GVM mixing NVT's and CVE's

kristian · May 20, 2021, 9:41pm

GVM versions

gsad: (‘gsad --version’) = 21.04.0
gvmd: (‘gvmd --version’) = 21.4.0
openvas-scanner: (‘openvas --version’, in older GVM versions < 11: ‘openvassd --version’) = 21.4.0
gvm-libs: = 21.4.0

Environment

Operating system:
Kernel: (‘uname -a’) = Ubuntu 20.10 x86_64

Hello guys, I am having problems with GVM.
This instalation is on a fresh Linux VM, I was running GVM without an issue before but it seems like its bugged out now I suppose? (Before I was using older version, now I’ve deployed newest on my fresh VM.)
I would really appreciate any help I may receive with this, it seems that my GVM is mixing CVE’s with NVT’s.
Reports page is broken because of this, CVE scanner “works” but reports are also broken.
I cannot export PDF report for CVE scanner because of this, I cannot click the “Report” on my panel because of it.
The error I receive when trying to open report on “/report/a415aafc-78e6-4607-946b-1562e948242f” URL is :

Error while loading Report a415aafc-78e6-4607-946b-1562e948242f
TypeError: Cannot read property 'score' of undefined
TypeError: Cannot read property 'score' of undefined

It seems like I cannot access those CVE’s so it cant calculate score.
I found a way out of this situation to see which CVE’s are in question, on report summary page I click on “Corresponding Vulnerabilites” ICON that leads me to next url :
“/vulnerabilities?filter=report_id%3Da415aafc-78e6-4607-946b-1562e948242f”.

Here I can see that CVE in question is ex. “CVE-2018-5951”, but hyperlink for that is trying to lead me on “/nvt/CVE-2018-5951” - which ofcourse says :
The NVT you were looking for could not be found.
You might have followed an incorrect link and the NVT does not exist.

When manually replacing that link and switching “nvt” with “cve” - everything works…

Openvas scanner works just fine, I am only having problems with CVE scanner.
It actually displays CVE vulnerabilities as score on front page.

But I cannot access reports generated by CVE scanner.

ANY HELP WOULD BE GREATLY appreciated!!
I am banging my head against the wall for over a week now, please help me so I can stop wasting my free time on debugging this thing.
As always, thank you guys!

bvanh · June 14, 2021, 8:24am

I have the exact same issue, please can we have some assistance.

bricks · June 14, 2021, 12:09pm

You should try the following steps

Stop the ospd-openvas and gvmd services
Remove the PID file /var/run/ospd/ospd-openvas.pid (if not removed already)
Restart the ospd-openvas service
run gvmd --rebuild as the gvmd user (depends on the installation method)
Restart the gvmd service

Additionally the GSA should be fixed already in the 21.04 branch in the regard that it doesn’t show a traceback anymore (https://github.com/greenbone/gsa/pull/2944)

rippledj · December 3, 2021, 10:09pm

I have this problem too. When I replaced “nvd” with “cve” the link worked, but reports did not work. Also, I tried ‘gvmd --rebuild’ but received the error:

A feed sync is already running.
Failed to rebuild NVT cache.

DeeAnn · December 6, 2021, 8:58am

Hi @rippledj and welcome to the forum

Did you stop the services before running gvmd --rebuild first and remove the PID file?
Aldo, which version are you using? Thanks!

cfi · December 6, 2021, 10:51am

I had started to use the CVE Scanner a few days ago and remembered this topic. Just have re-checked with a current installation of all GVM components from the stable github branches (which are basically the version 21.04.4) and i’m unable to reproduce the incorrect links so it is very likely that this has been already solved in the most recent versions of GVM / gsa.

rippledj · December 7, 2021, 8:50pm

Please bear with me, because I’m fairly new to GVM / OpenVAS. This is what I did and the output:

$ uname -r 
5.10.0-kali7-amd64
$ gvm-cli socket --xml "<get_version/>"
<get_version_response status="200" status_text="OK"><version>21.4</version></get_version_response>

I guess that means I’m running version 21.4? I’m still a bit confused by all the conglomerate of components involved, so I wrote this article while learning: Intro To Greenbone Vulnerability Manger – Ripple Software Consulting

bricks · December 8, 2021, 7:28am

Just had a quick look at your article. Let me correct the term GSM. The Greenbone Security Manager (GSM) is our commercial appliance. The web applications is called Greenbone Security Assistant (GSA). Only if you use our commercial appliance you will see the GSM lettering otherwise it’s GSA. And the trial VM is a derivation of our appliances.

Please take a look at our glossary for a list of abbreviations Glossary — Greenbone Documentation documentation

rippledj · December 8, 2021, 6:19pm

Thanks I have corrected those errors.