Submit a ticketCall us

AnnouncementsChange Is Inevitable

Get valuable help when it comes to tracking and monitoring changes. SolarWinds® Server Configuration Monitor (SCM) is designed to help you: detect, track, and receive alerts when changes occur, correlate system performance against configuration changes, compare server and application configuration against custom baselines, and verify application and system changes.

Learn more.

Home > Success Center > Network Configuration Manager (NCM) > NCM Documentation > NCM 7.8 Administrator Guide > Firmware vulnerability data

Firmware vulnerability data

Updated: September 25, 2018

SolarWinds NCM helps identify risks to network security by detecting potential vulnerabilities in the following device types:

  • Cisco IOS
  • Cisco Adaptive Security Appliance (ASA)
  • Cisco Nexus
  • Juniper

NCM imports the firmware vulnerability warnings provided by National Institute of Standards and Technology (NIST), and correlates vulnerability data with nodes that it currently manages. If NCM finds a match, the Firmware Vulnerabilities resource on the Config Summary page displays information about the vulnerability and the number of affected nodes.

View firmware vulnerability details and update the remediation status

When a firmware vulnerability potentially affects one or more managed nodes, use the Vulnerability Summary page to get additional information and track the remediation status.

  1. Click My Dashboards > Configs > Config Summary.

    The Firmware Vulnerabilities widget lists vulnerabilities that could affect nodes managed by NCM.

    FirmwareVulnerabilitiesWidget.png

  2. Click a vulnerability's Entry ID.

    The Vulnerability Summary page displays a summary and the current state. You can click the URL to open the National Vulnerability Database web page for detailed information and links to related advisories and solutions.

  3. Optionally, add a comment to record findings, plans, or completed actions.
  4. Select the state that reflects the current remediation status:

    State Description
    Potential vulnerability The vulnerability has not yet been verified. (This is the default.)
    Confirmed vulnerability The vulnerability is confirmed but no remediation is planned.
    Not applicable The vulnerability does not apply to the selected nodes.
    Remediation planned Action to remediate the threat is planned but has not been taken.
    Remediated The vulnerability is confirmed and action to remediate the threat has been taken on the selected nodes.
    Waiver A waiver has been issued to exempt the selected nodes from remediation.
  5. Apply the selected state to all nodes, or select specific nodes.
  6. Click Submit.

View firmware vulnerability reports

Firmware vulnerability reports list vulnerabilities discovered in the last run of the vulnerability matching logic. That logic is based on data last downloaded from sources in Firmware Vulnerability Settings.

  1. Click Reports > All Reports.
  2. In the Group By list, select Report Category.
  3. Click the NCM Security category.
  4. Click the report name:
    • Nodes for each Vulnerability is organized by vulnerability. The associated nodes are listed below each vulnerability.
    • Vulnerabilities for each Node is organized by node. The associated vulnerabilities are listed below each node.
    • Vulnerabilities for each Node - <stageName> lists only the nodes and associated vulnerabilities in a specific remediation stage (for example, Confirmed or Remediation planned).

Each report includes the following information.

Field

Description

Caption/Entry ID

The Common Vulnerabilities and Exposures (CVE) identifier for a specific vulnerability.

IOS Version The operating system software versions to which the CVE pertains.
IOS Image The operating system software image to which the CVE pertains.
URL The location of the CVE on the NIST website from which NCM obtained vulnerability data.
CVSS V2 Base Score

A score that reflects the severity of the vulnerability. This score is calculated using the Common Vulnerability Scoring System (CVSS). Use this information to prioritize remediation activities.

Severity

The severity of the vulnerability based on the CVSS score:

  • Low (0-3.9)
  • Medium (4.0-6.9)
  • High (7.0-10.0)
State

The current status of remediation activities on the associated nodes.

Last State Change The date on which the State last changed for the associated nodes.

Troubleshoot firmware vulnerability reports

If a node is not listed with others of its type in a vulnerability announcement, check for errors in the Vulnerability Log (${All Users Profile}\Application Data\SolarWinds\Logs\Orion\NCM\VulnLib.log).

 

Last modified

Tags

Classifications

Public