CVE Dashboard
The CVE Dashboard in SureMDM offers a centralized interface for monitoring and managing vulnerabilities affecting Windows devices.
This feature is available exclusively in the Premium and Enterprise tiers and supports devices running Windows 10 and Windows 11.
- Log in to the SureMDM Web Console.
- Navigate to the Security tab.
- Click on CVE Dashboard from the left-hand menu.
Dashboard Overview
The CVE Dashboard provides insights through two primary charts:
1. CVE Status Chart
This chart displays the total number of devices affected by all CVEs. It categorizes devices into:
- At Risk Devices: Devices that are currently vulnerable.
- Resolved Devices: Devices where the vulnerabilities have been addressed.
This chart gives a clear overview of the current security status across all your devices.
2. Severity Chart
The Severity chart categorizes devices based on the severity levels of vulnerabilities. Severity levels include:
- Critical: High-priority vulnerabilities requiring immediate attention.
- Important: Significant vulnerabilities that could impact system security.
- Moderate: Vulnerabilities with a lesser impact on security.
- Low: Minor vulnerabilities with minimal risk.
- None: Devices with vulnerabilities that have no severity (usually app-based CVEs).
Clicking on any section of this chart allows you to view detailed information about devices affected by vulnerabilities within that severity category.
Detailed CVE Table
The dashboard includes a comprehensive table with the following columns:
| Column Name | Description |
|---|---|
| CVE Number | Unique identifier for the vulnerability (e.g., CVE-2024-43633). |
| CVE Title | Brief description of the vulnerability. |
| Product | Target Windows version (e.g., Windows 11 Version 22H2). |
| Classification | Type of update (e.g., Security Update). |
| Published Date | Date the vulnerability was reported. |
| KB Number | Corresponding Microsoft Knowledge Base number. |
| Severity | Indicates vulnerability severity (Important, Critical). |
| At Risk Devices | Number of devices affected. |
| Safe Devices | Number of devices where the issue is resolved. |
| Reboot Required | Indicates if a device reboot is required post-update. |
| Base/Temporal Score | CVSS scores representing vulnerability impact. |
| Issuing CNA | Organization that reported the vulnerability. |
Resolve At-Risk Devices
The Resolve At-Risk Devices action allows administrators to quickly address vulnerabilities detected in devices by applying necessary patches and updates.
Steps to Resolve At-Risk Devices
- Navigate to the CVE Dashboard.
- In the CVE Table, identify CVEs with "At Risk Devices" listed.
- Click the Resolve At-Risk Devices button located above the CVE table.
- Select the CVEs from the table list.
- Click Resolve At-Risk Devices to resolve detected vulnerabilities.
Alternatively:
- Click on At-Risk Devices count and choose specific devices for a given CVE.
- Select the required device(s).
- Click Resolve At-Risk Devices to resolve detected vulnerabilities.
- The Resolve At-Risk Devices action streamlines CVE management by directly addressing vulnerabilities for devices listed as "At Risk."
- Device reboots may be required depending on the applied patches. Refer to the Reboot Required column in the CVE Table for details.
Additional Options on the Overview Page
- Export: Exports the table data to be saved locally in CSV format.
- Search Box: Allows users to search for specific information.
- Refresh Icon: Updates the table with real-time data.
- Column Chooser: Choose additional non-default columns.
The CVE Dashboard feature is available under the Security tab in SureMDM's Premium and Enterprise tiers. It currently scans and reports vulnerabilities for Windows 10 and 11, with reported dates after January 2023.