Firmware Vulnerability Management

Contents

Overview

Firmware vulnerabilities can put your business and your customers’ sensitive data at risk, leading to easy entry to hackers, diminished sales, reputation loss and penalties. In order to avoid these mishaps, it is important to identify firmware vulnerabilities and take corrective measures regularly.

With Network Configuration Manager, you can now identify potential vulnerabilities in your network devices and take action. Network Configuration Manager works in accordance with NIST (National Institute of Standards and Technology) by fetching firmware vulnerability data and correlating it with the network devices which are currently managed in your infrastructure. At present, Network Configuration Manager helps to manage firmware vulnerability for Cisco IOS, Cisco ASA, Cisco Nexus and Juniper devices.

Viewing Firmware Vulnerabilities in your network

In Firmware Vulnerabilities page, Network Configuration Manager lists out all the vulnerabilities in your network and the number of devices affected by those vulnerabilities. You can view the details of that vulnerability associated to a particular CVE ID and immediately carry out the remediation methods.

Follow the instructions in order to see the severity of vulnerabilities and the devices which are vulnerable:

  • Click on the the "Firmware Vulnerability" tab.
  • Under "Firmware Vulnerabilities", you will be able to see all the vulnerabilities in your network.
  • Right next to all vulnerabilities, you will be able to see the categorization of those vulnerabilities based on their severity level.
  •  NCM groups vulnerabilities as Critical, Important, Moderate, Low and Unrated.
  • If you wish to view the devices belonging to a particular category of severity, click on the severity to view all the vulnerabilities and the devices associated with it.
  • Network Configuration Manager categorizes the severity of vulnerabilities based on the "Base score" given by the person who reports the vulnerability.
  • Further drilling down, you can see the CVE ID, devices having that vulnerability and the reference URLs to resolve the vulnerability.

Viewing CVE ID details and taking remediation measures

By clicking on the CVE ID, you can you can get in-depth information about the firmware vulnerability. Follow the instructions to see the CVE details in Network Configuration Manager:

  • Click on Firmware Vulnerability tab and choose "All Vulnerabilities"
  • You will be able to see all the vulnerabilities listed along with the CVE id.
  • Click on the CVE id to view the details of the vulnerability.
  • On clicking the CVE id, you will be able to able to view the CVE details.
  • In the CVE details page, you can see the date the CVE id was published and last modified.
  • You can also see the summary which shows information about what the vulnerability is and on which device the vulnerability was reported first.
  • You can also see reference URLs, which provides the optimal resolution measures for the vulnerability and a comment section which allows users to add a required statement.
  • Also, you can see a status bar with options to mark the status of the vulnerability. You can also edit the status anytime and save the status by clicking the save icon.

How Network Configuration Manager categorizes firmware vulnerabilities 

Network Configuration Manager categorizes the severity of vulnerabilities based on the "Base score" which is calculated based on a few metrics like Exploitability Metrics(Attack, Complexity, Authentication) and Impact Metrics(Confidentiality, Integrity, Availability). Here is the split up of how the severity is categorized:

  • Base score 9.0 - 10 - Critical
  • Base score 7.0 - 8.9 - Important
  • Base score 4.0 - 6.9 - Moderate
  • Base score 0 - 3.9 - Low

Firmware Vulnerability DB sync

Vulnerability data from NIST can be synced with the DB of Network Configuration Manager. Users can set a time of schedule in order to sync data on a daily basis. When a schedule time is set, the synchronization of vulnerability data happens automatically at the exact time of schedule. Network Configuration Manager also allows you to edit/change the time of schedule as per your convenience. If no schedule time is set, sync happens every night at 2 a.m by default.

If you wish to update the Vulnerability data in the NCM UI immediately instead of the scheduled time, you can give the "Update Now" option. When "Update Now" is given, the latest vulnerability data will be updated in the NCM DB.

Follow the instructions in order to run a daily schedule for synchronizing vulnerability data:

  • Click on "Firmware Vulnerability" tab and select "Sync Vulnerability DB" option.
  • In the tab that opens, you will be able to see when the DB was last updated with the vulnerability data and also the next schedule time.
  • You will also be able to see the whether the vulnerability sync was a success/failure.
  • ext to "Daily Scheduled Run" you will be allowed to enter a schedule time or change the existing schedule time.
  • Once the schedule time is given, click on the save icon.
  • If you wish to immediately update the vulnerability data in NCM, you can select "Update Now" option.

Note: If yours is a closed network, live data sync is not possible. We are working on supporting manual import of vulnerability data for closed networks.

Firmware Vulnerability Reports and advanced CVE search

Network Configuration Manager provides reports on firmware vulnerability to help you gain clarity into the affected devices, its status and the remediation for the vulnerability. You can export the report as a PDF, CSV file or get the report via Email.

With "Advanced CVE search" you can globally search for all the vulnerabilities by searching using the vendor name, CVE ID, device OS number, version or a model. For eg: If you search "Cisco IOS 7000", all the vulnerabilities present in that particular model will be listed. On further clicking it, you will be able to see all the details of the vulnerability corresponding to a particular CVE ID. Follow the instructions to perform advanced CVE search in Network Configuration Manager:

  • To perform an advanced CVE search, click on "Firmware Vulnerability" tab and select "Advanced CVE Search".
  • In the tab that opens, you will be able to see a search bar.
  • In the search bar, you can search for all the vulnerabilities by searching using the vendor name, CVE id, device OS number, version or a model.
  • After a particular search term is given, click on "search" button.
  • NCM will display the vulnerabilities associated to a particular vendor or a CVE id, globally.
  • By clicking on a particular CVE id, you can view the details of the vulnerability linked to a particular CVE id.

Thus, Network Configuration Manager helps you achieve in-depth management of all the vulnerabilities in your network. Try out Network Configuration Manager using the 30-day free trial and see how you can manage vulnerabilities in your network!

Was this article helpful?