Updates update_cpes.py to make CPE string handling more consistent throughout the script and remap process, and implement CPE URI binding format percent-encoding. Corrects service, os and hw parameters and updates CPE values.
Notes
o:cisco:adaptive_security_appliance_software deprecated by a:cisco:adaptive_security_appliance_software on 2022-05-26
This seems incorrect since Cisco's states "Cisco Adaptive Security Appliance (ASA) Software is the core operating system for the Cisco ASA Family."^1
h:cisco:ios deprecated by o:cisco:ios on 2022-09-02
a:cisco:ios deprecated by o:cisco:ios on 2021-10-06
a:varnish-cache:varnish_cache deprecated by a:varnish_cache_project:varnish_cache on 2022-08-02
a:varnish-cache:varnish deprecated by a:varnish-cache:varnish_cache on 2022-06-21
o:serenityos:serenity deprecated by o:serenityos:serenityos on 2022-12-08
a:sap:netweaver_as_abap deprecated by a:sap:netweaver_application_server_abap on 2022-10-05
o:moxa:edr_g903_firmware deprecated by o:moxa:edr-g903_firmware on 2022-04-12
h:apple:iphone deprecated by o:apple:iphone_os on 2022-08-09
This is odd since there are hardware entries for most of the iPhones. After getting in contact with the NVD CPE team, h:apple:iphone_%281st_generation%29 was added as a replacement.
a:d-link:, h:d-link: and o:d-link: deprecated by a:dlink:, h:dlink: and o:dlink: on 2023-04-26
a:intel:active_management_technology deprecated by o:intel:active_management_technology_firmware on 2023-05-16
Description
Updates
update_cpes.py
to make CPE string handling more consistent throughout the script and remap process, and implement CPE URI binding format percent-encoding. Correctsservice
,os
andhw
parameters and updates CPE values.Notes
o:cisco:adaptive_security_appliance_software
deprecated bya:cisco:adaptive_security_appliance_software
on 2022-05-26h:cisco:ios
deprecated byo:cisco:ios
on 2022-09-02a:cisco:ios
deprecated byo:cisco:ios
on 2021-10-06a:varnish-cache:varnish_cache
deprecated bya:varnish_cache_project:varnish_cache
on 2022-08-02a:varnish-cache:varnish
deprecated bya:varnish-cache:varnish_cache
on 2022-06-21o:serenityos:serenity
deprecated byo:serenityos:serenityos
on 2022-12-08a:sap:netweaver_as_abap
deprecated bya:sap:netweaver_application_server_abap
on 2022-10-05o:moxa:edr_g903_firmware
deprecated byo:moxa:edr-g903_firmware
on 2022-04-12h:apple:iphone
deprecated byo:apple:iphone_os
on 2022-08-09h:apple:iphone_%281st_generation%29
was added as a replacement.a:d-link:
,h:d-link:
ando:d-link:
deprecated bya:dlink:
,h:dlink:
ando:dlink:
on 2023-04-26a:intel:active_management_technology
deprecated byo:intel:active_management_technology_firmware
on 2023-05-16Motivation and Context
Valid CPE values are great!
How Has This Been Tested?
rake tests
bundle exec ./bin/recog_verify --no-warnings xml/*.xml
Types of changes
Checklist: