Security Now
Security is top-of-mind, especially right here where Juniper experts share their insights on the latest security trends and breakthroughs
Juniper Employee , Juniper Employee Juniper Employee
Security Now
Meltdown & Spectre: Modern CPU vulnerabilities
01.03.18

ThinkstockPhotos-483147081_JNet.png

Today, chatter has increased significantly about a set of related vulnerabilities that impact several modern CPUs that perform speculative instruction execution, amongst which Intel and AMD chips. These vulnerabilities allow an attacker to gain access to kernel space memory or to another process’s memory, which in theory they should not have access to. In turn, this leads to potential information leakage of sensitive information like passwords, encryption keys, etc. In the case of virtualized environment, it is possible to cross the boundary of the virtual machine guest OS to another virtual machine’s address space, making data leakage in cloud environments even more problematic.

 

These vulnerabilities have been dubbed Meltdown and Spectre. The CVEs associated with them are:

  • CVE-2017-5753 hw: cpu: speculative execution bounds-check bypass
  • CVE-2017-5715 hw: cpu: speculative execution branch target injection
  • CVE-2017-5754 hw: cpu: speculative execution permission faults handling

 

There is no known exploit in the wild taking advantage of these vulnerabilities yet. But there has been a proof of concept posted by a PhD student from a university in Austria. There is little doubt that some sophisticated threat actors will attempt to take advantage of unpatched systems in the near future.

 

Operating systems vendors have been working on patches to mitigate these vulnerabilities. Some Linux updates are available for download. Windows updates have just been made available today. Amazon is planning system updates on January 4. Google has made updates available to its Cloud Platform and Chrome OS and has already updated Android and G-suite. MacOS has already deployed fixes.

 

It is speculated that the fixes will have a non-negligible performance impact that depends on the operating system, the nature of the fix and the workload of the system.

 

Exposure of Juniper’s products

 
Juniper SIRT has published an advisory at https://kb.juniper.net/JSA10842 with more information about the impact and available mitigations for Juniper products.

 

Mitigation

To mitigate this vulnerability, it is highly recommended to apply patches relevant to the operating systems you run as vendors make them available.

01.04.18
OneAmongMany

Thanks for providing this statement.  Will any security advisories be forthcoming (or is that dependant on the ongoing investigations)?

 

Many thanks 

Alex

 

01.04.18
Pete Fuller

Can you comment as to if there are any vulnerabilities on older products like the SSG-140 line?

01.04.18
MTate

+1 to Pete's questionSmiley FrustratedSG-140 vulnerability.

01.05.18
tremorpheus

please advise re the PowerPC CPU architecture in MX routers?

01.05.18
Yoddler

+1 for SSG350 and SSG140


 

 


 

Top Kudoed Authors