05-03-2019 05:01 AM
Hello,
I am using your OpenVuln API ( https://api.cisco.com/security/advisories/all )
and in the result appears an attribute called "Product Names".
I am analyzing the values and I would like to have some precision in some case.
For example I encounter the value = " Cisco IOS 15.0EG 15.0(2)EG"
As you can see, there is three part :
- 1st part = Cisco IOS
- 2sd part = 15.0EG
- 3rd part = 15.0(2)EG
My question is : How should I consider the second part : is it a real value of IOS version or is it just a family of IOS version ?
Many thanks in advance for your response
Regards
Chris
Solved! Go to Solution.
06-11-2019 06:46 AM
Hi,
When you see the version values next to the Cisco IOS or Cisco IOS XE Software product names, the first software version is the major release (train), the second value is the specific version on that train that is affected.
If you use the IOS/IOSXE software checker functionality, you should also get the first fixed release for a given version. Example queries are here:
Hope this helps,
Omar
05-03-2019 05:56 AM
Hi Chris,
Each element in the ProductNames list should each be prefixed with "Cisco IOS". What you are showing looks like two different versions. Is there no comma between them?
Can you share the entire response?
cheers,
Seb.
05-03-2019 08:59 AM
Hi Seb,
The entire response for and advisoryID is, for example :
"productNames":[a lot of values before..... ,"Cisco IOS 15.0EG 15.0(2)EG", ... a lot of values after]
Many thanks in advance
Chris
05-06-2019 11:15 PM
Can you share the advisory ID ?
I've not come across one which list a productName in that format. I wonder if the same product name appears on the cisco security website: https://tools.cisco.com/security/center/publicationListing.x
cheers,
Seb.
05-08-2019 11:38 PM
Hello Seb,
Sorry for the delay but I was in vacation
You will see in the ProductName attribute : "Cisco IOS 15.0EG 15.0(2)EG"
In the following example of advisoryID : "cisco-sa-20160127-ntpd"
Many thanks in advance for your support
Regards
Chris
05-09-2019 12:37 AM
Welcome back Chris.
Well seeing is believing and you are right. I did a quick check of some other advisoryIDs and found most in the 'standard' format, but then came across cisco-sa-20190327-xecmd which has the same 'Cisco IOS <train> <revision>' format.
TBH I only ever search on IOS version so I've not seen this before, perhaps @Omar Santos can shed some light.
cheers,
Seb.
06-10-2019 11:35 PM
Do you have any news from your colleague or from the dev team?
Many thanks in advance because I am still waiting for a response in order to use correctmy the response of you API.
Chris
06-11-2019 12:14 AM
Hi Chris,
Assuming @Omar Santos has his notifications switched on he should get an email indicating he was mentioned in a post. It is an imprecise way of calling in support from cisco on this forum!
Maybe he is just on holiday?
06-11-2019 12:31 AM
Hello Seb,
I don't really understand you point.
The only contact I have now is you.
You have responded to me that you will have a look with Omar Santos. Who is he ?
Does he know the OpenVuln API ?
How can I get an accurate response to my question ?
Who knows exactly how the result set of your API is constructed ?
Many thanks in advance
Chris
06-11-2019 06:46 AM
Hi,
When you see the version values next to the Cisco IOS or Cisco IOS XE Software product names, the first software version is the major release (train), the second value is the specific version on that train that is affected.
If you use the IOS/IOSXE software checker functionality, you should also get the first fixed release for a given version. Example queries are here:
Hope this helps,
Omar
06-11-2019 07:18 AM
Yes, thanks !
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: