McAfee Vulnerability Manager Release Notes

Transcription

1 McAfee Vulnerability Manager Release Notes

2 COPYRIGHT Copyright 2018 McAfee, LLC TRADEMARK ATTRIBUTIONS McAfee and the McAfee logo, McAfee Active Protection, epolicy Orchestrator, McAfee epo, McAfee EMM, Foundstone, McAfee LiveSafe, McAfee QuickClean, Safe Eyes, McAfee SECURE, SecureOS, McAfee Shredder, SiteAdvisor, McAfee Stinger, True Key, TrustedSource, VirusScan are trademarks or registered trademarks of McAfee, LLC or its subsidiaries in the US and other countries. Other marks and brands may be claimed as the property of others. LICENSE INFORMATION License Agreement NOTICE TO ALL USERS: CAREFULLY READ THE APPROPRIATE LEGAL AGREEMENT CORRESPONDING TO THE LICENSE YOU PURCHASED, WHICH SETS FORTH THE GENERAL TERMS AND CONDITIONS FOR THE USE OF THE LICENSED SOFTWARE. IF YOU DO NOT KNOW WHICH TYPE OF LICENSE YOU HAVE ACQUIRED, PLEASE CONSULT THE SALES AND OTHER RELATED LICENSE GRANT OR PURCHASE ORDER DOCUMENTS THAT ACCOMPANY YOUR SOFTWARE PACKAGING OR THAT YOU HAVE RECEIVED SEPARATELY AS PART OF THE PURCHASE (AS A BOOKLET, A FILE ON THE PRODUCT CD, OR A FILE AVAILABLE ON THE WEBSITE FROM WHICH YOU DOWNLOADED THE SOFTWARE PACKAGE). IF YOU DO NOT AGREE TO ALL OF THE TERMS SET FORTH IN THE AGREEMENT, DO NOT INSTALL THE SOFTWARE. IF APPLICABLE, YOU MAY RETURN THE PRODUCT TO MCAFEE OR THE PLACE OF PURCHASE FOR A FULL REFUND. 2 McAfee Vulnerability Manager Release Notes

3 Contents 1 About this release 5 2 Resolved issues 7 3 Installation instructions 15 4 Known issues 17 5 Find product documentation 19 McAfee Vulnerability Manager Release Notes 3

4 Contents 4 McAfee Vulnerability Manager Release Notes

5 1 1 About this release This document contains important information about the current release. We recommend that you read the whole document. This release was developed for use with: McAfee Vulnerability Manager or later Purpose This release provides the following updates: OpenSSL 1.0.2n upgrade. Telemetry is disabled by default. Other fixes as listed in the Resolved issues section. Rating Rating Recommended Mandatory Critical High Priority Recommended Required for all environments. Apply this update at the earliest convenience. A patch that resolves non-severe issues or improves product quality is considered Recommended. Not applicable to hotfixes, because hotfixes are only created in response to a business-impacting issue. For more information, see KB McAfee Vulnerability Manager Release Notes 5

