{
  "openapi": "3.1.0",
  "info": {
    "title": "Forward Networks: Vulnerability Analysis API",
    "summary": "Identify network devices potentially impacted by CVEs",
    "description": "Operating system and application-level\n[vulnerabilities](https://docs.fwd.app/latest/application/security/vulnerability/) are regularly discovered on all\nkinds of network devices.\n\nThe operations in this section can help network operators identify impacted devices and update them to mitigate\nthe vulnerabilities.",
    "contact": {
      "email": "support@forwardnetworks.com"
    },
    "license": {
      "name": "MIT",
      "url": "https://spdx.org/licenses/MIT"
    },
    "version": "${apiVersion}"
  },
  "servers": [
    {
      "url": "/api"
    }
  ],
  "security": [
    {
      "api_token": []
    }
  ],
  "tags": [
    {
      "name": "Vulnerability Analysis",
      "description": "Identify network devices potentially impacted by CVEs"
    }
  ],
  "paths": {
    "/networks/{networkId}/vulnerabilities": {
      "get": {
        "tags": [
          "Vulnerability Analysis"
        ],
        "summary": "Get full vulnerability analysis",
        "description": "Get the CVEs that may impact devices in the network.\n\nEach OsVulnerability corresponds to a distinct CVE-OS combination that could possibly impact devices in the\nnetwork. An OsVulnerability includes basic CVE information, an affected OS, the affected versions of that OS,\nand a vulnerability detection result for each possibly impacted device.\n\nThis operation’s response can get quite large for large networks. Paging is supported via the `limit` and\n`offset` parameters.",
        "operationId": "getOsVulnerabilities",
        "parameters": [
          {
            "name": "networkId",
            "in": "path",
            "required": true,
            "schema": {
              "type": "string"
            }
          },
          {
            "$ref": "#/components/parameters/SnapshotId"
          },
          {
            "name": "offset",
            "in": "query",
            "description": "An optional number of vulnerabilities to skip. Useful for paging. Defaults to 0.",
            "schema": {
              "type": "integer",
              "format": "int32"
            }
          },
          {
            "name": "limit",
            "in": "query",
            "description": "An optional maximum number of vulnerabilities desired. Useful for paging. Defaults to 1000.",
            "schema": {
              "type": "integer",
              "format": "int32"
            }
          }
        ],
        "responses": {
          "200": {
            "description": "OK",
            "content": {
              "application/json": {
                "schema": {
                  "$ref": "#/components/schemas/OsVulnerabilityAnalysis"
                }
              }
            }
          },
          "409": {
            "description": "The system is currently processing this Snapshot.\n\nNote: GET /networks/{networkId}/snapshots/latestProcessed can be used to determine when processing of the\nlatest Snapshot is done or to identify an alternate Snapshot that has already been processed.",
            "content": {
              "application/json": {
                "schema": {
                  "$ref": "#/components/schemas/ErrorInfo"
                }
              }
            }
          }
        }
      }
    },
    "/networks/{networkId}/vulnerabilities?v=2": {
      "get": {
        "tags": [
          "Vulnerability Analysis"
        ],
        "summary": "Get vulnerabilities",
        "description": "Get the CVEs that may impact devices in the network.\n\nEach Vulnerability object includes basic CVE information, the CVE’s affected OSes and versions, and a\nsummary of vulnerability detection results for possibly impacted devices.",
        "operationId": "getVulnerabilities",
        "parameters": [
          {
            "name": "networkId",
            "in": "path",
            "required": true,
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "internetAddressable",
            "in": "query",
            "description": "Whether to limit the analysis to internet-addressable devices. Defaults to false.",
            "schema": {
              "type": "boolean"
            }
          },
          {
            "name": "location",
            "in": "query",
            "description": "The IDs of the locations to include in the analysis. Defaults to all locations.",
            "schema": {
              "type": "array",
              "items": {
                "type": "string"
              }
            }
          },
          {
            "name": "tag",
            "in": "query",
            "description": "Device tags used to limit the scope of the analysis. A device must have at least one of these\ntags to be included.",
            "schema": {
              "type": "array",
              "items": {
                "type": "string"
              }
            }
          },
          {
            "$ref": "#/components/parameters/SnapshotId"
          }
        ],
        "responses": {
          "200": {
            "description": "OK",
            "content": {
              "application/json": {
                "schema": {
                  "$ref": "#/components/schemas/VulnerabilityAnalysis"
                }
              }
            }
          },
