The Cisco Product Security Incident Response Team (PSIRT) openVuln API is a RESTful API that allows customers to obtain Cisco Security Vulnerability information in different machine-consumable formats. APIs are important for customers because they allow their technical staff and programmers to build tools that help them do their job more effectively (in this case, to keep up with security vulnerability information).

Data Supported

The Cisco PSIRT openVuln API can retrieve the Cisco advisory information in either .json or .xml format.

The advisory information can be queried by multiple identifiers; including advisory_id, CVE-ID, Cisco Bug ID, based on product type or software version or based on timeframes.

The Cisco PSIRT openVuln API integrates with "Cisco Software Checker" to support to searching for Cisco Security Advisories that apply to specific software releases of the following products: Cisco ASA, FMC, FTD, FXOS, IOS, IOS XE, NX-OS and NX-OS in ACI Mode.

All dates returned are in UTC format.

Additionally the data returned provide location data to retrieve the advisory in either CVRF or CSAF formats. Cisco recommends focusing on CSAF as CVRF will be phased out for Cisco advisories.

  • CSAF: Common Security Advisory Framework (CSAF) is a specification for structured machine-readable vulnerability-related advisories and further refine those standards over time. CSAF is the new name and replacement for the Common Vulnerability Reporting Framework (CVRF). Cisco will support CVRF until December 31, 2023. More information at: https://csaf.io