Managing firmware vulnerabilities

In this document we will cover how to upload and deploy patches to resolve firmware vulnerabilities in network devices. The actions described in this document are performed once credentialed scans are performed on network devices and vulnerabilities are identified. Refer to this document for everything you need to know about network device scanning.

This document covers:

How firmware vulnerabilities are identified?

Once the network devices are scanned, the firmware versions of the devices are identified. The central server's database is updated regularly with new vulnerability information when it synchronizes with the Central vulnerability Database hosted at the Zohocorp site. This sync can be scheduled as per your need or can be initiated on-demand. Learn how to schedule the vulnerability database sync. With this information, the central server correlates vulnerabilities corresponding to network devices based on their firmware versions and displays them in both the Firmware vulnerabilities view and Vulnerable Devices view under the Network Devices tab.

In the Firmware vulnerabilities view, the following information are available for each vulnerability:

  • Affected devices: The number of network devices affected by the vulnerability.
  • Exploit Status: This indicates whether a proof-of-concept or exploit code is publicly disclosed for the vulnerability. Vulnerabilities with public exploits should be remediated with priority.
  • Patch Availability: This indicates whether the vendor has officially published a patch for the vulnerability.
  • CVSS scores: The Common Vulnerability Scoring System (CVSS) indicates the severity of the vulnerability which is computed based on a few metrics like exploitability (Attack, Complexity, Authentication) and impact (Confidentiality, Integrity, Availability). Both CVSS v3 and CVSS v2 are displayed for each vulnerability. See below for the correlation between CVSS scores and severity rating.
  • CVSS Score
  • Severity Rating
  • 0.0
  • None
  • 0.1 – 3.9
  • Low
  • 4.0 – 6.9
  • Medium
  • 7.0 – 8.9
  • High
  • 9.0 – 10.0
  • Critical
  • Clicking on a vulnerability reveals more details such as reboot requirement, vendor advisory link, published date and so on.

In the Vulnerable Devices view, the number of vulnerabilities affecting each device is displayed. Clicking on the vulnerability count will display the details of the vulnerabilities affecting the device.

If you want to export data from any view on this page:

  • If the Export button is available in that view, you can export directly from there.
  • Click Export (usually at the top-right of the table).
  • Choose the available export format (for example, CSV/XLS/PDF based on your setup).
  • Download the exported file.