I’m running a scan to try to identify the Cisco Small Business SPA 112 series and trying to find the critical CVE-2023-20126.
CPE Inventory is successfully finding the device:
Detection Result
192.168.10.50|cpe:/h:cisco:spa112
192.168.10.50|cpe:/o:cisco:spa112_firmware:1.4.1
Detection Method
Details:
CPE Inventory OID: 1.3.6.1.4.1.25623.1.0.810002
Version used:
2022-07-27T10:11:28Z
However isn’t detecting CVE-2023-20126.
Is it because this vulnerability is listed against 1.4.1.sr9?
I’m also seeing a number of vulnerabilities in my CVE database against the spa112 for firmware:1.4.1 that also isn’t coming up, such as CVE-2019-15252.
When I look at cpe:/o:cisco:spa112_firmware:1.4.1, it says:
This CPE does not appear in the CPE dictionary but is referenced by one or more CVE.
However, cpe:/o:cisco:spa112_firmware:1.4.1:- , cpe:/o:cisco:spa112_firmware:1.4.1:sr1 , etc, are in the local database.
Ok. This is a small-business product, similar to the Linksys brand.
When I look at the default Full and fast scan config I can see the Cisco family with 650 NVTs being processed which includes Cisco ASA, ISE and other enterprise products.
Is there a way for me to find out which of these products are included in scans and which aren’t?
Generally all new Cisco VTs are enterprise feed only as stated previously and listed on the page below (independent from the product type).
There might be still some quite older Cisco VTs in the community feed as well which existed before the enterprise feed got introduced (2017 and older).
I’m not aware of any possibility to check the full difference between the enterprise and the community feeds besides checking manually on Greenbone Enterprise Appliance and comparing then against the own community feed setup.