ciscopsirt / openvulnapi Goto Github PK
View Code? Open in Web Editor NEWDocumentation and Tools for Cisco's PSIRT openVuln API
Home Page: https://developer.cisco.com/psirt/
License: MIT License
Documentation and Tools for Cisco's PSIRT openVuln API
Home Page: https://developer.cisco.com/psirt/
License: MIT License
It appears to be an issue with a leading zero "0". For example, I also get the same error using the Python client (openVulnQuery).
omar@omar:~$ **openVulnQuery --ios_xe 03\.16\.7S**
Traceback (most recent call last):
File "/usr/local/bin/openVulnQuery", line 11, in <module>
sys.exit(main())
File "/usr/local/lib/python2.7/dist-packages/openVulnQuery/main.py", line 147, in main
advisories = query_client_func(api_resource_value)
File "/usr/local/lib/python2.7/dist-packages/openVulnQuery/query_client.py", line 110, in get_by_ios_xe
raise requests.exceptions.HTTPError(e.response.status_code, e.response.text)
requests.exceptions.HTTPError: [Errno 406] {"errorCode":"**INVALID_IOSXE_VERSION","errorMessage":"IOSXE version not found"}**
However, when I take out the leading zero, I get results (see below).
This issue is an enhancement request for the API to support any leading zero's in an IOS-XE version.
omar@omar:~$ **openVulnQuery --ios_xe 3\.16\.7S**
[
{
"advisory_id": "cisco-sa-20170726-aniacp",
"advisory_title": "Cisco IOS and IOS XE Software Autonomic Control Plane Channel Information Disclosure Vulnerability",
"bug_ids": [
"CSCvd51214"
],
"cves": [
"CVE-2017-6665"
],
"cvrf_url": null,
"cvss_base_score": "7.4",
"cwe": [
"CWE-200"
],
"first_fixed": [
""
],
"first_published": "2017-07-26T16:00:00-0500",
"ios_release": [
"3.16.7S"
],
"last_updated": "2017-07-26T16:00:00-0500",
"oval_url": "NA",
"product_names": [
"Cisco IOS 15.3S 15.3(3)S",
"Cisco IOS 15.3S 15.3(3)S1",
"Cisco IOS 15.3S 15.3(3)S2",
"Cisco IOS 15.3S 15.3(3)S3",
"Cisco IOS 15.3S 15.3(3)S6",
"Cisco IOS 15.3S 15.3(3)S4",
"Cisco IOS 15.3S 15.3(3)S1a",
"Cisco IOS 15.3S 15.3(3)S5",
"Cisco IOS 15.3S 15.3(3)S7",
"Cisco IOS 15.3S 15.3(3)S8",
"Cisco IOS 15.3S 15.3(3)S9",
"Cisco IOS 15.3S 15.3(3)S10",
"Cisco IOS 15.3S 15.3(3)S8a",
"Cisco IOS 15.2E 15.2(3)E",
"Cisco IOS 15.2E 15.2(4)E",
"Cisco IOS 15.2E 15.2(3)E1",
"Cisco IOS 15.2E 15.2(3)E2",
"Cisco IOS 15.2E 15.2(3a)E",
"Cisco IOS 15.2E 15.2(3a)E1",
"Cisco IOS 15.2E 15.2(3)E3",
"Cisco IOS 15.2E 15.2(3m)E2",
"Cisco IOS 15.2E 15.2(4)E1",
"Cisco IOS 15.2E 15.2(3m)E3",
"Cisco IOS 15.2E 15.2(4)E2",
"Cisco IOS 15.2E 15.2(3m)E6",
"Cisco IOS 15.2E 15.2(3)E4",
"Cisco IOS 15.2E 15.2(5)E",
"Cisco IOS 15.2E 15.2(4)E3",
"Cisco IOS 15.2E 15.2(5a)E",
<output omitted for brevity>
Update client code examples in Ruby to reflect the new simplified API methods.
My environment is CentOS7.5 and I installed openVulnQuery in Python2.7.15 created in vurtualenv environment.
1, pip install openVulnQuery
2, make credential.json
3, make API calls via commend below
openVulnQuery --config PathToCredentialsFile --Advisory Type --API Filters --Parsing Fields --Output Format -Count
4, cannot receive expected messages from prompt
Could you tell me the way to solve this situation? Sorry about my poor English and insufficient information.
We would like a reliable way to check a list of products that we have against the openvuln API using the query by product name GET /security/advisories/product/{product_keyword}
.
At present, I don't see how I could reliably retrieve a list of Product Keywords that I could match against given a list of SKUs for example?
Ideally we would be able to use a product SKU in the product keyword, or have some way of associating a SKU with a product keyword? Further to that, it would be useful to specify the product SKU AND the version to check for matching vulnerabilities.
Many thanks for any feedback you can provide.
Hello,
I use the API to retrieve information from an advisory by parsing the "summary" section of the json output.
My problem is sometimes I don't have enough information in this section because most of it is stored in the "Details" section of an advisory. Example : https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-webui-priv-esc-K8zvEWM
I can't find a way to retrieve information from this section without using the CVRF.
Do you plan to add this section to the API in the future ?
This may not be a openVulnQuery client problem, but needs to be investigated in parallel, in case the client needs to be updated (if it is a bug in the API).
Could we be able to search with the ASA version number instead of ASA as a product like below?
openVulnQuery --config credentials.json --product asa
Currently searching for IOS releases:
openVulnQuery --config credentials.json --ios "12.2(25)SEE2" -f sir cves first_fixed publication_url advisory_id advisory_title bug_ids last_updated first_published cvss_base_score ios_release --csv test.csv
Proposed ASA search:
openVulnQuery --config credentials.json --asa "9.8(2)24" -f sir cves first_fixed publication_url advisory_id advisory_title bug_ids last_updated first_published cvss_base_score asa_release --csv test.csv
This will help me cover my entire estate and know all the latest vulnerabilities against the versions we run.
Currently the openVulnQuery (python) client points to /cvrf and /oval. Cisco no longer produces OVAL definitions. The new API resource is Change the client code to only point to https://api.cisco.com/security/advisories instead of the /cvrf /oval.
This issue is to track the changes to the openVulnQuery client and simplification.
This field is not consistent - if the list has 0 or 1 values then it is not written as a list, but rather as a single value.
cisco-sa-20151218-ios
has multiple affected versions so the export is:
{
"advisory_id": "cisco-sa-20151218-ios",
"full_product_name_list": [
"Cisco IOS 15.4(3)S",
"Cisco IOS 15.5(3)M",
"Cisco IOS 15.5(3)M1",
"Cisco IOS 15.5(1)S",
"Cisco IOS 15.5(2)S",
"Cisco IOS 15.5(3)S",
"Cisco IOS 15.5(3)S1",
"Cisco IOS 15.5(1)T",
"Cisco IOS 15.5(2)T",
"Cisco IOS 15.6(1)T0a",
"Cisco IOS XE Software 3.15S 3.15.0S",
"Cisco IOS XE Software 3.15S 3.15.1S",
"Cisco IOS XE Software 3.15S 3.15.2S",
"Cisco IOS XE Software 3.17S 3.17.0S",
"Cisco IOS XE Software 3.17S 3.17.1S",
"Cisco IOS XE Software 3.16S 3.16.0S",
"Cisco IOS XE Software 3.16S 3.16.1S"
],
},
cisco-sa-20151217-pnsc
has one affected version so the export is:
{
"advisory_id": "cisco-sa-20151217-pnsc",
"full_product_name_list": "Cisco Prime Network Services Controller 3.0.0",
},
This creates problems when parsing the JSON after an export, resulting parsing the string as a list of characters in the latter case above. Temporary fix has been to check the type, but this is not a real solution.
version_list = advisory['full_product_name_list']
if not isinstance(version_list, list):
version_list = [version_list]
I found where the problem is in the code, but as far as I can tell it'll affect all of the export so I'm not sure how to solve the issue - and it's likely that more fields are affected than this one.
Describe the bug
First fixed software versions are reported with a different data structure and naming depending on whether NXOS/ACI or IOS(XE) is used for the API query.
To Reproduce
An API query with NXOS 7.0(3)I7(8) results in
(...)
platforms:
- firstFixes:
- id: '279749'
name: 7.0(3)I7(9)
id: '265096'
name: Cisco Nexus 9000 Series Switches
vulnerabilityState: vulnerable
(...)
But an API query with IOSXE 03.16.09.S results in
(...)
firstFixed:
- 3.18.2S
(...)
Expected behavior
Since the NXOS/ACI variant allows more extensive parameters already, an adaptation of the IOS response would be desirable.
Screenshots
Desktop (please complete the following information):
Smartphone (please complete the following information):
Additional context
BTW: The API itself is worth gold and makes our work a lot easier, so I would like to thank you for your work!
But such inconsistencies should be avoided, right?
Documentation in the help (-h) option should be made a little more clear.
For instance:
--advisory API_RESOURCE | --cve API_RESOURCE | --latest API_RESOURCE | --severity API_RESOURCE | --year API_RESOURCE
should be something like:
--advisory API_RESOURCE | --cve <cve-ID> | --latest <number> | --severity [critical,high,medium or low] | --year <YYYY>
As well as the other fields below:
omar@omar:~$ openVulnQuery -h
usage: openVulnQuery [-h] (--cvrf | --oval)
(--all | --advisory API_RESOURCE | --cve API_RESOURCE | --latest API_RESOURCE | --severity API_RESOURCE | --year API_RESOURCE)
[--csv OUTPUT_FORMAT | --json OUTPUT_FORMAT] [--count]
[--fields {advisory_id,sir,first_published,last_updated,cves,cvss_base_score,advisory_title,publication_url,cwe,product_names,summary,oval_url,cvrf_url,bug_ids} [{advisory_id,sir,first_published,last_updated,cves,cvss_base_score,advisory_title,publication_url,cwe,product_names,summary,oval_url,cvrf_url,bug_ids} ...]]
Cisco OpenVuln API Command Line Interface
optional arguments:
-h, --help show this help message and exit
--cvrf Selects from cvrf advisories
--oval Selects from oval advisories
--all Retrieve all cvrf/oval advisiories
--advisory API_RESOURCE
Retrieve advisories by advisory id
--cve API_RESOURCE Retrieve advisories by cve id
--latest API_RESOURCE
Retrieve latest (number) of advisories
--severity API_RESOURCE
Retrieve advisories by severity (low, medium, high,
critical)
--year API_RESOURCE Retrieve advisories by year
--csv OUTPUT_FORMAT Output to CSV with filepath
--json OUTPUT_FORMAT Output to JSON with filepath
--count, -c Count of any field or fields
--fields {advisory_id,sir,first_published,last_updated,cves,cvss_base_score,advisory_title,publication_url,cwe,product_names,summary,oval_url,cvrf_url,bug_ids} [{advisory_id,sir,first_published,last_updated,cves,cvss_base_score,advisory_title,publication_url,cwe,product_names,summary,oval_url,cvrf_url,bug_ids} ...], -f {advisory_id,sir,first_published,last_updated,cves,cvss_base_score,advisory_title,publication_url,cwe,product_names,summary,oval_url,cvrf_url,bug_ids} [{advisory_id,sir,first_published,last_updated,cves,cvss_base_score,advisory_title,publication_url,cwe,product_names,summary,oval_url,cvrf_url,bug_ids} ...]
