I'm trying to automate scanning of PSIRTs against our known versions, but one thing I have noticed is that some of the CVRFs do not contain the affected product IDs, even if they are listed on the PSIRT page.
For instance, the glibc PSIRT Vulnerability in GNU glibc Affecting Cisco Products: February 2016 lists a bunch of vulnerable products, but the CVRF file contains no product information at all.
In these instances how are we to get the products associated with the PSIRT?
Thanks in advance.
Thank you for reaching out and for highlighting this. We are looking into this problem. Unfortunately, for several of these high-profile third-party software vulnerabilities that impact dozens of Cisco products, the documents are updated on a daily basis and we are trying to find a good solution to update the Product IDs in an automated fashion.
Please sign in to leave a comment.