openVulnAPI icon indicating copy to clipboard operation
openVulnAPI copied to clipboard
verified publisher icon CiscoPSIRT

Different API response depending on platform (NXOS/ACI vs IOS/IOS-XE)

Open NWMichl opened this issue 5 years ago • 1 comments

Describe the bug First fixed software versions are reported with a different data structure and naming depending on whether NXOS/ACI or IOS(XE) is used for the API query.

To Reproduce An API query with NXOS 7.0(3)I7(8) results in

(...)
platforms:
- firstFixes:
  - id: '279749'
    name: 7.0(3)I7(9)
  id: '265096'
  name: Cisco Nexus 9000 Series Switches
  vulnerabilityState: vulnerable
(...)

But an API query with IOSXE 03.16.09.S results in

(...)
firstFixed:
- 3.18.2S
(...)

Expected behavior Since the NXOS/ACI variant allows more extensive parameters already, an adaptation of the IOS response would be desirable.

Screenshots

Desktop (please complete the following information):

Smartphone (please complete the following information):

Additional context BTW: The API itself is worth gold and makes our work a lot easier, so I would like to thank you for your work! But such inconsistencies should be avoided, right?

NWMichl avatar Dec 22 '20 17:12 NWMichl

I can add on to this an example of the API converting the version to an abbreviated version:

Actual version: 16.12.03 Cisco API Response: 16.12.3

As you can imagine when we're mapping data structures based on the value that those two strings do not match and will cause an issue.

AdamMack2007 avatar Mar 18 '21 16:03 AdamMack2007