Solar Winds Security isn't reporting properly.

Rolfey83

So I'm coming to the community as the utterly useless Solar Winds support have not managed to answer even one single ticket I've raised to date, I've never seen support this bad for any product. 

Right......So I'm looking at my security dashboard in SW, it's showing me vulnerabilities along with the CVE against specific nodes I have that within the scope of the firmware that's affected. 

This is fine, but upon further inspection I can see that some nodes have newer firmware, and in fact outside the scope of firmware affected by this CVE, it looks like the the security or match isn't correctly identifying these nodes as having firmware that's beyond the version affected. 

Has anyone else seen this issue and found a possible fix?

mesverrum

SNMP is terrible about passing in firmware versions in a format that lines up cleanly with published CVE data. How are you doing your further inspection?  By connecting to the device and checking from in there or by looking at the description data that SW actually has access to?
I would expect it's probably a regex match that is a bit too broad or the snmp doesn't actually offer the full level of detail to know if you have applied a patch.

Maybe some specific examples of a device would be useful?