Seperate fields by spaces to return advisory
information
Product search should not be dependent on other arguments, such as "--all --advisory --cve --latest --severity --year is required"
According to the openVulnQuery documentation the product search can be:
openVulnQuery --cvrf --product <string>
However, you get the following error when using that method.
omar@omar:~$ openVulnQuery --cvrf --product asa
usage: openVulnQuery [-h] (--cvrf | --oval)
(--all | --advisory API_RESOURCE | --cve API_RESOURCE | --latest API_RESOURCE | --severity API_RESOURCE | --year API_RESOURCE)
[--csv OUTPUT_FORMAT | --json OUTPUT_FORMAT] [--count]
[--fields {advisory_id,sir,first_published,last_updated,cves,cvss_base_score,advisory_title,publication_url,cwe,product_names,summary,oval_url,cvrf_url,bug_ids} [{advisory_id,sir,first_published,last_updated,cves,cvss_base_score,advisory_title,publication_url,cwe,product_names,summary,oval_url,cvrf_url,bug_ids} ...]]
openVulnQuery: error: one of the arguments --all --advisory --cve --latest --severity --year is required
Response
ERROR Forbidden
Headers
undefined
Body
<h1>Not Authorized</h1>
HTTP/1.1
X-Mashery-Message-ID: badfb996-306a-4a3b-8d83-a14d2eca8196 X-Mashery-Error-Code: ERR_403_NOT_AUTHORIZED Content-Type: text/xml
<h1>Not Authorized</h1>
Since the addition of the new fields on the API the table (human readable) is not appropriate anymore. Please change the client to only display the json results from the API.
The user can still select the fields that want displayed by using the -f
or --fields
options.
[--fields {advisory_id,sir,first_published,last_updated,cves,cvss_base_score,advisory_title,publication_url,cwe,product_names,summary,oval_url,cvrf_url,bug_ids} [{advisory_id,sir,first_published,last_updated,cves,cvss_base_score,advisory_title,publication_url,cwe,product_names,summary,oval_url,cvrf_url,bug_ids} ...]]
when i do GET https://api.cisco.com/security/advisories/ios.json
, get a 500 error with tracebacks in response body :
root cause
java.lang.NullPointerException
com.cisco.csc.rest.util.ReleaseParser.removeLeadingZeros(ReleaseParser.java:10)
com.cisco.csc.rest.controller.OpenVulServiceEndpointImpl.getAdvisoriesIosByVersion(OpenVulServiceEndpointImpl.java:656)
sun.reflect.GeneratedMethodAccessor76.invoke(Unknown Source)
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
java.lang.reflect.Method.invoke(Method.java:606)
org.apache.cxf.service.invoker.AbstractInvoker.performInvocation(AbstractInvoker.java:181)
org.apache.cxf.service.invoker.AbstractInvoker.invoke(AbstractInvoker.java:97)
org.apache.cxf.jaxrs.JAXRSInvoker.invoke(JAXRSInvoker.java:211)
org.apache.cxf.jaxrs.JAXRSInvoker.invoke(JAXRSInvoker.java:99)
org.apache.cxf.interceptor.ServiceInvokerInterceptor$1.run(ServiceInvokerInterceptor.java:59)
org.apache.cxf.interceptor.ServiceInvokerInterceptor.handleMessage(ServiceInvokerInterceptor.java:96)
org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:307)
org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121)
org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:243)
org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:223)
org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:197)
org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:149)
org.apache.cxf.transport.servlet.CXFNonSpringServlet.invoke(CXFNonSpringServlet.java:171)
org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:286)
org.apache.cxf.transport.servlet.AbstractHTTPServlet.doGet(AbstractHTTPServlet.java:211)
javax.servlet.http.HttpServlet.service(HttpServlet.java:620)
org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractHTTPServlet.java:262)
org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
Hi, I came across that there is no method currently available to get advisories by nxos version, in the query_client.py module. Is this a feature that will be added in the future?
*My current alternative solutions are to (1) make the API calls using requests lib, separately. (without using the Openvulnquery library)
(2) Altering the source codes (have implemented and working, but not tested thoroughly; can make a pull request if its okay)
Update client code examples in Javascript to reflect the new simplified API methods.
when i do GET https://api.cisco.com/security/advisories/product?product=AIR-CT5508-500-K9
, i get 404 error
The Java example code needs to be updated or removed.
When creating a new account on Cisco's API Console, the OpenVuln API is not available in the list of My APIs. Are there additional requirements to access the PSIRT API?
Call for https://api.cisco.com/security/advisories/ios?version=12.3(8)T6 includes 2 nodes with "advisoryId": "cisco-sr-20090114-http" and "advisoryId": "cisco-sr-20081105-vtp" with NA value in almost all fields.
{
"advisoryId": "cisco-sr-20090114-http",
"advisoryTitle": "NA",
"bugIDs": [
"NA"
],
"ipsSignatures": [
"NA"
],
"cves": [
"NA"
],
"cvrfUrl": "NA",
"ovalUrl": "NA",
"cvssBaseScore": "NA",
"cwe": [
"NA"
],
"iosRelease": [
"12.3(8)T6"
],
"firstFixed": [
"12.4(18e)",
"12.4(23)"
],
"firstPublished": "NA",
"lastUpdated": "NA",
"productNames": [
"NA"
],
"publicationUrl": "NA",
"sir": "NA",
"summary": "NA"
},
{
"advisoryId": "cisco-sr-20081105-vtp",
"advisoryTitle": "NA",
"bugIDs": [
"NA"
],
"ipsSignatures": [
"NA"
],
"cves": [
"NA"
],
"cvrfUrl": "NA",
"ovalUrl": "NA",
"cvssBaseScore": "NA",
"cwe": [
"NA"
],
"iosRelease": [
"12.3(8)T6"
],
"firstFixed": [
"12.4(18e)",
"12.4(23)"
],
"firstPublished": "NA",
"lastUpdated": "NA",
"productNames": [
"NA"
],
"publicationUrl": "NA",
"sir": "NA",
"summary": "NA"
}
Please check. Thanks.
This is an enhancement request to make the client backward compatible with Python 2.x. Only the current version in PIP (version 1.26) is compatible with Python 2.x.
Looking for a way to use an https proxy address in query_client request, python3
Looking for a solution to get general SA like (https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sudo-privesc-jan2021-qnYQfcM) which isn't covered by the product API call.
If I'm using the product name e.g. Cisco Prime Collaboration Provisioning
advisories = query_client.get_by_product(adv_format='default', product_name='Cisco Prime Collaboration Provisioning')
I'm getting this result:
Debugging = True --> /home/devnet/Documents/coding/cisco_check-advisory/cisco_check-advisory/functions.py
title = Cisco Prime Collaboration Provisioning Software SQL Injection Vulnerability
title = Cisco Prime Collaboration Provisioning Information Disclosure Vulnerability
title = Cisco Prime Collaboration Provisioning Cross-Site Scripting Vulnerability
title = Vulnerability in Java Deserialization Affecting Cisco Products
title = Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: September 2016
title = Cisco Prime Collaboration Provisioning Intermittent Hard-Coded Password Vulnerability
title = Vulnerability in Linux Kernel Affecting Cisco Products: October 2016
title = Cisco Prime Collaboration Provisioning Unauthorized Password Change Denial of Service Vulnerability
title = Cisco Prime Collaboration Provisioning Access Control Bypass Vulnerability
title = Cisco Prime Collaboration Provisioning Access Control Deficiency in Batch Function Privilege Escalation Vulnerability
title = Cisco Prime Collaboration Provisioning Cleartext Passwords Written to World-Readable File Vulnerability
title = Cisco Prime Collaboration Provisioning Access Control Vulnerability
title = Cisco Prime Collaboration Provisioning Unauthorized Password Recovery Vulnerability
title = Cisco Prime Collaboration Provisioning Unauthenticated Remote Method Invocation Vulnerability
title = Cisco Prime Collaboration Provisioning SQL Injection Vulnerability
title = Cisco Prime Collaboration Provisioning Unauthorized Password Reset Vulnerability
title = Multiple Vulnerabilities in OpenSSL (June 2015) Affecting Cisco Products
title = Cisco Prime Collaboration Provisioning Hard-Coded Password Vulnerability
title = Cisco Prime Collaboration Provisioning Tool User Provisioning Tab Cross-Site Scripting Vulnerability
title = Cisco Prime Collaboration Provisioning Tool Web Portal Repeated Bad Login Attempts Denial of Service Vulnerability
title = Multiple Vulnerabilities in OpenSSL (January 2016) Affecting Cisco Products
title = Cisco Prime Collaboration Provisioning Authenticated SQL Injection Vulnerability
title = Cisco Prime Collaboration Provisioning Tool System File Overwrite Vulnerability
title = Cisco Prime Collaboration Provisioning Tool Inventory Management Feature Information Disclosure Vulnerability
title = Cisco Prime Collaboration Provisioning Tool Pervasive Cross-Site Request Forgery Vulnerability
title = Cisco Prime Collaboration Provisioning Tool UpgradeManager File Write Vulnerability
title = Cisco Prime Collaboration Provisioning Tool Web Portal Cross-Site Scripting Vulnerability
title = Cisco Prime Collaboration Provisioning Tool Log File Information Disclosure Vulnerability
title = Cisco Prime Collaboration Provisioning Tool Session Hijacking Vulnerability
title = Cisco Prime Collaboration Provisioning Tool Arbitrary File Download Vulnerability
title = Cisco Prime Collaboration Provisioning Tool Information Disclosure Vulnerability
title = Cisco Prime Collaboration Provisioning Information Disclosure Vulnerability
title = Cisco Prime Collaboration Provisioning Directory Traversal Arbitrary File Deletion Vulnerability
title = Cisco Prime Collaboration Provisioning Directory Traversal Arbitrary File Deletion Vulnerability
title = Cisco Prime Collaboration Provisioning Directory Traversal Information Disclosure Vulnerability
title = Cisco Prime Collaboration Provisioning Authentication Bypass Vulnerability
title = Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: November 2016
title = Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: May 2016
title = Cisco Prime Collaboration Provisioning Cross-Site Scripting Vulnerability
title = Multiple Vulnerabilities in OpenSSL (December 2015) Affecting Cisco Products
title = Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: June 2016
title = Cisco Prime Collaboration Provisioning Lightweight Directory Access Protocol Authentication Bypass Vulnerability
title = Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: March 2016
title = Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: April 2016
title = Multiple Vulnerabilities in OpenSSL (March 2015) Affecting Cisco Products
title = Multiple Vulnerabilities in ntpd (April 2015) Affecting Cisco Products
title = Multiple Vulnerabilities in OpenSSL (January 2015) Affecting Cisco Products
title = Cisco Prime Collaboration Provisioning SQL Injection Vulnerability
title = OpenSSL Alternative Chains Certificate Forgery Vulnerability (July 2015) Affecting Cisco Products
title = Cisco Prime Collaboration Provisioning Web Framework Access Controls Bypass Vulnerability
I miss the SA "Sudo Privilege Escalation Vulnerability Affecting Cisco Products: January 2021". The SA itself describe that the product "Cisco Prime Collaboration Provisioning" is affected.
If figured out if I use the following API
advisories = query_client.get_by_latest(adv_format='default', latest=25)
I'm getting this result:
title = Sudo Privilege Escalation Vulnerability Affecting Cisco Products: January 2021
first published = 2021-01-29T21:30:00
product_names = ['NA']
But I'm not able to use the product_name 'NA'. 'N A' with a space between the character N A gives me some results but not the right one.
Any advise how to cover general SAs with the API?
