Configuration Backup
- Network Device Discovery
- Baseline Configuration
- Network Backup Software
- Automated configuration backup
- Scheduling Configuration Backup
- Encrypted Storage of Configuration & Centralized Control
- Network Disaster Recovery Plan
Change Management
- Configuration Change Management
- Role Based Access Control (RBAC)
- Configuration Versioning & labelling
- Real time Change Detection
- Change Management Rules & Notifications
- Restore Device Configurations
- Config Compare Tool
Configlets
- Network Automation Tool
- Network Configuration Automation
- Command Execution Tasks
- Cisco Access Control List (ACL)
- What is VLAN
- SNMPv3 Configuration
- Enable SNMP in Cisco Router
- What is NAT?
- Configure static NAT Cisco
- Configure dynamic NAT Cisco
- Configuring PAT Cisco
- Juniper Software Upgrade
- Configure Cisco Banner
- Configure Cisco DHCP server
- Configure Cisco interface speed
REST Configlets
- REST API based config management
- Fortigate REST API config management
- Palo Alto REST API config management
Vulnerability Management
- Firmware Vulnerability
- Vulnerability Sync
- Firmware Vulnerability Insights
Firmware Upgrade
- Firmware Upgrade
- Cisco IOS Firmware Upgrade
Compliance
- Compliance Monitoring
- Compliance Reporting
- CIS Benchmark Compliance
- PCI Compliance
- SOX Compliance
- HIPAA Compliance
Configuration Management
- Simplified device templates
- Configuration Drift Management
- Syslog Configuration
- 3Com Device Configuration
- 3Com Switch Configuration
- Manage Device Configuration
- Router Configuration Management
- Network Configuration Analysis
- HP switch management software
- Huawei Router Configuration
- Cisco Device Configuration Management
- Backup Cisco switch config
- Cisco router configuration backup
- Juniper Device Configuration Management
- Brocade Device Configuration Management
- Brocade Router Config Management
- Brocade Switch Configuration Management
- NETGEAR Configuration Manager
- Aruba Device Configuration Management
- Siemens Configuration Tool
- Firewall Configuration Management
- What is Network Configuration Management (NCM)
- Network Configuration and Change Management
- Configuration Automation
- Network Device Management
- Multi-vendor device configuration support
- Searching Configurations
- Network Inventory Management
- Hardware Inventory
- Configuration File Management
- Terminal
Distributed Management
- NCM Enterprise Edition
- Enterprise Edition Smart Upgrade
- Centralized user management
- Tags
Reports
- Network Reports
- Configuration Reports
- Vulnerability Reports
- Network User Reports
- Compliance Report
- EOL/EOS Reports
- Other Reports
Ebooks
- Network disaster recovery plan
- Best practices in configuration Management
- The top 4 best practices for effective compliance management
- The top 4 best practices for effective firmware vulnerability management
Tech Topics
- Staying Ahead of Firmware Breaches
- Startup vs. Running Configuration
- Copy Running-Startup Configs
- Network Validation
White Papers
- Network Validation
- Conquering NCCM Challenges through Automation
Knowledge Base
- FAQ
- How-to
Enterprise Edition Knowledge Base
- FAQ (Enterprise Edition)
- How-to (Enterprise Edition)
Web Comic
- Network Administrators & Device Configuration Blues
Case Studies
- Automation for World's Leading News Agency
- Central Management and Control for UK's Top ITSO
- Business Continuity for Telecom Service Provider
- Total Control of Network Devices of Leading University
- Unified NCCM for IT service provider
Configuration Management Basics
- What is network automation
- Configuration change management best practices
- Top 5 advantages of network backup software
- How to choose the right network automation tool
- Top six benefits of configuration automation
- Network Audit
- Network Audit Tool
- Need for network backup software
- How to choose the right network backup software
- Network Configuration Change Management Tools
- Five challenges in managing configuration changes
- Brocade Switch Configuration Backup
- Network automation
- Network Vulnerabilities
- Configuring Cisco Switch
- Configure Cisco Router
- Configuration Backup
- SOX compliance requirements
Network Access Control
- SAML authentication
Integrations
- Integrate Password Manager Pro
- Integrate ServiceDesk Plus
- Integrate ServiceDesk Plus On-Demand
- Integrate ServiceNow
- Integrate PagerDuty

Firmware Vulnerability

Firmware vulnerabilities can put your business and your customers’ sensitive data at risk, leading to easy entry to hackers, diminished sales, reputation loss and penalties. In order to avoid these mishaps, it is important to identify these firmware vulnerabilities and take corrective measures regularly.

With Network Configuration Manager, you can now identify potential firmware security vulnerabilities in your network devices and take action. Network Configuration Manager acts as firmware vulnerability scanner and works in accordance with NIST vulnerability management (National Institute of Standards and Technology) by fetching firmware vulnerability data and correlating it with the network devices which are currently managed in your infrastructure. At present, Network Configuration Manager helps to manage firmware vulnerability for vendors in the table below.

