Intel CPU Meltdown and Specter Affects Cisco Multiple Server Products

Summary
  • On January 3, 2018 researchers disclosed three vulnerabilities that take advantage of the implementation of speculative execution of instructions on many modern microprocessor architectures to perform side-channel information disclosure attacks. These vulnerabilities could allow an unprivileged local attacker, in specific circumstances, to read privileged memory belonging to other processes or memory allocated to the operating system kernel.
    The first two vulnerabilities, CVE-2017-5753 and CVE-2017-5715, are collectively known as Spectre, the third vulnerability, CVE-2017-5754, is known as Meltdown. The vulnerabilities are all variants of the same attack and differ in the way the speculative execution is exploited.
    In order to exploit any of these vulnerabilities, an attacker must be able to run crafted code on an affected device. Although, the underlying CPU and OS combination in a product may be affected by these vulnerabilities, the majority of Cisco products are closed systems that do not allow customers to run custom code on the device, and thus are not vulnerable. There is no vector to exploit them. Only Cisco devices that are found to allow the customer to execute their customized code side-by-side with the Cisco code on the same microprocessor are considered vulnerable.
    A Cisco product that may be deployed as a virtual machine or a container, even while not being directly affected by any of these vulnerabilities, could be targeted by such attacks if the hosting environment is vulnerable. Cisco recommends customers harden their virtual environment and to ensure that all security updates are installed.
    Cisco will release software updates that address this vulnerability.
    This advisory is available at the following link:
    https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180104-cpusidechannel
Affected Products
    • Cisco Cloud Services Platform 2100
    • Cisco vBond Orchestrator
    • Cisco vEdge 1000
    • Cisco vEdge 100
    • Cisco vEdge 2000
    • Cisco vEdge 5000
    • Cisco vEdge Cloud
    • Cisco vManage NMS
    • Cisco vSmart ControllerCisco is investigating its product line to determine which products may be affected by these vulnerabilities. As the investigation progresses, Cisco will update this advisory with information about affected products, including the Cisco bug ID for each affected product.
      Any product not listed under either the “Products Under Investigation” or the “Vulnerable Products” sections of this advisory is to be considered not vulnerable. The criteria to consider a product vulnerable is explained on the “Summary” section of this advisory. Please be aware that as this is an ongoing investigation, products considered not vulnerable may become Vulnerable if additional information becomes available.
      Products Under Investigation
      Network Application, Service, and Acceleration


    Routing and Switching – Enterprise and Service Provider

    • Cisco 4000 Series Integrated Services Routers (IOx feature)
    • Cisco 500 Series WPAN Industrial Routers (IOx feature)
    • Cisco ASR 1000 Series Aggregation Services Routers with RP2 or RP3 (IOS XE Open Service Containers)
    • Cisco CGR 1000 Compute Module (IOx feature)
    • Cisco Catalyst 3650 Series Switches (IOx feature)
    • Cisco Catalyst 3850 Series Switches (IOx feature)
    • Cisco Catalyst 9300 Series Switches (IOx feature)
    • Cisco Catalyst 9400 Series Switches (IOx feature)
    • Cisco Catalyst 9500 Series Switches (IOx feature)
    • Cisco Industrial Ethernet 4000 Series Switches (IOx feature)
    • Cisco NCS 1000 Series Routers
    • Cisco NCS 5000 Series Routers
    • Cisco NCS 5500 Series Routers
    • Cisco Nexus 3000 Series Switches
    • Cisco Nexus 4000 Series Blade Switches
    • Cisco Nexus 5000 Series Switches
    • Cisco Nexus 6000 Series Switches
    • Cisco Nexus 7000 Series Switches
    • Cisco Nexus 9000 Series Fabric Switches – ACI mode
    • Cisco Nexus 9000 Series Switches – Standalone, NX-OS mode
    • XRv9000 Series Routers


