CVE vulnerability check

qbee can create an inventory of all installed libraries on remote Linux edge devices. This is compared against the CVE number in the NIST security database. Any possible CVE security vulnerabilities are visualized with their according score and a link to additional information. Some of this information is displayed on the main page for a quick and easy overview:

!qbee-vulnerability-check-CVE-1

A more detailed analysis of CVE security vulnerabilities in the system can be obtained in the devices inventory tab and in the CVE menu itself. All installed libraries on the different target devices are constantly monitored against the CVE database. This way qbee can immediately warn users if new vulnerabilities are detected. Not all vulnerabilities are critical or relevant. Therefore there is a rating score applied to each. This allows to quickly judge the severity. In addition reviewed vulnerabilities can be disabled or deleted if they are not relevant. Disabling or deleting a CVE message will create log information in the audit trail. There the reason for disabling or deleting the CVE item can be stated such that also this is traceable and can be understood by all operators of qbee.

CVE score from NIST

Not all CVE security entries are critical. Please review and understand how the vulnerability impacts your device/system. If the impact is negligible the CVE entry can be disabled/deleted. We link to additional NIST information.

!qbee-cve-analysis1

In the above example a CVE for openssl on 4 different Raspberry Pi devices is detected. This is always worth investigating. Clicking on the vulnerability will give additional information:

!qbee-cve-analysis2

In this view you get the following information:

  • how many devices are impacted (4 out of 15, all Raspberry Pi)
  • which devices are impacted (raspberry-pi-1..5)
  • when was this detected
  • which package is impacted (1.0.1k-3+deb8u1)

Clicking on the NIST source gives detailed background information:

!qbee-cve-analysis3

Tip

Here it is a clear recommendation to update those 4 impacted Raspberry Pi devices.

Available new libraries are indicated

If there are new library versions in the repository qbee will show this, and it is recommended to update or investigate if the new library update fixes the security issue.

Below we shown an example of available updates in the software inventory tab (this is not for the Raspberry Pi but for the Systec ctr-700)

!qbee-inventory-libraries