Vendor	Version support
Citrix	Supports from 126130
Mikrotik
Checkpoint
F5
Bluecoat
InfoBlox
RiverBed
Huawei
Netgear
Hpe
Netscreen
Cisco		Supports from 124098
Juniper
Palo Alto
HP
Aruba
Arista
Fortinet
Dell

Viewing Firmware Vulnerabilities in your network

Network Configuration Manager provides info on all the vulnerabilities by firmware vulnerability scanning in your network in the Firmware Vulnerabilities page. You will be able to view the vulnerabilities in three ways.

1. Device firmware vulnerability management - All Vulnerabilities:

Under "All vulnerabilities" tab, you will be able to view all CVE IDs/Vulnerabilities in your network which are in accordance with NIST vulnerability management. Upon clicking the CVE ID, you will be able to view all the devices associated to that CVE ID. This gives you a complete device firmware vulnerability management.

Exploit status: You can either choose to view all the CVE IDs, or the ones which have exploit info available. When you give "Exploit status" as "Exploit", Network Configuration Manager displays only the CVE IDs, that have info on how one can hack/enter a network, provided by the user who first reported the vulnerability. Such vulnerabilities are severe and have to be prioritized over the rest.
Request update: Sometimes, you may be aware of certain vulnerabilities corresponding to particular vendors, but those vulnerabilities may not be listed in Network Configuration Manager. In that case, you can send us the vendor name, OS type and OS version of the device whose vulnerability has not been listed. Once you update us, we will automatically fetch and update the vulnerability data for the reported vendor/ OS version/ OS type.
Time Filter: A time filter feature has been incorporated for the effective management of identified vulnerabilities. This enables users to streamline their results by choosing options like "Today," "Yesterday," "Last 7 Days," and "Last 30 Days." Additionally, users have the flexibility to tailor their search by utilizing the time filter for specific dates pertinent to their requirements. Also, users can export the detected vulnerability details in the selected time period in PDF, CSV, Excel, or mail formats.
Search/Filter: Network Configuration Manager allows you to search for CVE IDs in the "Search CVE" search box, that helps you display the vulnerabilities associated to the CVE searched. Also, you can filter your search based on severity and exploit availability.
Vulnerabilities discovered: Under "Vulnerabilities discovered", you can see the total number of vulnerabilities discovered during a particular period.

2. Exposed Devices in device firmware vulnerability management

Under "Exposed Devices" tab, you can have a device-based vulnerability view, where Network Configuration Manager lists devices that have a firmware vulnerability. On drilling down, you will be able to see all the CVE IDs (vulnerabilities) of that particular device. This helps you know the number of devices in your network having vulnerabilities.

3. Version Distribution

Under "Version Distribution" tab, Network Configuration Manager lists all the affected versions in your environment. All the firmware security vulnerabilities will be grouped based on the firmware version they fall under and those versions will be displayed. On drilling down, you will be able to view all the devices along with their CVE IDs, that belong to the same version.

Viewing CVE ID details and taking remediation measures

By clicking on the CVE ID, you can you can get in-depth information about a device's firmware vulnerability management

Date of publishing/modification: In the CVE details page, you can see the date the CVE ID was published and last modified.

Vulnerability summary: You can also see the summary which shows information about what the vulnerability is and on which device the vulnerability was reported first.

Reference URL: You can also see reference URLs, which provides vulnerability patches for remediation.

Vulnerability status: You can see a status bar with options to mark the status of the vulnerability. You can edit this status anytime.

How Network Configuration Manager categorizes firmware vulnerabilities

Network Configuration Manager categorizes the severity of vulnerabilities based on the "Base score" which is calculated based on a few metrics like Exploitability Metrics (Attack, Complexity, and Authentication) and Impact Metrics (Confidentiality, Integrity, and Availability). Here is the split up of how the severity is categorized:

Base score 9.0 - 10 - Critical
Base score 7.0 - 8.9 - Important
Base score 4.0 - 6.9 - Moderate
Base score 0 - 3.9 - Low

Firmware Vulnerability Reports

Network Configuration Manager, which is acting as firmware vulnerability scanner, provides firmware vulnerability reports to help you gain clarity into the affected devices, its status and the remediation for the vulnerability. You can export firmware vulnerability reports in the form of PDF and CSV file. You can also email firmware vulnerability reports to your mail address.

Advanced CVE search

With "Advanced CVE search" you can globally search for all the vulnerabilities by searching using the vendor name, CVE ID, device OS number, version or a model. For eg: If you search "Cisco IOS 7000", all the firmware security vulnerabilities present in that particular model will be listed. On further clicking it, you will be able to see all the details of the vulnerability corresponding to a particular CVE ID.

Thus, Network Configuration Manager helps you achieve in-depth firmware vulnerability scanning and management. Also, check out firmware upgrade and firmware vulnerability widgets feature to know about bulk firmware upgradation and vulnerability dashhboards. Try out Network Configuration Manager using the 30-day free trial and see how you can manage firmware security vulnerabilities in your network!