Would I be able to use the query_client to pull all vulnerabilities between two dates? It appears to be possible by running the query below manually. I'd like to script the output into a report -- possibly using query_client.get_by_all() by applying a filter.
>> openVulnQuery --cvrf --all --last_updated 2016-01-02:2016-07-02
Update client code examples in Java to reflect the new simplified API methods.
Is your feature request related to a problem? Please describe.
Since the apiconsole.cisco.com portal cannot generate a lifetime token, the examples should contain the "user id", "user secret" authentication method rather than a plain "token" as an authentication method.
Other language examples, do include the full authentication via id/secret.
Describe the solution you'd like
An update to the java client using client id/client secret to obtain a token.
This is an enhancement request to be able to change the order of exported columns (fields) in CSV file.
In my example below I do the same query twice and export the output to two CSV files (example_1.csv and example_2.csv). In the second example, I change the order of the "filter" (fields).
bash-3.2$ openVulnQuery --cvrf --latest 2 -f advisory_id sir cves --csv example_1.csv
bash-3.2$ cat example_1.csv
advisory_id,sir,cves
cisco-sa-20170419-cimc,High,CVE-2017-6619
cisco-sa-20170419-cimc3,Critical,CVE-2017-6616
bash-3.2$ openVulnQuery --cvrf --latest 2 -f advisory_id cves sir --csv example_2.csv
bash-3.2$ cat example_2.csv
advisory_id,sir,cves
cisco-sa-20170419-cimc,High,CVE-2017-6619
cisco-sa-20170419-cimc3,Critical,CVE-2017-6616
As you can see, the columns stayed the same.
I'm trying to pull all vulnerabilities for Cisco ISE. When I do the following I get a KeyError: 'firstFixed'.
advisories = query_client.get_by_product(adv_format="cvrf", product_name="Cisco Identity Services Engine")
From what I can tell the API is not returning "first_fixed" or "ios_release" for the specific query I am attempting to run. I've been able to add a temporary workaround to "advisory.py" by adding a try exception to adv_map[k] = adv_data[v].
Here's the specific error I get when I run the query:
Traceback (most recent call last):
File "V:\test\Python\Vulnerability Assessment\Cisco_Vulnerability_Assessment.py", line 290, in
advisories = query_client.get_by_product(adv_format="cvrf", product_name="Cisco Identity Services Engine")
File "C:\Users\test\AppData\Local\Programs\Python\Python36\lib\site-packages\openVulnQuery_library\query_client.py", line 145, in get_by_product
return self.advisory_list(advisories['advisories'], adv_format)
File "C:\Users\test\AppData\Local\Programs\Python\Python36\lib\site-packages\openVulnQuery_library\query_client.py", line 223, in advisory_list
for adv in advisories]
File "C:\Users\test\AppData\Local\Programs\Python\Python36\lib\site-packages\openVulnQuery_library\query_client.py", line 223, in
for adv in advisories]
File "C:\Users\test\AppData\Local\Programs\Python\Python36\lib\site-packages\openVulnQuery_library\advisory.py", line 130, in advisory_factory
adv_map[k] = adv_data[v]
KeyError: 'firstFixed'
Describe the bug
This is a test issue for integration with WebEx Teams...
PLEASE IGNORE
To Reproduce
Steps to reproduce the behavior:
Expected behavior
A clear and concise description of what you expected to happen.
Screenshots
If applicable, add screenshots to help explain your problem.
Desktop (please complete the following information):
Smartphone (please complete the following information):
Additional context
Add any other context about the problem here.
When querying for a given date range such as:
https://api.cisco.com/security/advisories/all/firstpublished?startDate=2018-10-11&endDate=2018-10-11
The client gives the following error:
requests.exceptions.HTTPError: 406 Client Error: Not Acceptable for url: https://api.cisco.com/security/advisories/all/firstpublished?startDate=2018-10-11&endDate=2018-10-11
It should be a 404 - not found, since there were no advisories published that day.
Is your feature request related to a problem? Please describe.
A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]
Describe the solution you'd like
A clear and concise description of what you want to happen.
Describe alternatives you've considered
A clear and concise description of any alternative solutions or features you've considered.
Additional context
Add any other context or screenshots about the feature request here.
i get not Authorized error when try to request "https://api.cisco.com/security/advisories/all"
i did the following :
Authorization Bearer <auth-token>
what could be the issue ?
As per new comments in Issue #20
#20
This issue is to track the following request:
Hi Omar,
Could we have the openVulnAPI info page on devnet updated with this example. I couldn't get it working until I stumbled upon your posting. There are probably others in the same boat.
https://api.cisco.com/security/advisories/ios.json?version=12.4(4)T
thanks
Since the openVuln API now has all the additional fields that we used to parse from CVRF, please remove the need of parsing CVRF and the dependency from lxml.
CVRF URL disappeared from openVulnQuery 1.29.
The problem is that during the cleanup of OVAL and CVRF constructs the cvrfURL was not being parsed from the API.
I am adding it to:
def __init__(self, advisory_id, sir, first_published, last_updated, cves,
bug_ids, cvss_base_score, advisory_title, publication_url,
cwe, cvrfUrl,
product_names, summary):
self.advisory_id = advisory_id
self.sir = sir
self.first_published = first_published
self.last_updated = last_updated
self.cves = cves
self.bug_ids = bug_ids
self.cvss_base_score = cvss_base_score
self.advisory_title = advisory_title
self.publication_url = publication_url
self.cwe = cwe
self.cvrfUrl = cvrfUrl
self.product_names = product_names
self.summary = summary
Under advisory.py
The results of IOS and IOS-XE queries are missing the "firstFixed" field in the results.
For example: https://api.cisco.com/security/advisories/ios?version=12.4(4)T
Should show many results of several security advisories. Each will include a "firstFixed", such as:
"firstFixed": "15.2(4)M11",
For instance:
`{
"advisories": [
{
"advisoryId": "cisco-sa-20160928-dns",
"sir": "High",
"firstPublished": "2016-09-28T16:00:00-0500",
"lastUpdated": "2016-09-28T16:00:00-0500",
"iosRelease": "15.2(4)M11",
"firstFixed": "15.2(4)M11",
"cves": [
"CVE-2016-6380"
],
"bugIDs": [
"CSCup90532"
],
"cvssBaseScore": "8.3",
"advisoryTitle": "Cisco IOS and IOS XE Software DNS Forwarder Denial of Service Vulnerability",
"publicationUrl": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-dns",
"cwe": [
"CWE-20"
],
"productNames": [
"Cisco IOS Software Release 12.2(4)T1",
"Cisco IOS Software Release 12.1(9)E2",
"Cisco IOS Software Release 12.2(11)BC2",
"Cisco IOS Software Release 12.2 SCB",
"Cisco IOS Software Releases 12.0 T",
"Cisco IOS Software Release 12.0(3)T",
"Cisco IOS Software Release 12.0(4)T",
"Cisco IOS Software Release 12.0(5)T",
"Cisco IOS Software Release 12.0(5)XK",
"Cisco IOS Software Release 12.0(7)T",
"Cisco IOS Software Release 12.0(7)XK",
"Cisco IOS Software Releases 12.1 Mainline",
"Cisco IOS Software Release 12.1(1)EX",
"Cisco IOS Software Release 12.1 E",
"Cisco IOS Software Releases 12.1 EC",
"Cisco IOS Software Releases 12.1 T",
"Cisco IOS Software Release 12.1(2)T",
"Cisco IOS Software Release 12.1(3)T",
"Cisco IOS Software Release 12.1(3)XI",
"Cisco IOS Software Release 12.1(5)T",
"Cisco IOS Software Releases 12.2 Mainline",
"Cisco IOS Software Release 12.0(3)XE",
"Cisco IOS Software Release 12.0(4)XE",
"Cisco IOS Software Release 12.0(5)XE",
"Cisco IOS Software Release 12.0(5)XE3",
"Cisco IOS Software Release 12.0(5)XE2",
"Cisco IOS Software Release 12.0(5)XE5",
"Cisco IOS Software Release 12.0(7)XE1",
"Cisco IOS Software Release 12.1(2)E",
"Cisco IOS Software Release 12.1(3a)E",
"Cisco IOS Software Release 12.1(4)E",
"Cisco IOS Software Release 12.1(4)E1",
"Cisco IOS Software Release 12.1(4)E2",
"Cisco IOS Software Release 12.1(5a)E",
"Cisco IOS Software Release 12.1(6)E",
"Cisco IOS Software Releases 12.1 EX",
"Cisco IOS Software Release 12.1(5)XM",
"Cisco IOS Software Releases 12.2 T",
"Cisco IOS Software Releases 12.2 DX",
"Cisco IOS Software Release 12.2(1)DX",
"Cisco IOS Software Releases 12.2 DA",
"Cisco IOS Software Release 12.2(2)T",
"Cisco IOS Software Release 12.2(4)T",
"Cisco IOS Software Release 12.1(5)YB",
"Cisco IOS Software Release 12.2(1)MB1",
"Cisco IOS Software Release 12.2(2)XR",
"Cisco IOS Software Releases 12.2 S",
"Cisco IOS Software Release 12.2(4)MB2",
"Cisco IOS Software Release 12.2(8)T",
"Cisco IOS Software Release 12.2(2)XB2",
"Cisco IOS Software Release 12.2(2)XB3",
"Cisco IOS Software Release 12.0(3)T2",
"Cisco IOS Software Release 12.0(3)T3",
"Cisco IOS Software Release 12.0(4)T1",
"Cisco IOS Software Release 12.0(5)T1",
"Cisco IOS Software Release 12.0(5)T2",
"Cisco IOS Software Release 12.1(1)",
"Cisco IOS Software Release 12.1(1)T",
