regscale-cli 6.16.4.1__py3-none-any.whl → 6.18.0.0__py3-none-any.whl

regscale/integrations/commercial/tenablev2/click.py

@@ -7,6 +7,7 @@ from concurrent.futures import wait
 from typing import TYPE_CHECKING
 
 from regscale.integrations.integration_override import IntegrationOverride
+from regscale.validation.record import validate_regscale_object
 
 # Delay import of Tenable libraries
 if TYPE_CHECKING:
@@ -46,6 +47,7 @@ from regscale.core.app.utils.app_utils import (
     check_license,
     create_progress_object,
     epoch_to_datetime,
+    error_and_exit,
     format_dict_to_html,
     get_current_datetime,
     regscale_string_to_epoch,
@@ -124,6 +126,9 @@ def import_nessus(folder_path: click.Path, regscale_ssp_id: click.INT, scan_date
     """Import Nessus scans, vulnerabilities and assets to RegScale."""
     from regscale.integrations.commercial.nessus.scanner import NessusIntegration
 
+    if not validate_regscale_object(regscale_ssp_id, "securityplans"):
+        logger.warning("SSP #%i is not a valid RegScale Security Plan.", regscale_ssp_id)
+        return
     NessusIntegration.sync_assets(plan_id=regscale_ssp_id, path=folder_path)
     NessusIntegration.sync_findings(
         plan_id=regscale_ssp_id, path=folder_path, enable_finding_date_update=True, scan_date=scan_date
@@ -971,12 +976,13 @@ def gen_tsc(config: dict) -> "TenableSC":
     :return: Tenable client
     :rtype: "TenableSC"
     """
+    from restfly.errors import APIError
     from tenable.sc import TenableSC
 
     if not config:
         app = Application()
         config = app.config
-    return TenableSC(
+    res = TenableSC(
         url=config["tenableUrl"],
         access_key=config["tenableAccessKey"],
         secret_key=config["tenableSecretKey"],
@@ -984,6 +990,11 @@ def gen_tsc(config: dict) -> "TenableSC":
         product=REGSCALE_CLI,
         build=__version__,
     )
+    try:
+        res.status.status()
+    except APIError:
+        error_and_exit("Unable to authenticate with Tenable SC. Please check your credentials.", False)
+    return res
 
 
 def gen_tio(config: dict) -> "TenableIO":
@@ -995,9 +1006,10 @@ def gen_tio(config: dict) -> "TenableIO":
     :rtype: "TenableIO"
     """
 
+    from restfly.errors import UnauthorizedError
     from tenable.io import TenableIO
 
-    return TenableIO(
+    res = TenableIO(
         url=config["tenableUrl"],
         access_key=config["tenableAccessKey"],
         secret_key=config["tenableSecretKey"],
@@ -1006,6 +1018,16 @@ def gen_tio(config: dict) -> "TenableIO":
         build=__version__,
     )
 
+    try:
+        # Check a quick API to make sure we have access
+        res.scans.list(last_modified=datetime.now())
+    except UnauthorizedError:
+        error_and_exit(
+            "Unable to authenticate with Tenable Vulnerability Management (IO). Please check your credentials.", False
+        )
+
+    return res
+
 
 def get_controls(catalog_id: int) -> List[Dict]:
     """

regscale/integrations/commercial/tenablev2/scanner.py

@@ -6,9 +6,9 @@ import datetime
 import json
 import linecache
 import logging
+from pathlib import Path
 from typing import Any, Dict, Iterator, List, Optional, Tuple
 
-from pathlib import Path
 from tenable.errors import TioExportsError
 
 from regscale.core.app.utils.app_utils import get_current_datetime

regscale/integrations/scanner_integration.py

@@ -2392,53 +2392,97 @@ class ScannerIntegration(ABC):
         :rtype: int
         """
         if not self.close_outdated_findings:
-            # This should normally be set to True, but on POAM import, we do not want to automatically close issues,
-            # unless the sheet specifies to do so
             logger.info("Skipping closing outdated issues.")
             return 0
 
         closed_count = 0
         affected_control_ids = set()
+        count_lock = threading.Lock()
 
