Executive Summary
Summary | |
---|---|
Title | CPU Side-Channel Information Disclosure Vulnerabilities |
Informations | |||
---|---|---|---|
Name | cisco-sa-20180104-cpusidechannel | First vendor Publication | 2018-01-04 |
Vendor | Cisco | Last vendor Modification | 2018-01-04 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:L/AC:M/Au:N/C:C/I:N/A:N) | |||
---|---|---|---|
Cvss Base Score | 4.7 | Attack Range | Local |
Cvss Impact Score | 6.9 | Attack Complexity | Medium |
Cvss Expoit Score | 3.4 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
On January 3, 2018 researchers disclosed three vulnerabilities that take advantage of the implementation of speculative execution of instructions on many modern microprocessor architectures to perform side-channel information disclosure attacks. These vulnerabilities could allow an unprivileged local attacker, in specific circumstances, to read privileged memory belonging to other processes or memory allocated to the operating system kernel. The first two vulnerabilities, CVE-2017-5753 and CVE-2017-5715, are collectively known as Spectre, the third vulnerability, CVE-2017-5754, is known as Meltdown. The vulnerabilities are all variants of the same attack and differ in the way the speculative execution is exploited. In order to exploit any of these vulnerabilities, an attacker must be able to run crafted code on an affected device. The majority of Cisco products are closed systems, which do not allow customers to run custom code on the device. Although, the underlying CPU and OS combination in a product may be affected by these vulnerabilities, the majority of Cisco products are closed systems that do not allow customers to run custom code on the device, and thus are not vulnerable. There is no vector to exploit them. Only Cisco devices that are found to allow the customer to execute their customized code side-by-side with the Cisco code on the same microprocessor are considered vulnerable. A Cisco product that may be deployed as a virtual machine or a container, even while not being directly affected by any of these vulnerabilities, could be the targeted by such attacks if the hosting environment is vulnerable. Cisco recommends customers to harden their virtual environment and to ensure that all security updates are installed. Cisco will release software updates that address this vulnerability. This advisory is available at the following link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180104-cpusidechannel ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180104-cpusidechannel"] BEGIN PGP SIGNATURE iQKBBAEBAgBrBQJaTqntZBxDaXNjbyBTeXN0ZW1zIFByb2R1Y3QgU2VjdXJpdHkg SW5jaWRlbnQgUmVzcG9uc2UgVGVhbSAoQ2lzY28gUFNJUlQga2V5IDIwMTYtMjAx NykgPHBzaXJ0QGNpc2NvLmNvbT4ACgkQrz2APcQAkHkiWQ//fNM7O4oLR/eQ2+v1 dM9YRI6/qWcXOudehRxg+UKsRWaUb8T3R7R4c5F9A//ag2AHfo/VWR78dAln+2a5 /DdJ74/23EozKsuWpR+JlFuTO+Kq/EjBZeO9pT/lxWrbZaP62U5mWWMd8ds39of4 pPrqxWFS/iZ4fZ1mac+EJJEEGlz7blsJrRFTl/EhhSqwb+9YUdLfmxRkOnMYh1K2 Nq32t+aFvS2aZF7POLsmdaS9r1wEy5IYEF4Huxoui9hNbDEWH5zCt67jfOz5uC2G Jgf4lQhjnlTKOO/yLWPmAsmJYvaFYP92PDA7rrvrORsPvzpXmgE6hVwxUBVD2f7q +lAxPKg28/UweXVcda0nemhq+ZhbWUPxJeGMedeNu2qqdOsXmUsUDj/igGaYwM2B 5NZ3/f2i1lFyawjUoCMrEYr55TwAHQ8cwDekEpqjJrnN56TGoe2WNqoB9skK+aI5 BMNEyMVkpEA4ltgfjmzN8g+NGLJcdxYIwIL/eryMaGASyxrca7a9xjhf4ZZJSRVP wAv51kPxVZJ4Gn4UALuxx2l0oUBaRvY04wjqou3pEP8yM9bda90ZM1cWZG+nc/Mc rEjXWcqkXVnq0TytvELjt6xt42OtMXGY2IjznvM+TXTcYP7v5xhrfpkmTAfstJhM rAvdPK486AXV02kSYePfBrWyeag= =vDlh END PGP SIGNATURE _______________________________________________ cust-security-announce mailing list cust-security-announce@cisco.com To unsubscribe, send the command "unsubscribe" in the subject of your message to cust-security-announce-leave@cisco.com |
