Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1271
Views
11
Helpful
12
Replies

PSIRT OpenVulnQuery API - Advisory dates not accurate

Andrew K
Level 1
Level 1

‎02-24-2023 12:54 PM

Hello,

We use this API is used to pull the last updated advisories from a date range. In the past the dates pulled from the API output would accurately reflect the date listed on the security advisory listed on Cisco's website but now the dates are inconsistent. For example, one of the most recent advisories "cisco-sa-ucsm-bkpsky-H8FCQgsA" lists as 2023 February 22 16:00 GMT. If I make a request on this advisory I can see the date is instead 2023 February 23. Why is this the case?

 

AndrewK_1-1677271947474.png

 

https://sec.cloudapps.cisco.com/security/center/publicationListing.x

2 people had this problem
0 Helpful
12 Replies 12

PR Oxman
Cisco Employee
Cisco Employee

‎02-26-2023 04:03 PM

Hello Andrew,

   Checking with engineering.  Will update shortly.

Thanks.

PR Oxman
Cisco Employee
Cisco Employee
In response to PR Oxman

‎02-27-2023 01:17 PM

Hello Andrew,

   Confirmed in house.  Bug has been raised and being worked.

Thanks.

PR Oxman
Cisco Employee
Cisco Employee

‎03-02-2023 07:23 PM - edited ‎03-02-2023 07:23 PM

Hello Andrew,

   Whilst we haven't found the root cause as yet; the data has been refreshed and now should be accurate.

   Checked the data for the past 3 years and there a few more we will get fixed up; but the rest look good.

   Let us know if you spot any other concerns.

Thanks.

Andrew K
Level 1
Level 1
In response to PR Oxman

‎09-19-2023 04:28 PM

Hi Oxman,

Re-opening this thread as the same issue was discovered on a different advisory "cisco-sa-asaftd-ravpn-auth-8LyfCkeC". The advisory on the site lists as "2023 September 11 18:21 GMT" while the date from the API is listed as " 'lastUpdated': '2023-09-12T01:21:34'".

advisory cisco-sa-asaftd-ravpn-auth-8LyfCkeC.PNG

Has there been any progress made in the potential cause of this inconsistency?

Thank you,

Andrew 

0 Helpful

PR Oxman
Cisco Employee
Cisco Employee
In response to Andrew K

‎09-20-2023 04:04 PM

Hello Andrew,

     For actual bugs with the API it may be best to email openvuln@cisco.com.

     We have synced the data again, so it should be correct, but still have not isolated the root cause.  Will update here once it is known.

Thanks.

0 Helpful

Andrew K
Level 1
Level 1
In response to PR Oxman

‎09-25-2023 09:37 AM

Hi Oxman,
Unfortunately the date still appears as if it was last updated on the 12th.
I pulled this request today September 25th 2023.
{'advisoryId': 'cisco-sa-asaftd-ravpn-auth-8LyfCkeC',
'advisoryTitle': 'Cisco Adaptive Security Appliance Software and Firepower '
'Threat Defense Software Remote Access VPN Unauthorized '
'Access Vulnerability',
'bugIDs': ['CSCwh23100', 'CSCwh45108'],
'csafUrl': 'https://sec.cloudapps.cisco.com/security/center/contentjson/CiscoSecurityAdvisory/cisco-sa-asaftd-ravpn-auth-8LyfCkeC/csaf/cisco-sa-asaftd-ravpn-auth-8LyfCkeC.json',
'cves': ['CVE-2023-20269'],
'cvrfUrl': 'https://sec.cloudapps.cisco.com/security/center/contentxml/CiscoSecurityAdvisory/cisco-sa-asaftd-ravpn-auth-8LyfCkeC/cvrf/cisco-sa-asaftd-ravpn-auth-8LyfCkeC_cvrf.xml',
'cvssBaseScore': '5.0',
'cwe': ['CWE-288'],
'firstPublished': '2023-09-06T23:00:00',
'ipsSignatures': ['NA'],
'lastUpdated': '2023-09-12T01:21:34',

0 Helpful

Andrew K
Level 1
Level 1
In response to PR Oxman

‎09-25-2023 09:38 AM

Hi Oxman,

Unfortunately the date still appears as if it was last updated on the 12th.

I pulled this request today September 25th 2023.

---------------------------------------------------------

{'advisoryId': 'cisco-sa-asaftd-ravpn-auth-8LyfCkeC',

  'advisoryTitle': 'Cisco Adaptive Security Appliance Software and Firepower '

                   'Threat Defense Software Remote Access VPN Unauthorized '

                   'Access Vulnerability',

  'bugIDs': ['CSCwh23100', 'CSCwh45108'],

  'csafUrl': 'https://sec.cloudapps.cisco.com/security/center/contentjson/CiscoSecurityAdvisory/cisco-sa-asaftd-ravpn-auth-8LyfCkeC/csaf/cisco-sa-asaftd-ravpn-auth-8LyfCkeC.json',

  'cves': ['CVE-2023-20269'],

  'cvrfUrl': 'https://sec.cloudapps.cisco.com/security/center/contentxml/CiscoSecurityAdvisory/cisco-sa-asaftd-ravpn-auth-8LyfCkeC/cvrf/cisco-sa-asaftd-ravpn-auth-8LyfCkeC_cvrf.xml',

  'cvssBaseScore': '5.0',

  'cwe': ['CWE-288'],

  'firstPublished': '2023-09-06T23:00:00',

  'ipsSignatures': ['NA'],

  'lastUpdated': '2023-09-12T01:21:34',

---------------------------------------------------------

0 Helpful

marco.kitz
Level 1
Level 1

‎03-03-2023 01:35 AM

Hello PR Oxman,
today we found a further advisory ID 'cisco-sa-finesse-proxy-dos-vY5dQhrV' where we saw the same topic.
Regards
Marco

0 Helpful

PR Oxman
Cisco Employee
Cisco Employee
In response to marco.kitz

‎03-06-2023 06:58 PM

Hello Marco,

   That looks correct:

"firstPublished": "2023-03-01T16:00:00",
"lastUpdated": "2023-03-02T20:35:00",

What do you believe is the issue?

Thanks.

0 Helpful

marco.kitz
Level 1
Level 1
In response to PR Oxman

‎03-06-2023 09:41 PM

Hi PR Oxman,

when I send my first reply it looks like "firstPublished": "2023-03-02T00:00:00", "lastUpdated": "2023-03-02T00:00:00", but meanwhile it was corrected.

Regards
Marco

0 Helpful

Darren Parkinson
Level 5
Level 5

‎02-09-2024 02:05 AM

I've also experienced this issue several times. Again today. Logged it on github too: https://github.com/CiscoPSIRT/openVulnAPI/issues/94

0 Helpful

PR Oxman
Cisco Employee
Cisco Employee

‎02-11-2024 02:06 PM

Hello Darren,

   I will reply to your email to openvuln@cisco.com.  Be aware that https://github.com/CiscoPSIRT/openVulnAPI/issues is for issues in the OpenVulnQuery client, not the API data.

Thanks.

 

0 Helpful
Customers Also Viewed These Support Documents