Older IOS-XE version API call failure

DanielRut · ‎03-12-2025

Dear Cisco Community,

Currently I am using the PSIRT openVuln API to fetch the latest CVEs for our IOS versions.
The versions are gathered straight from the devices itself. (output from "sh ver")
On some older hardware we are using "Cisco IOS XE Software, Version 03.16.02.S"
However the API returns with, when using the same format.

https://apix.cisco.com/security/advisories/v2/OSType/iosxe?version=03.16.02.S
{
"errorCode": "INVALID_IOSXE_VERSION",
"errorMessage": "IOSXE version not found"
}

It works if I remove the "." before the "S" at the end.
https://apix.cisco.com/security/advisories/v2/OSType/iosxe?version=03.16.02S

{
"advisories": [
{
.
}

Would it possible to fix it in the future and have an advisory response for the ".S" format?

(Apologies it this has been answered already. )

Cheers
Dan

bigevilbeard · ‎03-12-2025

Might be best to contact the team directly for this? psirt@cisco.com or via apix-support@cisco.com

Please mark this as helpful or solution accepted to help others
Connect with me https://bigevilbeard.github.io

DanielRut · ‎03-12-2025

Thanks, will contact them.

PR Oxman · ‎03-12-2025

Hi Daniel,

We have your message; dev will look at this to see if it's something we will implement.

Personally I use the CSAF format of the XE versions to avoid any issues. In this case: 3.16.2S

Will update this posting once dev have reviewed.

Thanks.

PR Oxman · ‎03-13-2025

Hello,

An update:

Dev looked at this and under normal circumstances, version names do not contain a period (".") before letters. As this is an isolated case which should not reoccur, we are not planning to add a fix at this time.

As mentioned above; grab the CSAF format; you can pull the versions via:

{{BASE_DOMAIN}}{{BASE_URI}}/OS_version/OS_data?OSType=iosxe

Where you have a different from the show version output you could build a routine to normalise to the matching format as per the above endpoint.

HTH