Why Do Some Informational Findings Have a Score of Zero and Can They be Adjusted?

When you import your vulnerability data into Cisco Vulnerability Management, you may see that some of the findings are classified as Informational and have a score of 0. Cisco Vulnerability Management does not apply a score to any finding that does not have a CVE/CWE or WASC Identifier associated to it.

To view findings that are classified as Informational, expand the Classification filter under the Vulnerability Filters on the right hand side of the VM Explore page:

Informational.png

On the Vulnerabilities tab, you’ll see all of the findings that have been imported and that are considered Informational. Some of these findings may have a score of 0, but may still pose reputational or brand risk to your environment. These findings may include expired SSL certificates or End of Life software.

Info_Vulns.png

 

Many of our customers will create risk meters for the items they want to keep track of and have their remediation teams address as well. Tracking these in a separate risk meter is one way to track them, but you may also want them to count in the Cisco Security Risk Score calculation for an asset/risk meter so that they bubble up as well.

Adjusting the Score of Informational Vulnerabilities from the UI

While informational vulnerabilities might not pose more risk than the high risk findings that are scored, you might want to adjust the score so that they can be remediated based on your internal policies. Vulnerability scores can be adjusted by any user that has Administrator, Write or custom access with the Vulnerability Score Override permission set. This permission should be granted to a limited amount of users because scores can be adjusted on any vulnerability, not just ones that are considered Informational.

1. On the VM Explore page, select the checkbox for the vulnerability that you want to adjust the score for.
2. Click Edit and select the Score option.

Informational_Rescore.png

3. On the Override Score window, change the score and select the I understand the implications option. Note: By adjusting the score of the vulnerability, you are removing the vulnerability from the automatic scoring algorithm and the score will not be auto-adjusted dynamically.

override.png

4. Click Save Changes.
Note: When you override a score, it is for a specific findings on a specific asset. If you have a new asset that comes into Cisco Vulnerability Management with this finding, the score will not be automatically set to your adjusted score and will need to be adjusted as well.

Adjusting the Score of Informational Vulnerabilities From the API

You can use the Update Vulnerability API endpoint to override the scores of vulnerabilities. For more information, refer to the API documentation.

You can contact the Customer Success Team if you require more information about Informational findings and score overrides.

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

Comments

0 comments

Please sign in to leave a comment.