"Cisco IOS Software Release 12.1(10)",
"Cisco IOS Software Release 12.1(11)",
"Cisco IOS Software Release 12.1(11a)",
"Cisco IOS Software Release 12.1(12)",
"Cisco IOS Software Release 12.1(1a)",
"Cisco IOS Software Release 12.1(1a)T1",
"Cisco IOS Software Release 12.1(1b)",
"Cisco IOS Software Release 12.1(2)",
"Cisco IOS Software Release 12.1(2a)",
"Cisco IOS Software Release 12.1(2a)T1",
"Cisco IOS Software Release 12.1(2a)T2",
"Cisco IOS Software Release 12.1(3)",
"Cisco IOS Software Release 12.1(3a)T1",
"Cisco IOS Software Release 12.1(3a)T2",
"Cisco IOS Software Release 12.1(3a)T3",
"Cisco IOS Software Release 12.1(3a)T4",
"Cisco IOS Software Release 12.1(3a)T5",
"Cisco IOS Software Release 12.1(3a)T6",
"Cisco IOS Software Release 12.1(3a)T7",
"Cisco IOS Software Release 12.1(3a)T8",
"Cisco IOS Software Release 12.1(5)",
"Cisco IOS Software Release 12.1(5)T1",
"Cisco IOS Software Release 12.1(5)T10",
"Cisco IOS Software Release 12.1(5)T2",
"Cisco IOS Software Release 12.1(5)T3",
"Cisco IOS Software Release 12.1(5)T4",
"Cisco IOS Software Release 12.1(5)T5",
"Cisco IOS Software Release 12.1(5)T6",
"Cisco IOS Software Release 12.1(5)T7",
"Cisco IOS Software Release 12.1(5)T8",
"Cisco IOS Software Release 12.1(5)T9",
"Cisco IOS Software Release 12.1(5a)",
"Cisco IOS Software Release 12.1(5b)",
"Cisco IOS Software Release 12.1(5c)",
"Cisco IOS Software Release 12.1(5d)",
"Cisco IOS Software Release 12.1(6)",
"Cisco IOS Software Release 12.1(7)",
"Cisco IOS Software Release 12.1(7a)",
"Cisco IOS Software Release 12.1(8)",
"Cisco IOS Software Release 12.1(8a)",
"Cisco IOS Software Release 12.1(8b)",
"Cisco IOS Software Release 12.1(9)",
"Cisco IOS Software Release 12.2(1)",
"Cisco IOS Software Release 12.2(1a)",
"Cisco IOS Software Release 12.2(1b)",
"Cisco IOS Software Release 12.2(1c)",
"Cisco IOS Software Release 12.2(2)T1",
"Cisco IOS Software Release 12.2(2)T2",
"Cisco IOS Software Release 12.2(2)T3",
"Cisco IOS Software Release 12.2(3)",
"Cisco IOS Software Release 12.2(3a)",
"Cisco IOS Software Release 12.2(3b)",
"Cisco IOS Software Release 12.2(4)T2",
"Cisco IOS Software Release 12.2(5)",
"Cisco IOS Software Release 12.2(5a)",
"Cisco IOS Software Release 12.2(5b)",
"Cisco IOS Software Release 12.2(5c)",
"Cisco IOS Software Release 12.2(6)",
"Cisco IOS Software Release 12.2(6a)",
"Cisco IOS Software Releases 12.1 E",
"Cisco IOS Software Release 12.1(1)E",
"Cisco IOS Software Release 12.1(1)E1",
"Cisco IOS Software Release 12.1(1)E2",
"Cisco IOS Software Release 12.1(1)E3",
"Cisco IOS Software Release 12.1(10)E",
"Cisco IOS Software Release 12.1(10)E1",
"Cisco IOS Software Release 12.1(2)E1",
"Cisco IOS Software Release 12.1(3a)E1",
"Cisco IOS Software Release 12.1(3a)E3",
"Cisco IOS Software Release 12.1(3a)E4",
"Cisco IOS Software Release 12.1(3a)E5",
"Cisco IOS Software Release 12.1(5a)E1",
"Cisco IOS Software Release 12.1(5a)E2",
"Cisco IOS Software Release 12.1(5a)E3",
"Cisco IOS Software Release 12.1(5a)E4",
"Cisco IOS Software Release 12.1(5b)E7",
"Cisco IOS Software Release 12.1(5c)E10",
"Cisco IOS Software Release 12.1(5c)E8",
"Cisco IOS Software Release 12.1(5c)E9",
"Cisco IOS Software Release 12.1(6)E1",
"Cisco IOS Software Release 12.1(6)E2",
"Cisco IOS Software Release 12.1(6)E3",
"Cisco IOS Software Release 12.1(6)E4",
"Cisco IOS Software Release 12.1(6)E5",
"Cisco IOS Software Release 12.1(6)E6",
"Cisco IOS Software Release 12.1(7)E",
"Cisco IOS Software Release 12.1(7a)E1",
"Cisco IOS Software Release 12.1(7a)E2",
"Cisco IOS Software Release 12.1(7a)E3",
"Cisco IOS Software Release 12.1(7a)E4",
"Cisco IOS Software Release 12.1(8a)E",
"Cisco IOS Software Release 12.1(8a)E1",
"Cisco IOS Software Release 12.1(8a)E2",
"Cisco IOS Software Release 12.1(8a)E3",
"Cisco IOS Software Release 12.1(8a)E4",
"Cisco IOS Software Release 12.1(8a)E5",
"Cisco IOS Software Release 12.1(8b)E6",
"Cisco IOS Software Release 12.1(8b)E7",
"Cisco IOS Software Release 12.1(9)E",
"Cisco IOS Software Releases 12.2 B",
"Cisco IOS Software Release 12.2(4)T3",
"Cisco IOS Software Release 12.2(8)T1",
"Cisco IOS Software Release 12.2(3c)",
"Cisco IOS Software Release 12.2(3d)",
"Cisco IOS Software Release 12.2(3e)",
"Cisco IOS Software Release 12.2(6b)",
"Cisco IOS Software Release 12.2(6c)",
"Cisco IOS Software Release 12.2(6d)",
"Cisco IOS Software Release 12.2(7)",
"Cisco IOS Software Release 12.2(7a)",
"Cisco IOS Software Release 12.2(7b)",
"Cisco IOS Software Release 12.1(5)T11",
"Cisco IOS Software Release 12.1(5)T12",
"Cisco IOS Software Release 12.1(1)E5",
"Cisco IOS Software Release 12.1(1)E6",
"Cisco IOS Software Release 12.1(10)E2",
"Cisco IOS Software Release 12.1(10)E3",
"Cisco IOS Software Release 12.1(10)E4",
"Cisco IOS Software Release 12.1(10)E5",
"Cisco IOS Software Release 12.1(10)E6",
"Cisco IOS Software Release 12.1(10)E7",
"Cisco IOS Software Release 12.1(11b)E",
"Cisco IOS Software Release 12.1(11b)E1",
"Cisco IOS Software Release 12.1(2)E2",
"Cisco IOS Software Release 12.1(3a)E7",
"Cisco IOS Software Release 12.1(3a)E8",
"Cisco IOS Software Release 12.1(4)E3",
"Cisco IOS Software Release 12.1(5c)E12",
"Cisco IOS Software Release 12.1(6)E8",
"Cisco IOS Software Release 12.1(7a)E5",
"Cisco IOS Software Release 12.1(7a)E6",
"Cisco IOS Software Release 12.1(8b)E8",
"Cisco IOS Software Release 12.1(8b)E9",
"Cisco IOS Software Release 12.1(9)E1",
"Cisco IOS Software Release 12.1(9)E3",
"Cisco IOS Software Release 12.1(10a)",
"Cisco IOS Software Release 12.1(11b)",
"Cisco IOS Software Release 12.1(12a)",
"Cisco IOS Software Release 12.1(12b)",
"Cisco IOS Software Release 12.1(12c)",
"Cisco IOS Software Release 12.1(13)",
"Cisco IOS Software Release 12.1(14)",
"Cisco IOS Software Release 12.1(1c)",
"Cisco IOS Software Release 12.1(2b)",
"Cisco IOS Software Release 12.1(3b)",
"Cisco IOS Software Release 12.1(4a)",
"Cisco IOS Software Release 12.1(5e)",
"Cisco IOS Software Release 12.1(6a)",
"Cisco IOS Software Release 12.1(7b)",
"Cisco IOS Software Release 12.1(8c)",
"Cisco IOS Software Release 12.1(9a)",
"Cisco IOS Software Release 12.0(7)T2",
"Cisco IOS Software Release 12.2(4)B",
"Cisco IOS Software Release 12.2(8)B",
"Cisco IOS Software Release 12.2(2)XA",
"Cisco IOS Software Release 12.2(2)T4",
"Cisco IOS Software Release 12.1(11b)E2",
"Cisco IOS Software Release 12.1(11b)E3",
"Cisco IOS Software Release 12.1(8b)E10",
"Cisco IOS Software Release 12.2(1d)",
"Cisco IOS Software Release 12.2(5d)",
"Cisco IOS Software Release 12.2(6e)",
"Cisco IOS Software Release 12.2(8)T2",
"Cisco IOS Software Release 12.2(8)T3",
"Cisco IOS Software Release 12.2(8)T4",
"Cisco IOS Software Release 12.1(12d)",
"Cisco IOS Software Release 12.1(15)",
"Cisco IOS Software Release 12.2(3f)",
"Cisco IOS Software Release 12.2(7c)",
"Cisco IOS Software Release 12.2(7d)",
"Cisco IOS Software Release 12.1(12c)E",
"Cisco IOS Software Release 12.1(6)E9",
"Cisco IOS Software Release 12.2(10)",
"Cisco IOS Software Release 12.2(10a)",
"Cisco IOS Software Release 12.1",
"Cisco IOS Software Release 12.2",
"Cisco IOS Software Release 12.1(13)EW",
"Cisco IOS Software Release 12.2(4)BZ",
"Cisco IOS Software Release 12.2(11)T",
"Cisco IOS Software Release 12.2(4)MB7",
"Cisco IOS Software Release 12.2(4)MB6",
"Cisco IOS Software Release 12.2(8)T5",
"Cisco IOS Software Release 12.1(10)E8",
"Cisco IOS Software Release 12.1(11b)E4",
"Cisco IOS Software Release 12.1(11b)E5",
"Cisco IOS Software Release 12.1(8b)E11",
"Cisco IOS Software Release 12.2(11)S",
"Cisco IOS Software Release 12.2(6f)",
"Cisco IOS Software Releases 12.2 DD",
"Cisco IOS Software Release 12.2(2)DD",
"Cisco IOS Software Releases 12.2 MB",
"Cisco IOS Software Release 12.2(4)MB1",
"Cisco IOS Software Release 12.2(4)MB3",
"Cisco IOS Software Release 12.2(4)MB4",
"Cisco IOS Software Release 12.2(4)MB5",
"Cisco IOS Software Release 12.2(4)MX2",
"Cisco IOS Software Releases 12.2 MC",
"Cisco IOS Software Release 12.2(8)MC1",
"Cisco IOS Software Release 12.2(2)XG",
"Cisco IOS Software Release 12.2(2)XK",
"Cisco IOS Software Release 12.2(4)XL",
"Cisco IOS Software Release 12.2(2)XN",
"Cisco IOS Software Release 12.2(4)XR",
"Cisco IOS Software Release 12.2(2)XT",
"Cisco IOS Software Release 12.2(4)YA",
"Cisco IOS Software Release 12.2(8)YD",
"Cisco IOS Software Release 12.2(9)YE",
"Cisco IOS Software Release 12.2(8)YJ",
"Cisco IOS Software Release 12.2(9)YO",
"Cisco IOS Software Release 12.1(2)EC",
"Cisco IOS Software Release 12.1(5c)EX3",
"Cisco IOS Software Release 12.1(5c)EX",
"Cisco IOS Software Release 12.1(8a)EX",
"Cisco IOS Software Release 12.1(9)EX",
"Cisco IOS Software Release 12.1(10)EX",
"Cisco IOS Software Release 12.1(11b)EX1",
"Cisco IOS Software Release 12.1(13)E",
"Cisco IOS Software Release 12.1(6)EC",
"Cisco IOS Software Release 12.1(8)EC",
"Cisco IOS Software Release 12.1(10)EC",
"Cisco IOS Software Release 12.1(13)EC",
"Cisco IOS Software Release 12.1(8a)EW1",
"Cisco IOS Software Release 12.1(11b)EW1",
"Cisco IOS Software Release 12.2(4)BC1",
"Cisco IOS Software Release 12.2(8)BC1",
