Managing fresh MITRE CVEs on Vulners

Important update. Now fresh CVE IDs will be added to right after they appeared in MITRE feed.

Why is it important?

You all know that CVE number is an vulnerability ID. And each CVE number corresponds to a short text description: what kind of vulnerability it is, in what component and who have found it. This identifier can be used to connect various entities associated with vulnerability: patches, detection plugins, exploits, etc.

It is usually assumed that CVE number have to be associated with a list of vulnerable platforms (CPE IDs) and CVSS-vector, which describes how critical vulnerability is. The fact is that two organizations involved in working with CVEs. MITRE is responsible for issuing IDs, and NVD adds CPE and CVSS. When people talk about the CVE feed they usually mention processed NVD content. The problem is that there is a delay between the issuance ID in MITRE feed and it appearance in NVD feed. In other words, ID may be already in use in vulnerability management process, and in the NVD feed it has not yet appeared. Not good.

For example, new OpenSSH vulnerability has reserved ID CVE-2016-3115 on MITRE.

CVE-2016-3115 is reserved

This ID doesn’t exist in NVD feed yet.

CVE-2016-3115 Not Found in NVD

Previously used only CVEs from NVD feed. And it was impossible to see entities associated with fresh MITRE CVE IDs. Now you can track the changes in state of the most recent vulnerabilities, check for patches, exploits, Nessus plugins simply by updating the CVE ID page. Description of CVE identifier will be updated as new information in MITRE feed, NVD feeds or in other sources will appeared.

CVE-2016-3115 on Vulners. You can see available patches and exploits.

CVE-2016-3115 on
By the way, 21 March MITRE introduces CVE-IDs of another type, which could be produced not only by MITRE, but also by other authorities.

Federated CVE ID syntax

More information you can be read here.