With the newest patches released, we created two projects yesterday. One for CVE-2023-36802 and other for CVE-2023-36761. This was done around 4pm. As of this morning, both projects still state there are no vulnerable machines.
Yet when you search for the CVE’s themselves in the vulnerabilities blade, they both return “X” amount of machines vulnerable. This isn’t the first time the projects have returned zero results.
Currently, the query is set to:
asset.lastScanTime >= /NOW - P14D/ && vulnerability.cveIds IN ['CVE-2023-36802'] && asset.os.description DOES NOT CONTAIN 'Windows Server'
It’s the same query we’ve always used for the last year or so, but change out the CVE’s each month. I made a new one searching for just the CVE and it still returns zero results. Doesn’t matter how we build out the queries, the projects aren’t returning results.
Figured i’d come here before opening a support ticket to see if anyone else has had this issue and how it was resolved.