Hi Ben, On 09/01/18 05:27, Ben Amick wrote: > So I haven’t had much time to look into this, but has anyone else > compiled a list of or needs for remediation for cisco systems for the > Spectre and Meltdown vulnerabilities? > > I know the one only affects Intel and some ARM processors, whereas the > other is more OS level, if I understand properly?
That's correct. And Meltdown is much easier to exploit than Spectre. > So being that all the cisco telephony products are on virtualized > product now, I assume that we would go to VMWare for any patching > relevant to those, but I would imagine that we would also need a > security patch for the redhat/centos OS the Unified Communications > products run on (and doubly so for those of us using old MCS physical > chassis?) > > It looks like routers and switches, as well as ASAs are all potentially > vulnerable as well. Devices are mostly vulnerable if they can run untrusted code. So the biggest problem is with client devices and software like web browsers. Devices like routers, CUCM servers and so on that only run trusted code from the vendor are not immediately exploitable. Which isn't to say you shouldn't be applying patches when they become available, and particularly if you run non-telephony VMs on the same hosts as Meltdown can easily break through the hypervisor barrier and read data from other VMs. So as an MCS user you're actually less vulnerable. So it is a big vulnerability, but for appliances it's not such a big problem. As an example, Aruba have said they don't need to release any patches immediately but will investigate and deploy mitigations over time: http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-001.txt Thanks, -- James Andrewartha Network & Projects Engineer Christ Church Grammar School Claremont, Western Australia Ph. (08) 9442 1757 Mob. 0424 160 877 _______________________________________________ cisco-voip mailing list [email protected] https://puck.nether.net/mailman/listinfo/cisco-voip