Original Source
Url : http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco (...) |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
67 % | CWE-203 | Information Exposure Through Discrepancy |
33 % | CWE-200 | Information Exposure |
CPE : Common Platform Enumeration
Snort® IPS/IDS
Date | Description |
---|---|
2019-10-01 | Intel x64 side-channel analysis information leak attempt RuleID : 51330 - Revision : 1 - Type : OS-OTHER |
2019-10-01 | Intel x64 side-channel analysis information leak attempt RuleID : 51329 - Revision : 1 - Type : OS-OTHER |
2019-10-01 | Intel x64 side-channel analysis information leak attempt RuleID : 51328 - Revision : 1 - Type : OS-OTHER |
2019-10-01 | Intel x64 side-channel analysis information leak attempt RuleID : 51327 - Revision : 1 - Type : OS-OTHER |
2018-02-20 | Intel x64 side-channel analysis information leak attempt RuleID : 45444 - Revision : 2 - Type : OS-OTHER |
2018-02-20 | Intel x64 side-channel analysis information leak attempt RuleID : 45443 - Revision : 2 - Type : OS-OTHER |
2018-02-06 | Intel x64 side-channel analysis information leak attempt RuleID : 45368 - Revision : 2 - Type : OS-OTHER |
2018-02-06 | Intel x64 side-channel analysis information leak attempt RuleID : 45367 - Revision : 2 - Type : OS-OTHER |
2018-02-06 | Intel x86 side-channel analysis information leak attempt RuleID : 45366 - Revision : 2 - Type : OS-OTHER |
2018-02-06 | Intel x86 side-channel analysis information leak attempt RuleID : 45365 - Revision : 2 - Type : OS-OTHER |
2018-02-06 | Intel x86 side-channel analysis information leak attempt RuleID : 45364 - Revision : 2 - Type : OS-OTHER |
2018-02-06 | Intel x86 side-channel analysis information leak attempt RuleID : 45363 - Revision : 2 - Type : OS-OTHER |
2018-02-06 | Intel x86 side-channel analysis information leak attempt RuleID : 45362 - Revision : 2 - Type : OS-OTHER |
2018-02-06 | Intel x86 side-channel analysis information leak attempt RuleID : 45361 - Revision : 2 - Type : OS-OTHER |
2018-02-06 | Intel x86 side-channel analysis information leak attempt RuleID : 45360 - Revision : 2 - Type : OS-OTHER |
2018-02-06 | Intel x86 side-channel analysis information leak attempt RuleID : 45359 - Revision : 2 - Type : OS-OTHER |
2018-02-06 | Intel x86 side-channel analysis information leak attempt RuleID : 45358 - Revision : 2 - Type : OS-OTHER |
2018-02-06 | Intel x86 side-channel analysis information leak attempt RuleID : 45357 - Revision : 2 - Type : OS-OTHER |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2018-11-02 | Name : The remote device is missing a vendor-supplied security patch. File : f5_bigip_SOL91229003.nasl - Type : ACT_GATHER_INFO |
2018-10-31 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201810-06.nasl - Type : ACT_GATHER_INFO |
2018-09-18 | Name : The remote EulerOS Virtualization host is missing multiple security updates. File : EulerOS_SA-2018-1236.nasl - Type : ACT_GATHER_INFO |
2018-09-18 | Name : The remote EulerOS Virtualization host is missing a security update. File : EulerOS_SA-2018-1233.nasl - Type : ACT_GATHER_INFO |
2018-09-17 | Name : The remote Debian host is missing a security update. File : debian_DLA-1506.nasl - Type : ACT_GATHER_INFO |
