Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2018.1548.7
CPU Side-Channel Information Disclosure Vulnerabilities: May 2018
3 September 2018
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: Multiple products
Publisher: Cisco Systems
Operating System: Cisco
Impact/Access: Access Privileged Data -- Existing Account
Resolution: Patch/Upgrade
CVE Names: CVE-2018-3640 CVE-2018-3639
Reference: ASB-2018.0121
ESB-2018.1545
Original Bulletin:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180521-cpusidechannel
Revision History: September 3 2018: Update to affected products from Cisco
June 14 2018: Update to affected products from Cisco
June 6 2018: Update to affected products from Cisco
May 25 2018: Update to affected products from Cisco
May 24 2018: Update to affected products from Cisco
May 23 2018: Update to affected products from Cisco
May 22 2018: Initial Release
- --------------------------BEGIN INCLUDED TEXT--------------------
CPU Side-Channel Information Disclosure Vulnerabilities: May 2018
Medium
Advisory ID: cisco-sa-20180521-cpusidechannel
First Published: 2018 May 22 01:00 GMT
Last Updated: 2018 August 31 20:24 GMT
Version 1.9: Interim
Workarounds: No workarounds available
CVE-2018-3639
CVE-2018-3640
Summary
o On May 21, 2018, researchers disclosed two vulnerabilities that take
advantage of the implementation of speculative execution of instructions on
many modern microprocessor architectures to perform side-channel
information disclosure attacks. These vulnerabilities could allow an
unprivileged, local attacker, in specific circumstances, to read privileged
memory belonging to other processes.
The first vulnerability, CVE-2018-3639, is known as Spectre Variant 4 or
SpectreNG. The second vulnerability, CVE-2018-3640, is known as Spectre
Variant 3a. Both of these attacks are variants of the attacks disclosed in
January 2018 and leverage cache-timing attacks to infer any disclosed data.
To exploit either of these vulnerabilities, an attacker must be able to run
crafted or script code on an affected device. Although the underlying CPU
and operating system combination in a product or service may be affected by
these vulnerabilities, the majority of Cisco products are closed systems
that do not allow customers to run custom code and are, therefore, not
vulnerable. There is no vector to exploit them. Cisco products are
considered potentially vulnerable only if they allow customers to execute
custom code side-by-side with Cisco code on the same microprocessor.
A Cisco product that may be deployed as a virtual machine or a container,
even while not directly affected by any of these vulnerabilities, could be
targeted by such attacks if the hosting environment is vulnerable. Cisco
recommends that customers harden their virtual environments, tightly
control user access, and ensure that all security updates are installed.
Customers who are deploying products as a virtual device in multi-tenant
hosting environments should ensure that the underlying hardware, as well as
operating system or hypervisor, is patched against the vulnerabilities in
question.
Although Cisco cloud services are not directly affected by these
vulnerabilities, the infrastructure on which they run may be impacted.
Refer to the "Affected Products" section of this advisory for information
about the impact of these vulnerabilities on Cisco cloud services.
Cisco will release software updates that address these vulnerabilities.
There are no workarounds that address these vulnerabilities.
This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/
cisco-sa-20180521-cpusidechannel
Affected Products
o Any product or service not listed in the "Vulnerable Products" section of
this advisory is to be considered not vulnerable. The criteria for
considering whether a product is vulnerable are explained in the "Summary"
section of this advisory.
Vulnerable Products
The following table lists Cisco products and cloud services that are
affected by the vulnerabilities described in this advisory:
Product Cisco Bug Fixed Release Availability
ID
Network Application, Service, and Acceleration
Cisco Cloud Services Platform CSCvj63868 Consult the Cisco bug ID for
2100 details
Cisco Wide Area Application CSCvj59144 Update to v6.x (Available)
Services (WAAS)
