Dashboard Toolbox - VM DASHBOARD BETA: Security Notification for Sudo Vulnerability (CVE-2019-14287) v2.0

Document created by DMFezzaReed Employee on Oct 15, 2019Last modified by DMFezzaReed Employee on Nov 7, 2019
Version 6Show Document
  • View in full screen mode

Attached JSON file updated Nov 07, 2019. by DMFezzaReed

This page contains information to create a CVE-2019-14287 QID VM Dashboard leveraging data in your Qualys Vulnerability Management subscription. 

 

 

 

 

 

 

 

As of this posting, the following QIDs are associated with this vulnerability:

 

 

 

 

Updated As of 10/28/2019 (v2.0), three additonal QIDs have been added: 

 

 

 

 

 

 

Should any additional QIDs be added for CVE-2019-14287, please refer to "How to Update this Dashboard" section below.

 

 

 

 

 

 

 

Note: More QIDs to follow as vendor confirm and release updates for their distros

 

 

 

This dashboard is part of the New VM Dashboard Beta program is not intended for production use, and subject to modification without notice.  If you have any questions regarding the content, please comment below or Contact Support - Technical Assistance Inquiry Form | Qualys, Inc.

 

 

 

Related Post: TBA

 

 

 

 

 

The widgets in this dashboard are based on the following base query:

 

 

 

 

 

VULNERABILITY: 

 

 

 

CVE-2019-14287 QIDs:

vulnerabilities.vulnerability.qid:172628
vulnerabilities.vulnerability.qid:177379
vulnerabilities.vulnerability.qid:197665
vulnerabilities.vulnerability.qid:351703
vulnerabilities.vulnerability.qid:351709
vulnerabilities.vulnerability:(qid:172628 OR qid:177379 OR qid:197665 OR qid:351703 OR qid:351709)

v2.0 Three Additional QIDs added:

vulnerabilities.vulnerability.qid:172664
vulnerabilities.vulnerability.qid:172668
vulnerabilities.vulnerability.qid:372173
vulnerabilities.vulnerability:(qid:172628 OR qid:172664 OR qid:172668 OR qid:177379 OR qid:197665 OR qid:351703 OR qid:351709 OR qid:372173)

 

 

 

 

 

VULNERABILITY: These QIDs provide supporting details related to the QIDs above:

 

 

 

Unix Authentication Method: vulnerabilities.vulnerability.qid:38307

Unix Authentication Not Attempted: vulnerabilities.vulnerability.qid:105297

Unix Authentication Failed: vulnerabilities.vulnerability.qid:105053

Unix Authentication Timeout Occurred: vulnerabilities.vulnerability.qid:115263


Paired each of the above with the operatingSystem tokens below to narrow results:

operatingSystem:amazon linux
operatingSystem:debian
operatingSystem:suse
operatingSystem:ubuntu

v2.0 OS Added:
operatingSystem:red hat

 

 

 

 

 

ASSET:

 

 

 

trackingMethod:IP
trackingMethod:QAGENT
aws.ec2.instanceState:"RUNNING"
azure.vm.state:"RUNNING"
provider:"GCP"

 

 

 

Consider the possibilities for this dashboard.  It could be updated to report by status (vulnerabilities.status: [NEW,ACTIVE,REOPENED,FIXED]), or patchable vs. configuration (vulnerabilities.vulnerability.patchAvailable: TRUE/FALSE).  For examples of widgets using these tokens, please visit Dashboard Toolbox - Top 10 Vulnerabilities Scorecard BETA.

 

 

 

 

IMPORTANT: Importing Dashboard and/or Widget JSON files - Enable historical data collection

 

 

 

When you export dashboard(s) and/or widget(s) that have "Enable historical data collection" turned on, and then import them later, you will have to manually "Enable historical data collection" following your import.  This is by design.  The action of turning on this feature starts the clock for data retention.

 

 

 

 

 

 

 

 

 

 

Demonstration Image(s)

 

 

 

 

 

 

 

 

 

 

 

How to Update this Dashboard

 

 

 

In the event additional QIDs are added to CVE-2019-14287, below are images on which widget(s):

 

 

 

  1. Require NO Updates
  2. Need to be Added and Configured
  3. Require Vulnerability query modification

 

  

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

If you have any questions, please post them below, contact your TAM, or Contact Support - Technical Assistance Inquiry Form | Qualys, Inc..

 

 

 

 

 

 

 

 

 

Back to Dashboard Toolbox - New Vulnerability Management (VM) Dashboard BETA 

 

Back to Dashboards and Reporting Resources - Start Here 

Outcomes