Cisco Security Advisory: cisco-sa-20180104-cpusidechannel (Meltdown and Spectre)

Advisory talks about recent discoveries around Meltdown and Spectre vulnerabilities that effects virtually everyone. Please check out the link to the above Advisory ID for more information.

*You will need valid Cisco ID to access it.

Cisco states that “On January 3, 2018 researchers disclosed three vulnerabilities that take advantage of the implementation of speculative execution of instructions on many modern microprocessor architectures to perform side-channel information disclosure attacks. These vulnerabilities could allow an unprivileged local attacker, in specific circumstances, to read privileged memory belonging to other processes or memory allocated to the operating system kernel.”

I won’t be mentioning what both are since there is way too many articles on the internet about them. But if you are interested to going deep on this subject I would advise (3) links:

  1. Meltdownattack
    1. https://meltdownattack.com
  2. Google Project Zero
    1. https://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.html
  3. Antivirus Vendor List and Patch Remediation infromation
    1. https://docs.google.com/spreadsheets/d/184wcDt9I9TUNFFbsAVLpzAtckQxYiuirADzf3cL42FQ/htmlview?sle=true#gid=0

My stake on this is since Cisco systems are so called “closed systems” is less likely to run crafted executions but that becomes gray area within virtual realm i.e  Private/Public Cloud vendors environments.

Since Cloud leverages shared infrastructure this could lead to compromising security containers that are created for each VPC(virtual private cloud).

More to come from Cisco but I pretty sure we will have bunch of firmware updates and yes reboot time! Adding CPU performance loss can also lead to interesting problems for SP(Service Providers).

Additionally, to even being able to execute crafted exploit the attacker would need physical/remote root access. This would mean you have a different problem to tackle as well if someone is able to access your environment with root privileges. So I believe there might be an overkill spread of concern on the internet about this and lots of confusion but nonetheless these are architecture security flaws that needs to be addressed.

I would be interested to find out more from VM if the crafted attack can be performed from customer vm level up to the host. i.e if attacker gains root access to one of  customers unpatched vms. Tests performed by Project Zero were concluded in controlled environment with full access which might not be the case with real life environments.

That would conclude my 2 cents on the matter. 

Thanks,
Bart

Add a Comment

Your email address will not be published. Required fields are marked *