Cisco vBond Orchestrator -- 18.2 (Available)
Cisco vEdge 5000 -- 18.2 (Available)
Cisco vEdge Cloud -- 18.2 (Available)
Cisco vManage NMS --
Cisco vSmart Controller -- 18.2 (Available)
Network Management and Provisioning
Cisco Network Functions Consult the Cisco bug ID for
Virtualization Infrastructure CSCvj59161 details
Software
Routing and Switching - Enterprise and Service Provider
Cisco 4000 Series Integrated Consult the Cisco bug ID for
Services Routers (IOS XE Open CSCvj59152 details
Service Containers)
Cisco 800 Series Industrial CSCvj59153 Consult the Cisco bug ID for
Integrated Services Routers details
Cisco ASR 1000 Series
Aggregation Services Router with CSCvj59152 Consult the Cisco bug ID for
RP2 or RP3 (IOS XE Open Service details
Containers)
Cisco ASR 1001-HX Series Consult the Cisco bug ID for
Aggregation Services Routers CSCvj59152 details
(IOS XE Open Service Containers)
Cisco ASR 1001-X Series Consult the Cisco bug ID for
Aggregation Services Routers CSCvj59152 details
(IOS XE Open Service Containers)
Cisco ASR 1002-HX Series Consult the Cisco bug ID for
Aggregation Services Routers CSCvj59152 details
(IOS XE Open Service Containers)
Cisco ASR 1002-X Series Consult the Cisco bug ID for
Aggregation Services Routers CSCvj59152 details
(IOS XE Open Service Containers)
Cisco ASR 9000 XR 64-bit Series CSCvj59142 Consult the Cisco bug ID for
Routers details
Cisco Application Policy CSCvj59131 Consult the Cisco bug ID for
Infrastructure Controller (APIC) details
Cisco CGR 1000 Compute Module CSCvj59160 Consult the Cisco bug ID for
(IOx feature) details
Cisco Catalyst 9300 Series CSCvj59156 Consult the Cisco bug ID for
Switches - IOx feature details
Cisco Catalyst 9400 Series CSCvj59157 Consult the Cisco bug ID for
Switches - IOx feature details
Cisco Catalyst 9500 Series CSCvj59158 Consult the Cisco bug ID for
Switches - IOx feature details
Cisco Cloud Services Router Consult the Cisco bug ID for
1000V Series (IOS XE Open CSCvj59152 details
Service Containers)
Cisco NCS 1000 Series Routers CSCvj59142 Consult the Cisco bug ID for
details
Cisco NCS 5000 Series Routers CSCvj59142 Consult the Cisco bug ID for
details
Cisco NCS 5500 Series Routers CSCvj59142 Consult the Cisco bug ID for
details
Cisco Nexus 3000 Series Switches CSCvj59136 Consult the Cisco bug ID for
details
Cisco Nexus 5000 Series Switches CSCvj59138 Consult the Cisco bug ID for
(OAC feature) details
Cisco Nexus 6000 Series Switches CSCvj59135 Consult the Cisco bug ID for
(OAC feature) details
Cisco Nexus 7000 Series Switches CSCvj59135 Consult the Cisco bug ID for
(OAC feature, Feature Bash) details
Cisco Nexus 9000 Series Switches CSCvj59136 Consult the Cisco bug ID for
- Standalone, NX-OS mode details
Cisco Virtual Application Policy CSCvj59131 Consult the Cisco bug ID for
Infrastructure Controller (APIC) details
Cisco XRv 9000 Series Routers CSCvj59142 Consult the Cisco bug ID for
details
Unified Computing
Cisco C880 M4 Server CSCvj59127 Consult the Cisco bug ID for
details
Cisco C880 M5 Server CSCvj59127 Consult the Cisco bug ID for
details
Cisco Enterprise Network Compute CSCvj59121 Consult the Cisco bug ID for
System 5100 Series Servers details
Cisco Enterprise Network Compute CSCvj59121 Consult the Cisco bug ID for
System 5400 Series Servers details
Cisco HyperFlex with VMWare CSCvj59134 Consult the Cisco bug ID for
Hypervisor details
Cisco UCS B-Series M2 Blade
Servers - Managed
UCS Manager 2.2(8l) -
(Available)
UCS Manager 3.1(3j) -
Cisco UCS B-Series M2 Blade CSCvj59301 (Available)
Servers - Managed UCS Manager 3.2(3g) -
(Available)
Cisco UCS C-Series M2 Rack
Servers - Managed
UCS Manager 2.2(8l) -
(Available)
Cisco UCS B-Series M3 Blade UCS Manager 2.2(8l) (Available)
Servers CSCvj54880 UCS Manager 3.1(3j) (Available)
UCS Manager 3.2(3g) (Available)
UCS Manager 3.2(3e) -
(Available)
UCS Manager 3.1(3j) -
(Available)
UCS Manager 2.2(8l) -
(Available)
Cisco UCS C-Series M4 Rack
Servers - Managed (except C460)
Cisco UCS B-Series M4 Blade - UCS Manager 3.2(3e) -
Servers (except B260, B460) CSCvj54187 (Available)
Cisco UCS S3260 M4 Storage
Server - Managed - UCS Manager
3.2(3e) - (Available)
Cisco UCS S3260 M4 Storage
Server - Standalone - Cisco IMC
3.0(4e) - (Available)
Cisco UCS S3260 M4 Storage
Server - UCS Manager 3.1(3j) -
(Available)
Cisco UCS B-Series M5 Blade
