Install

git clone https://github.com/ajread4/cve_pull.gitcd cve_pullpip3 install -r requirements.txt

Usage

$ python3 cve_pull.py -husage: cve_pull.py [-h] [-c  cve] [-f  cve_file] [-d]cve_pull - a tool to pull information regarding a CVE or multiple CVEs from the National Vulnerability Database (NVD).options:  -h, --help            show this help message and exit  -c  cve, --cve cve    specify the CVE #  -f  cve_file, --file cve_file                        specify a CSV with multiple CVE #s in a single column  -d, --description     return the description of the CVE

Example

$ python3 cve_pull.py -c CVE-2020-0764CVSS2 Score: 4.6 MEDIUMCVSS3 Score: 7.8 HIGH

$ python3 cve_pull.py -c CVE-2021-45046 -dCVSS2 Score: 5.1 MEDIUMCVSS3 Score: 9.0 CRITICALDescription: It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations. This could allows attackers with control over Thread Context Map (MDC) input data when the logging configuration uses a non-default Pattern Layout with either a Context Lookup (for example, $${ctx:loginId}) or a Thread Context Map pattern (%X, %mdc, or %MDC) to craft malicious input data using a JNDI Lookup pattern resulting in an information leak and remote code execution in some environments and local code execution in all environments. Log4j 2.16.0 (Java 8) and 2.12.2 (Java 7) fix this issue by removing support for message lookup patterns and disabling JNDI functionality by default.

$ python3 cve_pull.py -f /home/ajread/code/KEV_CVEs.csvCVE: CVE-2004-27615.0 MEDIUMNo CVSSv3 ScoreCVE: CVE-2012-18237.5 HIGHNo CVSSv3 ScoreCVE: CVE-2013-06409.3 HIGHNo CVSSv3 ScoreCVE: CVE-2013-06419.3 HIGHNo CVSSv3 ScoreCVE: CVE-2013-16096.8 MEDIUMNo CVSSv3 Scores

$ python3 cve_pull.py -c CVE-2019-0708 -tCVSS2 Score: 10.0 HIGHCVSS3 Score: 9.8 CRITICALPublished Date: 05/16/2019

Author