Skip to content

Filter out non-relevant CVEs

This tutorial walks you through filtering CVEs to show only those that have a higher severity and affect your firmware.

Scenario:

Your company's security team has requested: "We want to focus on exploitable vulnerabilities that have a CRITICAL or HIGH severity rating. Hide everything else."

Prerequisites:

  • Access to firmware analyses.
  • Basic familiarity with the CVE analysis interface.

First, let's upload a firmware:

  1. Click Upload Firmware in the top-right corner.
  2. Fill in the firmware details.
  3. Wait for the analysis to complete.

Next, we'll make sure Automated Impact Assessment is enabled:

  1. Enter Firmware Analysis view by clicking on the uploaded firmware on your dashboard.
  2. Click CVEs on the sidebar.
  3. Check if Show only confirmed matching CVEs is enabled.
  4. If not, enable it.

Now we'll filter by Exploit Maturity, to show only exploitable CVEs. Click the icon in the Exploit Maturity header, select HIGH and FUNCTIONAL, then click Apply.

Filter components

To filter for HIGH and CRITICAL CVEs let's click on the icon in the Severity header and select HIGH and CRITICAL, then click Apply.

Filter severity

With both filters applied, your CVE table displays only HIGH and CRITICAL severity vulnerabilities that are exploitable. All other CVEs are hidden from view.

Finally, you can save this filter configuration, so you don't have to repeat this process. Click + Save current filters and give your filter a descriptive name.

Your filtered view is now ready for your security team's review process.

Advanced: Automate with Analysis Profile Rules

To go the extra mile, you can set up an Analysis profile rule that automatically moves CVEs matching your filters into FOCUS status, making them even more prominent on the platform.

  1. From the top menu bar, select Analysis Profile.
  2. Make sure you're on the CVE rules tab.

  3. In the FIRMWARE field, select your upload by entering this OQL query:

    name = "Your_firmware_name"

    To select multiple firmware, you can use the name OQL field with the IN operator:

    name IN ("Your_firmware_name", "Your_firmware_name_2")

  4. In the QUERY field, enter the following to replicate the filters:

    cve.severity IN (CRITICAL, HIGH) AND cve.exploitMaturity IN (HIGH, FUNCTIONAL) AND score >= -2
    Breaking down the query
    • cve.severity IN (CRITICAL, HIGH) selects every CVE with CRITICAL or HIGH severity.
    • AND connects the query conditions.
    • cve.exploitMaturity IN (HIGH, FUNCTIONAL) selects CVEs with HIGH or FUNCTIONAL exploit maturity.
    • score >= -2 replicates enabling Automated Impact Assessment, meaning only CVEs with a match score of -2 or higher are shown.

  5. Test your rule by selecting the Rule menu and clicking Dry run.

  6. If the results look correct, click Save.
  7. Apply the rule by reanalyzing the affected firmware or by selecting them on the Firmwares page and clicking Apply analysis profile.

To learn more about creating OQL queries, see the OQL guide.