Servers
Cisco UCS B-Series M5 Blade UCS Manager 3.2(3g) -
Servers CSCvj59266 (Available)
Cisco UCS C-Series M5 Rack
Servers -Standalone
Cisco IMC 3.1(2i) - (Available)
Cisco UCS B260 M4 Blade Server
UCS Manager 3.2(3e) -
(Available)
UCS Manager 3.1(3j) -
(Available)
UCS Manager 2.2(8l) -
(Available)
Cisco UCS B460 M4 Blade Server
UCS Manager 3.2(3e) -
Cisco UCS B260 M4 Blade Server CSCvj54847 (Available)
UCS Manager 3.1(3j) - Available
UCS Manager 2.2(8l) - Available
Cisco UCS C460 M4 Rack Server -
Managed
UCS Manager 3.2(3e) -
(Available)
UCS Manager 3.1(3j) -
(Available)
UCS Manager 2.2(8l) -
(Available)
Cisco UCS B260 M4 Blade Server
UCS Manager 3.2(3e) -
(Available)
UCS Manager 3.1(3j) -
(Available)
UCS Manager 2.2(8l) -
(Available)
Cisco UCS B460 M4 Blade Server
UCS Manager 3.2(3e) -
Cisco UCS B460 M4 Blade Server CSCvj54847 (Available)
UCS Manager 3.1(3j) - Available
UCS Manager 2.2(8l) - Available
Cisco UCS C460 M4 Rack Server -
Managed
UCS Manager 3.2(3e) -
(Available)
UCS Manager 3.1(3j) -
(Available)
UCS Manager 2.2(8l) -
(Available)
Cisco UCS B-Series M2 Blade
Servers - Managed
UCS Manager 2.2(8l) -
(Available)
UCS Manager 3.1(3j) -
Cisco UCS C-Series M2 Rack CSCvj59301 (Available)
Servers - Managed UCS Manager 3.2(3g) -
(Available)
Cisco UCS C-Series M2 Rack
Servers - Managed
UCS Manager 2.2(8l) -
(Available)
Cisco UCS C-Series M2 Rack CSCvj59309 Cisco IMC 1.4(3z09) -
Servers - Standalone (Available)
Cisco UCS C-Series M2 Rack
Servers [EX processor family CSCvj59304 Cisco IMC 1.5(9f) - (Available)
servers] - Standalone
UCS Manager 3.2(3g) -
(Available)
UCS Manager 3.1(3j) -
Cisco UCS C-Series M3 Rack CSCvj59312 (Available)
Servers UCS Manager 2.2(8l) -
(Available)
Cisco IMC 3.0(4i) - (Available)
Cisco IMC 2.0(9o) - (Available)
Cisco UCS C-Series M4 Rack Cisco IMC 3.0(4e) - (Available)
Servers (except C460) - CSCvj59318 Cisco IMC 2.0(10k) -
Standalone ^1 (Available)
UCS Manager 3.2(3e) -
(Available)
UCS Manager 3.1(3j) -
(Available)
UCS Manager 2.2(8l) -
(Available)
Cisco UCS C-Series M4 Rack
Servers - Managed (except C460)
Cisco UCS C-Series M4 Rack - UCS Manager 3.2(3e) -
Servers (except C460) -Managed ^ CSCvj54187 (Available)
1 Cisco UCS S3260 M4 Storage
Server - Managed - UCS Manager
3.2(3e) - (Available)
Cisco UCS S3260 M4 Storage
Server - Standalone - Cisco IMC
3.0(4e) - (Available)
Cisco UCS S3260 M4 Storage
Server - UCS Manager 3.1(3j) -
(Available)
Cisco UCS C-Series M5 Rack CSCvj59331 UCS Manager 3.2(3g) -
Servers - Managed ^1 (Available)
Cisco UCS B-Series M5 Blade
Servers
Cisco UCS C-Series M5 Rack UCS Manager 3.2(3g) -
Servers -Standalone ^1 CSCvj59266 (Available)
Cisco UCS C-Series M5 Rack
Servers -Standalone
Cisco IMC 3.1(2i) - (Available)
Cisco UCS B260 M4 Blade Server
UCS Manager 3.2(3e) -
(Available)
UCS Manager 3.1(3j) -
(Available)
UCS Manager 2.2(8l) -
(Available)
Cisco UCS B460 M4 Blade Server
UCS Manager 3.2(3e) -
Cisco UCS C460 M4 Rack Server - CSCvj54847 (Available)
Managed UCS Manager 3.1(3j) - Available
UCS Manager 2.2(8l) - Available
Cisco UCS C460 M4 Rack Server -
Managed
UCS Manager 3.2(3e) -
(Available)
UCS Manager 3.1(3j) -
(Available)
UCS Manager 2.2(8l) -
(Available)
Cisco UCS C460 M4 Rack Server - Cisco IMC 3.0(4e) - (Available)
Standalone CSCvj59326 Cisco IMC 2.0(12h) -
(Available)
Cisco UCS E-Series M2 Servers CSCvj59121 Consult the Cisco bug ID for
details
Cisco UCS E-Series M3 Servers CSCvj59121 Consult the Cisco bug ID for
details
UCS Manager 3.2(3e) -
(Available)
UCS Manager 3.1(3j) -
(Available)
UCS Manager 2.2(8l) -
(Available)
Cisco UCS C-Series M4 Rack
Servers - Managed (except C460)
Cisco UCS S3260 M4 Storage - UCS Manager 3.2(3e) -
Server CSCvj54187 (Available)
Cisco UCS S3260 M4 Storage
Server - Managed - UCS Manager
3.2(3e) - (Available)
Cisco UCS S3260 M4 Storage
Server - Standalone - Cisco IMC
3.0(4e) - (Available)
Cisco UCS S3260 M4 Storage
Server - UCS Manager 3.1(3j) -
(Available)
Cisco Virtual Infrastructure 2.4.1
Manager CSCvj75271 2.2.24
(Available)
Voice and Unified Communications Devices
Cisco Remote Expert Mobile CSCvj59167 Consult the Cisco bug ID for
details
Cisco Cloud Hosted Services
Cisco Metacloud CSCvj59149 Consult the Cisco bug ID for
details
Cisco Threat Grid --
^1 Cisco UCS M4 and M5 Rack Servers are used as part of the Cisco HyperFlex
Solution.
