Closed EvgeniNetformx closed 4 years ago
NX-OS is not yet supported. Cisco is working on supporting NX-OS by the end of this calendar year.
Does anyone know when this will be available?
Cisco is working on the NXOS API and should be available in the next couple of months. Although, there is no exact time.
I am pleased to announce that Cisco has released the NXOS Software checker functionality and subsequently, we have added it to the API.
You can query any NX-OS version as such:
https://api.cisco.com/security/advisories/nxos?version=8.3(1)
The following is an example using curl
(after using your client credentials to get a token (the token is AAABBBCCC in this example):
curl -X GET -s -k -H "Accept: application/json" -H "Authorization: Bearer AAABBBCCC" https://api.cisco.com/security/advisories/nxos?version=8.3(1)
Example output:
{
"advisoryId": "cisco-sa-20190828-nxos-ipv6-dos",
"advisoryTitle": "Cisco NX-OS Software IPv6 Denial of Service Vulnerability",
"bugIDs": [
"CSCvn46719"
],
"cves": [
"CVE-2019-1964"
],
"cvrfUrl": "https://tools.cisco.com/security/center/contentxml/CiscoSecurityAdvisory/cisco-sa-20190828-nxos-ipv6-dos/cvrf/cisco-sa-20190828-nxos-ipv6-dos_cvrf.xml",
"cvssBaseScore": "8.6",
"cwe": [
"CWE-20"
],
"firstPublished": "2019-08-28T16:00:00-0700",
"iosRelease": [
"8.3(1)"
],
"ipsSignatures": [
"NA"
],
"lastUpdated": "2019-08-28T16:00:00-0700",
"ovalUrl": "NA",
"platforms": [
{
"firstFixes": [
{
"id": "265563",
"name": "8.4(1)"
}
],
"id": "265088",
"name": "Cisco Nexus 7000 Series Switches",
"vulnerabilityState": "vulnerable"
}
],
"productNames": [
"Cisco NX-OS Software 7.3(2)D1(1d)",
"Cisco NX-OS Software 8.1(1)",
"Cisco NX-OS Software 8.1(2)",
"Cisco NX-OS Software 8.1(2a)",
"Cisco NX-OS Software 8.2(1)",
"Cisco NX-OS Software 8.2(2)",
"Cisco NX-OS Software 8.3(1)",
"Cisco NX-OS Software 8.3(2)"
],
"publicationUrl": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190828-nxos-ipv6-dos",
"sir": "High",
"summary": "<p>A vulnerability in the IPv6 traffic processing of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause an unexpected restart of the netstack process on an affected device.</p>\n<p>The vulnerability is due to improper validation of IPv6 traffic sent through an affected device. An attacker could exploit this vulnerability by sending a malformed IPv6 packet through an affected device. A successful exploit could allow the attacker to cause a denial of service (DoS) condition while the netstack process restarts. A sustained attack could lead to a reboot of the device.</p>\n<p>Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.</p>\n<p>This advisory is available at the following link:<br />\n<a href=\"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190828-nxos-ipv6-dos\">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190828-nxos-ipv6-dos</a></p>\nThis advisory is part of the August 2019 Cisco FXOS and NX-OS Software Security Advisory Bundled Publication, which includes five Cisco Security Advisories that describe five vulnerabilities. For a complete list of the advisories and links to them, see <a href=\"http://tools.cisco.com/security/center/viewErp.x?alertId=ERP-72243\">Cisco Event Response: August 2019 Cisco FXOS and NX-OS Software Security Advisory Bundled Publication</a>.<br />"
