Open jaaacck opened 5 years ago
The openVuln API is dependent on the software checker (IOS/XE). Cisco is currently investigating the support of NXOS and ASA in the future.
Was there any progress made on this?
Hi @jaaacck , unfortunately Cisco doesn't have a software checker for ASA/FTD. This continues to be evaluated, but there's no definitive ETA. We will update this issue and the main documentation when we have more details.
UPDATE: Cisco does not have a Software Checker for ASA/FTD yet. However, now the Common Vulnerability Reporting Framework (CVRF) files for ASA/FTD advisories include the detailed version information.
<ProductTree xmlns="http://docs.oasis-open.org/csaf/ns/csaf-cvrf/v1.2/prod">
<Branch Name="Cisco" Type="Vendor">
<Branch Name="Cisco Adaptive Security Appliance (ASA) Software" Type="Product Name">
<Branch Name="9.8" Type="Product Version">
<Branch Name="9.8.1" Type="Service Pack">
<FullProductName ProductID="CVRFPID-232585">Cisco Adaptive Security Appliance (ASA) Software 9.8.1</FullProductName>
</Branch>
<Branch Name="9.8.1.5" Type="Service Pack">
<FullProductName ProductID="CVRFPID-232586">Cisco Adaptive Security Appliance (ASA) Software 9.8.1.5</FullProductName>
</Branch>
<Branch Name="9.8.1.7" Type="Service Pack">
<FullProductName ProductID="CVRFPID-232587">Cisco Adaptive Security Appliance (ASA) Software 9.8.1.7</FullProductName>
</Branch>
<Branch Name="9.8.2" Type="Service Pack">
<FullProductName ProductID="CVRFPID-232588">Cisco Adaptive Security Appliance (ASA) Software 9.8.2</FullProductName>
</Branch>
<Branch Name="9.8.2.8" Type="Service Pack">
<FullProductName ProductID="CVRFPID-232589">Cisco Adaptive Security Appliance (ASA) Software 9.8.2.8</FullProductName>
</Branch>
<Branch Name="9.8.2.14" Type="Service Pack">
<FullProductName ProductID="CVRFPID-232897">Cisco Adaptive Security Appliance (ASA) Software 9.8.2.14</FullProductName>
</Branch>
<Branch Name="9.8.2.15" Type="Service Pack">
<FullProductName ProductID="CVRFPID-232898">Cisco Adaptive Security Appliance (ASA) Software 9.8.2.15</FullProductName>
</Branch>
<Branch Name="9.8.2.17" Type="Service Pack">
<FullProductName ProductID="CVRFPID-232899">Cisco Adaptive Security Appliance (ASA) Software 9.8.2.17</FullProductName>
</Branch>
<Branch Name="9.8.2.20" Type="Service Pack">
<FullProductName ProductID="CVRFPID-232902">Cisco Adaptive Security Appliance (ASA) Software 9.8.2.20</FullProductName>
</Branch>
<Branch Name="9.8.2.24" Type="Service Pack">
<FullProductName ProductID="CVRFPID-239005">Cisco Adaptive Security Appliance (ASA) Software 9.8.2.24</FullProductName>
</Branch>
<Branch Name="9.8.2.26" Type="Service Pack">
<FullProductName ProductID="CVRFPID-239006">Cisco Adaptive Security Appliance (ASA) Software 9.8.2.26</FullProductName>
</Branch>
<Branch Name="9.8.2.28" Type="Service Pack">
<FullProductName ProductID="CVRFPID-248821">Cisco Adaptive Security Appliance (ASA) Software 9.8.2.28</FullProductName>
</Branch>
<Branch Name="9.8.2.33" Type="Service Pack">
<FullProductName ProductID="CVRFPID-248822">Cisco Adaptive Security Appliance (ASA) Software 9.8.2.33</FullProductName>
</Branch>
<Branch Name="9.8.2.35" Type="Service Pack">
<FullProductName ProductID="CVRFPID-248823">Cisco Adaptive Security Appliance (ASA) Software 9.8.2.35</FullProductName>
</Branch>
<Branch Name="9.8.2.38" Type="Service Pack">
<FullProductName ProductID="CVRFPID-248824">Cisco Adaptive Security Appliance (ASA) Software 9.8.2.38</FullProductName>
</Branch>
<Branch Name="9.8.3.8" Type="Service Pack">
<FullProductName ProductID="CVRFPID-248825">Cisco Adaptive Security Appliance (ASA) Software 9.8.3.8</FullProductName>
</Branch>
<Branch Name="9.8.3.11" Type="Service Pack">
<FullProductName ProductID="CVRFPID-248826">Cisco Adaptive Security Appliance (ASA) Software 9.8.3.11</FullProductName>
</Branch>
...
Could we be able to search with the ASA version number instead of ASA as a product like below?
openVulnQuery --config credentials.json --product asa
Currently searching for IOS releases:
openVulnQuery --config credentials.json --ios "12.2(25)SEE2" -f sir cves first_fixed publication_url advisory_id advisory_title bug_ids last_updated first_published cvss_base_score ios_release --csv test.csv
Proposed ASA search:
openVulnQuery --config credentials.json --asa "9.8(2)24" -f sir cves first_fixed publication_url advisory_id advisory_title bug_ids last_updated first_published cvss_base_score asa_release --csv test.csv
This will help me cover my entire estate and know all the latest vulnerabilities against the versions we run.