Submit a ticketCall us

Systems Monitoring for Dummies
Our new eBook will teach you the fundamentals and help you create monitors and alerts that are effective, meaningful, and actionable. Monitoring is more than a checkbox on your to-do list. This free eBook will give you practical advice to help you succeed in all aspects of monitoring – discovery, alerting, remediation, and troubleshooting. Don’t miss out on this indispensable resource for newbies, experienced IT pros, and everyone in between. Register Now.

Home > Success Center > Network Configuration Manager (NCM) > NCM 7.7 Administrator Guide > Firmware vulnerability data > View firmware vulnerability reports

View firmware vulnerability reports

Table of contents
No headers
Created by Caroline Juszczak, last modified by Anthony.Rinaldi_ret on Oct 03, 2016

Views: 188 Votes: 0 Revisions: 4
  1. Click Reports > All Reports.
  2. Use the Group By list to locate a report.
  3. Click the report.

The Orion platform includes eight reports on network device firmware vulnerabilities:

Report

Description

Nodes for Each Vulnerability

Lists all vulnerabilities and the corresponding nodes at risk.

Vulnerabilities for Each Node Lists nodes with their corresponding vulnerabilities.
Vulnerabilities for Each Node - Waiver Lists nodes with their corresponding vulnerabilities with a status of Waiver.
Vulnerabilities for Each Node - Remediation Planned Lists nodes with their corresponding vulnerabilities with a status of Remediation Planned.
Vulnerabilities for Each Node - Potential Lists nodes with their corresponding vulnerabilities with a status of Potential, meaning that the vulnerability has not yet been verified.
Vulnerabilities for Each Node - Not Applicable Lists nodes with their corresponding vulnerabilities with a status of Not Applicable, meaning that the vulnerability does not apply.
Vulnerabilities for Each Node - Confirmed Lists nodes with their corresponding vulnerabilities with a status of Confirmed, meaning that the vulnerability has been confirmed but no remediation is planned.
Vulnerabilities for Each Node - Remediated Lists nodes with their corresponding vulnerabilities with a status of Remediated, meaning that the vulnerability has been confirmed and then remediated.

These reports list vulnerabilities discovered in the last run of the vulnerability matching logic. That logic is based on data last downloaded from sources in Firmware Vulnerability Settings.

If a Cisco IOS or Cisco Adaptive Security Appliance device does not show up with others of its type in a vulnerability, check for errors in the Vulnerability Log (${All Users Profile}\Application Data\SolarWinds\Logs\Orion\NCM\VulnLib.log).

The difference between the Nodes for Each Vulnerability and Vulnerabilities reports is that CVEs are listed in the Caption and Entry ID columns, and the information is organized by vulnerabilities and nodes, respectively.

Report

Description

Caption/Entry ID

The Common Vulnerabilities and Exposures (CVE) identifier for a specific vulnerability being described.

CVE numbering authorities often provide identifiers for their own products.

IOS Version The operating system software version(s) to which the CVE pertains.
IOS Image The operating system software image to which the CVE pertains.
URL The location of the CVE on the NIST website from which NCM obtained vulnerability data.
CVSS V2 Base Score The Common Vulnerability Scoring System (CVSS) uses a set of metrics to determine the severity of a determined vulnerability. The metrics analyze and assign a value to these aspects related to exploiting a vulnerability: access required, access complexity, authentication requirement, confidentiality protection, integrity or imperviousness of data to change, and availability safeguards.
Severity A CVSS score determines the severity of a vulnerability as Low (0-3.9), Medium (4.0-6.9), or High (7.0-10.0).
State State to which this CVE has been set for one or more NCM-managed nodes.
Last State Change Date the state of the CVE last changed for one or more NCM-managed nodes.

 

Last modified

Tags

Classifications

Public