},
{
"advisoryId": "cisco-sa-20190828-nxos-api-dos",
"advisoryTitle": "Cisco NX-OS Software NX-API Denial of Service Vulnerability",
"bugIDs": [
"CSCvn26502",
"CSCvn31273",
"CSCvn57900"
],
"cves": [
"CVE-2019-1968"
],
"cvrfUrl": "https://tools.cisco.com/security/center/contentxml/CiscoSecurityAdvisory/cisco-sa-20190828-nxos-api-dos/cvrf/cisco-sa-20190828-nxos-api-dos_cvrf.xml",
"cvssBaseScore": "5.3",
"cwe": [
"CWE-20"
],
"firstPublished": "2019-08-28T16:00:00-0700",
"iosRelease": [
"8.3(1)"
],
"ipsSignatures": [
"NA"
],
"lastUpdated": "2019-08-28T16:00:00-0700",
"ovalUrl": "NA",
"platforms": [
{
"firstFixes": [
{
"id": "265140",
"name": "8.3(2)"
}
],
"id": "265086",
"name": "Cisco MDS 9000 Multilayer Directors and Fabric Switches",
"vulnerabilityState": "vulnerable"
},
{
"firstFixes": [
{
"id": "265140",
"name": "8.3(2)"
}
],
"id": "265088",
"name": "Cisco Nexus 7000 Series Switches",
"vulnerabilityState": "vulnerable"
}
],
"productNames": [
"Cisco NX-OS Software 6.0(2)A4(1)",
"Cisco NX-OS Software 6.0(2)A4(2)",
"Cisco NX-OS Software 6.0(2)A4(3)",
"Cisco NX-OS Software 6.0(2)A4(4)",
"Cisco NX-OS Software 6.0(2)A4(5)",
"Cisco NX-OS Software 6.0(2)A4(6)",
"Cisco NX-OS Software 6.0(2)A6(1)",
"Cisco NX-OS Software 6.0(2)A6(1a)",
"Cisco NX-OS Software 6.0(2)A6(2)",
"Cisco NX-OS Software 6.0(2)A6(2a)",
"Cisco NX-OS Software 6.0(2)A6(3)",
"Cisco NX-OS Software 6.0(2)A6(3a)",
"Cisco NX-OS Software 6.0(2)A6(4)",
"Cisco NX-OS Software 6.0(2)A6(4a)",
"Cisco NX-OS Software 6.0(2)A6(5)",
"Cisco NX-OS Software 6.0(2)A6(5a)",
"Cisco NX-OS Software 6.0(2)A6(5b)",
"Cisco NX-OS Software 6.0(2)A6(6)",
"Cisco NX-OS Software 6.0(2)A6(7)",
"Cisco NX-OS Software 6.0(2)A6(8)",
"Cisco NX-OS Software 6.0(2)A7(1)",
"Cisco NX-OS Software 6.0(2)A7(1a)",
"Cisco NX-OS Software 6.0(2)A7(2)",
"Cisco NX-OS Software 6.0(2)A7(2a)",
"Cisco NX-OS Software 6.0(2)A8(1)",
"Cisco NX-OS Software 6.0(2)A8(2)",
"Cisco NX-OS Software 6.0(2)A8(3)",
"Cisco NX-OS Software 6.0(2)A8(4)",
"Cisco NX-OS Software 6.0(2)A8(4a)",
"Cisco NX-OS Software 6.0(2)A8(5)",
"Cisco NX-OS Software 6.0(2)A8(6)",
"Cisco NX-OS Software 6.0(2)A8(7)",
"Cisco NX-OS Software 6.0(2)A8(7a)",
"Cisco NX-OS Software 6.0(2)A8(7b)",
"Cisco NX-OS Software 6.0(2)A8(8)",
"Cisco NX-OS Software 6.0(2)A8(9)",
"Cisco NX-OS Software 6.0(2)A8(10a)",
"Cisco NX-OS Software 6.0(2)A8(10)",
"Cisco NX-OS Software 6.0(2)A8(11)",
"Cisco NX-OS Software 6.0(2)U4(1)",
"Cisco NX-OS Software 6.0(2)U4(2)",
