This CPE summary could be partial or incomplete. Please contact us for a detailed listing.
Summary
| Detail | |||
|---|---|---|---|
| Vendor | Microsoft | First view | N/A |
| Product | Windows | Last view | N/A |
| Version | Type | ||
| Update | |||
| Edition | |||
| Language | |||
| Sofware Edition | |||
| Target Software | |||
| Target Hardware | |||
| Other | |||
| CPE Product | cpe:/o:microsoft:windows |
CPE — это стандарт для машиночитаемого именования и идентификации всех видов программного обеспечения (софта) и устройств. Как у любого стандарта, у CPE есть несколько версий. Наиболее актуальной на данный момент является версия 2.3.
Две самые главные части этой версии стандарта это: схема именования и словарь.
Схема именования определяет набор атрибутов, которые идентифицируют софт или железку: part, vendor, product, version, update, edition, language, sw edition, target sw, target hw, and other.
Все атрибуты должны быть указаны в строке специального вида в виде точного значения, либо специального значения NA (не определено) или ANY (любое значение, также обозначается символом *). Примеры строк:
- cpe:2.3:a:microsoft:internet_explorer:8.0.6001:beta:*:*:*:*:*:* — Microsoft Internet Explorer 8.0.6001 Beta
- cpe:2.3:a:djangoproject:django:2.2.9:*:*:*:*:*:*:* — фреймворк Django 2.2.9
- cpe:2.3:a:facebook:react:16.0.0:beta5:*:*:*:*:*:* — фреймворк React 16.0.0-beta5
Атрибут part указывает на тип: софт это и какой (приложение, ОС), или железо. Остальные кусочки прокладывают путь от производителя до максимально точного указания версии.
Второй важной частью CPE является словарь, CPE dictionary. Именно в нём в первую очередь формируется стандартизированное соответствие названия софта с CPE.
Главная проблема CPE, к сожалению, остаётся в том, что для адекватного сопоставления уязвимости с софтом он ненадёжен. Если речь идёт про OSS:
- словари неполные;
- часто названия не соответствуют, например, используемым в пакетных индексах;
- в подавляющем большинстве словарных значений не указан язык программирования;
- могут использоваться разные значения vendor и product для одного и того же софта разных версий.
Всё это и другие проблемы приводят к ложноотрицательным и ложноположительным срабатываниям. Поэтому разработчики систем композиционного анализа прибегают к алгоритмическим (NLP, ML) и rule-based подходам повышения точности идентификации в комбинации с PURL-кодификацией пакетов.
Стандарт CPE уже несколько лет пытаются похоронить, но адекватной распространённой замены пока нет.
Про очень близкий по смыслу стандарт PURL мы писали ранее.
From Wikipedia, the free encyclopedia
Common Platform Enumeration (CPE) is a structured naming scheme for information technology systems, software, and packages. Based upon the generic syntax for Uniform Resource Identifiers (URI), CPE includes a formal name format, a method for checking names against a system, and a description format for binding text and tests to a name.[1]
The CPE Product Dictionary provides an agreed upon list of official CPE names. The dictionary is provided in XML format and is available to the general public. The CPE Dictionary is hosted and maintained at NIST, may be used by nongovernmental organizations on a voluntary basis, and is not subject to copyright in the United States.[1]
CPE identifiers are commonly used to search for Common Vulnerabilities and Exposures (CVEs) that affect the identified product.
CPE 2.3 follows this format, maintained by NIST:[2]
cpe:<cpe_version>:<part>:<vendor>:<product>:<version>:<update>:<edition>:<language>:<sw_edition>:<target_sw>:<target_hw>:<other>
The version of the CPE definition. The latest CPE definition version is 2.3.
May have 1 of 3 values:
afor Applicationshfor Hardwareofor Operating Systems
It is sometimes referred to as type.
Values for this attribute SHOULD describe or identify the person or organization that manufactured or
created the product. Values for this attribute SHOULD be selected from an attribute-specific valid-values
list, which MAY be defined by other specifications that utilize this specification. Any character string
meeting the requirements for WFNs (cf. 5.3.2) MAY be specified as the value of the attribute.
[1]
The name of the system/package/component. product and vendor are sometimes identical. It can not contain spaces, slashes, or most special characters. An underscore should be used in place of whitespace characters.
The version of the system/package/component.
This is used for update or service pack information. Sometimes referred to as «point releases» or minor versions. The technical difference between version and update will be different for certain vendors and products. Common examples include beta, update4, SP1, and ga (for General Availability), but it is most often left blank.
A further granularity describing the build of the system/package/component, beyond version.
