FIRMWARE VULNERABILITY FOR All vendors

I would vote for this as well.  HPE/Aruba would be very helpful.

The list of supported devices is pretty short; Cisco and Juniper. It seems to be a feature that doesn't really get much attention. We are moving exclusively to Aruba switches, and its tough to find a product that supports them for vulnerability scanning, without investing in Aruba's own solution. Maybe that's part of the problem.

So, yes; please expand this functionality!

Dell switches support will be very usefull 

I agree. We're starting to add APC UPSes to NCM, and we already have some Dell switches. I do see Schneider and Dell advisories in the feed.

I don't find the NIST links provided by NCM to be useful - too much additional drilling needed to get to the relevant CIsco info. So I google the word "Cisco" plus the CVE number to get the Cisco link that I need to further decide how to address a given CVE. I notice that especially with earlier CVEs, there's not enough info in the NIST feed to assign proper device types. So if a device has ANY version of IOS, it gets flagged.

The CVSS V2 XML feed that NCM uses does provide the CIsco URL for the CVE, but, NCM does not use that field, probably due to complexity.

In the CVSS V2 feed, there are one or more references beginning at vuln:references. Each has a vuln:source (vendor name) and a vuln:reference URL. NCM could check the vuln:source (vendor name), and try to match things, but I suspect there could be multiple vuln:reference URLs for a single vendor, so it's complex.;

There is also a CVSS V3 XML feed available from NIST, and both that and the V2 feed are being replaced by a Json feed.

NVD - Data Feeds

Cisco now provides CVSS V3 Base scores by default. The V2 and V3 Base scores are almost always the same, but they don't have to be.