"Cisco IOS Software Releases 12.2 BC",
"Cisco IOS Software Release 12.2(11)BC1",
"Cisco IOS Software Release 12.2(2)BX",
"Cisco IOS Software Release 12.2(4)BX",
"Cisco IOS Software Releases 12.2 BY",
"Cisco IOS Software Release 12.2(2)BY1",
"Cisco IOS Software Release 12.2(10)DA",
"Cisco IOS Software Release 12.2(1)XD",
"Cisco IOS Software Release 12.2(1)XF",
"Cisco IOS Software Release 12.2(2)XF",
"Cisco IOS Software Release 12.2(4)XF",
"Cisco IOS Software Release 12.2(2)XH",
"Cisco IOS Software Release 12.2(2)XI",
"Cisco IOS Software Release 12.2(2)XJ",
"Cisco IOS Software Release 12.2(4)XM",
"Cisco IOS Software Release 12.2(2)XQ",
"Cisco IOS Software Release 12.2(4)XW",
"Cisco IOS Software Release 12.2(4)YB",
"Cisco IOS Software Release 12.2(2)YC",
"Cisco IOS Software Release 12.2(4)YF",
"Cisco IOS Software Release 12.2(4)YG",
"Cisco IOS Software Release 12.2(4)YH",
"Cisco IOS Software Release 12.2(8)YL",
"Cisco IOS Software Release 12.2(8)YM",
"Cisco IOS Software Release 12.2(8)YN",
"Cisco IOS Software Release 12.2(11)YQ",
"Cisco IOS Software Releases 12.2 CX",
"Cisco IOS Software Release 12.2(8)BY",
"Cisco IOS Software Release 12.2(1)XS",
"Cisco IOS Software Release 12.2(1)XE",
"Cisco IOS Software Release 12.2(11)YR",
"Cisco IOS Software Release 12.2(11)YT",
"Cisco IOS Software Release 12.2(4)BW",
"Cisco IOS Software Release 12.1(10)EV",
"Cisco IOS Software Release 12.2(4)MB8",
"Cisco IOS Software Release 12.2(4)MB9",
"Cisco IOS Software Release 12.2 T",
"Cisco IOS Software Release 12.2(13)T",
"Cisco Catalyst Switch Manager",
"Cisco IOS Software Release 12.2(11)YX",
"Cisco IOS Software Release 12.2(11)CY",
"Cisco IOS Software Release 12.1(13)EB",
"Cisco IOS Software Release 12.2(14)S",
"Cisco IOS Software Release 12.2(11)YU",
"Cisco IOS Software Release 12.2(9)ZA",
"Cisco IOS Software Release 12.2(8)ZB",
"Cisco IOS Software Releases 12.2 Special and Early Deployments",
"Cisco IOS Software Releases 12.1 Special and Early Deployments",
"Cisco IOS Software Releases 12.0 Special and Early Deployments",
"Cisco IOS Software Release 12.2(11)YZ",
"Cisco IOS Software Release 12.2(8)YY",
"Cisco IOS Software Release 12.2(11)YV",
"Cisco IOS Software Release 12.1(12c)EV",
"Cisco IOS Software Release 12.2(14)ZA",
"Cisco IOS Software Release 12.2(11)ZC",
"Cisco IOS Software Release 12.2(15)T",
"Cisco IOS Software Release 12.2(11)JA",
"Cisco IOS Software Release 12.2(13)ZD",
"Cisco IOS Software Release 12.2(13)ZE",
"Cisco IOS Software Release 12.2(8)JA",
"Cisco IOS Software Release 12.2(14)SX",
"Cisco IOS Software Release 12.2(15)ZJ",
"Cisco IOS Software Release 12.2(14)SZ",
"Cisco IOS Software Release 12.2(14)SY",
"Cisco IOS Software Release 12.2(15)BX",
"Cisco IOS Software Release 12.2(13)ZG",
"Cisco IOS Software Release 12.2(13)ZH",
"Cisco IOS Software Release 12.2(13)ZF",
"Cisco IOS Software Release 12.2(16)B",
"Cisco IOS Software Release 12.2(4)MB10",
"Cisco IOS Software Release 12.1(14)EB",
"Cisco IOS Software Releases 12.3 Mainline",
"Cisco IOS Software Releases 12.3 T",
"Cisco IOS Software Release 12.2(15)ZN",
"Cisco IOS Software Release 12.2(15)ZL",
"Cisco IOS Software Release 12.3(1)",
"Cisco IOS Software Release 12.3",
"Cisco IOS Software Release 12.1(19)E",
"Cisco IOS Software Release 12.1(19)EW",
"Cisco IOS Software Release 12.1(20)",
"Cisco IOS Software Release 12.2(4)MB12",
"Cisco IOS Software Release 12.2(15)B",
"Cisco IOS Software Release 12.2(13)ZC",
"Cisco IOS Software Release 12.2(8)YW",
"Cisco IOS Software Release 12.2(16)BX",
"Cisco IOS Software Release 12.1(11)EA1",
"Cisco IOS Software Release 12.3(2)T",
"Cisco IOS Software Release 12.3(4)T",
"Cisco IOS Software Release 12.1(9)EA1",
"Cisco IOS Software Release 12.2(11)CX",
"Cisco IOS Software Releases 12.3 Special and Early Deployments",
"Cisco IOS Software Release 12.1(19)EC",
"Cisco IOS Software Release 12.1(14)EA1",
"Cisco IOS Software Release 12.2(4)MB13",
"Cisco IOS Software Release 12.2(18)SW",
"Cisco IOS Software Release 12.3(2)XB",
"Cisco IOS Software Release 12.2(13)JA",
"Cisco IOS Software Release 12.3(1a)B",
"Cisco IOS Software Release 12.2(15)MC1",
"Cisco IOS Software Release 12.2(18)S",
"Cisco IOS Software Release 12.2(15)BC1",
"Cisco IOS Software Release 12.3(2)XA",
"Cisco IOS Software Release 12.1(14)AZ",
"Cisco IOS Software Release 12.1(19)EB",
"Cisco IOS Software Release 12.2(17a)SX",
"Cisco IOS Software Release 12.3(1a)BW",
"Cisco IOS Software Release 12.2(13)ZP",
"Cisco IOS Software Release 12.2(15)CX",
"Cisco IOS Software Release 12.3(2)XC",
"Cisco IOS Software Release 12.2(20)S",
"Cisco IOS Software Release 12.2(18)SV",
"Cisco IOS Software Release 12.1(20)EW",
"Cisco IOS Software Release 12.3(3)B",
"Cisco IOS Software Release 12.1(19)EA1",
"Cisco IOS Software Release 12.2(19)SW",
"Cisco IOS Software Release 12.3(2)XE",
"Cisco IOS Software Release 12.3(4)XD",
"Cisco IOS Software Release 12.1(20)EA1",
"Cisco IOS Software Release 12.2(20)SW",
"Cisco IOS Software Release 12.3(2)XF",
"Cisco IOS Software Release 12.2(21)SW",
"Cisco IOS Software Release 12.1(20)E",
"Cisco IOS Software Release 12.2(18)SE",
"Cisco IOS Software Release 12.2(22)S",
"Cisco IOS Software Release 12.3(7)T",
"Cisco IOS Software Release 12.3(4)XG",
"Cisco IOS Software Release 12.3(6)",
"Cisco IOS Software Release 12.3(4)XK",
"Cisco IOS Software Release 12.2(17d)SXB",
"Cisco IOS Software Release 12.3(4)XQ",
"Cisco IOS Software Release 12.3(8)T",
"Cisco IOS Software Release 12.2(23)SW",
"Cisco IOS Software Release 12.2(15)JK",
"Cisco IOS Software Release 12.3(7)XR",
"Cisco IOS Software Release 12.1(20)EA2",
"Cisco IOS Software Release 12.2(15)CZ",
"Cisco IOS Software Release 12.2(20)SE",
"Cisco IOS Software Release 12.3(9)",
"Cisco IOS Software Release 12.2(15)MC2",
"Cisco IOS Software Release 12.3(7)XS",
"Cisco IOS Software Release 12.1(22)EA1",
"Cisco IOS Software Release 12.3(8)XU",
"Cisco IOS Software Release 12.2(25)S",
"Cisco IOS Software Release 12.2(14)SU",
"Cisco IOS Software Release 12.3(8)XX",
"Cisco IOS Software Release 12.2(18)SXD",
"Cisco IOS Software Release 12.3(8)XY",
"Cisco IOS Software Release 12.3(7)XI",
"Cisco IOS Software Release 12.3(10)",
"Cisco IOS Software Release 12.3(8)YA",
"Cisco IOS Software Release 12.3(11)T",
"Cisco IOS Software Release 12.2(25)SE",
"Cisco IOS Software Release 12.1(22)EA2",
"Cisco IOS Software Releases 12.2 SX",
"Cisco IOS Software Release 12.3(8)YD",
"Cisco IOS Software Release 12.2(25)SW",
"Cisco IOS Software Release 12.3(11)XL",
"Cisco IOS Software Release 12.3(8)YG",
"Cisco IOS Software Release 12.3(8)YH",
"Cisco IOS Software Release 12.2(25)SEA",
"Cisco IOS Software Release 12.1(22)EA3",
"Cisco IOS Software Release 12.3(11)YK",
"Cisco IOS Software Release 12.3(8)YI",
"Cisco IOS Software Release 12.2(20)EX",
"Cisco IOS Software Release 12.2(25)EY",
"Cisco IOS Software Release 12.1(22)EA4",
"Cisco IOS Software Release 12.2(25)SEB",
"Cisco IOS Software Release 12.3(11)YJ",
"Cisco IOS Software Release 12.3(14)T",
"Cisco IOS Software Release 12.2(25)EZ",
"Cisco IOS Software Release 12.3(5a)B",
"Cisco IOS Software Release 12.2(18)SXE",
"Cisco IOS Software Release 12.3(14)YQ",
"Cisco IOS Software Releases 12.4 Mainline",
"Cisco IOS Software Release 12.2(25)SEC",
"Cisco IOS Software Release 12.1(22)EA5",
"Cisco IOS Software Release 12.3(11)YS",
"Cisco IOS Software Release 12.4(1)",
"Cisco IOS Software Releases 12.4 T",
"Cisco IOS Software Release 12.4(2)T",
"Cisco IOS Software Release 12.3(14)YT",
"Cisco IOS Software Release 12.3(14)YU",
"Cisco IOS Software Release 12.2(25)FY",
"Cisco IOS Software Release 12.4(3)",
"Cisco IOS Software Release 12.2(30)S",
"Cisco IOS Software Release 12.2(18)SXF",
"Cisco IOS Software Releases 12.2 SB",
"Cisco IOS Software Release 12.2(27)SBC",
"Cisco IOS Software Release 12.2(25)FX",
"Cisco IOS Software Release 12.2(25)EX",
"Cisco IOS Software Release 12.4(4)T",
"Cisco IOS Software Releases 12.4 Special and Early Deployments",
"Cisco IOS Software Release 12.2(25)SED",
"Cisco IOS Software Release 12.1(22)EA6",
"Cisco IOS Software Release 12.3(11)YF",
"Cisco IOS Software Release 12.3(11)YR",
"Cisco IOS Software Release 12.2(25)SEE",
"Cisco IOS Software Release 12.1(22)EA7",
"Cisco IOS Software Release 12.4(6)T",
"Cisco IOS Software Release 12.2(25)SEG",
"Cisco IOS Software Release 12.1(22)EA8",
"Cisco IOS Software Releases 12.2 SR",
"Cisco IOS Software Release 12.2(25)FZ",
"Cisco IOS Software Release 12.1(22)EA9",
"Cisco IOS Software Release 12.4(9)T",
"Cisco IOS Software Release 12.4(2)XB",
"Cisco IOS Software Release 12.4(11)T",
"Cisco IOS Software Release 12.2(35)SE",
"Cisco IOS Software Release 12.4(9)XG",
"Cisco IOS Software Release 12.2(37)SE",
"Cisco IOS Software Release 12.1(22)EA10",
"Cisco IOS Software Release 12.2(35)EX",
"Cisco IOS Software Release 12.4(15)T",
"Cisco IOS Software Release 12.4(2)XB6",
"Cisco IOS Software Release 12.2(33)SXH",
"Cisco IOS Software Release 12.2(40)SE",
"Cisco IOS Software Release 12.2(40)EX",
"Cisco IOS Software Release 12.2(46)SE",
