View firmware vulnerability and risk information in SolarWinds Observability Self-Hosted Advanced

Firmware vulnerabilities are a serious threat to network security. SolarWinds Observability Self-Hosted helps you mitigate the risk by identifying nodes that are potentially affected by known vulnerabilities. Firmware vulnerability data is imported from the National Vulnerability Database (NVD), which is maintained by the National Institute of Standards and Technology (NIST). SolarWinds Observability Self-Hosted then correlates this vulnerability data with nodes that it currently manages.

Device types
Get an overview of the risk from current firmware vulnerabilities
View additional information on detail pages
Change the state of a vulnerability on a node
View information about state changes

Device types

If you have a SolarWinds Observability Self-Hosted Advanced license, potential vulnerabilities are detected in the following device types:

Cisco IOS, Cisco IOS XE, IOS XR, Cisco Adaptive Security Appliance (ASA), and Cisco Nexus
Juniper
VMWare ESXi versions 6.0, 6.5, 6.7, 7.0, and 8.0
VMWare vCenter versions 6.0, 6.5, 6.7, 7.0, and 8.0
Linux: Ubuntu OS
HPE Aruba:
- AOS-CX switches OS version 15.xx.xxxx-16.xx.xxxx
- AOS-S switches OS version 10.xx.xxxx
- ArubaOS switches (SysObjectID starts with 1.3.6.1.4.1.14823.1.1)
Palo Alto firewall devices running on PAN-OS
Fortinet FortiGate nodes running on FortiOS
Windows

The firmware vulnerability feature is disabled by default. If necessary, you can enable or disable this feature or change other settings.

Get an overview of the risk from current firmware vulnerabilities

Use the Vulnerability and Risk Dashboard to find out how many nodes are currently threatened by potential vulnerabilities, how serious those vulnerabilities are, and the level of risk for your network.

To open the dashboard, click My Dashboards > Security > Vulnerability and Risk Dashboard.

The Vulnerability and Risk Dashboard displays the following widgets by default.

You can customize a dashboard to add widgets.

Node Count by Vulnerability widget

The Node Count by Vulnerability widget displays:

The total number of nodes matched to at least one CVE.
The number of nodes matched to a CVE with a critical severity score (9 or higher).
The number of nodes matched to a CVE with a high severity score (7 or higher but less than nine).

Vulnerability Count by Severity widget

The Vulnerability Count by Severity widget displays the total number of discovered CVEs in a system and a count of vulnerabilities by severity (Critical, High, Medium, Low, None).

Risk Score widget

The risk score is a visual indication of the level of risk for your network based on the number of CVEs for all nodes and the severity of each CVE.

Top 100 Vulnerabilities widget

The Top 100 Vulnerabilities widget lists CVEs with the highest severity scores that were detected on monitored nodes. It also shows the CVE severity score and the number of nodes it affects.

Vulnerability Count by OS widget

The Vulnerability Count by OS widget shows a bar graph that represents the number of CVEs found on nodes with each type of operating system.

All Nodes widget

The All Nodes widget lists all monitored nodes and displays the total number of CVEs found for a node and the number of CVEs by severity. Use the Search box at the top to find a specific node.

View additional information on detail pages

List of Nodes page

To open the List of Nodes page, click from any of these widgets:

Node Count by Vulnerability widget
Risk Score widget
All Nodes widget

This page provides information about each node, including a node health indicator, the risk score for the node, and the number of active CVEs by severity matched to the node.

To find a node:

In the left pane, apply filters to display a subset of the nodes.
Enter a string in the Search box above the table to show only nodes whose name, OS, or release includes that string.

List of Vulnerabilities page

To open the List of Vulnerabilities page, click from any of these widgets:

Vulnerability Count by Severity widget
Top 100 Vulnerabilities widget
Vulnerability Count by OS widget

Click a severity on the Vulnerability Count by Severity widget to open this page and automatically filter by that severity.

This page includes a row for each discovered vulnerability on every node it was matched to. The information includes severity and the current state of each vulnerability. You can change the state of one or more vulnerabilities.

To find a vulnerability:

In the left pane, apply filters to display a subset of the CVEs.
Enter a string in the Search box above the table to show only rows with that string in the CVE, Node, or OS column.

Click a CVE ID to open the Vulnerability Summary page. Click a node name to open the Node Details page.

Vulnerability Summary page

To open the Vulnerability Summary page, click the CVE ID on the Top 100 Vulnerabilities widget or the List of Vulnerabilities page.

This page displays detailed information about the selected CVE, with a link to the NVD vulnerability details page on the NIST website. It also lists the nodes that are potentially affected by this vulnerability, as well as the current state of each vulnerability. You can change the state of one or more vulnerabilities.

Change the state of a vulnerability on a node

Set the state of a firmware vulnerability on a node to track remediation efforts. You can also set the state to indicate that the vulnerability does not apply to that node.

Locate the vulnerabilities:
- Open the List of Vulnerabilities page, and apply filters or use the search bar to display only the rows whose state you want to change.
  
  For example, to update the state of CVE-2025-1234 on all Cisco devices:
  - Under OS, apply the Cisco filter.
  - Under Vulnerability, apply the CVE-2025-5678 filter.
- Open the Vulnerability Summary page to display a list of potentially affected nodes.
Select the checkbox in the left column for each row whose vulnerability state you want to change. To select all currently displayed rows, select the checkbox in the table header.

When one or more rows is selected, the Change State option is displayed above the table.
Click Change State.

The Change Node CVE States dialog opens.

Under State, select the state that reflects the current remediation status:

State	Description
Potential vulnerability	The vulnerability has not yet been verified. (This is the default.)
Confirmed vulnerability	The vulnerability is confirmed but no remediation is planned.
Not applicable	The vulnerability does not affect or cannot be exploited on the selected nodes.
Remediation planned	Action to remediate the threat is planned but has not been taken.
Remediated	The vulnerability is confirmed and action to remediate the threat has been taken on the selected nodes.
Waiver	A waiver has been issued to exempt the selected nodes from remediation.

Optionally, add a comment to record findings, plans, or completed actions.
Click Change.

View information about state changes

Click the value in the State column on the List of Vulnerabilities page or the Vulnerability Summary page to open the Change State Details dialog. This dialog displays the date and time of the most recent state change, as well as any comments.