          "409": {
            "description": "The system is currently processing this Snapshot.\n\nNote: GET /networks/{networkId}/snapshots/latestProcessed can be used to determine when processing of the\nlatest Snapshot is done or to identify an alternate Snapshot that has already been processed.",
            "content": {
              "application/json": {
                "schema": {
                  "$ref": "#/components/schemas/ErrorInfo"
                }
              }
            }
          }
        }
      }
    },
    "/networks/{networkId}/vulnerabilities/{cveId}": {
      "get": {
        "tags": [
          "Vulnerability Analysis"
        ],
        "summary": "Get a vulnerability",
        "description": "Get detailed information about a vulnerability that might impact devices in the network, including basic CVE\ninformation, affected OSes and versions, and a vulnerability detection result for each possibly impacted device.",
        "operationId": "getVulnerability",
        "parameters": [
          {
            "name": "networkId",
            "in": "path",
            "required": true,
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "cveId",
            "in": "path",
            "description": "A CVE ID from the\n[Get vulnerabilities](https://docs.fwd.app/latest/api/vulnerability-analysis/get-vulnerabilities/) response.",
            "required": true,
            "schema": {
              "type": "string"
            }
          },
          {
            "$ref": "#/components/parameters/SnapshotId"
          }
        ],
        "responses": {
          "200": {
            "description": "OK",
            "content": {
              "application/json": {
                "schema": {
                  "$ref": "#/components/schemas/VulnerabilityWithDevices"
                }
              }
            }
          },
          "409": {
            "description": "The system is currently processing this Snapshot.\n\nNote: GET /networks/{networkId}/snapshots/latestProcessed can be used to determine when processing of the\nlatest Snapshot is done or to identify an alternate Snapshot that has already been processed.",
            "content": {
              "application/json": {
                "schema": {
                  "$ref": "#/components/schemas/ErrorInfo"
                }
              }
            }
          }
        }
      }
    }
  },
  "components": {
    "schemas": {
      "ErrorInfo": {
        "type": "object",
        "required": [
          "httpMethod",
          "apiUrl",
          "message"
        ],
        "properties": {
          "httpMethod": {
            "type": "string",
            "examples": [
              "GET"
            ],
            "enum": [
              "GET",
              "HEAD",
              "POST",
              "PUT",
              "PATCH",
              "DELETE"
            ]
          },
          "apiUrl": {
            "type": "string",
            "examples": [
              "/api/version"
            ]
          },
          "message": {
            "type": "string",
            "description": "A description of the error"
          },
          "reason": {
            "type": "string"
          }
        }
      },
      "OsVulnerabilityAnalysis": {
        "type": "object",
        "required": [
          "vulnerabilities",
          "offset",
          "total",
          "indexCreatedAt"
        ],
        "properties": {
          "vulnerabilities": {
            "type": "array",
            "items": {
              "$ref": "#/components/schemas/OsVulnerability"
            }
          },
          "offset": {
            "type": "integer",
            "format": "int32",
            "description": "The number of vulnerabilities dropped from the front of `vulnerabilities` due to paging.",
            "examples": [
              200
            ]
          },
          "total": {
            "type": "integer",
            "format": "int32",
            "description": "The total number of vulnerabilities available in the analysis. This number can be larger than `offset` plus\nthe length of `vulnerabilities` if some have been dropped from the back of `vulnerabilities` due to paging.",
            "examples": [
              1234
            ]
          },
          "indexCreatedAt": {
            "type": "string",
            "description": "When the CVE index used for analysis was created (epoch milliseconds)",
            "examples": [
              "2025-06-01T12:34:56.789Z"
            ]
          },
          "indexUploadedAt": {
            "type": "string",
            "description": "When the CVE index used for analysis was uploaded to the server (epoch milliseconds)",
            "examples": [
              "2025-06-03T04:05:06.007Z"
            ]
          },
          "indexUploadedBy": {
            "type": "string",
            "description": "The id of the `User` who uploaded the CVE index used for analysis",
            "examples": [
              "345"
            ]
          }
        }
      },
      "VulnerabilityAnalysis": {
        "type": "object",
        "properties": {
          "vulnerabilities": {
            "type": "array",
            "items": {
              "$ref": "#/components/schemas/Vulnerability"
            },
            "description": "Information about the CVEs that might impact devices in the network."
