Cisco CPU Side-Channel Information Disclosure Vulnerabilities – May 2018
CVE Numbers : CVE-2018-3639 and CVE-2018-3640
On May 21, 2018, researchers disclosed two vulnerabilities that take advantage of the implementation of speculative execution of instructions on many modern microprocessor architectures to perform side-channel information disclosure attacks. These vulnerabilities could allow an unprivileged, local attacker, in specific circumstances, to read privileged memory belonging to other processes.
The first vulnerability, CVE-2018-3639, is known as Spectre Variant 4 or SpectreNG. The second vulnerability, CVE-2018-3640, is known as Spectre Variant 3a. Both of these attacks are variants of the attacks disclosed in January 2018 and leverage cache-timing attacks to infer any disclosed data.
To exploit either of these vulnerabilities, an attacker must be able to run crafted or script code on an affected device. Although the underlying CPU and operating system combination in a product or service may be affected by these vulnerabilities, the majority of Cisco products are closed systems that do not allow customers to run custom code and are, therefore, not vulnerable. There is no vector to exploit them. Cisco products are considered potentially vulnerable only if they allow customers to execute custom code side-by-side with Cisco code on the same microprocessor.
A Cisco product that may be deployed as a virtual machine or a container, even while not directly affected by any of these vulnerabilities, could be targeted by such attacks if the hosting environment is vulnerable. Cisco recommends that customers harden their virtual environments, tightly control user access, and ensure that all security updates are installed. Customers who are deploying products as a virtual device in multi-tenant hosting environments should ensure that the underlying hardware, as well as operating system or hypervisor, is patched against the vulnerabilities in question.
Although Cisco cloud services are not directly affected by these vulnerabilities, the infrastructure on which they run may be impacted. Refer to the “Affected Products” section of this advisory for information about the impact of these vulnerabilities on Cisco cloud services.
Cisco will release software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.
This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180521-cpusidechannel
-
Cisco is investigating its product line to determine which products and cloud services may be affected by these vulnerabilities. As the investigation progresses, Cisco will update this advisory with information about affected products and services, including the Cisco bug ID for each affected product or service.
Any product or service not listed in the “Products Under Investigation” or “Vulnerable Products” section of this advisory is to be considered not vulnerable. The criteria for considering whether a product is vulnerable is explained in the “Summary” section of this advisory. Because this is an ongoing investigation, please be aware that products and services currently considered not vulnerable may subsequently be considered vulnerable as additional information becomes available.
Products Under Investigation
Network Application, Service, and Acceleration
- Cisco 500 Series WPAN Industrial Routers (IOx feature)
- Cisco Cloud Services Platform 2100
- Cisco Nexus 3000 Series Switches
- Cisco Nexus 9000 Series Switches – Standalone, NX-OS mode
- Cisco Wide Area Application Services (WAAS)
- Cisco vBond Orchestrator
- Cisco vEdge 5000
- Cisco vEdge Cloud
- Cisco vManage NMS
- Cisco vSmart Controller
Routing and Switching – Enterprise and Service Provider
- Cisco 4000 Series Integrated Services Routers (IOS XE Open Service Containers)
- Cisco ASR 1000 Series Aggregation Services Router with RP2 or RP3 (IOS XE Open Service Containers)
- Cisco ASR 1001-HX Series Aggregation Services Routers (IOS XE Open Service Containers)
- Cisco ASR 1001-X Series Aggregation Services Routers (IOS XE Open Service Containers)
- Cisco ASR 1002-HX Series Aggregation Services Routers (IOS XE Open Service Containers)
- Cisco ASR 1002-X Series Aggregation Services Routers (IOS XE Open Service Containers)
- Cisco Application Policy Infrastructure Controller (APIC)
- Cisco Catalyst 3650 Series Switches – IOx feature
- Cisco Catalyst 3850 Series Switches
- Cisco Catalyst 9300 Series Switches – IOx feature
- Cisco Catalyst 9400 Series Switches – IOx feature
- Cisco Catalyst 9500 Series Switches – IOx feature
- Cisco Cloud Services Router 1000V Series (IOS XE Open Service Containers)
- Cisco Industrial Ethernet 4000 Series Switches (IOx feature)
- Cisco Nexus 3000 Series Switches
- Cisco Nexus 4000 Series Blade Switches
- Cisco Nexus 5000 Series Switches (OAC feature)
- Cisco Nexus 6000 Series Switches (OAC feature)
- Cisco Nexus 7000 Series Switches (OAC feature, Feature Bash)
- Cisco Nexus 9000 Series Fabric Switches – ACI mode
- Cisco Virtual Application Policy Infrastructure Controller (APIC)
- Cisco c800 Series Integrated Services Routers
Unified Computing
- Cisco C880 M4 Server
- Cisco C880 M5 Server
- Cisco Enterprise Network Compute System 5100 Series Servers
- Cisco Enterprise Network Compute System 5400 Series Servers
- Cisco HyperFlex with VMWare Hypervisor
- Cisco UCS E-Series M2 Servers
- Cisco UCS E-Series M3 Servers
Voice and Unified Communications Devices
- Cisco Remote Expert Mobile
Wireless
- Cisco Wireless Gateway for LoRaWAN
Cisco Cloud Hosted Services
-
- Cisco Metacloud
- Cisco Spark
- Cisco Threat Grid
- Cisco WebEx Centers – Meeting Center, Training Center, Event Center, Support Center
Duncan is a technology professional with over 20 years experience of working in various IT roles. He has a interest in cyber security, and has a wide range of other skills in radio, electronics and telecommunications.