2018-09-07 | Name : The remote Debian host is missing a security update. File : debian_DLA-1497.nasl - Type : ACT_GATHER_INFO |
2018-08-17 | Name : The remote PhotonOS host is missing multiple security updates. File : PhotonOS_PHSA-2018-1_0-0098.nasl - Type : ACT_GATHER_INFO |
2018-08-17 | Name : The remote PhotonOS host is missing multiple security updates. File : PhotonOS_PHSA-2018-1_0-0097.nasl - Type : ACT_GATHER_INFO |
2018-07-24 | Name : The remote PhotonOS host is missing multiple security updates. File : PhotonOS_PHSA-2018-2_0-0010.nasl - Type : ACT_GATHER_INFO |
2018-07-24 | Name : The remote PhotonOS host is missing multiple security updates. File : PhotonOS_PHSA-2018-2_0-0011.nasl - Type : ACT_GATHER_INFO |
2018-07-20 | Name : The remote Debian host is missing a security update. File : debian_DLA-1423.nasl - Type : ACT_GATHER_INFO |
2018-07-16 | Name : The remote Debian host is missing a security update. File : debian_DLA-1422.nasl - Type : ACT_GATHER_INFO |
2018-07-09 | Name : The remote Fedora host is missing a security update. File : fedora_2018-9f02e5ed7b.nasl - Type : ACT_GATHER_INFO |
2018-05-30 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-4213.nasl - Type : ACT_GATHER_INFO |
2018-05-15 | Name : The remote Virtuozzo host is missing multiple security updates. File : Virtuozzo_VZA-2018-029.nasl - Type : ACT_GATHER_INFO |
2018-05-11 | Name : A server virtualization platform installed on the remote host is affected by ... File : citrix_xenserver_CTX234679.nasl - Type : ACT_GATHER_INFO |
2018-05-10 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2018-1319.nasl - Type : ACT_GATHER_INFO |
2018-05-03 | Name : The remote Debian host is missing a security update. File : debian_DLA-1369.nasl - Type : ACT_GATHER_INFO |
2018-05-02 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-4188.nasl - Type : ACT_GATHER_INFO |
2018-05-02 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-4187.nasl - Type : ACT_GATHER_INFO |
2018-04-27 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2018-1062.nasl - Type : ACT_GATHER_INFO |
2018-04-26 | Name : The remote Debian host is missing a security update. File : debian_DLA-1362.nasl - Type : ACT_GATHER_INFO |
2018-04-25 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-4179.nasl - Type : ACT_GATHER_INFO |
2018-04-18 | Name : The remote Amazon Linux 2 host is missing a security update. File : al2_ALAS-2018-962.nasl - Type : ACT_GATHER_INFO |
2018-04-18 | Name : The remote Amazon Linux 2 host is missing a security update. File : al2_ALAS-2018-956.nasl - Type : ACT_GATHER_INFO |
2018-04-18 | Name : The remote Amazon Linux 2 host is missing a security update. File : al2_ALAS-2018-953.nasl - Type : ACT_GATHER_INFO |
2018-04-18 | Name : The remote Amazon Linux 2 host is missing a security update. File : al2_ALAS-2018-952.nasl - Type : ACT_GATHER_INFO |
2018-04-18 | Name : The remote Amazon Linux 2 host is missing a security update. File : al2_ALAS-2018-942.nasl - Type : ACT_GATHER_INFO |
2018-04-18 | Name : The remote Amazon Linux 2 host is missing a security update. File : al2_ALAS-2018-939.nasl - Type : ACT_GATHER_INFO |
2018-04-17 | Name : The remote Debian host is missing a security update. File : debian_DLA-1349.nasl - Type : ACT_GATHER_INFO |
2018-04-10 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201804-08.nasl - Type : ACT_GATHER_INFO |
2018-03-29 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_1ce95bc7327811e8b52700012e582166.nasl - Type : ACT_GATHER_INFO |
2018-03-15 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_74daa370279711e895eca4badb2f4699.nasl - Type : ACT_GATHER_INFO |
