In this document we will cover how to upload and deploy patches to resolve firmware vulnerabilities in network devices. The actions described in this document are performed once credentialed scans are performed on network devices and vulnerabilities are identified. Refer to this document for everything you need to know about network device scanning.
This document covers:
Once the network devices are scanned, the firmware versions of the devices are identified. The central server's database is updated regularly with new vulnerability information when it synchronizes with the Central vulnerability Database hosted at the Zohocorp site. This sync can be scheduled as per your need or can be initiated on-demand. Learn how to schedule the vulnerability database sync. With this information, the central server correlates vulnerabilities corresponding to network devices based on their firmware versions and displays them in both the Firmware vulnerabilities view and Vulnerable Devices view under the Network Devices tab.
In the Firmware vulnerabilities view, the following information are available for each vulnerability:
In the Vulnerable Devices view, the number of vulnerabilities affecting each device is displayed. Clicking on the vulnerability count will display the details of the vulnerabilities affecting the device.
Steps to upload and deploy patches to resolve firmware vulnerabilities:
Firmware vulnerabilities are resolved by deploying the latest patch or the stable firmware version. Firmware patch deployment task can be initiated from either the Firmware vulnerabilities view or Vulnerable devices view and it involves three steps:
To initiate Firmware Patch Deployment,
The latest patch or the stable firmware version required to fix the vulnerability has to be uploaded here. Details regarding the required firmware patch/stable firmware version such as the vendor, OS, and patch/firmware version will be displayed in this section. You will also find the link to the vendor website to download the firmware patch/stable firmware version. After downloading the patch, upload the file to the central server. Once uploaded, checksum details of the patch will be displayed, which can be used to verify the integrity of the patch file. Click Next to proceed to the next stage.
The applicable devices affected by the vulnerability will automatically be selected for deployment and displayed here. You can modify the selection as you wish. If you want to include more targets, you can do so by clicking on select network devices. After confirming the targets, click on Next.
Note: Once the firmware patches are deployed and installed, the network device will reboot automatically to complete the installation process.
Since vulnerabilities correspond to the firmware version of the network device, patching a single vulnerability fixes all the vulnerabilities present in the device, at the time of deployment, because the Firmware gets upgraded to the latest stable version.
You can view the firmware patch deployment tasks that you've created from the Firmware Patch Deployments view under the Network Devices tab. This table informs you about the status of each deployment task. The failed device count column indicates the number of devices in which the deployment failed. Clicking on a deployment takes you to a drilled down view revealing more details about it.
The deployment Details view is divided into three sections:
The Configuration Details view displays the deployment policy applied to the deployment, and the name of the deployed patch file. The Execution Status view displays the deployment status for each target device and remarks for deployment failure, if any.
Under Uploaded Patches view, you will find the list of patch files that have been uploaded to the server along with their storage location.
Vulnerabilities that are actively exploited or publicly disclosed without patches are identified as Zero-day vulnerabilities in Vulnerability Manager Plus. Learn how to mitigate zero-day vulnerabilities in network devices.