07-03-2018 08:19 AM
Hi,
I'm using openVuln API to provide with the ability to correlate Cisco vulnerabilities with the IOS / IOS-XE versions from our inventory.
At the moment, the report is just informative in the sense that we can see for a particular vulnerability, which device(s) are potentially affected.
Now I used the words "informative" and "potentially affected" because it's not clear how I can accurately determine that the device is really affected.
Example with this one: https://bst.cloudapps.cisco.com/bugsearch/bug/CSCut77619
Ok, all my devices are running NTP so at first I would believe all my devices are affected. However, the note mentions you're only affected IF you're running symmetric keys for NTP authentication...which I don't.
I can programmatically create some rules to check it against my config DB but this seems a very tedious task for each vulnerability with different remediation actions
Is there any 3rd party tool or feature on IOS-XE that would allow to check that in an automated fashion ?
Thanks in advance.
Solved! Go to Solution.
07-03-2018 08:28 AM
Hi Sebastien,
The API only provides affected/fixed version information, not configuration checks. On the other hand, there are a few ways that you can do a configuration check:
1. OVAL: CIS now has all of the OVAL definitions for IOS/XE vulnerabilities at: https://oval.cisecurity.org/repository/download
You can download them and use tools like Joval or parse the XML files for automated configuration checks.
Please also note the following:
Update Regarding OVAL Definitions by Cisco
2. Cisco Business Critical Services also provide this for you in an automated report. https://www.cisco.com/c/en/us/services/optimization.html
Hope this helps.
Omar
07-03-2018 08:28 AM
Hi Sebastien,
The API only provides affected/fixed version information, not configuration checks. On the other hand, there are a few ways that you can do a configuration check:
1. OVAL: CIS now has all of the OVAL definitions for IOS/XE vulnerabilities at: https://oval.cisecurity.org/repository/download
You can download them and use tools like Joval or parse the XML files for automated configuration checks.
Please also note the following:
Update Regarding OVAL Definitions by Cisco
2. Cisco Business Critical Services also provide this for you in an automated report. https://www.cisco.com/c/en/us/services/optimization.html
Hope this helps.
Omar
07-03-2018 08:57 AM
Hi Omar,
Thanks for the details.
I'll look at parsing the OVAL file to correlate accurately.
Regards,
Sebastien
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide