The NIST Vulnerability Details show this vulnerability is present on version 12 IOS code, from back in 2002. It's NOT on 3.8.1 code. NCM should not list this switch as "potentially" vulnerable to any issues that aren't associated with its actual code version.
But it does.
I'd like NPM to only present actual vulnerabilities, not false positives.
If there's a way to refresh or update Vulnerabilities listed in NCM, based on actual hardware and IOS code issues that really are risks or problems, then I want that to happen. If it doesn't happen through Solarwinds' abilities to hotfix or upgrade/update NCM and NPM, then I have to manually evaluate hundreds of CVE's and the switches or routers to which they "may" apply. That makes a LOT of work for my team, and Solarwinds products should be all about reducing make-work and false positives, not generating more.
If you want only real vulnerabilities showing up in NPM for your hardware, this Feature Request should get your vote.
SolarWinds solutions are rooted in our deep connection to our user base in the THWACK® online community.
More than 150,000 members are here to solve problems, share technology and best practices, and directly
contribute to our product development process.
Learn more today by joining now.