Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Get general Security Advisories with API Call - get_by_product #84

Open
pixerl0n opened this issue Mar 17, 2021 · 1 comment
Open

Get general Security Advisories with API Call - get_by_product #84

pixerl0n opened this issue Mar 17, 2021 · 1 comment
Labels
back-end-data Backend data issue enhancement

Comments

@pixerl0n
Copy link

pixerl0n commented Mar 17, 2021
edited

Looking for a solution to get general SA like (https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sudo-privesc-jan2021-qnYQfcM) which isn't covered by the product API call.

If I'm using the product name e.g. Cisco Prime Collaboration Provisioning
advisories = query_client.get_by_product(adv_format='default', product_name='Cisco Prime Collaboration Provisioning')
I'm getting this result:

Debugging = True --> /home/devnet/Documents/coding/cisco_check-advisory/cisco_check-advisory/functions.py

title = Cisco Prime Collaboration Provisioning Software SQL Injection Vulnerability
title = Cisco Prime Collaboration Provisioning Information Disclosure Vulnerability
title = Cisco Prime Collaboration Provisioning Cross-Site Scripting Vulnerability
title = Vulnerability in Java Deserialization Affecting Cisco Products
title = Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: September 2016
title = Cisco Prime Collaboration Provisioning Intermittent Hard-Coded Password Vulnerability
title = Vulnerability in Linux Kernel Affecting Cisco Products: October 2016
title = Cisco Prime Collaboration Provisioning Unauthorized Password Change Denial of Service Vulnerability
title = Cisco Prime Collaboration Provisioning Access Control Bypass Vulnerability
title = Cisco Prime Collaboration Provisioning Access Control Deficiency in Batch Function Privilege Escalation Vulnerability
title = Cisco Prime Collaboration Provisioning Cleartext Passwords Written to World-Readable File Vulnerability
title = Cisco Prime Collaboration Provisioning Access Control Vulnerability
title = Cisco Prime Collaboration Provisioning Unauthorized Password Recovery Vulnerability
title = Cisco Prime Collaboration Provisioning Unauthenticated Remote Method Invocation Vulnerability
title = Cisco Prime Collaboration Provisioning SQL Injection Vulnerability
title = Cisco Prime Collaboration Provisioning Unauthorized Password Reset Vulnerability
title = Multiple Vulnerabilities in OpenSSL (June 2015) Affecting Cisco Products
title = Cisco Prime Collaboration Provisioning Hard-Coded Password Vulnerability
title = Cisco Prime Collaboration Provisioning Tool User Provisioning Tab Cross-Site Scripting Vulnerability
title = Cisco Prime Collaboration Provisioning Tool Web Portal Repeated Bad Login Attempts Denial of Service Vulnerability
title = Multiple Vulnerabilities in OpenSSL (January 2016) Affecting Cisco Products
title = Cisco Prime Collaboration Provisioning Authenticated SQL Injection Vulnerability
title = Cisco Prime Collaboration Provisioning Tool System File Overwrite Vulnerability
title = Cisco Prime Collaboration Provisioning Tool Inventory Management Feature Information Disclosure Vulnerability
title = Cisco Prime Collaboration Provisioning Tool Pervasive Cross-Site Request Forgery Vulnerability
title = Cisco Prime Collaboration Provisioning Tool UpgradeManager File Write Vulnerability
title = Cisco Prime Collaboration Provisioning Tool Web Portal Cross-Site Scripting Vulnerability
title = Cisco Prime Collaboration Provisioning Tool Log File Information Disclosure Vulnerability
title = Cisco Prime Collaboration Provisioning Tool Session Hijacking Vulnerability
title = Cisco Prime Collaboration Provisioning Tool Arbitrary File Download Vulnerability
title = Cisco Prime Collaboration Provisioning Tool Information Disclosure Vulnerability
title = Cisco Prime Collaboration Provisioning Information Disclosure Vulnerability
title = Cisco Prime Collaboration Provisioning Directory Traversal Arbitrary File Deletion Vulnerability
title = Cisco Prime Collaboration Provisioning Directory Traversal Arbitrary File Deletion Vulnerability
title = Cisco Prime Collaboration Provisioning Directory Traversal Information Disclosure Vulnerability
title = Cisco Prime Collaboration Provisioning Authentication Bypass Vulnerability
title = Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: November 2016
title = Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: May 2016 
title = Cisco Prime Collaboration Provisioning Cross-Site Scripting Vulnerability
title = Multiple Vulnerabilities in OpenSSL (December 2015) Affecting Cisco Products
title = Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: June 2016
title = Cisco Prime Collaboration Provisioning Lightweight Directory Access Protocol Authentication Bypass Vulnerability
title = Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: March 2016
title = Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: April 2016
title = Multiple Vulnerabilities in OpenSSL (March 2015) Affecting Cisco Products
title = Multiple Vulnerabilities in ntpd (April 2015) Affecting Cisco Products
title = Multiple Vulnerabilities in OpenSSL (January 2015) Affecting Cisco Products
title = Cisco Prime Collaboration Provisioning SQL Injection Vulnerability
title = OpenSSL Alternative Chains Certificate Forgery Vulnerability (July 2015) Affecting Cisco Products
title = Cisco Prime Collaboration Provisioning Web Framework Access Controls Bypass Vulnerability

I miss the SA "Sudo Privilege Escalation Vulnerability Affecting Cisco Products: January 2021". The SA itself describe that the product "Cisco Prime Collaboration Provisioning" is affected.

If figured out if I use the following API
advisories = query_client.get_by_latest(adv_format='default', latest=25)

I'm getting this result:

title = Sudo Privilege Escalation Vulnerability Affecting Cisco Products: January 2021
first published = 2021-01-29T21:30:00
product_names = ['NA']

But I'm not able to use the product_name 'NA'. 'N A' with a space between the character N A gives me some results but not the right one.

Any advise how to cover general SAs with the API?
@santosomar
Copy link
Contributor

The challenge is not the API, but that third-party software security advisories do not have detailed product information in the machine-readable backend. Cisco is working on this for future third-party software (i.e., open source software advisories).

@santosomar santosomar added back-end-data Backend data issue enhancement labels May 3, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
back-end-data Backend data issue enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@santosomar @pixerl0n