5.4 - cisco-sa-20180814-cpusidechannel

On August 14th, 2018, three vulnerabilities were disclosed by Intel and security researchers that leverage a speculative execution side-channel method referred to as L1 Terminal Fault (L1TF) that affects modern Intel microprocessors. These vulnerabilities could allow an unprivileged, local attacker, in specific circumstances, to read privileged memory belonging to other processes.

The first vulnerability, CVE-2018-3615, affects Intel SGX technology and is referred to by the researchers who discovered it as foreshadow. This vulnerability is not known to affect any Cisco devices as the Cisco devices do not utilize Intel SGX technology. Cisco Unified Computing System servers do support the usage of Intel SGX technology but may be provisioned by a customer in their environment to use Intel SGX technology.

The second vulnerability, CVE-2018-3620, and the third vulnerability, CVE-2018-3646, are referred to as L1 Terminal Fault attacks by Intel. These two vulnerabilities affect multi-core processors that leverage Intel Hyper-Threading technology supporting Operating System, System Management Mode, and Virtualized workloads. Like the previously disclosed Spectre vulnerabilities, all three new vulnerabilities leverage cache-timing attacks to infer any disclosed data.

To exploit any of these vulnerabilities, an attacker must be able to run crafted or script code on an affected device. Although the underlying CPU and operating system combination in a product or service may be affected by these vulnerabilities, the majority of Cisco products are closed systems that do not allow customers to run custom code and are, therefore, not vulnerable. There is no vector from which to exploit them. Cisco products are considered potentially vulnerable only if they allow customers to execute custom code side-by-side with Cisco code on the same microprocessor.

A Cisco product that may be deployed as a virtual machine or a container, even while not directly affected by any of these vulnerabilities, could be targeted by such attacks if the hosting environment is vulnerable. Cisco recommends that customers harden their virtual environments, tightly control user access, and ensure that all security updates are installed. Customers who are deploying products as a virtual device in multi-tenant hosting environments should ensure that the underlying hardware, as well as the operating system or hypervisor, is patched against the vulnerabilities in question.

Although Cisco cloud services are not directly affected by these vulnerabilities, the infrastructure on which they run may be impacted. See the Affected Products ["#ap"] section of this advisory for information about the impact of these vulnerabilities on Cisco cloud services.

Cisco will release software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.

This advisory is available at the following link:

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180814-cpusidechannel ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180814-cpusidechannel"]

BEGIN PGP SIGNATURE

iQJ5BAEBAgBjBQJbcyDfXBxDaXNjbyBQcm9kdWN0IFNlY3VyaXR5IEluY2lkZW50 IFJlc3BvbnNlIFRlYW0gKENpc2NvIFBTSVJUIGtleSAyMDE4LTIwMTkpIDxwc2ly dEBjaXNjby5jb20+AAoJEJa12PPJBfczJ3gQAJomL0QxgA3+wjXI4Nfm1Z3bTEgy QN6uuroB7nessBKliCH10FkgcRvjXq7DZEprl/IoRYwt1HLD5i7n5q8UEJPdLxmx h2mlqGvhC38jxy3g39HFMAgvC3rr1FXvpkmR/J4sfnqbPNaxZMTmLYZIF5GzDhSb L6DpvXOruXSIzr3JL6NYFP7q5p4gRB7EAb2nSXZ0YdQOHK3alNik2MpzO890njdb 18JxjS+KgcLpcOBN9bxGdiQjR0b3hzQ5+t1MfBINeaqmqEDgM2Q+HaUtzVHclNuT x1NzPtrzMa2S5XMQyY2/xFnb1OjmNSCFZXZ/4Jsey7kGQOyghbvHImqiF83ZJUoT wwk0yFfZqG5nC3apEATNPkr+fWXc4jEGlpixxlCP0lz9YdmvGXV75jt2pDhPbnE1 dlOxV3goH0e081sDPal2UfAxL7KjA8Np7+L+utm75MOep4QPaHb0KVCq+nfE6XBe P16Svk/8VYKdqyNMmvZJBv4+veaMq5MObFdEbxmSFRWFZOK6idEJa7bStpb2PEmm Zvlok45w0o6oC4qaDN0mbet+oiIdUVerhSkh9yPSyH5BY1r8sLJGfg41VSjk3WcL APec1ufh9huKefH8eOvGEfp+kxgwOEhYOzg6yfVrSJ2xRlX19qnEW4VA2RgXvgzR nLN320UMc7kKFNHR =8gDf END PGP SIGNATURE

_______________________________________________ cust-security-announce mailing list cust-security-announce@cisco.com To unsubscribe, send the command "unsubscribe" in the subject of your message to cust-security-announce-leave@cisco.com