-        # Get all open issues for this security plan
         open_issues = regscale_models.Issue.fetch_issues_by_ssp(
             None, ssp_id=self.plan_id, status=regscale_models.IssueStatus.Open.value
         )
-
-        # Create a progress bar
         task_id = self.finding_progress.add_task(
             f"[cyan]Analyzing {len(open_issues)} issue(s) and closing any outdated issue(s)...", total=len(open_issues)
         )
 
-        for issue in open_issues:
-            if self.should_close_issue(issue, current_vulnerabilities):
-                issue.status = regscale_models.IssueStatus.Closed
-                issue.dateCompleted = get_current_datetime()
-                changes_text = f"{get_current_datetime('%b %d, %Y')} - Closed by {self.title} for having no current vulnerabilities."
-                if issue.changes:
-                    issue.changes += f"\n{changes_text}"
-                else:
-                    issue.changes = changes_text
-                issue.save()
-                closed_count += 1
+        def _process_single_issue(iss: regscale_models.Issue):
+            """
+            Process a single issue and update its status if necessary.
 
-                # Track affected control implementations
-                if issue.controlImplementationIds:
-                    affected_control_ids.update(issue.controlImplementationIds)
+            :param regscale_models.Issue iss: The issue to process
+            """
+            if self.should_close_issue(iss, current_vulnerabilities):
+                self._close_issue(iss, count_lock, affected_control_ids)
+            with count_lock:
+                self.finding_progress.update(task_id, advance=1)
 
-            # Update the progress bar
-            self.finding_progress.update(task_id, advance=1)
+        max_workers = get_thread_workers_max()
+        if max_workers == 1:
+            for issue in open_issues:
+                _process_single_issue(issue)
+        else:
+            self._process_issues_multithreaded(open_issues, _process_single_issue, max_workers)
 
-        # Update status of affected control implementations
         for control_id in affected_control_ids:
             self.update_control_implementation_status_after_close(control_id)
 
-        if closed_count > 0:
+        (
             logger.info("Closed %d outdated issues.", closed_count)
-        else:
-            logger.info("No outdated issues to close.")
+            if closed_count > 0
+            else logger.info("No outdated issues to close.")
+        )
         return closed_count
 
+    def _close_issue(self, issue: regscale_models.Issue, count_lock: threading.Lock, affected_control_ids: set):
+        """
+        Close an issue and update related data.
+
+        :param regscale_models.Issue issue: The issue to close
+        :param threading.Lock count_lock: A lock to synchronize access to shared variables
+        :param set affected_control_ids: A set to store affected control implementation IDs
+        """
+        issue.status = regscale_models.IssueStatus.Closed
+        issue.dateCompleted = get_current_datetime()
+        changes_text = (
+            f"{get_current_datetime('%b %d, %Y')} - Closed by {self.title} for having no current vulnerabilities."
+        )
+        issue.changes = f"{issue.changes}\n{changes_text}" if issue.changes else changes_text
+        issue.save()
+
+        with count_lock:
+            self.closed_count += 1
+            if issue.controlImplementationIds:
+                affected_control_ids.update(issue.controlImplementationIds)
+
+    def _process_issues_multithreaded(self, open_issues: list, process_issue: callable, max_workers: int):
+        """
+        Process issues using multiple threads.
+
+        :param list open_issues: List of open issues to process
+        :param callable process_issue: Function to process an issue
+        :param int max_workers: Maximum number of threads
+        """
+        batch_size = max_workers * 2
+        with ThreadPoolExecutor(max_workers=max_workers) as executor:
+            batch = []
+            futures = []
+
+            for issue in open_issues:
+                batch.append(issue)
+                if len(batch) >= batch_size:
+                    futures.extend([executor.submit(process_issue, issue) for issue in batch])
+                    batch = []
+
+            if batch:
+                futures.extend([executor.submit(process_issue, issue) for issue in batch])
+
+            for future in concurrent.futures.as_completed(futures):
+                try:
+                    future.result()
+                except Exception as exc:
+                    self.log_error("Error processing issue: %s", exc)
+
     def update_control_implementation_status_after_close(self, control_id: int) -> None:
         """
         Updates the status of a control implementation after closing issues.
@@ -2520,6 +2564,8 @@ class ScannerIntegration(ABC):
             scan_history.vHigh += 1
         elif severity == regscale_models.IssueSeverity.Critical:
             scan_history.vCritical += 1
+        else:
+            scan_history.vInfo += 1
 
