IOS-XE Vulnerability dashboard - optional dashboard to identify Cisco IOS-XE device vulnerabilities

Introduction

To install the IOS-XE Vulnerability dashboard

To use the IOS-XE Vulnerability dashboard

Introduction:

The IOS-XE Vulnerability dashboard is an optional dashboard that requires a separate file installation via Entuity Support (and therefore is not a system dashboard). This dashboard lists Cisco IOS-XE devices under management on your network and their vulnerability to CVE-2023-20198, an issue that was announced by Cisco on October 16th, 2023.

This vulnerability enables a remote, unauthenticated attacker to create an account with privilege level 15 access on an affected system, through which the attacker can then gain control of the affected system. Cisco has not yet provided a fix for this vulnerability.

Once Cisco has provided a fix for this issue, this dashboard will no longer be required.

To install the IOS-XE Vulnerability dashboard:

You will require two files from Entuity Support to install and use the IOS-XE Vulnerability dashboard:

1. A StormWorks configuration file that enables your instance of Entuity to scan the Cisco IOS-XE devices under management on your network for known vulnerabilities and malware. This file must be installed before the dashboard file below.
2. An installation file for the IOS-XE Vulnerability dashboard itself. This dashboard is reliant on the StormWorks configuration file above, otherwise it will not return any data.

Once you have installed the dashboard from the supplied file, you will need to assign at least one user group access to this dashboard:

1. In the Entuity UI, navigate to the ‘My Network’ View. Under All Dashboards, click the IOS-XE Vulnerability.
2. The IOS-XE Vulnerability dashboard will then open. From the Overflow Menu, click Edit Dashboard (note, this option is available because this dashboard is not a system dashboard).
   
   
   
   
3. The dashboard editor will open. From the Overflow Menu, click Settings.
4. The Dashboard Settings form will open. Under Access Control, specify the user group or groups that you to which you wish to grant access.
   
   
   
   
5. Once you have made your selection, click Done to save your changes.

To use the IOS-XE Vulnerability dashboard:

1. In the Entuity UI, navigate to the ‘My Network’ View. Under All Dashboards, click the IOS-XE Vulnerability.
2. The IOS-XE Vulnerability dashboard will open.
   
   
   
   This contains a Table dashlet listing the Cisco IOS-XE devices that are currently under management on your network and their vulnerability status to known vulnerabilities and malware. The following information is detailed in the table:
   
   

   Column	Description
   Display Name	display name of the Cisco IOS-XE device.
   Model	device model.
   Location	geographical location of the device, if specified.
   Vulnerability Status	vulnerability status of the device, one of three options: No vulnerability – the device webserver is disabled. Webserver running – the device webserver is running and therefore vulnerable, but no malware has been detected. Implant detected – the known implant malware has been detected. For devices with this status, Entuity recommends that you follow Cisco’s advice to turn the webserver off, because currently Cisco does not have a fix for this issue (note, the switch will continue to work if the webserver is turned off.)