Script not pulling back any NIST info, and limited VC info
Closed this issue · 6 comments
Describe the bug
I recently started using this script, and was really impressed with it. Great work! That being said, I noticed a few issues:
- Even with a valid NIST NVD API key, I can never seem to pull back data... always "Not found"
- The VulnCheck scoring was originally working for the most part, but I did noticed for certain CVE's the script would error out (ex CVE-2024-28088).
- More recently I noticed that for CVE's I had previously been able to query, many of those are returning "Not found in EPSS" error. I thought maybe my VC API key had been disabled or rate limited, but even with a new key I'm still getting inconsistent results.
To Reproduce
Commands used:
- python cve_prioritizer.py -v -c CVE-2023-3635
- python cve_prioritizer.py -vc -v -c CVE-2024-25723
- python cve_prioritizer.py -vc -v -c CVE-2020-7774
Hi @commcer0 sorry to hear that and thanks for raising this issue, I'll try to replicate on my side and update the script if required.
Can you share some additional details if you dont mind?
- What Operating System are you using?
- What version of CVE Prioritizer are you running?
- Are you using VPN?
Thanks in advance
Hi @commcer0, thanks for the screenshots; I'm looking into this now and noticed that EPSS could be the source of the problem for the "Not Found in EPSS" error. I'm going to add more descriptive error messages to help with troubleshooting this sort of issue.
I'm also considering returning a default value of zero when EPSS is unavailable, as the rest of the information can still be used to prioritize the CVEs. I would love to hear your thoughts on this.
Hi @commcer0, I recently updated the script and have tested it using the same commands as you and got the results without errors, would you mind testing it again from your end?
Thanks
Mario
I just tested and it worked seamlessly. No issues with any of the CVEs I tested. Nice work! And thanks for addressing this.