CPU Side-Channel Information Disclosure Vulnerabilities
On January 3, 2018 researchers disclosed three vulnerabilities that take advantage of the implementation of speculative execution of instructions on many modern microprocessor architectures to perform side-channel information disclosure attacks. These vulnerabilities could allow an unprivileged local attacker, in specific circumstances, to read privileged memory belonging to other processes or memory allocated to the operating system kernel.
The first two vulnerabilities, CVE-2017-5753 and CVE-2017-5715, are collectively known as Spectre, the third vulnerability, CVE-2017-5754, is known as Meltdown. The vulnerabilities are all variants of the same attack and differ in the way the speculative execution is exploited.
In order to exploit any of these vulnerabilities, an attacker must be able to run crafted code on an affected device. Although, the underlying CPU and OS combination in a product may be affected by these vulnerabilities, the majority of Cisco products are closed systems that do not allow customers to run custom code on the device, and thus are not vulnerable. There is no vector to exploit them. Only Cisco devices that are found to allow the customer to execute their customized code side-by-side with the Cisco code on the same microprocessor are considered vulnerable.
A Cisco product that may be deployed as a virtual machine or a container, even while not being directly affected by any of these vulnerabilities, could be targeted by such attacks if the hosting environment is vulnerable. TEC recommends customers harden their virtual environment and to ensure that all security updates are installed.
Cisco is investigating its product line to determine which products may be affected by these vulnerabilities. As the investigation progresses, Cisco will update their advisory with information about affected products, including the Cisco bug ID for each affected product.
Any product not listed under either the “Products Under Investigation” or the “Vulnerable Products” sections of this advisory is to be considered not vulnerable. The criteria to consider a product vulnerable is explained on the “Summary” section of this advisory. Please be aware that as this is an ongoing investigation, products considered not vulnerable may become Vulnerable if additional information becomes available.
Products Under Investigation
Network Application, Service, and Acceleration
- Cisco Cloud Services Platform 2100
- Cisco vBond Orchestrator
- Cisco vEdge 1000
- Cisco vEdge 100
- Cisco vEdge 2000
- Cisco vEdge 5000
- Cisco vEdge Cloud
- Cisco vManage NMS
- Cisco vSmart Controller
Routing and Switching – Enterprise and Service Provider
- ASR9000 XR64bit Series Routers
- Cisco 4000 Series Integrated Services Routers (IOS XE Open Service Containers)
- Cisco 4000 Series Integrated Services Routers (IOx feature)
- Cisco 500 Series WPAN Industrial Routers (IOx feature)
- Cisco ASR 1000 Series Aggregation Services Routers with RP2 or RP3 (IOS XE Open Service Containers)
- Cisco CGR 1000 Compute Module (IOx feature)
- Cisco Catalyst 3650 Series Switches (IOx feature)
- Cisco Catalyst 3850 Series Switches (IOx feature)
- Cisco Catalyst 9300 Series Switches (IOx feature)
- Cisco Catalyst 9400 Series Switches (IOx feature)
- Cisco Catalyst 9500 Series Switches (IOx feature)
- Cisco Industrial Ethernet 4000 Series Switches (IOx feature)
- Cisco NCS 1000 Series Routers
- Cisco NCS 5000 Series Routers
- Cisco NCS 5500 Series Routers
- Cisco Nexus 3000 Series Switches
- Cisco Nexus 4000 Series Blade Switches
- Cisco Nexus 5000 Series Switches
- Cisco Nexus 6000 Series Switches
- Cisco Nexus 7000 Series Switches
- Cisco Nexus 9000 Series Fabric Switches – ACI mode
- Cisco Nexus 9000 Series Switches – Standalone, NX-OS mode
- XRv9000 Series Routers
Video, Streaming, TelePresence, and Transcoding Devices
- Cisco Meeting Server
Full details are available at the following links: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180104-cpusidechannel