Open for Voting
over 1 year ago



Why only vendors C or J ?

The links are to the same  vulnerability database that has all other...

Multivendors support is king for NCM

  • I agree. We're starting to add APC UPSes to NCM, and we already have some Dell switches. I do see Schneider and Dell advisories in the feed.

    I don't find the NIST links provided by NCM to be useful - too much additional drilling needed to get to the relevant CIsco info. So I google the word "Cisco" plus the CVE number to get the Cisco link that I need to further decide how to address a given CVE. I notice that especially with earlier CVEs, there's not enough info in the NIST feed to assign proper device types. So if a device has ANY version of IOS, it gets flagged.

    The CVSS V2 XML feed that NCM uses does provide the CIsco URL for the CVE, but, NCM does not use that field, probably due to complexity.

    In the CVSS V2 feed, there are one or more references beginning at vuln:references. Each has a vuln:source (vendor name) and a vuln:reference URL. NCM could check the vuln:source (vendor name), and try to match things, but I suspect there could be multiple vuln:reference URLs for a single vendor, so it's complex.;

    There is also a CVSS V3 XML feed available from NIST, and both that and the V2 feed are being replaced by a Json feed.

    NVD - Data Feeds

    Cisco now provides CVSS V3 Base scores by default. The V2 and V3 Base scores are almost always the same, but they don't have to be.