     @classmethod
     def cci_assessment(cls, plan_id: int) -> None:
@@ -2601,7 +2647,13 @@ class ScannerIntegration(ABC):
             logger.info("All findings have been processed successfully.")
 
         if scan_history := instance._results.get("scan_history"):
-            open_count = scan_history.vCritical + scan_history.vHigh + scan_history.vMedium + scan_history.vLow
+            open_count = (
+                scan_history.vCritical
+                + scan_history.vHigh
+                + scan_history.vMedium
+                + scan_history.vLow
+                + scan_history.vInfo
+            )
             closed_count = findings_processed - open_count
             logger.info(
                 "Processed %d total findings. Open vulnerabilities: %d & Closed vulnerabilities: %d",
@@ -2610,12 +2662,13 @@ class ScannerIntegration(ABC):
                 closed_count,
             )
             logger.info(
-                "%d Open vulnerabilities: Critical(s): %d, High(s): %d, Medium(s): %d, Low(s): %d",
+                "%d Open vulnerabilities: Critical(s): %d, High(s): %d, Medium(s): %d, Low(s): %d, and %d Info(s).",
                 open_count,
                 scan_history.vCritical,
                 scan_history.vHigh,
                 scan_history.vMedium,
                 scan_history.vLow,
+                scan_history.vInfo,
             )
         else:
             logger.info("Processed %d findings.", findings_processed)

