Vulnerability appears with NVT references instead of human friendly / After upgrade: Scans showing no/0 results

solved
gvm-9

#1

Dear all,

I have recently migrated my previous Openvas-8 to Openvas-9 and I have some issues with the vulnerability results of existing tasks. Openvas-9 is running on linux mint 19 64bits.

Issue:
With openvas-8; vulnerabilities found appears with their friendly name, as expected, both on the GSA console and in the csv reports.
With openvas-9; many vulnerabilities (but not all) appears with their NVT references (eg; [1.3.6.1.4.1.25623.1.0.804485]), both on GSA and in the csv reports.

The tasks have been previously ran under openvas-8 environment; then the database was migrated to openvas-9 where the problem is. The tasks were not restarted on the new environment as I’m currently in testing mode.

I have flushed my plugins/scap-data/cert-data directories and refreshed all the feeds but same results. Any idea where this issue comes from ?

Thanks !


Reports showing Vulnerabilities by OIDs instead of names
Reports showing Vulnerabilities by OIDs instead of names
OID instean of vulnerability name
After upgrade: Scans showing no/0 results
No post scan results
#2

Hi, when choosing the category for a topic please try to have a look at the category description for each category first:

The current used category is/was https://community.greenbone.net/c/gce (Description: About the Community Edition (GCE) category) which is about the downloadable ready-to use virtual machine.

Based on your posted issue it sees you have an own installation either build from source or installed via 3rdparty repositories. For such installations the https://community.greenbone.net/c/gse (Description: About the Source Edition (GSE) category) needs to be chosen.

I have moved the topic to the correct category for now. It could be possible that the info above is made more prominent / easier to find in the future.


split this topic #3

A post was split to a new topic: After upgrade: Scans showing no/0 results


#4

Thanks for moving my post to the correct list. I have just tested to perform a new scan on my local network with openvas-9, and surprisingly there is 0 results. The scan seems to perform OK, but I find very very suspicious that nothing at all is reported, as if all hosts were dead. There should be a problem in my installation with my feeds.

I’ve launched the openvas setup script with --v9 but there is no error. Where else should I check ?


#5

Hi,

i have split this new question not related to the plain OID shown described in your initial thread into a new topic.

For your new question have a look at the topic below for some hints if your scans are showing no results.


#6

I’ve checked all of this and that’s not my case. I have many hosts responding to ping on my LAN, so even that simple test doesn’t work. I have nmap installed in the system path. And if I link this issue to the fact that old scan results shows NVT instead of vulnerability names, then I really believe it is linked with my feeds.


#7

I actually found out the root cause of this issue. Going into Configuration > Scan Configs shows all scan configs with 0 NVT. Isn’t this supposed to be configured by default ? Is it overwritten when importing a tasks.db file from a previous installation ?

Thanks


#8

Hi,

so it seems the initial issue might be the root cause for the scans showing no results. Based on this i have merged both topics again.


#9

I finally found the root cause of this. NVT cache needed to be updated. openvasmd --update did the trick.


#10

Hi!

I´m running Openvas9 on a RHEL7 machine.

All of my scans are showing vulnerabilities by OIDs instead of names.

I´ve tried to run “openvasmd --update” as suggested in the topic “Vulnerability appears with NVT references instead of human friendly / After upgrade: Scans showing no/0 results” but no success.

How can I track this problem?

Thanks in advance,
Carlos.


#11

hi,

where/how did you run that command? I;ve tried going to maintenance, opening the shell and typing in that command but it says “command not found”. I am running Greenbone OS 4.2.24 on vwmare in a linux 4.x 64bit host


#12

@major

Please note that running suggestions / command line calls given in the Source Edition (GSE) category within a Community Edition (GCE) installation is strongly discouraged in most cases as both environments are quite different.

As you have created No Scan Results - NVT 0/0 in the correct category i would suggest to use that thread for further questions on this topic.