Just when you’d finished wiping away your WannaCry tears, the interwebs dropped another bombshell: a nasty Samba vulnerability, CVE-2017-7494 (no snazzy name as of the publishing of this blog, but hopefully something with a Lion King reference will be created soon).
As with WannaCry, we wanted to keep this simple. First, check out Jen Ellis's overview of the Samba vulnerability, and then review the below steps to quickly scan for this vulnerability on your own infrastructure and create a dynamic asset group for tagging and reporting. If you aren’t already a customer, you can use this free trial to scan for the Samba vulnerability across your environment.
Here is the InsightVM/Nexpose step-by-step guide to create a scan template specifically to look for CVE-2017-7494:
1. Under administration, go to manage templates.
2. Copy the following template: Full Audit enhanced logging without Web Spider. Don’t forget to give your copy a name and description!
3. Click on Vulnerability Checks and then “By Individual Check”
4. Add Check “CVE-2017-7494” and click save.
This should come back with 41 checks that are related to CVE-2017-7494.
5. Save the template and run a scan to identify all assets with CVE-2017-7494.
Creating a Dynamic Asset Group for CVE-2017-7494
Now that you have your assets scanned, you may want to create a Dynamic Asset Group off of which to report/tag off of that will update itself whenever new assets are found with this vulnerability (and when they are fixed). To get started, click on the filter icon in the top right of the InsightVM console, just under the search button.
Now, use the "CVE ID" filter to specify the CVE:
This asset group can now be used for reporting as well as tagging to quickly identify exposed systems.
Using these steps, you’ll be able to quickly scan as well as report on the Samba vulnerability. Let us know if you have any more questions!