regscale/models/integration_models/cisa_kev_data.json

@@ -1,9 +1,155 @@
 {
     "title": "CISA Catalog of Known Exploited Vulnerabilities",
-    "catalogVersion": "2025.04.03",
-    "dateReleased": "2025-04-03T12:34:57.2906Z",
-    "count": 1313,
+    "catalogVersion": "2025.04.17",
+    "dateReleased": "2025-04-17T17:01:44.4538Z",
+    "count": 1323,
     "vulnerabilities": [
+        {
+            "cveID": "CVE-2025-24054",
+            "vendorProject": "Microsoft",
+            "product": "Windows",
+            "vulnerabilityName": "Microsoft Windows NTLM Hash Disclosure Spoofing Vulnerability",
+            "dateAdded": "2025-04-17",
+            "shortDescription": "Microsoft Windows NTLM contains an external control of file name or path vulnerability that allows an unauthorized attacker to perform spoofing over a network.",
+            "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
+            "dueDate": "2025-05-08",
+            "knownRansomwareCampaignUse": "Unknown",
+            "notes": "https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2025-24054 ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-24054",
+            "cwes": [
+                "CWE-73"
+            ]
+        },
+        {
+            "cveID": "CVE-2025-31201",
+            "vendorProject": "Apple",
+            "product": "Multiple Products",
+            "vulnerabilityName": "Apple Multiple Products Arbitrary Read and Write Vulnerability",
+            "dateAdded": "2025-04-17",
+            "shortDescription": "Apple iOS, iPadOS, macOS, and other Apple products contain an arbitrary read and write vulnerability that allows an attacker to bypass Pointer Authentication.",
+            "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
+            "dueDate": "2025-05-08",
+            "knownRansomwareCampaignUse": "Unknown",
+            "notes": "https:\/\/support.apple.com\/en-us\/122282 ; https:\/\/support.apple.com\/en-us\/122400 ; https:\/\/support.apple.com\/en-us\/122401 ; https:\/\/support.apple.com\/en-us\/122402 ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-31201",
+            "cwes": []
+        },
+        {
+            "cveID": "CVE-2025-31200",
+            "vendorProject": "Apple",
+            "product": "Multiple Products",
+            "vulnerabilityName": "Apple Multiple Products Memory Corruption Vulnerability",
+            "dateAdded": "2025-04-17",
+            "shortDescription": "Apple iOS, iPadOS, macOS, and other Apple products contain a memory corruption vulnerability that allows for code execution when processing an audio stream in a maliciously crafted media file.",
+            "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
+            "dueDate": "2025-05-08",
+            "knownRansomwareCampaignUse": "Unknown",
+            "notes": "https:\/\/support.apple.com\/en-us\/122282 ; https:\/\/support.apple.com\/en-us\/122400 ; https:\/\/support.apple.com\/en-us\/122401 ; https:\/\/support.apple.com\/en-us\/122402 ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-31200",
+            "cwes": []
+        },
+        {
+            "cveID": "CVE-2021-20035",
+            "vendorProject": "SonicWall",
+            "product": "SMA100 Appliances",
+            "vulnerabilityName": "SonicWall SMA100 Appliances OS Command Injection Vulnerability",
+            "dateAdded": "2025-04-16",
+            "shortDescription": "SonicWall SMA100 appliances contain an OS command injection vulnerability in the management interface that allows a remote authenticated attacker to inject arbitrary commands as a 'nobody' user, which could potentially lead to code execution.",
+            "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
+            "dueDate": "2025-05-07",
+            "knownRansomwareCampaignUse": "Unknown",
+            "notes": "https:\/\/psirt.global.sonicwall.com\/vuln-detail\/SNWLID-2021-0022 ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2021-20035",
+            "cwes": [
+                "CWE-78"
+            ]
+        },
+        {
+            "cveID": "CVE-2024-53150",
+            "vendorProject": "Linux",
+            "product": "Kernel",
+            "vulnerabilityName": "Linux Kernel Out-of-Bounds Read Vulnerability",
+            "dateAdded": "2025-04-09",
+            "shortDescription": "Linux Kernel contains an out-of-bounds read vulnerability in the USB-audio driver that allows a local, privileged attacker to obtain potentially sensitive information.",
+            "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
+            "dueDate": "2025-04-30",
+            "knownRansomwareCampaignUse": "Unknown",
+            "notes": "This vulnerability affects a common open-source component, third-party library, or a protocol used by different products. For more information, please see: https:\/\/lore.kernel.org\/linux-cve-announce\/2024122427-CVE-2024-53150-3a7d@gregkh\/ ; https:\/\/source.android.com\/docs\/security\/bulletin\/2025-04-01 ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2024-53150",
+            "cwes": [
+                "CWE-125"
+            ]
+        },