6 1 About this release 6 McAfee Vulnerability Manager Release Notes

7 2 Resolved 2 issues The current release of the product resolved these issues. For a list of issues fixed in earlier releases, see the Release Notes for the specific release. MVM issues You can now import bulk IP addresses. ( ): Previously, for non-credential scans, Remediation results were not getting updated in the database. This issue is now fixed. ( ). Fixes the issue with Scan Engine and Scan Controller communication in Microsoft Windows Server 2003 systems ( ). Report generation no longer fails in Windows Server 2008 systems ( ). MVM issues This release fixes the following FASL script update issues ( ): The Force FASL Script Update task now successfully updates the script directory with all the FASL scripts. All the FASL scripts are now updated successfully in the newly deployed scan engines. The Custom Vulnerabilities CSV Report no longer displays empty service fields for ports that do not have an associated service ( ). The value of PHP related IIS handler settings by McAfee Vulnerability Manager is now secured ( ). MVM issues PCI scans now successfully run even when they detect only low risk vulnerability on authenticated non-pc assets such as routers. ( ) McAfee Vulnerability Manager now supports both RSA and AES256 encryption to avoid authentication issues with McAfee Vulnerability Manager Open API SDK environment. ( ) McAfee Vulnerability Manager web interface displays the correct vulnerability details for non-english configurations. ( ) Fixes the issue with SMTP notification where notification service was sending blank password after an update to McAfee Vulnerability Manager ( ) Fixes the issue with non-english locales where each subsequent report included Vulndatabse-V2.xml file that consumed additional storage. ( ) Scans no longer hang when the OS name for an asset contains quotes ("). ( ) Fixes the issue where the Module ID doesn't update while an existing custom FASL script is being updated. ( ) McAfee Vulnerability Manager Release Notes 7

8 2 Resolved issues OpenSSL libraries upgraded to version 1.0.2j to fix vulnerabilities that were present in previous versions of OpenSSL. ( ) McAfee Vulnerability Manager certificates have been migrated to SHA-2 SSL Certificates generated by internal McAfee Vulnerability Manager certificate authority. ( ) Generate and install the SHA-2 SSL certificates from the Configuration Manager console. MVM issues In Policy Manager, domain user accounts can now be used in User Assignment Rules to impersonate a client after authentication. ( ) In Policy Manager, the Windows Server 2008 R2 policy settings can now be customized. ( ) Fixed the issue where asset vulnerabilities records were showing an end date even when they were still vulnerable. ( ) Fixed the issue where users were able to view tickets for the scans for which they do not have permissions. ( ) Fixed the fingerprinting issue for VMware vcenter HTTPS application. ( ) Running a scan on a target, which has a service using multiple ports, now report consistent port numbers for the service in the database. ( ) McAfee Vulnerability Manager web portal is mitigated from the Cross-Site Request Forgery (CSRF) exploits. ( ) Multiple scan requests for the scans that were scheduled to run simultaneously are accepted and scans are run without any failures. ( ) Scans with large memory usage do not result in scan errors. ( ) Cisco IOS-XE targets can be detected in scans. ( ) PCI Non-intrusive scans on a target do not result in a failure when there are only informational vulnerabilities reported for the target. ( ) XCCDF scan reports no longer show previous job results. ( ) McAfee Vulnerability Manager logs exclude Network interfaces have been discovered Successfully messages unless you enable it in registry. ( ) The Compliance Scan Based reports now includes authenticated_hosts.csv. ( ) Vulnerability scan report displays correct count of vulnerability on the Summary and Foundscore pages. ( ) OpenSSL libraries upgraded to version 1.0.1q to fix OpenSSL vulnerabilities. ( ) Fixed the issue where McAfee Vulnerability Manager overrides the OS identification based on a configuration file. ( ) Fixed the security vulnerabilities in McAfee Vulnerability Manager web portal reported by ArtsSEC. ( ) The McAfee Vulnerability Manager Licensing includes count of only those hosts that have successfully completed the assessment. ( ) McAfee Vulnerability Manager scans Windows 10 targets now. ( ) Fixed the security vulnerabilities by replacing the encryption algorithms for scan credentials. ( ) 8 McAfee Vulnerability Manager Release Notes

