Cisco is going to release security patches for Meltdown and Spectre attacks

Cisco is going to release security patches for Meltdown and Spectre attacks, the company is currently investigating its entire products portfolio.

Cisco published a security advisory on the CPU Side-Channel information disclosure vulnerabilities that are exploited in the Spectre and Meltdown attacks and announced it is going to release security updates to protect its customers.

Switchzilla announced it will release software updates that address these flaws.

In a statement, Cisco highlighted that the majority of its products are closed systems, this means that it is impossible for an attacker to run custom code on the device. However, the company confirmed that the underlying CPU and OS combination in some products could open the devices to the attacks.

“The first two vulnerabilities, CVE-2017-5753 and CVE-2017-5715, are collectively known as Spectre, the third vulnerability, CVE-2017-5754, is known as Meltdown. The vulnerabilities are all variants of the same attack and differ in the way the speculative execution is exploited.” reads the advisory published by CISCO.
“In order to exploit any of these vulnerabilities, an attacker must be able to run crafted code on an affected device. Although, the underlying CPU and OS combination in a product may be affected by these vulnerabilities, the majority of Cisco products are closed systems that do not allow customers to run custom code on the device, and thus are not vulnerable.”

According to Cisco, only devices that allow the customer to execute their customized code side-by-side with the Cisco code on the same microprocessor are at risk.

Let’s consider for example the case of a Cisco product running on a virtualized environment, if the virtual machine is vulnerable the overall system is exposed to the attacks.

“A Cisco product that may be deployed as a virtual machine or a container, even while not being directly affected by any of these vulnerabilities, could be targeted by such attacks if the hosting environment is vulnerable.” continues the advisory.

“Cisco recommends customers harden their virtual environment and to ensure that all security updates are installed.”

The company is currently investigating its product portfolio searching for vulnerable devices.

Pierluigi Paganini

FAIR USE NOTICE: Under the "fair use" act, another author may make limited use of the original author's work without asking permission. Pursuant to 17 U.S. Code § 107, certain uses of copyrighted material "for purposes such as criticism, comment, news reporting, teaching (including multiple copies for classroom use), scholarship, or research, is not an infringement of copyright." As a matter of policy, fair use is based on the belief that the public is entitled to freely use portions of copyrighted materials for purposes of commentary and criticism. The fair use privilege is perhaps the most significant limitation on a copyright owner's exclusive rights. Cyber Defense Media Group is a news reporting company, reporting cyber news, events, information and much more at no charge at our website Cyber Defense Magazine. All images and reporting are done exclusively under the Fair Use of the US copyright act.

Global InfoSec Awards 2022

We are in our 10th year, and these awards are incredibly well received – helping build buzz, customer awareness, sales and marketing growth opportunities, investment opportunities and so much more.

APPLY NOW

10th Anniversary Exclusive Top 100 CISO Conference & Innovators Showcase

X