Feed aggregator

CPU Side-Channel Information Disclosure Vulnerabilities

Cisco Security Advisories - Thu, 2018-01-04 20:20
On January 3, 2018 researchers disclosed three vulnerabilities that take advantage of the implementation of speculative execution of instructions on many modern microprocessor architectures to perform side-channel information disclosure attacks. These vulnerabilities could allow an unprivileged local attacker, in specific circumstances, to read privileged memory belonging to other processes or memory allocated to the operating system kernel.

The first two vulnerabilities, CVE-2017-5753 and CVE-2017-5715, are collectively known as Spectre, the third vulnerability, CVE-2017-5754, is known as Meltdown. The vulnerabilities are all variants of the same attack and differ in the way the speculative execution is exploited.

In order to exploit any of these vulnerabilities, an attacker must be able to run crafted code on an affected device. The majority of Cisco products are closed systems, which do not allow customers to run custom code on the device. Although, the underlying CPU and OS combination in a product may be affected by these vulnerabilities, the majority of Cisco products are closed systems that do not allow customers to run custom code on the device, and thus are not vulnerable. There is no vector to exploit them. Only Cisco devices that are found to allow the customer to execute their customized code side-by-side with the Cisco code on the same microprocessor are considered vulnerable.

A Cisco product that may be deployed as a virtual machine or a container, even while not being directly affected by any of these vulnerabilities, could be the targeted by such attacks if the hosting environment is vulnerable. Cisco recommends customers to harden their virtual environment and to ensure that all security updates are installed.

Cisco will release software updates that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180104-cpusidechannel
Security Impact Rating: Medium
CVE: CVE-2017-5715,CVE-2017-5753,CVE-2017-5754
Categories: Security Alerts

TA18-004A: Meltdown and Spectre Side-Channel Vulnerability Guidance

US-CERT - Thu, 2018-01-04 10:47
Original release date: January 04, 2018
Systems Affected

CPU hardware implementations

Overview

On January 3, 2018, the National Cybersecurity and Communications Integration Center (NCCIC) became aware of a set of security vulnerabilities—known as Meltdown and Spectre— that affect modern computer processors. Exploitation of these vulnerabilities could allow an attacker to obtain access to sensitive information.

Description

CPU hardware implementations are vulnerable to side-channel attacks referred to as Meltdown and Spectre. These attacks are described in detail by CERT/CC’s Vulnerability Note VU#584653, the United Kingdom National Cyber Security Centre’s guidance on Meltdown and Spectre, Google Project Zero, and the Institute of Applied Information Processing and Communications (IAIK) at Graz University of Technology (TU Graz). The Linux kernel mitigations for this vulnerability are referred to as KAISER, and subsequently KPTI, which aim to improve separation of kernel and user memory pages.

Intel and Linux have developed tools to detect and mitigate the Meltdown and Spectre vulnerabilities in Windows and Linux. See INTEL-SA-00075 Detection and Mitigation Tool (Windows) and INTEL-SA-00075 Linux Detection and Mitigation Tools (Linux) for further information.

Impact

Exploitation of these vulnerabilities could allow an attacker to obtain access to sensitive information.

Solution

US-CERT encourages users and administrators to refer to their OS vendors for the most recent information. However, the table provided below lists available patches. Due to the fact that the vulnerability exists in CPU architecture rather than in software, patching may not fully address these vulnerabilities in all cases.

After patching, performance may be diminished by up to 30 percent. Administrators should ensure that performance is monitored for critical applications and services, and work with their vendor(s) and service provider(s) to mitigate the effect if possible.

Additionally, impacts to availability in some cloud service providers (CSPs) have been reported as a result of patches to host OSes. Users and administrators who rely on cloud infrastructure should work with their CSP to mitigate and resolve any impacts resulting from host OS patching and mandatory rebooting.

The following table contains links to patch information published in response to the vulnerabilities.

Link to Vendor Patch InformationDate AddedAmazonJanuary 4, 2018AMDJanuary 4, 2018AndroidJanuary 4, 2018ARMJanuary 4, 2018CentOSJanuary 4, 2018ChromiumJanuary 4, 2018CitrixJanuary 4, 2018F5January 4, 2018GoogleJanuary 4, 2018HuaweiJanuary 4, 2018IBMJanuary 4, 2018IntelJanuary 4, 2018LenovoJanuary 4, 2018LinuxJanuary 4, 2018Microsoft AzureJanuary 4, 2018Microsoft WindowsJanuary 4, 2018NVIDIAJanuary 4, 2018OpenSuSEJanuary 4, 2018Red HatJanuary 4, 2018SuSEJanuary 4, 2018Trend MicroJanuary 4, 2018VMwareJanuary 4, 2018XenJanuary 4, 2018

 

References Revision History
  • January 4, 2018

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: Security Alerts

Multiple Vulnerabilities in OpenSSL (January 2016) Affecting Cisco Products

Cisco Security Advisories - Thu, 2018-01-04 10:43
On January 28, 2016, the OpenSSL Project released a security advisory detailing two vulnerabilities.

Multiple Cisco products incorporate a version of the OpenSSL package affected by one or more vulnerabilities that could allow an unauthenticated, remote attacker to conduct man-in-the-middle attacks on an SSL/TLS connection.

This advisory will be updated as additional information becomes available.

Cisco will release software updates that address these vulnerabilities.

Workarounds that address these vulnerabilities are not available.

This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160129-openssl
Security Impact Rating: High
CVE: CVE-2015-3197,CVE-2016-0701
Categories: Security Alerts

Cisco WebEx Advanced Recording Format Player Remote Code Execution Vulnerability

Cisco Security Advisories - Wed, 2018-01-03 14:00
A vulnerability in Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) files could allow a remote attacker to execute arbitrary code on the system of a targeted user. The attacker could exploit this vulnerability by sending the user a link or email attachment with a malicious ARF file and persuading the user to follow the link or launch the file. Successful exploitation could allow the attacker to execute arbitrary code on the user’s system.

The Cisco WebEx Players are applications that are used to play back WebEx meeting recordings that have been recorded by an online meeting attendee. The player can be automatically installed when the user accesses a recording file that is hosted on a WebEx server.

Cisco has updated the affected version of the Cisco WebEx Business Suite meeting sites, Cisco WebEx Meetings sites, Cisco WebEx Meetings Server, and Cisco WebEx ARF players to address this vulnerability.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180103-warfp
Security Impact Rating: Medium
CVE: CVE-2018-0104
Categories: Security Alerts

Cisco WebEx Network Recording Player Buffer Overflow Vulnerability

Cisco Security Advisories - Wed, 2018-01-03 14:00
A vulnerability in Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) files could allow a local attacker to execute arbitrary code on the system of a user. The attacker could exploit this vulnerability by sending the user a link or email attachment with a malicious ARF file and persuading the user to follow the link or launch the file. Successful exploitation could allow the attacker to execute arbitrary code on the user’s system.

The Cisco WebEx Players are applications that are used to play back WebEx meeting recordings that have been recorded by an online meeting attendee. The player can be automatically installed when the user accesses a recording file that is hosted on a WebEx server.

Cisco has updated the affected version of the Cisco WebEx Business Suite meeting sites, Cisco WebEx Meetings sites, Cisco WebEx Meetings Server, and Cisco WebEx ARF players to address this vulnerability.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180103-wnrp
Security Impact Rating: Medium
CVE: CVE-2018-0103
Categories: Security Alerts

Pages

Subscribe to Willing Minds aggregator