Products Confirmed Not Vulnerable
The following Cisco products are considered not vulnerable to Spectre
Variant 3a or Spectre Variant 4. Specific models in these product families
may be affected and will be explicitly listed in the preceding "Vulnerable
Products" section.
Routers
Branch Routers
- Cisco 4000 Series Integrated Services Routers
- Cisco 1900 Series Integrated Services Routers
- Cisco 1800 Series Integrated Services Routers
- Cisco 1000 Series Integrated Services Routers
- Cisco 800 Series Routers
Data Center Interconnect Platforms
- Cisco ASR 1000 Series Aggregation Services Routers
- Cisco Carrier Routing System
- Cisco Catalyst 6500 Series Switches
Industrial Routers
- Cisco 2000 Series Connected Grid Routers
- Cisco 1000 Series Connected Grid Routers
- Cisco 900 Series Industrial Routers
- Cisco 800 Series Industrial Integrated Services Routers
- Cisco 500 Series WPAN Industrial Routers
- Cisco Wireless Gateway for LoRaWAN
Cloud Networking Services
- Cisco Cloud Services Router 1000V Series
Mobile Internet Routers
- Cisco 5900 Series Embedded Services Routers
- Cisco MWR 2900 Series Mobile Wireless Routers
Service Provider Core Routers
- Cisco Carrier Routing System
- Cisco Network Convergence System 6000 Series Routers
Service Provider Edge Routers
- Cisco 12000 Series Routers
- Cisco ASR 1000 Series Aggregation Services Routers
- Cisco ASR 920 Series Aggregation Services Router
- Cisco ASR 901 Series Aggregation Services Routers
- Cisco ASR 900 Series Aggregation Services Routers
- Cisco XR 12000 Series Router
- Cisco Network Convergence System 500 Series Routers
Small Business Routers
- Cisco 1900 Series Integrated Services Routers
- Cisco 800 Series Routers
- Cisco Small Business RV Series Routers
Virtual Routers
- Cisco Cloud Services Router 1000V Series
- Cisco WAN Aggregation and Internet Edge Routers
- Cisco ASR 1000 Series Aggregation Services Routers
- Cisco Catalyst 6500 Series Switches
WAN Optimization
- Cisco Virtual Wide Area Application Services (vWAAS)
- Cisco Wide Area Application Services (WAAS) Express
- Cisco Wide Area Application Services (WAAS) Software
Switches
Blade Switches
- Cisco Blade Switches for Dell
- Cisco Blade Switches for FSC
- Cisco Blade Switches for HP
- Cisco Nexus 4000 Series Switches
- Cisco Switch Modules for IBM
- Cisco SFS Solutions for Blade Switches
- Cisco SFS Solution for Dell
Campus LAN Switches - Access
- Cisco Catalyst 9400 Series Switches
- Cisco Catalyst 9300 Series Switches
- Cisco Catalyst 4500 Series Switches
- Cisco Catalyst 3850 Series Switches
- Cisco Catalyst 3750 Series Switches
- Cisco Catalyst 3650 Series Switches
- Cisco Catalyst 2960-L Series Switches
- Cisco Catalyst 2960-Plus Series Switches
- Cisco Catalyst 2960-X Series Switches
- Cisco Edge Series
- Cisco Meraki Cloud Managed Switches
- Cisco Redundant Power Systems
Campus LAN Switches - Core and Distribution
- Cisco Catalyst 9500 Series Switches
- Cisco Catalyst 6800 Series Switches
- Cisco Catalyst 6500 Series Switches
- Cisco Catalyst 6500 Virtual Switching System 1440
- Cisco Catalyst 4900 Series Switches
- Cisco Catalyst 4500 Series Switches
- Cisco Catalyst 4500-X Series Switches
- Cisco Catalyst 3850 Series Switches
- Cisco Nexus 7000 Series Switches
Campus LAN Switches - Digital Building
- Cisco Catalyst 3560-CX Series Switches
- Cisco Catalyst 2960-C Series Switches
- Cisco Catalyst 2960-CX Series Switches
- Cisco Catalyst 2960-L Series Switches
- Cisco Catalyst Digital Building Series Switches
Data Center Switches
- Cisco Nexus 2000 Series Fabric Extenders
- Cisco R Series Racks
- Cisco RP Series Power Distribution Units
- Cisco Data Center Network Management
- Cisco Data Center Network Manager
- Cisco Fabric Manager
- Cisco Data Center Switches with Cisco IOS Software
- Cisco Catalyst 6500 Series Switches
- Cisco Catalyst 4900 Series Switches
- Cisco Energy and Asset Management
- Cisco Asset Management Suite
- Cisco Energy Management Suite
