santosomar
commented
5 years ago NX-OS is not yet supported. Cisco is working on supporting NX-OS by the end of this calendar year.
Closed EvgeniNetformx closed 4 years ago
santosomar
commented
5 years ago NX-OS is not yet supported. Cisco is working on supporting NX-OS by the end of this calendar year.
abunn-r7
commented
4 years ago Does anyone know when this will be available?
santosomar
commented
4 years ago Cisco is working on the NXOS API and should be available in the next couple of months. Although, there is no exact time.
santosomar
commented
4 years ago I am pleased to announce that Cisco has released the NXOS Software checker functionality and subsequently, we have added it to the API.
You can query any NX-OS version as such:
https://api.cisco.com/security/advisories/nxos?version=8.3(1)The following is an example using curl (after using your client credentials to get a token (the token is AAABBBCCC in this example):
curl -X GET -s -k -H "Accept: application/json" -H "Authorization: Bearer AAABBBCCC" https://api.cisco.com/security/advisories/nxos?version=8.3(1)Example output:
{
"advisoryId": "cisco-sa-20190828-nxos-ipv6-dos",
"advisoryTitle": "Cisco NX-OS Software IPv6 Denial of Service Vulnerability",
"bugIDs": [
"CSCvn46719"
],
"cves": [
"CVE-2019-1964"
],
"cvrfUrl": "https://tools.cisco.com/security/center/contentxml/CiscoSecurityAdvisory/cisco-sa-20190828-nxos-ipv6-dos/cvrf/cisco-sa-20190828-nxos-ipv6-dos_cvrf.xml",
"cvssBaseScore": "8.6",
"cwe": [
"CWE-20"
],
"firstPublished": "2019-08-28T16:00:00-0700",
"iosRelease": [
"8.3(1)"
],
"ipsSignatures": [
"NA"
],
"lastUpdated": "2019-08-28T16:00:00-0700",
"ovalUrl": "NA",
"platforms": [
{
"firstFixes": [
{
"id": "265563",
"name": "8.4(1)"
}
],
"id": "265088",
"name": "Cisco Nexus 7000 Series Switches",
"vulnerabilityState": "vulnerable"
}
],
"productNames": [
"Cisco NX-OS Software 7.3(2)D1(1d)",
"Cisco NX-OS Software 8.1(1)",
"Cisco NX-OS Software 8.1(2)",
"Cisco NX-OS Software 8.1(2a)",
"Cisco NX-OS Software 8.2(1)",
"Cisco NX-OS Software 8.2(2)",
"Cisco NX-OS Software 8.3(1)",
"Cisco NX-OS Software 8.3(2)"
],
"publicationUrl": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190828-nxos-ipv6-dos",
"sir": "High",
"summary": "<p>A vulnerability in the IPv6 traffic processing of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause an unexpected restart of the netstack process on an affected device.</p>\n<p>The vulnerability is due to improper validation of IPv6 traffic sent through an affected device. An attacker could exploit this vulnerability by sending a malformed IPv6 packet through an affected device. A successful exploit could allow the attacker to cause a denial of service (DoS) condition while the netstack process restarts. A sustained attack could lead to a reboot of the device.</p>\n<p>Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.