Firmware Vulnerability

Firmware vulnerabilities can put your business and your customers’ sensitive data at risk, leading to easy entry to hackers, diminished sales, reputation loss and penalties. In order to avoid these mishaps, it is important to identify these firmware vulnerabilities and take corrective measures regularly.

With Network Configuration Manager, you can now identify potential firmware security vulnerabilities in your network devices and take action. Network Configuration Manager acts as firmware vulnerability scanner and works in accordance with NIST vulnerability management (National Institute of Standards and Technology) by fetching firmware vulnerability data and correlating it with the network devices which are currently managed in your infrastructure. At present, Network Configuration Manager helps to manage firmware vulnerability for vendors in the table below. 

Vendor Version support
Citrix

 

 

 

Supports from 126130

Mikrotik
Checkpoint
F5
Bluecoat
InfoBlox
RiverBed
Huawei
Netgear
Hpe
Netscreen
Cisco

 

 

 

Supports from 124098

Juniper
Palo Alto
HP
Aruba
Arista
Fortinet
Dell

Viewing Firmware Vulnerabilities in your network

Network Configuration Manager provides info on all the vulnerabilities by firmware vulnerability scanning in your network in the Firmware Vulnerabilities page. You will be able to view the vulnerabilities in three ways.

1. Device firmware vulnerability management - All Vulnerabilities:

Under "All vulnerabilities" tab, you will be able to view all CVE IDs/Vulnerabilities in your network which are in accordance with NIST vulnerability management. Upon clicking the CVE ID, you will be able to view all the devices associated to that CVE ID. This gives you a complete device firmware vulnerability management.

  • Exploit status: You can either choose to view all the CVE IDs, or the ones which have exploit info available. When you give "Exploit status" as "Exploit", Network Configuration Manager displays only the CVE IDs, that have info on how one can hack/enter a network, provided by the user who first reported the vulnerability. Such vulnerabilities are severe and have to be prioritized over the rest.
  • Request update: Sometimes, you may be aware of certain vulnerabilities corresponding to particular vendors, but those vulnerabilities may not be listed in Network Configuration Manager. In that case, you can send us the vendor name, OS type and OS version of the device whose vulnerability has not been listed. Once you update us, we will automatically fetch and update the vulnerability data for the reported vendor/ OS version/ OS type.
  • Time Filter: A time filter feature has been incorporated for the effective management of identified vulnerabilities. This enables users to streamline their results by choosing options like "Today," "Yesterday," "Last 7 Days," and "Last 30 Days." Additionally, users have the flexibility to tailor their search by utilizing the time filter for specific dates pertinent to their requirements. Also, users can export the detected vulnerability details in the selected time period in PDF, CSV, Excel, or mail formats.
  • Search/Filter: Network Configuration Manager allows you to search for CVE IDs in the "Search CVE" search box, that helps you display the vulnerabilities associated to the CVE searched. Also, you can filter your search based on severity and exploit availability.
  • Vulnerabilities discovered: Under "Vulnerabilities discovered", you can see the total number of vulnerabilities discovered during a particular period.

all vulnerabilities  

2. Exposed Devices in device firmware vulnerability management

Under "Exposed Devices" tab, you can have a device-based vulnerability view, where Network Configuration Manager lists devices that have a firmware vulnerability. On drilling down, you will be able to see all the CVE IDs (vulnerabilities) of that particular device. This helps you know the number of devices in your network having vulnerabilities.

exposed devices  

3. Version Distribution 

Under "Version Distribution" tab, Network Configuration Manager lists all the affected versions in your environment. All the firmware security vulnerabilities will be grouped based on the firmware version they fall under and those versions will be displayed. On drilling down, you will be able to view all the devices along with their CVE IDs, that belong to the same version.

version distribution  

Viewing CVE ID details and taking remediation measures

By clicking on the CVE ID, you can you can get in-depth information about a device's firmware vulnerability management

Date of publishing/modification: In the CVE details page, you can see the date the CVE ID was published and last modified.

Vulnerability summary: You can also see the summary which shows information about what the vulnerability is and on which device the vulnerability was reported first.

Reference URL: You can also see reference URLs, which provides vulnerability patches for remediation.

Vulnerability status: You can see a status bar with options to mark the status of the vulnerability. You can edit this status anytime.

CVE ID  

How Network Configuration Manager categorizes firmware vulnerabilities

Network Configuration Manager categorizes the severity of vulnerabilities based on the "Base score" which is calculated based on a few metrics like Exploitability Metrics (Attack, Complexity, and Authentication) and Impact Metrics (Confidentiality, Integrity, and Availability). Here is the split up of how the severity is categorized:

  • Base score 9.0 - 10 - Critical
  • Base score 7.0 - 8.9 - Important
  • Base score 4.0 - 6.9 - Moderate
  • Base score 0 - 3.9 - Low

Firmware Vulnerability Reports

Network Configuration Manager, which is acting as firmware vulnerability scanner, provides firmware vulnerability reports to help you gain clarity into the affected devices, its status and the remediation for the vulnerability. You can export firmware vulnerability reports in the form of PDF and CSV file. You can also email firmware vulnerability reports to your mail address.

Device vulnerability report  

Advanced CVE search

With "Advanced CVE search" you can globally search for all the vulnerabilities by searching using the vendor name, CVE ID, device OS number, version or a model. For eg: If you search "Cisco IOS 7000", all the firmware security vulnerabilities present in that particular model will be listed. On further clicking it, you will be able to see all the details of the vulnerability corresponding to a particular CVE ID.

CVE search  

Thus, Network Configuration Manager helps you achieve in-depth firmware vulnerability scanning and management. Also, check out firmware upgrade and firmware vulnerability widgets feature to know about bulk firmware upgradation and vulnerability dashhboards. Try out Network Configuration Manager using the 30-day free trial and see how you can manage firmware security vulnerabilities in your network!