====================================================================

                             CERT-Renater

                 Note d'Information No. 2018/VULN190
_____________________________________________________________________

DATE                : 22/05/2018

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running Cisco Software.

=====================================================================
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180521-cpusidechannel
_____________________________________________________________________

Cisco Security Advisory: CPU Side-Channel Information Disclosure
Vulnerabilities: May 2018

Advisory ID: cisco-sa-20180521-cpusidechannel

Revision: 1.0

For Public Release: 2018 May 22 01:00 GMT

Last Updated: 2018 May 22 01:00 GMT

CVE ID(s): CVE-2018-3639, CVE-2018-3640

+---------------------------------------------------------------------

Summary

=======

On May 21, 2018, researchers disclosed two vulnerabilities that take
advantage of the implementation of speculative execution of instructions
on many modern microprocessor architectures to perform side-channel
information disclosure attacks. These vulnerabilities could allow an
unprivileged, local attacker, in specific circumstances, to read
privileged memory belonging to other processes.

The first vulnerability, CVE-2018-3639, is known as Spectre Variant 4
or SpectreNG. The second vulnerability, CVE-2018-3640, is known as
Spectre Variant 3a. Both of these attacks are variants of the attacks
disclosed in January 2018 and leverage cache-timing attacks to infer
any disclosed data.

To exploit either of these vulnerabilities, an attacker must be able
to run crafted or script code on an affected device. Although the
underlying CPU and operating system combination in a product or
service may be affected by these vulnerabilities, the majority of
Cisco products are closed systems that do not allow customers to run
custom code and are, therefore, not vulnerable. There is no vector
to exploit them. Cisco products are considered potentially vulnerable
only if they allow customers to execute custom code side-by-side with
Cisco code on the same microprocessor.

A Cisco product that may be deployed as a virtual machine or a container,
even while not directly affected by any of these vulnerabilities, could
be targeted by such attacks if the hosting environment is vulnerable.
Cisco recommends that customers harden their virtual environments, tightly
control user access, and ensure that all security updates are installed.
Customers who are deploying products as a virtual device in multi-tenant
hosting environments should ensure that the underlying hardware, as well
as operating system or hypervisor, is patched against the vulnerabilities
in question.

Although Cisco cloud services are not directly affected by these
vulnerabilities, the infrastructure on which they run may be impacted.
Refer
to the “Affected Products” section of this advisory for information about
the impact of these vulnerabilities on Cisco cloud services.

Cisco will release software updates that address these vulnerabilities.
There are no workarounds that address these vulnerabilities.

This advisory is available at the following link:

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180521-cpusidechannel
["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180521-cpusidechannel"]

==========================================================
+ CERT-RENATER               | tel : 01-53-94-20-44                     
                  +
+ 23 - 25 Rue Daviel             | fax : 01-53-94-20-41                 
                     +
+ 75013 Paris                        | email:
cert@support.renater.fr                        +
==========================================================

