Support CISCO CVRF repository

[kotakanbe]

https://tools.cisco.com/security/center/cvrfListing.x

cisco-sa-20190212-nae-dos_cvrf includes

    <CVE>CVE-2019-1688</CVE>
    <ProductStatuses>
      <Status Type="Known Affected">
        <ProductID>CVRFPID-255985</ProductID>
      </Status>
    </ProductStatuses>
    <CVSSScoreSets>
      <ScoreSetV3>
        <BaseScoreV3>7.7</BaseScoreV3>
        <VectorV3>CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H</VectorV3>
...

NVD has not included the CVSS data yet. (UNDERGOING ANALYSIS)

[kotakanbe]

@99M8 Thanks!

I think that it is good to implement in the following steps.

Fix go-cve-dictionary

• Add fetch-cisco subcommand to go-cve-dictionary/commands
• Add fetcher
• Add Cisco to Model
• Insert into DB

Fix Vuls

• Fill the CVE detailed data in report.go

[IssueHuntBot]

@future-architect has funded $30.00 to this issue.

---

• Submit pull request via IssueHunt to receive this reward.
• Want to contribute? Chip in to this issue via IssueHunt.
• Checkout the IssueHunt Issue Explorer to see more funded issues.
• Need help from developers? Add your repository on IssueHunt to raise funds.

[kotakanbe]

memo:

• OVAL has affected product, versions: https://oval.cisecurity.org/repository/download
• CVRS has CVSS score: https://tools.cisco.com/security/center/cvrfListing.x
• openVulnAPI: https://developer.cisco.com/docs/psirt/#!api-reference/obtaining-all-advisories https://github.com/CiscoPSIRT/openVulnAPI https://github.com/CiscoPSIRT/openVulnAPI/tree/master/openVulnQuery https://developer.cisco.com/docs/psirt/#!api-reference/example-output-in-json

  {
  "advisory_id": "cisco-sa-20180221-ucdm",
  "advisory_title": "Cisco Unified Communications Domain Manager Remote Code Execution Vulnerability",
  "bug_ids": [
      "CSCuv67964",
      "CSCvi10692"
  ],
  "cves": [
      "CVE-2018-0124"
  ],
  "cvrf_url": "https://tools.cisco.com/security/center/contentxml/CiscoSecurityAdvisory/cisco-sa-20180221-ucdm/cvrf/cisco-sa-20180221-ucdm_cvrf.xml",
  "cvss_base_score": "9.8",
  "cwe": [
      "CWE-320"
  ],
  "first_published": "2018-02-21T16:00:00-0600",
  "ips_signatures": [
      "NA"
  ],
  "last_updated": "2018-03-09T14:47:48-0600",
  "product_names": [
      "Cisco Unified Communications Domain Manager "
  ],
  "publication_url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180221-ucdm",
  "sir": "Critical",
  "summary": "A vulnerability in Cisco Unified Communications Domain Manager could allow an unauthenticated, remote attacker to bypass security protections, gain elevated privileges, and execute arbitrary code.<br />\n<br />\nThe vulnerability is due to insecure key generation during application configuration. An attacker could exploit this vulnerability by using a known insecure key value to bypass security protections by sending arbitrary requests using the insecure key to a targeted application. An exploit could allow the attacker to execute arbitrary code.<br />\n<br />\nCisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. <br />\n<br />\nThis advisory is available at the following link:<br />\n<a href=\"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180221-ucdm\">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180221-ucdm</a>"
  }