Industrial Ethernet Switches
- Cisco 2500 Series Connected Grid Switches
- Cisco Embedded Service 2020 Series Switches
- Cisco Industrial Ethernet 5000 Series Switches
- Cisco Industrial Ethernet 4010 Series Switches
- Cisco Industrial Ethernet 4000 Series Switches
- Cisco Industrial Ethernet 3010 Series Switches
- Cisco Industrial Ethernet 3000 Series Switches
- Cisco Industrial Ethernet 2000 Series Switches
- Cisco Industrial Ethernet 2000U Series Switches
- Cisco Industrial Ethernet 1000 Series Switches
InfiniBand Switches
- Cisco SFS 7000 Series InfiniBand Server Switches
- Cisco SFS 3500 Series Multifabric Server Switches
- Cisco SFS 3000 Series Multifabric Server Switches
LAN Switches - Small Business
- Cisco 550X Series Stackable Managed Switches
- Cisco 350 Series Managed Switches
- Cisco 350X Series Stackable Managed Switches
- Cisco 250 Series Smart Switches
- Cisco 220 Series Smart Switches
- Cisco ESW2 Series Advanced Switches
- Cisco Small Business 300 Series Managed Switches
- Cisco Small Business 200 Series Smart Switches
- Cisco Small Business 110 Series Unmanaged Switches
- Cisco Small Business Smart Switches
- Cisco Small Business Stackable Managed Switches
- Cisco Small Business Unmanaged Switches
Service Provider Switches - Aggregation
- Cisco Catalyst 6500 Series Switches
- Cisco Catalyst 4500 Series Switches
- Cisco ME 4900 Series Ethernet Switches
- Cisco ME 3800X Series Carrier Ethernet Switch Routers
Service Provider Switches - Ethernet Access
- Cisco Catalyst 3750 Metro Series Switches
- Cisco ME 3600X Series Ethernet Access Switches
- Cisco ME 3400 Series Ethernet Access Switches
- Cisco ME 3400E Series Ethernet Access Switches
- Cisco ME 1200 Series Carrier Ethernet Access Devices
- Cisco Small Business Gigabit SP Switches
Virtual Networking
- Cisco Application Centric Infrastructure Virtual Edge
- Cisco Application Virtual Switch
- Cisco Cloud Services Platform 2100
- Cisco Nexus 1000V InterCloud
- Cisco Nexus 1000V Switch for KVM
- Cisco Nexus 1000V Switch for Microsoft Hyper-V
- Cisco Nexus 1000V Switch for VMware vSphere
Cloud Networking Services
- Cisco Prime Virtual Network Analysis Module (vNAM)
- Cisco Virtual Security Gateway
- Cisco Virtual Wide Area Application Services (vWAAS)
WAN Switches
- Cisco IGX 8400 Series Switches
MGX Switches
- Cisco MGX 8900 Series Switches
- Cisco MGX 8850 Software
- Cisco MGX 8800 Series Switches
- Cisco MGX 8250 Software
- Cisco MGX 8200 Series Edge Concentrators
Wireless
Indoor Access Points
- Cisco Aironet 1815 Series Access Points
- Cisco Aironet 2800 Series Access Points
- Cisco Aironet 3800 Series Access Points
- Cisco Aironet 4800 Access Point
Outdoor and Industrial Access Points
- Cisco Aironet 1540 Series Access Points
- Cisco Aironet 1560 Series Access Points
- Cisco Aironet 1570 Series Access Points
Wireless LAN Controllers
- Cisco 3504 Wireless LAN Controller
- Cisco 5520 Wireless LAN Controller
- Cisco 8540 Wireless LAN Controller
- Cisco Virtual Wireless Controller
- Cisco Meraki Cloud Managed Access Points
Security
Cisco Cloud-Hosted Products
- Cisco AMP family of products and endpoint protection clients
- Cisco Cloud Security
- Cisco Cloudlock
- Cisco Umbrella
Email Security
- Cisco Content Security Management Appliance
- Cisco Email Security
- Cisco Email Encryption
- Cisco Email Encryption
- Cisco Registered Envelope Service
Firewalls
- Cisco 3000 Series Industrial Security Appliances (ISA)
- Cisco Meraki Cloud Managed Security Appliances
- Cisco Adaptive Security Appliances (ASA)
- Cisco Adaptive Security Virtual Appliance (ASAv)
Firewall Management
- Cisco Adaptive Security Device Manager
- Cisco Firepower Device Manager
- Cisco Firepower Management Center
- Cisco Security Manager
Next-Generation Firewalls (NGFW)
- Cisco ASA 5500-X with FirePOWER Services
- Cisco Firepower 9000 Series
- Cisco Firepower 4100 Series
- Cisco Firepower 2100 Series
Network Security
- Cisco VPN Internal Service Module for ISR G2