9 Resolved issues 2 MVM issues If an active network adapter of a target asset is not found in a scan, the discovery module retries to fetch its network information. ( ) An upgrade from McAfee Vulnerability Manager to does not fail. ( ) The IP address and IPAddressStr columns in dbo.assets display consistent values. ( ) Reports can be generated in PDF format even when it contains large data with many vulnerabilities. ( ) Organization tree on the Scan reports page can be expanded to view suboptions. ( ) A scan does not fail intermittently with a primary key error. ( ) Passwords are stored in a more secured way in the database. ( ) McAfee Vulnerability Manager is now protected against Cross Frame Scripting vulnerability. ( ) XCCDF scans can run on target assets that are running on Red Hat Enterprise Linux 6 and 7. ( ) Authenticated scan reports display the port number of the target assets as 0 instead of the ports that were used for authentication. (991003) Vuln sets can be enabled to save the selections made in the Vuln Tree. ( ) For step-by-step instructions, see the McAfee Support article at page=content&id=kb OpenSSL libraries upgraded to version 1.0.1m to fix OpenSSL vulnerabilities. ( ) Disables SSL v3 on McAfee Vulnerability Manager appliances to avoid Padding Oracle on Downgraded Legacy Encryption (POODLE) vulnerability associated with it. ( ) This change is only applicable to McAfee Vulnerability Manager appliances. PuTTY software upgraded to version 0.64 to fix vulnerabilities found in PuTTY version 0.63 and earlier. ( ) Resolves an issue where a scan fails with the following error. ( ) Arithmetic overflow error converting IDENTITY to data type int. Doesn't display same IP address for different hosts in a CSV report. ( ) MVM issues Correct operating system of an asset running on Windows 2012 is identified when you run a scan with credentials. ( , , , ) Correct vulnerability count is displayed on the Organizational trend count report dashboard. (981882) FASL script download resumes if the previous download session disconnected abruptly. (977350) TCP Services scan on all ports using the Full Connect Scan option does not fail with the Windows socket error (986444) Accepts SNMP Command for ticket verification. (987131) Paused time is no longer added to the host assessment time to avoid early time-out. (984466) FASL script updates to the scan engine do not fail or take a longer time. (988240) A scan does not fail when asset addresses of a host exceed the value range of a smallint (0 65,535) characters length. ( ) McAfee Vulnerability Manager Release Notes 9

10 2 Resolved issues Tickets do not close automatically for Shell and Windows authentication based scans even when the authentication ports are blocked. (975621) Duplicate assets are no longer added to the MVM database. ( , ) Windows policy settings on the Policy Manager page can be updated. ( ) Vulnerability Count by Severity and Vulnerability Count Trend dashboards display consistent data. (974548) The Vulnerability Count by Severity dashboard does not contain deleted asset data. ( ) Discovery timeout value can be tweaked to avoid scan failures due to simultaneous scans. ( ) Custom reports include data about IP addresses of the active and inactive assets when one date report is generated with Use Most Recent Data. ( ) Correct date and time are displayed on the drill-down page of the Vulnerability Count by Severity dashboard. ( ) Exported FASL scripts contain the value for Credentials Required. ( ) Blocked services data is not included in a custom report with Use Most Recent Data. ( ) PCI-based scan displays the correct result. ( ) MVM is now integrated with the out-of-box CyberArk 7.2. (973822) Multiple instances of vulnerabilities for the same asset are added in reports. ( ) Duplicate FASL scripts are not downloaded to scan engine. ( ) Some scripts that require Null/None credentials display correct results when scanned. (973361) MVM issues Provides a tweak to disable edit permissions for Workgroup admin accounts to change or delete scripts on the FASL editor. (896779) Scans do not fail when a web asset is added using the Browse option on the scan configuration page. (945267) Correct scan engine is displayed for scans that are scheduled to run in future. (946284) Tickets for vulnerabilities with Indeterminate results do not close automatically. (947361) Consistent asset data is imported even when using multiple LDAP data sources simultaneously. (950722) Custom reports include Vulnerability reports even when one date report is generated with a specific date instead of the Use Most Recent Data option. (950764) User activities of deleted users are not logged on Ticket Activity. (952020) notifications for scan end display correct end time instead of incorrectly reporting the scan start time. (952020) A warning message to enter password no longer appears when the scan is configured to use Shell credentials with certificates and not a password. (952649) Results of running McAfee epo queries on asset tags do not include assets from Custom Report Templates even when they share a common name. (955815) Users can now be created with the password with all supported special characters. (956093) A domain user can now log on using radius authentication and by symbol in the user name field. (963035) 10 McAfee Vulnerability Manager Release Notes

