Cisco Cisco FirePOWER Appliance 7020
37-27
FireSIGHT System User Guide
Chapter 37 Using Host Profiles
Working with Vulnerabilities in the Host Profile
Vulnerability Impact
The severity assigned to the vulnerability in the Bugtraq database on a scale of 1 to 10, with 10 being
the most severe. The vulnerability impact is determined by the writer of the Bugtraq entry, who
determines the vulnerability impact level based on his or her best judgment, guided by SANS
Critical Vulnerability Analysis (CVA) criteria.
the most severe. The vulnerability impact is determined by the writer of the Bugtraq entry, who
determines the vulnerability impact level based on his or her best judgment, guided by SANS
Critical Vulnerability Analysis (CVA) criteria.
Remote
Indicates whether the vulnerability is remotely exploitable.
Available Exploits
Indicates whether there are known exploits for the vulnerability.
Description
Summary description of the vulnerability.
Technical Description
Detailed technical description of the vulnerability.
Solution
Information about repairing the vulnerability.
Additional Information
Click the arrow to view additional information (if available) about the vulnerability, such as known
exploits and their availability, exploit scenarios, and mitigation strategies.
exploits and their availability, exploit scenarios, and mitigation strategies.
Fixes
Provides links to downloadable patches for the selected vulnerability.
Tip
If direct links to fix or patch downloads appear, right-click the link and save it to your local computer.
Setting the Vulnerability Impact Qualification
License:
FireSIGHT
If the system reports a vulnerability that is not applicable to your network, you can prevent it from being
used to evaluate impact flag correlations. Note that if you deactivate a vulnerability in a host profile, it
deactivates it for all hosts on your network. You can, however, reactivate it at any time.
used to evaluate impact flag correlations. Note that if you deactivate a vulnerability in a host profile, it
deactivates it for all hosts on your network. You can, however, reactivate it at any time.
When a conflict exists for the identity of the host’s operating system or one of the applications on the
host, the system lists vulnerabilities for both conflicting identities until the conflict is resolved. For more
information, see
host, the system lists vulnerabilities for both conflicting identities until the conflict is resolved. For more
information, see
and
.
Note also that the system does not recommend a rule state for an intrusion rule based on a vulnerability
that you disable using the Impact Qualification feature. For more information, see
that you disable using the Impact Qualification feature. For more information, see
.