          },
          "indexCreatedAt": {
            "type": "string",
            "description": "When the CVE index used for analysis was created.",
            "examples": [
              "2025-06-01T12:34:56.789Z"
            ]
          },
          "indexUploadedAt": {
            "type": "string",
            "description": "When the CVE index used for analysis was uploaded to the server.",
            "examples": [
              "2025-06-03T04:05:06.007Z"
            ]
          },
          "indexUploadedBy": {
            "type": "string",
            "description": "The username of the User who uploaded the CVE index used for analysis, if known. Absent if the user account has\nbeen deleted.",
            "examples": [
              "me@example.com"
            ]
          },
          "indexUploadedById": {
            "type": "string",
            "description": "The ID of the User who uploaded the CVE index used for analysis.",
            "examples": [
              "345"
            ]
          }
        }
      },
      "VulnerabilityWithDevices": {
        "allOf": [
          {
            "$ref": "#/components/schemas/CveInfo"
          },
          {
            "type": "object",
            "properties": {
              "osInfos": {
                "type": "array",
                "items": {
                  "$ref": "#/components/schemas/CveOsInfoWithDevices"
                },
                "description": "OS-specific information about this CVE. Includes a detection result for each device running an affected\noperating system version."
              }
            }
          }
        ]
      },
      "VulnerabilityVendor": {
        "type": "string",
        "enum": [
          "CISCO",
          "JUNIPER",
          "ARISTA",
          "PICA8",
          "F5",
          "A10",
          "CHECKPOINT",
          "HP",
          "FORTINET",
          "PALO_ALTO_NETWORKS",
          "VMWARE",
          "CITRIX",
          "CUMULUS",
          "RIVERBED",
          "LINUX_GENERIC",
          "SYMANTEC",
          "AVI_NETWORKS",
          "AVAYA",
          "T128",
          "ARUBA",
          "VIASAT",
          "SILVER_PEAK",
          "PENSANDO",
          "FORCEPOINT",
          "NOKIA",
          "VERSA",
          "BROCADE",
          "EXTREME",
          "DELL",
          "HUAWEI",
          "GD",
          "EDGE_CORE"
        ]
      },
      "VulnerabilityVendorOs": {
        "type": "string",
        "enum": [
          "arista_eos",
          "avi_vantage",
          "bluecoat",
          "cisco_ios",
          "cisco_ios_xe",
          "cisco_ios_xr",
          "cisco_nxos",
          "cisco_asa",
          "cisco_ftd",
          "cisco_fxos",
          "cisco_nxos_aci",
          "cisco_apic",
          "cisco_sg",
          "cisco_wireless",
          "viptela",
          "juniper_junos",
          "juniper_srx",
          "juniper_netscreen",
          "linux_ovs_ofctl",
          "pica8_ovs_ofctl",
          "f5",
          "f5_os_hypervisor",
          "a10_acos",
          "checkpoint",
          "hp_provision",
          "hp_comware",
          "fortinet",
          "pan_os",
          "esxi",
          "citrix_netscaler",
          "cumulus",
          "riverbed_steelhead",
          "riverbed_interceptor",
          "128t",
          "aruba_switch",
          "aruba_aos_cx",
          "aruba_wifi_controller",
          "silver_peak_edgeconnect",
          "pensando",
          "cloud_genix",
          "forcepoint",
          "avaya_sr",
          "avaya_ers",
          "viasat_encryptor",
          "nokia",
          "huawei_switch",
          "versa_sase",
          "versa_switch",
          "brocade_switch",
          "cisco_encs_nfv",
          "extreme_nos",
          "meraki_ms",
          "meraki_mr",
          "meraki_mx",
          "mist_ap",
          "dell_os6",
          "dell_os9",
          "dell_os10",
          "dell_sonic",
          "gd_encryptor",
          "edge_core_sonic"
        ]
      },
      "LineRange": {
        "type": "object",
        "properties": {
          "start": {
            "type": "integer",
            "format": "int32",
            "description": "The 0-based index of the first line in the range.",
            "examples": [
              23
            ]
          },
          "end": {
            "type": "integer",
            "format": "int32",
            "description": "The 0-based index of the last line in the range (inclusive).",
            "examples": [
              27
            ]
          }
        }
      },
      "VulnerabilityDetectionResult": {
        "type": "object",
        "required": [
          "device",
          "vulnerable"