11 Resolved issues 2 Custom reports generated in PDF format display correct report generation time. (963048) Provides a tweak to enable bulk import for CyberArk user credentials using a CSV file. (964042) Results of running MVM System Vulnerabilities query also include CVE data. (972800) Custom reports include data about IP addresses of the assets even when one date report is generated with a specific date instead of the Use Most Recent Data. (954792) Scans do not fail with the error Missing FASL script after publishing custom scripts. (977967) Correct status message is displayed when there is a delay in applying dynamic tags to many assets. (957157) Scans report the correct operating systems of non-window assets instead of reporting their operating system as Windows. (980501) MVM issues Fixed the Vulnerability Check Configuration Report to display "FID" instead of "ID". Fixed the minutes to seconds conversion that determines the duration of the Transform.exe operation. Enhanced the report server to support the more compact form of the vulndatabase.xml content update file. Fixed empty CVE entry in the CyberScope report. Fixed Discovery module to select the source IP address most appropriate for the determined best route to the target. Fixed hang condition in the Web Scanner engine by detecting and disallowing unsupported self-referring objects. Fixed premature web scanner process termination. Fixed the statistics shown in the Asset Identification Rules display. Fixed issues with creating unnamed WebApp, CredentialSet, and VulnSet with the scan configuration's organization instead of the logged on user's organization. Also unnamed WebApp are removed, when deleting a scan configuration. Fixed the scan post processing to select stale address entries as deletable and updated the search/query operations to ignore these address entries. Fixed reporting of duplicate services. Fixed the OVAL compare function between a multi-string state entity object and a multi-string variable reference. Fixed deadlock detection in FSAssessment when all queued batches have completed assessment but memory usage beyond the maximum threshold prevents the processing of additional batches. Fixed WHAM module to reduce the frequency of the close-connection log messages. Improved its performance when running on networks with significant network latency. MVM issues Fixed Solaris OVAL Checks to capture results for processes that have started (oval-solaris.fasl3.inc). Fixed Cyberscope formatting by removing extra white space in: "cpe:/a:mcafee:vulnerability_manager:7.5.4" Fixed the engine selection/de-selection to give GlobalAdmin and OrgAdmin users the capability to add engines to a workgroup regardless of whether the engine is in use in the parent organization. Fixed warning message on deleting workgroups to include Web App Configs and Credential Sets as components that can prevent a user from being able to delete a workgroup. McAfee Vulnerability Manager Release Notes 11

12 2 Resolved issues Fixed starting of shell scripts to randomize sequence and fixed timeout after submitting batches to FSAssessment for processing. Fixed the SQL datetime conversion error by changing the date format to be language-agnostic for the McAfee epo data synch operation. Fixed asset tagging based on vulnerability name. Improved the performance of the Dashboard display when the "Save Vulnerability Data" retain setting is configured with "All". Fixed scan engine to support enabling the Remote Registry service on WIN2K3 and WINXP targets. MVM issues Fixed the result processor to compute the FASL output hash regardless of the "System cryptography" local security policy setting. Fixed the web module access violation while parsing the web application URL. Fixed organization deletion so that credential sets are not deleted unless they are defined in the organization. MVM issues Fixed the asset IP address save operation to eliminate duplicates. Fixed MVM Data Import using McAfee epo data source filter. Improved the performance of the save scan. Fixed the asset advanced search to allow at least 10 IP addresses in the search criteria. Fixed the delete user operation to preserve the ticket status when possible. Fixed close ticket operation when invoked from SNMP. Fixed violation of PRIMARY KEY constraint 'TagAssetsPK' error on scan startup. Fixed the Foundstone Notification Service crash when using SNMP. Extended the timeout for workgroup delete operations. Fixed the script return code to indicate non-vulnerable when the target OS does not match the script 's filter. Fixed the crash in FSAssessment.exe when logging long diagnostic messages. Fixed ticket verification when the target is unreachable. Fixed first found and last found dates in the CSV reports. Fixed Report Server transform process error due to premature timeout. Fixed CSV-only ed reports to exclude extraneous folder. Fixed report server crash while generating custom HTML report. Fixed scan description text. Fixed primary/secondary phone number text validation. Fixed the report generation schedule editor to preserve the recurring report generation schedule. Fixed SQL Server error when creating a Dynamic tag based on multiple IP addresses. Fixed Web Module authentication when using NTLM. 12 McAfee Vulnerability Manager Release Notes

