This vulnerability check tool can search for vulnerablities in software/hardware products based on the CPE 2.3 standard of NIST. The CPE 2.3 standard of NIST is used to identify a product. The scripts use the NIST API to query the National Vulnerability Database of NIST to find vulnerabilities. The Vulnerability check tool is written in PowerShell for native compatability with Windows-systems.

This tool consists of three scripts that are available for use.

This script is used to get an identifier that contains the following attributes.

• Vendor
• Product
• Version

Usage:

.\Get-CPE.ps1 microsoft edge

This script uses a CPE string to query for CVE's

Usage:

.\Get-CPE.ps1 cpe:2.3:a:microsoft:edge_chromium:105.0.1343.25:*:*:*:*:*:*:*

This script is used to lookup the Common Vulnerability Scoring System (CVSS) scores given by NIST and third-parties to a CVE. The scores that are looked up are:

• BaseScore
• ExploitScore
• ImpactScore

Usage:

.\Get-CVSS.ps1 CVE-2023-21719