"Cisco NX-OS Software 6.0(2)U4(3)",
"Cisco NX-OS Software 6.0(2)U4(4)",
"Cisco NX-OS Software 6.0(2)U5(1)",
"Cisco NX-OS Software 6.0(2)U5(2)",
"Cisco NX-OS Software 6.0(2)U5(3)",
"Cisco NX-OS Software 6.0(2)U5(4)",
"Cisco NX-OS Software 6.0(2)U6(1)",
"Cisco NX-OS Software 6.0(2)U6(2)",
"Cisco NX-OS Software 6.0(2)U6(3)",
"Cisco NX-OS Software 6.0(2)U6(4)",
"Cisco NX-OS Software 6.0(2)U6(5)",
"Cisco NX-OS Software 6.0(2)U6(6)",
"Cisco NX-OS Software 6.0(2)U6(7)",
"Cisco NX-OS Software 6.0(2)U6(8)",
"Cisco NX-OS Software 6.0(2)U6(1a)",
"Cisco NX-OS Software 6.0(2)U6(2a)",
"Cisco NX-OS Software 6.0(2)U6(3a)",
"Cisco NX-OS Software 6.0(2)U6(4a)",
"Cisco NX-OS Software 6.0(2)U6(5a)",
"Cisco NX-OS Software 6.0(2)U6(5b)",
"Cisco NX-OS Software 6.0(2)U6(5c)",
"Cisco NX-OS Software 6.0(2)U6(9)",
"Cisco NX-OS Software 6.0(2)U6(10)",
"Cisco NX-OS Software 6.1(2)I2(2a)",
"Cisco NX-OS Software 6.1(2)I2(3)",
"Cisco NX-OS Software 6.1(2)I2(2b)",
"Cisco NX-OS Software 6.1(2)I3(1)",
"Cisco NX-OS Software 6.1(2)I3(2)",
"Cisco NX-OS Software 6.1(2)I3(3)",
"Cisco NX-OS Software 6.1(2)I3(4)",
"Cisco NX-OS Software 6.1(2)I3(3a)",
"Cisco NX-OS Software 6.1(2)I3(4a)",
"Cisco NX-OS Software 6.1(2)I3(4b)",
"Cisco NX-OS Software 6.1(2)I3(4c)",
"Cisco NX-OS Software 6.1(2)I3(4d)",
"Cisco NX-OS Software 6.1(2)I3(4e)",
"Cisco NX-OS Software 6.1(2)I3(5)",
"Cisco NX-OS Software 6.1(2)I3(5a)",
"Cisco NX-OS Software 6.1(2)I3(5b)",
"Cisco NX-OS Software 7.0(3)F1(1)",
"Cisco NX-OS Software 7.0(3)F2(1)",
"Cisco NX-OS Software 7.0(3)F2(2)",
"Cisco NX-OS Software 7.0(3)F3(1)",
"Cisco NX-OS Software 7.0(3)F3(2)",
"Cisco NX-OS Software 7.0(3)F3(3)",
"Cisco NX-OS Software 7.0(3)F3(3a)",
"Cisco NX-OS Software 7.0(3)F3(4)",
"Cisco NX-OS Software 7.0(3)F3(3c)",
"Cisco NX-OS Software 7.0(3)F3(5)",
"Cisco NX-OS Software 7.0(3)I1(1)",
"Cisco NX-OS Software 7.0(3)I1(1a)",
"Cisco NX-OS Software 7.0(3)I1(1b)",
"Cisco NX-OS Software 7.0(3)I1(2)",
"Cisco NX-OS Software 7.0(3)I1(3)",
"Cisco NX-OS Software 7.0(3)I1(3a)",
"Cisco NX-OS Software 7.0(3)I1(3b)",
"Cisco NX-OS Software 7.0(3)I1(1z)",
"Cisco NX-OS Software 7.0(3)I2(2a)",
"Cisco NX-OS Software 7.0(3)I2(2b)",
"Cisco NX-OS Software 7.0(3)I2(2c)",
"Cisco NX-OS Software 7.0(3)I2(2d)",
"Cisco NX-OS Software 7.0(3)I2(2e)",
"Cisco NX-OS Software 7.0(3)I2(3)",
"Cisco NX-OS Software 7.0(3)I2(4)",
"Cisco NX-OS Software 7.0(3)I2(5)",
"Cisco NX-OS Software 7.0(3)I2(1)",
"Cisco NX-OS Software 7.0(3)I2(1a)",
"Cisco NX-OS Software 7.0(3)I2(2)",
"Cisco NX-OS Software 7.0(3)I2(2r)",
"Cisco NX-OS Software 7.0(3)I2(2s)",
"Cisco NX-OS Software 7.0(3)I2(2v)",
"Cisco NX-OS Software 7.0(3)I2(2w)",
"Cisco NX-OS Software 7.0(3)I2(2x)",
"Cisco NX-OS Software 7.0(3)I2(2y)",
"Cisco NX-OS Software 7.0(3)I3(1)",
"Cisco NX-OS Software 7.0(3)I4(1)",
"Cisco NX-OS Software 7.0(3)I4(2)",
"Cisco NX-OS Software 7.0(3)I4(3)",
"Cisco NX-OS Software 7.0(3)I4(4)",
