View firmware vulnerability data
NCM helps identify risks to network security by detecting potential vulnerabilities in the following device types:
-
Cisco IOS
NCM 2023.2 and later versions detect vulnerabilities in Cisco IOS XE and IOS XR devices. Earlier versions of NCM do not.
- Cisco Adaptive Security Appliance (ASA)
- Cisco Nexus
- Juniper
NCM imports the firmware vulnerability warnings provided by National Institute of Standards and Technology (NIST), and correlates vulnerability data with nodes that it currently manages. If NCM finds a match, the
The firmware vulnerability feature is enabled by default. If necessary, you can enable or disable this feature or change other default settings.
- If you are on a closed network, you can manually import vulnerability data.
- If you have High Availability (HA) backup servers, make sure that your HA servers have complete firmware vulnerability data.
View firmware vulnerability details and update the remediation status
When a firmware vulnerability potentially affects one or more managed nodes, use the Vulnerability Summary page to get additional information and track the remediation status.
-
Click My Dashboards > Network Configuration > Config Summary.
-
If you are using the classic Config Summary dashboard, the Firmware Vulnerabilities widget lists vulnerabilities that could affect nodes managed by NCM. Click a vulnerability's Entry ID to open the Vulnerability Summary page.
-
If you are using the new Config Summary dashboard (available in NCM 2022.3 and later), the Firmware Vulnerabilities widget shows how many nodes managed by NCM could be affected by vulnerabilities of each severity.
-
Click any severity to open the Vulnerabilities for each Node report, which lists the vulnerabilities that could affect each node.
-
Click a vulnerability's Entry ID to open the Vulnerability Summary page.
-
The Vulnerability Summary page displays a summary and the current state. You can click the URL to open the National Vulnerability Database web page for detailed information and links to related advisories and solutions.
-
- Optionally, add a comment to record findings, plans, or completed actions.
-
Select the state that reflects the current remediation status:
State Description Potential vulnerability The vulnerability has not yet been verified. (This is the default.) Confirmed vulnerability The vulnerability is confirmed but no remediation is planned. Not applicable The vulnerability does not apply to the selected nodes. Remediation planned Action to remediate the threat is planned but has not been taken. Remediated The vulnerability is confirmed and action to remediate the threat has been taken on the selected nodes. Waiver A waiver has been issued to exempt the selected nodes from remediation. - Apply the selected state to all nodes, or select specific nodes.
- Click Submit.
View firmware vulnerability reports
Firmware vulnerability reports list vulnerabilities discovered in the last run of the vulnerability matching logic. That logic is based on data last downloaded from sources in Firmware Vulnerability Settings.
- Click Reports > All Reports.
- In the Group By list, select Report Category.
- Click the NCM Security category.
- Click the report name:
Nodes for each Vulnerability is organized by vulnerability. The associated nodes are listed below each vulnerability.
Vulnerabilities for each Node is organized by node. The associated vulnerabilities are listed below each node.
Vulnerabilities for each Node - <stageName> lists only the nodes and associated vulnerabilities in a specific remediation stage (for example, Confirmed or Remediation planned).
Each report includes the following information.
Field |
Description |
---|---|
Caption/Entry ID |
The Common Vulnerabilities and Exposures (CVE) identifier for a specific vulnerability. |
IOS Version | The operating system software versions to which the CVE pertains. |
IOS Image | The operating system software image to which the CVE pertains. |
URL | The location of the CVE on the NIST website from which NCM obtained vulnerability data. |
CVSS V2 Base Score |
A score that reflects the severity of the vulnerability. This score is calculated using the Common Vulnerability Scoring System (CVSS). Use this information to prioritize remediation activities. |
Severity |
The severity of the vulnerability based on the CVSS scores. The CVSSv2 score includes three categories:
The CVSSv3 score includes five categories:
|
State |
The current status of remediation activities on the associated nodes. |
Last State Change | The date on which the State last changed for the associated nodes. |
Troubleshoot firmware vulnerability reports
If a node is not listed with others of its type in a vulnerability announcement, check for errors in the Vulnerability Log (${All Users Profile}\Application Data\SolarWinds\Logs\Orion\NCM\VulnLib.log
).