Telegram bot that allows to query cisco ios vulnerability publications through OpenVuln API.
Content
Dir structure of repo
~/bot-cisco-vulnerability(develop)$ tree -d
.
├── doc
└── src
├── ansible
|── config
└── services
5 directories
bot-cisco-vulnerability/src$ python app.pydocker-compose build
docker-compose up
A basic ansible module that enables to use ciscoApi class was developed in src/ansible/playbooks/library/cisco_api.py.
Example
tasks:
- name: Query cisco api
cisco_api:
os: "aci"
version: "11.0(2j)"
delegate_to: localhost
register: result
ignore_errors: yes
- name: Print result from api
debug:
msg: "{{result}}"Output
/bot-cisco-vulnerability/src/ansible/playbooks(ansible-module)$ ansible-playbook main.yaml
PLAY [Get cisco os vulnerabilities by version] *****************************************************************************************************************
TASK [Query cisco api] **************************************************************************************************************
ok: [localhost -> localhost]
TASK [Print result from api] ********************************************************************************************************
ok: [localhost] => {
"msg": {
"changed": false,
"failed": false,
"msg": "information collected successfully",
"output": [
{
"advisories": [
{
"advisoryId": "cisco-sa-20200226-fxos-nxos-cdp",
"advisoryTitle": "Cisco FXOS and NX-OS Software Cisco Discovery Protocol Arbitrary Code Execution and Denial of Service Vulnerability",
"bugIDs": [
"CSCux07556",
"CSCux58226",
"CSCvr31410",
"CSCvr37146",
"CSCvr37148",
"CSCvr37150",
"CSCvr37151"
],
...Query example:
curl -i -H "Authorization: Bearer I75ZaBzUYpALXHjHRmHfWC6ksdD5" -H "Accept: application/json" -H "Content-Type: application/json" "https://api.cisco.com/security/advisories/aci?version=11.2(2j)"
API JSON structure
{
"advisory_id": "cisco-sa-20180221-ucdm",
"advisory_title": "Cisco Unified Communications Domain Manager Remote Code Execution Vulnerability",
"bug_ids": [
"CSCuv67964",
"CSCvi10692"
],
"cves": [
"CVE-2018-0124"
],
"cvrf_url": "https://tools.cisco.com/security/center/contentxml/CiscoSecurityAdvisory/cisco-sa-20180221-ucdm/cvrf/cisco-sa-20180221-ucdm_cvrf.xml",
"cvss_base_score": "9.8",
"cwe": [
"CWE-320"
],
"first_published": "2018-02-21T16:00:00-0600",
"ips_signatures": [
"NA"
],
"last_updated": "2018-03-09T14:47:48-0600",
"product_names": [
"Cisco Unified Communications Domain Manager "
],
"publication_url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180221-ucdm",
"sir": "Critical",
"summary": "A vulnerability in Cisco Unified Communications Domain Manager could allow an unauthenticated, remote attacker to bypass security protections, gain elevated privileges, and execute arbitrary code.<br />\n<br />\nThe vulnerability is due to insecure key generation during application configuration. An attacker could exploit this vulnerability by using a known insecure key value to bypass security protections by sending arbitrary requests using the insecure key to a targeted application. An exploit could allow the attacker to execute arbitrary code.<br />\n<br />\nCisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. <br />\n<br />\nThis advisory is available at the following link:<br />\n<a href=\"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180221-ucdm\">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180221-ucdm</a>"
}