"Cisco IOS Software Release 12.3 BC",
"Cisco IOS Software Release 12.2(33)SXH1",
"Cisco IOS Software Release 12.4(15)XM",
"Cisco IOS Software Release 12.2(33)SRC",
"Cisco IOS Software Release 12.2(40)EX1",
"Cisco IOS Software Release 12.4(15)XN",
"Cisco IOS Software Release 12.4(15)XY",
"Cisco IOS Software Release 12.3(8)JEC1",
"Cisco IOS Software Release 12.4(10b)JA1",
"Cisco IOS Software Release 12.2(44)SE",
"Cisco IOS Software Release 12.3(25)",
"Cisco IOS Software Release 12.2(33)SB",
"Cisco IOS Software Release 12.2(40)EX2",
"Cisco IOS Software Releases 12.2 SC",
"Cisco IOS Software Release 12.2(33)SXH2",
"Cisco IOS Software Release 12.4(20)T",
"Cisco IOS Software Release 12.4(15)XQ",
"Cisco IOS Software Releases 12.2 SY",
"Cisco IOS Software Release 12.2 SCA",
"Cisco IOS Software Release 12.4(15)XZ",
"Cisco IOS Software Release 12.2(33)SCA",
"Cisco IOS Software Release 12.4(3)JK",
"Cisco IOS Software Release 12.2(33)SRE",
"Cisco IOS XE Release 2",
"Cisco IOS Software Release 12.2(44)EX",
"Cisco IOS Software Release 12.2(50)SY",
"Cisco IOS Software Release 12.2 ZYA",
"Cisco IOS Software Release 12.2(29)SVD",
"Cisco IOS Software Release 12.2 SVD",
"Cisco IOS Software Release 12.2(18)ZYA",
"Cisco IOS Software Release 12.2(33)SCB",
"Cisco IOS Software Release 12.2(33)SRD",
"Cisco IOS Software Release 12.2(33)SXI",
"Cisco IOS Software Release 12.2(25)SEG5",
"Cisco IOS Software Release 12.4(3)JK2",
"Cisco IOS Software Releases 12.2 SG",
"Cisco IOS Software Release 12.4(10b)JA3",
"Cisco IOS Software Release 12.2(50)SE",
"Cisco IOS Software Release 12.2(44)EY",
"Cisco IOS Software Release 12.2(18)SXF15",
"Cisco IOS Software Release 12.2(33)SCC",
"Cisco IOS Software Release 12.4(22)MD",
"Cisco IOS Software Release 12.2(50)SG",
"Cisco IOS Software Release 12.4(20)YA",
"Cisco IOS Software Release 12.4(23)",
"Cisco IOS Software Release 12.4(15)XR",
"Cisco IOS Software Release 12.4(22)T",
"Cisco IOS Software Release 12.2(33)SXH4",
"Cisco IOS Software Release 12.2(33)SXH3",
"Cisco IOS Software Releases 12.2 SE",
"Cisco IOS Software Release 12.4(22)YB",
"Cisco IOS Software Release 12.2(33)SXI1",
"Cisco IOS Software Release 12.4(24)T",
"Cisco IOS Software Release 12.4(22)YD",
"Cisco IOS Software Release 12.4(22)YE",
"Cisco IOS 15.0M",
"Cisco IOS 15.0 Special and Early Deployments",
"Cisco IOS 15.1M&T",
"Cisco IOS 15.1 Special and Early Deployments",
"Cisco IOS Software Release 15.0(1)M",
"Cisco IOS Software Release 15.1(1)T",
"Cisco IOS Software Release 15.0(1)XA",
"Cisco IOS Software Release 12.2(52)SE",
"Cisco IOS Software Release 12.2(53)SE",
"Cisco IOS Software Release 15.1(1)XB",
"Cisco IOS 15.0S",
"Cisco IOS Software Release 12.4(24)YE",
"Cisco IOS Software Release 15.0(1)S",
"Cisco IOS Software Release 15.1(2)T",
"Cisco IOS Software Release 12.2(54)SE",
"Cisco IOS Software Release 12.2(55)SE",
"Cisco IOS XE 3S",
"Cisco IOS 15.1S",
"Cisco IOS Software Release 15.1(3)T",
"Cisco IOS Software Release 15.1(4)M",
"Cisco IOS Software Release 15.1(1)S",
"Cisco IOS XE 3.1S",
"Cisco IOS XE 3.2S",
"Cisco IOS Software Release 15.1(2)S",
"Cisco IOS XE 3.3S",
"Cisco IOS XE 3.4S",
"Cisco IOS Software Release 12.2(58)SE",
"Cisco IOS 15.2M&T",
"Cisco IOS Software Release 15.2(1)T",
"Cisco IOS Software Release 15.1(3)S",
"Cisco IOS 15.0SE",
"Cisco IOS Software Release 15.0(1)SE",
"Cisco IOS XE 3.5S",
"Cisco IOS 15.3S",
"Cisco IOS Software Release 15.3(1)S",
"Cisco IOS Software Release 15.3(2)S",
"Cisco IOS Software Release 15.3(3)S",
"Cisco IOS 15.4S",
"Cisco IOS Software Release 15.3(2)T",
"Cisco IOS 15.2E",
"Cisco IOS XE 3E",
"Cisco IOS Software Release 15.2(1)E",
"Cisco IOS XE 3.5E",
"Cisco IOS Software Release 15.4(1)S",
"Cisco IOS 15.4M&T",
"Cisco IOS XE 3.11S",
"Cisco IOS Software Release 15.4(1)T",
"Cisco IOS Software Release 15.4(2)S",
"Cisco IOS XE 3.12S",
"Cisco IOS Software Release 15.4(2)T",
"Cisco Industrial Ethernet 4000 Series Switches",
"Cisco IOS 15.5M&T",
"Cisco IOS Software Release 15.5(1)T",
"Cisco IOS Software Release 15.4(3)S",
"Cisco IOS XE 3.13S",
"Cisco IOS Software Release 15.4(3)M",
"Cisco IOS Software Release 15.2(3)E",
"Cisco IOS Software Release 15.5(1)S",
"Cisco IOS 15.2SY",
"Cisco IOS XE 3.14S",
"Cisco IOS Software Release 15.5(2)T",
"Cisco IOS XE 3.7E",
"Cisco IOS XE 3.15S",
"Cisco IOS 15.5S",
"Cisco IOS Software Release 15.2(1)SY",
"Cisco IOS Software Release 15.5(2)S",
"Cisco Industrial Ethernet 5000 Series Switches"
],
"summary": "A vulnerability in the DNS forwarder functionality of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to cause the device to reload, corrupt the information present in the device's local DNS cache, or read part of the process memory.
\n
\nThe vulnerability is due to a flaw in handling crafted DNS response messages. An attacker could exploit this vulnerability by intercepting and crafting a DNS response message to a client DNS query that was forwarded from the affected device to a DNS server. A successful exploit could cause the device to reload, resulting in a denial of service (DoS) condition or corruption of the local DNS cache information.
\n
\nCisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
\n
\nThis advisory is available at the following link:
\n<a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-dns">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-dns
\n
\nThis advisory is part of the September 28, 2016, release of the Cisco IOS and IOS XE Software Security Advisory Bundled Publication, which includes 10 Cisco Security Advisories that describe 11 vulnerabilities. All the vulnerabilities have a Security Impact Rating of “High.” For a complete list of the advisories and links to them, see <a href="http://tools.cisco.com/security/center/viewErp.x?alertId=ERP-56513">Cisco Event Response: September 2016 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication.",
"cvrfUrl": "https://tools.cisco.com/security/center/contentxml/CiscoSecurityAdvisory/cisco-sa-20160928-dns/oval/cisco-sa-20160928-dns_oval.xml",
"ovalUrl": "NA"
},
{
"advisoryId": "cisco-sa-20160928-h323",
"sir": "High",
"firstPublished": "2016-09-28T16:00:00-0500",
"lastUpdated": "2016-09-28T16:00:00-0500",
"iosRelease": "12.4(24)T3e,12.4(24)T4a",
"firstFixed": "15.2(4)M11",
"cves": [
"CVE-2016-6384"
],
"bugIDs": [
"CSCux04257"
],
"cvssBaseScore": "7.8",
"advisoryTitle": "Cisco IOS and IOS XE Software H.323 Message Validation Denial of Service Vulnerability",
"publicationUrl": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-h323",
"cwe": [
"CWE-399"
],
"productNames": [
"Cisco IOS Software Releases 12.2 T",
"Cisco IOS Software Releases 12.2 B",
"Cisco IOS Software Release 12.2(11)T",
"Cisco IOS Software Releases 12.2 MC",
"Cisco IOS Software Release 12.2(8)YJ",
"Cisco IOS Software Release 12.2(4)YH",
"Cisco IOS Software Release 12.2(8)YL",
"Cisco IOS Software Release 12.2(8)YM",
"Cisco IOS Software Release 12.2(8)YN",
"Cisco IOS Software Release 12.2(11)YT",
"Cisco IOS Software Release 12.2 T",
"Cisco IOS Software Release 12.2(13)T",
"Cisco Catalyst Switch Manager",
"Cisco IOS Software Release 12.2(11)YU",
"Cisco IOS Software Releases 12.2 Special and Early Deployments",
"Cisco IOS Software Release 12.2(11)YV",
"Cisco IOS Software Release 12.2(11)ZC",
"Cisco IOS Software Release 12.2(15)T",
"Cisco IOS Software Release 12.2(13)ZD",
"Cisco IOS Software Release 12.2(13)ZE",
"Cisco IOS Software Release 12.2(15)ZJ",
"Cisco IOS Software Release 12.2(13)ZH",
"Cisco IOS Software Release 12.2(13)ZF",
"Cisco IOS Software Release 12.2(16)B",
"Cisco IOS Software Releases 12.3 Mainline",
"Cisco IOS Software Releases 12.3 T",
"Cisco IOS Software Release 12.2(15)ZN",
"Cisco IOS Software Release 12.2(15)ZL",
"Cisco IOS Software Release 12.3(1)",
"Cisco IOS Software Release 12.3",
"Cisco IOS Software Release 12.2(15)B",
"Cisco IOS Software Release 12.2(13)ZC",
"Cisco IOS Software Release 12.2(16)BX",
"Cisco IOS Software Release 12.3(2)T",
"Cisco IOS Software Release 12.3(4)T",
"Cisco IOS Software Releases 12.3 Special and Early Deployments",
"Cisco IOS Software Release 12.3(2)XB",
"Cisco IOS Software Release 12.3(1a)B",
"Cisco IOS Software Release 12.3(2)XA",
"Cisco IOS Software Release 12.2(13)ZP",
"Cisco IOS Software Release 12.3(2)XC",
"Cisco IOS Software Release 12.3(3)B",
"Cisco IOS Software Release 12.3(2)XE",
"Cisco IOS Software Release 12.3(4)XD",
"Cisco IOS Software Release 12.3(2)XF",
"Cisco IOS Software Release 12.3(7)T",
"Cisco IOS Software Release 12.3(4)XG",
"Cisco IOS Software Release 12.3(6)",
"Cisco IOS Software Release 12.3(4)XK",
"Cisco IOS Software Release 12.3(4)XQ",
"Cisco IOS Software Release 12.3(8)T",
"Cisco IOS Software Release 12.3(7)XR",
"Cisco IOS Software Release 12.2(15)CZ",
"Cisco IOS Software Release 12.3(9)",
"Cisco IOS Software Release 12.2(15)MC2",
"Cisco IOS Software Release 12.3(7)XS",
"Cisco IOS Software Release 12.3(8)XX",
"Cisco IOS Software Release 12.3(8)XY",
"Cisco IOS Software Release 12.3(7)XI",
"Cisco IOS Software Release 12.3(10)",
"Cisco IOS Software Release 12.3(8)YA",