+        {
+            "cveID": "CVE-2024-53197",
+            "vendorProject": "Linux",
+            "product": "Kernel",
+            "vulnerabilityName": "Linux Kernel Out-of-Bounds Access Vulnerability",
+            "dateAdded": "2025-04-09",
+            "shortDescription": "Linux Kernel contains an out-of-bounds access vulnerability in the USB-audio driver that allows an attacker with physical access to the system to use a malicious USB device to potentially manipulate system memory, escalate privileges, or execute arbitrary code.",
+            "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
+            "dueDate": "2025-04-30",
+            "knownRansomwareCampaignUse": "Unknown",
+            "notes": "This vulnerability affects a common open-source component, third-party library, or a protocol used by different products. For more information, please see: https:\/\/lore.kernel.org\/linux-cve-announce\/2024122725-CVE-2024-53197-6aef@gregkh\/ ; https:\/\/source.android.com\/docs\/security\/bulletin\/2025-04-01 ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2024-53197",
+            "cwes": [
+                "CWE-787"
+            ]
+        },
+        {
+            "cveID": "CVE-2025-29824",
+            "vendorProject": "Microsoft",
+            "product": "Windows",
+            "vulnerabilityName": "Microsoft Windows Common Log File System (CLFS) Driver Use-After-Free Vulnerability",
+            "dateAdded": "2025-04-08",
+            "shortDescription": "Microsoft Windows Common Log File System (CLFS) Driver contains a use-after-free vulnerability that allows an authorized attacker to elevate privileges locally.",
+            "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
+            "dueDate": "2025-04-29",
+            "knownRansomwareCampaignUse": "Known",
+            "notes": "https:\/\/msrc.microsoft.com\/update-guide\/en-US\/vulnerability\/CVE-2025-29824 ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-29824",
+            "cwes": [
+                "CWE-416"
+            ]
+        },
+        {
+            "cveID": "CVE-2025-30406",
+            "vendorProject": "Gladinet",
+            "product": "CentreStack",
+            "vulnerabilityName": "Gladinet CentreStack Use of Hard-coded Cryptographic Key Vulnerability",
+            "dateAdded": "2025-04-08",
+            "shortDescription": "Gladinet CentreStack contains a use of hard-coded cryptographic key vulnerability in the way that the application manages keys used for ViewState integrity verification. Successful exploitation allows an attacker to forge ViewState payloads for server-side deserialization, allowing for remote code execution.",
+            "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
+            "dueDate": "2025-04-29",
+            "knownRansomwareCampaignUse": "Unknown",
+            "notes": "https:\/\/gladinetsupport.s3.us-east-1.amazonaws.com\/gladinet\/securityadvisory-cve-2005.pdf ; https:\/\/www.centrestack.com\/p\/gce_latest_release.html ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-30406",
+            "cwes": [
+                "CWE-321"
+            ]
+        },
+        {
+            "cveID": "CVE-2025-31161",
+            "vendorProject": "CrushFTP",
+            "product": "CrushFTP",
+            "vulnerabilityName": "CrushFTP Authentication Bypass Vulnerability",
+            "dateAdded": "2025-04-07",
+            "shortDescription": "CrushFTP contains an authentication bypass vulnerability in the HTTP authorization header that allows a remote unauthenticated attacker to authenticate to any known or guessable user account (e.g., crushadmin), potentially leading to a full compromise. ",
+            "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
+            "dueDate": "2025-04-28",
+            "knownRansomwareCampaignUse": "Known",
+            "notes": "https:\/\/www.crushftp.com\/crush11wiki\/Wiki.jsp?page=Update ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-31161",
+            "cwes": [
+                "CWE-305"
+            ]
+        },
+        {
+            "cveID": "CVE-2025-22457",
+            "vendorProject": "Ivanti",
+            "product": "Connect Secure, Policy Secure and ZTA Gateways",
+            "vulnerabilityName": "Ivanti Connect Secure, Policy Secure and ZTA Gateways Stack-Based Buffer Overflow Vulnerability",
+            "dateAdded": "2025-04-04",
+            "shortDescription": "Ivanti Connect Secure, Policy Secure and ZTA Gateways contains a stack-based buffer overflow vulnerability that allows a remote unauthenticated attacker to achieve remote code execution. ",
+            "requiredAction": "Apply mitigations as set forth in the CISA instructions linked below.",
+            "dueDate": "2025-04-11",
+            "knownRansomwareCampaignUse": "Unknown",
+            "notes": "CISA Mitigation Instructions: https:\/\/www.cisa.gov\/cisa-mitigation-instructions-cve-2025-22457 ; Additional References: https:\/\/forums.ivanti.com\/s\/article\/April-Security-Advisory-Ivanti-Connect-Secure-Policy-Secure-ZTA-Gateways-CVE-2025-22457) ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-22457",