2018-03-15 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2018-0512.nasl - Type : ACT_GATHER_INFO |
2018-02-27 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2018-057-01.nasl - Type : ACT_GATHER_INFO |
2018-02-23 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-4120.nasl - Type : ACT_GATHER_INFO |
2018-02-22 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2018-956.nasl - Type : ACT_GATHER_INFO |
2018-02-07 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2018-037-01.nasl - Type : ACT_GATHER_INFO |
2018-02-05 | Name : The remote Virtuozzo host is missing multiple security updates. File : Virtuozzo_VZA-2018-006.nasl - Type : ACT_GATHER_INFO |
2018-01-30 | Name : A web browser installed on the remote Windows host is affected by multiple se... File : google_chrome_64_0_3282_119.nasl - Type : ACT_GATHER_INFO |
2018-01-26 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2018-0151.nasl - Type : ACT_GATHER_INFO |
2018-01-25 | Name : The remote AIX host is missing a security patch. File : aix_IJ03035.nasl - Type : ACT_GATHER_INFO |
2018-01-25 | Name : The remote AIX host is missing a security patch. File : aix_IJ03036.nasl - Type : ACT_GATHER_INFO |
2018-01-25 | Name : The remote AIX host is missing a security patch. File : aix_IJ03034.nasl - Type : ACT_GATHER_INFO |
2018-01-25 | Name : The remote AIX host is missing a security patch. File : aix_IJ03033.nasl - Type : ACT_GATHER_INFO |
2018-01-25 | Name : The remote AIX host is missing a security patch. File : aix_IJ03032.nasl - Type : ACT_GATHER_INFO |
2018-01-25 | Name : The remote AIX host is missing a security patch. File : aix_IJ03030.nasl - Type : ACT_GATHER_INFO |
2018-01-25 | Name : The remote AIX host is missing a security patch. File : aix_IJ03029.nasl - Type : ACT_GATHER_INFO |
2018-01-24 | Name : The remote host is missing a macOS or Mac OS X security update that fixes mul... File : macosx_SecUpd2018-001.nasl - Type : ACT_GATHER_INFO |
2018-01-19 | Name : The remote EulerOS host is missing a security update. File : EulerOS_SA-2018-1020.nasl - Type : ACT_GATHER_INFO |
2018-01-19 | Name : The remote EulerOS host is missing a security update. File : EulerOS_SA-2018-1014.nasl - Type : ACT_GATHER_INFO |
2018-01-19 | Name : The remote EulerOS host is missing a security update. File : EulerOS_SA-2018-1015.nasl - Type : ACT_GATHER_INFO |
2018-01-19 | Name : The remote EulerOS host is missing a security update. File : EulerOS_SA-2018-1016.nasl - Type : ACT_GATHER_INFO |
2018-01-19 | Name : The remote EulerOS host is missing a security update. File : EulerOS_SA-2018-1017.nasl - Type : ACT_GATHER_INFO |
2018-01-19 | Name : The remote EulerOS host is missing a security update. File : EulerOS_SA-2018-1021.nasl - Type : ACT_GATHER_INFO |
2018-01-19 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2018-942.nasl - Type : ACT_GATHER_INFO |
2018-01-19 | Name : The remote Fedora host is missing a security update. File : fedora_2018-690989736a.nasl - Type : ACT_GATHER_INFO |
2018-01-18 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2018-0094.nasl - Type : ACT_GATHER_INFO |
2018-01-18 | Name : The remote CentOS host is missing a security update. File : centos_RHSA-2018-0093.nasl - Type : ACT_GATHER_INFO |
2018-01-16 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2018-016-01.nasl - Type : ACT_GATHER_INFO |
2018-01-15 | Name : The remote Fedora host is missing a security update. File : fedora_2018-0590e4af13.nasl - Type : ACT_GATHER_INFO |