</p>\n<p>This advisory is available at the following link:<br />\n<a href=\"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190828-nxos-ipv6-dos\">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190828-nxos-ipv6-dos</a></p>\nThis advisory is part of the August 2019 Cisco FXOS and NX-OS Software Security Advisory Bundled Publication, which includes five Cisco Security Advisories that describe five vulnerabilities. For a complete list of the advisories and links to them, see <a href=\"http://tools.cisco.com/security/center/viewErp.x?alertId=ERP-72243\">Cisco Event Response: August 2019 Cisco FXOS and NX-OS Software Security Advisory Bundled Publication</a>.<br />"
},
{
"advisoryId": "cisco-sa-20190828-nxos-api-dos",
"advisoryTitle": "Cisco NX-OS Software NX-API Denial of Service Vulnerability",
"bugIDs": [
"CSCvn26502",
"CSCvn31273",
"CSCvn57900"
],
"cves": [
"CVE-2019-1968"
],
"cvrfUrl": "https://tools.cisco.com/security/center/contentxml/CiscoSecurityAdvisory/cisco-sa-20190828-nxos-api-dos/cvrf/cisco-sa-20190828-nxos-api-dos_cvrf.xml",
"cvssBaseScore": "5.3",
"cwe": [
"CWE-20"
],
"firstPublished": "2019-08-28T16:00:00-0700",
"iosRelease": [
"8.3(1)"
],
"ipsSignatures": [
"NA"
],
"lastUpdated": "2019-08-28T16:00:00-0700",
"ovalUrl": "NA",
"platforms": [
{
"firstFixes": [
{
"id": "265140",
"name": "8.3(2)"
}
],
"id": "265086",
"name": "Cisco MDS 9000 Multilayer Directors and Fabric Switches",
"vulnerabilityState": "vulnerable"
},
{
"firstFixes": [
{
"id": "265140",
"name": "8.3(2)"
}
],
"id": "265088",
"name": "Cisco Nexus 7000 Series Switches",
"vulnerabilityState": "vulnerable"
}
],
"productNames": [
"Cisco NX-OS Software 6.0(2)A4(1)",
"Cisco NX-OS Software 6.0(2)A4(2)",
"Cisco NX-OS Software 6.0(2)A4(3)",
"Cisco NX-OS Software 6.0(2)A4(4)",
"Cisco NX-OS Software 6.0(2)A4(5)",
"Cisco NX-OS Software 6.0(2)A4(6)",
"Cisco NX-OS Software 6.0(2)A6(1)",
"Cisco NX-OS Software 6.0(2)A6(1a)",
"Cisco NX-OS Software 6.0(2)A6(2)",
"Cisco NX-OS Software 6.0(2)A6(2a)",
"Cisco NX-OS Software 6.0(2)A6(3)",
"Cisco NX-OS Software 6.0(2)A6(3a)",
"Cisco NX-OS Software 6.0(2)A6(4)",
"Cisco NX-OS Software 6.0(2)A6(4a)",
"Cisco NX-OS Software 6.0(2)A6(5)",
"Cisco NX-OS Software 6.0(2)A6(5a)",
"Cisco NX-OS Software 6.0(2)A6(5b)",
"Cisco NX-OS Software 6.0(2)A6(6)",
"Cisco NX-OS Software 6.0(2)A6(7)",
"Cisco NX-OS Software 6.0(2)A6(8)",
"Cisco NX-OS Software 6.0(2)A7(1)",
"Cisco NX-OS Software 6.0(2)A7(1a)",
"Cisco NX-OS Software 6.0(2)A7(2)",
"Cisco NX-OS Software 6.0(2)A7(2a)",
"Cisco NX-OS Software 6.0(2)A8(1)",
"Cisco NX-OS Software 6.0(2)A8(2)",
"Cisco NX-OS Software 6.0(2)A8(3)",
"Cisco NX-OS Software 6.0(2)A8(4)",
"Cisco NX-OS Software 6.0(2)A8(4a)",
"Cisco NX-OS Software 6.0(2)A8(5)",
"Cisco NX-OS Software 6.0(2)A8(6)",
"Cisco NX-OS Software 6.0(2)A8(7)",
"Cisco NX-OS Software 6.0(2)A8(7a)",
"Cisco NX-OS Software 6.0(2)A8(7b)",
"Cisco NX-OS Software 6.0(2)A8(8)",
"Cisco NX-OS Software 6.0(2)A8(9)",
"Cisco NX-OS Software 6.0(2)A8(10a)",
