We have found some vulnerability definitions at http://tools.cisco.com/security/center/publicationListing.x. That's the official repository which is presents here http://oval.mitre.org/repository/about/other_repositories.html#Cisco. Analysing that OVAL-content showed it doesn't pass the schematron validation. The typical problems are:
1) Missed descriptions
2) Missed reference_url
3) Excess "AND" operator in the root criteria tag
4) Rather formal titles, some missed comments, etc.
We're going to fix that content and share it with MITRE Repository to make the set of IOS vulnerability definitions in MITRE repository completed at this time.
How do you think, is that work useful? Is it correct to remake and adopt that content to the MITRE repository? We have also send similar request to the Cisco support team and want to get opinions from both sides :)