Manually download and add firmware vulnerability files
NCM ships with initial firmware vulnerability data. However, firmware vulnerability data is routinely updated to reflect new threats. To ensure that you have the latest data, NCM automatically downloads updated files based on the settings you specify.
If NCM cannot automatically download firmware vulnerability data (for example, because you are on a closed network), you can import vulnerability data files from the National Institute of Standards and Technology (NIST) and then manually add them to your NCM server. NCM will use the information in these files to search for vulnerabilities that could affect your devices.
If you have High Availability (HA) backup servers configured, perform this procedure on both your main polling engine and your HA backup servers.
- Download the following firmware vulnerability .zip files from NIST:
- Log in to your NCM server.
- Verify the location of the vulnerability announcements folder. (The default location is
- Click Settings > All Settings.
- Under Product Specific Settings, click NCM Settings.
- Under Advanced, click Firmware Vulnerability Settings.
- Under Vulnerability Data Import Settings, verify the location of the folder with vulnerability announcements JSON data.
- Extract the contents of the following
.zipfiles to the location verified above:
Extract the contents of the
nvdcpematch-1.0.json.zipfile to the
\CpeMatchsubdirectory in the location verified above. For example:
- Under Vulnerability Search Settings, click Run Now.