Menu

Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

Sign In Register

Capture Client application vulnerability detection is wholly unreliable

mangonacremangonacre Newbie ✭
in Capture Client

I'm curious what resources are being used to determine whether an application version installed on an endpoint has any known vulnerabilities. I have received some alerts from Capture Client for vulnerable versions here and there, but having just done a manual check, it seems that relying on this system would be a mistake.

As an example: Wireshark 3.6.1. In the details section for this app in the Capture Client Management console, it says, "This app has no known vulnerabilities."

MITRE and the NVD disagree, with one rated Critical, and three of the rest rated High:

https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=wireshark

CVE-2022-0586, CVE-2022-0585, CVE-2022-0583, CVE-2022-0582 (Critical), CVE-2022-0581

Category: Capture Client
Reply

Comments

  • BWCBWC Cybersecurity Overlord ✭✭✭

    @mangonacre did you ever sorted this out? On my SentinelOne Console (native, not CaptureClient) I finally saw the AppRisk for Wireshark 3.6.1 as critical on a macOS Client but 3.6.1.0 for Windows has no KnownRisk.

    I already had a new version of Wireshark on that macOS Client but it took ages to make S1 realize that there is an updated version to evaluate. The App Inventory should be updated once a day, but I guess that varies.

    SentinelOne considers Application Vulnerability Detection as Beta and might get an complete overhaul in the future (no ETA on that).

    --Michael@BWC

Sign In or Register to comment.