Open for Voting

FIRMWARE VULNERABILITY FOR All vendors

Hi

Why only vendors C or J ?

The links are to the same  vulnerability database that has all other...

Multivendors support is king for NCM

sja
Parents

  • I agree. We're starting to add APC UPSes to NCM, and we already have some Dell switches. I do see Schneider and Dell advisories in the feed.

    I don't find the NIST links provided by NCM to be useful - too much additional drilling needed to get to the relevant CIsco info. So I google the word "Cisco" plus the CVE number to get the Cisco link that I need to further decide how to address a given CVE. I notice that especially with earlier CVEs, there's not enough info in the NIST feed to assign proper device types. So if a device has ANY version of IOS, it gets flagged.

    The CVSS V2 XML feed that NCM uses does provide the CIsco URL for the CVE, but, NCM does not use that field, probably due to complexity.

    In the CVSS V2 feed, there are one or more references beginning at vuln:references. Each has a vuln:source (vendor name) and a vuln:reference URL. NCM could check the vuln:source (vendor name), and try to match things, but I suspect there could be multiple vuln:reference URLs for a single vendor, so it's complex.;

    There is also a CVSS V3 XML feed available from NIST, and both that and the V2 feed are being replaced by a Json feed.

    NVD - Data Feeds

    Cisco now provides CVSS V3 Base scores by default. The V2 and V3 Base scores are almost always the same, but they don't have to be.

Comment

  • I agree. We're starting to add APC UPSes to NCM, and we already have some Dell switches. I do see Schneider and Dell advisories in the feed.

    I don't find the NIST links provided by NCM to be useful - too much additional drilling needed to get to the relevant CIsco info. So I google the word "Cisco" plus the CVE number to get the Cisco link that I need to further decide how to address a given CVE. I notice that especially with earlier CVEs, there's not enough info in the NIST feed to assign proper device types. So if a device has ANY version of IOS, it gets flagged.

    The CVSS V2 XML feed that NCM uses does provide the CIsco URL for the CVE, but, NCM does not use that field, probably due to complexity.

    In the CVSS V2 feed, there are one or more references beginning at vuln:references. Each has a vuln:source (vendor name) and a vuln:reference URL. NCM could check the vuln:source (vendor name), and try to match things, but I suspect there could be multiple vuln:reference URLs for a single vendor, so it's complex.;

    There is also a CVSS V3 XML feed available from NIST, and both that and the V2 feed are being replaced by a Json feed.

    NVD - Data Feeds

    Cisco now provides CVSS V3 Base scores by default. The V2 and V3 Base scores are almost always the same, but they don't have to be.

Children
No Data

SolarWinds solutions are rooted in our deep connection to our user base in the THWACK® online community. More than 195,000 members are here to solve problems, share technology and best practices, and directly contribute to our product development process.

SolarWinds Customer Success Center Certification Media Vault Link Accounts
About THWACK Blogs For Government Edit Settings Free Tools & Trials
Legal Documents Terms of Use Privacy California Privacy Rights Security Information
©2024 SolarWinds Worldwide, LLC. All Rights Reserved.