Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
313
Views
0
Helpful
2
Replies

PSIRT OpenVuln API: Versions not found in CSAF

emanuele-disalvia
Level 1
Level 1

‎05-28-2024 02:35 AM

Hi,

I am using the PSIRT APIs to fetch data from IOS, IOS XE, IOS XR, and NX OS. Through the API, I retrieve the CSAF URL and download the associated JSON. However, there is some missing information regarding which versions are vulnerable to the relevant advisories.

Here are some examples:

Screenshot from 2024-05-28 10-16-34.png

This image represents the CSAF JSON file of cisco-sa-snmp-uwBXfqww. As you can see, the information about product versions is displayed. However, in some cases, the versions are not specified in the CSAF. Specifically, for IOS XR, none of the versions are displayed. Here’s an example of a CSAF JSON file for cisco-sa-iosxr-ipxe-sigbypass-pymfyqgB:

emanueledisalvia_0-1716887674371.png

To achieve what I want, I actually need those versions. So my question is: If I encounter cases where these versions are missing, how should I handle them? Should it be interpreted as "All versions of this family are affected"?

Thank you

Emanuele Di Salvia

0 Helpful
2 Replies 2

Torbjørn
Spotlight
Spotlight

‎05-28-2024 04:08 AM

Hi @emanuele-disalvia,

The "versions affected" data seems to be provided by Cisco Software Checker, which currently only supports checking versions of the following OSes: ASA, FMC, FTD, FXOS, IOS, IOS XE, NX-OS. AFAIK there is no other API that will give you the same information for IOS XR.

How to handle this comes down to your specific application/program. I believe you will either have to interpret it as "all versions are affected", or you will have to either display/parse the "Fixed releases" potion of each IOS XR advisory.

Happy to help! Please mark as helpful/solution if applicable.
Get in touch: https://torbjorn.dev
0 Helpful

PR Oxman
Cisco Employee
Cisco Employee

‎05-28-2024 02:50 PM

Hello,

   Today it is fair to say that Cisco only populates the affected version information in CSAF for products that are supported by Software Checker - IOS, IOS-XE, Cisco ASA, FMC, FTD, FXOS, IOS, IOS XE, NX-OS and NX-OS in ACI Mode.

   For all other products the CSAF product tree only indicates the affected product. The affected and fixed releases are typically presented in a table in the Fixed Software portion of the advisory. So if you have a product family with no product versions you need to flag for manual inspection of the advisory/CSAF.

   Cisco are considering opening this up for all products (no timeframe), but for all other products it would be a snapshot only at the time of publication, rather than a dynamically updated CSAF.

Thanks.

 

 

 

 

0 Helpful
Customers Also Viewed These Support Documents