topic Re: PSIRT OpenVulnQuery API - Advisory dates not accurate in Services Discussions

PSIRT OpenVulnQuery API - Advisory dates not accurate

Andrew K — Fri, 24 Feb 2023 20:54:12 GMT

Hello,

We use this API is used to pull the last updated advisories from a date range. In the past the dates pulled from the API output would accurately reflect the date listed on the security advisory listed on Cisco's website but now the dates are inconsistent. For example, one of the most recent advisories "cisco-sa-ucsm-bkpsky-H8FCQgsA" lists as 2023 February 22 16:00 GMT. If I make a request on this advisory I can see the date is instead 2023 February 23. Why is this the case?

https://sec.cloudapps.cisco.com/security/center/publicationListing.x

Re: PSIRT OpenVulnQuery API - Advisory dates not accurate

PR Oxman — Mon, 27 Feb 2023 00:03:24 GMT

Hello Andrew,

Checking with engineering. Will update shortly.

Thanks.

Re: PSIRT OpenVulnQuery API - Advisory dates not accurate

PR Oxman — Mon, 27 Feb 2023 21:17:59 GMT

Hello Andrew,

Confirmed in house. Bug has been raised and being worked.

Thanks.

Re: PSIRT OpenVulnQuery API - Advisory dates not accurate

PR Oxman — Fri, 03 Mar 2023 03:23:14 GMT

Hello Andrew,

Whilst we haven't found the root cause as yet; the data has been refreshed and now should be accurate.

Checked the data for the past 3 years and there a few more we will get fixed up; but the rest look good.

Let us know if you spot any other concerns.

Thanks.

Re: PSIRT OpenVulnQuery API - Advisory dates not accurate

marco.kitz — Fri, 03 Mar 2023 09:35:03 GMT

Hello PR Oxman,
today we found a further advisory ID 'cisco-sa-finesse-proxy-dos-vY5dQhrV' where we saw the same topic.
Regards
Marco

Re: PSIRT OpenVulnQuery API - Advisory dates not accurate

PR Oxman — Tue, 07 Mar 2023 02:58:02 GMT

Hello Marco,

That looks correct:

"firstPublished": "2023-03-01T16:00:00",
"lastUpdated": "2023-03-02T20:35:00",

What do you believe is the issue?

Thanks.

Re: PSIRT OpenVulnQuery API - Advisory dates not accurate

marco.kitz — Tue, 07 Mar 2023 05:41:42 GMT

Hi PR Oxman,

when I send my first reply it looks like "firstPublished": "2023-03-02T00:00:00", "lastUpdated": "2023-03-02T00:00:00", but meanwhile it was corrected.

Regards
Marco

Re: PSIRT OpenVulnQuery API - Advisory dates not accurate

Andrew K — Tue, 19 Sep 2023 23:28:52 GMT

Hi Oxman,

Re-opening this thread as the same issue was discovered on a different advisory "cisco-sa-asaftd-ravpn-auth-8LyfCkeC". The advisory on the site lists as "2023 September 11 18:21 GMT" while the date from the API is listed as " 'lastUpdated': '2023-09-12T01:21:34'".

Has there been any progress made in the potential cause of this inconsistency?

Thank you,

Andrew

Re: PSIRT OpenVulnQuery API - Advisory dates not accurate

PR Oxman — Wed, 20 Sep 2023 23:04:37 GMT

Hello Andrew,

For actual bugs with the API it may be best to email openvuln@cisco.com.

We have synced the data again, so it should be correct, but still have not isolated the root cause. Will update here once it is known.

Thanks.

Re: PSIRT OpenVulnQuery API - Advisory dates not accurate

Andrew K — Mon, 25 Sep 2023 16:37:27 GMT

Hi Oxman,
Unfortunately the date still appears as if it was last updated on the 12th.
I pulled this request today September 25th 2023.
{'advisoryId': 'cisco-sa-asaftd-ravpn-auth-8LyfCkeC',
'advisoryTitle': 'Cisco Adaptive Security Appliance Software and Firepower '
'Threat Defense Software Remote Access VPN Unauthorized '
'Access Vulnerability',
'bugIDs': ['CSCwh23100', 'CSCwh45108'],
'csafUrl': 'https://sec.cloudapps.cisco.com/security/center/contentjson/CiscoSecurityAdvisory/cisco-sa-asaftd-ravpn-auth-8LyfCkeC/csaf/cisco-sa-asaftd-ravpn-auth-8LyfCkeC.json',
'cves': ['CVE-2023-20269'],
'cvrfUrl': 'https://sec.cloudapps.cisco.com/security/center/contentxml/CiscoSecurityAdvisory/cisco-sa-asaftd-ravpn-auth-8LyfCkeC/cvrf/cisco-sa-asaftd-ravpn-auth-8LyfCkeC_cvrf.xml',
'cvssBaseScore': '5.0',
'cwe': ['CWE-288'],
'firstPublished': '2023-09-06T23:00:00',
'ipsSignatures': ['NA'],
'lastUpdated': '2023-09-12T01:21:34',

Re: PSIRT OpenVulnQuery API - Advisory dates not accurate

Andrew K — Mon, 25 Sep 2023 16:38:46 GMT

Hi Oxman,

Unfortunately the date still appears as if it was last updated on the 12th.

I pulled this request today September 25th 2023.

---------------------------------------------------------

{'advisoryId': 'cisco-sa-asaftd-ravpn-auth-8LyfCkeC',

'advisoryTitle': 'Cisco Adaptive Security Appliance Software and Firepower '

'Threat Defense Software Remote Access VPN Unauthorized '

'Access Vulnerability',

'bugIDs': ['CSCwh23100', 'CSCwh45108'],

'csafUrl': 'https://sec.cloudapps.cisco.com/security/center/contentjson/CiscoSecurityAdvisory/cisco-sa-asaftd-ravpn-auth-8LyfCkeC/csaf/cisco-sa-asaftd-ravpn-auth-8LyfCkeC.json',

'cves': ['CVE-2023-20269'],

'cvrfUrl': 'https://sec.cloudapps.cisco.com/security/center/contentxml/CiscoSecurityAdvisory/cisco-sa-asaftd-ravpn-auth-8LyfCkeC/cvrf/cisco-sa-asaftd-ravpn-auth-8LyfCkeC_cvrf.xml',

'cvssBaseScore': '5.0',

'cwe': ['CWE-288'],

'firstPublished': '2023-09-06T23:00:00',

'ipsSignatures': ['NA'],

'lastUpdated': '2023-09-12T01:21:34',

---------------------------------------------------------

Re: PSIRT OpenVulnQuery API - Advisory dates not accurate

Darren Parkinson — Fri, 09 Feb 2024 10:05:35 GMT

I've also experienced this issue several times. Again today. Logged it on github too: https://github.com/CiscoPSIRT/openVulnAPI/issues/94

Re: PSIRT OpenVulnQuery API - Advisory dates not accurate

PR Oxman — Sun, 11 Feb 2024 22:06:16 GMT

Hello Darren,

I will reply to your email to openvuln@cisco.com. Be aware that https://github.com/CiscoPSIRT/openVulnAPI/issues is for issues in the OpenVulnQuery client, not the API data.

Thanks.