        ],
        "properties": {
          "device": {
            "type": "string",
            "examples": [
              "dev01"
            ]
          },
          "vulnerable": {
            "type": "boolean",
            "description": "Absent if an error prevented analysis from completing",
            "examples": [
              false
            ]
          },
          "fileLines": {
            "type": "object",
            "additionalProperties": {
              "type": "array",
              "items": {
                "$ref": "#/components/schemas/LineRange"
              }
            },
            "description": "Relevant source file lines for the device and CVE",
            "examples": [
              {
                "dev01,configuration.txt": [
                  {
                    "start": 117,
                    "end": 119
                  }
                ]
              }
            ]
          }
        }
      },
      "OsVulnerability": {
        "type": "object",
        "required": [
          "id",
          "severity",
          "vendor",
          "os",
          "osVersions",
          "dependsOnConfig",
          "detectionMethod"
        ],
        "properties": {
          "id": {
            "type": "string",
            "description": "The Common Vulnerabilities and Exposures ([CVE](https://www.cve.org)) ID assigned to this vulnerability in\nthe National Vulnerability Database ([NVD](https://nvd.nist.gov))",
            "examples": [
              "CVE-2019-0201"
            ]
          },
          "description": {
            "type": "string",
            "examples": [
              "An issue is present in Apache ZooKeeper 1.0.0 to 3.4.13 and 3.5.0-alpha to 3.5.4-beta. ZooKeeper’s getACL()\ncommand…"
            ]
          },
          "severity": {
            "type": "string",
            "examples": [
              "MEDIUM"
            ],
            "enum": [
              "NONE",
              "LOW",
              "MEDIUM",
              "HIGH",
              "CRITICAL"
            ]
          },
          "url": {
            "type": "string",
            "description": "URL of this vulnerability’s vendor advisory, if available, or else the URL of the best source of information\nabout the vulnerability that’s currently available",
            "examples": [
              "https://www.a10networks.com/blog/cve-2016-0270-gcm-nonce-vulnerability"
            ]
          },
          "publishedDate": {
            "type": "string",
            "examples": [
              "2023-12-31"
            ]
          },
          "v2Score": {
            "type": "number",
            "format": "double",
            "description": "Score assigned by the Common Vulnerability Scoring System ([CVSS](https://nvd.nist.gov/vuln-metrics/cvss))\nv2.0 standard",
            "examples": [
              6.1
            ]
          },
          "v3Score": {
            "type": "number",
            "format": "double",
            "description": "Score assigned by the Common Vulnerability Scoring System ([CVSS](https://nvd.nist.gov/vuln-metrics/cvss))\nv3.x standard",
            "examples": [
              9.8
            ]
          },
          "v4Score": {
            "type": "number",
            "format": "double",
            "description": "Score assigned by the Common Vulnerability Scoring System\n([CVSS](https://www.first.org/cvss/v4.0/specification-document)) v4.0 standard",
            "examples": [
              8.4
            ]
          },
          "knownExploitSource": {
            "type": "string",
            "description": "`CISA` if the vulnerability is in the Cybersecurity and Infrastructure Security Agency’s Known Exploited\nVulnerabilities ([KEV](https://www.cisa.gov/known-exploited-vulnerabilities-catalog)) catalog. `VENDOR` if\nthe vendor advisory (the page at `url`) indicates that the vulnerability has a known exploit. Absent\notherwise.",
            "examples": [
              "CISA"
            ],
            "enum": [
              "CISA",
              "VENDOR"
            ]
          },
          "weaknesses": {
            "type": "array",
            "items": {
              "type": "string"
            },
            "description": "Common Weakness Enumeration ([CWE](https://cwe.mitre.org/about/new_to_cwe.html)) IDs associated with this\nCVE",
            "examples": [
              [
                "CWE-123"
              ]
            ]
          },
          "vendor": {
            "$ref": "#/components/schemas/VulnerabilityVendor",
            "examples": [
              "ARISTA"
            ]
          },
          "os": {
            "$ref": "#/components/schemas/VulnerabilityVendorOs",
