Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
7968
Views
12
Helpful
2
Replies

openVuln API - How do I know I'm really affected ?

Go to solution
lucabrasi
Level 1
Level 1

‎07-03-2018 08:19 AM

Hi,

I'm using openVuln API to provide with the ability to correlate Cisco vulnerabilities with the IOS / IOS-XE versions from our inventory.

At the moment, the report is just informative in the sense that we can see for a particular vulnerability, which device(s) are potentially affected.

Now I used the words "informative" and "potentially affected" because it's not clear how I can accurately determine that the device is really affected.

Example with this one: https://bst.cloudapps.cisco.com/bugsearch/bug/CSCut77619

Ok, all my devices are running NTP so at first I would believe all my devices are affected. However, the note mentions you're only affected IF you're running symmetric keys for NTP authentication...which I don't.

I can programmatically create some rules to check it against my config DB but this seems a very tedious task for each vulnerability with different remediation actions

Is there any 3rd party tool or feature on IOS-XE that would allow to check that in an automated fashion ?

Thanks in advance.

1 Accepted Solution

Accepted Solutions

Go to solution
Omar Santos
Cisco Employee
Cisco Employee

‎07-03-2018 08:28 AM

Hi Sebastien,

The API only provides affected/fixed version information, not configuration checks. On the other hand, there are a few ways that you can do a configuration check:

1. OVAL: CIS now has all of the OVAL definitions for IOS/XE vulnerabilities at: https://oval.cisecurity.org/repository/download

You can download them and use tools like Joval or parse the XML files for automated configuration checks.

Please also note the following:

Update Regarding OVAL Definitions by Cisco

2. Cisco Business Critical Services also provide this for you in an automated report. https://www.cisco.com/c/en/us/services/optimization.html

Hope this helps.

Omar

View solution in original post

2 Replies 2

Go to solution
Omar Santos
Cisco Employee
Cisco Employee

‎07-03-2018 08:28 AM

Hi Sebastien,

The API only provides affected/fixed version information, not configuration checks. On the other hand, there are a few ways that you can do a configuration check:

1. OVAL: CIS now has all of the OVAL definitions for IOS/XE vulnerabilities at: https://oval.cisecurity.org/repository/download

You can download them and use tools like Joval or parse the XML files for automated configuration checks.

Please also note the following:

Update Regarding OVAL Definitions by Cisco

2. Cisco Business Critical Services also provide this for you in an automated report. https://www.cisco.com/c/en/us/services/optimization.html

Hope this helps.

Omar

Go to solution
lucabrasi
Level 1
Level 1

‎07-03-2018 08:57 AM

Hi Omar,

Thanks for the details.

I'll look at parsing the OVAL file to correlate accurately.

Regards,

Sebastien

0 Helpful
Customers Also Viewed These Support Documents