Use Select-String to find vulnerable software

This topic contains 1 reply, has 2 voices, and was last updated by  random commandline 5 months, 3 weeks ago.

  • Author
    Posts
  • #69796

    Jeremiah C
    Participant

    I have a task that requires checking to see if software installed in our environment matches a vulnerability published by our internal vulnerability management system. A part of the process involves manually reviewing the title of each published vulnerability to our software inventory list. I've worked out a bit of PowerShell code, but I am not getting the results I want. I'd appreciate any advice the community has to offer.

    DeviceName DeviceOS SoftwareName SoftwareVersion
    PC1 Windows 7 Adobe Reader 10.30
    PC1 Windows 7 Mozilla Firefox 48.0.1 48.00
    PC1 Windows 7 Putty 0.68
    PC1 Windows 7 Sumatra PDF 3.17
    PC1 Windows 7 7-Zip 15.04
    PC2 Windows 8.1 Adobe Photoshop CC 2017 11.00
    PC2 Windows 8.1 Google Chrome 54.00
    PC2 Windows 8.1 Adobe Flash Player 7.65
    PC2 Windows 8.1 WireShark 2.2.2 2.2
    PC2 Windows 8.1 7-Zip 15.04

    ID Title Severity Status
    CVE-2017-3881 Cisco IOS and IOS XE Software Cluster Management Protocol Remote Code Execution Vulnerability High Closed
    CVE-2017-7269 Microsoft IIS 6.0 ScStoragePathFromUrl Buffer Overflow Vulnerability Medium Open
    CVE-2017-5638 Apache Struts2 Input Validation Code Execution Vulnerability Low Closed
    CVE-2017-3823 Cisco WebEx Google Chrome Extension Remote Code Execution Vulnerability High Closed
    CVE-2016-7200 Microsoft Edge Scripting Engine Memory Corruption Code Execution Vulnerability Medium Closed
    CVE-2016-7892 Adobe Flash Player Use-After-Free Code Execution Vulnerability Medium Open
    CVE-2016-0189 Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability Medium Open
    CVE-2017-8711 Multiple Vulnerabilities in Wireshark Medium Open
    CVE-2017-4907 Multiple Vulnerabilities in Vmware Products Low Open
    CVE-2017-3008 Multiple Vulnerabilities in Adobe ColdFusion Medium Open
    CVE-2017-5066 Multiple Vulnerabilities in Sumatra Software Low Open
    CVE-2017-5059 Multiple Vulnerabilities in Google Chrome High Open
    CVE-2017-5661 Putty Input Validation Error Information Low Open
    CVE-2017-3004 Multiple Vulnerabilities in Adobe Photoshop Medium Open
    CVE-2017-5429 Multiple Vulnerabilities in Mozilla Firefox High Open
    CVE-2017-3033 Multiple Vulnerabilities in Adobe Acrobat and Reader High Open
    CVE-2017-3062 Multiple Vulnerabilities in Adobe Flash Player High Open

    #Import published vuln list then filter title
    $VulnsPublished = Import-Excel D:\tmp\vulnlist.xlsx
    $VulnOpen = $VulnsPublished | Where-Object {$_.Status -eq 'Open'}
    $VulnSoftware = $VulnOpen | Select-Object 'Title' -ExpandProperty 'Title' | Sort
    
    #Import device software inventory
    $PCInventory = Import-Excel D:\tmp\pcinventory.xlsx
    $PCSoftware = $PCInventory | Select-Object SoftwareName -ExpandProperty SoftwareName -Unique
    
    #Check to see is vulnerable software is installed in environment
    $VulnSoftware | Select-String -InputObject {$_} -Pattern $PCSoftware
    
  • #69817

    random commandline
    Participant

    Does the softwarename column contain both name and version? In my test, some do and this can cause a problem with your results?
    If your files are in csv format, you can use that.

    $inv = Import-Csv .\inventory.csv
    $vulnlist = Import-Csv .\vulnlist.csv | 
    Where-Object {$_.Status -eq 'Open'}
    
    $result = 
    foreach ($i in $inv){
        $vul = $vulnlist | Where-Object {$_.Title -match $i.SoftwareName}
            [PSCustomObject]@{
                DeviceName = $i.DeviceName
                DeviceOS = $i.DeviceOS
                SoftwareName = $i.SoftwareName
                ID = $vul.ID | Out-String
                Title = $vul.Title | Out-String
                Severity = $vul.Severity | Out-String}
    }
    
    $result | export-csv .\results.csv -NoTypeInformation
    

You must be logged in to reply to this topic.