            "examples": [
              "arista_eos"
            ]
          },
          "osVersions": {
            "type": "array",
            "items": {
              "type": "string"
            },
            "examples": [
              [
                "4.15.0F"
              ]
            ]
          },
          "dependsOnConfig": {
            "type": "boolean",
            "description": "Whether the CVE depends on configuration for this OS. Null if unknown.",
            "examples": [
              true
            ]
          },
          "detectionMethod": {
            "type": "string",
            "description": "How the set of possibly matching devices was constructed. `CONFIG` means that the analysis was more thorough\nthan using just the OS version. The `CONFIG` method yields fewer false positives.",
            "examples": [
              "OS_VERSION"
            ],
            "enum": [
              "OS_VERSION",
              "CONFIG"
            ]
          },
          "devices": {
            "type": "array",
            "items": {
              "type": "string"
            },
            "description": "Possibly impacted devices. Present when `detectionMethod` is \"OS_VERSION\".",
            "examples": [
              [
                "dev01",
                "dev02"
              ]
            ]
          },
          "deviceResults": {
            "type": "array",
            "items": {
              "$ref": "#/components/schemas/VulnerabilityDetectionResult"
            },
            "description": "Results of device configuration analysis for this vulnerability. Present when `detectionMethod`\nis \"CONFIG\"."
          }
        }
      },
      "CveInfo": {
        "type": "object",
        "properties": {
          "id": {
            "type": "string",
            "description": "The Common Vulnerabilities and Exposures ([CVE](https://www.cve.org)) ID assigned to this vulnerability in\nthe National Vulnerability Database ([NVD](https://nvd.nist.gov)).",
            "examples": [
              "CVE-2019-0201"
            ]
          },
          "description": {
            "type": "string",
            "description": "This vulnerability’s description in the [NVD](https://nvd.nist.gov).",
            "examples": [
              "An issue is present in Apache ZooKeeper 1.0.0 to 3.4.13 and 3.5.0-alpha to 3.5.4-beta. ZooKeeper’s getACL()\ncommand…"
            ]
          },
          "hasCisaKevEntry": {
            "type": "boolean",
            "description": "Whether CISA’s [KEV Catalog](https://www.cisa.gov/known-exploited-vulnerabilities-catalog) mentions a known\nexploit for this CVE."
          },
          "weaknesses": {
            "type": "array",
            "items": {
              "type": "string"
            },
            "description": "Common Weakness Enumeration ([CWE](https://cwe.mitre.org/about/new_to_cwe.html)) IDs associated with this\nCVE.",
            "examples": [
              [
                "CWE-345",
                "CWE-765"
              ]
            ]
          }
        }
      },
      "Vendor": {
        "type": "string",
        "enum": [
          "UNKNOWN",
          "CISCO",
          "JUNIPER",
          "ARISTA",
          "PICA8",
          "F5",
          "A10",
          "CHECKPOINT",
          "HP",
          "FORTINET",
          "PALO_ALTO_NETWORKS",
          "VMWARE",
          "CITRIX",
          "CUMULUS",
          "RIVERBED",
          "LINUX_GENERIC",
          "AMAZON",
          "SYMANTEC",
          "AVI_NETWORKS",
          "MICROSOFT",
          "GOOGLE",
          "IBM",
          "AVAYA",
          "T128",
          "ARUBA",
          "VIASAT",
          "SILVER_PEAK",
          "PENSANDO",
          "FORCEPOINT",
          "BLUECAT",
          "NOKIA",
          "VERSA",
          "BROCADE",
          "EXTREME",
          "DELL",
          "HUAWEI",
          "GD",
          "ALKIRA",
          "EDGE_CORE",
          "FORWARD_CUSTOM"
        ]
      },
      "VendorOs": {
        "type": "string",
        "enum": [
          "unknown",
          "circuit",
          "l2_vpn_service",
          "missing_peer",
          "mpls_vpn_service",
          "internet_service",
          "intranet_service",
          "encryptor",
          "alkira_portal",
          "arista_eos",
          "avi_vantage",
          "bluecoat",
          "cisco_ios",
          "cisco_ios_xe",
          "cisco_ios_xr",
          "cisco_nxos",
          "cisco_asa",
          "cisco_ftd",
          "cisco_fxos",
          "cisco_nxos_aci",
          "cisco_apic",
          "cisco_sg",
          "cisco_wireless",
          "viptela",
          "juniper_junos",