"Cisco NX-OS Software 6.0(2)A8(10)",
"Cisco NX-OS Software 6.0(2)A8(11)",
"Cisco NX-OS Software 6.0(2)U4(1)",
"Cisco NX-OS Software 6.0(2)U4(2)",
"Cisco NX-OS Software 6.0(2)U4(3)",
"Cisco NX-OS Software 6.0(2)U4(4)",
"Cisco NX-OS Software 6.0(2)U5(1)",
"Cisco NX-OS Software 6.0(2)U5(2)",
"Cisco NX-OS Software 6.0(2)U5(3)",
"Cisco NX-OS Software 6.0(2)U5(4)",
"Cisco NX-OS Software 6.0(2)U6(1)",
"Cisco NX-OS Software 6.0(2)U6(2)",
"Cisco NX-OS Software 6.0(2)U6(3)",
"Cisco NX-OS Software 6.0(2)U6(4)",
"Cisco NX-OS Software 6.0(2)U6(5)",
"Cisco NX-OS Software 6.0(2)U6(6)",
"Cisco NX-OS Software 6.0(2)U6(7)",
"Cisco NX-OS Software 6.0(2)U6(8)",
"Cisco NX-OS Software 6.0(2)U6(1a)",
"Cisco NX-OS Software 6.0(2)U6(2a)",
"Cisco NX-OS Software 6.0(2)U6(3a)",
"Cisco NX-OS Software 6.0(2)U6(4a)",
"Cisco NX-OS Software 6.0(2)U6(5a)",
"Cisco NX-OS Software 6.0(2)U6(5b)",
"Cisco NX-OS Software 6.0(2)U6(5c)",
"Cisco NX-OS Software 6.0(2)U6(9)",
"Cisco NX-OS Software 6.0(2)U6(10)",
"Cisco NX-OS Software 6.1(2)I2(2a)",
"Cisco NX-OS Software 6.1(2)I2(3)",
"Cisco NX-OS Software 6.1(2)I2(2b)",
"Cisco NX-OS Software 6.1(2)I3(1)",
"Cisco NX-OS Software 6.1(2)I3(2)",
"Cisco NX-OS Software 6.1(2)I3(3)",
"Cisco NX-OS Software 6.1(2)I3(4)",
"Cisco NX-OS Software 6.1(2)I3(3a)",
"Cisco NX-OS Software 6.1(2)I3(4a)",
"Cisco NX-OS Software 6.1(2)I3(4b)",
"Cisco NX-OS Software 6.1(2)I3(4c)",
"Cisco NX-OS Software 6.1(2)I3(4d)",
"Cisco NX-OS Software 6.1(2)I3(4e)",
"Cisco NX-OS Software 6.1(2)I3(5)",
"Cisco NX-OS Software 6.1(2)I3(5a)",
"Cisco NX-OS Software 6.1(2)I3(5b)",
"Cisco NX-OS Software 7.0(3)F1(1)",
"Cisco NX-OS Software 7.0(3)F2(1)",
"Cisco NX-OS Software 7.0(3)F2(2)",
"Cisco NX-OS Software 7.0(3)F3(1)",
"Cisco NX-OS Software 7.0(3)F3(2)",
"Cisco NX-OS Software 7.0(3)F3(3)",
"Cisco NX-OS Software 7.0(3)F3(3a)",
"Cisco NX-OS Software 7.0(3)F3(4)",
"Cisco NX-OS Software 7.0(3)F3(3c)",
"Cisco NX-OS Software 7.0(3)F3(5)",
"Cisco NX-OS Software 7.0(3)I1(1)",
"Cisco NX-OS Software 7.0(3)I1(1a)",
"Cisco NX-OS Software 7.0(3)I1(1b)",
"Cisco NX-OS Software 7.0(3)I1(2)",
"Cisco NX-OS Software 7.0(3)I1(3)",
"Cisco NX-OS Software 7.0(3)I1(3a)",
"Cisco NX-OS Software 7.0(3)I1(3b)",
"Cisco NX-OS Software 7.0(3)I1(1z)",
"Cisco NX-OS Software 7.0(3)I2(2a)",
"Cisco NX-OS Software 7.0(3)I2(2b)",
"Cisco NX-OS Software 7.0(3)I2(2c)",
"Cisco NX-OS Software 7.0(3)I2(2d)",
"Cisco NX-OS Software 7.0(3)I2(2e)",
"Cisco NX-OS Software 7.0(3)I2(3)",
"Cisco NX-OS Software 7.0(3)I2(4)",
"Cisco NX-OS Software 7.0(3)I2(5)",
"Cisco NX-OS Software 7.0(3)I2(1)",
"Cisco NX-OS Software 7.0(3)I2(1a)",
"Cisco NX-OS Software 7.0(3)I2(2)",
"Cisco NX-OS Software 7.0(3)I2(2r)",
"Cisco NX-OS Software 7.0(3)I2(2s)",
"Cisco NX-OS Software 7.0(3)I2(2v)",
"Cisco NX-OS Software 7.0(3)I2(2w)",
"Cisco NX-OS Software 7.0(3)I2(2x)",
"Cisco NX-OS Software 7.0(3)I2(2y)",
"Cisco NX-OS Software 7.0(3)I3(1)",
"Cisco NX-OS Software 7.0(3)I4(1)",
