Author Posts

April 28, 2017 at 6:03 pm

I have a task that requires checking to see if software installed in our environment matches a vulnerability published by our internal vulnerability management system. A part of the process involves manually reviewing the title of each published vulnerability to our software inventory list. I've worked out a bit of PowerShell code, but I am not getting the results I want. I'd appreciate any advice the community has to offer.

DeviceName DeviceOS SoftwareName SoftwareVersion
PC1 Windows 7 Adobe Reader 10.30
PC1 Windows 7 Mozilla Firefox 48.0.1 48.00
PC1 Windows 7 Putty 0.68
PC1 Windows 7 Sumatra PDF 3.17
PC1 Windows 7 7-Zip 15.04
PC2 Windows 8.1 Adobe Photoshop CC 2017 11.00
PC2 Windows 8.1 Google Chrome 54.00
PC2 Windows 8.1 Adobe Flash Player 7.65
PC2 Windows 8.1 WireShark 2.2.2 2.2
PC2 Windows 8.1 7-Zip 15.04

ID Title Severity Status
CVE-2017-3881 Cisco IOS and IOS XE Software Cluster Management Protocol Remote Code Execution Vulnerability High Closed
CVE-2017-7269 Microsoft IIS 6.0 ScStoragePathFromUrl Buffer Overflow Vulnerability Medium Open
CVE-2017-5638 Apache Struts2 Input Validation Code Execution Vulnerability Low Closed
CVE-2017-3823 Cisco WebEx Google Chrome Extension Remote Code Execution Vulnerability High Closed
CVE-2016-7200 Microsoft Edge Scripting Engine Memory Corruption Code Execution Vulnerability Medium Closed
CVE-2016-7892 Adobe Flash Player Use-After-Free Code Execution Vulnerability Medium Open
CVE-2016-0189 Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability Medium Open
CVE-2017-8711 Multiple Vulnerabilities in Wireshark Medium Open
CVE-2017-4907 Multiple Vulnerabilities in Vmware Products Low Open
CVE-2017-3008 Multiple Vulnerabilities in Adobe ColdFusion Medium Open
CVE-2017-5066 Multiple Vulnerabilities in Sumatra Software Low Open
CVE-2017-5059 Multiple Vulnerabilities in Google Chrome High Open
CVE-2017-5661 Putty Input Validation Error Information Low Open
CVE-2017-3004 Multiple Vulnerabilities in Adobe Photoshop Medium Open
CVE-2017-5429 Multiple Vulnerabilities in Mozilla Firefox High Open
CVE-2017-3033 Multiple Vulnerabilities in Adobe Acrobat and Reader High Open
CVE-2017-3062 Multiple Vulnerabilities in Adobe Flash Player High Open

#Import published vuln list then filter title
$VulnsPublished = Import-Excel D:\tmp\vulnlist.xlsx
$VulnOpen = $VulnsPublished | Where-Object {$_.Status -eq 'Open'}
$VulnSoftware = $VulnOpen | Select-Object 'Title' -ExpandProperty 'Title' | Sort

#Import device software inventory
$PCInventory = Import-Excel D:\tmp\pcinventory.xlsx
$PCSoftware = $PCInventory | Select-Object SoftwareName -ExpandProperty SoftwareName -Unique

#Check to see is vulnerable software is installed in environment
$VulnSoftware | Select-String -InputObject {$_} -Pattern $PCSoftware

April 29, 2017 at 8:35 pm

Does the softwarename column contain both name and version? In my test, some do and this can cause a problem with your results?
If your files are in csv format, you can use that.

$inv = Import-Csv .\inventory.csv
$vulnlist = Import-Csv .\vulnlist.csv | 
Where-Object {$_.Status -eq 'Open'}

$result = 
foreach ($i in $inv){
    $vul = $vulnlist | Where-Object {$_.Title -match $i.SoftwareName}
        [PSCustomObject]@{
            DeviceName = $i.DeviceName
            DeviceOS = $i.DeviceOS
            SoftwareName = $i.SoftwareName
            ID = $vul.ID | Out-String
            Title = $vul.Title | Out-String
            Severity = $vul.Severity | Out-String}
}

$result | export-csv .\results.csv -NoTypeInformation