          "juniper_srx",
          "juniper_netscreen",
          "linux_ovs_ofctl",
          "pica8_ovs_ofctl",
          "f5",
          "f5_os_hypervisor",
          "a10_acos",
          "checkpoint",
          "hp_provision",
          "hp_comware",
          "fortinet",
          "pan_os",
          "esxi",
          "citrix_netscaler",
          "cumulus",
          "riverbed_steelhead",
          "riverbed_interceptor",
          "128t",
          "aruba_switch",
          "aruba_aos_cx",
          "aruba_wifi_controller",
          "silver_peak_edgeconnect",
          "pensando",
          "cloud_genix",
          "forcepoint",
          "aws_cloud",
          "aws_subnet",
          "aws_rt",
          "aws_internet_gw",
          "aws_nat_gw",
          "aws_vpn_gw",
          "aws_direct_connect_gw",
          "aws_lb",
          "aws_global_accelerator",
          "aws_transit_gw",
          "aws_local_gw",
          "aws_network_firewall",
          "aws_gateway_lb",
          "aws_service_endpoint",
          "azure_cloud",
          "azure_subnet",
          "azure_vnet",
          "azure_vnet_gw",
          "azure_firewall",
          "azure_app_gw",
          "azure_frontdoor",
          "azure_lb",
          "azure_vwan_hub",
          "azure_vpn_gateway",
          "azure_p2s_vpn_gateway",
          "azure_express_route_gateway",
          "azure_virtual_appliance",
          "azure_express_route_circuit",
          "google_cloud",
          "gcp_rt",
          "gcp_subnet",
          "gcp_lb",
          "gcp_traffic_director",
          "gcp_vpn_gw",
          "gcp_nat_gw",
          "gcp_service_attachment",
          "avaya_sr",
          "avaya_ers",
          "viasat_encryptor",
          "nokia",
          "huawei_switch",
          "versa_sase",
          "versa_switch",
          "brocade_switch",
          "cisco_encs_nfv",
          "extreme_nos",
          "meraki_ms",
          "meraki_mr",
          "meraki_mx",
          "mist_ap",
          "dell_os6",
          "dell_os9",
          "dell_os10",
          "dell_sonic",
          "gd_encryptor",
          "edge_core_sonic"
        ]
      },
      "CveOsInfo": {
        "type": "object",
        "properties": {
          "vendor": {
            "$ref": "#/components/schemas/Vendor"
          },
          "os": {
            "$ref": "#/components/schemas/VendorOs"
          },
          "severity": {
            "type": "string",
            "description": "Severity based on one of this vulnerability’s CVSS scores according to the [Qualitative Severity\nRatings](https://nvd.nist.gov/vuln-metrics/cvss#:~:text=Qualitative%20Severity%20Ratings) table. The priority\norder of scores is `v4Score`, then `v3Score`, then `v2Score`. \"NONE\" if no CVSS score is available for this\nvulnerability.",
            "enum": [
              "NONE",
              "LOW",
              "MEDIUM",
              "HIGH",
              "CRITICAL"
            ]
          },
          "v2Score": {
            "type": "number",
            "format": "double",
            "description": "Score assigned by the Common Vulnerability Scoring System ([CVSS](https://nvd.nist.gov/vuln-metrics/cvss))\nv2.0 standard.",
            "examples": [
              6.1
            ]
          },
          "v3Score": {
            "type": "number",
            "format": "double",
            "description": "Score assigned by the Common Vulnerability Scoring System ([CVSS](https://nvd.nist.gov/vuln-metrics/cvss))\nv3.x standard.",
            "examples": [
              9.8
            ]
          },
          "v4Score": {
            "type": "number",
            "format": "double",
            "description": "Score assigned by the Common Vulnerability Scoring System\n([CVSS](https://www.first.org/cvss/v4.0/specification-document)) v4.0 standard.",
            "examples": [
              8.4
            ]
          },
          "url": {
            "type": "string",
            "description": "URL of this vulnerability’s vendor advisory, if available, or else the URL of the best source of information\nabout the vulnerability that’s currently available.",
            "examples": [
              "https://www.a10networks.com/blog/cve-2016-0270-gcm-nonce-vulnerability"
            ]
          },
          "publishDate": {
            "type": "string",
            "description": "Publication date of the information at `url` if known.",
            "examples": [
              "2023-12-31"
            ]
          },
          "advisoryMentionsExploit": {
            "type": "boolean",
            "description": "Whether the vendor advisory at `url` says there’s a known exploit. Included only if true."
