Remediate the issue via the device command to disable vstack or more permanently by upgrading to a fixed OS version, both which are features of NOM.
#No vstack command install
Find ONLY the affected devices by vendor/model, OSes, and running state (the vstack status is the key to knowing whether Smart Install is enabled and the “show vstack” cmd gives you this status).Often, the complexity required to create scripts to, or manually close-down CVEs, leads to partially compliant fixes or compliance violations that reoccur.īelow, you can see a simple yet powerful way to construct the logic required for this CVE. Using Micro Focus NOM’s configuration and compliance capabilities makes this a simple and automated ongoing function versus a protracted project.
Knowing that each company has different response protocols for dealing with CVEs, Micro Focus Network Operations Management provides two ways for customers to close a vulnerability:ġ – The Micro Focus ITOM Marketplace provides a security and compliance service delivering policies for customers.Ģ – Customers can create their own compliance policy to check the running state for Smart Install being enabled, cross checked against vulnerable OS versions, and can disable the Smart Install service as a quick fix. Since Smart Install is not part of the configuration of these devices, it requires the use of Running State show commands to detect this issue. When the Cisco Smart Install admin tool is enabled, it provides an open port for unauthorized access to the device. I will also discuss and then maintain compliance on an ongoing basis as part of compliance lifecycle management.Ĭlose the Vulnerability – Cisco CVE-2018-0171 Today, in Part 3, I’ll show how we use all three dimensions to close the Cisco CVE 2018-0171 introduced in Part 2 of this blog series. In part 1 and part 2 of this blog series, I introduced the concept of 3-D Compliance, a model for achieving compliance nirvana for networks. NOTE: This is Part 3 of a multi-blog post about network compliance.
0 kommentar(er)