"Cisco NX-OS Software 7.0(3)I4(5)",
"Cisco NX-OS Software 7.0(3)I4(6)",
"Cisco NX-OS Software 7.0(3)I4(7)",
"Cisco NX-OS Software 7.0(3)I4(8)",
"Cisco NX-OS Software 7.0(3)I4(8a)",
"Cisco NX-OS Software 7.0(3)I4(8b)",
"Cisco NX-OS Software 7.0(3)I4(8z)",
"Cisco NX-OS Software 7.0(3)I4(1t)",
"Cisco NX-OS Software 7.0(3)I4(6t)",
"Cisco NX-OS Software 7.0(3)I5(1)",
"Cisco NX-OS Software 7.0(3)I5(2)",
"Cisco NX-OS Software 7.0(3)I5(3)",
"Cisco NX-OS Software 7.0(3)I5(3a)",
"Cisco NX-OS Software 7.0(3)I5(3b)",
"Cisco NX-OS Software 7.0(3)I6(1)",
"Cisco NX-OS Software 7.0(3)I6(2)",
"Cisco NX-OS Software 7.0(3)I7(1)",
"Cisco NX-OS Software 7.0(3)I7(2)",
"Cisco NX-OS Software 7.0(3)I7(3)",
"Cisco NX-OS Software 7.0(3)I7(4)",
"Cisco NX-OS Software 7.0(3)I7(5)",
"Cisco NX-OS Software 7.0(3)I7(5a)",
"Cisco NX-OS Software 7.0(3)I7(3z)",
"Cisco NX-OS Software 7.0(3)IX1(2)",
"Cisco NX-OS Software 7.0(3)IX1(2a)",
"Cisco NX-OS Software 7.1(0)N1(1a)",
"Cisco NX-OS Software 7.1(0)N1(1b)",
"Cisco NX-OS Software 7.1(0)N1(1)",
"Cisco NX-OS Software 7.1(1)N1(1)",
"Cisco NX-OS Software 7.1(1)N1(1a)",
"Cisco NX-OS Software 7.1(2)N1(1)",
"Cisco NX-OS Software 7.1(2)N1(1a)",
"Cisco NX-OS Software 7.1(3)N1(1)",
"Cisco NX-OS Software 7.1(3)N1(2)",
"Cisco NX-OS Software 7.1(3)N1(5)",
"Cisco NX-OS Software 7.1(3)N1(4)",
"Cisco NX-OS Software 7.1(3)N1(3)",
"Cisco NX-OS Software 7.1(3)N1(2a)",
"Cisco NX-OS Software 7.1(4)N1(1)",
"Cisco NX-OS Software 7.1(4)N1(1d)",
"Cisco NX-OS Software 7.1(4)N1(1c)",
"Cisco NX-OS Software 7.1(4)N1(1a)",
"Cisco NX-OS Software 7.1(5)N1(1)",
"Cisco NX-OS Software 7.1(5)N1(1b)",
"Cisco NX-OS Software 7.2(0)D1(1)",
"Cisco NX-OS Software 7.2(0)N1(1)",
"Cisco NX-OS Software 7.2(1)D1(1)",
"Cisco NX-OS Software 7.2(1)N1(1)",
"Cisco NX-OS Software 7.2(2)D1(2)",
"Cisco NX-OS Software 7.2(2)D1(1)",
"Cisco NX-OS Software 7.2(2)D1(3)",
"Cisco NX-OS Software 7.2(2)D1(4)",
"Cisco NX-OS Software 7.3(0)D1(1)",
"Cisco NX-OS Software 7.3(0)DX(1)",
"Cisco NX-OS Software 7.3(0)N1(1)",
"Cisco NX-OS Software 7.3(0)N1(1b)",
"Cisco NX-OS Software 7.3(0)N1(1a)",
"Cisco NX-OS Software 7.3(1)D1(1)",
"Cisco NX-OS Software 7.3(1)N1(1)",
"Cisco NX-OS Software 7.3(2)D1(1)",
"Cisco NX-OS Software 7.3(2)D1(2)",
"Cisco NX-OS Software 7.3(2)D1(3)",
"Cisco NX-OS Software 7.3(2)D1(3a)",
"Cisco NX-OS Software 7.3(2)D1(1d)",
"Cisco NX-OS Software 7.3(2)N1(1)",
"Cisco NX-OS Software 7.3(2)N1(1b)",
"Cisco NX-OS Software 7.3(2)N1(1c)",
"Cisco NX-OS Software 7.3(3)N1(1)",
"Cisco NX-OS Software 8.0(1)",
"Cisco NX-OS Software 8.1(1)",
"Cisco NX-OS Software 8.1(2)",
"Cisco NX-OS Software 8.1(2a)",
"Cisco NX-OS Software 8.1(1a)",
"Cisco NX-OS Software 8.1(1b)",
"Cisco NX-OS Software 8.2(1)",
"Cisco NX-OS Software 8.2(2)",
"Cisco NX-OS Software 8.3(1)",
"Cisco NX-OS Software 9.2(1)",
"Cisco NX-OS Software 9.2(2)",
"Cisco NX-OS Software 9.2(2t)",
"Cisco NX-OS Software 9.2(2v)",
