You are reviewing quarterly vulnerability scan results and notice that the same OpenSSL remote code-execution vulnerability (CVE-2022-12345) keeps reappearing on a group of Linux web servers even though the operations team states it applied the vendor patch after each previous finding. Change-management and firewall logs show no recent network changes, and the scanner plugin has been updated and validated in a lab where it correctly reports a patched host as clean. Which underlying issue is the most probable cause of this vulnerability's recurrence on the production servers?
The servers were rebooted before the patch finished installing, causing a transient error that the scanner misinterpreted.
An automated configuration-management process is reinstalling the older, vulnerable OpenSSL package after the patch is applied.
The scanner is generating a false positive because of cached service banners.
The firewall was temporarily disabled during the external vulnerability scan, exposing the service.
When the same vulnerability resurfaces after patching and the scanner has been validated, the most common cause is that something in the build or configuration-management process is rolling back or reinstalling the vulnerable version. Gold images, automated configuration-management tools (such as Ansible, Chef, Puppet, or SCCM), or container/base-image redeployments can overwrite the fixed package with an older one, effectively undoing the patch. Until the baseline image or repository is updated, every redeployment or scheduled configuration run will reintroduce the flaw. The other explanations are less likely: firewall changes were ruled out, the scanner has been verified to detect patched systems accurately, and a single reboot would not repeatedly reinstall an outdated package on multiple hosts.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are common mistakes in implementing mitigation steps for vulnerabilities?
Open an interactive chat with Bash
What are effective strategies to prevent the reoccurrence of vulnerabilities?
Open an interactive chat with Bash
How can I tell if a vulnerability scanner is malfunctioning?