cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1627
Views
5
Helpful
10
Replies

OpenVuln API search for explanation about the values into the Product Name attribute

Chris-CCO
Level 1
Level 1

Hello,

I am using your OpenVuln API ( https://api.cisco.com/security/advisories/all )
and in the result appears an attribute called "Product Names".

 

I am analyzing the values and I would like to have some precision in some case.

 

For example I encounter the value = " Cisco IOS 15.0EG 15.0(2)EG"

As you can see, there is three part :

- 1st part = Cisco IOS

- 2sd part = 15.0EG

- 3rd part = 15.0(2)EG

 

My question is : How should I consider the second part : is it a real value of IOS version or is it just a family of IOS version ?

 

Many thanks in advance for your response

Regards

Chris

1 Accepted Solution

Accepted Solutions

Hi,

 

When you see the version values next to the Cisco IOS or Cisco IOS XE Software product names, the first software version is the major release (train), the second value is the specific version on that train that is affected. 

 

If you use the IOS/IOSXE software checker functionality, you should also get the first fixed release for a given version. Example queries are here: 

https://developer.cisco.com/docs/psirt/#!api-reference/querying-by-a-given-cisco-ios-software-version

 

Hope this helps,

Omar

 

 

View solution in original post

10 Replies 10

Seb Rupik
VIP Alumni
VIP Alumni

Hi Chris,

Each element in the ProductNames list should each be prefixed with "Cisco IOS". What you are showing looks like two different versions. Is there no comma between them?

Can you share the entire response?

 

cheers,

Seb.

Hi Seb,

The entire response for and advisoryID is, for example :

"productNames":[a lot of values before..... ,"Cisco IOS 15.0EG 15.0(2)EG", ... a lot of values after]

 

Many thanks in advance

Chris

Can you share the advisory ID ?

 

I've not come across one which list a productName in that format. I wonder if the same product name appears on the cisco security website: https://tools.cisco.com/security/center/publicationListing.x

 

cheers,

Seb.

Hello Seb,

Sorry for the delay but I was in vacation

You will see in the ProductName attribute : "Cisco IOS 15.0EG 15.0(2)EG"

In the following example of advisoryID : "cisco-sa-20160127-ntpd"

Many thanks in advance for your support

Regards
Chris

 

Welcome back Chris. 

Well seeing is believing and you are right. I did a quick check of some other advisoryIDs and found most in the 'standard' format, but then came across cisco-sa-20190327-xecmd which has the same 'Cisco IOS <train> <revision>' format.

 

TBH I only ever search on IOS version so I've not seen this before, perhaps @Omar Santos can shed some light.

 

cheers,

Seb.

Do you have any news from your colleague or from the dev team?

 

Many thanks in advance because I am still waiting for a response in order to use correctmy the response of you API.

 

Chris

Hi Chris,

Assuming @Omar Santos has his notifications switched on he should get an email indicating he was mentioned in a post. It is an imprecise way of calling in support from cisco on this forum!

Maybe he is just on holiday?

 

 

Hello Seb,

I don't really understand you point.

The only contact I have now is you.

You have responded to me that you will have a look with Omar Santos. Who is he ?

Does he know the OpenVuln API ?

How can I get an accurate response to my question ?

Who knows exactly how the result set of your API is constructed ?

Many thanks in advance

Chris

Hi,

 

When you see the version values next to the Cisco IOS or Cisco IOS XE Software product names, the first software version is the major release (train), the second value is the specific version on that train that is affected. 

 

If you use the IOS/IOSXE software checker functionality, you should also get the first fixed release for a given version. Example queries are here: 

https://developer.cisco.com/docs/psirt/#!api-reference/querying-by-a-given-cisco-ios-software-version

 

Hope this helps,

Omar

 

 

Yes, thanks  !

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: