cancel
Showing results for 
Search instead for 
Did you mean: 
Create Post

Integrate NCM's IOS Vulnerability Listing with IOS Version Detected, and eliminate false warnings

Integrate NCM's IOS Vulnerability Listing with IOS Version Detected, and eliminate false warnings

NCM's Vulnerability Summary doesn't appear to take the current Cisco IOS version into account when presenting Vulnerability information. NCM should not display false-positive alerts.

pastedImage_0.png

Here's what's going on:

Switch: a new Cisco 4510R+E running 3.8.1 IOS

NPM Vulnerability Alert: CVE-2002-1357

NIST Vulnerability Details: NVD - Detail

The NIST Vulnerability Details show this vulnerability is present on version 12 IOS code, from back in 2002.  It's NOT on 3.8.1 code.   NCM should not list this switch as "potentially" vulnerable to any issues that aren't associated with its actual code version.

But it does.

I'd like NPM to only present actual vulnerabilities, not false positives.

If there's a way to refresh or update Vulnerabilities listed in NCM, based on actual hardware and IOS code issues that really are risks or problems, then I want that to happen.  If it doesn't happen through Solarwinds' abilities to hotfix or upgrade/update NCM and NPM, then I have to manually evaluate hundreds of CVE's and the switches or routers to which they "may" apply.  That makes a LOT of work for my team, and Solarwinds products should be all about reducing make-work and false positives, not generating more.

If you want only real vulnerabilities showing up in NPM for your hardware, this Feature Request should get your vote.

Vote it up, friends!

4 Comments
Level 10

I agree totally on this one.

The Firmware Vulnerability feature is unusable as it is at the moment.

Should be an easy fix for Solarwinds though.

upvoted

Community Manager
Community Manager
Status changed to: Open for Voting
 
Level 7

Same issue here, I have only modern switches all running current IOSes and 3 of them pop hot on "CVE-2001-0537"
I couldn't even tell you why it only shows up for 3 out of the 200, every one of them is the same with the same IOS, but it picks three to say are vulnerable. 

It looks like it is telling me I have 20 years worth of vulnerabilities and is randomly applying them to all switches.
To be fair, these devices have been swapped out numerous times before, so maybe it's stuck showing me an historically correct warning, but Solarwinds has long since updated its info and shows the correct IOS is installed. Maybe it just needs to re-check for the IOS currently installed and update the database to remove the outdated positives.