A valid language tag as defined by IETF RFC 4646 entitled «Tags for Identifying Languages». Examples include: en-us for US English, and zh-tw for Taiwanese Mandarin.
Here, * is used as a wildcard character:
cpe:2.3:a:ntp:ntp:4.2.8:p3:*:*:*:*:*:* cpe:2.3:o:microsoft:windows_7:-:sp2:*:*:*:*:*:* cpe:2.3:a:microsoft:internet_explorer:8.0.6001:beta:*:*:*:*:*:*
- ^ a b c «NVD — CPE Dictionary». nvd.nist.gov. Retrieved 2017-02-15. This article incorporates text from this source, which is in the public domain.
- ^ «Archived copy» (PDF). Archived from the original (PDF) on 2021-04-21. Retrieved 2021-04-22.
{{cite web}}: CS1 maint: archived copy as title (link)
- CPE Specification
- Official CPE Dictionary
- ProductsCPE
CPE Summary
CPE Names
Version 2.3:
cpe:2.3:o:microsoft:windows_10_21h2:10.0.19044.5371:*:*:*:*:*:x86:*
Version 2.2:
cpe:/o:microsoft:windows_10_21h2:10.0.19044.5371::~~~~x86~
Read information about CPE Name encoding
CPE Name Components
Select a component to search for similar CPEs
Quick Info
- Created On:
- 01/16/2025
- Last Modified On:
- 03/11/2025
Metadata
Titles:
| Text | Locale |
|---|---|
| Microsoft Windows 10 21h2 10.0.19044.5371 on x86 | en_US |
References:
| Type | Description | URL |
|---|---|---|
| Version | https://learn.microsoft.com/en-us/windows/release-health/release-information | |
| Advisory | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21417 | |
| Vendor | https://www.microsoft.com/en-us/ |
Introduction
In the world of cybersecurity and asset management, the Common Platform Enumeration (CPE) is a crucial attribute that helps identify and classify systems, applications, and services. The CPE field is a vital component of the Machine object, providing a standardized way to describe the platform, operating system, and software components of a machine. However, populating the CPE field can be a challenging task, especially when dealing with diverse operating systems and software configurations. In this article, we will explore the concept of CPE, its importance, and provide a step-by-step guide on how to populate the CPE field using the data collected by the agent.
What is CPE?
CPE is a standardized vocabulary for describing computing platforms, operating systems, and software applications. It provides a unique identifier for each platform, operating system, and software component, making it easier to identify and classify systems. The CPE dictionary is maintained by the National Institute of Standards and Technology (NIST) and is available in various formats, including XML and CSV.
Why is CPE Important?
CPE is essential in various domains, including:
- Cybersecurity: CPE helps identify vulnerabilities and patch management for systems and applications.
- Asset Management: CPE provides a standardized way to describe and classify systems, making it easier to manage and track assets.
- Compliance: CPE helps organizations comply with regulatory requirements, such as HIPAA and PCI-DSS.
Populating the CPE Field
To populate the CPE field, we need to use the data collected by the agent. The agent collects various attributes, including the hostname, platform, distribution, and CPU information. We can use this data to create a basic mapping to populate the CPE field.
Windows Platforms
For Windows platforms, we can use the following mapping:
| Attribute | CPE Value |
|---|---|
| Platform | cpe:2.3:o:microsoft:windows |
| Distribution | cpe:2.3:a:microsoft:windows_server_2019_standard_evaluation |
| Distribution Version | cpe:2.3:a:microsoft:windows_server_2019_standard_evaluation:21h2 |
Linux Platforms
For Linux platforms, we can use the following mapping:
| Attribute | CPE Value |
|---|---|
| Platform | cpe:2.3:o:canonical:ubuntu |
| Distribution | cpe:2.3:a:canonical:ubuntu:24.04 |
Basic Mapping
We can create a basic mapping using the data collected by the agent. For example:
| Attribute | CPE Value |
|---|---|
| Platform | cpe:2.3:o:: |
| Distribution | cpe:2.3:a:: |
| Distribution Version | cpe:2.3:a::: |
Example Use Cases
Let’s consider an example use case where we have a Windows Server 2019 Standard Evaluation machine with the following attributes:
| Attribute | Value |
|---|---|
| Platform | windows |
| Distribution | Microsoft Windows Server 2019 Standard Evaluation |
| Distribution Version | 21H2 |
Using the basic mapping, we can create a CPE value as follows:
cpe:2.3:o:microsoft:windows
cpe:2.3:a:microsoft:windows_server_2019_standard_evaluation
cpe:2.3:a:microsoft:windows_server_2019_standard_evaluation:21h2
Conclusion
Populating the CPE field is a crucial task in cybersecurity and asset management. By using the data collected by the agent and creating a basic mapping, we can populate the CPE field with a standardized value. This value can be used to identify and classify systems, making it easier to manage and track assets. In this article, we have explored the concept of CPE, its importance, and provided a step-by-step guide on how to populate the CPE field using the data collected by the agent.