Network Visibility and Segmentation
- Cisco ISE Passive Identity Connector
- Cisco Identity Services Engine (ISE)
- Cisco Security Packet Analyzer
- Cisco Stealthwatch Cloud
- Cisco Stealthwatch Enterprise
Next-Generation Intrusion Prevention System (NGIPS)
- Cisco FirePOWER 8000 Series Appliances
- Cisco FirePOWER 7000 Series Appliances
Security Management
- Cisco Firepower Management Center
- Cisco Adaptive Security Device Manager
- Cisco Content Security Management Appliance
- Cisco Defense Orchestrator
Unified Communications
- Cisco Spark
- Cisco Unified Communications Manager
- Cisco Business Edition 6000 - 100x80
- Cisco Business Edition 6000
- Cisco Jabber - 100x80
- Cisco Jabber
- Cisco Expressway
Customer Care
- Cisco Unified Contact Center Express
- Cisco Unified Contact Center Enterprise
- Cisco Finesse
- Cisco MediaSense
Conferencing
- Cisco Meeting Server
- Cisco WebEx Meeting Center
- Cisco WebEx Meetings Server
- Cisco TelePresence Management Suite
- Cisco TelePresence Server
- Cisco TelePresence Conductor
Collaboration Endpoints
- Cisco 8800 Series IP Phones
- Cisco 7800 Series IP Phones
- Cisco 6900 Series IP Phones
- Cisco 3900 Series SIP Phones
- Cisco Desktop Collaboration Experience - DX600 Series
- Cisco DX Series
- Cisco TelePresence SX10 Quick Set
- Cisco TelePresence MX Series - 100x80
- Cisco TelePresence MX Series
- Cisco TelePresence IX5000 Series
Cisco Unified Computing Management Platforms
- Cisco Intersight
- Cisco UCS Manager
- Cisco UCS Central
- Cisco UCS Director
- Cisco UCS Performance Manager
IP Video
- Cisco Access Edge
- Cisco Cable Modem Termination Systems (CMTSs)
- Cisco RF Switches
- Cisco cBR Series Converged Broadband Routers
- Cisco uBR10000 Series Universal Broadband Routers
- Cisco uBR7225VXR Universal Broadband Routers
- Cisco uBR7200 Series Universal Broadband Routers
No other Cisco IP Video products are known to be affected.
Internet of Things (IoT)
- Cisco Jasper Control Center
- Cisco IoT Management
- Cisco Application Enablement
- Cisco IoT Security
- Cisco Kinetic
- Cisco Extended Enterprise
Products Considered Not Vulnerable After Investigation
Cisco has investigated the following products, and they are not considered
to be affected by the vulnerabilities that are described in this advisory:
Network Application, Service, and Acceleration
- Cisco 500 Series WPAN Industrial Routers (IOx feature)
- Cisco DNA Center
Network and Content Security Devices
- Cisco Umbrella Virtual Appliance
Network Management and Provisioning
- Cisco Evolved Programmable Network Manager
- Cisco Meeting Server
Routing and Switching - Enterprise and Service Provider
- Cisco 1000 Series Connected Grid Routers
- Cisco Catalyst 3650 Series Switches - IOx feature
- Cisco Industrial Ethernet 4000 Series Switches (IOx feature)
- Cisco Nexus 4000 Series Blade Switches
- Cisco Nexus 9000 Series Fabric Switches - ACI mode
- Cisco c800 Series Integrated Services Routers
Wireless
- Cisco Wireless Gateway for LoRaWAN
Cisco Cloud Hosted Services
- Cisco Cloudlock
- Cisco Hosted Collaboration Solution (HCS) for Government
- Cisco Spark
- Cisco Umbrella
- Cisco WebEx Centers - Meeting Center, Training Center, Event Center,
Support Center
Details
o Modern CPU Speculative Store Bypass Information Disclosure Vulnerability
A vulnerability due to the design of most modern CPUs could allow a local
attacker to access sensitive information on a targeted system.
The vulnerability is due to improper implementation of the speculative
execution of instructions by the affected software. This vulnerability can
be triggered by causing the CPU to attempt to perform a speculative memory
read before currently queued memory writes are completed. An attacker could
exploit this vulnerability by executing arbitrary code and performing a
side-channel attack on the cache of the targeted system. A successful
exploit could allow the attacker to read sensitive memory information.
