Meltdown and Spectre Vulnerabilities
Recently, two large security vulnerabilities were discovered in many modern microprocessors. These flaws commonly referred to as Meltdown and Spectre, allow malicious access to memory locations without a user's knowledge. The security flaws, found in a number of processors from Intel®, ARM®, AMD® and other vendors, could allow compromised systems to expose passwords, encryption keys, and other private information from impacted applications.
External References:
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5715
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5753
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5754
For a security statement on products not explicitly listed, please contact your Allied Telesis support representative.
- Closed Systems
Allied Telesis devices listed as closed systems are not likely to be at risk from these exploits.
To leverage these exploits, the ability to run customized programs on the targeted device is required. Allied Telesis devices considered to be a closed system do not allow customers to run customized programs. For closed systems, the processor architecture is less relevant than the ability to run custom programs.Required action - none
Products Covered:
- Devices using the AlliedWare Plus version 5.x.x operating system:
- All current and legacy products running AlliedWare Plus version 5.x.x - Devices using the AlliedWare operating system:
- All legacy products running AlliedWare - TQ and MWS series Wireless Access points
- AT-SESC (Secure Enterprise SDN Controller) distributed as an appliance
- Devices using the AlliedWare Plus version 5.x.x operating system:
- Virtual or Cloud Environments
Devices deployed in Virtual or Cloud environments, while not directly affected by these vulnerabilities, could be indirectly targeted by such attacks.
Required action - Allied Telesis recommends customers contact their infrastructure suppliers, and ensure that all security updates are installed to the virtualization and cloud infrastructure.
Products Covered
- AT-SESC (Secure Enterprise SDN Controller) installed on a virtual machine
- Vista Manager EX installed as a virtual machine
- Virtual AMF Appliance (VAA) Windows Platforms
- Windows Platforms
Allied Telesis applications installed on Windows platforms are not directly impacted but could be affected by vulnerabilities in the base Windows platform. Additionally, if Windows is installed in a virtual machine, applications could be affected by the vulnerabilities in the hosting platform.
Required action - Base Windows platforms, Virtualization hosting platforms, and host hardware that runs these applications should all be patched to vendor specifications.
Products Covered:
- Vista Manager EX installed on a Windows platform
- AWC Plugin for Vista Manager EX
- SNMP Plugin for Vista Manager EX