Firmware Vulnerability Management

Firmware vulnerabilities can put your business and your customers’ sensitive data at risk, leading to easy entry to hackers, diminished sales, reputation loss and penalties. In order to avoid these mishaps, it is important to identify firmware vulnerabilities and take corrective measures regularly.

With Network Configuration Manager, you can now identify potential vulnerabilities in your network devices and take action. Network Configuration Manager works in accordance with NIST vulnerability management (National Institute of Standards and Technology) by fetching firmware vulnerability data and correlating it with the network devices which are currently managed in your infrastructure. At present, Network Configuration Manager provides firmware vulnerability management for Cisco IOS, Cisco ASA, Cisco Nexus and Juniper devices.

Viewing Firmware Vulnerabilities in your network

Network Configuration Manager provides info on all the vulnerabilities in your network in the Firmware Vulnerabilities page. You will be able to view the vulnerabilities in three ways.

1. Device firmware vulnerability management - All Vulnerabilities:

Under "All vulnerabilities" tab, you will be able to view all CVE IDs/Vulnerabilities in your network which are in accordance with NIST vulnerability management. Upon clicking the CVE ID, you will be able to view all the devices associated to that CVE ID. This gives you a complete device firmware vulnerability management.

  • Exploit status: You can either choose to view all the CVE IDs, or the ones which have exploit info available. When you give "Exploit status" as "Exploit", Network Configuration Manager displays only the CVE IDs, that have info on how one can hack/enter a network, provided by the user who first reported the vulnerability. Such vulnerabilities are severe and have to be prioritized over the rest.
  • Request update: Sometimes, you may be aware of certain vulnerabilities corresponding to particular vendors, but those vulnerabilities may not be listed in Network Configuration Manager. In that case, you can send us the vendor name, OS type and OS version of the device whose vulnerability has not been listed. Once you update us, we will automatically fetch and update the vulnerability data for the reported vendor/ OS version/ OS type.
  • Search/Filter: Network Configuration Manager allows you to search for CVE IDs in the "Search CVE" search box, that helps you display the vulnerabilities associated to the CVE searched. Also, you can filter your search based on severity and exploit availability.
  • Vulnerabilities discovered: Under "Vulnerabilities discovered", you can see the total number of vulnerabilities discovered during a particular period.

Firmware vulnerability - all vulnerabilities - ManageEngine Network Configuration Manager

2. Exposed Devices in device firmware vulnerability management

Under "Exposed Devices" tab, you can have a device-based vulnerability view, where Network Configuration Manager lists devices that have a vulnerability, on drilling down, you will be able to see all the CVE IDs(vulnerabilities) of that particular device. This helps you know the number of devices in your network having vulnerabilities.

Firmware vulnerability management - exposed devices - ManageEngine Network Configuration Manager

3. Version Distribution 

Under "Version Distribution" tab, Network Configuration Manager lists all the affected versions in your environment. All the vulnerabilities will be grouped based on the firmware version they fall under and those versions will be displayed. On drilling down, you will be able to view all the devices along with their CVE IDs, that belong to the same version.

Firmware vulnerability NIST - Version distribution - ManageEngine Network Configuration

Viewing CVE ID details and taking remediation measures

By clicking on the CVE ID, you can you can get in-depth device firmware vulnerability management

Date of publishing/modification: In the CVE details page, you can see the date the CVE id was published and last modified.

Vulnerability summary: You can also see the summary which shows information about what the vulnerability is and on which device the vulnerability was reported first.

Reference URL: You can also see reference URLs, which provides vulnerability patches for remediation.

Vulnerability status: You can see a status bar with options to mark the status of the vulnerability. You can edit this status anytime.

 Firmware vulnerabilities - CVE Details - ManageEngine Network Configuration Manager

How Network Configuration Manager categorizes firmware vulnerabilities

Network Configuration Manager categorizes the severity of vulnerabilities based on the "Base score" which is calculated based on a few metrics like Exploitability Metrics(Attack, Complexity, Authentication) and Impact Metrics(Confidentiality, Integrity, Availability). Here is the split up of how the severity is categorized:

  • Base score 9.0 - 10 - Critical
  • Base score 7.0 - 8.9 - Important
  • Base score 4.0 - 6.9 - Moderate
  • Base score 0 - 3.9 - Low

Firmware Vulnerability DB sync

Vulnerability data from NIST vulnerability management can be synced with the DB of Network Configuration Manager. Users can set a time of schedule in order to sync data on a daily basis. When a schedule time is set, the synchronization of vulnerability data happens automatically at the exact time of schedule. Network Configuration Manager also allows you to edit/change the time of schedule as per your convenience. If no schedule time is set, sync happens every night at 2 a.m by default.

If you wish to update the Vulnerability data in the NCM UI immediately instead of the scheduled time, you can give the "Update Now" option. When "Update Now" is given, the latest vulnerability data will be updated in the NCM DB.

Firmware vulnerability - DB sync

Vulnerability DB sync for closed networks: If your network is closed, we will not be able to update vulnerability database automatically with data from NIST vulnerability management, in that case you can go for a manual import of vulnerability data.

  • Download vulnerability data from this link. (The link will be given in NCM's UI as well)
  • Import the downloaded file. Once you import the new file, the previous dump will be deleted and replaced with the latest data.

Note: Modification of the imported dump by the customer may lead to corruption of vulnerability dump present in NCM.

Device Firmware vulnerability - firmware vulnerability DB sync - ManageEngine Network Configuration Manager

Firmware Vulnerability Reports

Network Configuration Manager firmware vulnerability reports to help you gain clarity into the affected devices, its status and the remediation for the vulnerability. You can export firmware vulnerability reports in the form oPDF, CSV file. You can email firmware vulnerability reports to your mail address.

With "Advanced CVE search" you can globally search for all the vulnerabilities by searching using the vendor name, CVE ID, device OS number, version or a model. For eg: If you search "Cisco IOS 7000", all the vulnerabilities present in that particular model will be listed. On further clicking it, you will be able to see all the details of the vulnerability corresponding to a particular CVE ID.

 Firmware vulnerability Reports - Firmware vulnerability DB - ManageEngine Network Configuration Manager

Thus, Network Configuration Manager helps you achieve in-depth firmware vulnerability management. Also, check out firmware upgrade and firmware vulnerability widgets feature to know about bulk firmware upgradation and vulnerability dashhboards. Try out Network Configuration Manager using the 30-day free trial and see how you can manage vulnerabilities in your network!