This vulnerability has been assigned the following CVE ID: CVE-2018-3639
Modern CPU Rogue System Register Read Information Disclosure Vulnerability
A vulnerability due to the design of most modern CPUs could allow a local
attacker to access sensitive information on a targeted system.
The vulnerability is due to improper implementation of the speculative
execution of instructions by the affected software. This vulnerability can
by triggered by causing an affected platform to perform speculative reads
of system registers. An attacker could exploit this vulnerability by
executing arbitrary code and performing a side-channel attack on the cache
of the targeted system. A successful exploit could allow the attacker to
read sensitive memory information.
This vulnerability has been assigned the following CVE ID: CVE-2018-3640
Workarounds
o There are no workarounds that address these vulnerabilities.
Fixed Software
o For information about fixed software releases, consult the Cisco bug ID(s)
at the top of this advisory.
When considering software upgrades, customers are advised to regularly
consult the advisories for Cisco products, which are available from the
Cisco Security Advisories and Alerts page, to determine exposure and a
complete upgrade solution.
In all cases, customers should ensure that the devices to be upgraded
contain sufficient memory and confirm that current hardware and software
configurations will continue to be supported properly by the new release.
If the information is not clear, customers are advised to contact the Cisco
Technical Assistance Center (TAC) or their contracted maintenance
providers.
Exploitation and Public Announcements
o The Cisco Product Security Incident Response Team (PSIRT) is not aware of
any public announcements or malicious use of the vulnerabilities that are
described in this advisory.
Source
o CVE ID CVE-2018-3639 was reported to Intel by Jann Horn of Google Project
Zero (GPZ) and Ken Johnson of the Microsoft Security Response Center
(MSRC).
CVE ID CVE-2018-3640 was reported to Intel by Zdenek Sojka, Rudolf Marek,
and Alex Zuepke from SYSGO AG.
Cisco Security Vulnerability Policy
o To learn about Cisco security vulnerability disclosure policies and
publications, see the Security Vulnerability Policy. This document also
contains instructions for obtaining fixed software and receiving security
vulnerability information from Cisco.
Subscribe to Cisco Security Notifications
o Subscribe
URL
o https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/
cisco-sa-20180521-cpusidechannel
Revision History
o
+---------+------------------------+---------------+---------+----------------+
| Version | Description | Section | Status | Date |
+---------+------------------------+---------------+---------+----------------+
| | Updated fixed software | Affected | | |
| | information for UCS M2 | Products and | | |
| | Rack Servers; added | Products | | |
| 1.15 | Cisco Hosted | Considered | Interim | 2018-August-31 |
| | Collaboration Solution | Not | | |
| | for Government to the | Vulnerable | | |
| | Confirmed Not | After | | |
| | Vulnerable section | Investigation | | |
+---------+------------------------+---------------+---------+----------------+
| | Updated information | Affected | | |
| | about the status of | Products and | | |
| | fixes for multiple | Products | | |
| 1.14 | products listed in the | Considered | Interim | 2018-August-07 |
| | Vulnerable Products | Not | | |
| | table. Removed | Vulnerable | | |
| | references to ongoing | After | | |
| | investigation. | Investigation | | |
+---------+------------------------+---------------+---------+----------------+
| | Updated Products Under | | | |
| | Investigation, | Affected | | |
| 1.13 | Vulnerable Products, | Products | Interim | 2018-July-26 |
| | and Confirmed Not | | | |
| | Vulnerable. | | | |
+---------+------------------------+---------------+---------+----------------+
| | Updated Products Under | | | |
| | Investigation, | Affected | | |
| 1.12 | Vulnerable Products, | Products | Interim | 2018-July-06 |
| | and Confirmed Not | | | |
| | Vulnerable. | | | |
+---------+------------------------+---------------+---------+----------------+
| | Updated information | | | |
| | about the status of | | | |
| 1.11 | fixes for multiple | Affected | Interim | 2018-June-27 |
| | products listed in the | Products | | |
| | Vulnerable Products | | | |
| | table. | | | |
+---------+------------------------+---------------+---------+----------------+
| | Updated Products Under | | | |
| | Investigation, | Affected | | |
| 1.10 | Vulnerable Products, | Products | Interim | 2018-June-22 |
| | and Confirmed Not | | | |
| | Vulnerable. | | | |
+---------+------------------------+---------------+---------+----------------+
| | Updated Products Under | | | |
