NVD Version Limits: Version End Excluding
This is a subtitle for your new post
We have thus far covered a few cases of how to detect the application but we haven’t yet moved to how to determine what a resolution to the vulnerability is in this case we are still exclusively looking at NVD configurations. Working with vendors security portals is a much later topic where you can get into detecting conjugation of the application.
There are 4 primary version checks they are Version End Excluding, Version End Including, Version Start Including, and Version Start Excluding. Of all these the one you will find most frequently is a Version End Excluding. I attached an exert to the vulnerability CVE-2023-6336. Again not targeting any specific vendor or software, just using a recent at the time of writing example.
It should be noted there are 3 other fix versions that will be discussed much later. The version IS statement, the no fix will be provided statement, and the redirect to a different source common for Microsoft. Later blog posts.
CVE-2023-6336
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hypr:workforce_access:*:*:*:*:*:*:*:*",
"versionEndExcluding": "8.7",
"matchCriteriaId": "83E3E9E9-12B1-41CE-B254-894EDCC79B3F"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
"matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E"
}
]
}
]
}
Version End Excluding covers the vast majority of reports as it informs you of the fix version. You can see this in many of the XDR agents that include remediation guidance. You can pull them directly from this record and reflect them to a customer without modification.
For this vulnerability you know that something in the family of 8.7 exists and that version specifically remediated this vulnerability. Thus the easiest method of detection
Thanks for reading