Relevant CVE's: CVE-2017-5753, CVE-2017-5715, CVE-2017-5754
Integrity360 is actively monitoring two new threats known as "Meltdown" and "Spectre".
The Threat
These threats exploit vulnerabilities in CPU modern processors, including PCs, laptops, mobile devices and also impact cloud implementations.
These hardware bugs may allow malicious code to access sensitive system data. This data could include passwords or data in use by other users on the machine, such as confidential or personal information.
While the issue itself is quite serious, the exploitation of these vulnerabilities requires local access and the ability to execute code. These factors minimise the risk to appliance based solutions. Additionally, while all devices using the affected chips are vulnerable, security appliances are hardened devices so are significantly harder to exploit if best practices are in place.
Recommendations
Vendor Response
Please click on the relevant link below for the vendor update:
Integrity360 will continue to actively monitor these vulnerabilities and provide updates on this page as new intelligence and recommendations become available.
More Information
For more information on these vulnerabilities please check the related content links listed below.