"Cisco NX-OS Software 7.0(3)I4(2)",
"Cisco NX-OS Software 7.0(3)I4(3)",
"Cisco NX-OS Software 7.0(3)I4(4)",
"Cisco NX-OS Software 7.0(3)I4(5)",
"Cisco NX-OS Software 7.0(3)I4(6)",
"Cisco NX-OS Software 7.0(3)I4(7)",
"Cisco NX-OS Software 7.0(3)I4(8)",
"Cisco NX-OS Software 7.0(3)I4(8a)",
"Cisco NX-OS Software 7.0(3)I4(8b)",
"Cisco NX-OS Software 7.0(3)I4(8z)",
"Cisco NX-OS Software 7.0(3)I4(1t)",
"Cisco NX-OS Software 7.0(3)I4(6t)",
"Cisco NX-OS Software 7.0(3)I5(1)",
"Cisco NX-OS Software 7.0(3)I5(2)",
"Cisco NX-OS Software 7.0(3)I5(3)",
"Cisco NX-OS Software 7.0(3)I5(3a)",
"Cisco NX-OS Software 7.0(3)I5(3b)",
"Cisco NX-OS Software 7.0(3)I6(1)",
"Cisco NX-OS Software 7.0(3)I6(2)",
"Cisco NX-OS Software 7.0(3)I7(1)",
"Cisco NX-OS Software 7.0(3)I7(2)",
"Cisco NX-OS Software 7.0(3)I7(3)",
"Cisco NX-OS Software 7.0(3)I7(4)",
"Cisco NX-OS Software 7.0(3)I7(5)",
"Cisco NX-OS Software 7.0(3)I7(5a)",
"Cisco NX-OS Software 7.0(3)I7(3z)",
"Cisco NX-OS Software 7.0(3)IX1(2)",
"Cisco NX-OS Software 7.0(3)IX1(2a)",
"Cisco NX-OS Software 7.1(0)N1(1a)",
"Cisco NX-OS Software 7.1(0)N1(1b)",
"Cisco NX-OS Software 7.1(0)N1(1)",
"Cisco NX-OS Software 7.1(1)N1(1)",
"Cisco NX-OS Software 7.1(1)N1(1a)",
"Cisco NX-OS Software 7.1(2)N1(1)",
"Cisco NX-OS Software 7.1(2)N1(1a)",
"Cisco NX-OS Software 7.1(3)N1(1)",
"Cisco NX-OS Software 7.1(3)N1(2)",
"Cisco NX-OS Software 7.1(3)N1(5)",
"Cisco NX-OS Software 7.1(3)N1(4)",
"Cisco NX-OS Software 7.1(3)N1(3)",
"Cisco NX-OS Software 7.1(3)N1(2a)",
"Cisco NX-OS Software 7.1(4)N1(1)",
"Cisco NX-OS Software 7.1(4)N1(1d)",
"Cisco NX-OS Software 7.1(4)N1(1c)",
"Cisco NX-OS Software 7.1(4)N1(1a)",
"Cisco NX-OS Software 7.1(5)N1(1)",
"Cisco NX-OS Software 7.1(5)N1(1b)",
"Cisco NX-OS Software 7.2(0)D1(1)",
"Cisco NX-OS Software 7.2(0)N1(1)",
"Cisco NX-OS Software 7.2(1)D1(1)",
"Cisco NX-OS Software 7.2(1)N1(1)",
"Cisco NX-OS Software 7.2(2)D1(2)",
"Cisco NX-OS Software 7.2(2)D1(1)",
"Cisco NX-OS Software 7.2(2)D1(3)",
"Cisco NX-OS Software 7.2(2)D1(4)",
"Cisco NX-OS Software 7.3(0)D1(1)",
"Cisco NX-OS Software 7.3(0)DX(1)",
"Cisco NX-OS Software 7.3(0)N1(1)",
"Cisco NX-OS Software 7.3(0)N1(1b)",
"Cisco NX-OS Software 7.3(0)N1(1a)",
"Cisco NX-OS Software 7.3(1)D1(1)",
"Cisco NX-OS Software 7.3(1)N1(1)",
"Cisco NX-OS Software 7.3(2)D1(1)",
"Cisco NX-OS Software 7.3(2)D1(2)",
"Cisco NX-OS Software 7.3(2)D1(3)",
"Cisco NX-OS Software 7.3(2)D1(3a)",
"Cisco NX-OS Software 7.3(2)D1(1d)",
"Cisco NX-OS Software 7.3(2)N1(1)",
"Cisco NX-OS Software 7.3(2)N1(1b)",
"Cisco NX-OS Software 7.3(2)N1(1c)",
"Cisco NX-OS Software 7.3(3)N1(1)",
"Cisco NX-OS Software 8.0(1)",
"Cisco NX-OS Software 8.1(1)",
"Cisco NX-OS Software 8.1(2)",
"Cisco NX-OS Software 8.1(2a)",
"Cisco NX-OS Software 8.1(1a)",
"Cisco NX-OS Software 8.1(1b)",
"Cisco NX-OS Software 8.2(1)",
"Cisco NX-OS Software 8.2(2)",
"Cisco NX-OS Software 8.3(1)",
"Cisco NX-OS Software 9.2(1)",
"Cisco NX-OS Software 9.2(2)",
