Managing firmware vulnerabilities

In this document we will cover how to upload and deploy patches to resolve firmware vulnerabilities in network devices. The actions described in this document are performed once credentialed scans are performed on network devices and vulnerabilities are identified. Refer to this document for everything you need to know about network device scanning.

This document covers:

How firmware vulnerabilities are identified?

Once the network devices are scanned, the firmware versions of the devices are identified. The central server's database is updated regularly with new vulnerability information when it synchronizes with the Central vulnerability Database hosted at the Zohocorp site. This sync can be scheduled as per your need or can be initiated on-demand. Learn how to schedule the vulnerability database sync. With this information, the central server correlates vulnerabilities corresponding to network devices based on their firmware versions and displays them in both the Firmware vulnerabilities view and Vulnerable Devices view under the Network Devices tab.

In the Firmware vulnerabilities view, the following information are available for each vulnerability:

  • Affected devices: The number of network devices affected by the vulnerability.
  • Exploit Status: This indicates whether a proof-of-concept or exploit code is publicly disclosed for the vulnerability. Vulnerabilities with public exploits should be remediated with priority.
  • Patch Availability: This indicates whether the vendor has officially published a patch for the vulnerability.
  • CVSS scores: The Common Vulnerability Scoring System (CVSS) indicates the severity of the vulnerability which is computed based on a few metrics like exploitability (Attack, Complexity, Authentication) and impact (Confidentiality, Integrity, Availability). Both CVSS v3 and CVSS v2 are displayed for each vulnerability. See below for the correlation between CVSS scores and severity rating.
  • CVSS Score
  • Severity Rating
  • 0.0
  • None
  • 0.1 – 3.9
  • Low
  • 4.0 – 6.9
  • Medium
  • 7.0 – 8.9
  • High
  • 9.0 – 10.0
  • Critical
  • Clicking on a vulnerability reveals more details such as reboot requirement, vendor advisory link, published date and so on.

In the Vulnerable Devices view, the number of vulnerabilities affecting each device is displayed. Clicking on the vulnerability count will display the details of the vulnerabilities affecting the device.

Steps to upload and deploy patches to resolve firmware vulnerabilities:

Firmware vulnerabilities are resolved by deploying the latest patch or the stable firmware version. Firmware patch deployment task can be initiated from either the Firmware vulnerabilities view or Vulnerable devices view and it involves three steps:

  • Uploading the firmware patch
  • Defining targets
  • Configuring deployment settings

To initiate Firmware Patch Deployment,

 

  • Navigate to Firmware vulnerabilities view or Vulnerable Devices view
  • Depending on the view, select the vulnerability or the device you want to patch.
  • Click on Upload and Install Patch.

Step 1: Uploading Firmware Patch

The latest patch or the stable firmware version required to fix the vulnerability has to be uploaded here. Details regarding the required firmware patch/stable firmware version such as the vendor, OS, and patch/firmware version will be displayed in this section. You will also find the link to the vendor website to download the firmware patch/stable firmware version. After downloading the patch, upload the file to the central server. Once uploaded, checksum details of the patch will be displayed, which can be used to verify the integrity of the patch file. Click Next to proceed to the next stage.

Step 2: Defining Target

The applicable devices affected by the vulnerability will automatically be selected for deployment and displayed here. You can modify the selection as you wish. If you want to include more targets, you can do so by clicking on select network devices. After confirming the targets, click on Next.

Step 3: Configuring deployment settings

  • Give an appropriate name and description to the deployment task.
  • In the Apply Deployment policy drop down, you can choose to initiate deployment immediately after creating the task or schedule it at a time of your choice.
  • If you choose Schedule Deployment, specify the date and time at which the deployment should begin.
  • Enable Notification if you wish to be notified regarding deployment status and failures.
  • Specify the frequency at which you want to receive notifications.
  • Type in the email id to which the notifications should be sent.
  • Click Deploy to successfully create a Firmware Patch Deployment task.
  • Note: Once the firmware patches are deployed and installed, the network device will reboot automatically to complete the installation process.

    Since vulnerabilities correspond to the firmware version of the network device, patching a single vulnerability fixes all the vulnerabilities present in the device, at the time of deployment, because the Firmware gets upgraded to the latest stable version.

    Monitoring deployment:

    You can view the firmware patch deployment tasks that you've created from the Firmware Patch Deployments view under the Network Devices tab. This table informs you about the status of each deployment task. The failed device count column indicates the number of devices in which the deployment failed. Clicking on a deployment takes you to a drilled down view revealing more details about it.

    The deployment Details view is divided into three sections:

    • Deployment details contain the basic information about the deployment.
    • The Execution summary graph gives a breakdown of the target devices based on their deployment status. This indicates for how many devices the deployment is successful, failure, yet to be applied, not applicable and in-progress.
    • The target scope shows which office the target devices belong to.
    • The Configuration Details view displays the deployment policy applied to the deployment, and the name of the deployed patch file. The Execution Status view displays the deployment status for each target device and remarks for deployment failure, if any.

      Modifying, suspending and deleting deployment tasks:

      • If you wish to modify, suspend or delete any of the deployment tasks, you can do so by
      • Navigating to Network Devices > Firmware Patch Deployments
      • Select a deployment task and click on the dotted button under the Action column.
      • Now, select modify/suspend/delete as you wish.

      Viewing uploaded patches:

      Under Uploaded Patches view, you will find the list of patch files that have been uploaded to the server along with their storage location.

      Vulnerabilities that are actively exploited or publicly disclosed without patches are identified as Zero-day vulnerabilities in Vulnerability Manager Plus. Learn how to mitigate zero-day vulnerabilities in network devices.