"Cisco NX-OS Software 7.3(4)N1(1)",
"Cisco NX-OS Software 7.3(4)N1(1a)",
"Cisco NX-OS Software 7.3(3)D1(1)",
"Cisco NX-OS Software 7.0(3)IA7(1)",
"Cisco NX-OS Software 7.0(3)IA7(2)",
"Cisco NX-OS Software 7.0(3)IC4(4)",
"Cisco NX-OS Software 7.0(3)IM3(1)",
"Cisco NX-OS Software 7.0(3)IM3(2)",
"Cisco NX-OS Software 7.0(3)IM3(2a)",
"Cisco NX-OS Software 7.0(3)IM3(2b)",
"Cisco NX-OS Software 7.0(3)IM3(3)",
"Cisco NX-OS Software 7.0(3)IM7(2)"
],
"publicationUrl": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190828-nxos-api-dos",
"sir": "Medium",
"summary": "<p>A vulnerability in the NX-API feature of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause an NX-API system process to unexpectedly restart.</p>\n<p>The vulnerability is due to incorrect validation of the HTTP header of a request that is sent to the NX-API. An attacker could exploit this vulnerability by sending a crafted HTTP request to the NX-API on an affected device. A successful exploit could allow the attacker to cause a denial of service (DoS) condition in the NX-API service; however, the NX-OS device itself would still be available and passing network traffic.</p>\n<p><strong>Note:</strong> The NX-API feature is disabled by default.</p>\n<p>Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.</p>\n<p>This advisory is available at the following link:<br />\n<a href=\"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190828-nxos-api-dos\">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190828-nxos-api-dos</a></p>"
}
]
}
... output omitted for brevity...
To query by NX-OS ACI mode versions use:
https://api.cisco.com/security/advisories/aci\?version\=11.0\(2j\)
@santosomar Does the update to the API include the data that has been available on the recent CVRFs that indicates which versions are vulnerable when running on certain hardware? eg:
<Relationship RelatesToProductReference="CVRFPID-265086" RelationType="Installed On" ProductReference="CVRFPID-191447">
<FullProductName ProductID="CVRFPID-191447:265086">Cisco NX-OS Software 5.2(1) when installed on Cisco MDS 9000 Multilayer Directors and Fabric Switches</FullProductName>
</Relationship>
<Relationship RelatesToProductReference="CVRFPID-265088" RelationType="Installed On" ProductReference="CVRFPID-191447">
<FullProductName ProductID="CVRFPID-191447:265088">Cisco NX-OS Software 5.2(1) when installed on Cisco Nexus 7000 Series Switches</FullProductName>
Is your feature request related to a problem? Please describe. A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]
Describe the solution you'd like A clear and concise description of what you want to happen.
Describe alternatives you've considered A clear and concise description of any alternative solutions or features you've considered.
Additional context Add any other context or screenshots about the feature request here.