cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
470
Views
7
Helpful
4
Replies
Beginner

Can I grab the first fix info to -all calls

Can I grab the first fix info from the https://api.cisco.com/security/advisories/all itself I see all the attributes like advisory_id and details on it except for first fixed version, can I get this value added too.

4 REPLIES 4
Cisco Employee

Re: Can I grab the first fix info to -all calls

Hi Srikanth,

The first_fixed is available for IOS and IOS-XE advisories. This is part of the integration with IOS Software Checker.

The following are the two methods:


The following is an example using the openVulnQuery client:


bash-3.2$ openVulnQuery --ios 15.6\(2\)SP

[

    {

        "advisory_id": "cisco-sa-20170927-dhcp",

        "advisory_title": "Cisco IOS and IOS XE Software DHCP Remote Code Execution Vulnerability",

        "bug_ids": [

            "CSCsm45390",

            "CSCuw77959"

        ],

        "cves": [

            "CVE-2017-12240"

        ],

        "cvrf_url": null,

        "cvss_base_score": "9.8",

        "cwe": [

            "CWE-20"

        ],

        "first_fixed": [

            "15.6(2)SP3"

        ],

        "first_published": "2017-09-27T16:00:00-0500",

        "ios_release": [

            "15.6(2)SP"

        ],

        "last_updated": "2017-09-29T21:26:36-0500",

        "oval_url": "NA",

        "product_names": [

            "Cisco IOS 12.1 12.1(12)",

            "Cisco IOS 12.1 12.1(1c)",

            "Cisco IOS 12.1 12.1(14)",

            "Cisco IOS 12.1 12.1(2a)",

            "Cisco IOS 12.1 12.1(7)",

            "Cisco IOS 12.1 12.1(9)",

            "Cisco IOS 12.1 12.1(4a)",

            "Cisco IOS 12.1 12.1(3b)",

            "Cisco IOS 12.1 12.1(11a)",

            "Cisco IOS 12.1 12.1(5b)",

            "Cisco IOS 12.1 12.1(6)",

            "Cisco IOS 12.1 12.1(4b)",

            "Cisco IOS 12.1 12.1(12a)",

            "Cisco IOS 12.1 12.1(11b)",

            "Cisco IOS 12.1 12.1(5)",

            "Cisco IOS 12.1 12.1(16)",

            "Cisco IOS 12.1 12.1(12c)",

            "Cisco IOS 12.1 12.1(8b)",

            "Cisco IOS 12.1 12.1(13)",

            "Cisco IOS 12.1 12.1(7a)",

            "Cisco IOS 12.1 12.1(7b)",

            "Cisco IOS 12.1 12.1(13a)",

<<output omitted for brevity >>

The following is an example filtering and displaying the advisory ID, security impact rating (SIR), and first_fixed release:

bash-3.2$ openVulnQuery --ios 15.6\(2\)SP -f advisory_id sir first_fixed

[

    {

        "advisory_id": "cisco-sa-20170927-dhcp",

        "first_fixed": [

            "15.6(2)SP3"

        ],

        "sir": "Critical"

    },

    {

        "advisory_id": "cisco-sa-20170927-ike",

        "first_fixed": [

            "15.6(2)SP3"

        ],

        "sir": "High"

    },

    {

        "advisory_id": "cisco-sa-20170927-pnp",

        "first_fixed": [

            "15.6(2)SP3"

        ],

        "sir": "High"

    },

    {

        "advisory_id": "cisco-sa-20170927-nat",

        "first_fixed": [

            "15.6(2)SP3"

        ],

        "sir": "High"

    },

    {

        "advisory_id": "cisco-sa-20170727-ospf",

        "first_fixed": [

            "15.6(2)SP1c",

            "15.6(2)SP2a",

            "15.6(2)SP3"

        ],

        "sir": "Medium"

    },

    {

        "advisory_id": "cisco-sa-20170320-ani",

        "first_fixed": [

            "15.6(2)SP1b",

            "15.6(2)SP2"

        ],

        "sir": "High"

    },

    {

        "advisory_id": "cisco-sa-20170320-aniipv6",

        "first_fixed": [

            "15.6(2)SP1b",

            "15.6(2)SP2"

        ],

        "sir": "High"

    },

    {

        "advisory_id": "cisco-sa-20160916-ikev1",

        "first_fixed": [

            "15.6(2)SP1b",

            "15.6(2)SP2"

        ],

        "sir": "High"

    },

    {

        "advisory_id": "cisco-sa-20160525-ipv6",

        "first_fixed": [

            "15.6(2)SP1"

        ],

        "sir": "High"

    }

]

Beginner

Re: Can I grab the first fix info to -all calls

Thanks Omar for the detailed explanation,


I was able to see that in there  advisories/ios?version=<<IOS version>>


But would like to check if -all returns this value along with other attributes, instead of running the same command for all the version of devices in the network


Please advise

qdS Beginner
Beginner

Re: Can I grab the first fix info to -all calls

Hi Omar,

I noted several post requesting the same enhancement in the forums, that is, a method to retrieve the first fixed (or combined first fixed) to the "--all parameter" in the openVulnquery. All the posts seem to be quite aged now and I did'nt find any post mentioning the release of this enhancement. Any news on it?

I have noted we can still get the first fixed by requesting the info by "os version", but beside imposing an API call for each version it seems limited to IOS /IOS XE. What about NX-OS producs ?

Could you kindly update the status of this topics ?


Thanks

Cisco Employee

Re: Can I grab the first fix info to -all calls

Detailed version information is only supported for Cisco IOS and XE at the moment. NX-OS will be supported by the end of this calendar year. Our business critical services do provide support for many different platforms and manage the device inventory for you. If you are a business critical services customer, please work with your support team and they should be able to help you out. https://www.cisco.com/c/en/us/services/optimization.html

CreatePlease to create content
Content for Community-Ad
July's Community Spotlight Awards