"Cisco IOS Software Release 12.3(11)T",
"Cisco IOS Software Release 12.3(8)YD",
"Cisco IOS Software Release 12.3(11)XL",
"Cisco IOS Software Release 12.3(8)YG",
"Cisco IOS Software Release 12.3(8)YH",
"Cisco IOS Software Release 12.3(11)YK",
"Cisco IOS Software Release 12.3(8)YI",
"Cisco IOS Software Release 12.3(14)T",
"Cisco IOS Software Release 12.3(5a)B",
"Cisco IOS Software Release 12.3(14)YQ",
"Cisco IOS Software Releases 12.4 Mainline",
"Cisco IOS Software Release 12.3(11)YS",
"Cisco IOS Software Release 12.4(1)",
"Cisco IOS Software Releases 12.4 T",
"Cisco IOS Software Release 12.4(2)T",
"Cisco IOS Software Release 12.3(14)YT",
"Cisco IOS Software Release 12.3(14)YU",
"Cisco IOS Software Release 12.4(3)",
"Cisco IOS Software Release 12.4(4)T",
"Cisco IOS Software Releases 12.4 Special and Early Deployments",
"Cisco IOS Software Release 12.3(11)YF",
"Cisco IOS Software Release 12.3(11)YR",
"Cisco IOS Software Release 12.4(6)T",
"Cisco IOS Software Release 12.4(9)T",
"Cisco IOS Software Release 12.4(2)XB",
"Cisco IOS Software Release 12.4(11)T",
"Cisco IOS Software Release 12.4(15)T",
"Cisco IOS Software Release 12.4(2)XB6",
"Cisco IOS Software Release 12.4(15)XY",
"Cisco IOS Software Release 12.3(25)",
"Cisco IOS Software Release 12.4(20)T",
"Cisco IOS Software Release 12.4(15)XZ",
"Cisco IOS XE Release 2",
"Cisco IOS Software Release 12.4(20)YA",
"Cisco IOS Software Release 12.4(23)",
"Cisco IOS Software Release 12.4(22)T",
"Cisco IOS Software Release 12.4(22)YB",
"Cisco IOS Software Release 12.4(24)T",
"Cisco IOS 15.0M",
"Cisco IOS 15.0 Special and Early Deployments",
"Cisco IOS 15.1M&T",
"Cisco IOS 15.1 Special and Early Deployments",
"Cisco IOS Software Release 15.0(1)M",
"Cisco IOS Software Release 15.1(1)T",
"Cisco IOS Software Release 15.0(1)XA",
"Cisco IOS Software Release 15.1(1)XB",
"Cisco IOS 15.0S",
"Cisco IOS Software Release 15.0(1)S",
"Cisco IOS Software Release 15.1(2)T",
"Cisco IOS XE 3S",
"Cisco IOS 15.1S",
"Cisco IOS Software Release 15.1(3)T",
"Cisco IOS Software Release 15.1(4)M",
"Cisco IOS Software Release 15.1(1)S",
"Cisco IOS XE 3.1S",
"Cisco IOS XE 3.2S",
"Cisco IOS Software Release 15.1(2)S",
"Cisco IOS XE 3.3S",
"Cisco IOS XE 3.4S",
"Cisco IOS 15.2M&T",
"Cisco IOS Software Release 15.2(1)T",
"Cisco IOS Software Release 15.1(3)S",
"Cisco IOS XE 3.5S",
"Cisco IOS 15.3S",
"Cisco IOS Software Release 15.3(1)S",
"Cisco IOS Software Release 15.3(2)S",
"Cisco IOS Software Release 15.3(3)S",
"Cisco IOS 15.4S",
"Cisco IOS Software Release 15.3(2)T",
"Cisco IOS Software Release 15.4(1)S",
"Cisco IOS 15.4M&T",
"Cisco IOS XE 3.11S",
"Cisco IOS Software Release 15.4(1)T",
"Cisco IOS Software Release 15.4(2)S",
"Cisco IOS XE 3.12S",
"Cisco IOS Software Release 15.4(2)T",
"Cisco Industrial Ethernet 4000 Series Switches",
"Cisco IOS 15.5M&T",
"Cisco IOS Software Release 15.5(1)T",
"Cisco IOS Software Release 15.4(3)S",
"Cisco IOS XE 3.13S",
"Cisco IOS Software Release 15.4(3)M",
"Cisco IOS Software Release 15.5(1)S",
"Cisco IOS XE 3.14S",
"Cisco IOS Software Release 15.5(2)T",
"Cisco IOS XE 3.15S",
"Cisco IOS 15.5S",
"Cisco IOS Software Release 15.5(2)S",
"Cisco Industrial Ethernet 5000 Series Switches"
],
"summary": "A vulnerability in the H.323 subsystem of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to create a denial of service (DoS) condition on an affected device.
\n
\nThe vulnerability is due to a failure to properly validate certain fields in an H.323 protocol suite message. When processing the malicious message, the affected device may attempt to access an invalid memory region, resulting in a crash. An attacker who can submit an H.323 packet designed to trigger the vulnerability could cause the affected device to crash and restart.
\n
\nCisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
\n
\nThis advisory is available at the following link:
\n<a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-h323">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-h323
\n
\nThis advisory is part of the September 28, 2016, release of the Cisco IOS and IOS XE Software Security Advisory Bundled Publication, which includes 10 Cisco Security Advisories that describe 11 vulnerabilities. All the vulnerabilities have a Security Impact Rating of “High.” For a complete list of the advisories and links to them, see <a href="http://tools.cisco.com/security/center/viewErp.x?alertId=ERP-56513">Cisco Event Response: September 2016 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication.
",
"cvrfUrl": "https://tools.cisco.com/security/center/contentxml/CiscoSecurityAdvisory/cisco-sa-20160928-h323/oval/cisco-sa-20160928-h323_oval.xml",
"ovalUrl": "NA"
},
Hi,
I have the following code as per the example but and am getting the following response:
Code:
from openVulnQuery import query_client
query_client = query_client.OpenVulnQueryClient(client_id="***", client_secret="")
advisories = query_client.get_by_year(year=2010, adv_format='default')
for a in advisories:
print(a)
Response:
<openVulnQuery._library.advisory.AdvisoryDefault object at 0x03BA2530>
Any assistance is appreciated, the client_id and secret have been validated by running openvulquery directly from the console.
Thanks
Getting the following error in csv function due to special character encoding.
root@psirt-saint:~# openVulnQuery --cvrf --all --csv all.csv
Traceback (most recent call last):
File "/usr/local/bin/openVulnQuery", line 11, in <module>
sys.exit(main())
File "/usr/local/lib/python2.7/dist-packages/openVulnQuery/main.py", line 156, in main
utils.output(returned_output, output_format, f)
File "/usr/local/lib/python2.7/dist-packages/openVulnQuery/utils.py", line 53, in output
_to_csv(advisories, file_handle, delimiter=",")
File "/usr/local/lib/python2.7/dist-packages/openVulnQuery/utils.py", line 85, in _to_csv
w.writerow(_convert_list_to_string(advisory))
File "/usr/lib/python2.7/csv.py", line 152, in writerow
return self.writer.writerow(self._dict_to_list(rowdict))
UnicodeEncodeError: 'ascii' codec can't encode character u'\xa0' in position 172: ordinal not in range(128)
Update client code examples in Go to reflect the simplified API methods.
It seems like the product method is broken. I tried using it with curl as well as openVulnQuery. All the other API methods are working fine.
host.example.com:~# curl -v -X GET -s -k -H "Accept: application/json" -H "Authorization: Bearer changeme" https://api.cisco.com/security/advisories/product?product=Cisco
* Hostname was NOT found in DNS cache
* Trying www.xxx.yyy.zzz...
* Connected to www.xxx.yyy.zzz (www.xxx.yyy.zzz) port 80 (#0)
* Establish HTTP proxy tunnel to api.cisco.com:443
> CONNECT api.cisco.com:443 HTTP/1.1
> Host: api.cisco.com:443
> User-Agent: curl/7.38.0
> Proxy-Connection: Keep-Alive
>
< HTTP/1.1 200 Connection established
<
* Proxy replied OK to CONNECT request
* successfully set certificate verify locations:
* CAfile: none
CApath: /etc/ssl/certs
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS handshake, Server finished (14):
* SSLv3, TLS handshake, Client key exchange (16):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / AES128-SHA256
* Server certificate:
* subject: C=US; ST=CA; L=San Jose; O=Cisco Systems, Inc.; CN=api.cisco.com
* start date: 2017-11-29 23:58:54 GMT
* expire date: 2019-11-30 00:08:00 GMT
* issuer: C=US; O=HydrantID (Avalanche Cloud Corporation); CN=HydrantID SSL ICA G2
* SSL certificate verify ok.
> GET /security/advisories/product?product=Cisco HTTP/1.1
> User-Agent: curl/7.38.0
> Host: api.cisco.com
> Accept: application/json
> Authorization: Bearer 6WOZxR44qfwJe7oTcpCnLLjV9qNO
>
< HTTP/1.1 404 Not Found
< Date: Tue, 23 Oct 2018 07:35:13 GMT
* Server Mashery Proxy is not blacklisted
< Server: Mashery Proxy
< X-Mashery-Message-ID: 0cc7639e-c01b-4d82-95b6-09e4db406209
< Cache-Control: private
< Pragma: private
< Allow: GET,OPTIONS,HEAD
< Content-Length: 0
< LAEHOST: lae-alln-mi-103.cisco.com
< Access-Control-Allow-Credentials: true
< Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS
< Access-Control-Allow-Headers: Content-type, fromPartyID, inputFormat, outputFormat, Authorization, Content-Length, Accept, Origin
< Content-Type: text/plain; charset=UTF-8
< X-RP-SSL-Name: lae-rcdn-rpi-04
< Connection: close
<
* Closing connection 0
* SSLv3, TLS alert, Client hello (1):
Currently openVulnQuery has the following:
--ios
Search by IOS version
Examples:
>> openVulnQuery --cvrf --ios 15.6(2)SP (*use \ to escape bracket in ios version)
>> openVulnQuery --oval --ios 15.6(\2)SP
The RESTful URI is not dependent on CVRF or OVAL, it is:
https://api.cisco.com/security/advisories/ios.json?version=12.4(4)T
Perhaps we can consolidate this to just:
openVulnQuery --ios 15.6(\2\)SP
or
openVulnQuery --oval --ios_xe 13.16.1S
Hello.
I was able to install this successfully on a MacBook and work as expected. However, I was not successful installing it on a Linux virtual machine.
Can you please provide guidance or procedure doing this? I could not run a PIP command.
