I am using NCM to try to identify which of our devices are not on the latest version. Currently we have some older devices that are going to be replaced shortly, but they are generating way too many vulnerability warnings to sift through. Our main device is the newer 3650, and some ot the 2960X's among a few other things. How do I check on basis of device name which devices do not have the latest vulnerabilities without trying to sift through the entire CVE list trying to figure out which vulnerabilities apply to which device?
For example is there a way to query a list of only 3650 WS-C3650 that aren't the latest firmware version?