024-47175 : cpe:/a:redhat:enterprise_linux:9 [ Red Hat Enterprise Linux 9 ] Packages=cups-filters-0:1.28.7-17.el9_4 | RHSA-2024:7346 (2024-09-27)
 [-] CVE-2024-47175 : cpe:/a:redhat:rhel_e4s:9.0 [ Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions ] Packages=cups-filters-0:1.28.7-10.el9_0.2 | RHSA-2024:7506 (2024-10-02)
 [-] CVE-2024-47175 : cpe:/a:redhat:rhel_eus:9.2 [ Red Hat Enterprise Linux 9.2 Extended Update Support ] Packages=cups-filters-0:1.28.7-11.el9_2.2 | RHSA-2024:7503 (2024-10-02)

 [-] Mitigation : See the security bulletin for a detailed mitigation procedure.
 [-] CVE-2024-47175 : cpe:/o:redhat:enterprise_linux:7 [Red Hat Enterprise Linux 7] cups (Fix deferred)
 [-] CVE-2024-47175 : cpe:/o:redhat:enterprise_linux:8 [Red Hat Enterprise Linux 8] cups (Fix deferred)
 [-] CVE-2024-47175 : cpe:/o:redhat:enterprise_linux:9 [Red Hat Enterprise Linux 9] cups (Fix deferred)
 [-] CVE-2024-47175 : cpe:/a:redhat:openshift:4 [Red Hat OpenShift Container Platform 4] rhcos (Not affected)

 [+] CVE-2024-47177 | cvss3:6.1 (released at 2024-09-26)
 [-] OS/package : Current investigation indicates that no versions of Red Hat Enterprise Linux (RHEL) are affected.

 [-] Mitigation : See the security bulletin for a detailed mitigation procedure.
 [-] CVE-2024-47177 : cpe:/o:redhat:enterprise_linux:7 [Red Hat Enterprise Linux 7] cups-filters (Not affected)
 [-] CVE-2024-47177 : cpe:/o:redhat:enterprise_linux:7 [Red Hat Enterprise Linux 7] foomatic (Will not fix)
 [-] CVE-2024-47177 : cpe:/o:redhat:enterprise_linux:8 [Red Hat Enterprise Linux 8] cups-filters (Affected)
 [-] CVE-2024-47177 : cpe:/o:redhat:enterprise_linux:8 [Red Hat Enterprise Linux 8] foomatic (Not affected)
 [-] CVE-2024-47177 : cpe:/o:redhat:enterprise_linux:9 [Red Hat Enterprise Linux 9] cups-filters (Affected)
 [-] CVE-2024-47177 : cpe:/o:redhat:enterprise_linux:9 [Red Hat Enterprise Linux 9] foomatic (Not affected)

 [+] CVE-2024-47176 | cvss3:7.5 (released at 2024-09-26)
 [-] CVE-2024-47176 : cpe:/o:redhat:rhel_aus:7.7 [ Red Hat Enterprise Linux 7.7 Advanced Update Support ] Packages=cups-filters-0:1.0.35-26.el7_7.3 | RHSA-2024:7551 (2024-10-02)
 [-] CVE-2024-47176 : cpe:/o:redhat:rhel_els:7 [ Red Hat Enterprise Linux 7 Extended Lifecycle Support ] Packages=cups-filters-0:1.0.35-29.el7_9.3 | RHSA-2024:7553 (2024-10-02)
 [-] CVE-2024-47176 : cpe:/a:redhat:enterprise_linux:8 [ Red Hat Enterprise Linux 8 ] Packages=cups-filters-0:1.20.0-35.el8_10 | RHSA-2024:7463 (2024-10-01)
 [-] CVE-2024-47176 : cpe:/a:redhat:rhel_aus:8.2 [ Red Hat Enterprise Linux 8.2 Advanced Update Support ] Packages=cups-filters-0:1.20.0-19.el8_2.2 | RHSA-2024:7461 (2024-10-01)
 [-] CVE-2024-47176 : cpe:/a:redhat:rhel_aus:8.4 [ Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support ] Packages=cups-filters-0:1.20.0-24.el8_4.2 | RHSA-2024:7504 (2024-10-02)
 [-] CVE-2024-47176 : cpe:/a:redhat:rhel_tus:8.4 [ Red Hat Enterprise Linux 8.4 Telecommunications Update Service ] Packages=cups-filters-0:1.20.0-24.el8_4.2 | RHSA-2024:7504 (2024-10-02)
 [-] CVE-2024-47176 : cpe:/a:redhat:rhel_e4s:8.4 [ Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions ] Packages=cups-filters-0:1.20.0-24.el8_4.2 | RHSA-2024:7504 (2024-10-02)
 [-] CVE-2024-47176 : cpe:/a:redhat:rhel_aus:8.6 [ Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support ] Packages=cups-filters-0:1.20.0-27.el8_6.3 | RHSA-2024:7623 (2024-10-03)
 [-] CVE-2024-47176 : cpe:/a:redhat:rhel_tus:8.6 [ Red Hat Enterprise Linux 8.6 Telecommunications Update Service ] Packages=cups-filters-0:1.20.0-27.el8_6.3 | RHSA-2024:7623 (2024-10-03)
 [-] CVE-2024-47176 : cpe:/a:redhat:rhel_e4s:8.6 [ Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions ] Packages=cups-filters-0:1.20.0-27.el8_6.3 | RHSA-2024:7623 (2024-10-03)
 [-] CVE-2024-47176 : cpe:/a:redhat:rhel_eus:8.8 [ Red Hat Enterprise Linux 8.8 Extended Update Support ] Packages=cups-filters-0:1.20.0-29.el8_8.3 | RHSA-2024:7462 (2024-10-01)
 [-] CVE-2024-47176 : cpe:/a:redhat:enterprise_linux:9 [ Red Hat Enterprise Linux 9 ] Packages=cups-filters-0:1.28.7-17.el9_4 | RHSA-2024:7346 (2024-09-27)
 [-] CVE-2024-47176 : cpe:/a:redhat:rhel_e4s:9.0 [ Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions ] Packages=cups-filters-0:1.28.7-10.el9_0.2 | RHSA-2024:7506 (2024-10-02)
 [-] CVE-2024-47176 : cpe:/a:redhat:rhel_eus:9.2 [ Red Hat Enterprise Linux 9.2 Extended Update Support ] Packages=cups-filters-0:1.28.7-11.el9_2.2 | RHSA-2024:7503 (2024-10-02)