13 Resolved issues 2 MVM issues Fixed asset reconciliation to ignore previous (stale) IP address entries. Fixed MyFoundscore display in Enterprise Manager for workgroup administrators. Fixed possible XSS injection. Fixed Vulnerability Set filter for the "Patch Availability" condition. Fixed the error handler for the TCP banner grabbing in the Discovery module. Improved the performance of the WebModule XML result file generator and added logging of MVM build number in the "fsa" log file. Fixed the error "violation of primary key constraint" reported by stored procedure "ReconUpdateAssetProperties_Service_Vuln". Fixed OS identification to show 'R2' as it applies to Windows Server Updated the "Preferences" dialog box in the Foundstone Configuration Manager application to accept 548 as the maximum of days (about 1.5 years or 18 months). Fixed scan controller loop when the scan is finishing and the user who started the scan has been moved or deleted. Fixed detection of available network stacks before each scan and log diagnostic message if the required stack is not available. Fixed scanning of Windows 8 and Windows 2012 targets. Fixed TNS service protocol detection. Fixed OS filter in the Wireless module. Fixed retrieval of version number from remote files. MVM issues Fixed infinite loop in Discovery module during TCP/UDP fingerprinting. Fixed form authentication using a credential that includes the character "ñ". Fixed FSAssessment crash in the FASLModule. Fixed date format specification for the FSUpdate table SQL query. Fixed XCCDF Benchmark reports for STIG templates. Fixed date conversion error while updating the job state on a British-English SQL Server. Fixed the MVM Data Import task invoked by the MVM extension. Fixed the Vuln Set rule editor to hide the preview button until the editor has completed processing. Fixed the workgroup-delete operation to display an error when the delete fails. Fixed the role editor to allow the viewing of the complete organization tree. Fixed the FASL engine script launcher to avoid running too many scripts simultaneously against one target. Fixed Dashboard Risk Trend Graph not Loading. Fixed premature timeout determination made by the API and script monitoring object and improved its performance when running on networks with significant network latency. McAfee Vulnerability Manager Release Notes 13

14 2 Resolved issues 14 McAfee Vulnerability Manager Release Notes

15 3 Installation instructions For information about installing or upgrading Vulnerability Manager, see McAfee Vulnerability Manager 7.5 Product Guide. McAfee Vulnerability Manager Release Notes 15

16 3 Installation instructions 16 McAfee Vulnerability Manager Release Notes

17 4 Known issues For a list of known issues in this product release, see this McAfee KnowledgeBase article: KB McAfee Vulnerability Manager Release Notes 17

18 4 Known issues 18 McAfee Vulnerability Manager Release Notes

19 5 5 Find product documentation On the ServicePortal, you can find information about a released product, including product documentation, technical articles, and more. Task 1 Go to the ServicePortal at and click the Knowledge Center tab. 2 In the Knowledge Base pane under Content Source, click Product Documentation. 3 Select a product and version, then click Search to display a list of documents. McAfee Vulnerability Manager Release Notes 19

20 5 Find product documentation 20 McAfee Vulnerability Manager Release Notes

21 0-00