--------------2D7089A014575715C24EA5E7

<html>
  <head>
    <meta http-equiv="content-type" content="text/html; charset=utf-8">
  </head>
  <body text="#000000" bgcolor="#FFFFFF">
    <div style="font-family: arial, helvetica, sans-serif; font-size:
      12pt; color: #000000">
      <div>====================================================================<br>
        <br>
                                     CERT-Renater<br>
        <br>
                         Note d'Information No. 2018/VULN190<br>
_____________________________________________________________________<br>
        <br>
        DATE                : 22/05/2018<br>
        <br>
        HARDWARE PLATFORM(S): /<br>
        <br>
        OPERATING SYSTEM(S): Systems running Cisco Software.<br>
        <br>
=====================================================================<br>
        <a class="moz-txt-link-freetext"
href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180521-cpusidechannel">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180521-cpusidechannel</a><br>
_____________________________________________________________________<br>
        <br>
        Cisco Security Advisory: CPU Side-Channel Information Disclosure
        Vulnerabilities: May 2018<br>
        <br>
        Advisory ID: cisco-sa-20180521-cpusidechannel<br>
        <br>
        Revision: 1.0<br>
        <br>
        For Public Release: 2018 May 22 01:00 GMT<br>
        <br>
        Last Updated: 2018 May 22 01:00 GMT<br>
        <br>
        CVE ID(s): CVE-2018-3639, CVE-2018-3640<br>
        <br>
+---------------------------------------------------------------------<br>
        <br>
        Summary<br>
        <br>
        =======<br>
        <br>
        On May 21, 2018, researchers disclosed two vulnerabilities that
        take <br>
        advantage of the implementation of speculative execution of
        instructions <br>
        on many modern microprocessor architectures to perform
        side-channel <br>
        information disclosure attacks. These vulnerabilities could
        allow an <br>
        unprivileged, local attacker, in specific circumstances, to read
        <br>
        privileged memory belonging to other processes.<br>
        <br>
        The first vulnerability, CVE-2018-3639, is known as Spectre
        Variant 4 <br>
        or SpectreNG. The second vulnerability, CVE-2018-3640, is known
        as <br>
        Spectre Variant 3a. Both of these attacks are variants of the
        attacks <br>
        disclosed in January 2018 and leverage cache-timing attacks to
        infer <br>
        any disclosed data.<br>
        <br>
        To exploit either of these vulnerabilities, an attacker must be
        able <br>
        to run crafted or script code on an affected device. Although
        the <br>
        underlying CPU and operating system combination in a product or
        <br>
        service may be affected by these vulnerabilities, the majority
        of <br>
        Cisco products are closed systems that do not allow customers to
        run <br>
        custom code and are, therefore, not vulnerable. There is no
        vector <br>
        to exploit them. Cisco products are considered potentially
        vulnerable <br>
        only if they allow customers to execute custom code side-by-side
        with <br>
        Cisco code on the same microprocessor.<br>
        <br>
        A Cisco product that may be deployed as a virtual machine or a
        container, <br>
        even while not directly affected by any of these
        vulnerabilities, could <br>
        be targeted by such attacks if the hosting environment is
        vulnerable. <br>
        Cisco recommends that customers harden their virtual
        environments, tightly <br>
        control user access, and ensure that all security updates are
        installed. <br>
        Customers who are deploying products as a virtual device in
        multi-tenant <br>
        hosting environments should ensure that the underlying hardware,
        as well <br>
        as operating system or hypervisor, is patched against the
        vulnerabilities <br>
        in question.<br>
        <br>
        Although Cisco cloud services are not directly affected by these
        <br>
        vulnerabilities, the infrastructure on which they run may be
        impacted. Refer <br>
        to the “Affected Products” section of this advisory for
        information about <br>
        the impact of these vulnerabilities on Cisco cloud services.<br>
        <br>
        Cisco will release software updates that address these
        vulnerabilities. <br>
        There are no workarounds that address these vulnerabilities.<br>
        <br>
        This advisory is available at the following link:<br>
        <br>
        <a class="moz-txt-link-freetext"
href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180521-cpusidechannel">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180521-cpusidechannel</a>
        [<a class="moz-txt-link-rfc2396E"
href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180521-cpusidechannel">"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180521-cpusidechannel"</a>]<br>
        <br>
        ==========================================================<br>
        + CERT-RENATER               | tel : 01-53-94-20-44             
                                  +<br>
        + 23 - 25 Rue Daviel             | fax : 01-53-94-20-41         
                                     +<br>
        + 75013 Paris                        | email: <a
          class="moz-txt-link-abbreviated"
          href="mailto:cert@support.renater.fr">cert@support.renater.fr</a>               
                +<br>
        ==========================================================<br
          data-mce-bogus="1">
      </div>
    </div>
  </body>
</html>

--------------2D7089A014575715C24EA5E7--