Vulnerabilities Page
Table of Contents
Expand all | Collapse all
-
- Firewall and PAN-OS Support of IoT Security
- IoT Security Prerequisites
- Onboard IoT Security
- Onboard IoT Security on VM-Series Firewalls with Software NGFW Credits
-
- DHCP Data Collection by Traffic Type
- Firewall Deployment Options for IoT Security
- Configure a Pre-PAN-OS 10.0 Firewall with a DHCP Server
- Configure a Pre-PAN-OS 10.0 Firewall for a Local DHCP Server
- Use a Tap Interface for DHCP Visibility
- Use a Virtual Wire Interface for DHCP Visibility
- Use ERSPAN to Send Mirrored Traffic through GRE Tunnels
- Use DHCP Server Logs to Increase Device Visibility
- Plan for Scaling when Your Firewall Serves DHCP
- Prepare Your Firewall for IoT Security
- Configure Policies for Log Forwarding
- Control Allowed Traffic for Onboarding Devices
- Support Isolated Network Segments
- IoT Security Integration with Prisma Access
- IoT Security Licenses
- Offboard IoT Security Subscriptions
-
- Introduction to IoT Security
- IoT Security Integration with Next-generation Firewalls
- IoT Security Portal
- Vertical-themed Portals
- Device-to-Site Mapping
- Sites and Site Groups
- Networks
- Reports
- IoT Security Integration Status with Firewalls
- IoT Security Integration Status with Prisma Access
- Data Quality Diagnostics
- IoT Security Integrations with Third-party Products
- IoT Security and FedRAMP
Vulnerabilities Page
The Vulnerabilities page in the IoT Security portal displays
detected vulnerabilities.
The Vulnerabilities page () lists the vulnerabilities that IoT Security has detected or learned
about through a third-party integration .
Vulnerabilities
Vulnerabilities
You can search for a text string in any of the columns, download
the list of vulnerabilities, create a filter to show only the vulnerabilities
you want to see, and control which columns you want to show and
hide.

Although the Severity column in the table shows only icons,
you can still search by the severity level words Critical, High,
Medium, and Low.
You can also set the number of rows you want to see on each page
(from 5 to 200) and navigate among multiple pages.

CVSS Score Range | Severity Level |
---|---|
9.0 – 10.0 | Critical |
7.0 – 8.9 | High |
4.0 – 6.9 | Medium |
< 4.0 | Low |
While a severity level in the IoT Security system reflects a
CVSS score, there isn’t always a direct correlation between the two.
For example, a hard-coded password in a device might have a CVSS
score of 10.0, but an IoT Security severity level of High rather
than Critical. This can happen when there isn’t proof that the device
can be accessed from the Internet or by an unauthorized user. While
NIST assigns a CVSS score to a vulnerability generically, IoT Security
assigns a “risk severity” level to vulnerabilities based on the
specifics of each case.

For example, although the first vulnerability has a CVSS score
of 9.8, its risk severity is High instead of Critical. IoT Security bases
the severity level not only on the CVSS score but on other determining
risk factors as well.
Vulnerabilities table columns
- Severity– The severity level of a vulnerability: critical, high, medium, or low.
- CVSS– The CVSS (Common Vulnerability Scoring System) score of a vulnerability.
- Vulnerability– The name or CVE (common vulnerabilities and exposures) number of a vulnerability. This links to the Vulnerability Details page.
- Confirmed– Indicates if a vulnerability is confirmed to apply to one or more devices. An empty field indicates that it is a potential vulnerability.
- Source– (Not shown by default) The source that identified the device vulnerability: IoT Security, Rapid7, Qualys, Tenable, or IoT Security Device Software Library.
- Confirmed Instances– The number of devices to which a vulnerability is confirmed to be applicable. This number links to the Vulnerability Details page.
- Potential Instances– The number of devices to which a vulnerability might be applicable but has not been confirmed. This number also links to the Vulnerability Details page.
- Vulnerable Profiles– The number of device profiles to which a confirmed or potential vulnerability applies.
- Attack Vector– (Not shown by default) Also referred to as "Access Vector", this is the type of access an attacker must have to exploit a vulnerability. The metric values are defined in the Common Vulnerability and Exposure (CVE). The vulnerability score increases as the possible distance from the target increases:
- Physical– An attacker must physically touch or control the vulnerable device.
- Local– An attacker must launch an exploit locally or use social engineering to dupe a user into helping launch it.
- Adjacent– An attacker must have access to the same physical or logical network as that of the vulnerable device.
- Network– An attacker can launch an exploit remotely from anywhere on a network that can access the vulnerable device.When an attack vector is not defined, it's classified as "Unknown".
- Covered by Threat Prevention– (Not shown by default) Indicates if a vulnerability is covered by the Palo Alto Networks Threat Prevention application (Yes) or not (No).
- PoC Identified– (Not shown by default) If a proof of concept (PoC) has been identified for the vulnerability (Available) or not (Unknown).
When you hover your cursor over an entry in the Vulnerability
column, a panel pops up with showing its description and impact.

Clicking
View more
opens the Vulnerability
Details page. Clicking the name of a vulnerability entry also opens
the Vulnerability Details page.