Processor Speculative Execution and Indirect Branch Prediction Vulnerabilities
The Spectre and Meltdown vulnerabilities in modern processor architecture optimizations, allow unprivileged local attackers to read arbitrary memory without restrictions.
- Advisory ID:
- Tempered-201801A-001
- CVEs:
- CVE-2017-5715, CVE-2017-5753, CVE-2017-5754
- Version:
- 2.0
- Updated:
- 2/21/2018
- Status:
- Interim
Overview
Impact
Successful vulnerability exploitation requires the attacker’s ability to run code on the targeted machine.
Airwall Gateway & Conductor
Airwall Gateway and Conductor are purpose-built systems that do not allow remote or local system login, execution/installation of arbitrary code, nor the addition of operating system users. This design does not expose them to Spectre and Meltdown attacks.
HIPApps
Airwall Agent and Airwall Linux Agent are exposed to Spectre and Meltdown vulnerabilities through the hardware they are installed on. Work with your operating system and hardware vendors to receive the appropriate mitigation software and/or microcode.
Virtual Airwall Gateways & Conductor
Virtualized Airwall Gateway, Virtualized Conductor, and Cloud Airwall Gateway are vulnerable to Spectre and Meltdown through the hypervisor hardware which hosts them. Work with your hypervisor, cloud, and/or hardware vendors to receive the appropriate mitigation software and microcode.
Affected Products
- None directly
- Airwall Agents and Virtuals via the host hardware
Remediation
- Airwall Gateway and Conductor – none
- Airwall Agents and Virutals: Mitigation updates for the host operating system and/or hardware microcode