 [-] Mitigation : See the security bulletin for a detailed mitigation procedure.

 [+] CVE-2024-47076 | cvss3:8.2 (released at 2024-09-26)
 [-] CVE-2024-47076 : cpe:/o:redhat:rhel_aus:7.7 [ Red Hat Enterprise Linux 7.7 Advanced Update Support ] Packages=cups-filters-0:1.0.35-26.el7_7.3 | RHSA-2024:7551 (2024-10-02)
 [-] CVE-2024-47076 : cpe:/o:redhat:rhel_els:7 [ Red Hat Enterprise Linux 7 Extended Lifecycle Support ] Packages=cups-filters-0:1.0.35-29.el7_9.3 | RHSA-2024:7553 (2024-10-02)
 [-] CVE-2024-47076 : cpe:/a:redhat:enterprise_linux:8 [ Red Hat Enterprise Linux 8 ] Packages=cups-filters-0:1.20.0-35.el8_10 | RHSA-2024:7463 (2024-10-01)
 [-] CVE-2024-47076 : cpe:/a:redhat:rhel_aus:8.2 [ Red Hat Enterprise Linux 8.2 Advanced Update Support ] Packages=cups-filters-0:1.20.0-19.el8_2.2 | RHSA-2024:7461 (2024-10-01)
 [-] CVE-2024-47076 : cpe:/a:redhat:rhel_aus:8.4 [ Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support ] Packages=cups-filters-0:1.20.0-24.el8_4.2 | RHSA-2024:7504 (2024-10-02)
 [-] CVE-2024-47076 : cpe:/a:redhat:rhel_tus:8.4 [ Red Hat Enterprise Linux 8.4 Telecommunications Update Service ] Packages=cups-filters-0:1.20.0-24.el8_4.2 | RHSA-2024:7504 (2024-10-02)
 [-] CVE-2024-47076 : cpe:/a:redhat:rhel_e4s:8.4 [ Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions ] Packages=cups-filters-0:1.20.0-24.el8_4.2 | RHSA-2024:7504 (2024-10-02)
 [-] CVE-2024-47076 : cpe:/a:redhat:rhel_aus:8.6 [ Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support ] Packages=cups-filters-0:1.20.0-27.el8_6.3 | RHSA-2024:7623 (2024-10-03)
 [-] CVE-2024-47076 : cpe:/a:redhat:rhel_tus:8.6 [ Red Hat Enterprise Linux 8.6 Telecommunications Update Service ] Packages=cups-filters-0:1.20.0-27.el8_6.3 | RHSA-2024:7623 (2024-10-03)
 [-] CVE-2024-47076 : cpe:/a:redhat:rhel_e4s:8.6 [ Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions ] Packages=cups-filters-0:1.20.0-27.el8_6.3 | RHSA-2024:7623 (2024-10-03)
 [-] CVE-2024-47076 : cpe:/a:redhat:rhel_eus:8.8 [ Red Hat Enterprise Linux 8.8 Extended Update Support ] Packages=cups-filters-0:1.20.0-29.el8_8.3 | RHSA-2024:7462 (2024-10-01)
 [-] CVE-2024-47076 : cpe:/a:redhat:enterprise_linux:9 [ Red Hat Enterprise Linux 9 ] Packages=cups-filters-0:1.28.7-17.el9_4 | RHSA-2024:7346 (2024-09-27)
 [-] CVE-2024-47076 : cpe:/a:redhat:rhel_e4s:9.0 [ Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions ] Packages=cups-filters-0:1.28.7-10.el9_0.2 | RHSA-2024:7506 (2024-10-02)
 [-] CVE-2024-47076 : cpe:/a:redhat:rhel_eus:9.2 [ Red Hat Enterprise Linux 9.2 Extended Update Support ] Packages=cups-filters-0:1.28.7-11.el9_2.2 | RHSA-2024:7503 (2024-10-02)

 [-] Mitigation : See the security bulletin for a detailed mitigation procedure.

 [*] main(): completed within [0.8496 sec].

Links#

Author
zd
cli-geek

Related

VulnCheck KEV Community
·330 words·2 mins
Posts kev python tools vulncheck threatmgmt vulnmgmt
Introducing the VulnCheck Known Exploited Vulnerabilities (KEV) catalog, a free community database of known exploited vulnerabilities fused with exploit intelligence.
Data Analysis Story for VM
·1114 words·6 mins
Posts data analytics python vulnmgmt
How can you tell if your remediation work effectively? Is it efficient in addressing new vulnerability released every month?
34-Month Update with CISA KEV
·206 words·1 min
Posts cisa kev vulnmgmt
Analysis updates of CISA KEV catalog.