Cisco investigates dozens of routers, switches for Meltdown and Spectre exploits

By on
Cisco investigates dozens of routers, switches for Meltdown and Spectre exploits

Cisco is putting dozens of routers, switches and servers under the microscope to find out whether any of them may be affected by the Spectre or Meltdown exploits impacting processors worldwide.

In a security advisory issued Thursday night, the networking giant said the majority of its products are closed systems and, therefore, not vulnerable to the exploits. The Spectre and Meltdown security flaws affect chips from multiple vendors, including market leader Intel.

Intel argues that the exploits are not a problem for networking, but Cisco isn't taking any chances.

"A Cisco product that may be deployed as a virtual machine or container, even while not being directly affected by any of these vulnerabilities, could be targeted by such attacks if the hosting environment is vulnerable," the company advised, adding that it would release software updates to combat that prospect.

In the meantime, the company suggests that customers "harden their virtual environment", and "ensure that all security updates are installed".

The company said it is investigating its Cisco Cloud Services Platform 2100; ASR, NCS, XRv9000 and Industrial Integrated Service routers; Nexus series switches including blade and fabric models; as well as UCS B- and C-series blade and rack servers.

None of the products are known to be vulnerable, Cisco said, and the company has confirmed that its 1000 Series Connected Grid routers are not affected.

Other networking vendors are also keeping a close eye on the exploits. HPE Aruba issued a notice saying its "products are not affected by these vulnerabilities".

An advisory from Juniper Networks says the company is "actively investigating the impact on Juniper Networks products and services".

The Spectre and Meltdown exploits have ignited a firestorm in the IT industry because the vulnerabilities, if ever exploited, could be used to expose sensitive data on most modern processors – including mobile devices, desktops, laptops and servers running in cloud environments. 

This article originally appeared at crn.com

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © 2018 The Channel Company, LLC. All rights reserved.
Tags:

Most Read Articles

You must be a registered member of CRN to post a comment.
| Register

Poll

Are enterprise contracts best left to the biggest suppliers?
Yes: With scale comes experience and broad capability
No: An agile operator brings efficiency and new ideas
View poll archive

Log In

Username / Email:
Password:
  |  Forgot your password?