[root@= hamakga]# pip
Traceback (most recent call last):
File "/usr/bin/pip", line 5, in
from pkg_resources import load_entry_point
File "/usr/lib/python2.7/dist-packages/pkg_resources/init.py", line 3020, in
working_set = WorkingSet._build_master()
File "/usr/lib/python2.7/dist-packages/pkg_resources/init.py", line 616, in _build_master
return cls._build_from_requirements(requires)
File "/usr/lib/python2.7/dist-packages/pkg_resources/init.py", line 629, in _build_from_requirements
dists = ws.resolve(reqs, Environment())
File "/usr/lib/python2.7/dist-packages/pkg_resources/init.py", line 807, in resolve
raise DistributionNotFound(req)
pkg_resources.DistributionNotFound: pip==6.1.1
I have python 2.7.12 and python 3.6.2 on the machine.
Please help.
The latest version is dated Oct 16, 2018. It doesn't include the latest commits, especially NX-OS support. Are there any plans to update it?
This is a request for Python 3 support for this tool. There are a few incompatibilities, but they seem fairly minor.
Minor issue, but results headers are incorrect in the table.
omar@ares:~$ openVulnQuery --cvrf --latest 1 -f advisory_id sir cves advisory_title
+-------------------------+----------+----------------+-------------------------------------------------------------------+
| advisory_id | sir | advisory_title | cves |
+-------------------------+----------+----------------+-------------------------------------------------------------------+
| cisco-sa-20170124-webex | Critical | CVE-2017-3823 | Cisco WebEx Browser Extension Remote Code Execution Vulnerability |
+-------------------------+----------+----------------+-------------------------------------------------------------------+
Within the openVulnAPI/openVulnQuery folder the README.md file has an incorrect example under "Run OpenVulnQuery as a Libary".
The assignment of:
query_client = query_client.QueryClient(client_id = "", client_secret = "")
Should actually be:
query_client = query_client.OpenVulnQueryClient(client_id = '', client_secret = '')
...due to a change of the object name.
The line:
advisories = query_client.get_by_year(year = 2010, adv_format = "cvrf" parsed_cvrf = True)
Should actually be:
advisories = query_client.get_by_year(year=2010, adv_format = 'cvrf', cvrf_parsed = True)
Currently the help shows the following:
omar@omar:~$ openVulnQuery -h
usage: openVulnQuery [-h] (--cvrf | --oval)
(--all | --advisory API_RESOURCE | --cve API_RESOURCE | --latest API_RESOURCE | --severity API_RESOURCE | --year API_RESOURCE)
[--csv OUTPUT_FORMAT | --json OUTPUT_FORMAT] [--count]
[--fields {advisory_id,sir,first_published,last_updated,cves,cvss_base_score,advisory_title,publication_url,cwe,product_names,summary,oval_url,cvrf_url,bug_ids} [{advisory_id,sir,first_published,last_updated,cves,cvss_base_score,advisory_title,publication_url,cwe,product_names,summary,oval_url,cvrf_url,bug_ids} ...]]
Cisco OpenVuln API Command Line Interface
optional arguments:
-h, --help show this help message and exit
--cvrf Selects from cvrf advisories
--oval Selects from oval advisories
--all Retrieve all cvrf/oval advisiories
--advisory API_RESOURCE
Retrieve advisories by advisory id
--cve API_RESOURCE Retrieve advisories by cve id
--latest API_RESOURCE
Retrieve latest (number) of advisories
--severity API_RESOURCE
Retrieve advisories by severity (low, medium, high,
critical)
--year API_RESOURCE Retrieve advisories by year
--csv OUTPUT_FORMAT Output to CSV with filepath
--json OUTPUT_FORMAT Output to JSON with filepath
--count, -c Count of any field or fields
--fields {advisory_id,sir,first_published,last_updated,cves,cvss_base_score,advisory_title,publication_url,cwe,product_names,summary,oval_url,cvrf_url,bug_ids} [{advisory_id,sir,first_published,last_updated,cves,cvss_base_score,advisory_title,publication_url,cwe,product_names,summary,oval_url,cvrf_url,bug_ids} ...], -f {advisory_id,sir,first_published,last_updated,cves,cvss_base_score,advisory_title,publication_url,cwe,product_names,summary,oval_url,cvrf_url,bug_ids} [{advisory_id,sir,first_published,last_updated,cves,cvss_base_score,advisory_title,publication_url,cwe,product_names,summary,oval_url,cvrf_url,bug_ids} ...]
Seperate fields by spaces to return advisory
information
Please remove the redundant fields like:
In the two main sections:
[--fields {advisory_id,sir,first_published,last_updated,cves,cvss_base_score,advisory_title,publication_url,cwe,product_names,summary,oval_url,cvrf_url,bug_ids} [{advisory_id,sir,first_published,last_updated,cves,cvss_base_score,advisory_title,publication_url,cwe,product_names,summary,oval_url,cvrf_url,bug_ids} ...]]
and in the bottom:
--fields {advisory_id,sir,first_published,last_updated,cves,cvss_base_score,advisory_title,publication_url,cwe,product_names,summary,oval_url,cvrf_url,bug_ids} [{advisory_id,sir,first_published,last_updated,cves,cvss_base_score,advisory_title,publication_url,cwe,product_names,summary,oval_url,cvrf_url,bug_ids} ...], -f {advisory_id,sir,first_published,last_updated,cves,cvss_base_score,advisory_title,publication_url,cwe,product_names,summary,oval_url,cvrf_url,bug_ids} [{advisory_id,sir,first_published,last_updated,cves,cvss_base_score,advisory_title,publication_url,cwe,product_names,summary,oval_url,cvrf_url,bug_ids} ...]
Describe the bug
There appears to be a significant number of advisories without version information. These advisories sometimes have linked bug pages with some affected versions on them, but this data is not available via the API.
Additionally when one of these affected versions is queried for vulnerabilities via the API the advisories in question do not appear in the API response. This is a false negative (Cisco indicates a version is not affected by a vulnerability via the API, but in fact the version is affected).
This issue extends past the API to the CVRF available for download on the advisory webpages.
To Reproduce
Steps to reproduce the behavior:
Cisco-SA-20120810-CVE-2012-1340
Cisco-SA-20131106-CVE-2013-5566
cisco-sa-20080610-snmpv3
cisco-sa-20090908-tcp24
cisco-sa-20091109-tls
cisco-sa-20110907-nexus
cisco-sa-20120215-nxos
cisco-sa-20141015-poodle
cisco-sa-20150128-ghost
cisco-sa-20150320-openssl
cisco-sa-20160129-openssl
cisco-sa-20160203-apic
cisco-sa-20160218-glibc
cisco-sa-20160302-openssl
cisco-sa-20160428-ntpd
cisco-sa-20160504-openssl
cisco-sa-20160603-ntpd
cisco-sa-20160927-openssl
cisco-sa-20161102-n9kapic
cisco-sa-20171018-ppe
cisco-sa-20171129-fxnx
cisco-sa-20171129-nss
cisco-sa-20171129-nxos
cisco-sa-20171129-nxos1
cisco-sa-20171129-nxos10
cisco-sa-20171129-nxos2
cisco-sa-20171129-nxos3
cisco-sa-20171129-nxos4
cisco-sa-20171129-nxos5
cisco-sa-20171129-nxos6
cisco-sa-20171129-nxos7
cisco-sa-20171129-nxos8
cisco-sa-20171129-nxos9
cisco-sa-20171129-switch
cisco-sa-20180117-nxos
cisco-sa-20180117-nxos1
cisco-sa-20180620-nxos-rbaccess
cisco-sa-20190306-info-poap
product_names
attribute only includes "Cisco NX-OS Software "
without version information.$ openVulnQuery --config cisco-api.json --advisory cisco-sa-20180117-nxos1
[
{
"advisory_id": "cisco-sa-20180117-nxos1",
"advisory_title": "Cisco NX-OS System Software Unauthorized User Account Deletion Vulnerability",
"bug_ids": [
"CSCvg21120"
],
"cves": [
"CVE-2018-0092"
],
"cvrfUrl": "https://tools.cisco.com/security/center/contentxml/CiscoSecurityAdvisory/cisco-sa-20180117-nxos1/cvrf/cisco-sa-20180117-nxos1_cvrf.xml",
"cvss_base_score": "6.1",
"cwe": [
"CWE-264"
],
"first_published": "2018-01-17T16:00:00-0800",
"ips_signatures": [
"NA"
],
"last_updated": "2018-01-17T16:00:00-0800",
"product_names": [
"Cisco NX-OS Software "
],
"publication_url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-nxos1",
"sir": "Medium",
"summary": "A vulnerability in the <em>network-operator</em> user role implementation for Cisco NX-OS System Software could allow an authenticated, local attacker to improperly delete valid user accounts. The <em>network-operator</em> role should not be able to delete other configured users on the device.<br />\n<br />\nThe vulnerability is due to a lack of proper role-based access control (RBAC) checks for the actions that a user with the <em>network-operator</em> role is allowed to perform. An attacker could exploit this vulnerability by authenticating to the device with user credentials that give that user the <em>network-operator</em> role. Successful exploitation could allow the attacker to impact the integrity of the device by deleting configured user credentials. The attacker would need valid user credentials for the device.<br />\n<br />\nThere are no workarounds that address this vulnerability.<br />\n<br />\nThis advisory is available at the following link:<br />\n<a href=\"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-nxos1\">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-nxos1</a>"
}
7.0(3)I6(1)
from CSCvg21120 via cisco-sa-20180117-nxos1. A browser must be used to access this data.$ openVulnQuery --config cisco-api.json --nxos="7.0(3)I6(1)" | grep 'advisory_id'
"advisory_id": "cisco-sa-20200205-fxnxos-iosxr-cdp-dos",
"advisory_id": "cisco-sa-20190828-nxos-fsip-dos",
"advisory_id": "cisco-sa-20190828-fxnxos-snmp-dos",
"advisory_id": "cisco-sa-20190828-nxos-memleak-dos",
"advisory_id": "cisco-sa-20190828-nxos-ntp-dos",
"advisory_id": "cisco-sa-20190925-vman",
"advisory_id": "cisco-sa-20190925-nxos-vman-cmd-inj",
"advisory_id": "cisco-sa-20190828-nxos-api-dos",
<ProductTree xmlns="http://docs.oasis-open.org/csaf/ns/csaf-cvrf/v1.2/prod">
<Branch Name="Cisco" Type="Vendor">
<Branch Name="Cisco NX-OS Software" Type="Product Name">
<FullProductName ProductID="CVRFPID-80720">Cisco NX-OS Software </FullProductName>
</Branch>
</Branch>
</ProductTree>
Expected behavior
Screenshots
Please see API responses above.
Client Info
$ pip show openVulnQuery
Name: OpenVulnQuery
Version: 1.30
Summary: A python-based module(s) to query the Cisco PSIRT openVuln API.
Home-page: https://github.com/CiscoPSIRT/openVulnAPI/tree/master/openVulnQuery
Author: Omar Santos
Author-email: [email protected]
License: The MIT License (MIT)
Location: /Library/Frameworks/Python.framework/Versions/3.8/lib/python3.8/site-packages/OpenVulnQuery-1.30-py3.8.egg
Requires: argparse, requests
Required-by:
Additional context
I made a post on the Cisco Community about this issue and was directed to create an issue here. Please see this discussion for additional context
This is a "task" to review and and update the current documentation in the README.md based on any client enhancements that could be done as part of Issue 47 (#47)
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.