Cisco adds nine more products to Spectre, Meltdown probe

By on
Cisco adds nine more products to Spectre, Meltdown probe

Cisco Systems has expanded its investigation into products that may be impacted by the Spectre and Meltdown exploits, adding nine more products to the list that already includes dozens of systems.

In an update to a security advisory networking giant said it is investigating several network application, service and acceleration products, as well as network management, routing and server products that weren't covered in an initial advisory earlier this month.

Network application, service and acceleration products included in the updated advisory are Cisco's vBond Orchestrator, vEdge 5000, vEdge Cloud, vManage NMS and vSmart Controller. Also included in the updated advisory are the Cisco Application Policy Infrastructure Controller and Virtual Application Policy Controller, as well as c800 Series Integrated Services Routers and the C880 M4 Server.

Cisco's investigation into the Spectre and Meltdown exploits began with dozens of products including its Cisco Cloud Services Platform 2100, ASR, NCS, XRv9000 and Industrial Integrated Service Routers; Nexus series switches including blade and fabric models; as well as UCS B- and C-Series blade and rack servers.

Fixes are pending, according to the advisory, for three B-Series servers and one C-Series UCS server, as well as the C460 M4 rack server.

The company said that because the majority of its products are proprietary closed systems, they are not vulnerable to the Spectre and Meltdown exploits, which affect chips from multiple vendors, including Intel and AMD.

Still, the company said a Cisco product deployed as a virtual machine or container, "even while not being directly affected by any of these vulnerabilities, could be targeted by such attacks if the hosting environment is vulnerable. The company said customers should "harden their virtual environment" and "ensure that all security updates are installed," adding that it would release software updates to combat the potential threats.

"This continues to be an ongoing investigation, so we are advising customers to please be aware that products and services currently considered not under investigation or vulnerable may subsequently be added to the advisory as additional information becomes available," a Cisco spokesman said in a statement.

"Cisco puts the security of our customers first," the statement read.

"When we have a vulnerability in our products, we issue a security advisory to make sure our customers know what it is and how to address it. Cisco immediately launched an investigation into the recently published security research that details an industry-wide issue affecting speculative execution in modern CPU architectures.

"Cisco PSIRT [Product Security Incident Response Team] has issued a security advisory to help customers understand which Cisco products may be affected and assess the potential implications for their networks. Fixes will be published for affected products as they become available, and potential workarounds will be documented where available."

The Spectre and Meltdown exploits – comprised of three side-channel analysis vulnerabilities – have riled the IT industry because if exploited they could be used to expose sensitive data on most modern processors in mobile devices, desktops, laptops and servers running in cloud environments.

Intel Wednesday said patches issued recently to combat the Spectre and Meltdown exploits were causing reboot problems for newer Kaby Lake and Skylake chips, as well as older chips like its Broadwell and Haswell CPUs.

This article originally appeared at crn.com

Copyright © 2018 The Channel Company, LLC. All rights reserved.
Tags:

Most Read Articles

You must be a registered member of CRN to post a comment.
| Register

Poll

As a reseller, this year would you prefer to...
Do more business with my current vendors
Add new vendors and grow business with them
View poll archive

Log In

Username / Email:
Password:
  |  Forgot your password?