+            "cwes": [
+                "CWE-121"
+            ]
+        },
         {
             "cveID": "CVE-2025-24813",
             "vendorProject": "Apache",
@@ -448,7 +594,7 @@
             "shortDescription": "Microsoft Windows Win32k contains an improper resource shutdown or release vulnerability that allows for local, authenticated privilege escalation. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.",
             "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
             "dueDate": "2025-03-24",
-            "knownRansomwareCampaignUse": "Unknown",
+            "knownRansomwareCampaignUse": "Known",
             "notes": "https:\/\/msrc.microsoft.com\/update-guide\/en-US\/advisory\/CVE-2018-8639 ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2018-8639",
             "cwes": [
                 "CWE-404"
@@ -1731,7 +1877,7 @@
             "shortDescription": "Microsoft SharePoint contains a deserialization vulnerability that allows for remote code execution.",
             "requiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",
             "dueDate": "2024-11-12",
-            "knownRansomwareCampaignUse": "Unknown",
+            "knownRansomwareCampaignUse": "Known",
             "notes": "https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2024-38094 ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2024-38094",
             "cwes": [
                 "CWE-502"
@@ -3104,7 +3250,7 @@
             "shortDescription": "Microsoft DWM Core Library contains a privilege escalation vulnerability that allows an attacker to gain SYSTEM privileges.",
             "requiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",
             "dueDate": "2024-06-04",
-            "knownRansomwareCampaignUse": "Unknown",
+            "knownRansomwareCampaignUse": "Known",
             "notes": "https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2024-30051; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2024-30051",
             "cwes": [
                 "CWE-122"
@@ -3222,7 +3368,7 @@
             "shortDescription": "Palo Alto Networks PAN-OS GlobalProtect feature contains a command injection vulnerability that allows an unauthenticated attacker to execute commands with root privileges on the firewall.",
             "requiredAction": "Apply mitigations per vendor instructions as they become available. Otherwise, users with vulnerable versions of affected devices should enable Threat Prevention IDs available from the vendor. See the vendor bulletin for more details and a patch release schedule.",
             "dueDate": "2024-04-19",
-            "knownRansomwareCampaignUse": "Unknown",
+            "knownRansomwareCampaignUse": "Known",
             "notes": "https:\/\/security.paloaltonetworks.com\/CVE-2024-3400 ;   https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2024-3400",
             "cwes": [
                 "CWE-20",
@@ -4469,10 +4615,10 @@
             "vulnerabilityName": "HTTP\/2 Rapid Reset Attack Vulnerability",
             "dateAdded": "2023-10-10",
             "shortDescription": "HTTP\/2 contains a rapid reset vulnerability that allows for a distributed denial-of-service attack (DDoS).",
-            "requiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",
+            "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
             "dueDate": "2023-10-31",
             "knownRansomwareCampaignUse": "Unknown",
-            "notes": "This vulnerability affects a common open-source component, third-party library, or a protocol used by different products. Please check with specific vendors for information on patching status.   For more information, please see: https:\/\/blog.cloudflare.com\/technical-breakdown-http2-rapid-reset-ddos-attack\/ ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2023-44487",
+            "notes": "This vulnerability affects a common open-source component, third-party library, or protocol used by different products. For more information, please see: HTTP\/2 Rapid Reset Vulnerability, CVE-2023-44487 | CISA: https:\/\/www.cisa.gov\/news-events\/alerts\/2023\/10\/10\/http2-rapid-reset-vulnerability-cve-2023-44487; https:\/\/blog.cloudflare.com\/technical-breakdown-http2-rapid-reset-ddos-attack\/;  https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2023-44487",
             "cwes": [
                 "CWE-400"
             ]
@@ -6709,7 +6855,7 @@
             "shortDescription": "Multiple versions of Fortinet FortiOS SSL-VPN contain a heap-based buffer overflow vulnerability which can allow an unauthenticated, remote attacker to execute arbitrary code or commands via specifically crafted requests.",
             "requiredAction": "Apply updates per vendor instructions.",
             "dueDate": "2023-01-03",
-            "knownRansomwareCampaignUse": "Unknown",
+            "knownRansomwareCampaignUse": "Known",
             "notes": "https:\/\/www.fortiguard.com\/psirt\/FG-IR-22-398;  https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2022-42475",
             "cwes": [
                 "CWE-197"