Recently, two large security vulnerabilities were discovered in many modern microprocessors. These flaws, commonly referred to as Meltdown and Spectre, allow malicious access to memory locations without a user's knowledge. The security flaws, found in a number of processors from Intel®, ARM®, AMD® and other vendors, could allow compromised systems to expose passwords, encryption keys, and other private information from impacted applications.

External References:

For a security statement on products not explicitly listed, please contact your Allied Telesis support representative.

  1. Summary
  2. Product impacts

    1. Closed Systems

      Allied Telesis devices listed as closed systems are not likely to be at risk from these exploits.
      To leverage these exploits, the ability to run customized programs on the targeted device is required. Allied Telesis devices considered to be a closed system do not allow customers to run customized programs. For closed systems, the processor architecture is less relevant than the ability to run custom programs.

      Required action - none

      Products Covered:

      • Devices using the AlliedWare Plus version 5.x.x operating system:
        - All current and legacy products running AlliedWare Plus version 5.x.x
      • Devices using the AlliedWare operating system:
        - All legacy products running AlliedWare
      • TQ and MWS series Wireless Access points
      • AT-SESC (Secure Enterprise SDN Controller) distributed as an appliance
    2. Virtual or Cloud Environments 

      Devices deployed in Virtual or Cloud environments, while not directly affected by these vulnerabilities, could be indirectly targeted by such attacks.

      Required action - Allied Telesis recommends customers contact their infrastructure suppliers, and ensure that all security updates are installed to the virtualization and cloud infrastructure.

      Products Covered

      • AT-SESC (Secure Enterprise SDN Controller) installed on a virtual machine
      • Vista Manager EX installed as a virtual machine
      • Virtual AMF Appliance (VAA) Windows Platforms
    3. Windows Platforms  

      Allied Telesis applications installed on Windows platforms are not directly impacted, but could be affected by vulnerabilities in the base Windows platform. Additionally, if Windows is installed in a virtual machine, applications could be affected by the vulnerabilities in the hosting platform.

      Required action - Base Windows platforms, Virtualization hosting platforms, and host hardware that runs these applications should all be patched to vendor specifications.

      Products Covered:

      • Vista Manager EX installed on a Windows platform
      • AWC Plugin for Vista Manager EX
      • SNMP Plugin for Vista Manager EX

     

  3. Products Not Listed:

Further Information:

Forward-Looking Statements

Matters discussed here may constitute forward-looking statements. The Private Securities Litigation Reform Act of 1995 provides safe harbor protections for forward-looking statements in order to encourage companies to provide prospective information about their business. Forward-looking statements include statements concerning plans, objectives, goals, strategies, future events or performance, and underlying assumptions and other statements, which are other than statements of historical facts. The Company desires to take advantage of the safe harbor provisions of the Private Securities Litigation Reform Act of 1995 and is including this cautionary statement in connection with this safe harbor legislation. The words “believe,” “anticipate,” “intends,” “estimate,” “forecast,” “project,” “plan,” “potential,” “may,” “should,” “expect,” “pending” and similar expressions identify forward-looking statements. The forward-looking statements in this press release are based upon various assumptions, many of which are based, in turn, upon further assumptions, including without limitation, our management's examination of historical operating trends, data contained in our records and other data available from third parties. Although we believe that these assumptions were reasonable when made, because these assumptions are inherently subject to significant uncertainties and contingencies which are difficult or impossible to predict and are beyond our control, we cannot assure you that we will achieve or accomplish these expectations, beliefs or projections.

Warranty and Limitation of Liability

THE INFORMATION AND/OR MATERIALS CONTAINED HEREIN ARE PROVIDED "AS IS," WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.

Allied Telesis, Inc. shall not be liable for direct, indirect, special, incidental, or consequential damages related to your decision to use any of the information and/or materials listed and/or posted in this press release, even if Allied Telesis, Inc. is advised of the possibility of such damage.

Trademarks Statement

Other companies and products mentioned herein may be trademarks or registered trademarks of their respective trademark owners.