Why can some QIDs be detected with Unix Auth only and some with SNMP only?
The information one can grab with "Unix Auth" (Cisco command line interface through a SSH or Telnet connection) may be very different than the information one can grab through SNMP.
On the command line (Unix Auth), we have things like the output of the "show version" command, that will return the current OS version, memory and processor information or the "show startup-config" command, that will return the parameters used to configure the device when it boots up.
With SNMP, you don't log in to the system. Instead, you make several queries to the information stored in the Management Information Base (MIB) that is maintained by the SNMP daemon software that runs in the Cisco device. Depending on the configuration of the device you may have access to several level of information, for example, you may have access to the hardware and OS version, current routing tables, protocols installed or inbound and outbound traffic on the interfaces.
As both methods provide different information, some vulnerabilities are discovered by SNMP, others by the command line (Unix Auth), and in some cases, it’s possible to detect the same vulnerability by both ways.
Qualys Support KnowledgeBase