Submit a ticketCall us

WebinarUpcoming Webinar: How Help Desk and Remote Support Pays for Itself

Learn how help desk software can simplify ticketing management, allow you to track hardware and software assets, and accelerate the speed of IT support and service delivery. Gain insights on how remote support tools allow your IT team to maximize their efficiency and ticket resolution by expediting desktop troubleshooting, ultimately helping keep end-users happy and productive.

Register here.

Home > Success Center > Network Configuration Manager (NCM) > NCM 7.8 Administrator Guide > Firmware vulnerability data

Firmware vulnerability data

Created by Caroline Juszczak, last modified by Anthony.Rinaldi_ret on Oct 03, 2016

Views: 960 Votes: 0 Revisions: 4

Updated: May 31, 2018

SolarWinds NCM helps identify risks to network security by detecting potential vulnerabilities in the following device types:

  • Cisco IOS
  • Cisco Adaptive Security Appliance (ASA)
  • Cisco Nexus
  • Juniper

NCM imports the firmware vulnerability warnings provided by National Institute of Standards and Technology (NIST), and correlates vulnerability data with nodes that it currently manages. If NCM finds a match, the Firmware Vulnerabilities resource on the Config Summary page displays information about the vulnerability and the number of affected nodes.

View firmware vulnerability details and update the remediation status

When a firmware vulnerability potentially affects one or more managed nodes, use the Vulnerability Summary page to get additional information and track the remediation status.

  1. Click My Dashboards > Configs > Config Summary.

    The Firmware Vulnerabilities widget lists vulnerabilities that could affect nodes managed by NCM.

    FirmwareVulnerabilitiesWidget.png

  2. Click a vulnerability's Entry ID.

    The Vulnerability Summary page displays a summary and the current state. You can click the URL to open the National Vulnerability Database web page for detailed information and links to related advisories and solutions.

  3. Optionally, add a comment to record findings, plans, or completed actions.
  4. Select the state that reflects the current remediation status:

    State Description
    Potential vulnerability The vulnerability has not yet been verified. (This is the default.)
    Confirmed vulnerability The vulnerability is confirmed but no remediation is planned.
    Not applicable The vulnerability does not apply to the selected nodes.
    Remediation planned Action to remediate the threat is planned but has not been taken.
    Remediated The vulnerability is confirmed and action to remediate the threat has been taken on the selected nodes.
    Waiver A waiver has been issued to exempt the selected nodes from remediation.
  5. Apply the selected state to all nodes, or select specific nodes.
  6. Click Submit.

View firmware vulnerability reports

Firmware vulnerability reports list vulnerabilities discovered in the last run of the vulnerability matching logic. That logic is based on data last downloaded from sources in Firmware Vulnerability Settings.

  1. Click Reports > All Reports.
  2. In the Group By list, select Report Category.
  3. Click the NCM Security category.
  4. Click the report name:
    • Nodes for each Vulnerability is organized by vulnerability. The associated nodes are listed below each vulnerability.
    • Vulnerabilities for each Node is organized by node. The associated vulnerabilities are listed below each node.
    • Vulnerabilities for each Node - <stageName> lists only the nodes and associated vulnerabilities in a specific remediation stage (for example, Confirmed or Remediation planned).

Each report includes the following information.

Field

Description

Caption/Entry ID

The Common Vulnerabilities and Exposures (CVE) identifier for a specific vulnerability.

IOS Version The operating system software versions to which the CVE pertains.
IOS Image The operating system software image to which the CVE pertains.
URL The location of the CVE on the NIST website from which NCM obtained vulnerability data.
CVSS V2 Base Score

A score that reflects the severity of the vulnerability. This score is calculated using the Common Vulnerability Scoring System (CVSS). Use this information to prioritize remediation activities.

Severity

The severity of the vulnerability based on the CVSS score:

  • Low (0-3.9)
  • Medium (4.0-6.9)
  • High (7.0-10.0)
State

The current status of remediation activities on the associated nodes.

Last State Change The date on which the State last changed for the associated nodes.

Troubleshoot firmware vulnerability reports

If a node is not listed with others of its type in a vulnerability announcement, check for errors in the Vulnerability Log (${All Users Profile}\Application Data\SolarWinds\Logs\Orion\NCM\VulnLib.log).

 

Last modified

Tags

Classifications

Public