Go back

Identifying Vulnerabilities through No-Code Network Automation

by Claudio Pallais Nov 7, 2023

Network security is a critical exercise in continuous vigilance. Threats evolve and new vulnerabilities are discovered every day. Case in point, on October 16th, 2023, Cisco revealed the existence of previous unknown vulnerabilities, CVE-2023-20198 and CVE-2023-20273 (Cisco Bug ID: CSCwh87343), affecting all of Cisco’s IOS XE products. This exploit takes advantage of IOS XE’s web-UI functionality, regardless of whether it is configured for HTTPS or not. Per the Cisco website:

These vulnerabilities allows a remote, unauthenticated attacker to create an account on an affected system with privilege level 15 access. The attacker can then use that account to gain control of the affected system.

This bug was given a Common Vulnerability Scoring System (CVSS) score of TEN, the most critical and severe of vulnerabilities, which usually warrants taking immediate action to resolve.

The absolute quickest way to respond to any real-world network problem is with NetBrain’s no-code Network Intents: instant automation that every network engineer can apply without programming or coding.

Within minutes of receiving the Cisco security advisory, one of our customer support engineers had already begun plugging these security vulnerabilities for our customers using our no-code network automation. We knew time was of the essence and wanted to assist our customers to respond quickly within their own hybrid networks. Using the materials we supplied to all our customers on that first day, NetBrain power users were able to quickly create a set of Network Intents to identify the CVE-affected IOS XE devices across their entire network and allow their operators to repair each affected device.

Let’s briefly investigate how NetBrain’s Next-Gen platform helped our customers identify this timely example of where they were vulnerable and open to attack.