Processor Speculative Execution and Indirect Branch Prediction Vulnerabilities

Overview

Impact

Successful vulnerability exploitation requires the attacker’s ability to run code on the targeted machine.

Airwall Gateway & Conductor

Airwall Gateway and Conductor are purpose-built systems that do not allow remote or local system login, execution/installation of arbitrary code, nor the addition of operating system users. This design does not expose them to Spectre and Meltdown attacks.

HIPApps

Airwall Agent and Airwall Server are exposed to Spectre and Meltdown vulnerabilities through the hardware they are installed on. Work with your operating system and hardware vendors to receive the appropriate mitigation software and/or microcode.

Virtual Airwall Gateways & Conductor

Virtualized Airwall Gateway, Virtualized Conductor, and Cloud Airwall Gateway are vulnerable to Spectre and Meltdown through the hypervisor hardware which hosts them. Work with your hypervisor, cloud, and/or hardware vendors to receive the appropriate mitigation software and microcode.

Affected Products

• None directly
• Airwall Agents and Servers and Virtuals via the host hardware

Remediation

• Airwall Gateway and Conductor – none
• Airwall Agents and Servers and Virutals: Mitigation updates for the host operating system and/or hardware microcode

References

• https://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.html
• http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2017-5715
• http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2017-5753
• http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2017-5754
• https://spectreattack.com/