Re: Can I grab the first fix info to -all calls

srikanthtoleti · ‎10-10-2017

Can I grab the first fix info from the https://api.cisco.com/security/advisories/all itself I see all the attributes like advisory_id and details on it except for first fixed version, can I get this value added too.

Omar Santos · ‎10-10-2017

Hi Srikanth,

The first_fixed is available for IOS and IOS-XE advisories. This is part of the integration with IOS Software Checker.

The following are the two methods:

https://api.cisco.com/security/advisories/ios?version=<<IOS version>>
https://api.cisco.com/security/advisories/iosxe?version=<<IOS XE version>>

The following is an example using the openVulnQuery client:

bash-3.2$ openVulnQuery --ios 15.6$2$SP

[

    {

        "advisory_id": "cisco-sa-20170927-dhcp",

        "advisory_title": "Cisco IOS and IOS XE Software DHCP Remote Code Execution Vulnerability",

        "bug_ids": [

            "CSCsm45390",

            "CSCuw77959"

        ],

        "cves": [

            "CVE-2017-12240"

        ],

        "cvrf_url": null,

        "cvss_base_score": "9.8",

        "cwe": [

            "CWE-20"

        ],

        "first_fixed": [

            "15.6(2)SP3"

        ],

        "first_published": "2017-09-27T16:00:00-0500",

        "ios_release": [

            "15.6(2)SP"

        ],

        "last_updated": "2017-09-29T21:26:36-0500",

        "oval_url": "NA",

        "product_names": [

            "Cisco IOS 12.1 12.1(12)",

            "Cisco IOS 12.1 12.1(1c)",

            "Cisco IOS 12.1 12.1(14)",

            "Cisco IOS 12.1 12.1(2a)",

            "Cisco IOS 12.1 12.1(7)",

            "Cisco IOS 12.1 12.1(9)",

            "Cisco IOS 12.1 12.1(4a)",

            "Cisco IOS 12.1 12.1(3b)",

            "Cisco IOS 12.1 12.1(11a)",

            "Cisco IOS 12.1 12.1(5b)",

            "Cisco IOS 12.1 12.1(6)",

            "Cisco IOS 12.1 12.1(4b)",

            "Cisco IOS 12.1 12.1(12a)",

            "Cisco IOS 12.1 12.1(11b)",

            "Cisco IOS 12.1 12.1(5)",

            "Cisco IOS 12.1 12.1(16)",

            "Cisco IOS 12.1 12.1(12c)",

            "Cisco IOS 12.1 12.1(8b)",

            "Cisco IOS 12.1 12.1(13)",

            "Cisco IOS 12.1 12.1(7a)",

            "Cisco IOS 12.1 12.1(7b)",

            "Cisco IOS 12.1 12.1(13a)",

<<output omitted for brevity >>

The following is an example filtering and displaying the advisory ID, security impact rating (SIR), and first_fixed release:

bash-3.2$ openVulnQuery --ios 15.6$2$SP -f advisory_id sir first_fixed

[

    {

        "advisory_id": "cisco-sa-20170927-dhcp",

        "first_fixed": [

            "15.6(2)SP3"

        ],

        "sir": "Critical"

    },

    {

        "advisory_id": "cisco-sa-20170927-ike",

        "first_fixed": [

            "15.6(2)SP3"

        ],

        "sir": "High"

    },

    {

        "advisory_id": "cisco-sa-20170927-pnp",

        "first_fixed": [

            "15.6(2)SP3"

        ],

        "sir": "High"

    },

    {

        "advisory_id": "cisco-sa-20170927-nat",

        "first_fixed": [

            "15.6(2)SP3"

        ],

        "sir": "High"

    },

    {

        "advisory_id": "cisco-sa-20170727-ospf",

        "first_fixed": [

            "15.6(2)SP1c",

            "15.6(2)SP2a",

            "15.6(2)SP3"

        ],

        "sir": "Medium"

    },

    {

        "advisory_id": "cisco-sa-20170320-ani",

        "first_fixed": [

            "15.6(2)SP1b",

            "15.6(2)SP2"

        ],

        "sir": "High"

    },

    {

        "advisory_id": "cisco-sa-20170320-aniipv6",

        "first_fixed": [

            "15.6(2)SP1b",

            "15.6(2)SP2"

        ],

        "sir": "High"

    },

    {

        "advisory_id": "cisco-sa-20160916-ikev1",

        "first_fixed": [

            "15.6(2)SP1b",

            "15.6(2)SP2"

        ],

        "sir": "High"

    },

    {

        "advisory_id": "cisco-sa-20160525-ipv6",

        "first_fixed": [

            "15.6(2)SP1"

        ],

        "sir": "High"

    }

]

srikanthtoleti · ‎10-10-2017

Thanks Omar for the detailed explanation,

I was able to see that in there advisories/ios?version=<<IOS version>>

But would like to check if -all returns this value along with other attributes, instead of running the same command for all the version of devices in the network

Please advise

qdS · ‎06-26-2018

Hi Omar,

I noted several post requesting the same enhancement in the forums, that is, a method to retrieve the first fixed (or combined first fixed) to the "--all parameter" in the openVulnquery. All the posts seem to be quite aged now and I did'nt find any post mentioning the release of this enhancement. Any news on it?

I have noted we can still get the first fixed by requesting the info by "os version", but beside imposing an API call for each version it seems limited to IOS /IOS XE. What about NX-OS producs ?

Could you kindly update the status of this topics ?

Thanks

Omar Santos · ‎07-03-2018

Detailed version information is only supported for Cisco IOS and XE at the moment. NX-OS will be supported by the end of this calendar year. Our business critical services do provide support for many different platforms and manage the device inventory for you. If you are a business critical services customer, please work with your support team and they should be able to help you out. https://www.cisco.com/c/en/us/services/optimization.html