          },
          "configDependent": {
            "type": "boolean",
            "description": "Whether this vulnerability depends on a device’s configuration for this OS. Absent if unknown."
          },
          "configAnalysis": {
            "type": "string",
            "description": "Present and can be any allowed value if `configDependent` is true. Absent if `configDependent` is false.\nCan be either \"UNSUPPORTED\" or absent if `configDependent` is absent (unknown).",
            "enum": [
              "UNSUPPORTED",
              "IN_PROGRESS",
              "SUPPORTED"
            ]
          }
        }
      },
      "DetectionResult": {
        "type": "string",
        "enum": [
          "VULNERABLE",
          "OS_VULNERABLE",
          "UNIMPLEMENTED",
          "UNCONFIRMED",
          "NOT_VULNERABLE"
        ]
      },
      "DetectionResultDeviceCount": {
        "type": "object",
        "properties": {
          "result": {
            "$ref": "#/components/schemas/DetectionResult",
            "examples": [
              "VULNERABLE"
            ]
          },
          "deviceCount": {
            "type": "integer",
            "format": "int32",
            "examples": [
              80
            ]
          }
        }
      },
      "CveOsInfoWithDeviceCounts": {
        "allOf": [
          {
            "$ref": "#/components/schemas/CveOsInfo"
          },
          {
            "type": "object",
            "properties": {
              "osVersions": {
                "type": "array",
                "items": {
                  "type": "string"
                },
                "description": "The OS versions of the devices in the network that are potentially affected by this CVE.",
                "examples": [
                  [
                    "4.15.0F"
                  ]
                ]
              },
              "deviceCount": {
                "type": "integer",
                "format": "int32",
                "description": "Total number of devices in the network that are running an affected version of this OS and thus are\npotentially affected by this CVE.",
                "examples": [
                  200
                ]
              },
              "resultCounts": {
                "type": "array",
                "items": {
                  "$ref": "#/components/schemas/DetectionResultDeviceCount"
                },
                "description": "The number of devices in the network that are potentially affected by this CVE broken down by detection\nresult. These counts add up to `deviceCount`.",
                "examples": [
                  [
                    {
                      "result": "VULNERABLE",
                      "deviceCount": 80
                    },
                    {
                      "result": "NOT_VULNERABLE",
                      "deviceCount": 120
                    }
                  ]
                ]
              },
              "locationIds": {
                "type": "array",
                "items": {
                  "type": "string"
                },
                "description": "The IDs of the locations of the devices in the network that are potentially affected by this CVE.",
                "examples": [
                  [
                    "atl",
                    "nyc-b"
                  ]
                ]
              },
              "tags": {
                "type": "array",
                "items": {
                  "type": "string"
                },
                "description": "Tags associated with any devices in the network that are potentially affected by this CVE. Absent if the\ndevices have no tags.",
                "examples": [
                  [
                    "SEC"
                  ]
                ]
              }
            }
          }
        ]
      },
      "Vulnerability": {
        "allOf": [
          {
            "$ref": "#/components/schemas/CveInfo"
          },
          {
            "type": "object",
            "properties": {
              "osInfos": {
                "type": "array",
                "items": {
                  "$ref": "#/components/schemas/CveOsInfoWithDeviceCounts"
                },
                "description": "OS-specific information about this CVE. Includes a summary of analysis results for devices with each affected\noperating system."