Future Work
In the future, we can improve the CPE field population by:
- Using machine learning algorithms: We can use machine learning algorithms to improve the accuracy of the CPE field population.
- Integrating with other systems: We can integrate the CPE field population with other systems, such as vulnerability scanners and patch management tools.
- Providing a user-friendly interface: We can provide a user-friendly interface for users to populate the CPE field, making it easier to manage and track assets.
References
- [1] National Institute of Standards and Technology. (2022). Common Platform Enumeration (CPE) Dictionary.
- [2] Microsoft. (2022). Windows Server 2019 Standard Evaluation.
- [3] Canonical. (2022). Ubuntu 24.04.
Appendix
The CPE dictionary can be found at https://nvd.nist.gov/feeds/xml/cpe/dictionary/official-cpe-dictionary_v2.3.xml.gz. The online search bar can be found at https://nvd.nist.gov/products/cpe/search.
Introduction
In our previous article, we explored the concept of CPE, its importance, and provided a step-by-step guide on how to populate the CPE field using the data collected by the agent. In this article, we will answer some of the most frequently asked questions related to CPE and its application in cybersecurity and asset management.
Q: What is CPE and why is it important?
A: CPE is a standardized vocabulary for describing computing platforms, operating systems, and software applications. It provides a unique identifier for each platform, operating system, and software component, making it easier to identify and classify systems. CPE is essential in various domains, including cybersecurity, asset management, and compliance.
Q: How do I populate the CPE field?
A: To populate the CPE field, you need to use the data collected by the agent. The agent collects various attributes, including the hostname, platform, distribution, and CPU information. You can use this data to create a basic mapping to populate the CPE field.
Q: What is the difference between CPE and CVE?
A: CPE and CVE are two different standards used in cybersecurity. CPE is a standardized vocabulary for describing computing platforms, operating systems, and software applications, while CVE is a standardized identifier for publicly known vulnerabilities.
Q: Can I use CPE to identify vulnerabilities?
A: Yes, you can use CPE to identify vulnerabilities. By using the CPE value, you can search for known vulnerabilities in the National Vulnerability Database (NVD) and apply patches or updates to fix the vulnerabilities.
Q: How do I integrate CPE with other systems?
A: You can integrate CPE with other systems, such as vulnerability scanners and patch management tools, by using APIs or web services. This allows you to automate the process of populating the CPE field and identifying vulnerabilities.
Q: What are the benefits of using CPE?
A: The benefits of using CPE include:
- Improved asset management: CPE provides a standardized way to describe and classify systems, making it easier to manage and track assets.
- Enhanced cybersecurity: CPE helps identify vulnerabilities and patch management for systems and applications.
- Compliance: CPE helps organizations comply with regulatory requirements, such as HIPAA and PCI-DSS.
Q: What are the challenges of implementing CPE?
A: The challenges of implementing CPE include:
- Data quality: The quality of the data collected by the agent is crucial for accurate CPE population.
- Complexity: CPE can be complex to implement, especially for large-scale deployments.
- Integration: Integrating CPE with other systems can be challenging.
Q: What is the future of CPE?
A: The future of CPE is promising, with ongoing efforts to improve the standard and its application in cybersecurity and asset management. Some of the future developments include:
- Machine learning: Using machine learning algorithms to improve the accuracy of CPE population.
- Integration with other systems: Integrating CPE with other systems, such as vulnerability scanners and patch management tools.
- User-friendly interface: Providing a user-friendly interface for users to populate the CPE field.
Conclusion
CPE is a crucial attribute in cybersecurity and asset management, providing a standardized way to describe and classify systems. By understanding the concept of CPE, its importance, and how to populate the CPE field, you can improve your asset management and cybersecurity practices. In this article, we have answered some of the most frequently asked questions related to CPE and its application in cybersecurity and asset management.
References
- [1] National Institute of Standards and Technology. (2022). Common Platform Enumeration (CPE) Dictionary.
- [2] Microsoft. (2022). Windows Server 2019 Standard Evaluation.
- [3] Canonical. (2022). Ubuntu 24.04.
Appendix
The CPE dictionary can be found at https://nvd.nist.gov/feeds/xml/cpe/dictionary/official-cpe-dictionary_v2.3.xml.gz. The online search bar can be found at https://nvd.nist.gov/products/cpe/search.