| | Investigation, | Affected | | |
| 1.9 | Vulnerable Products, | Products | Interim | 2018-June-13 |
| | and Confirmed Not | | | |
| | Vulnerable. | | | |
+---------+------------------------+---------------+---------+----------------+
| | Updated information | | | |
| | about the status of | | | |
| 1.8 | fixes for multiple | Affected | Interim | 2018-June-08 |
| | products listed in the | Products | | |
| | Affected Products | | | |
| | table. | | | |
+---------+------------------------+---------------+---------+----------------+
| | Updated information | | | |
| | about the status of | | | |
| 1.7 | fixes for multiple | Affected | Interim | 2018-June-04 |
| | products listed in the | Products | | |
| | Affected Products | | | |
| | table. | | | |
+---------+------------------------+---------------+---------+----------------+
| | In the Affected | | | |
| | Products section, | | | |
| | moved Cisco 880 M2 and | | | |
| | M3 Servers to the | Affected | | |
| 1.6 | Vulnerable Products | Products | Interim | 2018-June-01 |
| | section. Fix status | | | |
| | information has been | | | |
| | updated for multiple | | | |
| | products. | | | |
+---------+------------------------+---------------+---------+----------------+
| | In the Affected | | | |
| | Products section, | | | |
| | multiple products were | | | |
| 1.5 | moved from Under | Affected | Interim | 2018-May-31 |
| | Investigation to | Products | | |
| | Vulnerable. Cisco DNA | | | |
| | Center was added to | | | |
| | Under Investigation. | | | |
+---------+------------------------+---------------+---------+----------------+
| | In the Affected | | | |
| | Products section, | | | |
| 1.4 | multiple products were | Affected | Interim | 2018-May-29 |
| | moved from Under | Products | | |
| | Investigation to | | | |
| | Vulnerable. | | | |
+---------+------------------------+---------------+---------+----------------+
| | In the Affected | | | |
| | Products section, | | | |
| | moved Cisco Evolved | | | |
| 1.3 | Programmable Network | Affected | Interim | 2018-May-24 |
| | Manager from Under | Products | | |
| | Investigation to | | | |
| | Products Confirmed Not | | | |
| | Vulnerable. | | | |
+---------+------------------------+---------------+---------+----------------+
| | In the Affected | | | |
| | Products section, | | | |
| 1.2 | multiple products were | Affected | Interim | 2018-May-23 |
| | moved from Under | Products | | |
| | Investigation to | | | |
| | Vulnerable. | | | |
+---------+------------------------+---------------+---------+----------------+
| | In the Affected | | | |
| | Products section, | | | |
| | multiple products were | | | |
| 1.1 | moved from Under | Affected | Interim | 2018-May-22 |
| | Investigation to | Products | | |
| | Vulnerable or | | | |
| | Confirmed Not | | | |
| | Vulnerable | | | |
+---------+------------------------+---------------+---------+----------------+
| 1.0 | Initial public | -- | Interim | 2018-May-22 |
| | release. | | | |
+---------+------------------------+---------------+---------+----------------+
Legal Disclaimer
o THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND
OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR
FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT
OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES
THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME. CISCO EXPECTS TO
UPDATE THIS DOCUMENT AS NEW INFORMATION BECOMES AVAILABLE.
A standalone copy or paraphrase of the text of this document that omits the
distribution URL is an uncontrolled copy and may lack important information
or contain factual errors. The information in this document is intended for
end users of Cisco products.
Cisco Security Vulnerability Policy
o To learn about Cisco security vulnerability disclosure policies and
publications, see the Security Vulnerability Policy. This document also
contains instructions for obtaining fixed software and receiving security
vulnerability information from Cisco.
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBW4zYUWaOgq3Tt24GAQittQ/9EahntMmhmSgbVLgY65wNkAh+6qpo0nwD
RB0xnpvwmeBVNuEwu5ywcchisMMZaOrHMP5aw8K5P7Hj/n0lYCHqAHmUhX/LyPsn
OP89cha+d+Hc/tX/ijw6CaMuhn+QXl+eRDqQh7eDkZ09Btcr2cqnu5JkXhVDfDc9
+AMW1xxOK/me+K2ZLUlwKnkks/9S9qotvCya9iNj5pMvkfQSvnIg2SUhm82+wFGq
dYt3INFex/zXOD+s7VvaRsOM9lU9FX668w+uMjy9Ilc3biCzm1ufZIuUnUUiWLVu
xhVRdhHXKhQkLbeV2DjgHkAnPo1DSQnnUVdRq/8jzuelwAxUp7LjZCJpJWxEWdDd
RYOK9OOcIfliWkrYD/fMTFHy4BYZPAuI8rImFAp9ps1aUwjGMUqi9e2v9fuXD1tX
UcLYu3PRc94W+RpNHIR1x0hY22PRdHma1TQ0KimgjoCsZDvmDdguP4Bzjj7WsV7U
AidnA+4naXPOBdgx61xDclWo2J3j7x2/dtbKClUFD7yUZ20fP6KUXBzsv46ZRO6w
GCkHzkwPvdyPBq7dIjaGBPM0p3TC1AMbjMUSJ3aKnOLH29MKWRuevdjxqCeijWpZ
FXBjPgopanUsXqicx+LrAs8ofa9cMFmjSzY01kGK719jmr7riN29fIbKGzCe3WNd
K0UGrxV0Eeg=
=Gfoi
-----END PGP SIGNATURE-----