Answer
YES and NO.
LanGuard will remediate CVE/OVAL vulnerabilities that are related to patches of supported applications.
It WILL NOT remediate vulnerabilities of unsupported applications OR vulnerabilities detected that do not have associated patches. Of these vulnerabilities, there are 2 types:
It WILL NOT remediate vulnerabilities of unsupported applications OR vulnerabilities detected that do not have associated patches. Of these vulnerabilities, there are 2 types:
Configuration issues
Some vulnerabilities involve configuration issues that must be addressed by administrators of the systems being scanned. In this case LanGuard normally provides information about the vulnerability as well as links to sites that discuss the vulnerability as well as solutions.
Application vulnerabilities:
Other vulnerabilities involve application weaknesses that have been discovered but the vendor has not provided a patch yet. In this case you will normally have to look at the links LanGuard provides that discuss options and solutions to the problem (until a patch for the affected application is published).
Note on terminology:
Common Vulnerabilities Exposures (CVE):
- CVE contains the information on what a vulnerability is - it's definition. It was created as a "common" source for data on the vulnerability that different tools can reference. Unlike many anti-virus products that will have different names for the same virus, CVE is the "common name" for the vulnerability. See: http://cve.mitre.org/about/index.html for more information.
- The CVE Number link should be the starting point investigations into options for remediating vulnerabilities that do not have associated patches. This site usually has a link that says "Click here to learn more at the National VulnerabilIties Database"
National Vulnerabilities Database (NVD)
- NVD is where your search of the CVE should end up. This is the source that contains the real information on what you can do to fix the problem.
Open Vulnerability and Assessment Language (OVAL)
- OVAL is a language that describes how to determine if a vulnerability is on a particular system. These definitions are downloaded by LanGuard and other products and used as definitions to scan for their associated vulnerability. Generally, this information is less useful to users unless there is a problem with vulnerability detection.
OVAL and CVE are organizations that are sponsored (funded) by the US Department of Homeland Security's Office of Cybersecurity and Communications
NVD is part of the US Department of Homeland Security