Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Common Platform Enumeration (CPE) with Nessus

Common Platform Enumeration (CPE) with Nessus


You may know the folks over at MITRE for their work on the CVE (Common Vulnerabilities & Exposures). Standards such as CVE help us track and document thousands of vulnerabilities released each year. Along the same lines, a new project from MITRE called CPE (Common Platform Enumeration) provides the public with a standard method to enumerate software:

"CPE is a structured naming scheme for information technology systems, platforms, and packages. Based upon the generic syntax for Uniform Resource Identifiers (URI), CPE includes a formal name format, a language for describing complex platforms, a method for checking names against a system, and a description format for binding text and tests to a name."

For uniformity, CPE uses the following format:

cpe:/ {part} : {vendor} : {product} : {version} : {update} : {edition} : {language}

Each field is defined as follows, first by the required fields:

  • Part - Determines the platform type using the following codes: a = application, h = hardware, o = operating system
  • Vendor - Defines the vendor name as the "highest organization-specific label of the organization's DNS name", which, in our case, would be "Tenable Security".
  • Product - Product name as specified in the CPE database, e.g., itunes, quicktime and firefox

The following fields are "optional" and completed according to each specific entry:

  • Version - The version numbers as represented by the product itself.
  • Update - The CPE name for the update or service pack, such as "Service Pack 3" in the case of Windows XP.
  • Edition - The edition of the software, such as "pro" for "Professional Edition". For hardware, this would also denote the architecture, such as "i386".
  • Language - For example, "English" or other language as specified by the software.

Currently the official CPE dictionary has approximately 20,000 unique CPE IDs. You can find some use cases and more technical details on the official CPE web site at http://cpe.mitre.org/.

CPE and Nessus

Recently a Nessus plugin (and associated library) was developed that includes CPE information about supported targets. If no entry exists in the CPE database, the plugin will attempt to create one and apply all of the appropriate information in the CPE defined format. I ran a scan against my test network and then filtered for CPE entries:


The first scan I ran was network-based and did not include credentials to any of the target hosts. A Windows XP host on the network provided the following CPE information:


Since both Service Pack 2 and 3 are installed on this system, Nessus reports both in the CPE section of the report. Network services are also enumerated and the associated CPE information is included as shown by the Solaris host included in the scan:


If no CPE matches are found, Nessus will report the information as an "inferred" CPE as is the case with the following Ubuntu system:

Picture 242.png

More detailed CPE information was collected when I added credentials to the scan, as shown by the following Window XP host:

Picture 241.png


CPE is another great project from the folks over at MITRE and helps organizations standardize on a format that can enumerate the software running on a host. This is important for software inventory, vulnerability management and especially interoperability between tools.
Tenable is very committed to open standards such as CPE, which is also supported in Tenable's Passive Vulnerability Scanner. CPE tags can be leveraged inside SecurityCenter 4 for asset tagging, discovery and reporting. Look for more blogs from Tenable in the near future which will discuss strategies to leverage active and passive network discovery with CPE enumeration.

Subscribe to the Tenable Blog

Try for Free Buy Now

Try Tenable.io Vulnerability Management


Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Sign up now and run your first scan within 60 seconds.

Buy Tenable.io Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

65 assets

Try Nessus Professional Free


Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.