              }
            }
          }
        ]
      },
      "VulnerabilityDevice": {
        "type": "object",
        "properties": {
          "name": {
            "type": "string",
            "description": "The name that uniquely identifies the device in the network. For most devices, this is the user-assigned\n[classic device](https://docs.fwd.app/latest/api/classic-devices/) name. For a virtual context, this is the\nclassic device name plus context name. For a cloud device, this is a globally unique identifier assigned by the\ncloud provider.",
            "examples": [
              "nyc-dc01-fw02"
            ]
          },
          "osVersion": {
            "type": "string",
            "description": "The device’s operating system version in the network Snapshot.",
            "examples": [
              "4.15.0F"
            ]
          },
          "model": {
            "type": "string",
            "description": "The device’s model name.",
            "examples": [
              "BIG-IP Virtual Edition"
            ]
          },
          "managementIps": {
            "type": "array",
            "items": {
              "type": "string"
            },
            "description": "The device’s management IP addresses.",
            "examples": [
              [
                "10.10.10.10"
              ]
            ]
          },
          "tags": {
            "type": "array",
            "items": {
              "type": "string"
            },
            "description": "Tags assigned to the device. Absent if the device has none.",
            "examples": [
              [
                "SEC"
              ]
            ]
          },
          "locationId": {
            "type": "string",
            "description": "The `id` of the device’s assigned [location](https://docs.fwd.app/latest/api/network-locations/).",
            "examples": [
              "nyc"
            ]
          },
          "internetAddressable": {
            "type": "boolean",
            "description": "Whether the device can receive internet traffic."
          },
          "status": {
            "type": "string",
            "description": "The device’s vulnerability status for the CVE.",
            "examples": [
              "VULNERABLE"
            ],
            "enum": [
              "VULNERABLE",
              "POTENTIALLY_VULNERABLE",
              "NOT_VULNERABLE"
            ]
          },
          "result": {
            "$ref": "#/components/schemas/DetectionResult",
            "description": "The device’s [detection result](https://docs.fwd.app/latest/application/security/vulnerability/#detection-results)\nfor the CVE.",
            "examples": [
              "VULNERABLE"
            ]
          },
          "fileRanges": {
            "type": "object",
            "additionalProperties": {
              "type": "array",
              "items": {
                "$ref": "#/components/schemas/LineRange"
              }
            },
            "description": "Relevant line ranges in the device’s configuration. Property names in this object are filenames. Use\n[Get device data file content](https://docs.fwd.app/latest/api/network-devices/get-device-file-content/) to\nobtain a referenced file.",
            "examples": [
              {
                "nyc-dc01-fw02,configuration.txt": [
                  {
                    "start": 286,
                    "end": 291
                  }
                ]
              }
            ]
          }
        }
      },
      "CveOsInfoWithDevices": {
        "allOf": [
          {
            "$ref": "#/components/schemas/CveOsInfo"
          },
          {
            "type": "object",
            "properties": {
              "description": {
                "type": "string",
                "description": "The CVE description published at `url`.",
                "examples": [
                  "Back in February we were contacted by Hanno Böck who had discovered an issue with how certain..."
                ]
              },
              "devices": {
                "type": "array",
                "items": {
                  "$ref": "#/components/schemas/VulnerabilityDevice"
                },
                "description": "Devices in the network that are running an affected version of this OS and thus are potentially affected by\nthis CVE. A detection result is included for each device. Relevant lines of device configuration are\nincluded for each device as well when possible."
              }
            }
          }
        ]
      }
    },
    "parameters": {
      "SnapshotId": {
        "name": "snapshotId",
        "in": "query",
        "description": "An optional Snapshot id. If omitted, the network’s latest processed Snapshot is used.",
        "schema": {
          "type": "string"
        }
      }
    },
    "securitySchemes": {
      "api_token": {
        "type": "http",
        "scheme": "basic"
      }
    }
  }
}