"Cisco NX-OS Software 9.2(2t)",
"Cisco NX-OS Software 9.2(2v)",
"Cisco NX-OS Software 7.3(4)N1(1)",
"Cisco NX-OS Software 7.3(4)N1(1a)",
"Cisco NX-OS Software 7.3(3)D1(1)",
"Cisco NX-OS Software 7.0(3)IA7(1)",
"Cisco NX-OS Software 7.0(3)IA7(2)",
"Cisco NX-OS Software 7.0(3)IC4(4)",
"Cisco NX-OS Software 7.0(3)IM3(1)",
"Cisco NX-OS Software 7.0(3)IM3(2)",
"Cisco NX-OS Software 7.0(3)IM3(2a)",
"Cisco NX-OS Software 7.0(3)IM3(2b)",
"Cisco NX-OS Software 7.0(3)IM3(3)",
"Cisco NX-OS Software 7.0(3)IM7(2)"
],
"publicationUrl": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190828-nxos-api-dos",
"sir": "Medium",
"summary": "<p>A vulnerability in the NX-API feature of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause an NX-API system process to unexpectedly restart.</p>\n<p>The vulnerability is due to incorrect validation of the HTTP header of a request that is sent to the NX-API. An attacker could exploit this vulnerability by sending a crafted HTTP request to the NX-API on an affected device. A successful exploit could allow the attacker to cause a denial of service (DoS) condition in the NX-API service; however, the NX-OS device itself would still be available and passing network traffic.</p>\n<p><strong>Note:</strong> The NX-API feature is disabled by default.</p>\n<p>Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.</p>\n<p>This advisory is available at the following link:<br />\n<a href=\"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190828-nxos-api-dos\">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190828-nxos-api-dos</a></p>"
}
]
}
... output omitted for brevity...To query by NX-OS ACI mode versions use:
https://api.cisco.com/security/advisories/aci\?version\=11.0\(2j\) @santosomar Does the update to the API include the data that has been available on the recent CVRFs that indicates which versions are vulnerable when running on certain hardware? eg:
<Relationship RelatesToProductReference="CVRFPID-265086" RelationType="Installed On" ProductReference="CVRFPID-191447">
<FullProductName ProductID="CVRFPID-191447:265086">Cisco NX-OS Software 5.2(1) when installed on Cisco MDS 9000 Multilayer Directors and Fabric Switches</FullProductName>
</Relationship>
<Relationship RelatesToProductReference="CVRFPID-265088" RelationType="Installed On" ProductReference="CVRFPID-191447">
<FullProductName ProductID="CVRFPID-191447:265088">Cisco NX-OS Software 5.2(1) when installed on Cisco Nexus 7000 Series Switches</FullProductName>
Is your feature request related to a problem? Please describe. A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]
Describe the solution you'd like A clear and concise description of what you want to happen.
Describe alternatives you've considered A clear and concise description of any alternative solutions or features you've considered.
Additional context Add any other context or screenshots about the feature request here.