Firmware Vulnerability

Firmware vulnerabilities can put your business and your customers’ sensitive data at risk, leading to easy entry to hackers, diminished sales, reputation loss and penalties. In order to avoid these mishaps, it is important to identify these firmware vulnerabilities and take corrective measures regularly.

With Network Configuration Manager, you can now identify potential firmware security vulnerabilities in your network devices and take action. Network Configuration Manager acts as firmware vulnerability scanner and works in accordance with NIST vulnerability management (National Institute of Standards and Technology) by fetching firmware vulnerability data and correlating it with the network devices which are currently managed in your infrastructure. At present, Network Configuration Manager helps to manage firmware vulnerability for vendors in the table below. 

Vendor
Cisco
Juniper
Palo Alto
HP
Aruba
Arista
Fortinet
Dell
Citrix
Mikrotik
F5

Viewing Firmware Vulnerabilities in your network

Network Configuration Manager provides info on all the vulnerabilities by firmware vulnerability scanning in your network in the Firmware Vulnerabilities page. You will be able to view the vulnerabilities in three ways.

1. Device firmware vulnerability management - All Vulnerabilities:

Under "All vulnerabilities" tab, you will be able to view all CVE IDs/Vulnerabilities in your network which are in accordance with NIST vulnerability management. Upon clicking the CVE ID, you will be able to view all the devices associated to that CVE ID. This gives you a complete device firmware vulnerability management.

  • Exploit status: You can either choose to view all the CVE IDs, or the ones which have exploit info available. When you give "Exploit status" as "Exploit", Network Configuration Manager displays only the CVE IDs, that have info on how one can hack/enter a network, provided by the user who first reported the vulnerability. Such vulnerabilities are severe and have to be prioritized over the rest.
  • Request update: Sometimes, you may be aware of certain vulnerabilities corresponding to particular vendors, but those vulnerabilities may not be listed in Network Configuration Manager. In that case, you can send us the vendor name, OS type and OS version of the device whose vulnerability has not been listed. Once you update us, we will automatically fetch and update the vulnerability data for the reported vendor/ OS version/ OS type.
  • Search/Filter: Network Configuration Manager allows you to search for CVE IDs in the "Search CVE" search box, that helps you display the vulnerabilities associated to the CVE searched. Also, you can filter your search based on severity and exploit availability.
  • Vulnerabilities discovered: Under "Vulnerabilities discovered", you can see the total number of vulnerabilities discovered during a particular period.

Firmware Vulnerability - ManageEngine Network Configuration Manager

2. Exposed Devices in device firmware vulnerability management

Under "Exposed Devices" tab, you can have a device-based vulnerability view, where Network Configuration Manager lists devices that have a firmware vulnerability. On drilling down, you will be able to see all the CVE IDs (vulnerabilities) of that particular device. This helps you know the number of devices in your network having vulnerabilities.

Firmware Vulnerability Management - ManageEngine Network Configuration Manager

3. Version Distribution 

Under "Version Distribution" tab, Network Configuration Manager lists all the affected versions in your environment. All the firmware security vulnerabilities will be grouped based on the firmware version they fall under and those versions will be displayed. On drilling down, you will be able to view all the devices along with their CVE IDs, that belong to the same version.

Firmware Vulnerability Scanner - ManageEngine Network Configuration Manager

Viewing CVE ID details and taking remediation measures

By clicking on the CVE ID, you can you can get in-depth information about a device's firmware vulnerability management

Date of publishing/modification: In the CVE details page, you can see the date the CVE ID was published and last modified.

Vulnerability summary: You can also see the summary which shows information about what the vulnerability is and on which device the vulnerability was reported first.

Reference URL: You can also see reference URLs, which provides vulnerability patches for remediation.

Vulnerability status: You can see a status bar with options to mark the status of the vulnerability. You can edit this status anytime.

 Firmware Vulnerabilities - ManageEngine Network Configuration Manager

How Network Configuration Manager categorizes firmware vulnerabilities

Network Configuration Manager categorizes the severity of vulnerabilities based on the "Base score" which is calculated based on a few metrics like Exploitability Metrics (Attack, Complexity, and Authentication) and Impact Metrics (Confidentiality, Integrity, and Availability). Here is the split up of how the severity is categorized:

  • Base score 9.0 - 10 - Critical
  • Base score 7.0 - 8.9 - Important
  • Base score 4.0 - 6.9 - Moderate
  • Base score 0 - 3.9 - Low

Firmware Vulnerability DB sync

Firmware vulnerability data from NIST vulnerability management can be synced with the DB of Network Configuration Manager. Users can set a time of schedule in order to sync data on a daily basis. When a schedule time is set, the synchronization of vulnerability data happens automatically at the exact time of schedule. Network Configuration Manager also allows you to edit/change the time of schedule as per your convenience. If no schedule time is set, sync happens every night at 2 a.m by default.

If you wish to update the Vulnerability data in the NCM UI immediately instead of the scheduled time, you can give the "Update Now" option. When "Update Now" is given, the latest firmware security vulnerability data will be updated in the Network Configuration Manager's DB.

Firmware Vulnerability Reports - ManageEngine Network Configuration Manager

Vulnerability DB sync for closed networks: If your network is closed, you will not be able to update vulnerability database automatically using firmware vulnerability scanning with data from NIST vulnerability management. In that case, you can go for a manual import of vulnerability data.

  • Download firmware vulnerability data from this link (the link will be given in NCM's UI as well).
  • Import the downloaded file. Once you import the new file, the previous dump will be deleted and replaced with the latest data.

Note: Modification of the imported dump by the customer may lead to corruption of vulnerability dump present in Network Configuration Manager.

NIST Vulnerability Management - ManageEngine Network Configuration Manager

Firmware Vulnerability Reports

Network Configuration Manager, which is acting as firmware vulnerability scanner, provides firmware vulnerability reports to help you gain clarity into the affected devices, its status and the remediation for the vulnerability. You can export firmware vulnerability reports in the form of PDF and CSV file. You can also email firmware vulnerability reports to your mail address.

With "Advanced CVE search" you can globally search for all the vulnerabilities by searching using the vendor name, CVE ID, device OS number, version or a model. For eg: If you search "Cisco IOS 7000", all the firmware security vulnerabilities present in that particular model will be listed. On further clicking it, you will be able to see all the details of the vulnerability corresponding to a particular CVE ID.

 

 Firmware Security Vulnerabilities - ManageEngine Network Configuration Manager

 

Thus, Network Configuration Manager helps you achieve in-depth firmware vulnerability scanning and management. Also, check out firmware upgrade and firmware vulnerability widgets feature to know about bulk firmware upgradation and vulnerability dashhboards. Try out Network Configuration Manager using the 30-day free trial and see how you can manage firmware security vulnerabilities in your network!