    Video, Streaming, TelePresence, and Transcoding Devices

    • Cisco Meeting Server


    Vulnerable Products

    Product Cisco Bug ID Fixed Release Availability
    Routing and Switching – Enterprise and Service Provider
    Cisco 800 Industrial Integrated Services Routers CSCvh31418
    Unified Computing
    Cisco UCS B-Series M2 Blade Servers CSCvh31576 Fix Pending
    Cisco UCS B-Series M3 Blade Servers CSCvg97965 (18-Feb-2018)
    Cisco UCS B-Series M4 Blade Servers (except B260, B460) CSCvg97979 (18-Feb-2018)
    Cisco UCS B-Series M5 Blade Servers CSCvh31577 (18-Feb-2018)
    Cisco UCS B260 M4 Blade Server CSCvg98015 (18-Feb-2018)
    Cisco UCS B460 M4 Blade Server CSCvg98015 (18-Feb-2018)
    Cisco UCS C-Series M2 Rack Servers CSCvh31576 Fix Pending
    Cisco UCS C-Series M3 Rack Servers CSCvg97965 (18-Feb-2018)
    Cisco UCS C-Series M4 Rack Servers (except C460) CSCvg97979 (18-Feb-2018)
    Cisco UCS C-Series M5 Rack Servers CSCvh31577 (18-Feb-2018)
    Cisco UCS C460 M4 Rack Server CSCvg98015 (18-Feb-2018)

    Products Confirmed Not Vulnerable

    No other Cisco products are currently known to be affected by these vulnerabilities.
    Cisco has confirmed that these vulnerabilities do not affect the following products: 
    Routing and Switching – Enterprise and Service Provider

    • Cisco 1000 Series Connected Grid Routers

    ASR9000 XR64bit Series Routers

Details
  • Intel CPU Process Prediction Information Disclosure Vulnerability
    A vulnerability in Intel CPU processors could allow a local attacker to access sensitive information on a targeted system.
    The vulnerability is due to improper implementation of the speculative execution of instructions by the affected software. This vulnerability can by triggered by utilizing branch target injection. An attacker could exploit this vulnerability by executing arbitrary code and performing a side-channel attack on a targeted system. A successful exploit could allow the attacker to read sensitive memory information.
    This vulnerability has been assigned CVE ID CVE-2017-5715
    Intel CPU Process Branch Prediction Information Disclosure Vulnerability
    A vulnerability in Intel CPU processors could allow a local attacker to access sensitive information on a targeted system.
    The vulnerability is due to improper implementation of the speculative execution of instructions by the affected software. This vulnerability can by triggered by performing a bounds check bypass. An attacker could exploit this vulnerability by executing arbitrary code and performing a side-channel attack on a targeted system. A successful exploit could allow the attacker to read sensitive memory information.
    This vulnerability has been assigned CVE ID CVE-2017-5753
    Intel CPU Indirect Branch Prediction Information Disclosure Vulnerability
    A vulnerability in Intel CPU hardware could allow a local attacker to gain access to sensitive information on a targeted system.
    The vulnerability is due to side-channel attacks, which are also referred to as Meltdown attacks. A local attacker could exploit this vulnerability by executing arbitrary code on the affected system. A successful exploit could allow the attacker to gain access to sensitive information on the targeted system, including accessing memory from the CPU cache.
    This vulnerability has been assigned CVE ID CVE-2017-5754

Workarounds
  • Any workarounds will be documented in the product-specific Cisco bugs, which are accessible through the Cisco Bug Search Tool.
Fixed Software
  • For information about fixed software releases, consult the Cisco bug ID(s) at the top of this advisory.
    When considering software upgrades, customers are advised to regularly consult the advisories for Cisco products, which are available from the Cisco Security Advisories and Alerts page, to determine exposure and a complete upgrade solution.
    In all cases, customers should ensure that the devices to be upgraded contain sufficient memory and confirm that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, customers are advised to contact the Cisco Technical Assistance Center (TAC) or their contracted maintenance providers.
Exploitation and Public Announcements
  • The vulnerabilities described in this advisory were discussed in several articles and discussion forums as of January 3, 2018.
    The Cisco Product Security Incident Response Team (PSIRT) is not aware of any malicious use of the vulnerabilities that are described in this advisory.

Leave a Reply