2018-01-12 | Name : A virtualization application installed on the remote macOS or Mac OS X host i... File : macosx_fusion_vmsa_2018_0004.nasl - Type : ACT_GATHER_INFO |
2018-01-12 | Name : A display driver installed on the remote Linux host is affected by multiple v... File : nvidia_unix_cve_2017_5753.nasl - Type : ACT_GATHER_INFO |
2018-01-12 | Name : A display driver installed on the remote Windows host is affected by multiple... File : nvidia_win_cve_2017_5753.nasl - Type : ACT_GATHER_INFO |
2018-01-10 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-4082.nasl - Type : ACT_GATHER_INFO |
2018-01-09 | Name : A web browser installed on the remote macOS or Mac OS X host is affected by a... File : macosx_Safari11_0_2_patch_2018_01_08.nasl - Type : ACT_GATHER_INFO |
2018-01-09 | Name : The remote Virtuozzo host is missing multiple security updates. File : Virtuozzo_VZA-2018-003.nasl - Type : ACT_GATHER_INFO |
2018-01-09 | Name : The remote EulerOS host is missing multiple security updates. File : EulerOS_SA-2018-1002.nasl - Type : ACT_GATHER_INFO |
2018-01-08 | Name : The remote Debian host is missing a security update. File : debian_DLA-1232.nasl - Type : ACT_GATHER_INFO |
2018-01-08 | Name : The remote Virtuozzo host is missing multiple security updates. File : Virtuozzo_VZA-2018-002.nasl - Type : ACT_GATHER_INFO |
2018-01-08 | Name : The remote EulerOS host is missing multiple security updates. File : EulerOS_SA-2018-1001.nasl - Type : ACT_GATHER_INFO |
2018-01-05 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-4078.nasl - Type : ACT_GATHER_INFO |
2018-01-05 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2018-0007.nasl - Type : ACT_GATHER_INFO |
2018-01-05 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2018-0008.nasl - Type : ACT_GATHER_INFO |
2018-01-05 | Name : The remote CentOS host is missing a security update. File : centos_RHSA-2018-0013.nasl - Type : ACT_GATHER_INFO |
2018-01-05 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2018-0014.nasl - Type : ACT_GATHER_INFO |
2018-01-05 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2018-0023.nasl - Type : ACT_GATHER_INFO |
2018-01-05 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2018-0029.nasl - Type : ACT_GATHER_INFO |
2018-01-05 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2018-0030.nasl - Type : ACT_GATHER_INFO |
2018-01-05 | Name : A server virtualization platform installed on the remote host is affected by ... File : citrix_xenserver_CTX231390.nasl - Type : ACT_GATHER_INFO |
2018-01-05 | Name : A web browser installed on the remote macOS or Mac OS X host is affected by a... File : macosx_firefox_57_0_4.nasl - Type : ACT_GATHER_INFO |
2018-01-05 | Name : A web browser installed on the remote Windows host is affected by a speculati... File : mozilla_firefox_57_0_4.nasl - Type : ACT_GATHER_INFO |
2018-01-04 | Name : The remote CentOS host is missing a security update. File : centos_RHSA-2018-0012.nasl - Type : ACT_GATHER_INFO |
2018-01-04 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2018-939.nasl - Type : ACT_GATHER_INFO |
2017-12-29 | Name : A virtualization application installed on the remote macOS or Mac OS X host i... File : macosx_fusion_vmsa_2017_0021.nasl - Type : ACT_GATHER_INFO |
2017-12-07 | Name : The remote host is missing a macOS update that fixes multiple security vulner... File : macos_10_13_2.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2018-01-06 00:24:26 |
|
2018-01-05 00:21:25 |
|